debops.roundcube default variables
Sections
Packages and installation
- roundcube__required_php_packages
List of PHP packages required by Roundcube. Refer to the official Roundcube documentation for details.
roundcube__required_php_packages:
- 'iconv'
- 'openssl'
- 'session'
- 'sockets'
- 'xml'
# Included in the xml package
#- 'dom'
- 'mbstring'
- 'json'
- roundcube__optional_php_packages
List of recommended/optional PHP packages for Roundcube. Refer to the official Roundcube documentation for details.
roundcube__optional_php_packages:
- '{{ "ldap" if roundcube__ldap_enabled|bool else [] }}'
- '{{ "memcached" if roundcube__memcached_enabled|bool else [] }}'
- '{{ "redis" if roundcube__redis_enabled|bool else [] }}'
- 'fileinfo'
- 'enchant'
- 'zip'
- roundcube__custom_php_packages
List of user defined PHP packages for Roundcube.
roundcube__custom_php_packages: []
- roundcube__base_php_packages
List of base PHP packages required by Roundcube.
roundcube__base_php_packages:
- '{{ roundcube__required_php_packages }}'
- '{{ roundcube__apt_php_packages }}'
- '{{ roundcube__optional_php_packages }}'
- '{{ [ "mysql" ] if (roundcube__database_map[roundcube__database].dbtype == "mysql") else [] }}'
- '{{ [ "pgsql" ] if (roundcube__database_map[roundcube__database].dbtype == "postgresql") else [] }}'
- '{{ [ "sqlite3" ] if (roundcube__database_map[roundcube__database].dbtype == "sqlite") else [] }}'
- roundcube__apt_php_packages
PHP packages which are installed via APT repository if they are available in a sufficiently new version in the current distribution. The required minimal versions are taken from the file:composer.json.dist of the Roundcube 1.3.0 release. If you install an older version of Roundcube you may want to adjust this list.
roundcube__apt_php_packages: '{{ [ "mail-mime", "net-smtp", "pear" ]
if ansible_distribution_release in [ "stretch", "buster", "sid", "xenial", "yakkety", "zesty", "artful" ]
else [] }}'
- roundcube__packages
List of additional APT packages (e. g. language dictionaries) that should be installed with Roundcube.
roundcube__packages: []
- roundcube__base_packages
APT packages required for the Roundcube installation.
roundcube__base_packages: [ 'curl', 'file', 'unzip', 'aspell', 'aspell-en' ]
Roundcube user account
- roundcube__user
Roundcube system user account.
roundcube__user: 'roundcube'
- roundcube__group
Roundcube system user group.
roundcube__group: 'roundcube'
- roundcube__home
Path to the home directory of the Roundcube system account.
roundcube__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + roundcube__user }}'
- roundcube__comment
The GECOS string set for the Roundcube account.
roundcube__comment: 'Roundcube Webmail'
- roundcube__shell
The default shell of the Roundcube account.
roundcube__shell: '/usr/sbin/nologin'
Roundcube source and deployment
- roundcube__git_gpg_key
The GPG key used to sign Roundcube releases.
roundcube__git_gpg_key: '4295 5C9D 6F2A CA9D 3E96 D55F 3E54 28D0 262C 54F8'
- roundcube__git_additional_gpg_keys
List of additional GPG keys to add to the Roundcue user account. This might be needed if multiple people/organizations sign git commits or tags in the Roundcube repository, or installation from a private repository is used instead of a public one.
roundcube__git_additional_gpg_keys: []
- roundcube__git_repo
Roundcube source repository. You can specify a public or private
git repository using the https://
protocol.
See Deployment from private or internal git repository for more details.
roundcube__git_repo: 'https://github.com/roundcube/roundcubemail.git'
- roundcube__git_dir
Roundcube source directory on the host.
roundcube__git_dir: '{{ roundcube__src + "/"
+ roundcube__git_repo
.split("@" if ("@" in roundcube__git_repo)
else "://")[1] }}'
- roundcube__git_version
Roundcube release tag to deploy.
roundcube__git_version: '1.4.11'
- roundcube__git_dest
Default path where Roundcube source files will be deployed.
roundcube__git_dest: '{{ roundcube__www + "/sites/" + roundcube__user + "/public" }}'
- roundcube__src
Base path for git bare repository with Roundcube source.
roundcube__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + roundcube__user }}'
- roundcube__www
Base web root directory for Roundcube website.
roundcube__www: '{{ ansible_local.nginx.www
if (ansible_local|d() and ansible_local.nginx|d())
else "/srv/www" }}'
- roundcube__webserver_user
Roundcube webserver user (needs read-only access to the website code).
roundcube__webserver_user: '{{ ansible_local.nginx.user|d("www-data") }}'
Database configuration
- roundcube__database
Database definition to use from the roundcube__database_map
.
roundcube__database: 'sqlite-default'
- roundcube__database_user
Database user account to use for Roundcube.
roundcube__database_user: 'roundcube'
- roundcube__database_password_path
Path to the database password file.
roundcube__database_password_path: '{{ secret + "/credentials/" + inventory_hostname
+ "/roundcube/" + roundcube__database
+ "/" + roundcube__database_user + "/password" }}'
- roundcube__database_password
Database password for the account given in roundcube__database_user
.
roundcube__database_password: '{{ lookup("password", roundcube__database_password_path + " length=30") }}'
- roundcube__database_name
Name of the database to use for Roundcube.
roundcube__database_name: '{{ roundcube__database_user
if roundcube__database == "postgresql-default"
else "roundcubemail" }}'
- roundcube__database_map
Database connection definitions. Selet the database connection to use in
roundcube__database
.
roundcube__database_map:
sqlite-default:
dbtype: 'sqlite'
dbname: 'db/roundcube.db'
mysql-default:
dbtype: 'mysql'
dbname: '{{ roundcube__database_name }}'
dbuser: '{{ roundcube__database_user }}'
dbpass: '{{ roundcube__database_password }}'
dbhost: 'localhost'
dbtableprefix: ''
postgresql-default:
dbtype: 'postgresql'
dbname: '{{ roundcube__database_name }}'
dbuser: '{{ roundcube__database_user }}'
dbpass: '{{ roundcube__database_password }}'
dbhost: 'localhost'
dbtableprefix: ''
- roundcube__database_schema_map
Database type to schema mapping.
roundcube__database_schema_map:
mysql: '{{ roundcube__git_dest + "/SQL/mysql.initial.sql" }}'
postgresql: '{{ roundcube__git_dest + "/SQL/postgres.initial.sql" }}'
- roundcube__database_schema
Initial Roundcube database schema loaded by Ansible.
roundcube__database_schema: '{{ roundcube__database_schema_map[
roundcube__database_map[
roundcube__database
].dbtype
]
if roundcube__database_schema_map[
roundcube__database_map[
roundcube__database
].dbtype
]|d()
else "" }}'
Cache configuration
- roundcube__memcached_enabled
Enable or disable support for memcached service. It will be enabled automatically if local instance of memcached is detected.
roundcube__memcached_enabled: '{{ True
if (ansible_local|d() and ansible_local.memcached|d() and
(ansible_local.memcached.installed|d())|bool)
else False }}'
- roundcube__memcached_hosts
List of the memcached instances to use by Roundcube. By default only the local instance will be used, if detected. See debops.memcached for more details.
roundcube__memcached_hosts: [ 'localhost:11211' ]
- roundcube__redis_enabled
Enable or disable support for redis service. It will be enabled automatically if local instance of redis is detected.
roundcube__redis_enabled: '{{ True
if (ansible_local|d() and ansible_local.redis_server|d() and
(ansible_local.redis_server.installed|d())|bool)
else False }}'
- roundcube__redis_host
The address of the Redis server instance to use. Currently only a single server is supported by Roundcube. By default the Redis instance on the same host will be used, if it's detected via Ansible local facts.
roundcube__redis_server: 'localhost'
- roundcube__redis_port
The TCP port to use for Redis connections.
roundcube__redis_port: '{{ ansible_local.redis_server.port|d("6379") }}'
- roundcube__redis_database
The Redis "database" number to use.
roundcube__redis_database: '1'
- roundcube__redis_password
Specify the password required for authentication to Redis.
roundcube__redis_password: '{{ ansible_local.redis_server.password|d("") }}'
- roundcube__redis_hosts
List of the Redis instances which should be used by Roundcube. Currently only a single instance is supported, but the variable expects a list.
roundcube__redis_hosts: [ '{{ ([ roundcube__redis_server,
roundcube__redis_port,
roundcube__redis_database,
roundcube__redis_password ])
| join(":") }}' ]
- roundcube__session_storage
Select the session storage type to use. Currently supported are redis
and
memcached
. The session storage will be selected automatically by
detecting available cache services via Ansible local facts. If the variable
is empty, session storage will not be configured and will fall back to
the db
storage type.
roundcube__session_storage: '{{ "redis"
if roundcube__redis_enabled|bool
else ("memcached"
if roundcube__memcached_enabled|bool
else "") }}'
LDAP configuration
These variables configure the access to the LDAP address book managed by DebOps. See debops.ldap and debops.slapd role documentation to learn more about managing LDAP infrastructure with DebOps, and Roundcube LDAP Address Books documentation to learn more about configuring LDAP access in Roundcube.
