playbooks/roles/mail/templates/docker-compose.yml.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

version: '3'

services:
  roundcube:
    image: roundcube/roundcubemail:latest
    restart: always
    logging:
      driver: "json-file"
      options:
          max-size: "200m"
    volumes:
      - ./docker-data/roundcube/www:/var/www/html
      - ./docker-data/roundcube/db/sqlite:/var/roundcube/db
      - ./docker-data/roundcube/config:/var/roundcube/config
    ports:
      - 127.0.0.1:9002:80
    environment:
      - ROUNDCUBEMAIL_DB_TYPE=sqlite
      - ROUNDCUBEMAIL_SKIN=elastic
      - ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }}
      - ROUNDCUBEMAIL_DEFAULT_HOST={{ roundcube_default_host }}
      - ROUNDCUBEMAIL_DEFAULT_PORT={{ roundcube_default_port }}
      - ROUNDCUBEMAIL_SMTP_SERVER={{ roundcube_smtp_host }}
      - ROUNDCUBEMAIL_SMTP_PORT={{ roundcube_smtp_port }}

  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    hostname: {{ mail_domain }}
    logging:
      driver: "json-file"
      options:
          max-size: "200m"
    restart: always
    cap_add:
      - NET_ADMIN
    ports:
      - 0.0.0.0:25:25
      - 0.0.0.0:465:465
      - 0.0.0.0:587:587
      - 0.0.0.0:993:993
      - 0.0.0.0:4190:4190
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - ./docker-data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext
      - /etc/letsencrypt:/etc/letsencrypt:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - SSL_TYPE=letsencrypt
      - ENABLE_CLAMAV=0
      - ENABLE_AMAVIS=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_SASLAUTHD=1
      - ENABLE_MANAGESIEVE=1
      - ENABLE_POSTGREY=0

      - SPOOF_PROTECTION=1
      - ACCOUNT_PROVISIONER=LDAP
      - LDAP_SERVER_HOST={{ ldap_server_host }}
      - LDAP_SEARCH_BASE={{ ldap_search_base }}
      - LDAP_BIND_DN={{ ldap_bind_dn }}
      - LDAP_BIND_PW={{ email_ldap_api_token }}

      - LDAP_QUERY_FILTER_USER={{ ldap_query_filter_user }}
      - LDAP_QUERY_FILTER_GROUP={{ ldap_query_filter_group }}
      - LDAP_QUERY_FILTER_ALIAS={{ ldap_query_filter_alias }}
      - LDAP_QUERY_FILTER_DOMAIN={{ ldap_query_filter_domain }}
      - LDAP_QUERY_FILTER_SENDERS={{ ldap_query_filter_senders }}

      - POSTMASTER_ADDRESS={{ postmaster_email }}

      - ENABLE_SASLAUTHD=1
      - SASLAUTHD_MECHANISMS=ldap
      - SASLAUTHD_LDAP_FILTER={{ sasl_ldap_filter }} 

      - ENABLE_OAUTH2=1
      - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }}
      - PERMIT_DOCKER=host #fix SPF fail by copying the IPv4 of the docker container into the postfix cfg
    extra_hosts:
      - {{ ldap_server }}:{{ ldap_intranet }}