uzurka
7b657f81fe
|
||
|---|---|---|
| .github/workflows | ||
| defaults/main | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| .ansible-lint | ||
| .editorconfig | ||
| .gitignore | ||
| .yamllint | ||
| LICENSE | ||
| README.md | ||
README.md
Cloned from the official repo
This repo is a clone of the official mailcow-dockerized ansible role available here : https://github.com/mailcow/mailcow-ansiblerole
My purpose is to make it easily usable with Traefik, as the installation of mailcow behind traefik can easily be a mess.
Added variables:
| Name | Purpose | default value | note |
|---|---|---|---|
| use_traefik | Template or not the docker-compose.override.yml file to add traefik labels | must be set (true/false) | If not set, the role will exec normally, with mailcow ports opened |
| traefik_http_entrypoint | Tells the role the web entrypoint for traefik, for compose override labels | Must be set | |
| traefik_https_entrypoint | Tells the role the websecure entrypoint for traefik, for compose override labels | Must be set | |
| traefik_certresolver | Tells the role the traefik certificate resolver, for compose override labels | Must be set | |
| traefik_acme_location | Define the folder where the traefik acme.json file is located | Must be set | Used by certdumper to convert traefik ssl certs to pem files for Mailcow |
| traefik_network | Defines the traefik default network for the compose-override | Must be set | |
| domain | The domain ONLY (domain.tld) | Must be set | Used for the Traefik labels to set rule Host to mail.domain.tld |
Exemple playbook for installing Ansible behind a traefik reverse proxy
I assume you already have docker & traefik installed, and you know what are entrypoints, network, acme and certresolver !
- hosts: openmediavault
name: Playbook pour la configuration du serveur OpenMediaVault
vars:
use_traefik: "true"
mailcow__hostname: mail.domain.tld
mailcow__install_path: /opt/mailcow-dockerized
mailcow__timezone: Europe/Paris
mailcow__config_http_port: '81'
mailcow__config_https_port: '444'
mailcow__config_skip_lets_encrypt: "y"
mailcow__config_skip_clamd: "y"
traefik_http_entrypoint: web
traefik_https_entrypoint: websecure
traefik_certresolver: letsencrypt
traefik_acme_location: /opt/traefik
traefik_network: traefik
roles:
- name: mailcow-ansiblerole
At the moment, and since my PR on Mailcow-dockerized haven't be accepted, you need to manually edit the docker-compose.yml file lines 381 & 382. Here's the replacement (probably fixed):
Remove
- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
Add
- "${HTTPS_BIND:-}${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}${HTTP_PORT:-80}:${HTTP_PORT:-80}"
mailcow: dockerized - Ansible role 🐮 + 🐋 = 💕
This role will setup a mailcow dockerized email server.
Prerequisites
- Up and running Ubuntu/Debian host (other distributions not supported/tested for now)
- Docker Compose v2 is required!
Requirements
| Requirements | Description |
|---|---|
| docker ce | Docker has to be installed on the host |
| docker-compose | docker-compose is needed |
Notes
This role will use by default the inventory_hostname as mailcow hostname, this means that you have to use the full qualified domain name as your inventory hostname e.g. mail.mailcow.tld or you set mailcow__hostname to the correct FQDN.
Variables
| name | purpose | default value | note |
|---|---|---|---|
mailcow__hostname |
sets MAILCOW_HOSTNAME | inventory_hostname |
needs to be an full qualified domain name |
mailcow__install_path |
sets the path where the mailcow-dockerized repo will be cloned | /opt/mailcow-dockerized |
|
mailcow__git_version |
checkout a specific version of mailcow | master |
|
mailcow__timezone |
used to set the timezone your mailcow runs in during the config generation | not set | must be set |
mailcow__docker_compose_project_name |
sets the docker-compose projectname to a user-defined string | mailcowdockerized |
|
mailcow__theme |
set the default mailcow theme in vars.local.inc.php | lumen |
|
mailcow__config_http_port |
sets HTTP_PORT in mailcow.conf | 80 |
|
mailcow__config_http_bind |
sets HTTP_BIND in mailcow.conf | none |
|
mailcow__config_https_port |
sets HTTPS_PORT in mailcow.conf | 443 |
|
mailcow__config_https_bind |
sets HTTPS_BIND in mailcow.conf | none |
|
mailcow__config_acl_anyone |
sets ACL_ANYONE | disallow | |
mailcow__config_maildir_gc_time |
sets MAILDIR_GC_TIME in mailcow.conf | 1440 |
|
mailcow__config_additional_san |
sets ADDITIONAL_SAN in mailcow.conf | needs to be a list | |
mailcow__config_additional_server_names |
sets ADDITIONAL_SERVER_NAMES in mailcow.conf | needs to be a list | |
mailcow__config_skip_lets_encrypt |
sets SKIP_LETS_ENCRYPT in mailcow.conf | ||
mailcow__config_enable_ssl_sni |
sets ENABLE_SSL_SNI in mailcow.conf | ||
mailcow__config_skip_ip_check |
sets SKIP_IP_CHECK in mailcow.conf | ||
mailcow__config_skip_http_verification |
sets SKIP_HTTP_VERIFICATION in mailcow.conf | n |
|
mailcow__config_skip_clamd |
sets SKIP_CLAMD in mailcow.conf | n |
|
mailcow__config_skip_solr |
sets SKIP_SOLR in mailcow.conf | n |
|
mailcow__config_solr_heap |
sets SOLR_HEAP in mailcow.conf | 1024 |
|
mailcow__config_skip_sogo |
sets SKIP_SOGO in mailcow.conf | n |
|
mailcow__config_allow_admin_email_login |
sets ALLOW_ADMIN_EMAIL_LOGIN in mailcow.conf | n |
|
mailcow__config_use_watchdog |
sets USE_WATCHDOG in mailcow.conf | n |
|
mailcow__config_watchdog_notify_email |
sets WATCHDOG_NOTIFY_EMAIL in mailcow.conf | ||
mailcow__config_watchdog_notify_ban |
sets WATCHDOG_NOTIFY_BAN in mailcow.conf | y |
|
mailcow__config_watchdog_subject |
sets WATCHDOG_SUBJECT in mailcow.conf | Watchdog ALERT |
|
mailcow__config_log_lines |
sets LOG_LINES in mailcow.conf | 9999 |
|
mailcow__config_sogo_expire_session |
sets SOGO_EXPIRE_SESSION in mailcow.conf | 480 |
|
mailcow__install_updates |
if yes the mailcow ansible role will also update an existing installation |
yes |
|
mailcow__redirect_http_to_https |
if yes, all requests via HTTP will be redirected to HTTPS |
no |
also see https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/ |
mailcow__config_acme_contact |
sets ACME_CONTACT in mailcow.conf | ||
mailcow__rspamd_clamd_servers |
configures the clamd server used by rspamd | clamd:3310 |
Usage
Minimal playbook:
---
- name: Install Python3
hosts: all
become: true
gather_facts: false
roles:
- { role: raw,0.0, vars: {command: 'apt-get install -y python3 python3-pip'} }
- name: Main Playbook
hosts: all
become: true
gather_facts: true
vars:
mailcow__timezone: Europe/Berlin
roles:
- Ansible-Roles.docker-ce
- Ansible-Roles.docker-compose
- Ansible-Roles.mailcow