- roundcube__ldap_enabled
Enable or disable LDAP integration in Roundcube.
roundcube__ldap_enabled: '{{ ansible_local.ldap.enabled
if (ansible_local|d() and ansible_local.ldap|d() and
ansible_local.ldap.enabled is defined)
else False }}'
- roundcube__ldap_password_enabled
Enable or disable support for changing user passwords using the "password" Roundcube plugin. The plugin will be configured to use LDAP Password Modify Extended Operation (RFC 3062).
If the password change support is disabled, the "password" plugin will be disabled as well. Password change via other mechanisms can be configured separately via Ansible inventory variables.
roundcube__ldap_password_enabled: '{{ roundcube__ldap_enabled }}'
- roundcube__ldap_addressbook_name
The name of the LDAP address book. It will be visible on the address book list and as the source of the search results.
roundcube__ldap_addressbook_name: 'LDAP Address Book'
- roundcube__ldap_hosts
List of the FQDN addresses of the LDAP directory servers which should be used by Roundcube.
roundcube__ldap_hosts: '{{ ansible_local.ldap.hosts|d([]) }}'
- roundcube__ldap_port
The TCP port to use to connect to the LDAP directory.
roundcube__ldap_port: '{{ ansible_local.ldap.port|d("389") }}'
- roundcube__ldap_use_tls
Enable or disable support for STARTTLS extension while connecting to the LDAP directory.
roundcube__ldap_use_tls: '{{ ansible_local.ldap.start_tls|d(True) }}'
- roundcube__ldap_base_dn
The Base Distinguished Name of the LDAP directory, defined as a YAML list.
roundcube__ldap_base_dn: '{{ ansible_local.ldap.base_dn|d([]) }}'
- roundcube__ldap_device_dn
The Distinguished Name of the current host LDAP object, defined as a YAML list. It will be used as a base for the Roundcube application account LDAP object. If the list is empty, the role will not create the account LDAP object automatically.
roundcube__ldap_device_dn: '{{ ansible_local.ldap.device_dn|d([]) }}'
- roundcube__ldap_self_rdn
The Relative Distinguished Name of the account LDAP object used by the Roundcube application to access the LDAP directory.
roundcube__ldap_self_rdn: '{{ "uid=" + roundcube__user }}'
- roundcube__ldap_self_object_classes
List of the LDAP object classes which will be used to create the LDAP object used by the Roundcube application to access the LDAP directory.
roundcube__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
- roundcube__ldap_self_attributes
YAML dictionary that defines the attributes of the LDAP object used by the Roundcube application to access the LDAP directory.
roundcube__ldap_self_attributes:
uid: '{{ roundcube__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ roundcube__ldap_bindpw }}'
host: '{{ [ ansible_fqdn, ansible_hostname ] | unique }}'
description: 'Account used by the "Roundcube" application to access the LDAP directory'
- roundcube__ldap_binddn
The Distinguished Name of the account LDAP object used by the Roundcube application to bind to the LDAP directory.
roundcube__ldap_binddn: '{{ ([ roundcube__ldap_self_rdn ] + roundcube__ldap_device_dn) | join(",") }}'
- roundcube__ldap_bindpw
The password stored in the account LDAP object used by the Roundcube application to bind to the LDAP directory.
roundcube__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ roundcube__ldap_binddn | to_uuid + ".password length=32"))
if roundcube__ldap_enabled|bool
else "" }}'
- roundcube__ldap_people_rdn
The Relative Distinguished Name of the people subtree which contains personal LDAP entries.
roundcube__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn|d([]) }}'
- roundcube__ldap_people_dn
The Distinguished Name of the people subtree which will be used for LDAP address book searches.
roundcube__ldap_people_dn: '{{ [ roundcube__ldap_people_rdn ]
+ roundcube__ldap_base_dn }}'
- roundcube__ldap_groups_rdn
The Relative Distinguished Name of the groups subtree which contains group LDAP entries.
roundcube__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn|d([]) }}'
- roundcube__ldap_groups_dn
The Distinguished Name of the groups subtree which will be used for LDAP address book searches.
roundcube__ldap_groups_dn: '{{ [ roundcube__ldap_groups_rdn ]
+ roundcube__ldap_base_dn }}'
Show or hide the LDAP address book in the Address Books interface. Hiding the LDAP address book still allows for searching its contents and autocompletion of recipient e-mail addresses.
Since the default LDAP address book configuration disables direct browsing of the contents and is read-only, displaying an entry for it is not very useful. Therefore it will be hidden by default.
roundcube__ldap_hidden: True
- roundcube__ldap_field_map
YAML dictionary which defines mapping between Roundcube address book fields and LDAP entry attributes. Some of the fields are not mapped yet because they don't work or there are currently no good LDAP equivalents.
roundcube__ldap_field_map:
name: 'cn'
firstname: 'givenName'
#middlename
#prefix
#suffix
surname: 'sn'
#nicname
#maidenname
#gender
#spouse
#organization
#department
jobtitle: 'title'
#assistant
#manager
email: 'mail:*'
'phone:home': 'homePhone'
'phone:work': 'telephoneNumber'
'phone:mobile': 'mobile'
'phone:pager': 'pager'
'phone:workfax': 'facsimileTelephoneNumber'
street: 'street'
zipcode: 'postalCode'
region: 'st'
locality: 'l'
#address
#birthday
#anniversary
#website
#im
notes: 'description:*'
photo: 'jpegPhoto'
Roundcube application options
- roundcube__fqdn
The default DNS address of the RoundCube web application, used in the HTTP server configuration.
roundcube__fqdn: 'webmail.{{ roundcube__domain }}'
- roundcube__domain
The DNS domain of the RoundCube installation.
roundcube__domain: '{{ ansible_domain }}'
- roundcube__imap_srv_rr
List which contains the result of the DNS query for IMAP server SRV
resource records in the host's domain. See RFC 6186 for details.
If there are no resource records, the role checks if a local Dovecot
installation is present and uses the host FQDN as the IMAP server address.
Finally, imap.<domain>
is used as a fallback.
roundcube__imap_srv_rr: '{{ q("dig_srv", "_imaps._tcp." + roundcube__domain,
ansible_fqdn
if (ansible_local|d() and ansible_local.dovecot|d() and
(ansible_local.dovecot.installed|d())|bool)
else "imap." + roundcube__domain, 993) }}'
- roundcube__imap_fqdn
The FQDN address of the IMAP server which stores user mailboxes.
The use of the FQDN instead of localhost
is required for X.509
certificate verification and for correct information in system logs.
roundcube__imap_fqdn: '{{ roundcube__imap_srv_rr[0]["target"] }}'
- roundcube__imap_port
The TCP port to use for IMAP connections.
roundcube__imap_port: '{{ roundcube__imap_srv_rr[0]["port"] }}'
- roundcube__imap_server
The IMAP host chosen to perform the log-in. This variable is also called default_server by Roundcube .
Leave blank to show a textbox at login, give a list of hosts to display a pulldown menu or set one host as string. To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// Supported replacement variables: %n - hostname ($_SERVER['SERVER_NAME']) %t - hostname without the first part %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) %s - domain name after the '@' from e-mail address provided at login screen For example %n = mail.domain.tld, %t = domain.tld
roundcube__imap_server: '{{ ("ssl://"
if (roundcube__imap_port == "993")
else ("tls://"
if (roundcube__imap_port == "143")
else "tls://"))
+ roundcube__imap_fqdn }}'
- roundcube__smtp_srv_rr
List which contains the result of the DNS query for the SMTP
(submission) server SRV
resource records in the host's domain. See
RFC 6186 for details.
If there are no resource records, the role checks if a local Postfix
installation is present and uses the host FQDN as the SMTP server address.
