recipe-maintainers/mailu
0
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Move SECRET_KEY to docker secret

Browse Source
This commit is contained in:
3wc
2023-09-24 18:52:19 +01:00
parent 158537ab52
commit 41b2f8d9c1
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.sample
View File

@ -18,8 +18,6 @@ TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key
REDIS_ADDRESS=db REDIS_ADDRESS=db
# Set to a randomly generated 16 bytes string
SECRET_KEY=XXXXXXXXXXXXXXXX
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.203.0/24 SUBNET=192.168.203.0/24
@ -105,6 +103,9 @@ COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. # IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
# FULL_TEXT_SEARCH=off # FULL_TEXT_SEARCH=off
SECRET_SECRET_KEY_VERSION=v1
################################### ###################################
# Web settings # Web settings
################################### ###################################

19
compose.yml
View File

@ -34,7 +34,7 @@ x-environment:
- REJECT_UNLISTED_RECIPIENT - REJECT_UNLISTED_RECIPIENT
- RELAYHOST - RELAYHOST
- RELAYNETS - RELAYNETS
- SECRET_KEY - SECRET_KEY_FILE=/run/secrets/secret_key
- SITENAME - SITENAME
- SUBNET - SUBNET
- TLS_CERT_FILENAME - TLS_CERT_FILENAME
@ -85,6 +85,8 @@ services:
mode: host mode: host
volumes: volumes:
- "certs:/certs" - "certs:/certs"
secrets:
- secret_key
deploy: deploy:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
@ -105,6 +107,8 @@ services:
environment: *default-env environment: *default-env
healthcheck: healthcheck:
disable: true disable: true
secrets:
- secret_key
volumes: volumes:
- "dkim:/dkim" - "dkim:/dkim"
- "mailu:/data" - "mailu:/data"
@ -114,6 +118,8 @@ services:
imap: imap:
image: ghcr.io/mailu/dovecot:2.0.23 image: ghcr.io/mailu/dovecot:2.0.23
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "mail:/mail" - "mail:/mail"
healthcheck: healthcheck:
@ -126,6 +132,8 @@ services:
smtp: smtp:
image: ghcr.io/mailu/postfix:2.0.23 image: ghcr.io/mailu/postfix:2.0.23
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "mailqueue:/queue" - "mailqueue:/queue"
healthcheck: healthcheck:
@ -136,6 +144,8 @@ services:
antispam: antispam:
image: ghcr.io/mailu/rspamd:2.0.23 image: ghcr.io/mailu/rspamd:2.0.23
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "rspamd:/var/lib/rspamd" - "rspamd:/var/lib/rspamd"
- "dkim:/dkim:ro" - "dkim:/dkim:ro"
@ -149,6 +159,8 @@ services:
- default - default
volumes: volumes:
- "webmail:/data" - "webmail:/data"
secrets:
- secret_key
deploy: deploy:
replicas: 1 replicas: 1
healthcheck: healthcheck:
@ -207,3 +219,8 @@ configs:
certdumper_post: certdumper_post:
name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION} name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
file: certdumper_post.sh file: certdumper_post.sh
secrets:
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}