initial commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

roles/mail/templates/compose.yml.j2

@@ -0,0 +1,60 @@
+services:
+
+  mailserver:
+    image: docker.io/mailserver/docker-mailserver:{{ mailserver_version }}
+    container_name: mailserver
+    hostname: {{ mail_hostname.split('.')[0] }}
+    domainname: {{ domain }}
+    env_file: env/mailserver.env
+    ports:
+      - "25:25"
+      - "587:587"
+      - "993:993"
+    healthcheck:
+      test: ["CMD-SHELL", "supervisorctl status | grep -E 'postfix|dovecot' | grep -q RUNNING"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+    volumes:
+      - /srv/mail/config:/tmp/docker-mailserver
+      - /srv/mail/maildata:/var/mail
+      - /srv/mail/mailstate:/var/mail-state
+      - /srv/mail/maillogs:/var/log/mail
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/letsencrypt:/etc/letsencrypt:ro
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    networks:
+      - mail
+      - webmail
+
+  rainloop:
+    image: hardware/rainloop:{{ rainloop_version }}
+    container_name: rainloop
+    restart: unless-stopped
+    depends_on:
+      mailserver:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost:{{ rainloop_port }}/ || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+    environment:
+      - RAINLOOP_ADMIN=admin
+      - RAINLOOP_ADMIN_PASSWORD={{ rainloop_admin_password }}
+    volumes:
+      - /srv/mail/rainloop/data:/rainloop/data
+    ports: []  # no host ports, only accessible via Docker network
+    networks:
+      - mail
+      - webmail
+
+networks:
+  mail:
+    external: true
+  webmail:
+    external: true

roles/mail/templates/mailserver.env.j2

@@ -0,0 +1,33 @@
+DMS_DEBUG=0
+# PERMIT_DOCKER=network
+
+# Hostname + primary domain (split from mail_hostname variable)
+HOSTNAME={{ mail_hostname.split('.')[0] }}
+DOMAINNAME={{ domain }}
+
+# Let's Encrypt
+ENABLE_TLS=1
+SSL_TYPE=letsencrypt
+LETSENCRYPT_DOMAIN={{ mail_hostname }}
+LETSENCRYPT_EMAIL={{ admin_user }}@{{ domain }}
+
+# Override hostname (FQDN) and domains handled by this server
+OVERRIDE_HOSTNAME={{ mail_hostname }}
+OVERRIDE_DOMAIN={{ mail_domains | join(',') }}
+
+# Other docker-mailserver options
+POSTMASTER_ADDRESS=postmaster@{{ domain }}
+ONE_DIR=1
+ENABLE_OPENDKIM=0
+# rspamd handles DMARC and SPF natively; enabling these would duplicate validation
+ENABLE_OPENDMARC=0
+ENABLE_POLICYD_SPF=0
+ENABLE_AMAVIS=0
+ENABLE_CLAMAV=0
+ENABLE_FAIL2BAN=0
+ENABLE_SPAMASSASSIN=0
+ENABLE_RSPAMD=1
+
+RSPAMD_LEARN=1
+
+POSTFIX_MESSAGE_SIZE_LIMIT=26214400

roles/mail/templates/worker-controller.inc.j2

@@ -0,0 +1,2 @@
+# Rspamd web UI password
+password = "{{ rspamd_web_password }}";