# Copy docker/example.env to .env and set MAIL_DOMAIN before starting.
#
# Security note: this container uses network_mode:host (chatmail needs many
# ports: 25, 53, 80, 143, 443, 465, 587, 993, 3340, 8443) and cgroup:host
# (required for systemd). Together these give the container near-host-level
# access. This is acceptable for a dedicated mail server, but be aware that
# the container can bind any port and see all host network traffic.
services:
  chatmail:
    build:
      context: ./
      dockerfile: docker/chatmail_relay.dockerfile
    image: chatmail-relay:latest
    restart: unless-stopped
    container_name: chatmail
    # Required for systemd — use only one of the following:
    cgroup: host          # compose v2 only
    # privileged: true    # compose v1 (not tested)
    tty: true # required for logs
    tmpfs: # required for systemd
      - /tmp
      - /run
      - /run/lock
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    environment:
      MAIL_DOMAIN: $MAIL_DOMAIN
      CMDEPLOY_STAGES: ${CMDEPLOY_STAGES:-}
      CHATMAIL_NOACME: ${CHATMAIL_NOACME:-}
    network_mode: "host"
    volumes:
      ## system
      - /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd

      ## data
      - ./data/chatmail:/home
      - ./data/chatmail-dkimkeys:/etc/dkimkeys
      - ./data/chatmail-acme:/var/lib/acme

      ## optional overrides
      # - ./chatmail.ini:/etc/chatmail/chatmail.ini   # use your own config
      # - ./custom/www:/opt/chatmail-www              # custom website

      ## debug
      # - ./docker/files/setup_chatmail_docker.sh:/setup_chatmail_docker.sh
      # - ./docker/files/entrypoint.sh:/entrypoint.sh