mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2025-12-12 17:36:01 +00:00
300 lines
15 KiB
Bash
300 lines
15 KiB
Bash
#!/usr/bin/env bash
|
||
# _modules/scripts/new_options.sh
|
||
# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
|
||
# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
|
||
|
||
adapt_new_options() {
|
||
|
||
CONFIG_ARRAY=(
|
||
"AUTODISCOVER_SAN"
|
||
"SKIP_LETS_ENCRYPT"
|
||
"SKIP_SOGO"
|
||
"USE_WATCHDOG"
|
||
"WATCHDOG_NOTIFY_EMAIL"
|
||
"WATCHDOG_NOTIFY_WEBHOOK"
|
||
"WATCHDOG_NOTIFY_WEBHOOK_BODY"
|
||
"WATCHDOG_NOTIFY_BAN"
|
||
"WATCHDOG_NOTIFY_START"
|
||
"WATCHDOG_EXTERNAL_CHECKS"
|
||
"WATCHDOG_SUBJECT"
|
||
"SKIP_CLAMD"
|
||
"SKIP_OLEFY"
|
||
"SKIP_IP_CHECK"
|
||
"ADDITIONAL_SAN"
|
||
"DOVEADM_PORT"
|
||
"IPV4_NETWORK"
|
||
"IPV6_NETWORK"
|
||
"LOG_LINES"
|
||
"SNAT_TO_SOURCE"
|
||
"SNAT6_TO_SOURCE"
|
||
"COMPOSE_PROJECT_NAME"
|
||
"DOCKER_COMPOSE_VERSION"
|
||
"SQL_PORT"
|
||
"API_KEY"
|
||
"API_KEY_READ_ONLY"
|
||
"API_ALLOW_FROM"
|
||
"MAILDIR_GC_TIME"
|
||
"MAILDIR_SUB"
|
||
"ACL_ANYONE"
|
||
"FTS_HEAP"
|
||
"FTS_PROCS"
|
||
"SKIP_FTS"
|
||
"ENABLE_SSL_SNI"
|
||
"ALLOW_ADMIN_EMAIL_LOGIN"
|
||
"SKIP_HTTP_VERIFICATION"
|
||
"SOGO_EXPIRE_SESSION"
|
||
"SOGO_URL_ENCRYPTION_KEY"
|
||
"REDIS_PORT"
|
||
"REDISPASS"
|
||
"DOVECOT_MASTER_USER"
|
||
"DOVECOT_MASTER_PASS"
|
||
"MAILCOW_PASS_SCHEME"
|
||
"ADDITIONAL_SERVER_NAMES"
|
||
"WATCHDOG_VERBOSE"
|
||
"WEBAUTHN_ONLY_TRUSTED_VENDORS"
|
||
"SPAMHAUS_DQS_KEY"
|
||
"SKIP_UNBOUND_HEALTHCHECK"
|
||
"DISABLE_NETFILTER_ISOLATION_RULE"
|
||
"HTTP_REDIRECT"
|
||
"ENABLE_IPV6"
|
||
)
|
||
|
||
sed -i --follow-symlinks '$a\' mailcow.conf
|
||
for option in ${CONFIG_ARRAY[@]}; do
|
||
if grep -q "${option}" mailcow.conf; then
|
||
continue
|
||
fi
|
||
|
||
echo "Adding new option \"${option}\" to mailcow.conf"
|
||
|
||
case "${option}" in
|
||
AUTODISCOVER_SAN)
|
||
echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
|
||
echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
|
||
echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
|
||
echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
|
||
echo '# in the reverse proxy.' >> mailcow.conf
|
||
echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
|
||
;;
|
||
|
||
DOCKER_COMPOSE_VERSION)
|
||
echo "# Used Docker Compose version" >> mailcow.conf
|
||
echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
|
||
echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
|
||
echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
|
||
echo "# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail." >> mailcow.conf
|
||
echo "" >> mailcow.conf
|
||
echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
|
||
;;
|
||
|
||
DOVEADM_PORT)
|
||
echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
|
||
;;
|
||
|
||
LOG_LINES)
|
||
echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
|
||
echo "LOG_LINES=9999" >> mailcow.conf
|
||
;;
|
||
IPV4_NETWORK)
|
||
echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
|
||
echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
|
||
;;
|
||
IPV6_NETWORK)
|
||
echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
|
||
echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
|
||
;;
|
||
SQL_PORT)
|
||
echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
|
||
echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
|
||
;;
|
||
API_KEY)
|
||
echo '# Create or override API key for web UI' >> mailcow.conf
|
||
echo "#API_KEY=" >> mailcow.conf
|
||
;;
|
||
API_KEY_READ_ONLY)
|
||
echo '# Create or override read-only API key for web UI' >> mailcow.conf
|
||
echo "#API_KEY_READ_ONLY=" >> mailcow.conf
|
||
;;
|
||
API_ALLOW_FROM)
|
||
echo '# Must be set for API_KEY to be active' >> mailcow.conf
|
||
echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
|
||
echo "#API_ALLOW_FROM=" >> mailcow.conf
|
