Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • infrastruktur/ansible-warpzone
  • specki/ansible-warpzone
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 526 additions and 474 deletions
webserver/docker_gitlab/templates/conf/gitlab.rb
View file @ 23d51aff
......@@ -116,8 +116,8 @@ gitlab_rails['gitlab_email_enabled'] = true
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
gitlab_rails['gitlab_email_from'] = '{{ noreply_email_user }}'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab Warpzone'
gitlab_rails['gitlab_email_from'] = 'gitlab@{{ smtp_domain }}'
gitlab_rails['gitlab_email_display_name'] = 'Warpzone Gitlab'
gitlab_rails['gitlab_email_reply_to'] = '{{ noreply_email_user }}'
### GitLab user privileges
......
webserver/docker_icinga/tasks/main.yml
View file @ 23d51aff
......@@ -8,6 +8,7 @@
- { path: "{{ basedir }}/icinga_api_pass", length: 8 }
- { path: "{{ basedir }}/mysql_admin_pass", length: 12 }
- { path: "{{ basedir }}/mysql_user_pass", length: 12 }
- { path: "{{ basedir }}/matrix_notification_access_token", length: -1 }
- name: pakete installieren
......
webserver/docker_icinga/templates/Dockerfile
View file @ 23d51aff
......@@ -48,3 +48,9 @@ RUN cd /opt/ \
&& git clone https://github.com/elberfeld/check_metric_value.git \
&& cd /opt/check_metric_value/ \
&& git checkout b94d3c3e78497a05e3b4520d33421f37e4d77985
# icinga2-matrix_notification - commit from 15.04.2012
RUN cd /opt/ \
&& git clone https://github.com/linuxmail/icinga2-matrix_notification \
&& cd /opt/icinga2-matrix_notification/ \
&& git checkout 99d2174a3b00e9a88648fe58bcd975368f69837d
webserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf
View file @ 23d51aff
/**
* Check MQTT values
*/
object CheckCommand "check_mqtt" {
import "plugin-check-command"
......@@ -33,6 +37,10 @@ object CheckCommand "check_mqtt" {
}
}
/**
* Check for Mail Blacklisting
*/
object CheckCommand "check_mail_blacklist" {
import "plugin-check-command"
......@@ -45,6 +53,9 @@ object CheckCommand "check_mail_blacklist" {
}
}
/**
* Check for Prometheus values
*/
object CheckCommand "check_metric_value" {
import "plugin-check-command"
......@@ -62,4 +73,138 @@ object CheckCommand "check_metric_value" {
"-w" = "$metric_warn$"
"-c" = "$metric_crit$"
}
}
\ No newline at end of file
}
/**
* Matrix Notification
*/
object NotificationCommand "matrix-host-notification" {
import "plugin-notification-command"
command = [ "/opt/icinga2-matrix_notification/scripts/matrix-host-notification.sh" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-m" = {
required = true
value = "$notification_matrix_room_id$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_hostoutput$"
}
"-s" = {
required = true
value = "$notification_hoststate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-x" = {
required = true
value = "$notification_matrix_server$"
}
"-y" = {
required = true
value = "$notification_matrix_token$"
}
}
vars.notification_address = "$address$"
vars.notification_address6 = "$address6$"
vars.notification_author = "$notification.author$"
vars.notification_comment = "$notification.comment$"
vars.notification_date = "$icinga.long_date_time$"
vars.notification_hostdisplayname = "$host.display_name$"
vars.notification_hostname = "$host.name$"
vars.notification_hostoutput = "$host.output$"
vars.notification_hoststate = "$host.state$"
vars.notification_type = "$notification.type$"
}
object NotificationCommand "matrix-service-notification" {
import "plugin-notification-command"
command = [ "/opt/icinga2-matrix_notification/scripts/matrix-service-notification.sh" ]
arguments += {
"-4" = {
required = true
value = "$notification_address$"
}
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-e" = {
required = true
value = "$notification_servicename$"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-m" = {
required = true
value = "$notification_matrix_room_id$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_serviceoutput$"
}
"-s" = {
required = true
value = "$notification_servicestate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-u" = {
required = true
value = "$notification_servicedisplayname$"
}
"-x" = {
required = true
value = "$notification_matrix_server$"
}
"-y" = {
required = true
value = "$notification_matrix_token$"
}
}
vars.notification_address = "$address$"
vars.notification_address6 = "$address6$"
vars.notification_author = "$notification.author$"
vars.notification_comment = "$notification.comment$"
vars.notification_date = "$icinga.long_date_time$"
vars.notification_hostdisplayname = "$host.display_name$"
vars.notification_hostname = "$host.name$"
vars.notification_servicedisplayname = "$service.display_name$"
vars.notification_serviceoutput = "$service.output$"
vars.notification_servicestate = "$service.state$"
vars.notification_type = "$notification.type$"
vars.notification_servicename = "$service.name$"
}
webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
View file @ 23d51aff
// https://github.com/linuxmail/icinga2-matrix_notification
/**
* Example Matrix.org apply rules.
