From 71e7cc6477bbf79e748fb90ba01d0820afe4238e Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Wed, 1 May 2019 01:34:02 +0200
Subject: [PATCH] Update Mailu to 1.6

---
 .../files/mailu/docker-compose.yml            | 114 +++++++++---------
 roles/mailu-docker/templates/mailu/.env       |  40 ++++--
 2 files changed, 90 insertions(+), 64 deletions(-)

diff --git a/roles/mailu-docker/files/mailu/docker-compose.yml b/roles/mailu-docker/files/mailu/docker-compose.yml
index 309130b..1d1462f 100644
--- a/roles/mailu-docker/files/mailu/docker-compose.yml
+++ b/roles/mailu-docker/files/mailu/docker-compose.yml
@@ -1,15 +1,23 @@
-version: '2'
+version: '3.6'
 
 networks:
   web:
     external:
       name: web
+  default:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.22.0.0/16
 
 services:
   front:
     image: mailu/nginx:$VERSION
     restart: always
     env_file: .env
+    logging:
+      driver: json-file
     ports:
       - "$BIND_ADDRESS4:110:110"
       - "$BIND_ADDRESS4:143:143"
@@ -19,15 +27,16 @@ services:
       - "$BIND_ADDRESS4:465:465"
       - "$BIND_ADDRESS4:587:587"
     labels:
-      - "traefik.backend=mailu-admin"
+      - "traefik.backend=webmail"
       - "traefik.docker.network=web"
-      - "traefik.frontend.rule=Host:mailu.banditlair.com"
+      - "traefik.frontend.rule=Host:webmail.banditlair.com"
       - "traefik.enable=true"
       - "traefik.port=80"
       - "traefik.default.protocol=http"
     volumes:
       - "../traefik/certs/ssl/banditlair.com.crt:/certs/cert.pem"
       - "../traefik/certs/ssl/banditlair.com.key:/certs/key.pem"
+      - "/var/lib/mailu/overrides/nginx:/overrides"
     networks:
       - web
       - default
@@ -36,82 +45,79 @@ services:
     image: redis:alpine
     restart: always
     volumes:
-      - "$ROOT/redis:/data"
+      - "/var/lib/mailu/redis:/data"
+
+  resolver:
+    image: mailu/unbound:$VERSION
+    restart: always
+    env_file: .env
+    networks:
+      default:
+        ipv4_address: 172.22.255.254
+
+  admin:
+    image: mailu/admin:$VERSION
+    restart: always
+    env_file: .env
+    volumes:
+      - "/var/lib/mailu/data:/data"
+      - "/var/lib/mailu/dkim:/dkim"
+    depends_on:
+      - redis
 
   imap:
     image: mailu/dovecot:$VERSION
     restart: always
     env_file: .env
     volumes:
-      - "$ROOT/data:/data"
-      - "$ROOT/mail:/mail"
+      - "/var/lib/mailu/data:/data"
+      - "/var/lib/mailu/mail:/mail"
       - "./overrides:/overrides"
+    depends_on:
+      - front
 
   smtp:
     image: mailu/postfix:$VERSION
     restart: always
     env_file: .env
     volumes:
-      - "$ROOT/data:/data"
+      - "/var/lib/mailu/data:/data"
       - "./overrides:/overrides"
+    depends_on:
+      - front
+      - resolver
+    dns:
+      - 172.22.255.254
 
