vars: Comment all unknown variables that are not configured in ansible

felinira · felinira · commit 5402938f2ac7 · 2025-06-18T18:16:59.000+02:00
Closes #39
diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ This role will use by default the `inventory_hostname` as mailcow hostname, this
 |  `mailcow__docker_compose_project_name`   |        sets the docker-compose projectname to a user-defined string         |                 `mailcowdockerized`                 |                                                               |
 |             `mailcow__theme`              |             set the default mailcow theme in vars.local.inc.php             |                       `lumen`                       |                                                               |
 |             `mailcow__config`             |                       set mailcow.conf overrides                            |                                                     |               see [Mailcow.conf](#mailcowconf)                |
+|          `mailcow__config_keep`           | These values are kept in mailcow.conf even if they are not specified in ansible | [DBNAME, DBUSER, DBPASS, DBROOT, REDISPASS, IPV4_NETWORK, IPV6_NETWORK]     |               see [Mailcow.conf](#mailcowconf)                |
 |        `mailcow__install_updates`         | if `yes` the mailcow ansible role will also update an existing installation |                        `yes`                        |                                                               |
 |      `mailcow__rspamd_clamd_servers`      |                 configures the clamd server used by rspamd                  |                    `clamd:3310`                     |                                                               |
 |     `mailcow__rspamd_clamd_patterns`      |    configures custom clamd rspamd patterns inside rspamd antivirus.conf     |                                                     |             needs to be a list  of name and regex             |
@@ -44,38 +45,64 @@ To set mailcow.conf variables use the `mailcow__config` variable. These variable
 Variables that are not specified will use these defaults:
 
 ```yaml
-MAILCOW_HOSTNAME: "{{ mailcow__hostname }}"
-TZ: "{{ mailcow__timezone }}"
-HTTP_PORT: "80"
-HTTP_BIND: ""
-HTTPS_PORT: "443"
-HTTPS_BIND: ""
 ACL_ANYONE: "disallow"
-MAILDIR_GC_TIME: "1440"
+ACME_CONTACT: ""
 ADDITIONAL_SAN: ""
 ADDITIONAL_SERVER_NAMES: ""
-SKIP_LETS_ENCRYPT: "n"
+ALLOW_ADMIN_EMAIL_LOGIN: "n"
+AUTODISCOVER_SAN: "y"
+COMPOSE_PROJECT_NAME: "{{ mailcow__docker_compose_project_name }}"
+DISABLE_NETFILTER_ISOLATION_RULE: "n"
+DOCKER_COMPOSE_VERSION: "native"
+DOVEADM_PORT: "127.0.0.1:19991"
+DOVECOT_MASTER_PASS: ""
+DOVECOT_MASTER_USER: ""
 ENABLE_SSL_SNI: "n"
-SKIP_IP_CHECK: "n"
-SKIP_HTTP_VERIFICATION: "n"
+FTS_HEAP: "128"
+FTS_PROCS: "1"
+HTTP_BIND: ""
+HTTP_PORT: "80"
+HTTP_REDIRECT: "n"
+HTTPS_BIND: ""
+HTTPS_PORT: "443"
+IMAP_PORT: "143"
+IMAPS_PORT: "993"
+LOG_LINES: "9999"
+MAILCOW_HOSTNAME: "{{ mailcow__hostname }}"
+MAILCOW_PASS_SCHEME: "BLF-CRYPT"
+MAILDIR_GC_TIME: "1440"
+MAILDIR_SUB: "Maildir"
+POP_PORT: "110"
+POPS_PORT: "995"
+REDIS_PORT: "127.0.0.1:7654"
+SIEVE_PORT: "4190"
 SKIP_CLAMD: "n"
+SKIP_FTS: "n"
+SKIP_HTTP_VERIFICATION: "n"
+SKIP_IP_CHECK: "n"
+SKIP_LETS_ENCRYPT: "n"
+SKIP_OLEFY: "n"
 SKIP_SOGO: "n"
-ALLOW_ADMIN_EMAIL_LOGIN: "n"
+SKIP_UNBOUND_HEALTHCHECK: "n"
+SMTP_PORT: "25"
+SMTPS_PORT: "465"
+SOGO_EXPIRE_SESSION: "480"
+SPAMHAUS_DQS_KEY: ""
+SQL_PORT: "127.0.0.1:13306"
+SUBMISSION_PORT: "587"
+TZ: "{{ mailcow__timezone }}"
 USE_WATCHDOG: "n"
-WATCHDOG_NOTIFY_EMAIL: ""
+WATCHDOG_EXTERNAL_CHECKS: "n"
 WATCHDOG_NOTIFY_BAN: "y"
+WATCHDOG_NOTIFY_EMAIL: ""
+WATCHDOG_NOTIFY_START: "y"
 WATCHDOG_SUBJECT: ""
-WATCHDOG_EXTERNAL_CHECKS: "n"
-LOG_LINES: "9999"
-SOGO_EXPIRE_SESSION: "480"
-COMPOSE_PROJECT_NAME: "mailcowdockerized"
-ACME_CONTACT: ""
-FTS_HEAP: "128"
-FTS_PROCS: "1"
-SKIP_FTS: "n"
-HTTP_REDIRECT: "n"
+WATCHDOG_VERBOSE: "n"
+WEBAUTHN_ONLY_TRUSTED_VENDORS: "n"
 ```
 
+Any other variables that are not in `mailcow__config_keep` either will be commented out.
