mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-22 16:02:24 +02:00
196 lines
6.6 KiB
Django/Jinja
196 lines
6.6 KiB
Django/Jinja
# Mailu main configuration file
|
|
#
|
|
# For a detailed list of configuration variables, see the documentation at
|
|
# https://mailu.io
|
|
|
|
###################################
|
|
# Common configuration variables
|
|
###################################
|
|
|
|
# https://chat.openai.com/share/1497464d-dfb5-46eb-9d26-04be99991ace
|
|
LD_PRELOAD=/usr/lib/libhardened_malloc.so
|
|
|
|
# Set to a randomly generated 16 bytes string
|
|
SECRET_KEY={{applications.mailu.credentials.secret_key}}
|
|
|
|
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
|
SUBNET={{networks.local.mailu.subnet}}
|
|
|
|
# Main mail domain
|
|
DOMAIN={{applications.mailu.domain}}
|
|
|
|
# Hostnames for this server, separated with comas
|
|
HOSTNAMES={{domains[application_id]}}
|
|
|
|
# Postmaster local part (will append the main mail domain)
|
|
POSTMASTER=admin
|
|
|
|
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
|
TLS_FLAVOR=mail
|
|
|
|
# Authentication rate limit (per source IP address)
|
|
AUTH_RATELIMIT=10/minute;1000/hour
|
|
|
|
# Opt-out of statistics, replace with "True" to opt out
|
|
DISABLE_STATISTICS=True
|
|
|
|
###################################
|
|
# Optional features
|
|
###################################
|
|
|
|
# Expose the admin interface (value: true, false)
|
|
ADMIN=true
|
|
|
|
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
|
WEBMAIL=roundcube
|
|
|
|
# Dav server implementation (value: radicale, none)
|
|
WEBDAV=radicale
|
|
|
|
# Antivirus solution (value: clamav, none)
|
|
ANTIVIRUS=clamav
|
|
|
|
###################################
|
|
# Mail settings
|
|
###################################
|
|
|
|
# Message size limit in bytes
|
|
# Default: accept messages up to 50MB
|
|
# Max attachment size will be 33% smaller
|
|
MESSAGE_SIZE_LIMIT=50000000
|
|
|
|
# Networks granted relay permissions
|
|
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
|
RELAYNETS=
|
|
|
|
# Will relay all outgoing mails if configured
|
|
RELAYHOST=
|
|
|
|
# Fetchmail delay
|
|
FETCHMAIL_DELAY=600
|
|
|
|
# Recipient delimiter, character used to delimiter localpart from custom address part
|
|
RECIPIENT_DELIMITER=+
|
|
|
|
# DMARC rua and ruf email
|
|
DMARC_RUA=admin
|
|
DMARC_RUF=admin
|
|
|
|
# Welcome email, enable and set a topic and body if you wish to send welcome
|
|
# emails to all users.
|
|
WELCOME=false
|
|
WELCOME_SUBJECT=Welcome to your new email account
|
|
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
|
|
|
|
# Maildir Compression
|
|
# choose compression-method, default: none (value: bz2, gz)
|
|
COMPRESSION=
|
|
# change compression-level, default: 6 (value: 1-9)
|
|
COMPRESSION_LEVEL=
|
|
|
|
###################################
|
|
# Web settings
|
|
###################################
|
|
|
|
# Path to redirect / to
|
|
WEBROOT_REDIRECT=/webmail
|
|
|
|
# Path to the admin interface if enabled
|
|
WEB_ADMIN=/admin
|
|
|
|
# Path to the webmail if enabled
|
|
WEB_WEBMAIL=/webmail
|
|
|
|
# Website name
|
|
SITENAME=Mailservices
|
|
|
|
# Linked Website URL
|
|
WEBSITE=https://{{domains[application_id]}}
|
|
|
|
|
|
|
|
###################################
|
|
# Advanced settings
|
|
###################################
|
|
|
|
# Log driver for front service. Possible values:
|
|
# json-file (default)
|
|
# journald (On systemd platforms, useful for Fail2Ban integration)
|
|
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
|
LOG_DRIVER=syslog
|
|
|
|
# docker-compose project name, this will prepended to containers names.
|
|
COMPOSE_PROJECT_NAME=mailu
|
|
|
|
# Default password scheme used for newly created accounts and changed passwords
|
|
# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
|
|
PASSWORD_SCHEME=BLF-CRYPT
|
|
|
|
# Header to take the real ip from
|
|
REAL_IP_HEADER=
|
|
|
|
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
|
REAL_IP_FROM=
|
|
|
|
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
|
REJECT_UNLISTED_RECIPIENT=
|
|
|
|
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
|
LOG_LEVEL=WARNING
|
|
|
|
###################################
|
|
# Database settings
|
|
###################################
|
|
SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
|
|
SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
|
|
|
|
# Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
|
|
API_TOKEN={{applications.mailu.credentials.api_token}}
|
|
|
|
# Activated https://mailu.io/master/configuration.html#advanced-settings
|
|
AUTH_REQUIRE_TOKENS=True
|
|
|
|
|
|
{% if applications[application_id].features.oidc | bool %}
|
|
###################################
|
|
# OpenID Connect settings
|
|
###################################
|
|
# @see https://github.com/heviat/Mailu-OIDC/tree/master
|
|
|
|
# Enable OpenID Connect. Possible values: True, False
|
|
OIDC_ENABLED={{ applications[application_id].features.oidc | string | capitalize }}
|
|
|
|
# OpenID Connect provider configuration URL
|
|
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
|
|
|
|
|
|
# OpenID Connect Client ID for Mailu
|
|
OIDC_CLIENT_ID={{oidc.client.id}}
|
|
|
|
# OpenID Connect Client secret for Mailu
|
|
OIDC_CLIENT_SECRET={{oidc.client.secret}}
|
|
|
|
# Label text for OpenID Connect login button. Default: OpenID Connect
|
|
OIDC_BUTTON_NAME={{oidc.button_text}}
|
|
|
|
# Disable TLS certificate verification for the OIDC client. Possible values: True, False
|
|
OIDC_VERIFY_SSL=True
|
|
|
|
# Enable redirect to OIDC provider for password change. Possible values: True, False
|
|
OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True
|
|
|
|
# Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password
|
|
OIDC_CHANGE_PASSWORD_REDIRECT_URL={{oidc.client.change_credentials}}
|
|
|
|
{% if applications[application_id].features.oidc | bool %}
|
|
|
|
# The OIDC claim used as the username. If the selected claim contains an email address, it will be used as is. If it is not an email (e.g., sub), the email address will be constructed as <OIDC_USERNAME_CLAIM>@<OIDC_USER_DOMAIN>. Defaults to email.
|
|
OIDC_USERNAME_CLAIM={{oidc.attributes.username}}
|
|
|
|
# The domain used when constructing an email from a non-email username (e.g., when OIDC_USERNAME_CLAIM=sub). Ignored if OIDC_USERNAME_CLAIM is already an email. Defaults to the value of DOMAIN.
|
|
OIDC_USER_DOMAIN={{primary_domain}}
|
|
{% endif %}
|
|
|
|
# If enabled, users who authenticate successfully but do not yet have an account will have one created for them. If disabled, only existing users can log in, and authentication will fail for users without a pre-existing account. Defaults to True.
|
|
OIDC_ENABLE_USER_CREATION={{ applications[application_id].oidc.enable_user_creation | string | capitalize }}
|
|
{% endif %} |