   antispam:
     image: mailu/rspamd:$VERSION
     restart: always
     env_file: .env
     volumes:
-      - "$ROOT/filter:/var/lib/rspamd"
-      - "$ROOT/dkim:/dkim"
+      - "/var/lib/mailu/filter:/var/lib/rspamd"
+      - "/var/lib/mailu/dkim:/dkim"
       - "./overrides/rspamd:/etc/rspamd/override.d"
-
-  antivirus:
-    image: mailu/$ANTIVIRUS:$VERSION
-    restart: always
-    env_file: .env
-    volumes:
-      - "$ROOT/filter:/data"
-
-  webdav:
-    image: mailu/$WEBDAV:$VERSION
-    restart: always
-    env_file: .env
-    volumes:
-      - "$ROOT/dav:/data"
-
-  admin:
-    image: mailu/admin:$VERSION
-    restart: always
-    env_file: .env
-    expose:
-      - 80
-    volumes:
-      - "$ROOT/data:/data"
-      - "$ROOT/dkim:/dkim"
-      - /var/run/docker.sock:/var/run/docker.sock:ro
     depends_on:
-      - redis
-
-  webmail:
-    image: hardware/rainloop
-    restart: always
-    expose:
-      - 8888
-    labels:
-      - "traefik.backend=webmail"
-      - "traefik.docker.network=web"
-      - "traefik.frontend.rule=Host:webmail.banditlair.com"
-      - "traefik.enable=true"
-      - "traefik.port=8888"
-      - "traefik.default.protocol=http"
-    volumes:
-      - "$ROOT/webmail:/rainloop/data"
-    networks:
-      - web
-      - default
+      - front
+      - resolver
+    dns:
+      - 172.22.255.254
 
   fetchmail:
     image: mailu/fetchmail:$VERSION
     restart: always
     env_file: .env
+    depends_on:
+      - resolver
+    dns:
+      - 172.22.255.254
+
+  webmail:
+    image: mailu/rainloop
+    restart: always
+    env_file: .env
     volumes:
-      - "$ROOT/data:/data"
+      - "/var/lib/mailu/webmail:/data"
+    depends_on:
+      - imap
+
diff --git a/roles/mailu-docker/templates/mailu/.env b/roles/mailu-docker/templates/mailu/.env
index 1d722cc..9f147d7 100644
--- a/roles/mailu-docker/templates/mailu/.env
+++ b/roles/mailu-docker/templates/mailu/.env
@@ -8,18 +8,16 @@
 # Common configuration variables
 ###################################
 
-# Set this to the path where Mailu data and configuration is stored
-ROOT=/var/lib/mailu
-
 # Mailu version to run (stable, 1.0, 1.1, etc. or latest)
-VERSION=1.5
+VERSION=1.6
 
 # Set to a randomly generated 16 bytes string
 SECRET_KEY={{mailu_secret_key}}
 
-# Address where listening ports should bind
 BIND_ADDRESS4=0.0.0.0
-BIND_ADDRESS6=::
+
+# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!
+SUBNET=172.22.0.0/16
 
 # Main mail domain
 DOMAIN=banditlair.com
@@ -61,10 +59,11 @@ ANTIVIRUS=none
 
 # Message size limit in bytes
 # Default: accept messages up to 50MB
+# Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000
 
-# Networks granted relay permissions, make sure that you include your Docker
-# internal network (default to 172.17.0.0/16)
+# Networks granted relay permissions
+# Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=172.22.0.0/16
 
 # Will relay all outgoing mails if configured
@@ -93,6 +92,9 @@ WELCOME_BODY=Welcome to your new email account, if you can read this, then it is
 # Web settings
 ###################################
 
+# Path to redirect / to
+WEBROOT_REDIRECT=/webmail
+
 # Path to the admin interface if enabled
 WEB_ADMIN=/admin
 
@@ -100,7 +102,7 @@ WEB_ADMIN=/admin
 WEB_WEBMAIL=/webmail
 
 # Website name
-SITENAME=Emails management
+SITENAME=Banditlair mails
 
 # Linked Website URL
 WEBSITE=https://banditlair.com
@@ -114,4 +116,22 @@ COMPOSE_PROJECT_NAME=mailu
 
 # Default password scheme used for newly created accounts and changed passwords
 # (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
-PASSWORD_SCHEME=SHA512-CRYPT
+PASSWORD_SCHEME=BLF-CRYPT
+
+# Header to take the real ip from
+REAL_IP_HEADER=
+
+# IPs for nginx set_real_ip_from (CIDR list separated by commas)
+REAL_IP_FROM=
+
+# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
+REJECT_UNLISTED_RECIPIENT=
+
+# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
+LOG_LEVEL=WARNING
+
+###################################
+# Database settings
+###################################
+DB_FLAVOR=sqlite
+