* The "!<id>:matrix.org" needs to be replaced with the room ID
* for example "!SDFfskjfdszhdaslasdkjhdasd:matrix.org".
* Also a Matrix access token is required too.
*/
apply Notification "Matrix host problems" to Host {
import "matrix-host-notification"
user_groups = [ "icingaadmins" ]
vars.notification_matrix_server = "https://{{ matrix_notification_domain }}"
vars.notification_matrix_room_id = "{{ matrix_notification_room }}"
vars.notification_matrix_token = "{{ matrix_notification_access_token }}"
# Assign to all hosts
assign where host.address
}
apply Notification "Matrix service problems" to Service {
import "matrix-service-notification"
user_groups = [ "icingaadmins" ]
vars.notification_matrix_server = "https://{{ matrix_notification_domain }}"
vars.notification_matrix_room_id = "{{ matrix_notification_room }}"
vars.notification_matrix_token = "{{ matrix_notification_access_token }}"
# Assign to all services
assign where service.name
}
webserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf
View file @ 23d51aff
......@@ -81,3 +81,38 @@ template Notification "mail-service-notification" {
period = "24x7"
}
/**
* Provides default settings for Matrix.org service notifications.
*/
template Notification "matrix-host-notification" {
command = "matrix-host-notification"
states = [ Up, Down ]
types = [ Problem, Acknowledgement, Recovery, Custom,
FlappingStart, FlappingEnd,
DowntimeStart, DowntimeEnd, DowntimeRemoved ]
vars += {
// notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
notification_logtosyslog = false
}
// interval = 0s
period = "24x7"
}
template Notification "matrix-service-notification" {
command = "matrix-service-notification"
states = [ OK, Warning, Critical, Unknown ]
types = [ Problem, Acknowledgement, Recovery, Custom,
FlappingStart, FlappingEnd,
DowntimeStart, DowntimeEnd, DowntimeRemoved ]
vars += {
// notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
notification_logtosyslog = false
}
// interval = 0s
period = "24x7"
}
webserver/docker_keycloak/tasks/main.yml
View file @ 23d51aff
......@@ -2,6 +2,7 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/shared/noreply_email_pass, length: -1 }
- { path: /srv/keycloak/keycloak_admin_pass, length: 32 }
- { path: /srv/keycloak/postgres_user_pass, length: 24 }
......
