Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-mailu/vars/configuration.yml
+++ b/roles/web-app-mailu/vars/configuration.yml
@@ -0,0 +1,33 @@
+version:                  "2024.06"                         # Docker Image Version
+oidc:
+  email_by_username:      true                              # If true, then the mail is set by the username. If wrong then the OIDC user email is used
+  enable_user_creation:   true                              # Users will be created if not existing
+domain:                   "{{primary_domain}}"              # The main domain from which mails will be send \ email suffix behind @                              
+features:
+  matomo:                 true
+  css:                    false
+  portfolio_iframe:       true                             # Deactivated mailu iframe loading until keycloak supports it
+  oidc:                   true
+  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
+domains:
+  canonical:
+    - "mail.{{ primary_domain }}"
+csp:
+  flags:
+    style-src:
+      unsafe-inline:        true
+    script-src-elem:
+      unsafe-inline:        true
+    script-src:
+      unsafe-inline:        true
+      unsafe-eval:          true
+rbac:
+  roles:
+    mail-bot:
+      description: "Has an token to send and recieve emails"
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/web-app-mailu/vars/mailu-dns.yml
+++ b/roles/web-app-mailu/vars/mailu-dns.yml
@@ -0,0 +1,41 @@
+# vars/mailu-dns.yml
+
+mailu_dns_zone: "{{ applications[application_id].domain }}"
+mailu_dns_ip:   "{{ networks.internet.ip4 }}"
+
+cloudflare_record_api_token: "{{ certbot_dns_api_token }}"
+
+mailu_dmarc_ruf:    "{{ applications[application_id].users.administrator.email }}"
+
+mailu_dkim_key_file: "{{ applications[application_id].domain }}.dkim.key"
+mailu_dkim_key_path: "/dkim/{{ mailu_dkim_key_file }}"
+
+mailu_dns_srv_records:
+  submission:
+    port: 587
+    priority: 20
+    weight: 1
+  submissions:
+    port: 465
+    priority: 20
+    weight: 1
+  imaps:
+    port: 993
+    priority: 20
+    weight: 1
+  imap:
+    port: 143
+    priority: 20
+    weight: 1
+  pop3s:
+    port: 995
+    priority: 20
+    weight: 1
+  pop3:
+    port: 110
+    priority: 20
+    weight: 1
+  autodiscover:
+    port: 443
+    priority: 20
+    weight: 1
--- a/roles/web-app-mailu/vars/main.yml
+++ b/roles/web-app-mailu/vars/main.yml
@@ -0,0 +1,14 @@
+application_id:           "mailu"
+
+# Database Configuration
+database_password:        "{{applications.mailu.credentials.database_password}}"
+database_type:            "mariadb"
+
+cert_mount_directory:     "{{docker_compose.directories.volumes}}certs/"
+
+# Use dedicated source for oidc if activated  
+# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
+docker_source:            "{{ 'ghcr.io/heviat' if applications | is_feature_enabled('oidc',application_id) else 'ghcr.io/mailu' }}"
+
+domain:                   "{{ domains | get_domain(application_id) }}"
+http_port:                "{{ ports.localhost.http[application_id] }}"