From 79b7ac882383913e342bcad804aca59789fef684 Mon Sep 17 00:00:00 2001 From: Alex Kondratiuk Date: Thu, 19 Feb 2026 09:17:04 +0200 Subject: [PATCH 1/2] qickfix for Debian12 and new version mailcow --- mailcow/init.sls | 179 ++++++++++++----------------------------- mailcow/pillar.example | 3 + 2 files changed, 54 insertions(+), 128 deletions(-) diff --git a/mailcow/init.sls b/mailcow/init.sls index b635aece..f2100a1a 100644 --- a/mailcow/init.sls +++ b/mailcow/init.sls @@ -199,58 +199,47 @@ mailcow_docker_compose_owerride: file.managed: - name: /opt/mailcow/{{ pillar["mailcow"]["mailcow_conf"]["MAILCOW_HOSTNAME"] }}/docker-compose.override.yml - contents: | - {%- if 'docker_logging' in pillar['mailcow'] %} + {%- if 'docker_logging' in pillar['mailcow'] or pillar['mailcow'].get('apparmor_unconfined', False) %} + x-main-config: &main-config + {%- if pillar['mailcow'].get('apparmor_unconfined', False) %} + security_opt: + - apparmor:unconfined + {%- endif %} + {%- if 'docker_logging' in pillar['mailcow'] %} + logging: + driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" + options: + {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} + {{ var_key }}: "{{ var_val }}" + {%- endfor %} + {%- endif %} services: + netfilter-mailcow: + <<: *main-config unbound-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config mysql-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config + {%- if pillar['mailcow'].get('postfix_tlspol_in_override', False) %} + postfix-tlspol-mailcow: + <<: *main-config + {%- endif %} + postfix-mailcow: + <<: *main-config + {%- if "haproxy" in pillar["mailcow"] %} + ports: + {#- "${SMTP_PORT_HAPROXY:-127.0.0.1:10025}:10025"#} + - "${SMTPS_PORT_HAPROXY:-127.0.0.1:10465}:10465" + - "${SUBMISSION_PORT_HAPROXY:-127.0.0.1:10587}:10587" + {%- endif %} redis-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - clamd-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - rspamd-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config php-fpm-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - sogo-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config + clamd-mailcow: + <<: *main-config dovecot-mailcow: + <<: *main-config {%- if "haproxy" in pillar["mailcow"] %} ports: - "${IMAP_PORT_HAPROXY:-127.0.0.1:10143}:10143" @@ -259,102 +248,35 @@ mailcow_docker_compose_owerride: - "${POPS_PORT_HAPROXY:-127.0.0.1:10995}:10995" - "${SIEVE_PORT_HAPROXY:-127.0.0.1:14190}:14190" {%- endif %} - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - postfix-mailcow: - {%- if "haproxy" in pillar["mailcow"] %} - ports: - {#- "${SMTP_PORT_HAPROXY:-127.0.0.1:10025}:10025"#} - - "${SMTPS_PORT_HAPROXY:-127.0.0.1:10465}:10465" - - "${SUBMISSION_PORT_HAPROXY:-127.0.0.1:10587}:10587" - {%- endif %} - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - memcached-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + rspamd-mailcow: + <<: *main-config + sogo-mailcow: + <<: *main-config nginx-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config acme-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} - netfilter-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config watchdog-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config + olefy-mailcow: + <<: *main-config dockerapi-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config + memcached-mailcow: + <<: *main-config {%- if pillar["mailcow"]["solr_enable"] | default(true) %} solr-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config {%- endif %} - olefy-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} ofelia-mailcow: - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} + <<: *main-config ipv6nat-mailcow: + <<: *main-config {%- if not pillar['mailcow']['enable_ipv6'] | default(true) %} image: bash:latest restart: "no" entrypoint: ["echo", "ipv6nat disabled in docker-compose.override.yml"] {%- endif %} - logging: - driver: "{{ pillar['mailcow']['docker_logging']['driver'] }}" - options: - {%- for var_key, var_val in pillar["mailcow"]["docker_logging"]["options"].items() %} - {{ var_key }}: "{{ var_val }}" - {%- endfor %} {%- elif "haproxy" in pillar["mailcow"] %} services: dovecot-mailcow: @@ -676,3 +598,4 @@ nginx_reload_cron: - hour: 6 {% endif %} {% endif %} + diff --git a/mailcow/pillar.example b/mailcow/pillar.example index 9343a160..6ea5eb46 100644 --- a/mailcow/pillar.example +++ b/mailcow/pillar.example @@ -4,6 +4,8 @@ mailcow: driver: "json-file" options: tag: "{% raw -%}{{.ImageName}}|{{.Name}}|tst{%- endraw %}" + apparmor_unconfined: true # adds security_opt: apparmor:unconfined to all containers (needed for Debian 12) + postfix_tlspol_in_override: true # include postfix-tlspol-mailcow container in docker-compose.override.yml (newer mailcow versions) acme_account: example.com # used only when SKIP_LETS_ENCRYPT=y enable_ipv6: true # DO NOT CHANGE THIS PARAMETER IF YOU ARE NOT SURE, because if you once disable ipv6 using this parameter, it will not work to turn it back on by setting the value to true solr_enable: false # This option is added for backward compatibility with older versions. In newer versions this option should be set to false @@ -56,3 +58,4 @@ mailcow: header_checks: 'regexp:/opt/postfix/conf/header_checks' header_checks: | /^Subject:/ WARN + From 1e63c9c021a807f2e472eaf0316047847bdba843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=9A=D0=BE?= =?UTF-8?q?=D0=BD=D0=B4=D1=80=D0=B0=D1=82=D1=8E=D0=BA?= Date: Thu, 19 Feb 2026 09:47:43 +0200 Subject: [PATCH 2/2] Update mailcow/pillar.example Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- mailcow/pillar.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailcow/pillar.example b/mailcow/pillar.example index 6ea5eb46..f569c0fb 100644 --- a/mailcow/pillar.example +++ b/mailcow/pillar.example @@ -4,7 +4,7 @@ mailcow: driver: "json-file" options: tag: "{% raw -%}{{.ImageName}}|{{.Name}}|tst{%- endraw %}" - apparmor_unconfined: true # adds security_opt: apparmor:unconfined to all containers (needed for Debian 12) + apparmor_unconfined: false # set to true only if you must add security_opt: apparmor:unconfined to all containers (e.g. as a Debian 12 workaround) postfix_tlspol_in_override: true # include postfix-tlspol-mailcow container in docker-compose.override.yml (newer mailcow versions) acme_account: example.com # used only when SKIP_LETS_ENCRYPT=y enable_ipv6: true # DO NOT CHANGE THIS PARAMETER IF YOU ARE NOT SURE, because if you once disable ipv6 using this parameter, it will not work to turn it back on by setting the value to true