webserver/docker_keycloak/templates/docker-compose.yml
View file @ 23d51aff
......@@ -6,7 +6,7 @@ services:
app:
# values set in configuration: noreply_email_user - noreply_email_pass - smtp_host - smtp_port
image: jboss/keycloak:16.1.1
restart: always
depends_on:
......@@ -31,7 +31,6 @@ services:
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
networks:
- default
- mail
- web
......@@ -64,7 +63,5 @@ services:
networks:
mail:
external: true
web:
external: true
webserver/docker_mail/defaults/main.yaml deleted 100644 → 0
View file @ e2fecf25
---
servicename: mail
basedir: /srv/mail
webserver/docker_mail/tasks/main.yaml
View file @ 23d51aff
......@@ -2,21 +2,23 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/mailcow_admin_pass", length: 28 }
- { path: "{{ basedir }}/secrets/mysql_mailcow_pass", length: 28 }
- { path: "{{ basedir }}/secrets/mysql_root_pass", length: 28 }
# mailman
- { path: "{{ basedir }}/secrets/mailu_secret_key", length: 32 }
- { path: "{{ basedir }}/secrets/mailu_admin_pass", length: 32 }
- { path: "{{ basedir }}/secrets/mailu_api_token", length: 32 }
- { path: "{{ basedir }}/secrets/mailu_db_pass", length: 28 }
- { path: "{{ basedir }}/secrets/roundcube_db_pass", length: 28 }
- { path: "{{ basedir }}/secrets/hyperkitty_api_key", length: 28 }
- { path: "{{ basedir }}/secrets/postgres_mailman_pass", length: 28 }
- { path: "{{ basedir }}/secrets/mailman_db_pass", length: 28 }
- { path: "{{ basedir }}/secrets/mailman_secret_key", length: 28 }
- { path: "{{ basedir }}/secrets/mailman_restapi_pass", length: 28 }
- { path: "{{ basedir }}/secrets/mysql_root_pass", length: 28 }
- name: pakete installieren
apt:
pkg: ['git', 'logrotate', 'openssl']
update_cache: no
state: present
# - name: pakete installieren
# apt:
# pkg: ['logrotate']
# update_cache: no
# state: present
- name: "create folder struct for {{ servicename }}"
......@@ -26,139 +28,78 @@
with_items:
- "{{ basedir }}"
- "{{ basedir }}/secrets"
# mailcow
- "{{ basedir }}/data/mysql"
- "{{ basedir }}/data/mysql-socket"
- "{{ basedir }}/data/redis"
- "{{ basedir }}/data/rspamd"
- "{{ basedir }}/data/solr"
- "{{ basedir }}/data/postfix"
- "{{ basedir }}/data/sogo-web"
- "{{ basedir }}/data/sogo-userdata-backup"
- "{{ basedir }}/data/xmpp-vol-1"
- "{{ basedir }}/data/xmpp-upload-vol-1"
# mailmann
- "{{ basedir }}/data/mailman-core"
- "{{ basedir }}/data/mailman-core/var"
- "{{ basedir }}/data/mailman-core/var/data"
- "{{ basedir }}/data/mailman-web"
- "{{ basedir }}/data/mailman-postgres"
- name: "create folder struct for {{ servicename }} with rights"
file:
path: "{{ item }}"
state: "directory"
owner: "5000"
group: "5000"
mode: "ugo+rwx"
with_items:
- "{{ basedir }}/data/crypt"
- "{{ basedir }}/data/vmail"
- "{{ basedir }}/data/vmail-index"
- name: check if git dir exists
stat:
path: "{{ basedir }}/mailcow-dockerized/.git"
register: mailcow_dotgit
- name: revert main.cf to avoid local changes
command: "git checkout data/conf/postfix/main.cf"
args:
chdir: "{{ basedir }}/mailcow-dockerized"
when: mailcow_dotgit.stat.exists == True
- name: Git checkout mailcow
git:
repo: 'https://github.com/mailcow/mailcow-dockerized.git'
dest: "{{ basedir }}/mailcow-dockerized"
version: d6a3094bcc8b3d748994978ca7e274301b39e583
# current version 2021-05-18
- name: Git checkout mailman-dockerized
git:
repo: 'https://github.com/maxking/docker-mailman.git'
dest: "{{ basedir }}/docker-mailman"
version: v0.4.4
# current version 2020-03-15
- name: "create folder struct for {{ servicename }} 3"
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}/mailcow-dockerized/data/assets/ssl/"
- name: check if DH Params exists
stat:
path: "{{ basedir }}/mailcow-dockerized/data/assets/ssl/dhparams.pem"
register: dhparams
- name: generate new DH Params
command: "openssl dhparam -out {{ basedir }}/mailcow-dockerized/data/assets/ssl/dhparams.pem 2048"
