diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
index a2385c5..b3d9480 100644
--- a/group_vars/all/secrets.yml
+++ b/group_vars/all/secrets.yml
@@ -1,46 +1,51 @@
 $ANSIBLE_VAULT;1.1;AES256
-30643964633738353062356235363564666438643964363861626362376232393632633865643432
-6334636639326630316531636138633165306461643336630a623832356137663233333030333031
-33383865313439623337333662653563303065303233373261303635373838353039303231386337
-3339336362393237640a336166343730656337616135663530623764633631393635343233313163
-31633335356633343666396363323064376561643938373065656230396331316163316237353032
-32303962366338646239363336316639646534323561653132616632613737643063643264633033
-61386134366165303736373736393532343236656230353533383035623330336464326536383739
-34616633633539316364363832346665623330333765363363323032303065396566333936366532
-35363966303066373632323330343738656139323961613431393031366162653761613231666236
-39616361636365653330623562613331363239356461316332653838623866663264376262386461
-39383332393665336365303566646234643437386233323163626539303937356230616430616137
-36643435396536363261623764663038626131333364386433666466356265643662653964666564
-39303864636664623839656130663739346131306634306638333361643061303730346262366361
-34643330303137373065373863386233386632636238376538303631393233333334303532393037
-34613034336633383866353063333563663035323435343866313335373061623732643236306534
-61343431646232396362633733643362366262326334313737336164323166363333643235383432
-32633530333031363634396336366165383064306161316233396435303461653736653235626632
-32313661643537376566396561346366366332303034613135666231323935386639623439353034
-36373934386464326631666663653165396561623034643736656239356639313564613363393962
-37376462623663623433653737646538666330373264633663353831363936356331336362333562
-62326235373331376238316165336166336464306636386536636236353534663935623561336130
-34633437306539626635356133383032623839343238313736313462323637363630626664626639
-63346531333764366266386564656532633035366661626266313861666263643038333762313762
-36303036666236636661316530313865373239643964323831346535303338326334356665326538
-32326530653364393864653636313734336533323063316363326134393737663765323138613539
-63396631626435616239306634373965666461666366393033363936303331613131613934393636
-61616138376665646137663938306637623461306230633431613036656462623131333331393032
-61333933386166356536346133396535383064626161343832633034386365626137373566353065
-39383037373239396163383330386363366434386537636430653865616561323833373239623863
-30633034353466626265623065326333376336386361653064303535363736653338333632343662
-33663332636263393963633562373763653132646361383263316262663663343262643131383337
-32666362313536313765663139356266643861396136353831383561653435353237663633613365
-64636136663632613337666639363861663731306330653433326264646237653235633332393863
-62316536303836353931643338626561656633383561373738623163383262323266643461313236
-64363531643433346635343132353037653234636437326461303465623532376532616430306639
-32636639636365313162663437363235636132663630396338616134316230336464666233643334
-65626333626538633039626666666663333866303936363365663437396663643032633065363239
-66376235373363393439323866616438343365366366633630623139663534646636633833393533
-36373961633162323236616630656165636666303135623331356335383331353532666665366531
-36626435303535653439613564353436343931666533353430336130363038336531373530303036
-34356130633666623733663937343463613861313533623338316538313930663738323032386266
-65306262373932396264366634646639396632363561663164666539643132303066346432323234
-66623166306565353937323265363265666663633234323137303934343937626165616131396362
-39336438323233643830663366636537396538623635666137306230316434383264383534383033
-31393839323336356465363563326539366364343962626666303963646261353965
+64346663666535326565323563373636363265386662643039373566303933353265623934336662
+3463623661616637636239323033386164383465373935340a653538333938626665366330636235
+32343439343561393234616164393835636566343234363963653938363832383363393030343638
+6266373436343637390a336133633139363065613332353563653261323763323733613135663465
+61366663313266656366663439343235306130356261633930316337653733396533643835643165
+63353564353338643362616132626632336232386162363236363637386333623839323633323763
+34343762386235633631623730636361336135353132393961643634393963636236313233363236
+30343662346165313132363730616461306638663137643538363463323932626436303864643738
+66643761616133623138396461633833353330336332336365306134333165333432653863393531
+35346266336236333133646164666133383736636537346261356331376131393233313434323934
+66336130323162333239636366313034653135653832306666313766653664336639646436343066
+37383833623936626330316337653465623762633639303163356338656638626364613436323564
+31316136323232396534653062313966353539356564633835363631633461383437623134386636
+32353933653630373363393063373865353663393234343065326435633931386534643934643237
+65356435303834303930356333353336653961373131323336613634333935303939343632666333
+62636564353036343933666331326630376236653563303031643331303336383461616638316236
+31353663336561613063303235303231656462313032656234616165366534303632383631303463
+64303530636434386235386333333636303865633061383434653433386437313634323834636635
+39653131633061376661643761663264353864323931333031323033396666646130616361333566
+61633436666461623262383336643032653463396230333466383239356530333538633533346161
