Role to deploy MailCow dockerized on a linux server.
This role follows the official installation instructions.
Tested:
- Debian 11
# latest
ansible-galaxy role install git+https://github.com/ansibleguy/sw_mailcow
# from galaxy
ansible-galaxy install ansibleguy.sw_mailcow
# or to custom role-path
ansible-galaxy install ansibleguy.sw_mailcow --roles-path ./roles
# install dependencies
ansible-galaxy install -r requirements.ymlSee: Prerequisites
-
Need professional support using Ansible or MailCow? Contact us:
E-Mail: [email protected]
Tel: +43 3115 40 900 0
Language: German or English
-
You want a simple Ansible GUI?
Check-out this Ansible WebUI
Define the config as needed:
mailcow:
fqdn: 'srv.template.ansibleguy.net'
# per example: 'srv.template.ansibleguy.net' must be a valid, public dns-hostname of the server
# if you don't have IPv6
ipv6: false
nginx: # configure the webserver settings => see: https://github.com/ansibleguy/infra_nginx
aliases: ['mail.template.ansibleguy.net'] # additional domains to add to the certificate
ssl:
mode: 'letsencrypt' # or selfsigned/ca/snakeoil
# if you use 'selfsigned' or 'ca':
# cert:
# cn: 'MailCow Server'
# org: 'AnsibleGuy'
# email: '[email protected]'
letsencrypt:
email: '[email protected]'
config: # add config overrides for 'mailcow.conf'
WEBAUTHN_ONLY_TRUSTED_VENDORS: 'y'
auto_update:
enable: true # enable auto-updates
backup:
retention_days: 60 # default = 14Bare minimum example:
mailcow:
fqdn: 'srv.template.ansibleguy.net'If you want to use the built-in (not ansible-managed) webserver:
mailcow:
fqdn: 'srv.template.ansibleguy.net'
# per example: 'srv.template.ansibleguy.net' must be a valid, public dns-hostname of the server
manage:
webserver: false
config:
HTTP_PORT: 80
HTTPS_PORT: 443
# if you want to use the built-in letsencrypt support
SKIP_LETS_ENCRYPT: 'n'
ACME_CONTACT: '[email protected]'
ADDITIONAL_SAN: 'smtp.template.ansibleguy.net,mail.*'Run the playbook:
ansible-playbook -K -D -i inventory/hosts.yml playbook.ymlThere are also some useful tags available:
- docker
- webserver
To debug errors - you can set the 'debug' variable at runtime:
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes-
Package installation
- Ansible dependencies (minimal)
-
Configuration
-
Service to start containers on boot: 'mailcow.service'
-
Default config:
- Directories:
- Base: '/var/lib/mailcow'
- Data: '/var/lib/docker/volumes' (cannot be changed by role)
- Backup: '/var/backups/mailcow'
- Directories:
-
Default opt-ins:
-
Docker => using THIS Role
- Dependencies
- Server
- Docker-compose
-
Nginx proxy on docker-host => using THIS Role
-
Features:
- SOGo Groupware
- Apache Solr
- ClamAV (virus scanner)
-
IPv6 enabled
-
Daily backup using the backup script
-
-
Default opt-outs:
- Auto update using the update script
-
-
Info: Consider using a Mail Gateway to gain Security!
Per example: Proxmox Mail Gateway
-
Info: Check out the troubleshooting information: Troubleshooting
-
Note: this role currently only supports debian-based systems
-
Note: Most of the role's functionality can be opted in or out.
For all available options - see the default-config located in the main defaults-file!
-
Warning: Not every setting/variable you provide will be checked for validity. Bad config might break the role!
-
Info: Default credentials:
User: admin
Password: moohoo
-
Info: For more detailed information - look into the nice documentation provided by MailCow!
-
Info: If the setup fails after creating the config - you need to remove the config file (/var/lib/mailcow/mailcow.conf) manually, so the role will know it isn't initialized already!
-
Warning: The automatic BACKUPS are placed on the same system and need to be copied to a REMOTE location to be SAFE!
-
Warning: Using NFTables on the MailCow host is NOT RECOMMENDED as IPTables rules are auto-managed by docker and the MailCow containers.
Containers may fail if the ruleset is not as expected.
You can disable the firewall check using the
ignore_firewall_check: truesetting.
