Basic Mailu mail server configuration.

.gitignore

@@ -0,0 +1 @@
+site.retry

group_vars/vault.yml

@@ -1,39 +1,42 @@
 $ANSIBLE_VAULT;1.1;AES256
-38386533303731643564366434373066323562643961323036663431666263356134376261366236
-3235353765353862623962353834356330633432376139610a636263313364313139303930346136
-36316630326435623564356364333532303136333031303833396331363438623031393730313036
-3037666466366434390a336231626561363166633032313339623839353266323538646166323137
-32363734373062383161366364616239316539643031653332363366303532656465646136396239
-61323736313532643036393539363466386164313138623434653634373563636332306131306561
-36363936613162313663353234356335646131306236666239316533613833353163623861386663
-65316161313961653235653564633933383366356231373535623362613134356262333565666331
-30313531663032613832643661303236643866323137373364313639613435336636356330653235
-34666165393637356463616462343634346436633635633239393830656361326232613265356565
-61303335646335353265313637653932383133343961373232613432663536633639323861396135
-63663930663537666165313731656265383632613065343362313662663563396433316634626134
-37306465633938636364396566373631326563396535366435323338653937613535363536643330
-30326533363431383830313435323632613762343936323938366236326665373532393636323438
-39396531656336343264663835653732623830306435646461316538336332343234376138633537
-31393362376130663832316132643338343636336461656665653039393730346532613239616430
-65303333623338636334656330396633356333616566383031373762626165366139373030656564
-35343061386265346464303237646530663438306531333834313466343933363363336564316261
-39613839366365376161616162636538333865623761306231366232666665336534613636303430
-33613361633637666136306563396538323761323333643764623466616163643135636238613566
-38666335366165316133313331623436366564316532393961313035356464616166363164356138
-38643762303138343264303664646538336661316439666662616232333738396531306165633166
-37376663383365396536303634393334373837353135386231303265636563346465396533326139
-34343465616663323935373861343461383630663230386164343337303932623134383361316561
-31613132313364663637656133393465666239666362663965623233366165393839343938376539
-31303330346365666339383334323937373231643861633637333638353630656566663334393936
-32313737636266323233313635396430326330393466343437313031306562656165616439333130
-35376636306133633030663137393364396636663338313630653366616237643061393166616330
-37646530363164616137363032323634393732326365646361313639653236383164373831326361
-37383038666365653562386531346134393638373165323563363464353834613066623837633061
-63356630313838323031646435333062396138613661643837613162653931626264653139656235
-30353830303838623837646131383138353333626264313262383366336532323934343539306231
-36623834623139386233653038623366613330386163626539376431613864656461323364373935
-33303839613462386433343163643461626535336461303765616536626539393239383634386532
-39633362653166393761623935613239306133346635623330393734656436376535333538366663
-66333132633965626434363033336432363034353438643439313362613339613134626134333236
-34363662386265303962316266613533373666613737663532356536383930636632323038393631
-6465393563633134363863333532343162303036663339326566
+30343263353163636636376538376330383038353737313137346436373536356539303237343532
+6137346636383666656161663166333532393931363535380a616131393636643336363061623736
+30303030653033653438316334313032386636653033343830313132613430326566636439366537
+6334363330363965310a623734666137373164316532333739633461366562303134373831353931
+63396432653461376136633530316663363763613466313563303334303465613734366537636231
+38633165613864363862616233323462316665386263376537636164316132356335303963306664
+65353230636139343638343633643763366131373536623939663532613631323137663865346465
+31613633333335663732303762383530373931656661306239313863316565366566343838616533
+62633936336531613039323231663933373863353035393461396463636330346237666136636331
+62643030376137656261356661316530343965646430313764323334623431303737663338326335
+37626134633163336234636337386463396238306639333166323338643732653338313662373431
+62323261663938396661656566353735663137636565383865613439656138633433623930383265
+39653133373534386364393034666637306466313865306637643063393130333837336566653266
+32333839313365373064373133336334393431623033636633306165396263656663376635366132
+33386134353365323434343231643032636536303832383738636466316663326536303430313630
+61613834306662366236326432333961633233663762616631363330333638363965643963333235
+63346134363334323139323031383030633939646537643562633066656162626131653764303632
+31316164346662623462663966656636376130633066313763613861613630383564613738363330
+35393839643235383038323737303338383939613734656436656664323235653661623832326661
+62376564363131393233623464343636323065643138333638623531666663613633346336626237
+39313134326165616231656533346536343037393462373336323733666165623962666136643963
+36313434356266396163343164333966633930633665333166623562366535663439336563663137
+39343236326165666539633739326432393163346633326433396161346262623132336530393666
+64623464653363343261306635646561373766653263663033326661363136613162333833356534
+62323065366433326364653735366532626337303838313338663363356461373530363831343464
+64333536313031653939356639313666333261336163336362633263383662326434363534383733
+63396338303938376633623137346630656131653130373637376464343835663837666165643934
+64306134666338393335616332326337363933316433333034613161636433613133353830376636
+36303536306163336637633733356662303263633636646232626536653162396462306434653836
+36643363623866313137363033396531373436303330633133633738653864633063323132313066
+39343933626464623564363661323939643732663266323235376438393966656533383339656535
+30643432663764653662303831373962653436306666656461386565346534366566306363373531
+39633963326564386534353338336239326336383031393830373534396362336364386464666532
+38616464306137356438306232333031306263333363373638656132353534626631313138373930
+30356238656234663261323363366664386631656266653132323035656134356436313965613837
+30616238636461636237326639613736316339626237386333653738393530613330386137633530
+38613462613831366133613262366466303736336435366438373136363062383637326331666161
+65353265643365383931356164336564303838326464353765636265306563353965343432303733
+37333536316562636366393034353164326633333831623533393730376532303930613030613262
+62303238303766663135666363653834313435636234613738616238336238653233363031633331
+6266

