Implemented OIDC for mailu

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -6,13 +6,13 @@ services:
 
   # Core services
   resolver:
-    image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
+    image: {{docker_source}}/unbound:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
         ipv4_address: {{networks.local.mailu.dns}}
 
   front:
-    image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
+    image: {{docker_source}}/nginx:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
       - "127.0.0.1:{{ http_port }}:80"
@@ -37,7 +37,7 @@ services:
       - {{networks.local.mailu.dns}}
       
   admin:
-    image: ghcr.io/mailu/admin:{{applications.mailu.version}}
+    image: {{docker_source}}/admin:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "admin_data:/data"
@@ -52,7 +52,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   imap:
-    image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
+    image: {{docker_source}}/dovecot:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "dovecot_mail:/mail"
@@ -65,7 +65,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   smtp:
-    image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
+    image: {{docker_source}}/postfix:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
@@ -78,7 +78,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   oletools:
-    image: ghcr.io/mailu/oletools:{{applications.mailu.version}}
+    image: {{docker_source}}/oletools:{{applications.mailu.version}}
     hostname: oletools
     restart: {{docker_restart_policy}}
     depends_on:
@@ -89,7 +89,7 @@ services:
       noinet:
 
   antispam:
-    image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
+    image: {{docker_source}}/rspamd:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "filter:/var/lib/rspamd"
@@ -119,7 +119,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   webdav:
-    image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
+    image: {{docker_source}}/radicale:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "webdav_data:/data"
@@ -131,7 +131,7 @@ services:
       radicale:
 
   fetchmail:
-    image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
+    image: {{docker_source}}/fetchmail:{{applications.mailu.version}}
     volumes:
       - "admin_data:/data"
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
@@ -145,7 +145,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   webmail:
-    image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
+    image: {{docker_source}}/webmail:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "webmail_data:/data"

roles/docker-mailu/templates/env.j2

@@ -148,4 +148,31 @@ SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_
 API_TOKEN={{mailu_api_token}}
 
 # Activated https://mailu.io/master/configuration.html#advanced-settings
-AUTH_REQUIRE_TOKENS=True
+AUTH_REQUIRE_TOKENS=True
+
+
+{% if oidc.enabled | bool %}
+################################### 
+# OpenID Connect settings
+###################################
+# @see https://github.com/heviat/Mailu-OIDC/tree/master
+
+# Enable OpenID Connect. Possible values: True, False
+OIDC_ENABLED={{ oidc.enabled | string | capitalize }}
+# OpenID Connect provider configuration URL
+OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
+# OpenID redirect URL if HOSTNAME not matching your login url
+OIDC_REDIRECT_URL=https://{{domain}}
+# OpenID Connect Client ID for Mailu
+OIDC_CLIENT_ID={{oidc.client.id}}
+# OpenID Connect Client secret for Mailu
+OIDC_CLIENT_SECRET={{oidc.client.secret}}
+# Label text for OpenID Connect login button. Default: OpenID Connect
+OIDC_BUTTON_NAME=OpenID Connect
+# Disable TLS certificate verification for the OIDC client. Possible values: True, False
+OIDC_VERIFY_SSL=True
+# Enable redirect to OIDC provider for password change. Possible values: True, False
+OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True
+# Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password
+#OIDC_CHANGE_PASSWORD_REDIRECT_URL=https://oidc.example.com/pw-change
+{% endif %}