Add ipv6 support

wdes · Feb 19, 2024 · 30a8411 · 30a8411
1 parent 598a4ed
commit 30a8411
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 20 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,6 +14,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.1
+                ipv6_address: fd00:bee::1
         volumes:
             - ${HICKORY_DNS_NAMED_CONFIG:-./internal-dns/named.toml}:/etc/named.toml:ro
             - ./internal-dns/zones/:/var/named/zones/:ro
@@ -37,6 +38,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.2
+                ipv6_address: fd00:bee::2
                 aliases:
                   - ${OVERRIDE_HOSTNAME}
         ports:
@@ -80,6 +82,7 @@ services:
             - ${SASLAUTHD_SOCKET_FILE}:/var/run/saslauthd/mux
         environment:
             CONTAINER_NETWORK_V4: 10.222.222.0/28
+            CONTAINER_NETWORK_V6: fd00:bee::/127
             TZ: UTC
             OVERRIDE_HOSTNAME: ${OVERRIDE_HOSTNAME}
             ENABLE_MTA_STS: "1"
@@ -212,6 +215,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.3
+                ipv6_address: fd00:bee::3
         healthcheck:
             test: 'ldapwhoami -D "cn=$${DOCKER_LDAP_HEALTHCHECK_USERNAME}" -w "$${DOCKER_LDAP_HEALTHCHECK_PASSWORD}"'
             start_period: 5s
@@ -271,6 +275,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.4
+                ipv6_address: fd00:bee::4
         restart: on-failure:5
         environment:
             PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap.mail-server.intranet': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${LDAP_BASE_DN}'}]}]}]"
@@ -309,6 +314,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.5
+                ipv6_address: fd00:bee::5
         mem_limit: 512M
         mem_reservation: 10M
         restart: on-failure:15
@@ -374,10 +380,18 @@ services:
 networks:
     mail_infra_network:
         name: infrastructure_mail_infra_network
+        enable_ipv6: true
         ipam:
             driver: default
+            # See: __add_to_postfix_mynetworks in user-patches
             config:
-                # See: __add_to_postfix_mynetworks in user-patches
                 - subnet: 10.222.222.0/28
+                  # 14 hosts
                   ip_range: 10.222.222.0/28
                   gateway: 10.222.222.14
+
+                - subnet: fd00:bee::/127
+                  # 16 hosts
+                  # From fd00:bee:: to fd00:bee::f
+                  gateway: fd00:bee::f
+
diff --git a/internal-dns/named.toml b/internal-dns/named.toml
@@ -8,6 +8,11 @@ zone = "222.222.10.in-addr.arpa"
 zone_type = "Primary"
 file = "zones/mail-server.intranet.zone"
 
+[[zones]]
+zone = "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.e.b.0.0.0.d.f.ip6.arpa"
+zone_type = "Primary"
+file = "zones/mail-server.intranet.zone"
+
 [[zones]]
 zone = "desportes.corp"
 zone_type = "Primary"