when: dhparams.stat.exists == False
- name: deploy mailcow config files
template:
dest: "{{ basedir }}/{{ item }}"
src: "{{ item }}"
mode: 0644
with_items:
- mailcow-dockerized/mailcow.conf
- mailcow-dockerized/docker-compose.override.yml
- mailcow-dockerized/data/conf/postfix/extra.cf
register: config_mailcow
- name: deploy mailman config files
- "{{ basedir }}/db"
- "{{ basedir }}/db-init"
- "{{ basedir }}/mailu"
- "{{ basedir }}/mailu/overrides"
- "{{ basedir }}/mailu/overrides/postfix"
- "{{ basedir }}/mailman-core"
- "{{ basedir }}/mailman-core/var"
- "{{ basedir }}/mailman-core/var/data"
- "{{ basedir }}/mailman-web"
# - "{{ basedir }}/mailman-db"
# - name: "create folder struct for {{ servicename }} with rights"
# file:
# path: "{{ item }}"
# state: "directory"
# owner: "5000"
# group: "5000"
# mode: "ugo+rwx"
# with_items:
# - "{{ basedir }}/data/crypt"
# - "{{ basedir }}/data/vmail"
# - "{{ basedir }}/data/vmail-index"
- name: "deploy {{ servicename }} config files"
template:
dest: "{{ basedir }}/{{ item }}"
src: "{{ item }}"
mode: 0644
with_items:
- docker-mailman/docker-compose.override.yml
- docker-mailman/nginx.conf
- data/mailman-core/mailman-extra.cfg
- data/mailman-web/settings_local.py
register: config_mailman
- name: deploy LogRotate configs
template:
src: "logrotate/{{item}}"
dest: "/etc/logrotate.d/{{item}}"
with_items:
- mailman-core
- mailman-web
# Start mailcow containers
- name: "stop {{ servicename }} (mailcow) docker"
- docker-compose.yml
- mailu.env
- mailman.env
- mailman-nginx.conf
- db-init/mailman.sql
- db-init/roundcube.sql
- mailu/overrides/postfix/postfix.cf
register: config
# - name: deploy LogRotate configs
# template:
# src: "logrotate/{{item}}"
# dest: "/etc/logrotate.d/{{item}}"
# with_items:
# - mailman-core
# - mailman-web
# Start containers
- name: "stop {{ servicename }} docker"
docker_compose:
project_src: "{{ basedir }}/mailcow-dockerized"
project_src: "{{ basedir }}"
state: absent
when: config_mailcow.changed
when: config.changed
- name: "start {{ servicename }} (mailcow) docker"
- name: "start {{ servicename }} docker"
docker_compose:
project_src: "{{ basedir }}/mailcow-dockerized"
project_src: "{{ basedir }}"
state: present
# Start mailman containers
- name: "stop {{ servicename }} (mailman) docker"
docker_compose:
project_src: "{{ basedir }}/docker-mailman"
state: absent
when: config_mailcow.changed
- name: "start {{ servicename }} (mailman) docker"
docker_compose:
project_src: "{{ basedir }}/docker-mailman"
state: present
# - name: "stop {{ servicename }} (mailman) docker"
# docker_compose:
# project_src: "{{ basedir }}/docker-mailman"
# state: absent
# when: config_mailcow.changed
# - name: "start {{ servicename }} (mailman) docker"
# docker_compose:
# project_src: "{{ basedir }}/docker-mailman"
# state: present
webserver/docker_mail/templates/data/mailman-core/mailman-extra.cfg deleted 100644 → 0
View file @ e2fecf25
[mailman]
site_owner: listmaster@warpzone.ms
[mta]
remove_dkim_headers: yes
webserver/docker_mail/templates/data/mailman-web/settings_local.py deleted 100644 → 0
View file @ e2fecf25
from settings import *
import socket
# Archivierung für Mailman-Core Container erlauben
MAILMAN_ARCHIVER_FROM = (socket.gethostbyname('mailman-core'),)
# disable social logins (google, facebook, etc. )
INSTALLED_APPS = [a for a in INSTALLED_APPS if not
a.startswith('allauth.socialaccount.providers') and not
a.startswith('django_mailman3.lib.auth.fedora')]
# Mail backend settings
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'postfix'
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
DEFAULT_FROM_EMAIL = 'listmaster@warpzone.ms'
SERVER_EMAIL = 'listmaster@warpzone.ms'
webserver/docker_mail/templates/db-init/mailman.sql 0 → 100644
View file @ 23d51aff
CREATE DATABASE IF NOT EXISTS mailman;
