slimta-docker/docker-compose.yml at main · slimta/slimta-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
version: "3.8"
services:

  proxy:
    image: ghcr.io/icgood/proxy-protocol
    deploy:
      mode: global
    command: >-
      --service :143 pymap:143
      --service :4190 pymap:4190
      --service :50051 pymap:50051?pp=noop
      --service :25 slimta-edge:25
      --service :587 slimta-edge:587
    ports:
      - target: 143
        published: 143
        protocol: tcp
        mode: host
      - target: 4190
        published: 4190
        protocol: tcp
        mode: host
      - target: 50051
        published: 50051
        protocol: tcp
        mode: host
      - target: 25
        published: 25
        protocol: tcp
        mode: host
      - target: 587
        published: 587
        protocol: tcp
        mode: host

  redis:
    image: redis
    command: ["redis-server", "--appendonly", "yes"]
    deploy:
      replicas: 1
    volumes:
      - redis-data:/data

  pymap:
    image: ghcr.io/icgood/pymap
    depends_on:
      - redis
    volumes:
      - ${CERT_DIR:-/etc/ssl/private}:/etc/ssl/private
    environment:
      FQDN: ${FQDN}
      SWIM_SECRET_FILE: /run/secrets/pymap_swim_secret
      SWIM_NAME: tasks.pymap:9999
      CERT_FILE: /etc/ssl/private/mail/fullchain.pem
      KEY_FILE: /etc/ssl/private/mail/privkey.pem
    secrets:
      - pymap_swim_secret
    command: >-
      --debug
      --proxy-protocol detect
      --swim-udp-discovery
      redis
      --address redis://redis
      --prefix pymap
      --users-prefix slimta/address
      --data-address redis://redis/1
    deploy:
      replicas: 2
    networks:
      default:
        aliases:
          - ${PYMAP_HOST}

  slimta-edge:
    image: ghcr.io/slimta/slimta
    build:
      context: ./slimta
      platforms:
        - "linux/amd64"
    entrypoint: slimta --no-relay
    environment:
      FQDN: ${FQDN}
    depends_on:
      - redis
      - spamd
    volumes:
      - ${CERT_DIR:-/etc/ssl/private}:/etc/ssl/private
    networks:
      default:
        aliases:
          - ${SLIMTA_HOST}

  slimta-relay:
    image: ghcr.io/slimta/slimta
    build:
      context: ./slimta
      platforms:
        - "linux/amd64"
    entrypoint: slimta --no-edge
    environment:
      FQDN: ${FQDN}
      PYMAP_ADMIN_HOST: ${PYMAP_HOST}
      PYMAP_ADMIN_PORT: 50051
    secrets:
      - pymap_admin_token
    depends_on:
      - redis
      - pymap
    volumes:
      - ${CERT_DIR:-/etc/ssl/private}:/etc/ssl/private

  letsencrypt:
    image: ghcr.io/icgood/letsencrypt-service
    environment:
      CERTS: mail
      DOMAIN_mail: ${FQDN}
      ALTS_mail: "${PYMAP_HOST} ${SLIMTA_HOST} ${MX_HOSTS} ${ALTS}"
    secrets:
      - lexicon_env
    deploy:
      mode: global
      restart_policy:
        delay: 10m
    volumes:
      - dehydrated-data:/var/lib/dehydrated
      - ${CERT_DIR:-/etc/ssl/private}:/etc/ssl/private

  spamd:
    image: ghcr.io/slimta/spamassassin
    build:
      context: ./spamassassin
      platforms:
        - "linux/amd64"

secrets:
  lexicon_env:
    file: $HOME/.docker-secrets/lexicon.env
  pymap_admin_token:
    file: $HOME/.docker-secrets/pymap-admin.token
  pymap_swim_secret:
    file: $HOME/.docker-secrets/pymap-swim-secret

volumes:
  redis-data:
  dehydrated-data: