7 files changed, 62 insertions, 60 deletions

diff --git a/services/config.template b/services/config.template
index 7ae39a7..fe44d66 100644
--- a/services/config.template
+++ b/services/config.template
@@ -1,15 +1,11 @@
 CRUPEST_SERVICES_DIR=services
 CRUPEST_DATA_DIR=data
 CRUPEST_ROOT_URL=https://@@CRUPEST_DOMAIN@@
-CRUPEST_MAIL_SERVER_DOMAIN=mail.@@CRUPEST_DOMAIN@@
 CRUPEST_DOCKER_DIR=@@CRUPEST_SERVICES_DIR@@/docker
-CRUPEST_SERVICES_STATE_DIR=@@CRUPEST_SERVICES_DIR@@/state
 CRUPEST_DATA_SECRET_DIR=@@CRUPEST_DATA_DIR@@/secret
 CRUPEST_DATA_CERTBOT_DIR=@@CRUPEST_DATA_DIR@@/certbot
 CRUPEST_DATA_GIT_DIR=@@CRUPEST_DATA_DIR@@/git
-CRUPEST_DATA_MAIL_SERVER_DIR=@@CRUPEST_DATA_DIR@@/mail-server
 CRUPEST_DATA_ROUNDCUBE_DIR=@@CRUPEST_DATA_DIR@@/roundcube
 CRUPEST_GENERATED_DIR=@@CRUPEST_SERVICES_DIR@@/generated
-CRUPEST_GENERATED_NGINX_DIR=@@CRUPEST_GENERATED_DIR@@/nginx
 CRUPEST_SSL_FULLCHAIN_FILE=@@CRUPEST_DATA_CERTBOT_DIR@@/certs/live/@@CRUPEST_DOMAIN@@/fullchain.pem
 CRUPEST_SSL_PRIVATE_KEY_FILE=@@CRUPEST_DATA_CERTBOT_DIR@@/certs/live/@@CRUPEST_DOMAIN@@/privkey.pem
diff --git a/services/docker/nginx/configs/templates/mail.conf.template b/services/docker/nginx/configs/templates/mail.conf.template
index c47630f..430033c 100644
--- a/services/docker/nginx/configs/templates/mail.conf.template
+++ b/services/docker/nginx/configs/templates/mail.conf.template
@@ -6,11 +6,6 @@ server {
         root /srv/mail;
     }
 
-    location = /${CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH} {
-        include common/proxy-common;
-        proxy_pass http://mail-server:2345/${CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH};
-    }
-
     location / {
         include common/proxy-common;
         proxy_pass http://roundcubemail:80/;
diff --git a/services/templates/docker-compose.yaml.template b/services/templates/docker-compose.yaml.template
index 14d8ed4..3410c97 100644
--- a/services/templates/docker-compose.yaml.template
+++ b/services/templates/docker-compose.yaml.template
@@ -15,7 +15,6 @@ services:
     env_file:
       - "./@@CRUPEST_GENERATED_DIR@@/envs/nginx.env"
       - "./@@CRUPEST_GENERATED_DIR@@/envs/v2ray-common.env"
-      - "./@@CRUPEST_GENERATED_DIR@@/envs/mail-server-common.env"
     volumes:
       - "./@@CRUPEST_DATA_CERTBOT_DIR@@/certs:/etc/letsencrypt"
       - "./@@CRUPEST_DATA_CERTBOT_DIR@@/data:/var/lib/letsencrypt"
@@ -26,37 +25,6 @@ services:
         ipv4_address: "172.21.5.2"
     restart: "on-failure:3"
 