CREATE USER IF NOT EXISTS mailman@'%' IDENTIFIED BY '{{ mailman_db_pass }}';
GRANT ALL ON mailman.* TO mailman@'%';
FLUSH PRIVILEGES;
webserver/docker_mail/templates/db-init/roundcube.sql 0 → 100644
View file @ 23d51aff
CREATE DATABASE IF NOT EXISTS roundcube;
CREATE USER IF NOT EXISTS roundcube@'%' IDENTIFIED BY '{{ roundcube_db_pass }}';
GRANT ALL ON roundcube.* TO roundcube@'%';
FLUSH PRIVILEGES;
webserver/docker_mail/templates/docker-compose.yml 0 → 100644
View file @ 23d51aff
version: '2.2'
services:
# External dependencies
redis:
image: redis:alpine
restart: always
volumes:
- "{{ basedir }}/mailu/redis:/data"
depends_on:
- resolver
dns:
- 192.168.203.254
# Certdumper
certdumper:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}traefik-certdumper:${MAILU_VERSION:-2.0}
restart: always
environment:
- DOMAIN={{ mailserver }}
- TRAEFIK_VERSION=v2
volumes:
- "/srv/traefik:/traefik"
- "{{ basedir }}/mailu/certs:/output"
# Core services
front:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2.0}
restart: always
depends_on:
- db
- resolver
env_file: mailu.env
ports:
- "25:25" #smtp
- "465:465" #submissions
- "587:587" #submission
- "143:143" #imap
- "993:993" #imaps
volumes:
- "{{ basedir }}/mailu/certs:/certs"
- "{{ basedir }}/mailu/overrides/nginx:/overrides:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ servicename }}.entrypoints=websecure"
- "traefik.http.routers.{{ servicename }}.rule=Host(`{{ mailserver }}`)"
- "traefik.http.routers.{{ servicename }}.tls"
- "traefik.http.routers.{{ servicename }}.tls.certresolver=letsencrypt"
- "traefik.http.routers.{{ servicename }}.tls.domains[0].main={{ domain }}"
- "traefik.http.routers.{{ servicename }}.tls.domains[0].sans={{ mailserver }}"
- "traefik.http.routers.{{ servicename }}.service={{ servicename }}"
- "traefik.http.services.{{ servicename }}.loadbalancer.server.port=80"
networks:
- default
- web
dns:
- 192.168.203.254
resolver:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2.0}
env_file: mailu.env
restart: always
networks:
default:
ipv4_address: 192.168.203.254
admin:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2.0}
restart: always
depends_on:
- db
- redis
- resolver
env_file: mailu.env
volumes:
- "{{ basedir }}/mailu/data:/data"
- "{{ basedir }}/mailu/dkim:/dkim"
dns:
- 192.168.203.254
imap:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2.0}
restart: always
depends_on:
- db
- front
- resolver
env_file: mailu.env
volumes:
- "{{ basedir }}/mailu/mail:/mail"
- "{{ basedir }}/mailu/overrides/dovecot:/overrides:ro"
dns:
- 192.168.203.254
smtp:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2.0}
restart: always
depends_on:
- db
- front
- resolver
- mailman-core
env_file: mailu.env
volumes:
- "{{ basedir }}/mailu/mailqueue:/queue"
- "{{ basedir }}/mailu/overrides/postfix:/overrides:ro"
- "{{ basedir }}/mailman-core/var/data:/opt/mailman:ro"
dns:
- 192.168.203.254
oletools:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2.0}
hostname: oletools
restart: always
depends_on:
- resolver
networks:
- noinet
dns:
- 192.168.203.254
antispam:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2.0}
hostname: antispam
restart: always
depends_on:
- front
- redis
- oletools
- resolver
env_file: mailu.env
volumes:
- "{{ basedir }}/mailu/filter:/var/lib/rspamd"
- "{{ basedir }}/mailu/overrides/rspamd:/overrides:ro"
networks:
default:
ipv4_address: 192.168.203.253
noinet:
dns:
- 192.168.203.254
# Optional mailu services: Database
db:
image: mariadb:10.5
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
restart: always
volumes:
- "{{ basedir }}/db:/var/lib/mysql"
- "{{ basedir }}/db-init:/docker-entrypoint-initdb.d:ro"
environment:
- MYSQL_DATABASE=mailu
- MYSQL_USER=mailu
- MYSQL_PASSWORD={{ mailu_db_pass }}
- MYSQL_ROOT_PASSWORD={{ mysql_root_pass }}
# Optional mailu services: Webmail
webmail:
