version: '2'

services:

  # This would normally not be here, but where you define your system services
  traefik:
    image: traefik:alpine
    command: --docker
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/data/traefik/acme.json:/acme.json"
      - "/data/traefik/traefik.toml:/traefik.toml"
      # This may be needed (plus defining mailu_default external: true) if traefik lives elsewhere
      # networks:
      # - mailu_default

  certdumper:
    restart: always
    image: mailu/traefik-certdumper:$VERSION
    environment:
    # Make sure this is the same as the main=-domain in traefik.toml
    # !!! Also don’t forget to add "TRAEFIK_DOMAIN=[...]" to your .env!
      - DOMAIN=$TRAEFIK_DOMAIN
      # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
      - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v1}
    volumes:
      - "/data/traefik:/traefik"
      - "$ROOT/certs:/output"

  front:
    image: mailu/nginx:$VERSION
    restart: always
    env_file: .env
    logging:
      driver: $LOG_DRIVER
    labels: # Traefik labels for simple reverse-proxying
      - "traefik.enable=true"
      - "traefik.port=80"
      - "traefik.frontend.rule=Host:$TRAEFIK_DOMAIN"
      - "traefik.docker.network=mailu_default"
    ports:
      - "$BIND_ADDRESS4:110:110"
      - "$BIND_ADDRESS4:143:143"
      - "$BIND_ADDRESS4:993:993"
      - "$BIND_ADDRESS4:995:995"
      - "$BIND_ADDRESS4:25:25"
      - "$BIND_ADDRESS4:465:465"
      - "$BIND_ADDRESS4:587:587"
      - "$BIND_ADDRESS6:110:110"
      - "$BIND_ADDRESS6:143:143"
      - "$BIND_ADDRESS6:993:993"
      - "$BIND_ADDRESS6:995:995"
      - "$BIND_ADDRESS6:25:25"
      - "$BIND_ADDRESS6:465:465"
      - "$BIND_ADDRESS6:587:587"
    volumes:
      - "$ROOT/overrides/nginx:/overrides"
      - /data/traefik/ssl/$TRAEFIK_DOMAIN.crt:/certs/cert.pem
      - /data/traefik/ssl/$TRAEFIK_DOMAIN.key:/certs/key.pem

  redis:
    image: redis:alpine
    restart: always
    volumes:
      - "$ROOT/redis:/data"

  imap:
    image: mailu/dovecot:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/mail:/mail"
      - "$ROOT/overrides:/overrides"
    depends_on:
      - front

  smtp:
    image: mailu/postfix:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/overrides:/overrides"
    depends_on:
      - front

  antispam:
    image: mailu/rspamd:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/filter:/var/lib/rspamd"
      - "$ROOT/dkim:/dkim"
      - "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
    depends_on:
      - front

  antivirus:
    image: mailu/$ANTIVIRUS:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/filter:/data"

  webdav:
    image: mailu/$WEBDAV:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/dav:/data"

  admin:
    image: mailu/admin:$VERSION
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/data:/data"
      - "$ROOT/dkim:/dkim"
    depends_on:
      - redis

  webmail:
    image: "mailu/$WEBMAIL:$VERSION"
    restart: always
    env_file: .env
    volumes:
      - "$ROOT/webmail:/data"
    depends_on:
      - imap

  fetchmail:
    image: mailu/fetchmail:$VERSION
    restart: always
    env_file: .env

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: $SUBNET