From 8d6ebb4693f71ae2a512cb65c6918463e783ef78 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 24 Sep 2025 13:31:54 +0200 Subject: [PATCH] Mailu/Redis: add explicit service resource limits & clamav_db volume - use lookup(template) for redis resource injection - add cpus/mem/pids configs for all Mailu services - switch antivirus to dedicated clamav_db volume - add MAILU_CLAMAV_VOLUME var - cleanup set service_name per service in docker-compose template https://chatgpt.com/share/68d3d69b-06f0-800f-8c4d-4a74471ab961 --- roles/svc-db-redis/templates/service.yml.j2 | 1 + roles/web-app-mailu/config/main.yml | 75 +++++++++++++++++-- .../templates/docker-compose.yml.j2 | 17 ++++- roles/web-app-mailu/vars/main.yml | 1 + tasks/stages/01_constructor.yml | 2 +- 5 files changed, 86 insertions(+), 10 deletions(-) diff --git a/roles/svc-db-redis/templates/service.yml.j2 b/roles/svc-db-redis/templates/service.yml.j2 index e476521a..79500d85 100644 --- a/roles/svc-db-redis/templates/service.yml.j2 +++ b/roles/svc-db-redis/templates/service.yml.j2 @@ -16,4 +16,5 @@ retries: 30 networks: - default + {{ lookup('template', 'roles/docker-container/templates/resource.yml.j2',vars={'service_name':'redis'}) | indent(4) }} {{ "\n" }} \ No newline at end of file diff --git a/roles/web-app-mailu/config/main.yml b/roles/web-app-mailu/config/main.yml index 27d4a0c5..b653eed9 100644 --- a/roles/web-app-mailu/config/main.yml +++ b/roles/web-app-mailu/config/main.yml @@ -29,10 +29,73 @@ rbac: description: "Has an token to send and receive emails" docker: services: - redis: - enabled: true - database: - enabled: true mailu: - version: "2024.06" # Docker Image Version - name: mailu + version: "2024.06" + name: mailu + redis: + enabled: true + cpus: "0.2" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + database: + enabled: true + cpus: "0.8" + mem_reservation: "1g" + mem_limit: "2g" + pids_limit: 512 + admin: + cpus: "0.3" + mem_reservation: "512m" + mem_limit: "1g" + pids_limit: 512 + imap: + cpus: "0.5" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + smtp: + cpus: "0.5" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + antispam: + cpus: "0.6" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + antivirus: + cpus: "0.6" + mem_reservation: "2g" + mem_limit: "3g" + pids_limit: 512 + oletools: + cpus: "0.2" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + webdav: + cpus: "0.2" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + fetchmail: + cpus: "0.2" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + webmail: + cpus: "0.3" + mem_reservation: "512m" + mem_limit: "1g" + pids_limit: 512 + resolver: + cpus: "0.2" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + front: + cpus: "0.3" + mem_reservation: "512m" + mem_limit: "1g" + pids_limit: 512 diff --git a/roles/web-app-mailu/templates/docker-compose.yml.j2 b/roles/web-app-mailu/templates/docker-compose.yml.j2 index 2e81097d..00536910 100644 --- a/roles/web-app-mailu/templates/docker-compose.yml.j2 +++ b/roles/web-app-mailu/templates/docker-compose.yml.j2 @@ -2,6 +2,7 @@ # Core services resolver: +{% set service_name = 'resolver' %} image: {{ MAILU_DOCKER_FLAVOR }}/unbound:{{ MAILU_VERSION }} container_name: {{ MAILU_CONTAINER }}_resolver {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -9,6 +10,7 @@ ipv4_address: {{ MAILU_DNS_RESOLVER }} front: +{% set service_name = 'front' %} container_name: {{ MAILU_CONTAINER }}_front image: {{ MAILU_DOCKER_FLAVOR }}/nginx:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -35,6 +37,7 @@ - {{ MAILU_DNS_RESOLVER }} admin: +{% set service_name = 'admin' %} container_name: {{ MAILU_CONTAINER }}_admin image: {{ MAILU_DOCKER_FLAVOR }}/admin:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -51,6 +54,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} imap: +{% set service_name = 'imap' %} container_name: {{ MAILU_CONTAINER }}_imap image: {{ MAILU_DOCKER_FLAVOR }}/dovecot:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -65,6 +69,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} smtp: +{% set service_name = 'smtp' %} container_name: {{ MAILU_CONTAINER }}_smtp image: {{ MAILU_DOCKER_FLAVOR }}/postfix:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -79,6 +84,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} oletools: +{% set service_name = 'oletools' %} {% include 'roles/docker-container/templates/base.yml.j2' %} container_name: {{ MAILU_CONTAINER }}_oletools image: {{ MAILU_DOCKER_FLAVOR }}/oletools:{{ MAILU_VERSION }} @@ -91,6 +97,7 @@ noinet: antispam: +{% set service_name = 'antispam' %} container_name: {{ MAILU_CONTAINER }}_antispam image: {{ MAILU_DOCKER_FLAVOR }}/rspamd:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -108,14 +115,13 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} noinet: - - # Optional services antivirus: +{% set service_name = 'antivirus' %} container_name: {{ MAILU_CONTAINER }}_antivirus image: clamav/clamav-debian:latest {% include 'roles/docker-container/templates/base.yml.j2' %} volumes: - - "filter:/data" + - "clamav_db:/var/lib/clamav" depends_on: - resolver dns: @@ -123,6 +129,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} webdav: +{% set service_name = 'webdav' %} container_name: {{ MAILU_CONTAINER }}_webdav image: {{ MAILU_DOCKER_FLAVOR }}/radicale:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -136,6 +143,7 @@ radicale: fetchmail: +{% set service_name = 'fetchmail' %} container_name: {{ MAILU_CONTAINER }}_fetchmail image: {{ MAILU_DOCKER_FLAVOR }}/fetchmail:{{ MAILU_VERSION }} volumes: @@ -151,6 +159,7 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} webmail: +{% set service_name = 'webmail' %} container_name: {{ MAILU_CONTAINER }}_webmail image: {{ MAILU_DOCKER_FLAVOR }}/webmail:{{ MAILU_VERSION }} {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -177,6 +186,8 @@ name: {{ MAILU_WEBMAIL_DATA }} filter: name: {{ MAILU_FILTER_VOLUME }} + clamav_db: + name: {{ MAILU_CLAMAV_VOLUME }} dkim: name: {{ MAILU_DKIM_VOLUME }} dovecot_mail: diff --git a/roles/web-app-mailu/vars/main.yml b/roles/web-app-mailu/vars/main.yml index 93e3cdd8..f9dd7cc5 100644 --- a/roles/web-app-mailu/vars/main.yml +++ b/roles/web-app-mailu/vars/main.yml @@ -34,6 +34,7 @@ MAILU_WEBMAIL_DATA: "mailu_webmail_data" MAILU_FILTER_VOLUME: "mailu_filter" MAILU_DKIM_VOLUME: "mailu_dkim" MAILU_DOVECOT_MAIL_VOLUME: "mailu_dovecot_mail" +MAILU_CLAMAV_VOLUME: "mailu_clamav_data" ## Network MAILU_DNS_RESOLVER: "{{ networks.local['web-app-mailu'].dns_resolver }}" diff --git a/tasks/stages/01_constructor.yml b/tasks/stages/01_constructor.yml index 7612805e..0e4cc71b 100644 --- a/tasks/stages/01_constructor.yml +++ b/tasks/stages/01_constructor.yml @@ -130,4 +130,4 @@ - svc-prx # 5. Load proxy roles - svc-ai # 6. Load ai roles loop_control: - label: "{{ item }}-roles.yml" \ No newline at end of file + label: "{{ item }}-roles.yml"