version: "3.9"

# Define reusable templates for common service settings
x-common-service:
  &common-service
  restart: unless-stopped
  environment:
    TZ: "${TZ:-Etc/UTC}"
  volumes:
    - /etc/localtime:/etc/localtime:ro

x-mailserver-service:
  &mailserver-service
  <<: *common-service
  domainname: freedoh.net
  environment:
    ENABLE_SPAMASSASSIN: "${ENABLE_SPAMASSASSIN:-1}"
    ENABLE_CLAMAV: "${ENABLE_CLAMAV:-1}"
    ENABLE_POP3: "${ENABLE_POP3:-1}"
    ENABLE_IMAP: "${ENABLE_IMAP:-1}"
    ENABLE_MANAGESIEVE: "${ENABLE_MANAGESIEVE:-1}"
    RELAY_HOST: "${RELAY_HOST:-}"
    POSTMASTER_ADDRESS: "${POSTMASTER_ADDRESS:-postmaster@example.com}"
    #~ SSL_TYPE=letsencrypt
    SSL_TYPE: "${SSL_TYPE:-manual}"
    SSL_CERT_PATH: "/etc/ssl/mail/fullchain.pem"
    SSL_KEY_PATH: "/etc/ssl/mail/privkey.pem"
    DKIM_SELECTOR: "${DKIM_SELECTOR:-mail}"
    DKIM_DOMAIN: "${DKIM_DOMAIN:-example.com}"
    # ???
    #~ PERMIT_DOCKER=connected-networks
    #~ POSTFIX_INET_PROTOCOLS=ipv4
    #~ ENABLE_TLS=1
    #~ TLS_LEVEL=modern
    #~ ENABLE_POSTGREY=1
    #~ ENABLE_RSPAMD=1
    #~ SMTP_ONLY=0
    #~ ENABLE_SRS=1
    #~ ENABLE_QUOTAS=1
    #~ LOG_LEVEL=info
    #~ ENABLE_LDAP=0
    #~ LDAP_SERVER_HOST=ldap.example.com
    #~ ENABLE_FETCHMAIL=0
    #~ ENABLE_DKIM=1
    #~ ENABLE_SPF=1
    #~ SPOOF_PROTECTION=0
    #~ ENABLE_MANAGESIEVE=1
  volumes:
    - dmsdata:/var/mail
    - dmsstate:/var/mail-state
    - dmslogs:/var/log/mail
    - dmsconfig:/tmp/docker-mailserver
    - dmscerts:/etc/ssl/mail:ro
  ports:
    - "25:25"
    - "465:465"
    - "587:587"
    - "993:993"
    - "995:995"
    - "4190:4190"

services:
  # Primary mailserver instance
  mailserver:
    <<: *mailserver-service
    hostname: mail
    image: mailserver/docker-mailserver:latest
    container_name: dms
    profiles:
      - both
    environment:
      ENABLE_FAIL2BAN: "0"

  imapserver:
    <<: *mailserver-service
    hostname: imap
    image: mailserver/docker-mailserver:latest
    container_name: dms
    profiles:
      - imap
    environment:
      ENABLE_FAIL2BAN: "0"
      
  smtpserver:
    <<: *mailserver-service
    hostname: smtp
    image: mailserver/docker-mailserver:latest
    container_name: dms
    profiles:
      - smtp
    environment:
      ENABLE_FAIL2BAN: "0"

  #~ # Fail2Ban-enabled mailserver instance
  #~ mailserver-fail2ban:
    #~ <<: *mailserver-service
    #~ hostname: mail
    #~ image: mailserver/docker-mailserver:latest
    #~ container_name: dms
    #~ profiles:
      #~ - fail2ban
    #~ environment:
      #~ ENABLE_FAIL2BAN: "1"
    #~ cap_add:
      #~ - NET_ADMIN # Required for Fail2Ban
  # Fail2Ban-enabled mailserver instance
  
  rspamd:
    <<: *common-service
    image: rspamd/rspamd
    container_name: rspamd
    profiles:
      - rspamd
    environment:
      RSPAMD_PASSWORD: "${RSPAMD_PASSWORD:-rspamd_admin_password}"
    volumes:
      - rspamd_data:/var/lib/rspamd
    ports:
      - "11334:11334"
      - "11332:11332"
    command: ["-i", "127.0.0.1"]

  roundcube:
    <<: *common-service
    image: roundcube/roundcubemail:latest
    container_name: roundcube
    profiles:
      - roundcube
    depends_on:
      - mailserver
    environment:
      ROUNDCUBEMAIL_DEFAULT_HOST: "${ROUNDCUBEMAIL_DEFAULT_HOST:-mail.example.com}"
      ROUNDCUBEMAIL_SMTP_SERVER: "${ROUNDCUBEMAIL_SMTP_SERVER:-mail.example.com}"
      ROUNDCUBEMAIL_SMTP_PORT: "${ROUNDCUBEMAIL_SMTP_PORT:-587}"
      ROUNDCUBEMAIL_PLUGINS: "${ROUNDCUBEMAIL_PLUGINS:-managesieve}"
      PHP_MEMORY_LIMIT: "${PHP_MEMORY_LIMIT:-256M}"
    volumes:
      - roundcube_data:/var/www/html
    ports:
      - "8080:80"

  rainloop:
    <<: *common-service
    image: hardware/rainloop
    container_name: rainloop
    profiles:
      - rainloop
    depends_on:
      - mailserver
    environment:
      RAINLOOP_DEFAULT_HOST: "${RAINLOOP_DEFAULT_HOST:-mail.example.com}"
    volumes:
      - rainloop_data:/rainloop/data
    ports:
      - "8081:80"

  imapsync:
    <<: *common-service
    image: gilleslamiral/imapsync
    container_name: imapsync
    profiles:
      - imapsync
    command: "sleep infinity"
    volumes:
      - imapsync_config:/sync/config
      - imapsync_logs:/sync/logs

volumes:
  dmsdata:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/data/'
  dmsstate:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/state/'
  dmslogs:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/logs/'
  dmsconfig:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/config/'
  dmscerts:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/certs/'
  rainloop_data:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/rainloop/data/'
  rspamd_data:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/rspamd/data/'
  roundcube_data:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/roundcube/data/'
  imapsync_config:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/imapsync/config/'
  imapsync_logs:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/${BASEDIR}/dms/imapsync/logs/'