roles/mail_server_docker/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: docker_compose
+  - role: web_server

roles/mail_server_docker/tasks/main.yml

@@ -0,0 +1,76 @@
+- name: create configuration file directoroy
+  file: path=/etc/mailu state=directory
+  tags:
+    - mail_server_docker
+
+- name: write configuration file
+  template:
+    src: configuration.j2
+    dest: /etc/mailu/config
+    mode: 0600
+  tags:
+    - mail_server_docker
+
+- name: run mail server containers
+  docker_service:
+    project_name: mail_server
+    pull: yes
+    definition:
+      version: '3'
+      services:
+        redis:
+          image: redis:alpine
+          restart: always
+          volumes:
+            - "/var/lib/mailu/redis:/data"
+        imap:
+          image: mailu/dovecot:{{ mail_server_mailu_version }}
+          restart: always
+          env_file: /etc/mailu/config
+          volumes:
+            - "/var/lib/mailu/data:/data"
+            - "/var/lib/mailu/mail:/mail"
+            - "/var/lib/mailu/overrides:/overrides"
+        smtp:
+          image: mailu/postfix:{{ mail_server_mailu_version }}
+          restart: always
+          env_file: /etc/mailu/config
+          volumes:
+            - "/var/lib/mailu/data:/data"
+            - "/var/lib/mailu/overrides:/overrides"
+        antispam:
+          image: mailu/rspamd:{{ mail_server_mailu_version }}
+          restart: always
+          env_file: /etc/mailu/config
+          volumes:
+            - "/var/lib/mailu/filter:/var/lib/rspamd"
+            - "/var/lib/mailu/dkim:/dkim"
+            - "/var/lib/mailu/overrides/rspamd:/etc/rspamd/override.d"
+        admin:
+          image: mailu/admin:{{ mail_server_mailu_version }}
+          restart: always
+          env_file: /etc/mailu/config
+          environment:
+            VIRTUAL_HOST: "{{ mail_server_hostname }}"
+            LETSENCRYPT_HOST: "{{ mail_server_hostname }}"
+            LETSENCRYPT_EMAIL: "{{ admin_email }}"
+          volumes:
+            - "/var/lib/mailu/data:/data"
+            - "/var/lib/mailu/dkim:/dkim"
+            - /var/run/docker.sock:/var/run/docker.sock:ro
+          expose:
+            - "80"
+          depends_on:
+            - redis
+        fetchmail:
+          image: mailu/fetchmail:{{ mail_server_mailu_version }}
+          restart: always
+          env_file: /etc/mailu/config
+          volumes:
+            - "/var/lib/mailu/data:/data"
+      networks:
+        default:
+          external:
+            name: shared
+  tags:
+    - mail_server_docker

