add Dockerfile

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
add gitsigners
2025-12-06 21:07:36 +01:00 · 2025-10-28 21:26:28 +01:00 · 2025-10-28 21:25:48 +01:00 · 2025-10-28 21:22:41 +01:00 · 2025-10-28 21:21:34 +01:00 · 2025-10-28 21:19:33 +01:00
6 changed files with 114 additions and 86 deletions
--- a/.gitsigners
+++ b/.gitsigners
@@ -0,0 +1 @@
+florian.brandes@posteo.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGTgYytxH0XAlMlxc7A+OYUcQhmG7AXRui+Gxhsy0oq
--- a/41
+++ b/41
@@ -0,0 +1,41 @@
+# syntax=docker/dockerfile:1
+
+FROM python:3.13.8-slim as base
+# Prevents Python from writing pyc files.
+ENV PYTHONDONTWRITEBYTECODE=1
+# Keeps Python from buffering stdout and stderr to avoid situations where
+# the application crashes without emitting any logs due to buffering.
+ENV PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/go/dockerfile-user-best-practices/
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    appuser
+
+RUN apt-get update
+RUN apt-get install -y build-essential libssl-dev python3-dev swig
+
+# Download dependencies as a separate step to take advantage of Docker's caching.
+# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
+# Leverage a bind mount to requirements.txt to avoid having to copy them into
+# into this layer.
+RUN --mount=type=cache,target=/root/.cache/pip \
+    --mount=type=bind,source=requirements.txt,target=requirements.txt \
+    python -m pip install -r requirements.txt
+
+# Switch to the non-privileged user to run the application.
+USER appuser
+
+ADD smtprd_ng /app/smtprd_ng
+
+EXPOSE 8025
+CMD python smtprd_ng/smtprd.py --config /app/config.ini
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ This can also for example use `msmtp`. This way scripts can use `sendmail` which

 Additionally, we can sign and encrypt the emails with S/MIME certificates, which adds a layer of authentification and security for automated information delivery (think security notifications, logs, etc.)

+Please note: This will only forward emails to email addresses specified in `config.ini`, so it is not useful as a general SMTP-relay (like `msmtp`) but only for a predefined email set. This is by design.
+
 For now, this is a proof-of-concept.


@@ -49,6 +51,17 @@ Note: `build` must be installed. You should use a `venv` for this.

 Clone this repo and run `devenv shell`

+### docker
+
+
+
+1. Clone this repo
+2. `cp config.example config.ini`
+3. edit `config.ini` as you need it. I'd suggest using `/app/pw` as password file and bild-mounting it.
+4. `docker build -t smtprd-ng:latest .`
+5. `docker run  -p 8025:8025 -v ./config.ini:/app/config.ini -v ./pw:/app/pw --rm -it smtprd-ng:latest`
+
+
 ## Contributing

 Contributions are always welcome!
--- a/devenv.lock
+++ b/devenv.lock
@@ -3,11 +3,10 @@
    "devenv": {
      "locked": {
        "dir": "src/modules",
-        "lastModified": 1719993933,
+        "lastModified": 1761596764,
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "83b295ec9febbc662040ffa8539d23f294af275d",
-        "treeHash": "decc8709d4ea38f8c3eff4a2a2a4fd396564609f",
+        "rev": "17560d064ba5e4fc946c0ea0ee7b31ec291e706f",
        "type": "github"
      },
      "original": {
@@ -20,11 +19,10 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1761588595,
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "treeHash": "2addb7b71a20a25ea74feeaf5c2f6a6b30898ecb",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@@ -33,10 +31,31 @@
        "type": "github"
      }
    },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1760663237,
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
-          "pre-commit-hooks",
+          "git-hooks",
          "nixpkgs"
        ]
      },
@@ -45,7 +64,6 @@
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "treeHash": "ca14199cabdfe1a06a7b1654c76ed49100a689f9",
        "type": "github"
      },
      "original": {
@@ -56,11 +74,10 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1716977621,
+        "lastModified": 1761313199,
        "owner": "cachix",
        "repo": "devenv-nixpkgs",
-        "rev": "4267e705586473d3e5c8d50299e71503f16a6fb6",
-        "treeHash": "6d9f1f7ca0faf1bc2eeb397c78a49623260d3412",
+        "rev": "d1c30452ebecfc55185ae6d1c983c09da0c274ff",
        "type": "github"
      },
      "original": {
@@ -70,50 +87,14 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1719837636,
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "28f8f3531ebdbea069995c20bd946a295699f275",
-        "treeHash": "0bd224f9c40a54835c5afeedd325da7056a6f14c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1719259945,
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
-        "treeHash": "1a76ff89a9d4017b48abbb1bad8837b35d604ffc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
        "devenv": "devenv",
+        "git-hooks": "git-hooks",
        "nixpkgs": "nixpkgs",
-        "pre-commit-hooks": "pre-commit-hooks"
+        "pre-commit-hooks": [
+          "git-hooks"
+        ]
      }
    }
  },
--- a/devenv.nix
+++ b/devenv.nix
@@ -20,10 +20,19 @@ in
    pkgs.openssl
  ];

