mirror of
https://git.straybits.ca/straybits/docker-samples.git
synced 2024-11-07 18:22:26 +00:00
86 lines
No EOL
2.9 KiB
YAML
86 lines
No EOL
2.9 KiB
YAML
services:
|
|
|
|
wireguard:
|
|
image: lscr.io/linuxserver/wireguard:latest
|
|
hostname: ${HOSTNAME}
|
|
cap_add:
|
|
- NET_ADMIN
|
|
environment:
|
|
- TZ=America/Edmonton
|
|
volumes:
|
|
- ./wireguard.conf:/config/wg_confs/wg0.conf
|
|
restart: always
|
|
sysctls:
|
|
- net.ipv4.ip_forward=1
|
|
|
|
|
|
mailserver:
|
|
image: ghcr.io/docker-mailserver/docker-mailserver:latest
|
|
network_mode: service:wireguard
|
|
volumes:
|
|
- ./data/dms/mail-data/:/var/mail/
|
|
- ./data/dms/mail-state/:/var/mail-state/
|
|
- ./data/dms/mail-logs/:/var/log/mail/
|
|
- ./data/dms/config/:/tmp/docker-mailserver/
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
# Enable ingestion from S3
|
|
#- ./s3-ingest.py:/usr/local/bin/s3-ingest:ro
|
|
#- ./cron/s3:/etc/cron.d/s3:ro
|
|
|
|
# Enable full text searching
|
|
# https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/full-text-search/
|
|
- ./fts-xapian-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro
|
|
- ./cron/fts_xapian:/etc/cron.d/fts_xapian:ro
|
|
|
|
# when initializing, these need to be commented out because they don't exist.
|
|
# until Caddy has had a chance to fetch them.
|
|
- ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.crt:/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem:ro
|
|
- ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.key:/etc/letsencrypt/live/${HOSTNAME}/privkey.pem:ro
|
|
environment:
|
|
- ENABLE_RSPAMD=1
|
|
- ENABLE_OPENDMARC=0
|
|
- ENABLE_POLICYD_SPF=0
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=1
|
|
- ENABLE_DNSBL=1
|
|
- ENABLE_CLAMAV=1
|
|
- ENABLE_POP3=1
|
|
|
|
# We'll leverage certs from Caddy here
|
|
- SSL_TYPE=letsencrypt
|
|
|
|
# Assume we can't send outbound mail. Relay sent mail through
|
|
# something like Mailgun or Amazon SES
|
|
- RELAY_HOST=${RELAY_HOST}
|
|
- RELAY_PORT=${RELAY_PORT}
|
|
- RELAY_USER=${RELAY_USER}
|
|
- RELAY_PASSWORD=${RELAY_PASSWORD}
|
|
cap_add:
|
|
- NET_ADMIN # For Fail2Ban to work
|
|
restart: always
|
|
|
|
# ========= WEBMAIL =========================================
|
|
# Who doesn't want webmail. Besides we can piggy back on this
|
|
# to fetch TLS certificates for our IMAP/SMTP services.
|
|
|
|
caddy:
|
|
image: caddy:latest
|
|
restart: always
|
|
network_mode: service:wireguard
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile # Mount Caddyfile for configuration
|
|
- ./data/caddy:/data/caddy # Persistent storage for certificates
|
|
|
|
roundcube:
|
|
image: roundcube/roundcubemail:latest
|
|
container_name: roundcubemail
|
|
restart: always
|
|
volumes:
|
|
- ./data/roundcube/www:/var/www/html
|
|
- ./data/roundcube/db:/var/roundcube/db
|
|
environment:
|
|
- ROUNDCUBEMAIL_DB_TYPE=sqlite
|
|
- ROUNDCUBEMAIL_SKIN=elastic
|
|
- ROUNDCUBEMAIL_DEFAULT_HOST=tls://${HOSTNAME}
|
|
- ROUNDCUBEMAIL_SMTP_SERVER=tls://${HOSTNAME} |