+61373266306535393430636339653834383664633839656238636232353134633336323430623334
+33636334376163653665653039333564373237366261623038653337366334663831346663646165
+62613936326362363063643866663534363435646533333938333265633863666538663132633233
+63623236303162326163666435316136323932393836626435336466333566616438343663643933
+34623665306135373232386137356638373362326461396439323134396236623933663635396135
+30653661663039306236653861643932633938356665313665613261363335636338356364346263
+33643466333366633965353039646362313333356636323364336165616339393565386236613132
+34643332366338323765346333633065613638363365636634316564616136363431333964623231
+33373462373365663665386638633932363662383036613038393139633035313230396437373834
+32383763623364386436373031306136343963646133626263393266383139616662633461666263
+62646538326561313266656463303631613336376162363731616530383264343832383236373564
+39626530303337386531333965376333383364396464353262646531326535336561356365343135
+39353831653865306464623435623335376437333964663936386432376166343132646266393361
+64393838376464626363643335636439373765336637303562333437393239613534383232313833
+35636365303130373533663838396132386538386566326637366531666438373036323038643765
+32653761623735306130393366636238623534323937613131303665386533623030333036356361
+37326563616632346166366633383661633565346433366361373735663161633833626665366438
+61333035316339626262303264333139346263323762663731613832623663393831313431623265
+37666137303463623263363261303662303063353235306665613732393935346665386161643664
+31333831373761376530653239646139323564366666663662316362643265333365386632643164
+65376466663036656130633337376261343032366634343665363134323639616661613935353934
+33613139363233616433633133656633383535383435343438303464393063336665623632333866
+63393530623536323930316134363164653063333530353732323637646364643164643339343832
+66646233366239613833646430356635613231386338346464343964313062396166346338636438
+39643231623262303133333961636362653365326264326362616532303539326231303465363964
+61373730396439626132643766306532613462393065656332666133333536326537333161303961
+37353939343565363165646362316633366662373237346431373665316430323332663033333133
+34333165383138366438636435343636616265663730356564613866336130633732363930306334
+38393265656134663964333366306363663439666639623439393565326564366461366362393033
+3731616562313735396236313131333838623532393266376638
diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml
new file mode 100644
index 0000000..6d17acc
--- /dev/null
+++ b/roles/docker/tasks/services/mailu.yml
@@ -0,0 +1,115 @@
+---
+
+- name: create mailu volume folders
+  file:
+    name: "{{ mailu.volume_folder }}/{{ volume }}"
+    state: directory
+  loop:
+    - redis
+    - certs
+    - overrides
+    - data
+    - dkim
+    - mail
+    - filter
+    - dav
+    - webmail
+  loop_control:
+    loop_var: volume
+
+- name: mailu redis container
+  docker_container:
+    name: mailu_redis
+    image: redis:alpine
+    restart_policy: always
+    volumes:
+      - "{{ mailu.volume_folder }}/redis:/data"
+
+- name: mailu database container
+  docker_container:
+    image: mailu/postgresql:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder }}/data/psql_db:/data"
+      - "{{ mailu.volume_folder }}/data/psql_backup:/backup"
+
+- name: upload mailu.env file
+  template:
+    src: mailu.env.j2
+    dest: "{{ mailu.volume_folder}}/mailu.env"
+
+- name: mailu front container
+  docker_container:
+    name: mailu_front
+    image: mailu/nginx:1.6
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder }}/certs:/certs"
+      - "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
+
+- name: mailu admin container
+  docker_container:
+    image: mailu/admin:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/data:/data"
+      - "{{ mailu.volume_folder}}/dkim:/dkim"
+
+- name: mailu imap container
+  docker_container:
+    image: mailu/dovecot:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/mail:/mail"
+      - "{{ mailu.volume_folder}}/overrides:/overrides"
+
+- name: mailu smtp container
+  docker_container:
+    image: mailu/postfix:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/overrides:/overrides"
+
+- name: mailu antispam container
+  docker_container:
+    image: mailu/rspamd:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/filter:/var/lib/rspamd"
+      - "{{ mailu.volume_folder}}/dkim:/dkim"
+      - "{{ mailu.volume_folder}}/overrides/rspamd:/etc/rspamd/override.d"
+
+- name: mailu antivirus container
+  docker_container:
+    image: mailu/clamav:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/filter:/data"
+
+- name: mailu webdav container
+  docker_container:
+    image: mailu/radicale:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder}}/dav:/data"
+
+- name: mailu fetchmail container
+  docker_container:
+    image: mailu/fetchmail:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+
+- name: mailu webmail container
+  docker_container:
+    image: mailu/rainloop:1.6
+    restart_policy: always
+    env_file: "{{ mailu.volume_folder}}/mailu.env"
+    volumes:
+      - "{{ mailu.volume_folder }}/webmail:/data"
diff --git a/roles/docker/templates/mailu.env b/roles/docker/templates/mailu.env
new file mode 100644
index 0000000..527fa76
--- /dev/null
+++ b/roles/docker/templates/mailu.env
@@ -0,0 +1,160 @@
+# Mailu main configuration file
+#
+# Generated for compose flavor
+#
+# This file is autogenerated by the configuration management wizard.
