[Compose] Allow to disable IPv6

docker-compose.yml

@@ -10,6 +10,8 @@ services:
       volumes:
         - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           ipv4_address: ${IPV4_NETWORK}.254
@@ -30,6 +32,8 @@ services:
       restart: always
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           aliases:
@@ -44,6 +48,8 @@ services:
         - TZ=${TZ}
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           ipv4_address: ${IPV4_NETWORK}.249
@@ -61,6 +67,8 @@ services:
         - ./data/conf/clamav/:/etc/clamav/
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           aliases:
@@ -82,6 +90,8 @@ services:
         - dkim-vol-1:/data/dkim
         - rspamd-vol-1:/var/lib/rspamd
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       hostname: rspamd
@@ -121,6 +131,8 @@ services:
         - SMTPS_PORT=${SMTPS_PORT:-465}
         - SMTP_PORT=${SMTP_PORT:-25}
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -141,6 +153,8 @@ services:
       volumes:
         - ./data/conf/sogo/:/etc/sogo/
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -180,6 +194,8 @@ services:
           hard: 40000
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
       networks:
         mailcow-network:
@@ -209,6 +225,8 @@ services:
       restart: always
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
       networks:
         mailcow-network:
@@ -218,6 +236,8 @@ services:
     memcached-mailcow:
       image: memcached:alpine
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -253,6 +273,8 @@ services:
         - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
         - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -266,6 +288,8 @@ services:
         - mysql-mailcow
       image: mailcow/acme:1.28
       build: ./data/Dockerfiles/acme
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       environment:
@@ -304,6 +328,8 @@ services:
         - IPV4_NETWORK=${IPV4_NETWORK}
         - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
       network_mode: "host"
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       volumes:
@@ -314,6 +340,8 @@ services:
       # Debug
       #command: /watchdog.sh
       build: ./data/Dockerfiles/watchdog
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       volumes:
         - vmail-vol-1:/vmail:ro
       restart: always
@@ -335,6 +363,8 @@ services:
       image: mailcow/dockerapi:1.7
       restart: always
       build: ./data/Dockerfiles/dockerapi
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       oom_score_adj: -10
       environment:
         - TZ=${TZ}

generate_config.sh

@@ -108,6 +108,11 @@ IPV4_NETWORK=172.22.1
 # Internal IPv6 subnet in fc00::/7
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
+# Disable IPv6
+# mailcow-network will still be created as IPv6 enabled, all containers will be created
+# without IPv6 support.
+# Use 1 for disabled, 0 for enabled
+SYSCTL_IPV6_DISABLED=0
 
 EOF
 

update.sh

@@ -46,6 +46,7 @@ CONFIG_ARRAY=(
   "IPV6_NETWORK"
   "LOG_LINES"
   "SNAT_TO_SOURCE"
+  "SYSCTL_IPV6_DISABLED"
 )
 
 sed -i '$a\' mailcow.conf
@@ -55,6 +56,15 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "${option}=" >> mailcow.conf
     fi
+  if [[ ${option} == "SYSCTL_IPV6_DISABLED" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo "# Disable IPv6" >> mailcow.conf
+      echo "# mailcow-network will still be created as IPv6 enabled, all containers will be created" >> mailcow.conf
+      echo "# without IPv6 support." >> mailcow.conf
+      echo "# Use 1 for disabled, 0 for enabled" >> mailcow.conf
+      echo "SYSCTL_IPV6_DISABLED=0" >> mailcow.conf
+    fi
   elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"