Finally, smtp.<domain>
is used as a fallback.
roundcube__smtp_srv_rr: '{{ q("dig_srv", "_submissions._tcp." + roundcube__domain,
ansible_fqdn
if (ansible_local|d() and ansible_local.postfix|d() and
(ansible_local.postfix.installed|d())|bool)
else ("smtp." + roundcube__domain), 465) }}'
- roundcube__smtp_fqdn
The FQDN address of the SMTP (submission) server which will be used to send e-mail messages.
The use of the FQDN instead of localhost
is required for X.509
certificate verification and for correct information in system logs.
roundcube__smtp_fqdn: '{{ roundcube__smtp_srv_rr[0]["target"] }}'
- roundcube__smtp_port
The TCP port to use for SMTP connections.
Common values include 25 for unencrypted communication, 587 for STARTTLS, or 465 for SMTP over SSL (aka SMTPS).
roundcube__smtp_port: '{{ roundcube__smtp_srv_rr[0]["port"] }}'
- roundcube__smtp_server
SMTP server host (for sending mails).
Enter hostname with prefix tls:// to use STARTTLS, or use prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS) Supported replacement variables: %h - user's IMAP hostname %n - hostname ($_SERVER['SERVER_NAME']) %t - hostname without the first part %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) %z - IMAP domain (IMAP hostname without the first part) For example %n = mail.domain.tld, %t = domain.tld
roundcube__smtp_server: '{{ ("ssl://"
if (roundcube__smtp_port == "465")
else ("tls://"
if (roundcube__smtp_port == "587")
else "tls://"))
+ roundcube__smtp_fqdn }}'
- roundcube__smtp_user
SMTP username (if required) if you use %u as the username Roundcube will use the current username for login.
roundcube__smtp_user: '%u'
- roundcube__smtp_pass
SMTP password (if required) if you use %p as the password Roundcube will use the current user's password for login.
roundcube__smtp_pass: '%p'
- roundcube__sieve_srv_rr
List which contains the result of the DNS query for Sieve server
SRV
resource records in the host's domain. See RFC 5804 for details.
If there are no resource records, the role checks if a local Dovecot
installation is present and uses the host FQDN as the Sieve server address.
Finally, sieve.<domain>
is used as a fallback.
roundcube__sieve_srv_rr: '{{ q("dig_srv", "_sieve._tcp." + roundcube__domain,
ansible_fqdn
if (ansible_local|d() and ansible_local.dovecot|d() and
(ansible_local.dovecot.installed|d())|bool)
else ("sieve." + roundcube__domain), 4190) }}'
- roundcube__sieve_fqdn
The FQDN address of the Sieve server which allows management of the Sieve filter scripts.
The use of the FQDN instead of localhost
is required for X.509
certificate verification and for correct information in system logs.
roundcube__sieve_fqdn: '{{ roundcube__sieve_srv_rr[0]["target"] }}'
- roundcube__sieve_port
The TCP port used for Sieve connections.
roundcube__sieve_port: '{{ roundcube__sieve_srv_rr[0]["port"] }}'
- roundcube__sieve_server
The Sieve host chosen to access the Sieve configuration interface. Replacement variables supported in host name: %h - user's IMAP hostname %n - http hostname ($_SERVER['SERVER_NAME']) %d - domain (http hostname without the first part) For example %n = mail.domain.tld, %d = domain.tld
roundcube__sieve_server: '{{ "tls://" + roundcube__sieve_fqdn }}'
- roundcube__product_name
Name your service. This is displayed on the login screen and in the window title
roundcube__product_name: '{{ ansible_local.machine.organization|d("Roundcube") + " Webmail" }}'
- roundcube__des_key
Encryption key for the users imap password which is stored in the session record (and the client cookie if remember password is enabled).
roundcube__des_key: '{{ lookup("password", secret + "/credentials/" + inventory_hostname + "/roundcube/des_key chars=hexdigits length=24") }}'
- roundcube__username_domain
Specify a domain (realm) to add to usernames without a specified domain. Defining a default domain helps avoid creating separate RoundCube profiles when users use logins with and without a domain specified.
The default is to create a domain based on the host DNS domain.
roundcube__username_domain: '%d'
- roundcube__log_driver
Define the log driver. Currently available: syslog
, stdout
, file
.
roundcube__log_driver: 'syslog'
Roundcube configuration file
These variables define the contents of the config/config.inc.php
local configuration file. See roundcube__configuration for more
details.
- roundcube__original_configuration
The list defines the Roundcube configuration options stored in the
config.inc.php.sample
configuration file. Modifications to these
configuration options should be done using the subsequent variables.
roundcube__original_configuration:
# [[[ init
- name: 'init_config'
raw: |
$config = array();
section: 'init'
# [[[ sql
- name: 'db_dsnw'
comment: |
Database connection string (DSN) for read+write operations
Format (compatible with PEAR MDB2): db_provider://user:password@host/database
Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
For examples see https://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
Note: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
Note: Various drivers support various additional arguments for connection,
for Mysql: key, cipher, cert, capath, ca, verify_server_cert,
for Postgres: application_name, sslmode, sslcert, sslkey,
sslrootcert, sslcrl, sslcompression, service.
e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
value: 'mysql://roundcube:pass@localhost/roundcubemail'
section: 'sql'
- name: 'db_dsnr'
comment: |
Database DSN for read-only operations (if empty write database will be used)
useful for database replication
value: ''
section: 'sql'
state: 'init'
- name: 'db_dsnw_noread'
comment: 'Disable the use of already estabilished dsnw connections for subsequent reads'
value: False
section: 'sql'
state: 'init'
- name: 'db_persistent'
comment: |
use persistent db-connections
beware this will not "always" work as expected
see: http://www.php.net/manual/en/features.persistent-connections.php
value: False
section: 'sql'
state: 'init'
- name: 'db_prefix'
comment: 'You can define specific table (and sequence) names prefix'
value: ''
section: 'sql'
state: 'init'
- name: 'db_table_dsn'
comment: |
Mapping of table names and connections to use for ALL operations.
This can be used in a setup with replicated databases and a DB master
where read/write access to cache tables should not go to master.
array:
- 'cache': 'r'
'cache_index': 'r'
'cache_thread': 'r'
'cache_messages': 'r'
section: 'sql'
state: 'init'
- name: 'db_max_allowed_packet'
comment: |
It is possible to specify database variable values e.g. some limits here.
Use them if your server is not MySQL or for better performance.
For example Roundcube uses max_allowed_packet value (in bytes)
which limits query size for database cache operations.
value: null
section: 'sql'
state: 'init'
# [[[ logging
- name: 'log_driver'
comment: |
Log driver: 'syslog', 'stdout' or 'file'.
value: 'file'
section: 'logging'
state: 'init'
- name: 'log_date_format'
comment: |
Date format for log entries
(read https://php.net/manual/en/function.date.php for all format characters)
value: 'd-M-Y H:i:s O'
section: 'logging'
state: 'init'
- name: 'log_session_id'
comment: |
Length of the session ID to prepend each log line with
set to 0 to avoid session IDs being logged.
value: 8
section: 'logging'
state: 'init'
- name: 'log_file_ext'
comment: 'Default extension used for log file name'
value: '.log'
section: 'logging'
state: 'init'
- name: 'syslog_id'
comment: 'Syslog ident string to use, if using the "syslog" log driver.'
value: 'roundcube'
section: 'logging'
state: 'init'
- name: 'syslog_facility'
comment: |
Syslog facility to use, if using the 'syslog' log driver.
For possible values see installer or https://php.net/manual/en/function.openlog.php
value: 'LOG_USER'
quotes: False
section: 'logging'
state: 'init'
- name: 'per_user_logging'
comment: |
Activate this option if logs should be written to per-user directories.
Data will only be logged if a directory <log_dir>/<username>/ exists and is writable.
value: False
section: 'logging'
state: 'init'
- name: 'smtp_log'
comment: 'Log sent messages to <log_dir>/sendmail.log or to syslog'
value: True
section: 'logging'
state: 'init'
- name: 'log_logins'
comment: 'Log successful/failed logins to <log_dir>/userlogins.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'session_debug'
comment: |
Log session debug information/authentication errors to <log_dir>/session.log or to syslog
value: False
section: 'logging'
state: 'init'
- name: 'sql_debug'
comment: 'Log SQL queries to <log_dir>/sql.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'imap_debug'
comment: 'Log IMAP conversation to <log_dir>/imap.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'ldap_debug'
comment: 'Log LDAP conversation to <log_dir>/ldap.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'smtp_debug'
comment: 'Log SMTP conversation to <log_dir>/smtp.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'memcache_debug'
comment: 'Log Memcache conversation to <log_dir>/memcache.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'apc_debug'
comment: 'Log APC conversation to <log_dir>/apc.log or to syslog'
value: False
section: 'logging'
state: 'init'
- name: 'redis_debug'
comment: 'Log Redis conversation to <log_dir>/redis.log or to syslog'
value: False
section: 'logging'
state: 'init'
# [[[ imap
- name: 'default_host'
comment: |
The IMAP host chosen to perform the log-in.
