coaxial.mailcow
mailcow Role
This playbook sets up a mailcow email server and can create hourly backups using Borg (optional). Backups are stored in /var/backup and deleted once processed by Borg. It keeps the last 24 hourly backups, 7 daily backups, 4 weekly backups, 6 monthly backups, and 1 yearly backup.
Minimum Requirements for the mailcow Host:
- CPU: 1GHz
- RAM: 1GB
- Disk Space: 5GB
Recommended: 1.5GB RAM with swap if clamd is enabled. Plan extra storage for hourly backups and an optional swap file (equal to RAM size).
Prerequisites
- A running Ubuntu host (other Linux distros are not currently supported)
- Docker installed
- A Borg backup repository if you want backups (see Borg Quickstart)
- SSH keys and passphrase that match the Borg repository
Variables
| Name | Purpose | Default Value | Note |
|---|---|---|---|
mailcow__hostname |
Set MAILCOW_HOSTNAME in mailcow.conf |
Not set | Must be set |
mailcow__additional_san |
Set ADDITIONAL_SAN for extra domains |
Undefined, optional | Provide comma-separated values like lala.example.com,yay.example.org (do not include mailcow__hostname) |
mailcow__skip_known_hosts |
Use a custom known_hosts file for Borgmatic backups |
false |
Set to true or false |
mailcow__dbpass |
Set dbpass in mailcow.conf |
Not set | Must be set |
mailcow__dbroot |
Set dbroot in mailcow.conf |
Not set | Must be set |
mailcow__http_port |
Set HTTP_PORT in mailcow.conf |
80 |
|
mailcow__http_bind |
Set HTTP_BIND in mailcow.conf |
0.0.0.0 |
|
mailcow__https_port |
Set HTTPS_PORT in mailcow.conf |
443 |
|
mailcow__https_bind |
Set HTTPS_BIND in mailcow.conf |
0.0.0.0 |
|
mailcow__tz |
Set time zone in mailcow.conf |
UTC |
Possible values |
mailcow__skip_le |
Skip Let's Encrypt setup | n |
Set to y or n |
mailcow__skip_clamd |
Skip ClamAV setup | n |
Set to y or n |
mailcow__ssh_key_name |
Filename for SSH keys used with Borg | borg_ssh_key |
If your keys are named differently, set this accordingly |
mailcow__borg_repo_host |
Host of the Borg repository | Not set | Must be set (e.g., [email protected]) |
mailcow__borg_repo_name |
Name of the Borg repository | mailcow |
Example: myrepo from [email protected]:myrepo::backupname |
mailcow__ntp_servers |
Override default NTP servers for time syncing | 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org |
Must be space-separated hostnames/FQDNs/IPs |
mailcow__enable_swap |
Use a swap file (recommended for <3GB RAM) | true |
Creates a swap file at /swapfile with the same size as RAM |
mailcow__enable_backups |
Enable hourly backups to the Borg repository | true |
Set to true or false |
mailcow__git_version |
Checkout a specific version of mailcow | master |
Any commit, branch name, or tag from the mailcow Git repository |
Files
In the files/ directory:
| Name | Purpose | Note |
|---|---|---|
borg_ssh_key{,.pub} |
SSH keys for connecting to the Borg repository | Only used if backups are enabled (mailcow__enable_backups is true) |
passphrase |
Remote Borg repository passphrase | Only if backups are enabled |
known_hosts |
Custom known_hosts file for Borgmatic | Helps avoid unknown key errors (use mailcow__skip_known_hosts). To get the latest key for your server, run ssh-keyscan <server_ip>. Only used if backups are enabled |
Backups
If backups are enabled (mailcow__enable_backups is set to true), backups will be created every hour using the mailcow backup script.
The docker-borgmatic container will send backups to the specified Borg repository every hour at 30 minutes past the hour and clean up after the backup. For remote Borg repositories, rsync.net is a reliable choice.
Usage
Here's a minimal example of a playbook:
---
- hosts: all
become: true
gather_facts: false
vars:
mailcow__borg_repo_host: [email protected]
mailcow__hostname: test
mailcow__dbpass: test
mailcow__dbroot: test
rawpython__os_family: Debian
roles:
- coaxial.raw-python # Sets up Python on a bare Ubuntu/Debian
- coaxial.mailcow