Merge branch 'main' of https://skulldev.de/Skull-IT/iac_stack

.gitignore

@@ -7,6 +7,7 @@ ansible/inventory/
 *.secret
 ansible/.vault-*
 ansible/.ansible
+.ansible
 
 # Packer Files
 packer/credentials.pkr.hcl

ansible/playbooks/heyer.systems/docker1.yml

@@ -77,4 +77,9 @@
     - role: deploy_container_habitica
       tags:
         - habitica
-        - docker-container
+        - docker-container
+
+    - role: deploy_container_mailarchive
+      tags:
+        - mailarchive
+        - docker-container

ansible/roles/deploy_container_mailarchive/defaults/main.yml

@@ -0,0 +1,13 @@
+container_mailarchive_version: latest # https://hub.docker.com/r/s1t5/mailarchiver/tags
+container_mailarchive_domain: mailarchive.example.com
+container_mailarchive_postgres_version: 17-alpine
+container_mailarchive_postgres_user: postgres_user
+container_mailarchive_postgres_password: postgres_password
+container_mailarchive_auth_enable: true
+container_mailarchive_auth_user: login_user
+container_mailarchive_auth_password: login_password
+container_mailarchive_session_timeout: 60 # Minutes
+container_mailarchive_sync_interval: 15 # Minutes
+container_mailarchive_sync_timeout: 60 # Minutes
+container_mailarchive_connection_timeout: 180 # Seconds
+container_mailarchive_command_timeout: 60 # Seconds

ansible/roles/deploy_container_mailarchive/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/{{ item.dir }}"
+    state: directory
+    mode: '0755'
+  become: false
+  loop:
+    - {dir: "data/db"}
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

ansible/roles/deploy_container_mailarchive/templates/.env.j2

@@ -0,0 +1,13 @@
+MAILARCHIVE_VERSION={{ container_mailarchive_version }}
+MAILARCHIVE_DOMAIN={{ container_mailarchive_domain }}
+POSTGRES_VERSION={{ container_mailarchive_postgres_version }}
+DB_USER={{ container_mailarchive_postgres_user }}
+DB_PASSWORD={{ container_mailarchive_postgres_password }}
+AUTH_ENABLE={{ container_mailarchive_auth_enable }}
+AUTH_USER={{ container_mailarchive_auth_user }}
+AUTH_PASSWORD={{ container_mailarchive_auth_password }}
+AUTH_SESSION_TIMEOUT_IN_MINUTES={{ container_mailarchive_session_timeout }}
+MAIL_SYNC_INTERVAL_IN_MINUTES={{ container_mailarchive_sync_interval }}
+MAIL_SYNC_TIMEOUT_IN_MINUTES={{ container_mailarchive_sync_timeout }}
+MAIL_CONNECTION_TIMEOUT_IN_SECONDS={{ container_mailarchive_connection_timeout }}
+MAIL_COMMAND_TIMEOUT_IN_SECONDS={{ container_mailarchive_command_timeout }}

ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2

@@ -0,0 +1,80 @@
+---
+services:
+  mailarchive:
+    image: s1t5/mailarchiver:${MAILARCHIVE_VERSION}
+    container_name: mailarchive
+    restart: always
+    networks:
+      - traefik
+      - mailarchive
+    environment:
+      # Database Connection
+      - ConnectionStrings__DefaultConnection=Host=postgres;Database=MailArchiver;Username=${DB_USER};Password=${DB_PASSWORD};
+
+      # Authentication Settings
+      - Authentication__Enabled=${AUTH_ENABLE}
+      - Authentication__Username=${AUTH_USER}
+      - Authentication__Password=${AUTH_PASSWORD}
+      - Authentication__SessionTimeoutMinutes=${AUTH_SESSION_TIMEOUT_IN_MINUTES}
+      - Authentication__CookieName=MailArchiverAuth
+
+      # MailSync Settings
+      - MailSync__IntervalMinutes=${MAIL_SYNC_INTERVAL_IN_MINUTES}
+      - MailSync__TimeoutMinutes=${MAIL_SYNC_TIMEOUT_IN_MINUTES}
+      - MailSync__ConnectionTimeoutSeconds=${MAIL_CONNECTION_TIMEOUT_IN_SECONDS}
+      - MailSync__CommandTimeoutSeconds=${MAIL_COMMAND_TIMEOUT_IN_SECONDS}
+
+      # BatchRestore Settings
+      - BatchRestore__AsyncThreshold=50
+      - BatchRestore__MaxSyncEmails=150
+      - BatchRestore__MaxAsyncEmails=50000
+      - BatchRestore__SessionTimeoutMinutes=30
+      - BatchRestore__DefaultBatchSize=50
+
+      # BatchOperation Settings
+      - BatchOperation__BatchSize=50
+      - BatchOperation__PauseBetweenEmailsMs=50
+      - BatchOperation__PauseBetweenBatchesMs=250
+
+      # Npgsql Settings
+      - Npgsql__CommandTimeout=900
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.mailarchive.entrypoints=http"
+      - "traefik.http.routers.mailarchive.rule=Host(`${MAILARCHIVE_DOMAIN}`)"
+      - "traefik.http.middlewares.mailarchive-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.mailarchive.middlewares=mailarchive-https-redirect"
+      - "traefik.http.routers.mailarchive-secure.entrypoints=https"
+      - "traefik.http.routers.mailarchive-secure.rule=Host(`${MAILARCHIVE_DOMAIN}`)"
+      - "traefik.http.routers.mailarchive-secure.tls=true"
+      - "traefik.http.routers.mailarchive-secure.service=mailarchive"
+      - "traefik.http.services.mailarchive.loadbalancer.server.port=5000"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+
+  postgres:
+    image: postgres:${POSTGRES_VERSION}
+    container_name: mailarchive-db
+    restart: always
+    environment:
+      POSTGRES_DB: MailArchiver
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+    networks:
+      - mailarchive
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U mailuser -d MailArchiver"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+networks:
+  traefik:
+    external: true
+  mailarchive:

ansible/roles/deploy_container_mailarchive/vars/main.yml

@@ -0,0 +1 @@
+container_base_dir: /opt/docker/mailarchive