Leave blank to show a textbox at login, give a list of hosts
to display a pulldown menu or set one host as string.
To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
Supported replacement variables:
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
%s - domain name after the '@' from e-mail address provided at login screen
For example %n = mail.domain.tld, %t = domain.tld
WARNING: After hostname change update of mail_host column in users table is
required to match old user data records with the new host.
value: 'localhost'
section: 'imap'
- name: 'default_port'
comment: 'TCP port used for IMAP connections'
value: 143
section: 'imap'
state: 'init'
- name: 'imap_auth_type'
comment: |
IMAP authentication method (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null).
Use 'IMAP' to authenticate with IMAP LOGIN command.
By default the most secure method (from supported) will be selected.
value: null
section: 'imap'
state: 'init'
- name: 'imap_conn_options'
comment: |
IMAP socket context options
See https://php.net/manual/en/context.ssl.php
The example below enables server certificate validation
Note: These can be also specified as an array of options indexed by hostname
array:
- ssl:
- verify_peer: True
verify_depth: 3
cafile: '/etc/ssl/certs/ca-certificates.crt'
section: 'imap'
state: 'init'
- name: 'imap_timeout'
comment: 'IMAP connection timeout, in seconds. Default: 0 (use default_socket_timeout)'
value: 0
section: 'imap'
state: 'init'
- name: 'imap_auth_cid'
comment: 'Optional IMAP authentication identifier to be used as authorization proxy'
value: null
section: 'imap'
state: 'init'
- name: 'imap_auth_pw'
comment: 'Optional IMAP authentication password to be used for imap_auth_cid'
value: null
section: 'imap'
state: 'init'
- name: 'imap_delimiter'
comment: |
If you know your imap's folder delimiter, you can specify it here.
Otherwise it will be determined automatically
value: null
section: 'imap'
state: 'init'
- name: 'imap_vendor'
comment: |
If you know your imap's folder vendor, you can specify it here.
Otherwise it will be determined automatically. Use lower-case
identifiers, e.g. 'dovecot', 'cyrus', 'gimap', 'hmail', 'uw-imap'.
value: null
section: 'imap'
state: 'init'
- name: 'imap_ns_personal'
comment: |
If IMAP server doesn't support NAMESPACE extension, but you're
using shared folders or personal root folder is non-empty, you'll need to
set these options. All can be strings or arrays of strings.
Note: Folders need to be ended with directory separator, e.g. "INBOX."
(special directory "~" is an exception to this rule)
Note: These can be used also to overwrite server's namespaces
Note: Set these to FALSE to disable access to specified namespace
value: null
section: 'imap'
state: 'init'
- name: 'imap_ns_other'
value: null
section: 'imap'
state: 'init'
- name: 'imap_ns_shared'
value: null
section: 'imap'
state: 'init'
- name: 'imap_force_caps'
comment: |
By default IMAP capabilities are readed after connection to IMAP server
In some cases, e.g. when using IMAP proxy, there's a need to refresh the list
after login. Set to True if you've got this case.
value: False
section: 'imap'
state: 'init'
- name: 'imap_force_lsub'
comment: |
By default list of subscribed folders is determined using LIST-EXTENDED
extension if available. Some servers (dovecot 1.x) returns wrong results
for shared namespaces in this case. https://github.com/roundcube/roundcubemail/issues/2474
Enable this option to force LSUB command usage instead.
Deprecated: Use imap_disabled_caps = array('LIST-EXTENDED')
value: False
section: 'imap'
state: 'init'
- name: 'imap_force_ns'
comment: |
Some server configurations (e.g. Courier) doesn't list folders in all namespaces
Enable this option to force listing of folders in all namespaces
value: False
section: 'imap'
state: 'init'
- name: 'imap_skip_hidden_folders'
comment: |
Some servers return hidden folders (name starting witha dot)
from user home directory. IMAP RFC does not forbid that.
Enable this option to hide them and disable possibility to create such.
value: False
section: 'imap'
state: 'init'
- name: 'imap_dual_use_folders'
comment: |
Some servers do not support folders with both folders and messages inside
If your server supports that use true, if it does not, use false.
By default it will be determined automatically (once per user session).
value: null
section: 'imap'
state: 'init'
- name: 'imap_disabled_caps'
comment: |
List of disabled imap extensions.
Use if your IMAP server has broken implementation of some feature
and you can't remove it from CAPABILITY string on server-side.
For example UW-IMAP server has broken ESEARCH.
Note: Because the list is cached, re-login is required after change.
value: []
section: 'imap'
state: 'init'
- name: 'imap_log_session'
comment: |
Log IMAP session identifiers after each IMAP login.
This is used to relate IMAP session with Roundcube user sessions
value: False
section: 'imap'
state: 'init'
- name: 'imap_cache'
comment: |
Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'.
value: null
section: 'imap'
state: 'init'
- name: 'messages_cache'
comment: |
Enables messages cache. Only 'db' cache is supported.
This requires an IMAP server that supports QRESYNC and CONDSTORE
extensions (RFC7162). See synchronize() in program/lib/Roundcube/rcube_imap_cache.php
for further info, or if you experience syncing problems.
value: False
section: 'imap'
state: 'init'
- name: 'imap_cache_ttl'
comment: 'Lifetime of IMAP indexes cache. Possible units: s, m, h, d, w'
value: '10d'
section: 'imap'
state: 'init'
- name: 'messages_cache_ttl'
comment: 'Lifetime of messages cache. Possible units: s, m, h, d, w'
value: '10d'
section: 'imap'
state: 'init'
- name: 'messages_cache_threshold'
comment: |
Maximum cached message size in kilobytes.
Note: On MySQL this should be less than (max_allowed_packet - 30%)
value: 50
section: 'imap'
state: 'init'
# [[[ smtp
- name: 'smtp_server'
comment: |
SMTP server host (for sending mails).
Enter hostname with prefix tls:// to use STARTTLS, or use
prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
Supported replacement variables:
%h - user's IMAP hostname
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
%z - IMAP domain (IMAP hostname without the first part)
For example %n = mail.domain.tld, %t = domain.tld
value: 'localhost'
section: 'smtp'
- name: 'smtp_port'
comment: |
SMTP port (default is 25; use 587 for STARTTLS or 465 for the
deprecated SSL over SMTP (aka SMTPS))
value: 587
section: 'smtp'
- name: 'smtp_user'
comment: |
SMTP username (if required) if you use %u as the username Roundcube
will use the current username for login
value: '%u'
section: 'smtp'
- name: 'smtp_pass'
comment: |
SMTP password (if required) if you use %p as the password Roundcube
will use the current user's password for login
value: '%p'
section: 'smtp'
- name: 'smtp_auth_type'
comment: |
SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
best server supported one)
value: null
section: 'smtp'
state: 'init'
- name: 'smtp_auth_cid'
comment: |
Optional SMTP authentication identifier to be used as authorization proxy
value: null
section: 'smtp'
state: 'init'
- name: 'smtp_auth_pw'
comment: |
Optional SMTP authentication password to be used for smtp_auth_cid
value: null
section: 'smtp'
state: 'init'
- name: 'smtp_helo_host'
comment: |
SMTP HELO host
Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages
Leave this blank and you will get the server variable 'server_name' or
localhost if that isn't defined.
value: ''
section: 'smtp'
state: 'init'
- name: 'smtp_timeout'
comment: |
SMTP connection timeout, in seconds. Default: 0 (use default_socket_timeout)
Note: There's a known issue where using ssl connection with
timeout > 0 causes connection errors (https://bugs.php.net/bug.php?id=54511)
value: 0
section: 'smtp'
state: 'init'
- name: 'smtp_conn_options'
comment: |
SMTP socket context options
See https://php.net/manual/en/context.ssl.php
The example below enables server certificate validation, and
requires 'smtp_timeout' to be non zero.
