qickfix for Debian12 and new version mailcow

[djooberlee]

This pull request refactors the way Docker Compose overrides are generated for Mailcow, making the configuration more maintainable and flexible. The main improvement is the introduction of a shared YAML anchor for common container options, which reduces duplication and makes it easier to apply settings like logging and security options across all relevant containers. Additionally, new configuration options are introduced to support recent Mailcow features and compatibility with newer operating systems.

Key changes:

Refactoring and simplification of Docker Compose override generation:

• Introduced a main-config YAML anchor in mailcow/init.sls to consolidate common container options (such as logging and security settings) and applied it to all relevant services using the YAML merge (<<: *main-config). This significantly reduces code duplication and improves maintainability. [1] [2]

New configuration options for improved compatibility and features:

• Added apparmor_unconfined and postfix_tlspol_in_override options in mailcow/pillar.example to allow enabling AppArmor unconfined mode (needed for Debian 12) and to include the postfix-tlspol-mailcow container in the override file for newer Mailcow versions.

Minor updates:

• Added a blank line at the end of the header_checks example for consistency.
• Added a blank line at the end of the cron job definition for formatting.

[Copilot]

Pull request overview

This pull request refactors the Docker Compose override file generation for Mailcow to improve maintainability and add support for Debian 12 and newer Mailcow versions. The refactoring introduces a YAML anchor pattern to consolidate common container configurations (logging and security options), significantly reducing code duplication from ~160 lines to ~80 lines while maintaining the same functionality.

Changes:

• Introduced a YAML anchor (x-main-config) to consolidate common Docker container settings (logging driver configuration and AppArmor security options) and applied it to all 18+ Mailcow service containers using YAML merge keys
• Added two new configuration options: apparmor_unconfined for Debian 12 compatibility and postfix_tlspol_in_override for newer Mailcow versions that include the postfix-tlspol service
• Minor formatting improvements: added blank lines at the end of configuration files

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
mailcow/pillar.example	Added two new configuration options with inline documentation and formatting improvement
mailcow/init.sls	Refactored docker-compose.override.yml template generation using YAML anchors, added conditional postfix-tlspol service support, and formatting improvement

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The ipv6nat-mailcow override uses the generic bash:latest image, which is an unpinned third-party image that can change over time. If that image or its registry namespace is compromised, arbitrary code would run with the same privileges, networks and volumes granted to this service when IPv6 is disabled. Prefer using a vetted image specific to this purpose and pinning it to a trusted digest or version tag instead of latest.

[djooberlee]

@copilot open a new pull request to apply changes based on this feedback