image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2.0}
restart: always
depends_on:
- front
env_file: mailu.env
volumes:
- "{{ basedir }}/mailu/webmail:/data"
- "{{ basedir }}/mailu/overrides/roundcube:/overrides:ro"
# Additional Services: mailman
mailman-core:
image: maxking/mailman-core:0.4
restart: always
env_file: mailman.env
depends_on:
- db
volumes:
- "{{ basedir }}/mailman-core:/opt/mailman:rw,z"
mailman-web:
image: maxking/mailman-web:0.4
restart: always
env_file: mailman.env
depends_on:
- db
volumes:
- "{{ basedir }}/mailman-web:/opt/mailman-web-data:rw,z"
mailman-nginx:
image: nginx:1.19
restart: always
depends_on:
- mailman-web
volumes:
- "{{ basedir }}/mailman-web/:/opt/mailman-web-data:ro,z"
- "{{ basedir }}/mailman-nginx.conf:/etc/nginx/conf.d/default.conf:ro"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}-mailman.rule=Host(`{{ listserver }}`)
- traefik.http.routers.{{ servicename }}-mailman.entrypoints=websecure
- traefik.http.services.{{ servicename }}-mailman.loadbalancer.server.port=80
networks:
- default
- web
networks:
default:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
# must be a ULA range
- subnet: fd00:dead:beef:25::/64
- subnet: 192.168.203.0/24
noinet:
driver: bridge
internal: true
web:
external: true
webserver/docker_mail/templates/docker-mailman/docker-compose.override.yml deleted 100644 → 0
View file @ e2fecf25
version: '2'
services:
mailman-core:
container_name: mail_mailman-core
restart: always
volumes:
- "{{ basedir }}/data/mailman-core:/opt/mailman:rw,z"
environment:
- DATABASE_URL=postgres://mailman:{{ postgres_mailman_pass }}@database/mailmandb
- MTA=postfix
- MM_HOSTNAME=mailman-core-mail
- SMTP_HOST=postfix
- SMTP_PORT=25
- MAILMAN_REST_USER=mailman
- MAILMAN_REST_PASSWORD={{ mailman_restapi_pass }}
- HYPERKITTY_URL=http://mailman-web:8000/hyperkitty
- HYPERKITTY_API_KEY={{ hyperkitty_api_key }}
networks:
mailman:
aliases:
- mailman-core
mail:
aliases:
- mailman-core
- mailman-core-mail
mailman-web:
container_name: mail_mailman-web
restart: always
volumes:
- "{{ basedir }}/data/mailman-web:/opt/mailman-web-data:rw,z"
environment:
- DATABASE_URL=postgres://mailman:{{ postgres_mailman_pass }}@database/mailmandb
- HYPERKITTY_API_KEY={{ hyperkitty_api_key }}
- SECRET_KEY={{ mailman_secret_key }}
- SERVE_FROM_DOMAIN=listserver.warpzone.ms
- MAILMAN_REST_URL=http://mailman-core-mail:8001
- MAILMAN_REST_USER=mailman
- MAILMAN_REST_PASSWORD={{ mailman_restapi_pass }}
networks:
- mail
- mailman
nginx:
container_name: mail_mailman-nginx
image: nginx:1.19
restart: always
depends_on:
- mailman-web
volumes:
- "{{ basedir }}/data/mailman-web/:/opt/mailman-web-data:ro,z"
- "{{ basedir }}/docker-mailman/nginx.conf:/etc/nginx/conf.d/default.conf:ro"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}-mailman.rule=Host(`listserver.warpzone.ms`) || Host(`lists.warpzone.ms`)
- traefik.http.routers.{{ servicename }}-mailman.entrypoints=websecure
- traefik.http.services.{{ servicename }}-mailman.loadbalancer.server.port=80
networks:
- mailman
- web
database:
container_name: mail_mailman-db
restart: always
environment:
- POSTGRES_PASSWORD={{ postgres_mailman_pass }}
volumes:
- "{{ basedir }}/data/mailman-postgres:/var/lib/postgresql/data"
networks:
- mailman
networks:
mailman:
driver: bridge
ipam:
driver: default
mail:
external: true
web:
external: true
webserver/docker_mail/templates/logrotate/mailman-core deleted 100644 → 0
View file @ e2fecf25
/srv/mail/data/mailman-core/var/logs/*.log {
rotate 12
monthly
compress
missingok
notifempty
}
webserver/docker_mail/templates/logrotate/mailman-web deleted 100644 → 0
View file @ e2fecf25
/srv/mail/data/mailman-web/logs/*.log {
rotate 12
monthly
compress
missingok
notifempty
}
webserver/docker_mail/templates/mailcow-dockerized/data/conf/postfix/extra.cf deleted 100644 → 0