Note: These can be also specified as an array of options indexed by hostname
array:
- ssl:
- verify_peer: True
verify_depth: 3
cafile: '/etc/ssl/certs/ca-certificates.crt'
section: 'smtp'
state: 'init'
# [[[ ldap
- name: 'ldap_cache'
comment: |
Type of LDAP cache. Supported values: 'db', 'apc' and 'memcache' or 'memcached'.
value: 'db'
section: 'ldap'
state: 'init'
- name: 'ldap_cache_ttl'
comment: 'Lifetime of LDAP cache. Posibble units: s, m, h, d, w'
value: '10m'
section: 'ldap'
state: 'init'
# [[[ cache
- name: 'memcache_hosts'
comment: |
Use these hosts for accessing memcached
Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file
Example: array('localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock');
value: null
section: 'cache'
state: 'init'
- name: 'memcache_pconnect'
comment: |
Controls the use of a persistent connections to memcache servers
See https://php.net/manual/en/memcache.addserver.php
value: True
section: 'cache'
state: 'init'
- name: 'memcache_timeout'
comment: |
Value in seconds which will be used for connecting to the daemon
See https://php.net/manual/en/memcache.addserver.php
value: 1
section: 'cache'
state: 'init'
- name: 'memcache_retry_interval'
comment: |
Controls how often a failed server will be retried (value in seconds).
Setting this parameter to -1 disables automatic retry.
See https://php.net/manual/en/memcache.addserver.php
value: 15
section: 'cache'
state: 'init'
- name: 'redis_hosts'
comment: |
Use these hosts for accessing Redis.
Currently only one host is supported. Cluster support may come in a future release.
You can pass 4 fields, host, port (optional), database (optional) and password (optional).
Unset fields will be set to the default values host=127.0.0.1, port=6379.
Examples:
array('localhost:6379');
array('192.168.1.1:6379:1:secret');
array('unix:///var/run/redis/redis-server.sock:1:secret');
value: null
section: 'cache'
state: 'init'
- name: 'memcache_max_allowed_packet'
comment: 'Maximum size of an object in memcache (in bytes). Default: 2MB'
value: '2M'
section: 'cache'
state: 'init'
- name: 'apc_mac_allowed_packet'
comment: 'Maximum size of an object in APC cache (in bytes). Default: 2MB'
value: '2M'
section: 'cache'
state: 'init'
- name: 'redis_max_allowed_packet'
comment: 'Maximum size of an object in Redis cache (in bytes). Default: 2MB'
value: '2M'
section: 'cache'
state: 'init'
# [[[ system
- name: 'enable_installer'
comment: |
THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
value: False
section: 'system'
state: 'init'
- name: 'dont_override'
comment: "Don't allow these settings to be overridden by the user"
value: []
section: 'system'
state: 'init'
- name: 'disabled_actions'
comment: 'List of disabled UI elements/actions'
value: []
section: 'system'
state: 'init'
- name: 'advanced_prefs'
comment: |
Define which settings should be listed under the 'advanced' block
which is hidden by default
value: []
section: 'system'
state: 'init'
- name: 'support_url'
comment: |
Provide an URL where a user can get support for this Roundcube installation
PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
value: ''
section: 'system'
- name: 'skin_logo'
comment: |
Logo image replacement. Specifies location of the image as:
- URL relative to the document root of this Roundcube installation
- full URL with http:// or https:// prefix
- URL relative to the current skin folder (when starts with a '/')
An array can be used to specify different logos for specific template files
The array key specifies the place(s) the logo should be applied to and
is made up of (up to) 3 parts:
- skin name prefix (always with colon, can be replaced with *)
- template name (or * for all templates)
- logo type - it is used for logos used on multiple templates
the available types include '[favicon]' for favicon, '[print]' for logo on all print
templates (e.g. messageprint, contactprint) and '[small]' for small screen logo in supported skins
Example config for skin_logo
array(
// show the image /images/logo_login_small.png for the Login screen in the Elastic skin on small screens
"elastic:login[small]" => "/images/logo_login_small.png",
// show the image /images/logo_login.png for the Login screen in the Elastic skin
"elastic:login" => "/images/logo_login.png",
// show the image /images/logo_small.png in the Elastic skin
"elastic:*[small]" => "/images/logo_small.png",
// show the image /images/larry.png in the Larry skin
"larry:*" => "/images/larry.png",
// show the image /images/logo_login.png on the login template in all skins
"login" => "/images/logo_login.png",
// show the image /images/logo_print.png for all print type logos in all skins
"[print]" => "/images/logo_print.png",
);
value: null
section: 'system'
state: 'init'
- name: 'auto_create_user'
comment: |
Automatically create a new Roundcube user when log-in the first time.
A new user will be created once the IMAP login succeeds.
Set to false if only registered users can use this service
value: True
section: 'system'
state: 'init'
- name: 'user_aliases'
comment: 'Enables possibility to log in using email address from user identities'
value: False
section: 'system'
state: 'init'
- name: 'log_dir'
comment: |
use this folder to store log files
must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
This is used by the 'file' log driver.
value: "RCUBE_INSTALL_PATH . 'logs/'"
quotes: False
section: 'system'
state: 'init'
- name: 'temp_dir'
comment: |
Use this folder to store temp files
Must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
value: "RCUBE_INSTALL_PATH . 'temp/'"
quotes: False
section: 'system'
state: 'init'
- name: 'temp_dir_ttl'
comment: |
Expire files in temp_dir after 48 hours
Possible units: s, m, h, d, w
value: '48h'
section: 'system'
state: 'init'
- name: 'force_https'
comment: |
Enforce connections over https
With this option enabled, all non-secure connections will be redirected.
It can be also a port number, hostname or hostname:port if they are
different than default HTTP_HOST:443
value: False
section: 'system'
state: 'init'
- name: 'use_https'
comment: |
Tell PHP that it should work as under secure connection
even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
e.g. when you're running Roundcube behind a https proxy
This option is mutually exclusive to 'force_https' and only either one of
them should be set to true.
value: False
section: 'system'
state: 'init'
- name: 'login_autocomplete'
comment: |
Allow browser-autocompletion on login form.
0 - disabled, 1 - username and host only, 2 - username, host, password
value: 0
section: 'system'
state: 'init'
- name: 'login_lc'
comment: |
Forces conversion of logins to lower case.
0 - disabled, 1 - only domain part, 2 - domain and local part.
If users authentication is case-insensitive this must be enabled.
Note: After enabling it all user records need to be updated, e.g. with query:
UPDATE users SET username = LOWER(username);
value: 2
section: 'system'
state: 'init'
- name: 'login_username_maxlen'
comment: 'Maximum length (in bytes) of logon username and password.'
value: 1024
section: 'system'
state: 'init'
- name: 'login_password_maxlen'
value: 1024
section: 'system'
state: 'init'
- name: 'login_username_filter'
comment: |
Logon username filter. Regular expression for use with preg_match().
Example: '/^[a-z0-9_@.-]+$/'
value: null
section: 'system'
state: 'init'
- name: 'login_rate_limit'
comment: |
Brute-force attacks prevention.
The value specifies maximum number of failed logon attempts per minute.
value: 3
section: 'system'
state: 'init'
- name: 'skin_include_php'
comment: 'Includes should be interpreted as PHP files'
value: False
section: 'system'
state: 'init'
- name: 'display_product_info'
comment: |
Display product name and software version on login screen
0 - hide product name and version number,
1 - show product name only,
2 - show product name and version number
value: 1
section: 'system'
state: 'init'
- name: 'session_lifetime'
comment: 'Session lifetime in minutes'
value: 10
section: 'system'
state: 'init'
- name: 'session_domain'
comment: 'Session domain: .example.org'
value: ''
section: 'system'
state: 'init'
- name: 'session_name'
comment: |
Session name. Default: 'roundcube_sessid'
value: null
section: 'system'
state: 'init'
- name: 'session_auth_name'
comment: |
Session authentication cookie name. Default: 'roundcube_sessauth'
value: null
section: 'system'
state: 'init'
- name: 'session_path'
comment: |
Session path. Defaults to PHP session.cookie_path setting.
value: null
section: 'system'
state: 'init'
- name: 'session_storage'
comment: |
Backend to use for session storage. Can either be 'db' (default), 'redis', 'memcache', or 'php'
If set to 'memcache' or 'memcached', a list of servers need to be specified in 'memcache_hosts'
Make sure the Memcache extension (https://pecl.php.net/package/memcache) version >= 2.0.0
or the Memcached extension (https://pecl.php.net/package/memcached) version >= 2.0.0 is installed.
