Improve installation workflow

Carlgo11 · Jan 15, 2025 · 6044491 · 6044491
1 parent 7205a49
commit 6044491
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 10 deletions.
diff --git a/conf/apparmor/mailroom-inbox b/conf/apparmor/mailroom-inbox
@@ -19,7 +19,7 @@ profile mailroom-inbox flags=(attach_disconnected, mediate_deleted) {
 
   ## Certificate and mail storage
   /etc/ssl/inbox/* r,                      # Certificates
-  /etc/ssl/certs/* r,                      # User-specific certificates
+  /etc/ssl/clients/* r,                    # User-specific certificates
   /var/mail/vhosts/** w,                   # Mail directories
 
   ## Temporary and process files

diff --git a/installation/compose/inbox b/installation/compose/inbox
@@ -2,28 +2,29 @@
     container_name: inbox
     image: carlgo11/mailroom-inbox:${VERSION:-dev}
     pull_policy: always
+    read_only: true
+    restart: unless-stopped
+    dns:
+      - ${POSTNET_NETWORK:-172.22.0}.8
     ports:
       - "${INBOX_IPV4_BIND:-0.0.0.0:25}:25/tcp"
       - "${INBOX_IPV6_BIND:-[::]:25}:25/tcp"
     volumes:
-      - ${INBOX_TLS_KEY}:/etc/ssl/inbox/privkey.pem
-      - ${INBOX_TLS_CERT}:/etc/ssl/inbox/cert.pem
+      - ${INBOX_TLS_KEY}:/etc/ssl/inbox/privkey.pem:ro
+      - ${INBOX_TLS_CERT}:/etc/ssl/inbox/cert.pem:ro
       - ${USER_CERTS_PATH}:/etc/ssl/clients/:ro
       - ${INBOX_LOG}:/var/log/inbox.log
       - vhosts:/var/mail/vhosts
-    cap_drop:
-      - ALL
     cap_add:
       - NET_BIND_SERVICE
     depends_on:
       - redis
+    tmpfs:
+      - /tmp
+      - /var/tmp
     networks:
       default:
         aliases:
           - inbox
       postnet:
         ipv4_address: ${POSTNET_NETWORK:-172.22.0}.4
-    read_only: true
-    tmpfs:
-      - /tmp
-      - /var/tmp
diff --git a/installation/compose/outbox b/installation/compose/outbox
@@ -1,6 +1,8 @@
   outbox:
     container_name: outbox
     image: carlgo11/mailroom-outbox:${VERSION:-dev}
+    dns:
+      - ${POSTNET_NETWORK:-172.22.0}.8
     ports:
       - "${OUTBOX_IPV4_BIND:-0.0.0.0:587}:587/tcp"
       - "${OUTBOX_IPV6_BIND:-[::]:587}:587/tcp"
@@ -9,9 +11,9 @@
       - ${OUTBOX_TLS_CERT}:/etc/ssl/outbox/cert.pem:ro
       - ${OUTBOX_DKIM_PATH}:/etc/ssl/dkim:ro
       - vhosts:/var/mail/vhosts
+    read_only: true
     depends_on:
       - redis
-    read_only: true
     tmpfs:
       - /tmp
     networks:

diff --git a/installation/compose/unbound b/installation/compose/unbound
@@ -0,0 +1,8 @@
+  unbound:
+    container_name: unbound
+    image: mvance/unbound
+    restart: unless-stopped
+    pull_policy: always
+    networks:
+      postnet:
+        ipv4_address: ${POSTNET_NETWORK:-172.22.0}.8
diff --git a/installation/install.sh b/installation/install.sh
@@ -37,6 +37,7 @@ echo "Creating Mail Room directory..."
 mkdir -p mailroom
 cd mailroom
 curl -sSL "https://raw.githubusercontent.com/Carlgo11/mailroom/master/mailroom.env" -o mailroom.env
+ln -s mailroom.env .env
 
 run_additional_task "setup-compose.sh"
 

diff --git a/installation/setup-compose.sh b/installation/setup-compose.sh
@@ -41,6 +41,11 @@ if [[ "$backup" =~ ^[Yy]$ ]]; then
   install 'backup'
 fi
 
+read -rp "Include service Unbound? (y/n): " unbound
+if [[ "$unbound" =~ ^[Yy]$ ]]; then
+  install 'unbound'
+fi
+
 install '_tail'
 
 echo "Docker Compose file configured."
diff --git a/mailroom.env b/mailroom.env
@@ -10,6 +10,10 @@ POSTNET_NETWORK=172.22.0
 # If left blank, S/MIME encryption is disabled.
 USER_CERTS_PATH=./certs/users/
 
+# Log verbosity level
+# Allowed values: DEBUG, INFO, WARN, ERROR
+LOG_LEVEL="INFO"
+
 # -----------------------------------
 # Inbox Server Configuration
 # -----------------------------------
@@ -65,6 +69,12 @@ DOVECOT_TLS_KEY=/etc/ssl/dovecot/privkey.pem
 # Path to the TLS certificate for Dovecot.
 DOVECOT_TLS_CERT=/etc/ssl/dovecot/cert.pem
 
+# -----------------------------------
+# Backup Configuration
+# -----------------------------------
+RCLONE_REMOTE="backups:backups/vhosts"
+BACKUP_MAX_AGE="2w"
+
 # -----------------------------------
 # Global TLS Configuration
 # -----------------------------------