+# For a detailed list of configuration variables, see the documentation at
+# https://mailu.io
+
+###################################
+# Common configuration variables
+###################################
+
+# Set this to the path where Mailu data and configuration is stored
+# This variable is now set directly in `docker-compose.yml by the setup utility
+# ROOT=/mailu
+
+# Mailu version to run (1.0, 1.1, etc. or master)
+#VERSION=1.6
+
+# Set to a randomly generated 16 bytes string
+SECRET_KEY={{ mailu_secret_key }}
+
+# Address where listening ports should bind
+# This variables are now set directly in `docker-compose.yml by the setup utility
+# PUBLIC_IPV4= 127.0.0.1 (default: 127.0.0.1)
+# PUBLIC_IPV6= ::1 (default: ::1)
+
+# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
+SUBNET=192.168.203.0/24
+
+# Main mail domain
+DOMAIN=data.coop
+
+# Hostnames for this server, separated with comas
+HOSTNAMES=nem.li,kva.li
+
+# Postmaster local part (will append the main mail domain)
+POSTMASTER=admin
+
+# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
+TLS_FLAVOR=letsencrypt
+
+# Authentication rate limit (per source IP address)
+AUTH_RATELIMIT=10/minute;1000/hour
+
+# Opt-out of statistics, replace with "True" to opt out
+DISABLE_STATISTICS=False
+
+###################################
+# Optional features
+###################################
+
+# Expose the admin interface (value: true, false)
+ADMIN=true
+
+# Choose which webmail to run if any (values: roundcube, rainloop, none)
+WEBMAIL=rainloop
+
+# Dav server implementation (value: radicale, none)
+WEBDAV=radicale
+
+# Antivirus solution (value: clamav, none)
+#ANTIVIRUS=clamav
+
+#Antispam solution
+ANTISPAM=none
+
+###################################
+# Mail settings
+###################################
+
+# Message size limit in bytes
+# Default: accept messages up to 50MB
+# Max attachment size will be 33% smaller
+MESSAGE_SIZE_LIMIT=50000000
+
+# Networks granted relay permissions
+# Use this with care, all hosts in this networks will be able to send mail without authentication!
+RELAYNETS=
+
+# Will relay all outgoing mails if configured
+RELAYHOST=
+
+# Fetchmail delay
+FETCHMAIL_DELAY=600
+
+# Recipient delimiter, character used to delimiter localpart from custom address part
+RECIPIENT_DELIMITER=+
+
+# DMARC rua and ruf email
+DMARC_RUA=admin
+DMARC_RUF=admin
+
+# Welcome email, enable and set a topic and body if you wish to send welcome
+# emails to all users.
+WELCOME=false
+WELCOME_SUBJECT=Welcome to your new email account
+WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
+
+# Maildir Compression
+# choose compression-method, default: none (value: bz2, gz)
+COMPRESSION=
+# change compression-level, default: 6 (value: 1-9)
+COMPRESSION_LEVEL=
+
+###################################
+# Web settings
+###################################
+
+# Path to redirect / to
+WEBROOT_REDIRECT=/webmail
+
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
+# Website name
+SITENAME=data.coop
+
+# Linked Website URL
+WEBSITE=https://mail.data.coop
+
+
+
+###################################
+# Advanced settings
+###################################
+
+# Log driver for front service. Possible values:
+# json-file (default)
+# journald (On systemd platforms, useful for Fail2Ban integration)
+# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
+# LOG_DRIVER=json-file
+
+# Docker-compose project name, this will prepended to containers names.
+COMPOSE_PROJECT_NAME=mailu
+
+# Default password scheme used for newly created accounts and changed passwords
+# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
+PASSWORD_SCHEME=BLF-CRYPT
+
+# Header to take the real ip from
+REAL_IP_HEADER=
+
+# IPs for nginx set_real_ip_from (CIDR list separated by commas)
+REAL_IP_FROM=
+
+# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
+REJECT_UNLISTED_RECIPIENT=
+
+# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
+LOG_LEVEL=WARNING
+
+###################################
+# Database settings
+###################################
+DB_FLAVOR=postgresql
+DB_PW={{ postgres_passwords.mailu }}