If set to 'redis', a server needs to be specified in 'redis_hosts'
Make sure the Redis extension (https://pecl.php.net/package/redis) version >= 2.0.0 is installed.
Setting this value to 'php' will use the default session save handler configured in PHP
value: 'db'
section: 'system'
state: 'init'
- name: 'proxy_whitelist'
comment: |
List of trusted proxies
X_FORWARDED_* and X_REAL_IP headers are only accepted from these IPs
value: []
section: 'system'
state: 'init'
- name: 'trusted_host_pattern'
comment: |
List of trusted host names
Attackers can modify Host header of the HTTP request causing $_SERVER['SERVER_NAME']
or $_SERVER['HTTP_HOST'] variables pointing to a different host, that could be used
to collect user names and passwords. Some server configurations prevent that, but not all.
An empty list accepts any host name. The list can contain host names
or PCRE patterns (without // delimiters, that will be added automatically).
value: []
section: 'system'
state: 'init'
- name: 'ip_check'
comment: 'Check client IP in session authorization'
value: False
section: 'system'
state: 'init'
- name: 'x_frame_options'
comment: |
X-Frame-Options HTTP header value sent to prevent from Clickjacking.
Possible values: sameorigin|deny|allow-from <uri>.
Set to false in order to disable sending the header.
value: 'sameorigin'
section: 'system'
state: 'init'
- name: 'des_key'
comment: |
this key is used to encrypt the users imap password which is stored
in the session record (and the client cookie if remember password is enabled).
please provide a string of exactly 24 chars.
YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
value: 'rcmail-!24ByteDESkey*Str'
section: 'system'
- name: 'cipher_method'
comment: |
Encryption algorithm. You can use any method supported by OpenSSL.
Default is set for backward compatibility to DES-EDE3-CBC,
but you can choose e.g. AES-256-CBC which we consider a better choice.
value: 'DES-EDE3-CBC'
section: 'system'
state: 'init'
- name: 'username_domain'
comment: |
Automatically add this domain to user names for login
Only for IMAP servers that require full e-mail addresses for login
Specify an array with 'host' => 'domain' values to support multiple hosts
Supported replacement variables:
%h - user's IMAP hostname
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
%z - IMAP domain (IMAP hostname without the first part)
For example %n = mail.domain.tld, %t = domain.tld
value: ''
section: 'system'
state: 'init'
- name: 'username_domain_forced'
comment: |
Force domain configured in username_domain to be used for login.
Any domain in username will be replaced by username_domain.
value: False
section: 'system'
state: 'init'
- name: 'mail_domain'
comment: |
This domain will be used to form e-mail addresses of new users
Specify an array with 'host' => 'domain' values to support multiple hosts
Supported replacement variables:
%h - user's IMAP hostname
%n - http hostname ($_SERVER['SERVER_NAME'])
%d - domain (http hostname without the first part)
%z - IMAP domain (IMAP hostname without the first part)
For example %n = mail.domain.tld, %t = domain.tld
value: ''
section: 'system'
state: 'init'
- name: 'password_charset'
comment: |
Password character set, to change the password for user
authentication or for password change operations
value: 'UTF-8'
section: 'system'
state: 'init'
- name: 'sendmail_delay'
comment: 'How many seconds must pass between emails sent by a user'
value: 0
section: 'system'
state: 'init'
- name: 'max_message_size'
comment: |
Message size limit. Note that SMTP server(s) may use a different value.
This limit is verified when user attaches files to a composed message.
Size in bytes (possible unit suffix: K, M, G)
value: '100M'
section: 'system'
state: 'init'
- name: 'max_recipients'
comment: |
Maximum number of recipients per message (including To, Cc, Bcc).
Default: 0 (no limit)
value: 0
section: 'system'
state: 'init'
- name: 'max_disclosed_recipients'
comment: |
Maximum number of recipients per message exluding Bcc header.
This is a soft limit, which means we only display a warning to the user.
Default: 5
value: 5
section: 'system'
state: 'init'
- name: 'max_group_members'
comment: |
Maximum allowed number of members of an address group. Default: 0 (no limit)
If 'max_recipients' is set this value should be less or equal
value: 0
section: 'system'
state: 'init'
- name: 'product_name'
comment: |
Name your service. This is displayed on the login screen and in the window title
value: 'Roundcube Webmail'
section: 'system'
- name: 'useragent'
comment: 'Add this user-agent to message headers when sending'
value: "'Roundcube Webmail/'.RCUBE_VERSION"
quotes: False
section: 'system'
state: 'init'
- name: 'include_host_config'
comment: |
Try to load host-specific configuration
See https://github.com/roundcube/roundcubemail/wiki/Configuration:-Multi-Domain-Setup
for more details
value: False
section: 'system'
state: 'init'
- name: 'generic_message_footer'
comment: |
Path to a text file which will be added to each sent message
Paths are relative to the Roundcube root folder
value: ''
section: 'system'
state: 'init'
- name: 'generic_message_footer_html'
comment: |
Path to a text file which will be added to each sent HTML message
Paths are relative to the Roundcube root folder
value: ''
section: 'system'
state: 'init'
- name: 'http_received_header'
comment: |
Add a received header to outgoing mails containing the creators IP and hostname
value: False
section: 'system'
state: 'init'
- name: 'http_received_header_encrypt'
comment: |
Whether or not to encrypt the IP address and the host name
these could, in some circles, be considered as sensitive information;
however, for the administrator, these could be invaluable help
when tracking down issues.
value: False
section: 'system'
state: 'init'
- name: 'line_length'
comment: |
Number of chars allowed for line when wrapping text.
Text wrapping is done when composing/sending messages
value: 72
section: 'system'
state: 'init'
- name: 'send_format_flowed'
comment: 'Send plaintext messages as format=flowed'
value: True
section: 'system'
state: 'init'
- name: 'mdn_use_from'
comment: |
According to RFC2298, return receipt envelope sender address must be
empty. If this option is true, Roundcube will use user's identity as
envelope sender for MDN responses.
value: False
section: 'system'
state: 'init'
- name: 'identities_level'
comment: |
Set identities access level:
0 - many identities with possibility to edit all params
1 - many identities with possibility to edit all params but not email address
2 - one identity with possibility to edit all params
3 - one identity with possibility to edit all params but not email address
4 - one identity with possibility to edit only signature
value: 0
section: 'system'
state: 'init'
- name: 'identity_image_size'
comment: |
Maximum size of uploaded image in kilobytes
Images (in html signatures) are stored in database as data URIs
value: 64
section: 'system'
state: 'init'
- name: 'client_mimetypes'
comment: |
Mimetypes supported by the browser.
Attachments of these types will open in a preview window
Either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
value: null
section: 'system'
state: 'init'
- name: 'mime_magic'
comment: |
Path to a local mime magic database file for PHPs finfo extension.
Set to null if the default path should be used.
value: null
section: 'system'
state: 'init'
- name: 'mime_types'
comment: |
Absolute path to a local mime.types mapping table file.
This is used to derive mime-types from the filename extension or vice versa.
Such a file is usually part of the apache webserver. If you don't find a file named mime.types on your system,
download it from https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
value: null
section: 'system'
state: 'init'
- name: 'im_identify_path'
comment: |
Path to imagemagick identify binary (if not set we'll use Imagick or GD extensions)
value: null
section: 'system'
state: 'init'
- name: 'im_convert_path'
comment: |
Path to imagemagick convert binary (if not set we'll use Imagick or GD extensions)
value: null
section: 'system'
state: 'init'
- name: 'image_thumbnail_size'
comment: |
Size of thumbnails from image attachments displayed below the message content.
Note: whether images are displayed at all depends on the 'inline_images' option.
Set to 0 to display images in full size.
value: 240
section: 'system'
state: 'init'
- name: 'contact_photo_size'
comment: 'Maximum size of uploaded contact photos in pixel'
value: 160
section: 'system'
state: 'init'
- name: 'email_dns_check'
comment: 'Enable DNS checking for e-mail address validation'
value: False
section: 'system'
state: 'init'
- name: 'no_save_sent_messages'
comment: |
Disables saving sent messages in Sent folder (like gmail) (Default: false)
Note: useful when SMTP server stores sent mail in user mailbox
value: False
section: 'system'
state: 'init'
- name: 'use_secure_urls'
comment: |
Improve system security by using special URL with security token.
This can be set to a number defining token length. Default: 16.
