version: '3.6'

x-environment:
  &default-env
  - ADMIN
  - ANTIVIRUS
  - AUTH_RATELIMIT
  - COMPOSE_PROJECT_NAME
  - COMPRESSION
  - COMPRESSION_LEVEL
  - DB_FLAVOR
  - DISABLE_STATISTICS
  - DMARC_RUA
  - DMARC_RUF
  - DOCKER_CONTEXT
  - DOMAIN
  - FETCHMAIL_DELAY
  - FULL_TEXT_SEARCH
  - HOSTNAMES
  - LETS_ENCRYPT_ENV
  - LOG_DRIVER
  - LOG_LEVEL
  - MESSAGE_SIZE_LIMIT
  - PASSWORD_SCHEME
  - POSTMASTER
  - REAL_IP_FROM
  - REAL_IP_HEADER
  - RECIPIENT_DELIMITER
  - REDIS_ADDRESS
  - REJECT_UNLISTED_RECIPIENT
  - RELAYHOST
  - RELAYNETS
  - SECRET_KEY
  - SITENAME
  - SUBNET
  - TLS_CERT_FILENAME
  - TLS_FLAVOR
  - TLS_KEYPAIR_FILENAME
  - WEB_ADMIN
  - WEBDAV
  - WEBMAIL
  - WEBROOT_REDIRECT
  - WEBSITE
  - WEB_WEBMAIL
  - WELCOME
  - WELCOME_BODY
  - WELCOME_SUBJECT

services:
  front:
    image: mailu/nginx:master
    logging:
      driver: json-file
    networks:
      - default
      - proxy
    environment: *default-env
    ports:
      - target: 25
        published: 25
        mode: overlay
      - target: 465
        published: 465
        mode: overlay
      #- target: 587
      #  published: 587
      #  mode: overlay
      - target: 110
        published: 110
        mode: overlay
      - target: 995
        published: 995
        mode: overlay
      - target: 143
        published: 143
        mode: overlay
      - target: 993
        published: 993
        mode: overlay
    volumes:
      - "certs:/certs"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"

  db:
    image: redis:alpine
    volumes:
      - "redis:/data"

  admin:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-master}
    environment: *default-env
    healthcheck:
      disable: true
    volumes:
      - "dkim:/dkim"
      - "mailu:/data"

  imap:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-master}
    environment: *default-env
    volumes:
      - "mail:/mail"
    healthcheck:
      disable: true

  smtp:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-master}
    environment: *default-env
    volumes:
      - "mailqueue:/queue"
    healthcheck:
      disable: true

  antispam:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-master}
    environment: *default-env
    volumes:
      - "rspamd:/var/lib/rspamd"
      - "dkim:/dkim:ro"
    healthcheck:
      disable: true

  webmail:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:${MAILU_VERSION:-master}
    environment: *default-env
    volumes:
      - "webmail:/data"
    deploy:
      replicas: 1
    healthcheck:
      disable: true

  #certdumper:
  #  restart: always
  #  image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
  #  environment:
  #    - DOMAIN=$DOMAIN
  #    # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
  #    - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
  #  volumes:
  #    - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
  #    - "/docker/traefik/letsencrypt/certs:/tmp/work"
  #    - "/docker/mailu/certs:/output"
  #  labels:
  #    # Set watchtower label
  #    - "com.centurylinklabs.watchtower.enable=true"

  certdumper:
    image: ldez/traefik-certs-dumper:v2.7.0
    entrypoint: sh -c '
      apk add jq
      ; while ! [ -e /traefik/production-acme.json ]
        || ! [ `jq ".production.Certificates | length" /traefik/production-acme.json` != 0 ]; do
          sleep 1
      ; done
      && traefik-certs-dumper file --watch --source /traefik/production-acme.json
        --dest /output --domain-subdir=true --version v2'
    environment:
      # Make sure this is the same as the main=-domain in traefik.toml
      - DOMAIN=$WEB_DOMAIN
    volumes:
      # Folder, which contains the acme.json
      - "traefik_letsencrypt:/traefik"
      # Folder, where cert.pem and key.pem will be written
      - "certs:/output"
    configs:
      - source: certdumper_post
        target: /usr/bin/certdumper_post.sh
        mode: 0555
  
  #certdumper:
  #  image: humenius/traefik-certs-dumper:latest
  #  volumes:
  #   - traefik_letsencrypt:/traefik:ro
  #   - certs:/output:rw
  #  environment:
  #   - DOMAIN=$WEB_DOMAIN

volumes:
  mailu:
  rspamd:
  dkim:
  webmail:
  redis:
  mail:
  certs:
  mailqueue:
  traefik_letsencrypt:
    external: true

networks:
  default:
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: 192.168.203.0/24
  proxy:
    external: true

configs:
  certdumper_post:
    name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
    file: certdumper_post.sh