diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 9a7b71a..c70849d 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -22,6 +22,21 @@ src: mailu.env.j2 dest: "{{ mailu.volume_folder}}/mailu.env" +- name: hard link to Let's Encrypt TLS certificate + file: + src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem" + dest: "{{ mailu.volume_folder }}/certs/cert.pem" + state: hard + force: yes + + +- name: hard link to Let's Encrypt TLS key + file: + src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem" + dest: "{{ mailu.volume_folder }}/certs/key.pem" + state: hard + force: yes + - name: run mail server containers docker_service: project_name: mail_server @@ -35,15 +50,13 @@ volumes: - "{{ mailu.volume_folder }}/redis:/data" - postgresql: + database: image: mailu/postgresql:{{ mailu.version }} restart: always env_file: "{{ mailu.volume_folder}}/mailu.env" volumes: - "{{ mailu.volume_folder }}/data/psql_db:/data" - "{{ mailu.volume_folder }}/data/psql_backup:/backup" - networks: - - name: mailu front: image: mailu/nginx:{{ mailu.version }} diff --git a/roles/docker/templates/mailu.env.j2 b/roles/docker/templates/mailu.env.j2 index 7e00627..168fc93 100644 --- a/roles/docker/templates/mailu.env.j2 +++ b/roles/docker/templates/mailu.env.j2 @@ -32,13 +32,13 @@ SUBNET={{ mailu.subnet }} DOMAIN=data.coop # Hostnames for this server, separated with comas -HOSTNAMES=nem.li,kva.li +HOSTNAMES=mail.data.coop # Postmaster local part (will append the main mail domain) POSTMASTER=admin # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) -TLS_FLAVOR=letsencrypt +TLS_FLAVOR=mail # Authentication rate limit (per source IP address) AUTH_RATELIMIT=10/minute;1000/hour