Warning: This requires http server configuration. Sample:
RewriteRule ^/roundcubemail/[a-zA-Z0-9]{16}/(.*) /roundcubemail/$1 [PT]
Alias /roundcubemail /var/www/roundcubemail/
Note: Use assets_path to not prevent the browser from caching assets
value: False
section: 'system'
state: 'init'
- name: 'assets_path'
comment: |
Allows to define separate server/path for image/js/css files
Warning: If the domain is different cross-domain access to some
resources need to be allowed
Sample:
<FilesMatch ".(eot|ttf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
value: ''
section: 'system'
state: 'init'
- name: 'assets_dir'
comment: |
While assets_path is for the browser, assets_dir informs
PHP code about the location of asset files in filesystem
value: ''
section: 'system'
state: 'init'
# [[[ plugins
- name: 'plugins'
comment: 'List of active plugins (in plugins/ directory)'
value: [ 'archive', 'zipdownload' ]
section: 'plugins'
# [[[ ui
- name: 'message_sort_col'
comment: |
Default messages sort column. Use empty value for default server's sorting,
or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'
value: ''
section: 'ui'
state: 'init'
- name: 'message_sort_order'
comment: 'Default messages sort order'
value: 'DESC'
section: 'ui'
state: 'init'
- name: 'list_cols'
comment: |
These cols are shown in the message list. Available cols are:
subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, priority
value: [ 'subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment' ]
section: 'ui'
state: 'init'
- name: 'language'
comment: |
The default locale setting (leave empty for auto-detection)
RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
value: null
section: 'ui'
state: 'init'
- name: 'date_format'
comment: 'Use this format for date display (date or strftime format)'
value: 'Y-m-d'
section: 'ui'
state: 'init'
- name: 'date_formats'
comment: |
Give this choice of date formats to the user to select from
Note: do not use ambiguous formats like m/d/Y
value: [ 'Y-m-d', 'Y/m/d', 'Y.m.d', 'd-m-Y', 'd/m/Y', 'd.m.Y', 'j.n.Y' ]
section: 'ui'
state: 'init'
- name: 'time_format'
comment: 'Use this format for time display (date or strftime format)'
value: 'H:i'
section: 'ui'
state: 'init'
- name: 'time_formats'
comment: 'Give this choice of time formats to the user to select from'
value: [ 'G:i', 'H:i', 'g:i a', 'h:i A' ]
section: 'ui'
state: 'init'
- name: 'date_short'
comment: |
Use this format for short date display (derived from date_format and
time_format)
value: 'D H:i'
section: 'ui'
state: 'init'
- name: 'date_long'
comment: |
Use this format for detailed date/time formatting (derived from
date_format and time_format)
value: 'Y-m-d H:i'
section: 'ui'
state: 'init'
- name: 'drafts_mbox'
comment: |
Store draft message is this mailbox
Leave blank if draft messages should not be stored
NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
value: 'Drafts'
section: 'ui'
state: 'init'
- name: 'junk_mbox'
comment: |
Store spam messages in this mailbox
NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
value: 'Junk'
section: 'ui'
state: 'init'
- name: 'sent_mbox'
comment: |
Store sent message is this mailbox
Leave blank if sent messages should not be stored
NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
value: 'Sent'
section: 'ui'
state: 'init'
- name: 'trash_mbox'
comment: |
Move messages to this folder when deleting them
Leave blank if they should be deleted directly
NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
value: 'Trash'
section: 'ui'
state: 'init'
- name: 'create_default_folders'
comment: |
Automatically create the above listed default folders on user login
value: False
section: 'ui'
state: 'init'
- name: 'protect_default_folders'
comment: |
Protect the default folders from renames, deletes, and subscription changes
value: True
section: 'ui'
state: 'init'
- name: 'show_real_foldernames'
comment: |
Disable localization of the default folder names listed above
value: False
section: 'ui'
state: 'init'
- name: 'quota_zero_as_unlimited'
comment: |
If in your system 0 quota means no limit set this option to true
value: False
section: 'ui'
state: 'init'
- name: 'enable_spellcheck'
comment: |
Make use of the built-in spell checker. It is based on GoogieSpell.
value: True
section: 'ui'
state: 'init'
- name: 'spellcheck_engine'
comment: |
Set the spell checking engine. Possible values:
- 'googie' - the default (also used for connecting to Nox Spell Server, see 'spellcheck_uri' setting)
- 'pspell' - requires the PHP Pspell module and aspell installed
- 'enchant' - requires the PHP Enchant module
- 'atd' - install your own After the Deadline server or check with
the people at http://www.afterthedeadline.com before using their API
Since Google shut down their public spell checking service, the default settings
connect to https://spell.roundcube.net/ which is a hosted service provided by Roundcube.
You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
value: 'googie'
section: 'ui'
state: 'init'
- name: 'spellcheck_uri'
comment: |
For locally installed Nox Spell Server or After the Deadline services,
please specify the URI to call it.
Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 or
the After the Deadline package from http://www.afterthedeadline.com.
Leave empty to use the public API of service.afterthedeadline.com
value: ''
section: 'ui'
state: 'init'
- name: 'spellcheck_languages'
comment: |
These languages can be selected for spell checking.
Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
Leave empty for default set of available language.
value: null
section: 'ui'
state: 'init'
- name: 'spellcheck_ignore_caps'
comment: |
Makes that words with all letters capitalized will be ignored (e.g. GOOGLE)
value: False
section: 'ui'
state: 'init'
- name: 'spellcheck_ignore_nums'
comment: |
Makes that words with numbers will be ignored (e.g. g00gle)
value: False
section: 'ui'
state: 'init'
- name: 'spellcheck_ignore_syms'
comment: |
Makes that words with symbols will be ignored (e.g. g@@gle)
value: False
section: 'ui'
state: 'init'
- name: 'sig_max_lines'
comment: |
Number of lines at the end of a message considered to contain the signature.
Increase this value if signatures are not properly detected and colored
value: 15
section: 'ui'
state: 'init'
- name: 'max_pagesize'
comment: |
Don't let users set pagesize to more than this value if set
value: 200
section: 'ui'
state: 'init'
- name: 'min_refresh_interval'
comment: |
Minimal value of user's 'refresh_interval' setting (in seconds)
value: 60
section: 'ui'
state: 'init'
- name: 'undo_timeout'
comment: |
Specifies for how many seconds the Undo button will be available
after object delete action. Currently used with supporting address book sources.
Setting it to 0, disables the feature.
value: 0
section: 'ui'
state: 'init'
- name: 'compose_responses_static'
comment: |
A static list of canned responses which are immutable for the user
array:
- [ 'name': 'Canned Response 1', 'text': 'Static Response One' ]
- [ 'name': 'Canned Response 2', 'text': 'Static Response Two' ]
section: 'ui'
state: 'init'
- name: 'keyservers'
comment: |
List of HKP key servers for PGP public key lookups in Enigma/Mailvelope
Default: array("keys.fedoraproject.org", "keybase.io")
value: []
section: 'ui'
state: 'init'
# [[[ addressbook
- name: 'address_book_type'
comment: |
This indicates which type of address book to use. Possible choises:
'sql' - built-in sql addressbook enabled (default),
'' - built-in sql addressbook disabled.
Still LDAP or plugin-added addressbooks will be available.
BC Note: The value can actually be anything except 'sql', it does not matter.
value: 'sql'
section: 'addressbook'
state: 'init'
- name: 'ldap_public'
comment: |
In order to enable public ldap search, configure an array like the Verisign
example further below. if you would like to test, simply uncomment the example.
