Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested

2025-08-29 15:06:26 +02:00 · 2025-02-04 22:37:07 +01:00
parent 5503326ea6
commit e50fd54f4e
85 changed files with 610 additions and 515 deletions
--- a/roles/docker-mailu/README.md
+++ b/roles/docker-mailu/README.md
@@ -41,14 +41,6 @@ If you need to receive emails from another account, follow these steps:
 2. Export all data from your original account.
 3. Import all data to your new account.

-### Data Deletion
-
-To delete all volumes and data, execute the following command with caution:
-
-```bash
-rm -vr /etc/mailu/; docker volume rm $(docker volume ls -q | grep mailu_)
-```
-
 ### Port Management

 Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@@ -8,32 +8,22 @@
  vars:
    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"

- name: "create {{docker_compose.directories.instance}}"
-  file:
-    path: "{{docker_compose.directories.instance}}"
-    state: directory
-    mode: 0755
-
- name: "create /etc/mailu/"
-  file:
-    path: "/etc/mailu"
-    state: directory
-    mode: 0755
-
 - name: "Include the nginx-docker-cert-deploy role"
  include_role:
    name: nginx-docker-cert-deploy

- name: add docker-compose.yml
-  template: 
-    src:  "docker-compose.yml.j2" 
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+- name: "create {{docker_compose.files.docker_compose}}"
+  template:
+    src:	"docker-compose.yml.j2"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup

- name: add .env
+- name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}.env"
+    dest: "{{docker_compose.files.env}}"
+    mode: '770'
+    force: yes
  notify: docker compose project setup

 - name: flush docker service
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@@ -7,19 +7,13 @@ services:
  # Core services
  resolver:
    image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
-    env_file: .env
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
        ipv4_address: {{networks.local.mailu.dns}}
-    logging:
-      driver: journald

  front:
    image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
-    logging:
-      driver: journald
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ http_port }}:80"
      - "{{networks.internet.ip4}}:25:25"
@@ -31,7 +25,7 @@ services:
      - "{{networks.internet.ip4}}:993:993"
      - "{{networks.internet.ip4}}:4190:4190"
    volumes:
-      - "/etc/mailu/overrides/nginx:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
      - "{{cert_mount_directory}}:/certs:ro"
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
      resolver:
@@ -44,8 +38,7 @@ services:
      
  admin:
    image: ghcr.io/mailu/admin:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "admin_data:/data"
      - "dkim:/dkim"
@@ -54,42 +47,34 @@ services:
        condition: service_started
      front:
        condition: service_started
-    logging:
-      driver: journald
    dns:
      - {{networks.local.mailu.dns}}
 {% include 'templates/docker/container/networks.yml.j2' %}

  imap:
    image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "dovecot_mail:/mail"
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
    depends_on:
      - front
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-    logging:
-      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}

  smtp:
    image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
      - "smtp_queue:/queue"
    depends_on:
      - front
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-    logging:
-      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}

  oletools:
@@ -105,12 +90,11 @@ services:

  antispam:
    image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "filter:/var/lib/rspamd"
      - "dkim:/dkim"
-      - "/etc/mailu/overrides/rspamd:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides/rspamd:/overrides:ro"
    depends_on:
      - front
      - redis 
@@ -118,8 +102,6 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-    logging:
-      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      noinet:  

@@ -127,26 +109,20 @@ services:
  # Optional services
  antivirus:
    image: clamav/clamav-debian:latest
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "filter:/data"
    depends_on:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-    logging:
-      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}

  webdav:
    image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "webdav_data:/data"
-    logging:
-      driver: journald
    depends_on:
      - resolver
    dns:
@@ -158,10 +134,7 @@ services:
    image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
    volumes:
      - "admin_data:/data"
-    restart: {{docker_restart_policy}}
-    env_file: .env
-    logging:
-      driver: journald
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    depends_on:
      - admin
      - smtp
@@ -173,17 +146,14 @@ services:

  webmail:
    image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "webmail_data:/data"
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
    depends_on:
      - imap
      - front
      - resolver
-    logging:
-      driver: journald
    dns:
      - {{networks.local.mailu.dns}}
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-mailu/vars/main.yml
+++ b/roles/docker-mailu/vars/main.yml
@@ -1,5 +1,10 @@
 application_id:               "mailu"
 database_password:  	        "{{mailu_database_password}}"
 database_type:                "mariadb"
-cert_mount_directory:         "{{docker_compose.directories.instance}}/certs/"
-enable_wildcard_certificate:  false
+cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
+enable_wildcard_certificate:  false
+
+# I don't know why this configuration is necessary.
+# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
+# @todo research
+enable_central_database:      "{{enable_central_database_mailu}}"