diff --git a/internal-dns/zones/desportes.corp.zone b/internal-dns/zones/desportes.corp.zone
@@ -12,4 +12,4 @@
 ; MX
 @   60		  IN  MX   0 emails.mail-server.intranet.
 ; SPF
-@   60		  IN  TXT   "v=spf1 mx ip4:10.222.222.13 -all"
+@   60		  IN  TXT   "v=spf1 mx a:testing.mail-server.intranet. -all"
diff --git a/internal-dns/zones/mail-server.intranet.zone b/internal-dns/zones/mail-server.intranet.zone
@@ -9,24 +9,47 @@
 ; Set the DNS servers for .
 @ 7200 IN  NS ns1
 ; NS
-ns1 7200    IN  A   10.222.222.1
+ns1 7200    IN  A      10.222.222.1
+ns1 7200    IN  AAAA   fd00:bee::1
+
 ; Hosts
-dns 7200    IN  A   10.222.222.1
-1                       PTR     dns.mail-server.intranet.
-emails 7200    IN  A   10.222.222.2
-2                       PTR     emails.mail-server.intranet.
-ldap 7200    IN  A   10.222.222.3
-3                       PTR     ldap.mail-server.intranet.
-phpldapadmin 7200    IN  A   10.222.222.4
-4                       PTR     phpldapadmin.mail-server.intranet.
-acme 7200    IN  A   10.222.222.5
-5                       PTR     acme.mail-server.intranet.
-crowdsec 7200    IN  A   10.222.222.6
-6                       PTR     crowdsec.mail-server.intranet.
+dns 7200    IN  A      10.222.222.1
+dns 7200    IN  AAAA   fd00:bee::1
+1                       IN PTR     dns.mail-server.intranet.
+1                       IN PTR     dns.mail-server.intranet.
+
+emails 7200    IN  A      10.222.222.2
+emails 7200    IN  AAAA   fd00:bee::2
+2                       IN PTR     emails.mail-server.intranet.
+2                       IN PTR     emails.mail-server.intranet.
+
+ldap 7200    IN  A      10.222.222.3
+ldap 7200    IN  AAAA   fd00:bee::3
+3                       IN PTR     ldap.mail-server.intranet.
+3                       IN PTR     ldap.mail-server.intranet.
+
+phpldapadmin 7200    IN  A      10.222.222.4
+phpldapadmin 7200    IN  AAAA   fd00:bee::4
+4                       IN PTR     phpldapadmin.mail-server.intranet.
+4                       IN PTR     phpldapadmin.mail-server.intranet.
+
+acme 7200    IN  A      10.222.222.5
+acme 7200    IN  AAAA   fd00:bee::5
+5                       IN PTR     acme.mail-server.intranet.
+5                       IN PTR     acme.mail-server.intranet.
+
+crowdsec 7200    IN  A      10.222.222.6
+crowdsec 7200    IN  AAAA   fd00:bee::6
+6                       IN PTR     crowdsec.mail-server.intranet.
+6                       IN PTR     crowdsec.mail-server.intranet.
 
-testing 7200    IN  A   10.222.222.13
-13                       PTR     testing.mail-server.intranet.
+testing 7200    IN  A      10.222.222.13
+testing 7200    IN  AAAA   fd00:bee::13
+13                       IN PTR     testing.mail-server.intranet.
+e                        IN PTR     testing.mail-server.intranet.
 router 7200    IN  A   10.222.222.14
-14                       PTR     router.mail-server.intranet.
+router 7200    IN  AAAA   fd00:bee::f
+14             IN  PTR     router.mail-server.intranet.
+f              IN  PTR     router.mail-server.intranet.
 ; MX
 @   60		  IN  MX   0 emails.mail-server.intranet.
diff --git a/tests/php/docker-compose.yml b/tests/php/docker-compose.yml
@@ -8,6 +8,7 @@ services:
         networks:
             mail_infra_network:
                 ipv4_address: 10.222.222.13
+                ipv6_address: fd00:bee::e
         build: ./docker/
         volumes:
           - ./tests:/tests

diff --git a/user-patches.sh b/user-patches.sh
@@ -29,10 +29,9 @@ printf '\nsmtpd_tls_received_header = yes\n' "localhost" >> /etc/postfix/main.cf
 sed -i '/^smtp_helo_name =/d' /etc/postfix/main.cf
 printf '\nsmtp_helo_name = %s\n' "${OVERRIDE_HOSTNAME}" >> /etc/postfix/main.cf
 
-echo "Allow this network (${CONTAINER_NETWORK_V4})"
-
 source /usr/local/bin/helpers/log.sh
 source /usr/local/bin/helpers/utils.sh
+
 # Copied from /usr/local/bin/setup.d/networking.sh
 __add_to_postfix_mynetworks() {
 	local NETWORK_TYPE=$1
@@ -45,8 +44,12 @@ __add_to_postfix_mynetworks() {
 	[[ ${ENABLE_OPENDKIM} -eq 1 ]] && echo "${NETWORK}" >>/etc/opendkim/TrustedHosts
 }
 
+echo "Allow this network (${CONTAINER_NETWORK_V4})"
 __add_to_postfix_mynetworks 'Container network' "${CONTAINER_NETWORK_V4}"
 
+echo "Allow this network (${CONTAINER_NETWORK_V6})"
+__add_to_postfix_mynetworks 'Container network' "${CONTAINER_NETWORK_V6}"
+
 echo 'Add spam check config'
 
 cat <<EOF > /etc/amavis/conf.d/05-domain_id