+
 Example:
 
 ```yaml
diff --git a/defaults/main/mailcow.yml b/defaults/main/mailcow.yml
@@ -7,6 +7,16 @@
 
 mailcow__config: {}
 
+# These values are kept in mailcow.conf even if they are not specified in ansible
+mailcow__config_keep:
+  - DBNAME
+  - DBUSER
+  - DBPASS
+  - DBROOT
+  - REDISPASS
+  - IPV4_NETWORK
+  - IPV6_NETWORK
+
 # -------------
 # Mailcow.conf legacy configuration & default values
 # -------------
diff --git a/tasks/mailcowconf.yml b/tasks/mailcowconf.yml
@@ -29,3 +29,12 @@
     replace: "{{ item.key }}={{ item.value }}"
   notify: Recreate mailcow
   loop: "{{ mailcow__config_real | dict2items }}"
+
+- name: Comment all values from mailcow.conf that are not configured in ansible
+  become: true
+  when: mailcow__config != {}
+  replace:
+    path: "{{ mailcow__install_path }}/mailcow.conf"
+    regexp: "(^(?!({{ ((mailcow__config_real | list) + mailcow__config_keep) | join('|') }}))[A-Za-z0-9_]+=.*$)"
+    replace: "#\\1"
+  notify: Recreate mailcow
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -26,8 +26,8 @@
     umask 0022
     ./generate_config.sh
   environment:
-    MAILCOW_HOSTNAME: "{{ mailcow__hostname }}"
-    MAILCOW_TZ: "{{ mailcow__timezone }}"
+    MAILCOW_HOSTNAME: "{{ mailcow__config_real.MAILCOW_HOSTNAME }}"
+    MAILCOW_TZ: "{{ mailcow__config_real.TZ }}"
     MAILCOW_BRANCH: "{{ mailcow__git_version }}"
   args:
     executable: /bin/bash
diff --git a/vars/main.yml b/vars/main.yml
@@ -3,36 +3,60 @@
 # -------------
 
 mailcow__config_default:
-  MAILCOW_HOSTNAME: "{{ mailcow__hostname }}"
-  TZ: "{{ mailcow__timezone }}"
-  HTTP_PORT: "{{ mailcow__config_http_port }}"
-  HTTP_BIND: "{{ (mailcow__config_http_bind | ansible.utils.ipaddr) if mailcow__config_http_bind is not none else '' }}"
-  HTTPS_PORT: "{{ mailcow__config_https_port }}"
-  HTTPS_BIND: "{{ (mailcow__config_https_bind | ansible.utils.ipaddr) if mailcow__config_https_bind is not none else '' }}"
   ACL_ANYONE: "{{ mailcow__config_acl_anyone }}"
-  MAILDIR_GC_TIME: "{{ mailcow__config_maildir_gc_time }}"
+  ACME_CONTACT: "{{ mailcow__config_acme_contact }}"
   ADDITIONAL_SAN: "{{ mailcow__config_additional_san | join(',') }}"
   ADDITIONAL_SERVER_NAMES: "{{ mailcow__config_additional_server_names | join(',') }}"
-  SKIP_LETS_ENCRYPT: "{{ mailcow__config_skip_lets_encrypt }}"
+  ALLOW_ADMIN_EMAIL_LOGIN: "{{ mailcow__config_allow_admin_email_login }}"
+  AUTODISCOVER_SAN: "y"
+  COMPOSE_PROJECT_NAME: "{{ mailcow__docker_compose_project_name }}"
+  DISABLE_NETFILTER_ISOLATION_RULE: "n"
+  DOCKER_COMPOSE_VERSION: "native"
+  DOVEADM_PORT: "127.0.0.1:19991"
+  DOVECOT_MASTER_PASS: ""
+  DOVECOT_MASTER_USER: ""
   ENABLE_SSL_SNI: "{{ mailcow__config_enable_ssl_sni }}"
