version: '3.3'
networks:
default:
driver: overlay
ipam:
driver: default
config:
- subnet: 10.1.0.0/24
services:
mailman-core:
image: sphericalcowgroup/mailman-core:0.2.1
volumes:
- /srv/docker/mailman/core:/opt/mailman/
environment:
- MAILMAN_DATABASE_URL_FILE=/run/secrets/mailman_database_url
- MAILMAN_DATABASE_TYPE=postgres
- MAILMAN_DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
- HYPERKITTY_API_KEY_FILE=/run/secrets/hyperkitty_api_key
- MAILMAN_REST_USER=restadmin
- MAILMAN_REST_PASSWORD_FILE=/run/secrets/mailman_rest_password
- SMTP_HOST=postfix
- SMTP_PORT=25
stop_grace_period: 30s
networks:
- default
secrets:
- hyperkitty_api_key
- mailman_database_url
- mailman_rest_password
deploy:
endpoint_mode: dnsrr
mailman-web:
image: sphericalcowgroup/mailman-web:0.2.1
volumes:
- /srv/docker/mailman/web:/opt/mailman-web-data
- /srv/docker/mailman/settings.py:/opt/mailman-web/settings.py
environment:
- MAILMAN_DATABASE_URL_FILE=/run/secrets/mailman_database_url
- MAILMAN_DATABASE_TYPE=postgres
- HYPERKITTY_API_KEY_FILE=/run/secrets/hyperkitty_api_key
- SERVE_FROM_DOMAIN=
- MAILMAN_ADMIN_USER=
- MAILMAN_ADMIN_EMAIL=
- MAILMAN_WEB_SECRET_KEY_FILE=/run/secrets/mailman_web_secret_key
- MAILMAN_REST_USER=restadmin
- MAILMAN_REST_PASSWORD_FILE=/run/secrets/mailman_rest_password
- SMTP_HOST=postfix
- SMTP_PORT=25
networks:
- default
secrets:
- hyperkitty_api_key
- mailman_database_url
- mailman_rest_password
- mailman_web_secret_key
deploy:
endpoint_mode: dnsrr
database:
image: postgres:9.6
volumes:
- /srv/docker/mailman/database:/var/lib/postgresql/data
environment:
- POSTGRES_DB=mailmandb
- POSTGRES_USER=mailman
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
networks:
- default
secrets:
- postgres_password
deploy:
endpoint_mode: dnsrr
postfix:
image: sphericalcowgroup/mailman-postfix:2
volumes:
- /srv/docker/mailman:/opt/mailman
environment:
- POSTFIX_MYHOSTNAME=
- POSTFIX_MYNETWORKS=!10.255.0.0/16 10.1.0.0/24
ports:
- target: 25
published: 25
# 'host' mode is necessary for Postfix to receive the connection IP address
# instead of the ingress network IP address. This is only a useful workaround
# when not truly leveraging the load balancing capabilities of swarm mode.
# Normally with more than a single mode swarm the upstream load balancer in
# front of the swarm would be used for the definitive access log.
# See discussion at https://github.com/moby/moby/issues/25526 .
mode: host
networks:
- default
deploy:
endpoint_mode: dnsrr
apache:
image: sphericalcowgroup/mailman-core-apache-shib:1
volumes:
- /srv/docker/mailman/web:/opt/mailman-web-data
- /srv/docker/mailman/shib/etc/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml
- /srv/docker/mailman/shib/etc/attribute-map.xml:/etc/shibboleth/attribute-map.xml
environment:
- HTTPS_CERT_FILE=/run/secrets/https_cert_file
- HTTPS_KEY_FILE=/run/secrets/https_key_file
- MAILMAN_ADMIN_EMAIL=
- SHIBBOLETH_SP_ENCRYPT_CERT=/run/secrets/shibboleth_sp_encrypt_cert
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shibboleth_sp_encrypt_privkey
- VIRTUAL_HOST_FQDN=
secrets:
- https_cert_file
- https_key_file
- shibboleth_sp_encrypt_cert
- shibboleth_sp_encrypt_privkey
networks:
- default
ports:
- target: 443
published: 443
protocol: tcp
# 'host' mode is necessary for nginx to receive the browser IP address
# instead of the ingress network IP address. This is only a useful workaround
# when not truly leveraging the load balancing capabilities of swarm mode.
# Normally with more than a single mode swarm the upstream load balancer in
# front of the swarm would be used for the definitive access log.
# See discussion at https://github.com/moby/moby/issues/25526 .
mode: host
- target: 80
published: 80
protocol: tcp
mode: host
deploy:
replicas: 1
endpoint_mode: dnsrr
secrets:
https_cert_file:
external: true
https_key_file:
external: true
hyperkitty_api_key:
external: true
mailman_database_url:
external: true
mailman_rest_password:
external: true
mailman_web_secret_key:
external: true
postgres_password:
external: true
shibboleth_sp_encrypt_cert:
external: true
shibboleth_sp_encrypt_privkey:
external: true