roles/mail_server_docker/templates/configuration.j2

@@ -0,0 +1,115 @@
+# Mailu main configuration file
+#
+# Most configuration variables can be modified through the Web interface,
+# these few settings must however be configured before starting the mail
+# server and require a restart upon change.
+
+###################################
+# Common configuration variables
+###################################
+
+# Set this to the path where Mailu data and configuration is stored
+ROOT=/var/lib/mailu
+
+# Mailu version to run (1.0, 1.1, etc. or master)
+VERSION={{ mail_server_mailu_version }}
+
+# Set to a randomly generated 16 bytes string
+SECRET_KEY={{ mail_server_secret_key }}
+
+# Address where listening ports should bind
+BIND_ADDRESS4=127.0.0.1
+BIND_ADDRESS6=::1
+
+# Main mail domain
+DOMAIN={{ mail_server_hostname }}
+
+# Hostnames for this server, separated with comas
+HOSTNAMES={{ mail_server_public_hostnames | join(',') }}
+
+# Postmaster local part (will append the main mail domain)
+POSTMASTER=admin
+
+# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail)
+TLS_FLAVOR=letencrypt
+
+# Authentication rate limit (per source IP address)
+AUTH_RATELIMIT=10/minute;1000/hour
+
+# Opt-out of statistics, replace with "True" to opt out
+DISABLE_STATISTICS=True
+
+###################################
+# Optional features
+###################################
+
+# Expose the admin interface (value: true, false)
+ADMIN=true
+
+# Choose which webmail to run if any (values: roundcube, rainloop, none)
+WEBMAIL=none
+
+# Dav server implementation (value: radicale, none)
+WEBDAV=none
+
+# Antivirus solution (value: clamav, none)
+ANTIVIRUS=none
+
+###################################
+# Mail settings
+###################################
+
+# Message size limit in bytes
+# Default: accept messages up to 50MB
+MESSAGE_SIZE_LIMIT=50000000
+
+# Networks granted relay permissions, make sure that you include your Docker
+# internal network (default to 172.17.0.0/16)
+RELAYNETS=172.16.0.0/12
+
+# Will relay all outgoing mails if configured
+RELAYHOST=
+
+# Fetchmail delay
+FETCHMAIL_DELAY=600
+
+# Recipient delimiter, character used to delimiter localpart from custom address part
+# e.g. localpart+custom@domain;tld
+RECIPIENT_DELIMITER=-
+
+# DMARC rua and ruf email
+DMARC_RUA=admin
+DMARC_RUF=admin
+
+# Weclome email, enable and set a topic and body if you wish to send welcome
+# emails to all users.
+WELCOME=false
+WELCOME_SUBJECT=Welcome to your new email account
+WELCOME_BODY=Welcome to your new email account. If you can read this, then it is configured properly!
+
+###################################
+# Web settings
+###################################
+
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
+# Website name
+SITENAME=Mail
+
+# Linked Website URL
+WEBSITE=https://{{ mail_server_hostname }}
+
+###################################
+# Advanced settings
+###################################
+
+# Docker-compose project name, this will prepended to containers names.
+COMPOSE_PROJECT_NAME=mail_server
+
+# Default password scheme used for newly created accounts and changed passwords
+# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
+PASSWORD_SCHEME=SHA512-CRYPT

roles/web_server/tasks/main.yml

@@ -35,6 +35,10 @@
             - /etc/nginx/vhost.d:/etc/nginx/vhost.d
             - /etc/nginx/htpasswd:/etc/nginx/htpasswd:ro
             - /usr/share/nginx/html:/usr/share/nginx/html
+          networks:
+            default:
+              aliases:
+                - front  # For mailu.
         nginx-docker-gen:
           image: jwilder/docker-gen
           restart: always

site.yml

@@ -40,6 +40,8 @@
 - hosts: apps.torsion.org
   vars_files:
     - group_vars/vault.yml
+  vars:
+    admin_email: webmaster@torsion.org
   roles:
     - common
     - role: backup_docker
@@ -48,18 +50,22 @@
       backup_ssh_key_file: apps-root
       backup_known_hosts_key_file: rsync-net
       backup_encryption_passphrase: "{{ backup_encryption_passphrase_apps }}"
+    - role: mail_server_docker
+      mail_server_hostname: mail2.torsion.org
+      mail_server_secret_key: "{{ mail_server_secret_key_apps }}"
+      mail_server_public_hostnames:
+        - torsion.org
+        - luminotes.com
+        - coderific.com
+      mail_server_mailu_version: 1.5.1
     - role: calendar_server
       calendar_server_hostname: calendar.torsion.org
-      admin_email: webmaster@torsion.org
     - role: mediagoblin
       mediagoblin_from_email: media@torsion.org
       mediagoblin_hostname: media.torsion.org
       mediagoblin_email_host: mail.torsion.org
       mediagoblin_email_port: 465
-      admin_email: webmaster@torsion.org
     - role: gitea
       gitea_hostname: projects.torsion.org
-      admin_email: webmaster@torsion.org
     - role: container_dashboard
       container_dashboard_hostname: apps.torsion.org
-      admin_email: webmaster@torsion.org