-  SKIP_IP_CHECK: "{{ mailcow__config_skip_ip_check }}"
-  SKIP_HTTP_VERIFICATION: "{{ mailcow__config_skip_http_verification }}"
+  FTS_HEAP: "{{ mailcow__config_fts_heap }}"
+  FTS_PROCS: "{{ mailcow__config_fts_procs }}"
+  HTTP_BIND: "{{ (mailcow__config_http_bind | ansible.utils.ipaddr) if mailcow__config_http_bind is not none else '' }}"
+  HTTP_PORT: "{{ mailcow__config_http_port }}"
+  HTTP_REDIRECT: "{{ mailcow__config_http_redirect }}"
+  HTTPS_BIND: "{{ (mailcow__config_https_bind | ansible.utils.ipaddr) if mailcow__config_https_bind is not none else '' }}"
+  HTTPS_PORT: "{{ mailcow__config_https_port }}"
+  IMAP_PORT: "143"
+  IMAPS_PORT: "993"
+  LOG_LINES: "{{ mailcow__config_log_lines }}"
+  MAILCOW_HOSTNAME: "{{ mailcow__hostname }}"
+  MAILCOW_PASS_SCHEME: "BLF-CRYPT"
+  MAILDIR_GC_TIME: "{{ mailcow__config_maildir_gc_time }}"
+  MAILDIR_SUB: "Maildir"
+  POP_PORT: "110"
+  POPS_PORT: "995"
+  REDIS_PORT: "127.0.0.1:7654"
+  SIEVE_PORT: "4190"
   SKIP_CLAMD: "{{ mailcow__config_skip_clamd }}"
+  SKIP_FTS: "{{ mailcow__config_skip_fts }}"
+  SKIP_HTTP_VERIFICATION: "{{ mailcow__config_skip_http_verification }}"
+  SKIP_IP_CHECK: "{{ mailcow__config_skip_ip_check }}"
+  SKIP_LETS_ENCRYPT: "{{ mailcow__config_skip_lets_encrypt }}"
+  SKIP_OLEFY: "n"
   SKIP_SOGO: "{{ mailcow__config_skip_sogo }}"
-  ALLOW_ADMIN_EMAIL_LOGIN: "{{ mailcow__config_allow_admin_email_login }}"
+  SKIP_UNBOUND_HEALTHCHECK: "n"
+  SMTP_PORT: "25"
+  SMTPS_PORT: "465"
+  SOGO_EXPIRE_SESSION: "{{ mailcow__config_sogo_expire_session }}"
+  SPAMHAUS_DQS_KEY: ""
+  SQL_PORT: "127.0.0.1:13306"
+  SUBMISSION_PORT: "587"
+  TZ: "{{ mailcow__timezone }}"
   USE_WATCHDOG: "{{ mailcow__config_use_watchdog }}"
-  WATCHDOG_NOTIFY_EMAIL: "{{ mailcow__config_watchdog_notify_email }}"
+  WATCHDOG_EXTERNAL_CHECKS: "{{ mailcow__config_watchdog_external_checks }}"
   WATCHDOG_NOTIFY_BAN: "{{ mailcow__config_watchdog_notify_ban }}"
+  WATCHDOG_NOTIFY_EMAIL: "{{ mailcow__config_watchdog_notify_email }}"
+  WATCHDOG_NOTIFY_START: "y"
   WATCHDOG_SUBJECT: "{{ mailcow__config_watchdog_subject }}"
-  WATCHDOG_EXTERNAL_CHECKS: "{{ mailcow__config_watchdog_external_checks }}"
-  LOG_LINES: "{{ mailcow__config_log_lines }}"
-  SOGO_EXPIRE_SESSION: "{{ mailcow__config_sogo_expire_session }}"
-  COMPOSE_PROJECT_NAME: "{{ mailcow__docker_compose_project_name }}"
-  ACME_CONTACT: "{{ mailcow__config_acme_contact }}"
-  FTS_HEAP: "{{ mailcow__config_fts_heap }}"
-  FTS_PROCS: "{{ mailcow__config_fts_procs }}"
-  SKIP_FTS: "{{ mailcow__config_skip_fts }}"
-  HTTP_REDIRECT: "{{ mailcow__config_http_redirect }}"
+  WATCHDOG_VERBOSE: "n"
+  WEBAUTHN_ONLY_TRUSTED_VENDORS: "n"
 
 # -------------
 # Final Mailcow.conf
