blob: 5e424615e4b1a16e01c23340ef9dbe6a9d201776 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
services:
roundcube:
image: roundcube/roundcubemail:latest
volumes:
- "{{ mail_base }}/volumes/data/roundcube/db:/var/roundcube/db"
- "{{ mail_base }}/volumes/data/roundcube/config:/var/roundcube/config/"
environment:
- DEPLOYMENT_TIME={{ deployment_time }}
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN={{ roundcube_skin | default('elastic') }}
- ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }}
- ROUNDCUBEMAIL_COMPOSER_PLUGINS={{ roundcube_composer_plugins }}
- ROUNDCUBEMAIL_DEFAULT_HOST={{ roundcube_default_host }}
- ROUNDCUBEMAIL_DEFAULT_PORT={{ roundcube_default_port }}
- ROUNDCUBEMAIL_SMTP_SERVER={{ roundcube_smtp_host }}
- ROUNDCUBEMAIL_SMTP_PORT={{ roundcube_smtp_port }}
networks:
- proxy
- roundcube
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:80"]
timeout: 3s
interval: 30s
retries: 2
deploy:
mode: replicated
replicas: 1
labels:
- traefik.enable=true
- traefik.swarm.network=proxy
- traefik.http.routers.mail.tls=true
- traefik.http.routers.mail.tls.certResolver=letsencrypt
- traefik.http.routers.mail.rule=Host(`{{ mail_domain }}`)
- traefik.http.routers.mail.entrypoints=websecure
- traefik.http.services.mail.loadbalancer.server.port=80
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
hostname: "{{ mail_domain }}"
{% if homelab_build %}
command:
- /scripts/wait-for-cert.sh
healthcheck:
disable: true
{% else %}
healthcheck:
test: ["CMD-SHELL", "ss --listening --tcp | grep -P :smtp"]
interval: 3s
timeout: 2s
retries: 3
{% endif %}
ports:
- '25:25'
- '587:587'
- '465:465'
- '143:143'
- '993:993'
- '4190:4190'
- '110:110'
- '995:995'
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
failure_action: rollback
order: start-first
volumes:
- {{ mail_base }}/volumes/scripts/:/scripts/
- {{ mail_base }}/volumes/data/dms/vmail/:/var/mail/
- {{ mail_base }}/volumes/data/dms/mail-state/{{ deployment_time }}/:/var/mail-state/
- {{ mail_base }}/volumes/data/dms/mail-logs/:/var/log/mail/
- {{ mail_base }}/volumes/data/dms/config/:/tmp/docker-mailserver/
- {{ mail_base }}/volumes/data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext
- {{ letsencrypt_certs }}:/certs/:ro
- /etc/localtime:/etc/localtime:ro
environment:
- DEPLOYMENT_TIME={{ deployment_time }}
- SSL_TYPE=manual
- SSL_CERT_PATH=/certs/{{ mail_domain }}.pem
- SSL_KEY_PATH=/certs/{{ mail_domain }}.key
- ENABLE_CLAMAV=0
- ENABLE_AMAVIS=0
- ENABLE_SASLAUTHD=1
- ENABLE_MANAGESIEVE=1
- ENABLE_POSTGREY=0
- ENABLE_FAIL2BAN=1
- SPOOF_PROTECTION=1
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST={{ ldap_server_host }}
- LDAP_SEARCH_BASE={{ ldap_search_base }}
- LDAP_BIND_DN={{ ldap_bind_dn }}
- LDAP_BIND_PW={{ email_ldap_api_token }}
- LDAP_QUERY_FILTER_USER={{ ldap_query_filter_user }}
- LDAP_QUERY_FILTER_GROUP={{ ldap_query_filter_group }}
- LDAP_QUERY_FILTER_ALIAS={{ ldap_query_filter_alias }}
- LDAP_QUERY_FILTER_DOMAIN={{ ldap_query_filter_domain }}
- LDAP_QUERY_FILTER_SENDERS={{ ldap_query_filter_senders }}
- SASLAUTHD_MECHANISMS=rimap
- SASLAUTHD_MECH_OPTIONS=127.0.0.1
- ENABLE_OAUTH2=1
- OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }}
- DEFAULT_RELAY_HOST={{ default_relay_host }}
- RELAY_USER={{ relay_user }}
- RELAY_PASSWORD={{ relay_password }}
- POSTMASTER_ADDRESS={{ postmaster_email }}
networks:
roundcube:
proxy:
external: true
|
