dbe7b1b6b2
Add /etc/localtime:/etc/localtime:ro volume mount to: - alertmanager, authelia, traefik - exporters (node-exporter, cadvisor) - fail2ban, lldap, postfix - forgejo, forgejo_runner - grafana, loki, prometheus - watchtower, app_core (postgres, redis) Ensures container logs use host timezone for consistent timestamps.
36 lines
1.3 KiB
Django/Jinja
36 lines
1.3 KiB
Django/Jinja
services:
|
|
postfix:
|
|
image: boky/postfix:latest
|
|
environment:
|
|
{% if postfix_relayhost | length > 0 %}
|
|
RELAYHOST: "[{{ postfix_relayhost }}]:{{ postfix_relayhost_port | default('587') }}"
|
|
{% if postfix_relayhost_username | length > 0 %}
|
|
RELAYHOST_USERNAME: "{{ postfix_relayhost_username }}"
|
|
RELAYHOST_PASSWORD: "{{ postfix_relayhost_password }}"
|
|
{% endif %}
|
|
{% endif %}
|
|
POSTFIX_smtp_tls_security_level: "{{ postfix_smtp_tls_security_level }}"
|
|
POSTFIX_smtpd_tls_security_level: may
|
|
POSTFIX_smtpd_tls_cert_file: /etc/ssl/tls.crt
|
|
POSTFIX_smtpd_tls_key_file: /etc/ssl/tls.key
|
|
POSTFIX_smtpd_tls_loglevel: 1
|
|
POSTFIX_relay_domains: "*"
|
|
POSTFIX_smtpd_relay_restrictions: "permit_mynetworks,reject"
|
|
POSTFIX_smtpd_recipient_restrictions: "permit_mynetworks,reject_unauth_destination"
|
|
ALLOWED_SENDER_DOMAINS: "{{ postfix_allowed_sender_domains }},services"
|
|
ALLOW_EMPTY_SENDER_DOMAINS: "{{ postfix_allow_empty_sender_domains | ternary('true', 'false') }}"
|
|
POSTFIX_mynetworks: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
|
volumes:
|
|
- /opt/postfix/ssl:/etc/ssl:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "25:25"
|
|
networks:
|
|
- proxy
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|