From 303e16c1a2d1cd7a44e45248b5b71d7ddfae2a12 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 24 Aug 2025 09:39:07 +0200
Subject: [PATCH 1/5] add .ansible

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index fd3f0ad..41831c3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ ansible/inventory/
 *.secret
 ansible/.vault-*
 ansible/.ansible
+.ansible
 
 # Packer Files
 packer/credentials.pkr.hcl

From f49a0596754549440c08efa428a7f78ecbc43955 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 24 Aug 2025 09:39:19 +0200
Subject: [PATCH 2/5] Add Container Mailarchive

---
 .../defaults/main.yml                         | 13 +++
 .../files/.gitkeep                            |  0
 .../handlers/main.yml                         |  0
 .../meta/main.yml                             |  0
 .../tasks/main.yml                            | 26 ++++++
 .../templates/.env.j2                         | 13 +++
 .../templates/docker-compose.yml.j2           | 80 +++++++++++++++++++
 .../vars/main.yml                             |  1 +
 8 files changed, 133 insertions(+)
 create mode 100644 ansible/roles/deploy_container_mailarchive/defaults/main.yml
 create mode 100644 ansible/roles/deploy_container_mailarchive/files/.gitkeep
 create mode 100644 ansible/roles/deploy_container_mailarchive/handlers/main.yml
 create mode 100644 ansible/roles/deploy_container_mailarchive/meta/main.yml
 create mode 100644 ansible/roles/deploy_container_mailarchive/tasks/main.yml
 create mode 100644 ansible/roles/deploy_container_mailarchive/templates/.env.j2
 create mode 100644 ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
 create mode 100644 ansible/roles/deploy_container_mailarchive/vars/main.yml

diff --git a/ansible/roles/deploy_container_mailarchive/defaults/main.yml b/ansible/roles/deploy_container_mailarchive/defaults/main.yml
new file mode 100644
index 0000000..5f6a527
--- /dev/null
+++ b/ansible/roles/deploy_container_mailarchive/defaults/main.yml
@@ -0,0 +1,13 @@
+container_mailarchive_version: latest
+container_mailarchive_domain: mailarchive.example.com
+container_mailarchive_postgres_version: 17-alpine
+container_mailarchive_postgres_user: postgres_user
+container_mailarchive_postgres_password: postgres_password
+container_mailarchive_auth_enable: true
+container_mailarchive_auth_user: login_user
+container_mailarchive_auth_password: login_password
+container_mailarchive_session_timeout: 60 # Minutes
+container_mailarchive_sync_interval: 15 # Minutes
+container_mailarchive_sync_timeout: 60 # Minutes
+container_mailarchive_connection_timeout: 180 # Seconds
+container_mailarchive_command_timeout: 60 # Seconds
diff --git a/ansible/roles/deploy_container_mailarchive/files/.gitkeep b/ansible/roles/deploy_container_mailarchive/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_mailarchive/handlers/main.yml b/ansible/roles/deploy_container_mailarchive/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_mailarchive/meta/main.yml b/ansible/roles/deploy_container_mailarchive/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_mailarchive/tasks/main.yml b/ansible/roles/deploy_container_mailarchive/tasks/main.yml
new file mode 100644
index 0000000..13f65e1
--- /dev/null
+++ b/ansible/roles/deploy_container_mailarchive/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/{{ item.dir }}"
+    state: directory
+    mode: '0755'
+  become: false
+  loop:
+    - {dir: "data/db"}
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false
diff --git a/ansible/roles/deploy_container_mailarchive/templates/.env.j2 b/ansible/roles/deploy_container_mailarchive/templates/.env.j2
new file mode 100644
index 0000000..b44351c
--- /dev/null
+++ b/ansible/roles/deploy_container_mailarchive/templates/.env.j2
@@ -0,0 +1,13 @@
+MAILARCHIVE_VERSION={{ container_mailarchive_version }}
+MAILARCHIVE_DOMAIN={{ container_mailarchive_domain }}
+POSTGRES_VERSION={{ container_mailarchive_postgres_version }}
+DB_USER={{ container_mailarchive_postgres_user }}
+DB_PASSWORD={{ container_mailarchive_postgres_password }}
+AUTH_ENABLE={{ container_mailarchive_auth_enable }}
+AUTH_USER={{ container_mailarchive_auth_user }}
+AUTH_PASSWORD={{ container_mailarchive_auth_password }}
+AUTH_SESSION_TIMEOUT_IN_MINUTES={{ container_mailarchive_session_timeout }}
+MAIL_SYNC_INTERVAL_IN_MINUTES={{ container_mailarchive_sync_interval }}
+MAIL_SYNC_TIMEOUT_IN_MINUTES={{ container_mailarchive_sync_timeout }}
+MAIL_CONNECTION_TIMEOUT_IN_SECONDS={{ container_mailarchive_connection_timeout }}
+MAIL_COMMAND_TIMEOUT_IN_SECONDS={{ container_mailarchive_command_timeout }}
\ No newline at end of file
diff --git a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..b970819
--- /dev/null
+++ b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
@@ -0,0 +1,80 @@
+---
+services:
+  mailarchive:
+    image: s1t5/mailarchiver:${MAILARCHIVE_VERSION}
+    container_name: mailarchive
+    restart: always
+    networks:
+      - traefik
+      - mailarchive
+    environment:
+      # Database Connection
+      - ConnectionStrings__DefaultConnection=Host=postgres;Database=MailArchiver;Username=${DB_USER};Password=${DB_PASSWORD};
+
+      # Authentication Settings
+      - Authentication__Enabled=${AUTH_ENABLE}
+      - Authentication__Username=${AUTH_USER}
+      - Authentication__Password=${AUTH_PASSWORD}
+      - Authentication__SessionTimeoutMinutes=${AUTH_SESSION_TIMEOUT_IN_MINUTES}
+      - Authentication__CookieName=MailArchiverAuth
+
+      # MailSync Settings
+      - MailSync__IntervalMinutes=${MAIL_SYNC_INTERVAL_IN_MINUTES}
+      - MailSync__TimeoutMinutes=${MAIL_SYNC_TIMEOUT_IN_MINUTES}
+      - MailSync__ConnectionTimeoutSeconds=${MAIL_CONNECTION_TIMEOUT_IN_SECONDS}
+      - MailSync__CommandTimeoutSeconds=${MAIL_COMMAND_TIMEOUT_IN_SECONDS}
+
+      # BatchRestore Settings
+      - BatchRestore__AsyncThreshold=50
+      - BatchRestore__MaxSyncEmails=150
+      - BatchRestore__MaxAsyncEmails=50000
+      - BatchRestore__SessionTimeoutMinutes=30
+      - BatchRestore__DefaultBatchSize=50
+
+      # BatchOperation Settings
+      - BatchOperation__BatchSize=50
+      - BatchOperation__PauseBetweenEmailsMs=50
+      - BatchOperation__PauseBetweenBatchesMs=250
+
+      # Npgsql Settings
+      - Npgsql__CommandTimeout=900
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.mailarchive.entrypoints=http"
+      - "traefik.http.routers.mailarchive.rule=Host(`${MAILARCHIVE_DOMAIN}`)"
+      - "traefik.http.middlewares.mailarchive-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.mailarchive.middlewares=mailarchive-https-redirect"
+      - "traefik.http.routers.mailarchive-secure.entrypoints=https"
+      - "traefik.http.routers.mailarchive-secure.rule=Host(`${MAILARCHIVE_DOMAIN}`)"
+      - "traefik.http.routers.mailarchive-secure.tls=true"
+      - "traefik.http.routers.mailarchive-secure.service=mailarchive"
+      - "traefik.http.services.mailarchive.loadbalancer.server.port=5000"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+
+  postgres:
+    image: postgres:${POSTGRES_VERSION}
+    container_name: mailarchive-db
+    restart: always
+    environment:
+      POSTGRES_DB: MailArchiver
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+    networks:
+      - mailarchive
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U mailuser -d MailArchiver"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+networks:
+  traefik:
+    external: true
+  postgres:
\ No newline at end of file
diff --git a/ansible/roles/deploy_container_mailarchive/vars/main.yml b/ansible/roles/deploy_container_mailarchive/vars/main.yml
new file mode 100644
index 0000000..944d7f2
--- /dev/null
+++ b/ansible/roles/deploy_container_mailarchive/vars/main.yml
@@ -0,0 +1 @@
+container_base_dir: /opt/docker/mailarchive

From 62ae1635fd9a829cf250da46fdbf5e5a6724aeaa Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 24 Aug 2025 10:00:55 +0200
Subject: [PATCH 3/5] Fix wrong network

---
 .../templates/docker-compose.yml.j2                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
index b970819..ea570d1 100644
--- a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
+++ b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2
@@ -77,4 +77,4 @@ services:
 networks:
   traefik:
     external: true
-  postgres:
\ No newline at end of file
+  mailarchive:
\ No newline at end of file

From d605c7f63ad518d2472bd8c7e2d7218941fb0455 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 24 Aug 2025 10:01:10 +0200
Subject: [PATCH 4/5] Add Comment

---
 ansible/roles/deploy_container_mailarchive/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/deploy_container_mailarchive/defaults/main.yml b/ansible/roles/deploy_container_mailarchive/defaults/main.yml
index 5f6a527..7ac9aa7 100644
--- a/ansible/roles/deploy_container_mailarchive/defaults/main.yml
+++ b/ansible/roles/deploy_container_mailarchive/defaults/main.yml
@@ -1,4 +1,4 @@
-container_mailarchive_version: latest
+container_mailarchive_version: latest # https://hub.docker.com/r/s1t5/mailarchiver/tags
 container_mailarchive_domain: mailarchive.example.com
 container_mailarchive_postgres_version: 17-alpine
 container_mailarchive_postgres_user: postgres_user

From 3a5df6a91143f93700e30557a2101831c46e0d89 Mon Sep 17 00:00:00 2001
From: Kevin Heyer <kevin.heyer@skull-it.de>
Date: Sun, 24 Aug 2025 10:01:20 +0200
Subject: [PATCH 5/5] Add Container Mailarchive

---
 ansible/playbooks/heyer.systems/docker1.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ansible/playbooks/heyer.systems/docker1.yml b/ansible/playbooks/heyer.systems/docker1.yml
index 4cd076e..ea9eccb 100644
--- a/ansible/playbooks/heyer.systems/docker1.yml
+++ b/ansible/playbooks/heyer.systems/docker1.yml
@@ -72,4 +72,9 @@
         - authelia
         - sso
         - auth
-        - docker-container
\ No newline at end of file
+        - docker-container
+
+    - role: deploy_container_mailarchive
+      tags:
+        - mailarchive
+        - docker-container