||
;;
|
||
SNAT_TO_SOURCE)
|
||
echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
|
||
echo "#SNAT_TO_SOURCE=" >> mailcow.conf
|
||
;;
|
||
SNAT6_TO_SOURCE)
|
||
echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
|
||
echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
|
||
;;
|
||
MAILDIR_GC_TIME)
|
||
echo '# Garbage collector cleanup' >> mailcow.conf
|
||
echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
|
||
echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
|
||
echo '# Check interval is hourly' >> mailcow.conf
|
||
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
|
||
;;
|
||
ACL_ANYONE)
|
||
echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
|
||
echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
|
||
echo '# This should probably only be activated on mail hosts, that are used exclusively by one organisation.' >> mailcow.conf
|
||
echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
|
||
echo 'ACL_ANYONE=disallow' >> mailcow.conf
|
||
;;
|
||
FTS_HEAP)
|
||
echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
|
||
echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
|
||
echo '# Please always monitor your Resource consumption!' >> mailcow.conf
|
||
echo "FTS_HEAP=128" >> mailcow.conf
|
||
;;
|
||
SKIP_FTS)
|
||
echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
|
||
echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
|
||
echo "SKIP_FTS=y" >> mailcow.conf
|
||
;;
|
||
FTS_PROCS)
|
||
echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
|
||
echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
|
||
echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
|
||
echo "FTS_PROCS=1" >> mailcow.conf
|
||
;;
|
||
ENABLE_SSL_SNI)
|
||
echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
|
||
echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
|
||
echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
|
||
echo "ENABLE_SSL_SNI=n" >> mailcow.conf
|
||
;;
|
||
SKIP_SOGO)
|
||
echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
|
||
echo "SKIP_SOGO=n" >> mailcow.conf
|
||
;;
|
||
MAILDIR_SUB)
|
||
echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
|
||
echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
|
||
echo "MAILDIR_SUB=" >> mailcow.conf
|
||
;;
|
||
WATCHDOG_NOTIFY_WEBHOOK)
|
||
echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
|
||
echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
|
||
echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
|
||
;;
|
||
WATCHDOG_NOTIFY_WEBHOOK_BODY)
|
||
echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
|
||
echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
|
||
WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
|
||
echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
|
||
;;
|
||
WATCHDOG_NOTIFY_BAN)
|
||
echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
|
||
echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
|
||
;;
|
||
WATCHDOG_NOTIFY_START)
|
||
echo '# Send a notification when the watchdog is started.' >> mailcow.conf
|
||
echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
|
||
;;
|
||
WATCHDOG_SUBJECT)
|
||
echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
|
||
echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
|
||
;;
|
||
WATCHDOG_EXTERNAL_CHECKS)
|
||
echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
|
||
echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
|
||
echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
|
||
echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
|
||
;;
|
||
SOGO_EXPIRE_SESSION)
|
||
echo '# SOGo session timeout in minutes' >> mailcow.conf
|
||
echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
|
||
;;
|
||
REDIS_PORT)
|
||
echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
|
||
;;
|
||
DOVECOT_MASTER_USER)
|
||
echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
|
||
echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
|
||
echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
|
||
echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
|
||
echo "DOVECOT_MASTER_USER=" >> mailcow.conf
|
||
;;
|
||
DOVECOT_MASTER_PASS)
|
||
echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
|
||
echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
|
||
;;
|
||
MAILCOW_PASS_SCHEME)
|
||
echo '# Password hash algorithm' >> mailcow.conf
|
||
echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
|
||
echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
|
||
echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
|
||
;;
|
||
ADDITIONAL_SERVER_NAMES)
|
||
echo '# Additional server names for mailcow UI' >> mailcow.conf
|
||
echo '#' >> mailcow.conf
|
||
echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
|
||
echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
|
||
echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
|
||
echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
|
||
echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
|
||
echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
|
||
;;
|
||
WEBAUTHN_ONLY_TRUSTED_VENDORS)
|
||
echo "# WebAuthn device manufacturer verification" >> mailcow.conf
|
||
echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
|
||
echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
|
||
echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
|
||
;;
|
||
SPAMHAUS_DQS_KEY)
|
||
echo "# Spamhaus Data Query Service Key" >> mailcow.conf
|
||
echo '# Optional: Leave empty for none' >> mailcow.conf
|
||
echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
|
||
echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
|
||
echo '# Otherwise it will work as usual.' >> mailcow.conf
|
||
echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
|
||
;;
|
||
WATCHDOG_VERBOSE)
|
||
echo '# Enable watchdog verbose logging' >> mailcow.conf
|
||
echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
|
||
;;
|
||
SKIP_UNBOUND_HEALTHCHECK)
|
||
echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
|
||
echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
|
||
;;
|
||
DISABLE_NETFILTER_ISOLATION_RULE)
|
||
echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
|
||
echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
|
||
echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
|
||
;;
|
||
HTTP_REDIRECT)
|
||
echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
|
||
echo 'HTTP_REDIRECT=n' >> mailcow.conf
|
||
;;
|
||
ENABLE_IPV6)
|
||
echo '# IPv6 Controller Section' >> mailcow.conf
|
||
echo '# This variable controls the usage of IPv6 within mailcow.' >> mailcow.conf
|
||
echo '# Can either be true or false | Defaults to true' >> mailcow.conf
|
||
echo '# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!' >> mailcow.conf
|
||
echo '# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.' >> mailcow.conf
|
||
echo ENABLE_IPV6=${IPV6_BOOL} >> mailcow.conf
|
||
;;
|
||
SKIP_CLAMD)
|
||
echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
|
||
echo 'SKIP_CLAMD=n' >> mailcow.conf
|
||
;;
|
||
SKIP_OLEFY)
|
||
echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
|
||
echo 'SKIP_OLEFY=n' >> mailcow.conf
|
||
;;
|
||
REDISPASS)
|
||
echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 28)" >> mailcow.conf
|
||
;;
|
||
SOGO_URL_ENCRYPTION_KEY)
|
||
echo '# SOGo URL encryption key (exactly 16 characters, limited to A–Z, a–z, 0–9)' >> mailcow.conf
|
||
echo '# This key is used to encrypt email addresses within SOGo URLs' >> mailcow.conf
|
||
echo "SOGO_URL_ENCRYPTION_KEY=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 16)" >> mailcow.conf
|
||
;;
|
||
*)
|
||
echo "${option}=" >> mailcow.conf
|
||
;;
|
||
esac
|
||
done
|
||
} |