ingress/traefik: mail ports, persist acme (#58)

- add ports required for upcoming mailserver
- make `acme.json` persistent for sanity

jobs/ingress/traefik.hcl

@@ -5,15 +5,39 @@ job "traefik" {
 
   group "traefik" {
     network {
-      port "http"{
+      port "http" {
         static = 80
       }
       port "https" {
         static = 443
       }
-      port "admin"{
+      port "admin" {
         static = 8080
       }
+      port "smtp" {
+        static = 25
+      }
+      port "submission" {
+        static = 587
+      }
+      port "submissions" {
+        static = 465
+      }
+      port "imap" {
+        static = 143
+      }
+      port "imaps" {
+        static = 993
+      }
+      port "pop3" {
+        static = 110
+      }
+      port "pop3s" {
+        static = 995
+      }
+      port "managesieve" {
+        static = 4190
+      }
     }
 
     service {
@@ -30,6 +54,7 @@ job "traefik" {
 
         volumes = [
           "local/traefik.toml:/etc/traefik/traefik.toml",
+          "/storage/nomad/traefik/acme/acme.json:/acme.json",
         ]
       }
 
@@ -48,6 +73,30 @@ job "traefik" {
   [entryPoints.traefik]
   address = ":8080"
 
+  [entryPoints.smtp]
+  address = ":25"
+
+  [entryPoints.submission]
+  address = ":587"
+
+  [entryPoints.submissions]
+  address = ":465"
+
+  [entryPoints.imap]
+  address = ":143"
+
+  [entryPoints.imaps]
+  address = ":993"
+
+  [entryPoints.pop3]
+  address = ":110"
+
+  [entryPoints.pop3s]
+  address = ":995"
+
+  [entryPoints.managesieve]
+  address = ":4190"
+
 [tls.options]
   [tls.options.default]
     minVersion = "VersionTLS12"
@@ -80,7 +129,7 @@ job "traefik" {
 
 [certificatesResolvers.lets-encrypt.acme]
   email = "elected-admins@redbrick.dcu.ie"
-  storage = "local/acme.json"
+  storage = "acme.json"
   [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
 EOF
         destination = "/local/traefik.toml"