View file @ e2fecf25
# Support the default VERP delimiter.
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
owner_request_special = no
# use relay_recipient_maps instead of local_recipient_maps
relay_recipient_maps =
regexp:/opt/mailman/postfix_lmtp
# Wert aus main.cf übernommen und ergänzt
transport_maps =
pcre:/opt/postfix/conf/custom_transport.pcre,
pcre:/opt/postfix/conf/local_transport,
proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
regexp:/opt/mailman/postfix_lmtp
# Wert aus main.cf übernommen und ergänzt
relay_domains =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
regexp:/opt/mailman/postfix_domains
webserver/docker_mail/templates/mailcow-dockerized/docker-compose.override.yml deleted 100644 → 0
View file @ e2fecf25
version: '2.1'
services:
# Export der Letsencrypt-Zertifikate von traefik zur Verwendung in Postfix und Dovecot
traefik-certdumper:
image: humenius/traefik-certs-dumper
restart: always
network_mode: none
command: --restart-containers mail_dovecot-mailcow_1,mail_postfix-mailcow_1,mail_nginx-mailcow_1,mail_watchdog-mailcow_1
volumes:
# mount the folder which contains Traefik's `acme.json' file
- /srv/traefik/acme.json:/traefik/acme.json:ro
# mount mailcow's SSL folder
- ./data/assets/ssl/:/output:rw
# Docker API for Container restart
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
# only change this, if you're using another domain for mailcow's web frontend compared to the standard config
- DOMAIN=${MAILCOW_HOSTNAME}
# Prometheus Postfix Exporter
postfix-exporter:
image: unikum/postfix_exporter:latest
restart: always
depends_on:
- postfix-mailcow
ports:
- "{{ int_ip4 }}:9154:9154"
volumes:
- "postfix-vol-1:/var/spool/postfix:z"
# Labels für traefik Konfiguration
# Der Container nginx-mailcow benötigt zusätzlich den Alias sogo, damit der Container wegfallen kann
nginx-mailcow:
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}-mailcow.rule=Host(`${MAILCOW_HOSTNAME}`) || Host(`mail.warpzone.ms`)
- traefik.http.routers.{{ servicename }}-mailcow.entrypoints=websecure
- traefik.http.services.{{ servicename }}-mailcow.loadbalancer.server.port=42012
networks:
mailcow-network:
aliases:
- nginx
- sogo
- ejabberd
web:
aliases:
- mailcow
# Mailman konfiguration in Postfix-Container mounten
# postfix ans mail netzwerk um mit mailman zu kommunizieren
postfix-mailcow:
volumes:
- "{{ basedir }}/data/mailman-core/var/data:/opt/mailman:rw,z"
networks:
mail:
aliases:
- postfix
# Container anpassen um start zu unterbinden
clamd-mailcow:
image: stakater/exit-container
restart: 'no'
sogo-mailcow:
image: stakater/exit-container
restart: 'no'
acme-mailcow:
image: stakater/exit-container
restart: 'no'
solr-mailcow:
image: stakater/exit-container
restart: 'no'
ejabberd-mailcow:
image: stakater/exit-container
restart: 'no'
# Externes Netzwerk
networks:
web:
external: true
mail:
external: true
# Volumes auf lokale Verzeichnise umlenken
volumes:
# Storage for email files
vmail-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/vmail"
# Storage for index (deduplicated)
vmail-index-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/vmail-index"
mysql-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/mysql"
mysql-socket-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/mysql-socket"
redis-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/redis"
rspamd-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/rspamd"
solr-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/solr"
postfix-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/postfix"
crypt-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/crypt"
sogo-web-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/sogo-web"
sogo-userdata-backup-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/sogo-userdata-backup"
xmpp-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/xmpp-vol-1"
xmpp-upload-vol-1:
driver: local
driver_opts:
o: bind
type: none
device: "{{ basedir }}/data/xmpp-upload-vol-1"