WIP: trying mailserver

Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine
+
+MAINTAINER Lieuwe Leene
+
+ARG SSL_ALGO=secp521r1
+
+RUN apk update && \
+  apk add --no-cache openssl && \
+  rm -rf /var/cache/apk/*
+
+COPY ./mail/certs /certs
+
+RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /certs/ecprivkey.pem && \
+    openssl pkey -in /certs/ecprivkey.pem -pubout -out /certs/ecpubkey.pem

config/mail/10-custom.conf

@@ -0,0 +1,7 @@
+# Enables mail_crypt for all services (imap, pop3, etc)
+mail_plugins = $mail_plugins mail_crypt
+plugin {
+  mail_crypt_global_private_key = </certs/ecprivkey.pem
+  mail_crypt_global_public_key = </certs/ecpubkey.pem
+  mail_crypt_save_version = 2
+}

docker-compose.yaml

@@ -2,7 +2,7 @@ version: "3.8"
 
 networks:
   internalnet:
-    external: false
+
 
 x-mail: &defaults
   env_file: local.env
@@ -23,20 +23,29 @@ services:
     volumes:
       - type: bind
         source: ./pgsql
-        target: /var/lib/postgresql/data
-      - ./pg-init-scripts:/docker-entrypoint-initdb.d
+        target: /var/lib/postgresql/data:z
+      - ./config/pg-init-scripts:/docker-entrypoint-initdb.d
     restart: always
     ports:
       - "5432:5432"
 
+  adminer:
+    <<: *defaults
+    image: adminer
+    restart: always
+    depends_on:
+      - database
+    ports:
+      - "8080:8080"
+
   roundcubemail:
     <<: *defaults
     image: roundcube/roundcubemail:latest-fpm
     container_name: roundcube
     depends_on:
-      - roundcubedb
+      - database
     links:
-      - roundcubedb
+      - database
     ports:
       - 9000:9000
     volumes:
@@ -44,6 +53,7 @@ services:
 
 
   mailserver:
+    build: .
     <<: *defaults
     image: docker.io/mailserver/docker-mailserver:latest
     container_name: mailserver
@@ -55,23 +65,48 @@ services:
       - "587:587"
       - "993:993"
     volumes:
-      - ./mail/mail-data/:/var/mail/
-      - ./mail/mail-state/:/var/mail-state/
-      - ./mail/mail-logs/:/var/log/mail/
-      - ./mail/config/:/tmp/docker-mailserver/
+      - ./mail/letsencrypt:/etc/letsencrypt:z
+      - ./mail/mail-data/:/var/mail/:z
+      - ./mail/mail-state/:/var/mail-state/:z
+      - ./mail/mail-logs/:/var/log/mail/:z
+      - ./mail/config/:/tmp/docker-mailserver/:z
+      - ./mail/certs/:/certs:z
       - /etc/localtime:/etc/localtime:ro
+
     cap_add:
       - NET_ADMIN
     depends_on:
       - ddnsgd
     restart: always
 
-
-  adminer:
+  reverse-proxy:
     <<: *defaults
-    image: adminer
+    image: nginxproxy/nginx-proxy
+    container_name: nginx-proxy
     restart: always
-    depends_on:
-      - database
     ports:
-      - "8080:8080"
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/conf/:/etc/nginx/conf.d:z
+      - ./nginx/html/:/usr/share/nginx/html/:z
+      - ./nginx/vhost/:/etc/nginx/vhost.d/:z
+      - ./nginx/certs/:/etc/nginx/certs/:ro
+      - ./nginx/dhparam:/etc/nginx/dhparam:z
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    depends_on:
+      - ddnsgd
+
+  acme-companion:
+    <<: *defaults
+    image: nginxproxy/acme-companion
+    container_name: nginx-proxy-acme
+    restart: always
+    volumes_from:
+      - reverse-proxy
+    volumes:
+      - ./nginx/certs/:/etc/nginx/certs/:rw
+      - ./nginx/acme-state/:/etc/acme.sh/:z
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    depends_on:
+      - ddnsgd

local.env

@@ -1,3 +1,5 @@
+DEBUG=1
+DOCKER_HOST_ROOTLESS_PATH=/run/user/1000/docker.sock
 
 ## Google Dynamic DNS
 
@@ -8,13 +10,23 @@ PASSWORD="Enl0rRgqBsZPVupA"
 
 ## Mail Server Env
 
+POSTFIX_INET_PROTOCOLS=ipv4
+TZ=NL
 ENABLE_SPAMASSASSIN=1
 SPAMASSASSIN_SPAM_TO_INBOX=1
 ENABLE_CLAMAV=1
+ENABLE_DNSBL=1
 ENABLE_FAIL2BAN=1
 ENABLE_POSTGREY=1
 ENABLE_SASLAUTHD=0
 ONE_DIR=1
+TLS_LEVEL=modern
+POSTMASTER_ADDRESS=admin@leene.dev
+ENABLE_UPDATE_CHECK=1
+
+SSL_TYPE=letsencrypt
+VIRTUAL_HOST=mail.zathura.leene.dev
+LETSENCRYPT_HOST=mail.zathura.leene.dev
 
 ## SQL Server Env
 
@@ -33,3 +45,13 @@ ROUNDCUBEMAIL_DB_PASSWORD=hear397sew
 ROUNDCUBEMAIL_SKIN=elastic
 ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.zathura.leene.dev
 ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.zathura.leene.dev
+
+
+## NGINX Reverse Proxy
+
+NGINX_PROXY_CONTAINER=nginx-proxy
+LETSENCRYPT_TEST=true
+LETSENCRYPT_RESTART_CONTAINER=true
+DEFAULT_EMAIL=lieuwe@leene.dev
+NGINX_HOST=zathura.leene.dev
+NGINX_PHP_CGI=roundcubemail:9000