version: '3.8'

services:
  # Database
  db:
    image: mariadb:10.6
    container_name: mailserver_db
    restart: always
    ports:
      - "3806:3306"
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_PASS}
      MYSQL_DATABASE: ${DB_NAME}
      MYSQL_USER: ${DB_USER}
      MYSQL_PASSWORD: ${DB_PASS}
    volumes:
      - maildb_data:/var/lib/mysql
      - ./sql/init:/docker-entrypoint-initdb.d
    networks:
      - mail_network
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${DB_USER}", "-p${DB_PASS}"]
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 30s

  # Postfix/Dovecot mail server
  mailserver:
    image: mailserver/docker-mailserver:latest
    container_name: mailserver_postfix
    hostname: mail.2weekmail.fyi
    domainname: 2weekmail.fyi
    restart: always
    ports:
      - "25:25"    # SMTP
      - "143:143"  # IMAP
      - "465:465"  # SMTPS
      - "587:587"  # Submission
      - "993:993"  # IMAPS
    volumes:
      - mailserver_data:/var/mail
      - ./config/mailserver:/tmp/docker-mailserver
      - /etc/localtime:/etc/localtime:ro
      - ./certs:/tmp/docker-mailserver/certs
      - /etc/letsencrypt:/etc/letsencrypt
    environment:
      - ENABLE_SPAMASSASSIN=0
      - ENABLE_CLAMAV=0
      - ENABLE_POSTGREY=1
      - POSTMASTER_ADDRESS=admin@2weekmail.fyi
      - POSTFIX_MYSQL_HOST=db
      - POSTFIX_MYSQL_USER=${DB_USER}
      - POSTFIX_MYSQL_PASSWORD=${DB_PASS}
      - POSTFIX_MYSQL_DATABASE=${DB_NAME}
      - DOVECOT_MYSQL_HOST=db
      - DOVECOT_MYSQL_USER=${DB_USER}
      - DOVECOT_MYSQL_PASSWORD=${DB_PASS}
      - DOVECOT_MYSQL_DATABASE=${DB_NAME}
      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
      - POSTFIX_DAGENT=lmtp:unix:/var/run/dovecot/lmtp
      - SSL_TYPE=letsencrypt
      - SSL_CERT_PATH=/tmp/docker-mailserver/certs/2weekmail.test-cert.pem
      - SSL_KEY_PATH=/tmp/docker-mailserver/certs/2weekmail.test-key.pem
      - TZ=UTC
    networks:
      - mail_network
    depends_on:
      db:
        condition: service_healthy

  # PostfixAdmin
  postfixadmin:
    image: postfixadmin:latest
    container_name: mailserver_postfixadmin
    restart: always
    ports:
      - "8080:80"
    environment:
      - POSTFIXADMIN_DB_TYPE=mysqli
      - POSTFIXADMIN_DB_HOST=db
      - POSTFIXADMIN_DB_USER=${DB_USER}
      - POSTFIXADMIN_DB_PASSWORD=${DB_PASS}
      - POSTFIXADMIN_DB_NAME=${DB_NAME}
      - POSTFIXADMIN_SMTP_SERVER=mailserver
      - POSTFIXADMIN_SMTP_PORT=25
      - POSTFIXADMIN_CONFIGURED=true
    volumes:
      - postfixadmin_data:/var/www/html/templates_c
      - ./config/postfixadmin:/var/www/html
      - ./logs/postfixadmin:/var/log/apache2
    networks:
      - mail_network
    depends_on:
      db:
        condition: service_healthy
      mailserver:
        condition: service_started

  # Roundcube webmail
  roundcube:
    image: roundcube/roundcubemail:latest
    container_name: mailserver_roundcube
    restart: always
    ports:
      - "8081:80"
    environment:
      - ROUNDCUBEMAIL_DB_TYPE=mysql
      - ROUNDCUBEMAIL_DB_HOST=db
      - ROUNDCUBEMAIL_DB_USER=${DB_USER}
      - ROUNDCUBEMAIL_DB_PASSWORD=${DB_PASS}
      - ROUNDCUBEMAIL_DB_NAME=${DB_NAME}
      - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mailserver
      - ROUNDCUBEMAIL_DEFAULT_PORT=993
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://mailserver
      - ROUNDCUBEMAIL_SMTP_PORT=587
    volumes:
      - roundcube_data:/var/www/html
      - ./logs/roundcube:/var/www/html/logs
    networks:
      - mail_network
    depends_on:
      db:
        condition: service_healthy
      mailserver:
        condition: service_started

  # OpenDKIM for DKIM signing
  opendkim:
    image: instrumentisto/opendkim:latest
    container_name: mailserver_opendkim
    restart: always
    volumes:
      - opendkim_data:/etc/opendkim
    networks:
      - mail_network
    depends_on:
      - mailserver
    entrypoint: ["/usr/sbin/opendkim"]
    command: ["-f", "-x", "/etc/opendkim/opendkim.conf"]
    environment:
      - SOCKET=inet:8891@0.0.0.0

  # API service
  api:
    build:
      context: ./api
      dockerfile: Dockerfile
    container_name: mailserver_api
    restart: always
    ports:
      - 3000:3000
      - 3700:3700
    volumes:
      - ./api:/app
      - /app/node_modules
      - opendkim_data:/etc/opendkim
    environment:
      - PORT=${PORT}
      - WEB_PORT=${WEB_PORT}
      - IP=${IP}
      - ROOT_PATH=/app
      - NODE_ENV=${NODE_ENV}
      - DB_HOST=db
      - DB_USER=${DB_USER}
      - DB_PASS=${DB_PASS}
      - DB_NAME=${DB_NAME}
      - JWT_SECRET=${JWT_SECRET}
      - SMTP_HOST=mailserver
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SECURE=${SMTP_SECURE}
      - SMTP_USER=${SMTP_USER}
      - SMTP_PASS=${SMTP_PASS}
      - CF_API_TOKEN=${CF_API_TOKEN}
      - CF_EMAIL=${CF_EMAIL}
      - SERVER_IP=${SERVER_IP}
    networks:
      - mail_network
    depends_on:
      db:
        condition: service_healthy
    command: sh -c "npx knex migrate:latest && npm start"

  # CloudFlare DNS Exporter
  cloudflare-exporter:
    build:
      context: ./api
      dockerfile: Dockerfile
    container_name: mailserver_cloudflare_exporter
    restart: "no"
    volumes:
      - ./api:/app
      - /app/node_modules
    environment:
      - ROOT_PATH=/app
      - NODE_ENV=${NODE_ENV}
      - DB_HOST=db
      - DB_USER=${DB_USER}
      - DB_PASS=${DB_PASS}
      - DB_NAME=${DB_NAME}
      - CF_API_TOKEN=${CF_API_TOKEN}
      - CF_EMAIL=${CF_EMAIL}
      - SERVER_IP=${SERVER_IP}
    networks:
      - mail_network
    depends_on:
      db:
        condition: service_healthy
      mailserver:
        condition: service_started
      opendkim:
        condition: service_started
      api:
        condition: service_started
    command: sh -c "node /app/scripts/export_2_cloudflare.js"

networks:
  mail_network:
    driver: bridge

volumes:
  maildb_data:
  mailserver_data:
  mailserver_config:
  postfixadmin_data:
  roundcube_data:
  opendkim_data: