From 8245a1226b848e5fb731b4904924c7b2f2e75581 Mon Sep 17 00:00:00 2001
From: wizzdom <wizzdom@redbrick.dcu.ie>
Date: Fri, 13 Sep 2024 15:51:37 +0100
Subject: [PATCH] ingress/traefik: mail ports, persist acme (#58)

- add ports required for upcoming mailserver
- make `acme.json` persistent for sanity
---
 jobs/ingress/traefik.hcl | 65 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 57 insertions(+), 8 deletions(-)

diff --git a/jobs/ingress/traefik.hcl b/jobs/ingress/traefik.hcl
index 5a69962..0dd2c11 100644
--- a/jobs/ingress/traefik.hcl
+++ b/jobs/ingress/traefik.hcl
@@ -1,40 +1,65 @@
 job "traefik" {
   datacenters = ["aperture"]
-  node_pool = "ingress"
+  node_pool   = "ingress"
   type        = "service"
 
   group "traefik" {
     network {
-      port "http"{
+      port "http" {
         static = 80
       }
       port "https" {
         static = 443
       }
-      port "admin"{
+      port "admin" {
         static = 8080
       }
+      port "smtp" {
+        static = 25
+      }
+      port "submission" {
+        static = 587
+      }
+      port "submissions" {
+        static = 465
+      }
+      port "imap" {
+        static = 143
+      }
+      port "imaps" {
+        static = 993
+      }
+      port "pop3" {
+        static = 110
+      }
+      port "pop3s" {
+        static = 995
+      }
+      port "managesieve" {
+        static = 4190
+      }
     }
 
     service {
-      name = "traefik-http"
+      name     = "traefik-http"
       provider = "nomad"
-      port = "https"
+      port     = "https"
     }
 
     task "traefik" {
       driver = "docker"
       config {
-        image = "traefik"
+        image        = "traefik"
         network_mode = "host"
 
         volumes = [
           "local/traefik.toml:/etc/traefik/traefik.toml",
+          "/storage/nomad/traefik/acme/acme.json:/acme.json",
         ]
       }
 
       template {
-        data = <<EOF
+        data        = <<EOF
 [entryPoints]
   [entryPoints.web]
   address = ":80"
@@ -48,6 +73,30 @@ job "traefik" {
   [entryPoints.traefik]
   address = ":8080"
 
+  [entryPoints.smtp]
+  address = ":25"
+
+  [entryPoints.submission]
+  address = ":587"
+
+  [entryPoints.submissions]
+  address = ":465"
+
+  [entryPoints.imap]
+  address = ":143"
+
+  [entryPoints.imaps]
+  address = ":993"
+
+  [entryPoints.pop3]
+  address = ":110"
+
+  [entryPoints.pop3s]
+  address = ":995"
+
+  [entryPoints.managesieve]
+  address = ":4190"
+
 [tls.options]
   [tls.options.default]
     minVersion = "VersionTLS12"
@@ -80,7 +129,7 @@ job "traefik" {
 
 [certificatesResolvers.lets-encrypt.acme]
   email = "elected-admins@redbrick.dcu.ie"
-  storage = "local/acme.json"
+  storage = "acme.json"
   [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
 EOF
         destination = "/local/traefik.toml"