ansible/roles/docker/tasks/services/mailu.yml
2023-03-29 18:27:24 +02:00

182 lines
5.4 KiB
YAML

# vim: ft=yaml.ansible
---
- name: create mailu volume folders
file:
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
state: directory
loop:
- redis
- certs
- data
- dkim
- mail
- mailqueue
- filter
- postgres
- webmail
- overrides
- overrides/nginx
- overrides/dovecot
- overrides/postfix
- overrides/rspamd
- overrides/rainloop
loop_control:
loop_var: volume
- name: upload mailu.env file
template:
src: mailu.env.j2
dest: "{{ services.mailu.volume_folder }}/mailu.env"
- name: hard link to Let's Encrypt TLS certificate
file:
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard
force: yes
when: letsencrypt_enabled
- name: hard link to Let's Encrypt TLS key
file:
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard
force: yes
when: letsencrypt_enabled
- name: run mail server containers
docker_compose:
project_name: mail_server
pull: yes
definition:
version: '3.6'
services:
postgres:
image: postgres:14-alpine
restart: always
environment:
POSTGRES_DB: mailu
POSTGRES_USER: mailu
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
volumes:
- "{{ services.mailu.volume_folder }}/postgres:/var/lib/postgresql/data"
dns:
- "{{ services.mailu.dns }}"
redis:
image: redis:alpine
restart: always
volumes:
- "{{ services.mailu.volume_folder }}/redis:/data"
depends_on:
- resolver
dns:
- "{{ services.mailu.dns }}"
front:
image: mailu/nginx:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
environment:
VIRTUAL_HOST: "{{ services.mailu.domain }}"
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ services.mailu.volume_folder }}/certs:/certs"
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides:ro"
expose:
- "80"
ports:
- "993:993"
- "25:25"
- "587:587"
- "465:465"
networks:
- default
- external_services
resolver:
image: mailu/unbound:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
networks:
default:
ipv4_address: "{{ services.mailu.dns }}"
admin:
image: mailu/admin:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ services.mailu.volume_folder }}/data:/data"
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
depends_on:
- redis
- resolver
dns:
- "{{ services.mailu.dns }}"
imap:
image: mailu/dovecot:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
volumes:
- "{{ services.mailu.volume_folder }}/mail:/mail"
- "{{ services.mailu.volume_folder }}/overrides/dovecot:/overrides:ro"
depends_on:
- front
- resolver
dns:
- "{{ services.mailu.dns }}"
smtp:
image: mailu/postfix:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
volumes:
- "{{ services.mailu.volume_folder }}/mailqueue:/queue"
- "{{ services.mailu.volume_folder }}/overrides/postfix:/overrides:ro"
depends_on:
- front
- resolver
dns:
- "{{ services.mailu.dns }}"
antispam:
image: mailu/rspamd:{{ services.mailu.version }}
hostname: antispam
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
volumes:
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d:ro"
depends_on:
- front
- resolver
dns:
- "{{ services.mailu.dns }}"
webmail:
image: mailu/rainloop:{{ services.mailu.version }}
restart: always
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
volumes:
- "{{ services.mailu.volume_folder }}/webmail:/data"
- "{{ services.mailu.volume_folder }}/overrides/rainloop:/overrides:ro"
depends_on:
- imap
- resolver
dns:
- "{{ services.mailu.dns }}"
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: "{{ services.mailu.subnet }}"
external_services:
external:
name: external_services