summaryrefslogtreecommitdiff
path: root/playbooks/roles/mail
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/roles/mail')
-rw-r--r--playbooks/roles/mail/tasks/main.yml10
-rw-r--r--playbooks/roles/mail/templates/stacks/docker-compose.yml18
2 files changed, 14 insertions, 14 deletions
diff --git a/playbooks/roles/mail/tasks/main.yml b/playbooks/roles/mail/tasks/main.yml
index b2a7ea8..dbda130 100644
--- a/playbooks/roles/mail/tasks/main.yml
+++ b/playbooks/roles/mail/tasks/main.yml
@@ -1,9 +1,17 @@
---
+- name: Set non-lazily-evaluated mail deployment time
+ ansible.builtin.set_fact:
+ deployment_time: "{{ now(utc=true,fmt='%s') }}"
+
+- name: Ensure mail state for deployment "{{ deployment_time }}" exists
+ ansible.builtin.file:
+ path: "{{ mail_base }}/volumes/data/dms/mail-state/{{ deployment_time }}"
+ state: directory
+
- name: Deploy mail
ansible.builtin.import_tasks: manage-docker-swarm-service.yml
vars:
service_name: mail
template_render_dir: "../templates"
service_destination_dir: "{{ mail_base }}"
-
diff --git a/playbooks/roles/mail/templates/stacks/docker-compose.yml b/playbooks/roles/mail/templates/stacks/docker-compose.yml
index b1c3982..debaac1 100644
--- a/playbooks/roles/mail/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/mail/templates/stacks/docker-compose.yml
@@ -6,7 +6,7 @@ services:
- {{ mail_base }}/volumes/data/roundcube/db:/var/roundcube/db
- {{ mail_base }}/volumes/data/roundcube/config:/var/roundcube/config/
environment:
- - DEPLOYMENT_TIME={{ now() }}
+ - DEPLOYMENT_TIME={{ deployment_time }}
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN={{ roundcube_skin | default('elastic') }}
- ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }}
@@ -66,26 +66,18 @@ services:
update_config:
parallelism: 1
failure_action: rollback
- # order: start-first
- # We need to stop the old container first because it holds a lock on the
- # Postfix mail queue. I don't believe there is a feasible way to solve
- # this without either a tiny bit of downtime waiting for the lock to clear,
- # or lost mail since we'd have to ignore the lock and thus two competing mailservers
- # are accepting mail.
- # One of these is more acceptable than the other haha.
- # See stuff in scripts/ for the last attempt if interested.
- order: stop-first
+ order: start-first
volumes:
- {{ mail_base }}/volumes/scripts/:/scripts/
- {{ mail_base }}/volumes/data/dms/vmail/:/var/mail/
- - {{ mail_base }}/volumes/data/dms/mail-state/:/var/mail-state/
+ - {{ mail_base }}/volumes/data/dms/mail-state/{{ deployment_time }}/:/var/mail-state/
- {{ mail_base }}/volumes/data/dms/mail-logs/:/var/log/mail/
- {{ mail_base }}/volumes/data/dms/config/:/tmp/docker-mailserver/
- {{ mail_base }}/volumes/data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext
- {{ letsencrypt_certs }}:/certs/:ro
- /etc/localtime:/etc/localtime:ro
environment:
- - DEPLOYMENT_TIME={{ now() }}
+ - DEPLOYMENT_TIME={{ deployment_time }}
- SSL_TYPE=manual
- SSL_CERT_PATH=/certs/{{ mail_domain }}.pem
- SSL_KEY_PATH=/certs/{{ mail_domain }}.key
@@ -93,7 +85,7 @@ services:
- ENABLE_AMAVIS=0
- ENABLE_SASLAUTHD=1
- ENABLE_MANAGESIEVE=1
- - ENABLE_POSTGREY=1
+ - ENABLE_POSTGREY=0
- ENABLE_FAIL2BAN=1
- SPOOF_PROTECTION=1
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-23 19:42:15 +0000