-  mail-server:
-    pull_policy: build
-    build:
-      context: "./@@CRUPEST_DOCKER_DIR@@/mail-server"
-      additional_contexts:
-        - "deno=./deno"
-      dockerfile: Dockerfile
-      pull: true
-    container_name: mail-server
-    hostname: mail
-    domainname: "@@CRUPEST_DOMAIN@@"
-    env_file:
-      - "./@@CRUPEST_GENERATED_DIR@@/envs/mail-server-common.env"
-      - "./@@CRUPEST_GENERATED_DIR@@/envs/mail-server.env"
-    ports:
-      - "143:143" # IMAP4 (explicit TLS => STARTTLS)
-      - "993:993" # IMAP4 (implicit TLS)
-      - "587:587" # ESMTP (explicit TLS => STARTTLS)
-      - "465:465" # ESMTP (implicit TLS)
-      - "4190:4190" # manage sieve protocol
-    volumes:
-      - "./@@CRUPEST_DATA_MAIL_SERVER_DIR@@:/data"
-      - "./@@CRUPEST_SSL_FULLCHAIN_FILE@@:/etc/dovecot/ssl/tls.crt"
-      - "./@@CRUPEST_SSL_PRIVATE_KEY_FILE@@:/etc/dovecot/ssl/tls.key"
-      - "/etc/localtime:/etc/localtime:ro"
-    networks:
-      default:
-        ipv4_address: "172.21.5.3"
-    restart: "on-failure:3"
-    stop_grace_period: 1m
-
   git-server:
     pull_policy: build
     build:
@@ -70,7 +38,7 @@ services:
       - "./@@CRUPEST_DATA_GIT_DIR@@:/git"
     networks:
       default:
-        ipv4_address: "172.21.5.4"
+        ipv4_address: "172.21.5.3"
     restart: on-failure:3
 
   roundcubemail:
@@ -80,14 +48,14 @@ services:
     env_file:
       - "./@@CRUPEST_GENERATED_DIR@@/envs/roundcubemail.env"
     volumes:
-      - "./@@CRUPEST_DATA_SECRET_DIR@@/gnupg:/gnupg"
+      - "./@@CRUPEST_DATA_SECRET_DIR@@/gnupg:/var/roundcube/enigma"
       - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/www/html:/var/www/html"
       - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/db:/var/roundcube/db"
-      - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/config:/var/roundcube/config"
+      - "./@@CRUPEST_GENERATED_DIR@@/roundcube.inc.php:/var/roundcube/config"
       - "roundcubemail-temp:/tmp/roundcube-temp"
     networks:
       default:
-        ipv4_address: "172.21.5.5"
+        ipv4_address: "172.21.5.4"
     restart: on-failure:3
 
   v2ray:
@@ -102,7 +70,7 @@ services:
       - "./@@CRUPEST_GENERATED_DIR@@/envs/v2ray.env"
     networks:
       default:
-        ipv4_address: "172.21.5.6"
+        ipv4_address: "172.21.5.5"
     restart: "on-failure:3"
 
