coop-cloud/mailu
coop-cloud
/
mailu
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Reorganise settings.. 

..including attempting to group options by likelihood of being edited,
removing some settings that weren't really configurable, and adding some
explanatory text
This commit is contained in:
3wc 2023-09-24 18:52:33 +01:00
parent 41b2f8d9c1
commit 014d4456f8
2 changed files with 102 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
.env.sample
View File

@ -1,64 +1,72 @@
TYPE=mailu # See https://mailu.io/2.0/configuration.html for explanation of (most of) these
# settings. "Quoted text" in this file comes from that page.
# Main mail domain, NOT main web domain (if they are different) ###############################################################################
DOMAIN=example.com # BOILERPLATE SETTINGS (shouldn't need to change these) #
###############################################################################
TYPE=mailu
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
# Run `docker stack ls | grep traefik | cut -f 1 -d " "` on the target machine to get that one COMPOSE_FILE="compose.yml"
###############################################################################
# REQUIRED SETTINGS (always need to change these) #
###############################################################################
# Main web domain, NOT main mail domain (if they are different)
DOMAIN=mailu.example.com
# "This email domain is used for bounce emails, for generating the postmaster
# email and other technical addresses."
MAIL_DOMAIN=mailu.example.com
# Hostnames for this server, separated with commas
# "The first declared hostname is the main hostname and will be exposed over
# SMTP, IMAP, etc."
HOSTNAMES=$DOMAIN
# Run `DOCKER_CONTEXT=<yourserver> docker stack ls | grep traefik | cut -f 1 -d " "` to get that one
TRAEFIK_STACK_NAME=traefik_example_com TRAEFIK_STACK_NAME=traefik_example_com
# Custom settings used by certdumper_post.sh and Traefik ###############################################################################
WEB_DOMAIN=example.com # OPTIONAL SETTINGS #
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json ###############################################################################
# Mailu settings # Name of the instance, displayed in the web UI
# https://mailu.io SITENAME=mymail
TLS_CERT_FILENAME=$WEB_DOMAIN/certificate.crt # Linked Website URL
TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key WEBSITE=https://$DOMAIN
REDIS_ADDRESS=db
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.203.0/24
# Hostnames for this server, separated with comas
HOSTNAMES=$WEB_DOMAIN
# Postmaster local part (will append the main mail domain) # Postmaster local part (will append the main mail domain)
POSTMASTER=admin POSTMASTER=c
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
TLS_FLAVOR=mail
# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6) # Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
AUTH_RATELIMIT_IP=60/hour AUTH_RATELIMIT_IP=60/hour
# Opt-out of statistics, replace with "True" to opt out # Opt-in to statistics, change to "False" to opt in
DISABLE_STATISTICS=True DISABLE_STATISTICS=True
################################### # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
# Optional features LOG_LEVEL=WARNING
###################################
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Etc/UTC
# Expose the admin interface (value: true, false) # Expose the admin interface (value: true, false)
ADMIN=true ADMIN=true
# Choose which webmail to run if any (values: roundcube, rainloop, none) # Choose which webmail to run if any (values: snappymail, roundcube, none)
WEBMAIL=snappymail WEBMAIL=snappymail
# Dav server implementation (value: radicale, none) # API settings
WEBDAV=none # -------------
# Antivirus solution (value: clamav, none) # Authentication token for API requests
ANTIVIRUS=none API=false
#API_TOKEN=
# Scan Macros solution (value: true, false)
SCAN_MACROS=true
###################################
# Mail settings # Mail settings
################################### # -------------
# Message size limit in bytes # Message size limit in bytes
# Default: accept messages up to 50MB # Default: accept messages up to 50MB
@ -81,7 +89,7 @@ FETCHMAIL_ENABLED=False
# Fetchmail delay # Fetchmail delay
FETCHMAIL_DELAY=600 FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part # Recipient delimiter, character used to delimit localpart from custom address part
RECIPIENT_DELIMITER=+ RECIPIENT_DELIMITER=+
# DMARC rua and ruf email # DMARC rua and ruf email
@ -101,14 +109,58 @@ COMPRESSION=
COMPRESSION_LEVEL= COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. # IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
# FULL_TEXT_SEARCH=off #FULL_TEXT_SEARCH=off
# Co-op Cloud settings
# -------------
# Mailman settings
# NOTE(3wc): remember to also set RELAYNETS
#COMPOSE_FILE="compose.yml:compose.mailman.yml"
#MAILMAN_POSTFIX_OVERRIDES=1
#MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
#MAILMAN_CORE_NETWORK=lists_example_com_internal
# NOTE(3wc): think this is no longer needed, see https://github.com/Mailu/Mailu/pull/1904
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
#COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
#SENDER_LOGINS_POSTFIX_OVERRIDES=1
SECRET_SECRET_KEY_VERSION=v1 SECRET_SECRET_KEY_VERSION=v1
###############################################################################
# INFINITE NERD DEPTH SETTINGS (rarely needed) #
###############################################################################
# Traefik certificates filename, used by certdumper
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json
TLS_CERT_FILENAME=$DOMAIN/certificate.crt
TLS_KEYPAIR_FILENAME=$DOMAIN/privatekey.key
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
# NOTE(3wc): changing this to "letsencrypt" might (but probably won't) allow
# this recipe to be deployed standalone without Traefik. "notls" might (but
# might not) disable encryption for everything except the web interfaces.
TLS_FLAVOR=mail
# Optional features
# -------------
# Dav server implementation (value: radicale, none)
WEBDAV=none
# Antivirus solution (value: clamav, none)
ANTIVIRUS=none
# Scan Macros solution (value: true, false)
SCAN_MACROS=true
###################################
# Web settings # Web settings
################################### # -------------
# Path to redirect / to # Path to redirect / to
WEBROOT_REDIRECT=/webmail WEBROOT_REDIRECT=/webmail
@ -119,24 +171,14 @@ WEB_ADMIN=/admin
# Path to the webmail if enabled # Path to the webmail if enabled
WEB_WEBMAIL=/webmail WEB_WEBMAIL=/webmail
# Website name
SITENAME=mymail
# Linked Website URL
WEBSITE=https://$DOMAIN
###################################
# Advanced settings # Advanced settings
################################### # -------------
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
# LOG_DRIVER=json-file #LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Number of rounds used by the password hashing scheme # Number of rounds used by the password hashing scheme
CREDENTIAL_ROUNDS=12 CREDENTIAL_ROUNDS=12
@ -150,34 +192,6 @@ REAL_IP_FROM=
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT= REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) # NOTE(3wc): Other values are not supported, as compose.yml does not contain
LOG_LEVEL=WARNING # configuration for them. Pull requests welcome!
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Etc/UTC
# Authentication token for API requests
API=false
#API_TOKEN=
###################################
# Database settings
###################################
DB_FLAVOR=sqlite DB_FLAVOR=sqlite
###################################
# Mailman settings
###################################
# COMPOSE_FILE="compose.yml:compose.mailman.yml"
# MAILMAN_POSTFIX_OVERRIDES=1
# MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
# MAILMAN_CORE_NETWORK=lists_example_com_internal
###################################
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
###################################
# COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
# SENDER_LOGINS_POSTFIX_OVERRIDES=1

8
compose.yml
View File

@ -30,13 +30,13 @@ x-environment:
- REAL_IP_FROM - REAL_IP_FROM
- REAL_IP_HEADER - REAL_IP_HEADER
- RECIPIENT_DELIMITER - RECIPIENT_DELIMITER
- REDIS_ADDRESS - REDIS_ADDRESS=db
- REJECT_UNLISTED_RECIPIENT - REJECT_UNLISTED_RECIPIENT
- RELAYHOST - RELAYHOST
- RELAYNETS - RELAYNETS
- SECRET_KEY_FILE=/run/secrets/secret_key - SECRET_KEY_FILE=/run/secrets/secret_key
- SITENAME - SITENAME
- SUBNET - SUBNET=192.168.203.0/24
- TLS_CERT_FILENAME - TLS_CERT_FILENAME
- TLS_FLAVOR - TLS_FLAVOR
- TLS_KEYPAIR_FILENAME - TLS_KEYPAIR_FILENAME
@ -92,7 +92,7 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy" - "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "coop-cloud.${STACK_NAME}.version=1.0.2+2.0.23" - "coop-cloud.${STACK_NAME}.version=1.0.2+2.0.23"
@ -178,7 +178,7 @@ services:
--dest /output --domain-subdir=true --version v2 --dest /output --domain-subdir=true --version v2
--post-hook "sh /usr/bin/certdumper_post.sh"' --post-hook "sh /usr/bin/certdumper_post.sh"'
environment: environment:
- DOMAIN=$WEB_DOMAIN - DOMAIN=$DOMAIN
volumes: volumes:
# Folder, which contains the acme.json # Folder, which contains the acme.json
- type: volume - type: volume