Mailu/Redis: add explicit service resource limits & clamav_db volume

- use lookup(template) for redis resource injection - add cpus/mem/pids configs for all Mailu services - switch antivirus to dedicated clamav_db volume - add MAILU_CLAMAV_VOLUME var - cleanup set service_name per service in docker-compose template https://chatgpt.com/share/68d3d69b-06f0-800f-8c4d-4a74471ab961
2025-10-09 10:18:11 +02:00 · 2025-09-24 13:31:54 +02:00
parent 567babfdfc
commit 8d6ebb4693
5 changed files with 86 additions and 10 deletions
--- a/roles/svc-db-redis/templates/service.yml.j2
+++ b/roles/svc-db-redis/templates/service.yml.j2
@@ -16,4 +16,5 @@
      retries: 30
    networks:
      - default
+    {{ lookup('template', 'roles/docker-container/templates/resource.yml.j2',vars={'service_name':'redis'}) | indent(4) }}
 {{ "\n" }}
--- a/roles/web-app-mailu/config/main.yml
+++ b/roles/web-app-mailu/config/main.yml
@@ -29,10 +29,73 @@ rbac:
      description: "Has an token to send and receive emails"
 docker:
  services:
-    redis:
-      enabled: true
-    database:
-      enabled: true
    mailu:
-      version:  "2024.06" # Docker Image Version
-      name:     mailu
+      version:            "2024.06"
+      name:               mailu
+    redis:
+      enabled:            true
+      cpus:               "0.2"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    database:
+      enabled:            true
+      cpus:               "0.8"
+      mem_reservation:    "1g"
+      mem_limit:          "2g"
+      pids_limit:         512
+    admin:
+      cpus:               "0.3"
+      mem_reservation:    "512m"
+      mem_limit:          "1g"
+      pids_limit:         512
+    imap:
+      cpus:               "0.5"
+      mem_reservation:    "1g"
+      mem_limit:          "1.5g"
+      pids_limit:         512
+    smtp:
+      cpus:               "0.5"
+      mem_reservation:    "1g"
+      mem_limit:          "1.5g"
+      pids_limit:         512
+    antispam:
+      cpus:               "0.6"
+      mem_reservation:    "1g"
+      mem_limit:          "1.5g"
+      pids_limit:         512
+    antivirus:
+      cpus:               "0.6"
+      mem_reservation:    "2g"
+      mem_limit:          "3g"
+      pids_limit:         512
+    oletools:
+      cpus:               "0.2"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    webdav:
+      cpus:               "0.2"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    fetchmail:
+      cpus:               "0.2"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    webmail:
+      cpus:               "0.3"
+      mem_reservation:    "512m"
+      mem_limit:          "1g"
+      pids_limit:         512
+    resolver:
+      cpus:               "0.2"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    front:
+      cpus:               "0.3"
+      mem_reservation:    "512m"
+      mem_limit:          "1g"
+      pids_limit:         512
--- a/roles/web-app-mailu/templates/docker-compose.yml.j2
+++ b/roles/web-app-mailu/templates/docker-compose.yml.j2
@@ -2,6 +2,7 @@

  # Core services
  resolver:
+{% set service_name = 'resolver' %}
    image: {{ MAILU_DOCKER_FLAVOR }}/unbound:{{ MAILU_VERSION }}
    container_name: {{ MAILU_CONTAINER }}_resolver
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -9,6 +10,7 @@
        ipv4_address: {{ MAILU_DNS_RESOLVER }}

  front:
+{% set service_name = 'front' %}
    container_name: {{ MAILU_CONTAINER }}_front
    image: {{ MAILU_DOCKER_FLAVOR }}/nginx:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -35,6 +37,7 @@
      - {{ MAILU_DNS_RESOLVER }}
      
  admin:
+{% set service_name = 'admin' %}
    container_name: {{ MAILU_CONTAINER }}_admin
    image: {{ MAILU_DOCKER_FLAVOR }}/admin:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -51,6 +54,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  imap:
+{% set service_name = 'imap' %}
    container_name: {{ MAILU_CONTAINER }}_imap
    image: {{ MAILU_DOCKER_FLAVOR }}/dovecot:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -65,6 +69,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  smtp:
+{% set service_name = 'smtp' %}
    container_name: {{ MAILU_CONTAINER }}_smtp
    image: {{ MAILU_DOCKER_FLAVOR }}/postfix:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -79,6 +84,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  oletools:
+{% set service_name = 'oletools' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    container_name: {{ MAILU_CONTAINER }}_oletools
    image: {{ MAILU_DOCKER_FLAVOR }}/oletools:{{ MAILU_VERSION }}
@@ -91,6 +97,7 @@
      noinet:

  antispam:
+{% set service_name = 'antispam' %}
    container_name: {{ MAILU_CONTAINER }}_antispam
    image: {{ MAILU_DOCKER_FLAVOR }}/rspamd:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -108,14 +115,13 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      noinet:  

-
-  # Optional services
  antivirus:
+{% set service_name = 'antivirus' %}
    container_name: {{ MAILU_CONTAINER }}_antivirus
    image: clamav/clamav-debian:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
-      - "filter:/data"
+      - "clamav_db:/var/lib/clamav"
    depends_on:
      - resolver
    dns:
@@ -123,6 +129,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  webdav:
+{% set service_name = 'webdav' %}
    container_name: {{ MAILU_CONTAINER }}_webdav
    image: {{ MAILU_DOCKER_FLAVOR }}/radicale:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -136,6 +143,7 @@
      radicale:

  fetchmail:
+{% set service_name = 'fetchmail' %}
    container_name: {{ MAILU_CONTAINER }}_fetchmail
    image: {{ MAILU_DOCKER_FLAVOR }}/fetchmail:{{ MAILU_VERSION }}
    volumes:
@@ -151,6 +159,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  webmail:
+{% set service_name = 'webmail' %}
    container_name: {{ MAILU_CONTAINER }}_webmail
    image: {{ MAILU_DOCKER_FLAVOR }}/webmail:{{ MAILU_VERSION }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -177,6 +186,8 @@
    name: {{ MAILU_WEBMAIL_DATA }}
  filter:
    name: {{ MAILU_FILTER_VOLUME }}
+  clamav_db:
+    name: {{ MAILU_CLAMAV_VOLUME }}
  dkim:
    name: {{ MAILU_DKIM_VOLUME }}
  dovecot_mail:
--- a/roles/web-app-mailu/vars/main.yml
+++ b/roles/web-app-mailu/vars/main.yml
@@ -34,6 +34,7 @@ MAILU_WEBMAIL_DATA:                   "mailu_webmail_data"
 MAILU_FILTER_VOLUME:                  "mailu_filter"
 MAILU_DKIM_VOLUME:                    "mailu_dkim"
 MAILU_DOVECOT_MAIL_VOLUME:            "mailu_dovecot_mail"
+MAILU_CLAMAV_VOLUME:                  "mailu_clamav_data"

 ## Network
 MAILU_DNS_RESOLVER:                   "{{ networks.local['web-app-mailu'].dns_resolver }}"
--- a/tasks/stages/01_constructor.yml
+++ b/tasks/stages/01_constructor.yml
@@ -130,4 +130,4 @@
    - svc-prx     # 5. Load proxy roles
    - svc-ai      # 6. Load ai roles
  loop_control:
-    label: "{{ item }}-roles.yml"
+    label: "{{ item }}-roles.yml"