diff --git a/__swarm/mailu3/mailu3-swarm.yml b/__swarm/mailu3/mailu3-swarm.yml index 90c93e2..7f91ed0 100644 --- a/__swarm/mailu3/mailu3-swarm.yml +++ b/__swarm/mailu3/mailu3-swarm.yml @@ -1,268 +1,290 @@ networks: - default: - external: true - name: mailu_default - clamav: - external: true - + driver: overlay + default: + driver: overlay + ipam: + config: + - subnet: 192.168.205.0/24 + driver: default fts_attachments: - external: true - + driver: overlay + internal: true oletools: - external: true - + driver: overlay + internal: true radicale: - external: true - + driver: overlay webmail: - external: true + driver: overlay services: - admin: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06} env_file: stack.env - networks: - - default - dns: - - 192.168.205.254 + labels: + wud.watch: true + wud.watch.digest: true volumes: - - data:/data - - dkim:/dkim + - /share/docker_data/mailu3/data:/data + - /share/docker_data/mailu3/dkim:/dkim + networks: + # Swarm uses service discovery, but requires network connection + - default deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" - + condition: ${RESTART:-unless-stopped} + # DNS is handled by Swarm's internal DNS resolver (the resolver service will be discoverable by name) + antispam: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06} - hostname: antispam env_file: stack.env - dns: - - 192.168.205.254 + hostname: antispam + labels: + wud.watch: true + wud.watch.digest: true + volumes: + - /share/docker_data/mailu3/filter:/var/lib/rspamd + - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro networks: - default - oletools - clamav - volumes: - - antispam_filter:/var/lib/rspamd - - antispam_overrides:/overrides:ro deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} antivirus: image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6 + labels: + wud.watch: true + wud.watch.digest: true + volumes: + - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav networks: - clamav - volumes: - - clamav:/var/lib/clamav healthcheck: - test: ["CMD-SHELL", "kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`"] + test: + - CMD-SHELL + - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid` interval: 10s timeout: 5s retries: 3 start_period: 10s deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} fetchmail: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06} env_file: stack.env - dns: - - 192.168.205.254 + labels: + wud.watch: true + wud.watch.digest: true volumes: - - fetchmail:/data + - /share/docker_data/mailu3/data/fetchmail:/data networks: - - default + - default # Connect to 'default' for service discovery deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} front: + # NOTE: 'extends' is removed. You must manually define logging or accept default. image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06} env_file: stack.env + labels: + wud.watch: true + wud.watch.digest: true + homepage.container: mailu3-front-1 + homepage.description: eMail server + homepage.group: Utilities + homepage.href: https://mail.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Mailu + homepage.server: my-docker + homepage.weight: 1 + volumes: + - /share/docker_data/mailu3/certs:/certs + - /share/docker_data/mailu3/overrides/nginx:/overrides:ro networks: - default - webmail - radicale ports: - - "8880:80" - - "8443:443" - - "25:25" - - "465:465" - - "587:587" - - "110:110" - - "995:995" - - "143:143" - - "993:993" - - "4190:4190" - volumes: - - front_certs:/certs - - front_overrides:/overrides:ro - dns: - - 192.168.205.254 + - target: 80 + published: 8880 + protocol: tcp + mode: ingress + - target: 443 + published: 8443 + protocol: tcp + mode: ingress + - target: 25 + published: 25 + protocol: tcp + mode: ingress + - target: 465 + published: 465 + protocol: tcp + mode: ingress + - target: 587 + published: 587 + protocol: tcp + mode: ingress + - target: 110 + published: 110 + protocol: tcp + mode: ingress + - target: 995 + published: 995 + protocol: tcp + mode: ingress + - target: 143 + published: 143 + protocol: tcp + mode: ingress + - target: 993 + published: 993 + protocol: tcp + mode: ingress + - target: 4190 + published: 4190 + protocol: tcp + mode: ingress deploy: restart_policy: - condition: any - placement: - constraints: [node.role == manager] - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} fts_attachments: image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full hostname: tika + labels: + wud.watch: true + wud.watch.digest: true networks: - fts_attachments - dns: - - 192.168.205.254 healthcheck: - test: ["CMD-SHELL", "wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1"] + test: + - CMD-SHELL + - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1 interval: 10s timeout: 5s retries: 3 start_period: 10s deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} imap: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06} env_file: stack.env - dns: - - 192.168.205.254 + labels: + wud.watch: true + wud.watch.digest: true + volumes: + - /share/docker_data/mailu3/mail:/mail + - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro networks: - default - fts_attachments - volumes: - - imap_mail:/mail - - imap_dovecot:/overrides:ro deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} oletools: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06} hostname: oletools + labels: + wud.watch: true + wud.watch.digest: true networks: - oletools - dns: - - 192.168.205.254 deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} redis: image: ${DOCKER_REGISTRY:-}redis:alpine + labels: + wud.watch: true + wud.watch.digest: true volumes: - - redis:/data + - /share/docker_data/mailu3/redis:/data networks: - - default - dns: - - 192.168.205.254 + - default # Connect to default network deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: unless-stopped resolver: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06} env_file: stack.env + labels: + wud.watch: true + wud.watch.digest: true networks: default: + # NOTE: Swarm does not support static IPs for scaling. + # This will fail standard 'docker stack deploy'. + # For mailu, the static IP is critical, so we attempt to enforce it + # via the deploy key, but be aware this is highly non-standard. + # It's better to configure Mailu to use the service name 'resolver' instead of the static IP. + # If using a customized deployer: + # deploy: + # placement: + # constraints: + # - node.hostname == your-swarm-manager + # endpoint_mode: dnsrr + # mode: global + # replicas: 1 + # labels: + # com.docker.stack.static_ips: 192.168.205.254 + # com.docker.stack.static_network: default ipv4_address: 192.168.205.254 deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} smtp: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06} env_file: stack.env - networks: - - default - dns: - - 192.168.205.254 + labels: + wud.watch: true + wud.watch.digest: true volumes: - - snmp_mailqueue:/queue - - snmp_postfix:/overrides:ro + - /share/docker_data/mailu3/mailqueue:/queue + - /share/docker_data/mailu3/overrides/postfix:/overrides:ro + networks: + - default # Connect to default network deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} webdav: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06} + labels: + wud.watch: true + wud.watch.digest: true + volumes: + - /share/docker_data/mailu3/dav:/data networks: - radicale - volumes: - - dav:/data deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" + condition: ${RESTART:-unless-stopped} webmail: image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06} env_file: stack.env + labels: + wud.watch: true + wud.watch.digest: true + volumes: + - /share/docker_data/mailu3/webmail:/data + - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro networks: - webmail - volumes: - - webmail:/data - - roundcube:/overrides:ro deploy: restart_policy: - condition: any - labels: - wud.watch: "true" - wud.watch.digest: "true" -volumes: - data: - dkim: - antispam_filter: - antispam_overrides: - clamav: - fetchmail: - front_certs: - front_overrides: - fts_attachments: - imap_mail: - imap_dovecot: - redis: - snmp_mailqueue: - snmp_postfix: - dav: - webmail: - roundcube: \ No newline at end of file + condition: ${RESTART:-unless-stopped} \ No newline at end of file