-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1_main.yml
87 lines (72 loc) · 2.65 KB
/
1_main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
---
no_prompts: false
debug: false
# default config => is overwritten by provided config
defaults_mailcow:
manage:
docker: true # if set to false => you will have to configure docker manually BEFORE running this role
webserver: true # if nginx on docker-host should be installed
path: '/var/lib/mailcow'
fqdn:
ipv6: true
ipv6_after_install: false # to run ipv6-disabling tasks after installation is already done
service_prefix: ''
ignore_firewall_check: false
nginx:
port_plain: 80
port_ssl: 443
ssl:
mode: 'snakeoil' # snakeoil/existing/selfsigned/ca/letsencrypt
cert:
name:
cn: 'MailCow Certificate'
org: 'AnsibleGuy'
proxy:
proto: 'https' # targeting 8443 of mailcow's container
config:
# switches for main functionality
SKIP_CLAMD: 'no'
SKIP_SOGO: 'no'
SKIP_SOLR: 'no'
# basic config
HTTP_PORT: 8080
HTTPS_PORT: 8443
ENABLE_SSL_SNI: 'no' # see: https://wiki.dovecot.org/SSL/SNIClientSupport
USE_WATCHDOG: 'y' # restart unhealthy containers
TZ: # will use controller-timezone as fallback
IPV4_NETWORK:
IPV6_NETWORK:
# letsencrypt
SKIP_LETS_ENCRYPT: # 'y/n'
ACME_CONTACT: # mail address
ADDITIONAL_SAN: # comma separated string
# usage of wildcards will be resolved by mailcow (smtp.* = smtp.domain.tld for every domain..)
# api
API_KEY:
API_KEY_READ_ONLY: # 'y/n'
API_ALLOW_FROM: # comma separated string of ips
# web apps
SOGO_EXPIRE_SESSION: 480
WEBAUTHN_ONLY_TRUSTED_VENDORS: 'n' # certs at '$PATH_REPO/mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates'
# notifications
WATCHDOG_NOTIFY_EMAIL: # comma separated string
WATCHDOG_NOTIFY_BAN: 'n'
WATCHDOG_SUBJECT: 'MailCow ALERT'
WATCHDOG_EXTERNAL_CHECKS: 'n'
# logging
WATCHDOG_VERBOSE: 'n'
LOG_LINES: 9999 # redis log lines per service
auto_update: # service running timed update: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_update/
enable: false # don't use if you made changes to the code
check: true # only run in check-mode => output will be logged to syslog
args: ['--force', '--theirs', '--skip-ping-check'] # arguments passed to the update script
# force will prevent interactive prompts
timer: 'Sun *-*-* 00:00:00'
backup:
enable: true
path: '/var/backups/mailcow'
components: 'all' # space separated string
retention_days: 14
timer: '*-*-* 23:00:00'
# todo: unbound dns forwarding: https://docs.mailcow.email/manual-guides/Unbound/u_e-unbound-fwd/
# note: Many - if not all - blacklist lookups will fail with public resolvers