   auto-backup:
diff --git a/services/templates/envs/mail-server-common.env.template b/services/templates/envs/mail-server-common.env.template
deleted file mode 100644
index 0905af6..0000000
--- a/services/templates/envs/mail-server-common.env.template
+++ /dev/null
@@ -1 +0,0 @@
-CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH=@@CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH@@
diff --git a/services/templates/envs/mail-server.env.template b/services/templates/envs/mail-server.env.template
deleted file mode 100644
index 274037b..0000000
--- a/services/templates/envs/mail-server.env.template
+++ /dev/null
@@ -1,8 +0,0 @@
-CRUPEST_MAIL_SERVER_MAIL_DOMAIN=@@CRUPEST_DOMAIN@@
-CRUPEST_MAIL_SERVER_DATA_PATH=/data/crupest-relay/
-CRUPEST_MAIL_SERVER_INBOUND_FALLBACK=crupest@crupest.life
-CRUPEST_MAIL_SERVER_AWS_INBOUND_KEY=@@CRUPEST_MAIL_SERVER_AWS_INBOUND_KEY@@
-CRUPEST_MAIL_SERVER_AWS_REGION=@@CRUPEST_MAIL_SERVER_AWS_REGION@@
-CRUPEST_MAIL_SERVER_AWS_USER=@@CRUPEST_MAIL_SERVER_AWS_USER@@
-CRUPEST_MAIL_SERVER_AWS_PASSWORD=@@CRUPEST_MAIL_SERVER_AWS_PASSWORD@@
-CRUPEST_MAIL_SERVER_AWS_MAIL_BUCKET=@@CRUPEST_MAIL_SERVER_AWS_MAIL_BUCKET@@
diff --git a/services/templates/envs/roundcubemail.env.template b/services/templates/envs/roundcubemail.env.template
index 4297b82..f8a04ff 100644
--- a/services/templates/envs/roundcubemail.env.template
+++ b/services/templates/envs/roundcubemail.env.template
@@ -1,6 +1,2 @@
-ROUNDCUBEMAIL_DEFAULT_HOST=ssl://@@CRUPEST_MAIL_SERVER_DOMAIN@@
-ROUNDCUBEMAIL_DEFAULT_PORT=993
-ROUNDCUBEMAIL_SMTP_SERVER=ssl://@@CRUPEST_MAIL_SERVER_DOMAIN@@
-ROUNDCUBEMAIL_SMTP_PORT=465
 ROUNDCUBEMAIL_DB_TYPE=sqlite
-ROUNDCUBEMAIL_PLUGINS=archive,enigma,jqueryui,newmail_notifier,show_additional_headers,userinfo,zipdownload,managesieve
+ROUNDCUBEMAIL_PLUGINS=archive,enigma,jqueryui,newmail_notifier,show_additional_headers,userinfo,zipdownload
diff --git a/services/templates/roundcube.inc.php.template b/services/templates/roundcube.inc.php.template
new file mode 100644
index 0000000..70b0aff
--- /dev/null
+++ b/services/templates/roundcube.inc.php.template
@@ -0,0 +1,56 @@
+<?php
+
+// tell PHP that it should work as under secure connection
+// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
+// e.g. when you're running Roundcube behind a https proxy
+// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
+$config['use_https'] = true;
+
+// The IMAP host (and optionally port number) chosen to perform the log-in.
+// Leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// Enter hostname with prefix ssl:// to use Implicit TLS, or tls:// for STARTTLS.
+// If port number is omitted it will be set to 993 (for ssl://) or 143 otherwise.
+// Supported replacement variables:
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname, $_SERVER['HTTP_HOST'] without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %t = domain.tld
+// WARNING: After hostname change update of mail_host column in users table is
+//          required to match old user data records with the new host.
+$config['imap_host'] = 'ssl://outlook.office365.com:993';
+
+// SMTP server host (and optional port number) for sending mails.
+// Enter hostname with prefix ssl:// to use Implicit TLS, or tls:// for STARTTLS.
+// If port number is omitted it will be set to 465 (for ssl://) or 587 otherwise.
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname, $_SERVER['HTTP_HOST'] without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+// To specify different SMTP servers for different IMAP hosts provide an array
+// of IMAP host (no prefix or port) and SMTP server e.g. ['imap.example.com' => 'smtp.example.net']
+$config['smtp_host'] = 'tls://smtp-mail.outlook.com:587';
+
+// Register your OAuth client at https://portal.azure.com
+// - use https://<your-roundcube-url>/index.php/login/oauth as redirect URL
+// - grant permissions to Microsoft Graph API "IMAP.AccessAsUser.All", "SMTP.Send", "User.Read" and "offline_access"
+
+$config['oauth_provider'] = 'outlook';
+$config['oauth_provider_name'] = 'Outlook.com';
+$config['oauth_client_id'] = "@@CRUPEST_ROUNDCUBE_OAUTH_CLIENT_ID@@";
+$config['oauth_client_secret'] = "@@CRUPEST_ROUNDCUBE_OAUTH_CLIENT_SECRET@@";
+$config['oauth_auth_uri'] = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+$config['oauth_token_uri'] = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+$config['oauth_identity_uri'] = "https://graph.microsoft.com/v1.0/me";
+$config['oauth_identity_fields'] = ['email', 'userPrincipalName'];
+$config['oauth_scope'] = "https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send User.Read offline_access";
+$config['oauth_auth_parameters'] = ['nonce' => mt_rand()];
+
+// Logon username filter. Regular expression for use with preg_match().
+// Use special value 'email' if you accept only full email addresses as user logins.
+// Example: '/^[a-z0-9_@.-]+$/'
+$config['login_username_filter'] = '@@CRUPEST_EMAIL@@';