mailcow

mailcow role

Build Status

This playbook will setup a mailcow email server and hourly borg backups (optional, see Variables to disable) Backups are saved to /var/backup and removed once handled by borg. The last 24 hourly, 7 daily, 4 weekly, 6 monthly and 1 yearly backups are kept.

Min config for the mailcow host is 1Ghz CPU, 1GB RAM, 5GB disk. Recommended is 1.5GB RAM + swap if clamd is enabled. Plan additional storage space for generating the hourly backup, and for the optional swap file (1x the RAM)

Prerequisites

Variables

name purpose default value note
mailcow__hostname set the MAILCOW_HOSTNAME in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) not set must be set
mailcow__additional_san set the ADDITIONAL_SAN in mailcow.conf to allow for extra domains (cf. https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#additional-domain-names) undefined, optional comma separated values: lala.example.com,yay.example.org (do not repeat the mailcow__hostname)
mailcow__skip_known_hosts whether to use a custom known_hosts file for the borgmatic backups false true or false, lets the borgmatic container connect to a remote borg repo without prompting about accepting the key
mailcow__dbpass set the dbpass in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) not set must be set
mailcow__dbroot set the dbroot in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) not set must be set
mailcow__http_port set the HTTP_PORT in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) 80
mailcow__http_bind set the HTTP_BIND in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) 0.0.0.0
mailcow__https_port set the HTTPS_PORT in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) 443
mailcow__https_bind set the HTTPS_BIND in mailcow.conf (cf. https://mailcow.github.io/mailcow-dockerized-docs/install/) 0.0.0.0
mailcow__tz set the TZ in mailcow.conf UTC list of possible values
mailcow__skip_le set the SKIP_LETS_ENCRYPT in mailcow.conf n y or n
mailcow__skip_clamd set the SKIP_CLAMD in mailcow.conf n y or n
mailcow__ssh_key_name filename for the ssh keys to use with borg (i.e. if the keys are named mykey_rsa and mykey_rsa.pub, this variable should be set to mykey_rsa) borg_ssh_key
mailcow__borg_repo_host indicate where the borg repo is hosted (i.e. the part before : in a borg repo URL) not set must be set (i.e. [email protected])
mailcow__borg_repo_name name for the borg repo, i.e. the part after : and before :: in a borg repo URL mailcow i.e. myrepo from [email protected]:myrepo::backupname
mailcow__ntp_servers override default ntp servers for synchronizing the time on the docker host. 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org must be a string of space separated hostnames/FQDNs/IPs
mailcow__enable_swap use a swap file (recomended for hosts with less than 3GB of RAM) true will create a swapfile at /swapfile that is the same size as the amoung of RAM on the host
mailcow__enable_backups enable hourly backups to a borg repository true set to true or false
mailcow__git_version checkout a specific version of mailcow master any commit, branch name, or tag from the mailcow git repo

Files

In the files/ directory:

name purpose note
borg_ssh_key{,.pub} ssh keys for connecting to the remote borg repo (set the mailcow__ssh_key_name if not using the default name). only used if mailcow__enable_backups is set to true
passphrase remote borg repo passphrase only if mailcow__enable_backups
known_hosts custom known_hosts file for the borgmatic container to avoid unknown key errors cf. mailcow__skip_known_hosts variable above. To get an up to date key for your server, run ssh-keyscan 93.184.216.34. Only used if mailcow__enable_backups is true

Backups

If mailcow__enable_backups is set, backups will be generated every hour on the hour using the mailcow backup script.

The docker-borgmatic container will send the backup to the specified borg repo every hour at 30 past and clean up the backup directory after it. For remote borg repos, rsync.net is pretty good.

Usage

Minimal playbook:

---
- hosts: all
  become: true
  gather_facts: false
  vars:
    mailcow__borg_repo_host: [email protected]
    mailcow__hostname: test
    mailcow__dbpass: test
    mailcow__dbroot: test
    rawpython__os_family: Debian

  roles:
    - coaxial.raw-python  # bootstrap python on bare Ubuntu/Debian
    - coaxial.mailcow
About

Mailcow in Docker containers + hourly backups with borg

Install
ansible-galaxy install coaxial/ansible-role-mailcow
GitHub repository
License
Unknown
Downloads
70
Owner