+  env = {
+    LDFLAGS = "-L${pkgs.openssl.dev}/lib";
+    CFLAGS = "-I${pkgs.openssl.dev}/include";
+    SWIG_FEATURES = "-I${pkgs.openssl.dev}/include";
+  };
+
  # https://devenv.sh/languages/
  languages.nix.enable = true;
  languages.python = {
    enable = true;
+    libraries = [
+      pkgs.openssl.dev
+    ];
    venv = {
      enable = true;
      requirements = builtins.readFile req;
@@ -31,9 +40,9 @@ in
  };

  # https://devenv.sh/pre-commit-hooks/
-  pre-commit.hooks = {
+  git-hooks.hooks = {
    nixfmt.enable = true;
-    nixfmt.package = pkgs.nixfmt-rfc-style;
+    # nixfmt.package = pkgs.nixfmt-rfc-style;
    # remove unused imports
    autoflake.enable = true;
    # formatter
--- a/flake.lock
+++ b/flake.lock
@@ -3,11 +3,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@@ -21,11 +21,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -57,11 +57,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1720087678,
-        "narHash": "sha256-uOhYJU3ldDKXYV+mFaXcPtyjq/UIMh/6SCuoVNU9rxM=",
+        "lastModified": 1761594641,
+        "narHash": "sha256-sImk6SJQASDLQo8l+0zWWaBgg7TueLS6lTvdH5pBZpo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1afc5440469f94e7ed26e8648820971b102afdc3",
+        "rev": "1666250dbe4141e4ca8aaf89b40a3a51c2e36144",
        "type": "github"
      },
      "original": {
@@ -70,29 +70,13 @@
        "type": "indirect"
      }
    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1718811006,
-        "narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "03d771e513ce90147b65fe922d87d3a0356fc125",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1719082008,
-        "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
+        "lastModified": 1759070547,
+        "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9693852a2070b398ee123a329e68f0dab5526681",
+        "rev": "647e5c14cbd5067f44ac86b74f014962df460840",
        "type": "github"
      },
      "original": {
@@ -106,15 +90,14 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "gitignore": "gitignore",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-stable": "nixpkgs-stable"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1719259945,
-        "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
+        "lastModified": 1760663237,
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
        "type": "github"
      },
      "original": {
Author	SHA1	Message	Date
Florian Brandes	267ba1e25d	add Dockerfile Signed-off-by: Florian Brandes <florian.brandes@posteo.de>	2025-10-28 21:26:28 +01:00
Florian Brandes	715008e3da	add gitsigners Signed-off-by: Florian Brandes <florian.brandes@posteo.de>	2025-10-28 21:25:48 +01:00
Florian Brandes	1cb073b7cd	fix devenv on darwin Signed-off-by: Florian Brandes <florian.brandes@posteo.de>	2025-10-28 21:22:41 +01:00
Florian Brandes	99579a27e7	update flake.lock Signed-off-by: Florian Brandes <florian.brandes@posteo.de>	2025-10-28 21:21:34 +01:00
Florian Brandes	1470e69a4b	update devenv Signed-off-by: Florian Brandes <florian.brandes@posteo.de>	2025-10-28 21:19:33 +01:00
				`@@ -0,0 +1 @@`
				`florian.brandes@posteo.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGTgYytxH0XAlMlxc7A+OYUcQhmG7AXRui+Gxhsy0oq`