Array key must contain only safe characters, ie. a-zA-Z0-9_
value: []
section: 'addressbook'
state: 'init'
- name: 'ldap_public_verisign'
option: [ 'ldap_public', 'Verisign' ]
comment: |
If you are going to use LDAP for individual address books, you will need to
set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
The recommended directory structure for LDAP is to store all the address book entries
under the users main entry, e.g.:
o=root
ou=people
uid=user@domain
mail=contact@contactdomain
So the base_dn would be uid=%fu,ou=people,o=root
The bind_dn would be the same as based_dn or some super user login.
array:
- name: 'Verisign.com'
# Replacement variables supported in host names:
# %h - user's IMAP hostname
# %n - hostname ($_SERVER['SERVER_NAME'])
# %t - hostname without the first part
# %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
# %z - IMAP domain (IMAP hostname without the first part)
# For example %n = mail.domain.tld, %t = domain.tld
hosts: [ 'directory.verisign.com' ]
port: 389
use_tls: False
ldap_version: 3 # using LDAPv3
# The timeout (in seconds) for connect + bind arrempts. This is only
# supported in PHP >= 5.3.0 with OpenLDAP 2.x
network_timeout: 10
# If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
user_specific: False
# When 'user_specific' is enabled following variables can be used in base_dn/bind_dn config:
# %fu - The full username provided, assumes the username is an email
# address, uses the username_domain value if not an email address.
# %u - The username prior to the '@'.
# %d - The domain name after the '@'.
# %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
# %dn - DN found by ldap search when search_filter/search_base_dn are used
base_dn: ''
bind_dn: ''
bind_pass: ''
# It's possible to bind for an individual address book
# The login name is used to search for the DN to bind with
search_base_dn: ''
search_filter: '' # e.g. '(& (objectClass=posixAccount) (uid=%u) )'
# DN and password to bind as before searching for bind DN, if anonymous search is not allowed
search_bind_dn: ''
search_bind_pw: ''
# Base DN and filter used for resolving the user's domain root DN which feeds the %dc variables
# Leave empty to skip this lookup and derive the root DN from the username domain
domain_base_dn: ''
domain_filter: ''
# Optional map of replacement strings => attributes used when binding for an individual address book
search_bind_attrib: [] # e.g. array('%udc' => 'ou')
# Default for %dn variable if search doesn't return DN value
search_dn_default: ''
# Optional authentication identifier to be used as SASL authorization proxy
# bind_dn need to be empty
auth_cid: ''
# SASL authentication method (for proxy auth), e.g. DIGEST-MD5
auth_method: ''
# Indicates if the addressbook shall be hidden from the list.
# With this option enabled you can still search/view contacts.
hidden: False
# Indicates if the addressbook shall not list contacts but only allows searching.
searchonly: False
# Indicates if we can write to the LDAP directory or not.
# If writable is true then these fields need to be populated:
# LDAP_Object_Classes, required_fields, LDAP_rdn
writable: False
# To create a new contact these are the object classes to specify
# (or any other classes you wish to use).
LDAP_Object_Classes: [ 'top', 'inetOrgPerson' ]
# The RDN field that is used for new entries, this field needs
# to be one of the search_fields, the base of base_dn is appended
# to the RDN to insert into the LDAP directory.
LDAP_rdn: 'cn'
# The required fields needed to build a new contact as required by
# the object classes (can include additional fields not required by the object classes).
required_fields: [ 'cn', 'sn', 'mail' ]
search_fields: [ 'mail', 'cn' ] # Fields to search in
# Mapping of contact fields to directory attributes
# 1. for every attribute one can specify the number of values (limit) allowed.
# default is 1, a wildcard * means unlimited
# 2. another possible parameter is separator character for composite fields
# 3. it's possible to define field format for write operations, e.g. for date fields
# example: 'birthday:date[YmdHis\\Z]'
fieldmap:
# Roundcube LDAP:limit
- 'name': 'cn'
'surname': 'sn'
'firstname': 'givenName'
'jobtitle': 'title'
'email': 'mail:*'
'phone:home': 'homePhone'
'phone:work': 'telephoneNumber'
'phone:mobile': 'mobile'
'phone:pager': 'pager'
'phone:workfax': 'facsimileTelephoneNumber'
'street': 'street'
'zipcode': 'postalCode'
'region': 'st'
'locality': 'l'
# If you country is a complex object, you need to configure 'sub_fields' below
'country': 'c'
'organization': 'o'
'department': 'ou'
'notes': 'description'
'photo': 'jpegPhoto'
# These currently don't work
#'manager': 'manager'
#'assistant': 'secretary'
# Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country'
sub_fields: []
# Generate values for the following LDAP attributes automatically when creating a new record
autovalues:
- 'uid': 'md5(microtime())' # You may specify PHP code snippets which are then eval'ed
'mail': '{givenname}.{sn}@mydomain.com' # or composite strings with placeholders for existing attributes
sort: 'cn' # The field to sort the listing by.
scope: 'sub' # Search mode sub|base|list
# Used for basic listing (if not empty) and will be &'d with search queries. Example: status=act
filter: '(objectClass=inetOrgPerson)'
fuzzy_search: True # Server allows wildcard search
# Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
vlv: False
# Use Virtual List View functions for autocompletion searches (if server supports it)
vlv_search: False
# With VLV, we also use numSubOrdinates to query the total number of
# records. Set this filter to get all numSubOrdinates attributes for
# counting
numsub_filter: '(objectClass=organizationalUnit)'
# Root DN to search config entries (e.g. vlv indexes)
config_root_dn: 'cn=config'
# Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
sizelimit: '0'
# Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
timelimit: '0'
# Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
referrals: False
# Sets the LDAP_OPT_DEREF option. One of: LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, LDAP_DEREF_FINDING, LDAP_DEREF_ALWAYS
# Used where addressbook contains aliases to objects elsewhere in the LDAP tree.
dereference: 0
# Definition for contact groups (uncomment if no groups are supported)
# for the groups base_dn, the user replacements %fu, %u, %d and %dc work as for base_dn (see above)
# if the groups base_dn is empty, the contact base_dn is used for the groups as well
# -> in this case, assure that groups and contacts are separated due to the concernig filters!
groups:
- 'base_dn': ''
'scope': 'sub' # Search mode: sub|base|list
'filter': '(objectClass=groupOfNames)'
'object_classes': [ 'top', 'groupOfNames' ] # Object classes to be assigned to new groups
'member_attr': 'member' # Name of the default member attribute, e.g. uniqueMember
'name_attr': 'cn' # Attribute to be used as group name
'email_attr': 'mail' # Group email address attribute (e.g. for mailing lists)
'member_filter': '(objectClass=*)' # Optional filter to use when querying for group members
'vlv': False # Use VLV controls to list groups
'class_member_attr': # Mapping of group object class to member attribute used in these objects
- 'groupOfNames': 'member'
'groupOfUniqueNames': 'uniqueMember'
# This configuration replaces the regular groups listing in the directory tree with
# a hard-conoded list of groups, each listing entries with the configured base DN and filter.
# if the 'groups' option from above is set, it'll be shown as the first entry with the name 'Groups'
group_filters:
- departments:
- 'name': 'Company Departments'
'scope': 'list'
'base_dn': 'ou=Groups,dc=mydomain,dc=com'
'filter': '(| (objectclass=groupOfUniqueNames) (objectclass=groupOfURLs) )'
'name_attr': 'cn'
- customers:
- 'name': 'Customers'
'scope': 'sub'
'base_dn': 'ou=Customers,dc=mydomain,dc=com'
'filter': '(objectClass=inetOrgPerson)'
'name_attr': 'sn'
section: 'addressbook'
state: 'init'
- name: 'autocomplete_addressbooks'
comment: |
An ordered array of the ids of the addressbooks that should be searched
when populating address autocomplete fields server-side. ex: array('sql','Verisign');
value: [ 'sql' ]
section: 'addressbook'
state: 'init'
- name: 'autocomplete_min_length'
comment: |
The minimum number of characters required to be typed in an autocomplete field
before address books will be searched. Most useful for LDAP directories that
may need to do lengthy results building given overly-broad searches
value: 1
section: 'addressbook'
state: 'init'
- name: 'autocomplete_threads'
comment: |
Number of parallel autocomplete requests.
If there's more than one address book, n parallel (async) requests will be created,
where each request will search in one address book. By default (0), all address
books are searched in one request.
value: 0
section: 'addressbook'
state: 'init'
- name: 'autocomplete_max'
comment: 'Max. number of entries in autocomplete popup. Default: 15.'
value: 15
section: 'addressbook'
state: 'init'
- name: 'address_template'
comment: |
Show address fields in this order
Available placeholders: {street}, {locality}, {zipcode}, {country}, {region}
value: '{street}<br/>{locality} {zipcode}<br/>{country} {region}'
section: 'addressbook'
state: 'init'
- name: 'addressbook_search_mode'
comment: |
Matching mode for addressbook search (including autocompletion)
0 - partial (*abc*), default
1 - strict (abc)
2 - prefix (abc*)
Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode
value: 0
section: 'addressbook'
state: 'init'
- name: 'contactlist_fields'
comment: |
List of fields used on contacts list and for autocompletion searches
Warning: These are field names not LDAP attributes (see 'fieldmap' setting)!
value: [ 'name', 'firstname', 'surname', 'email' ]
section: 'addressbook'
state: 'init'
- name: 'contact_search_name'
comment: |
Template of contact entry on the autocompletion list.
You can use contact fields as: name, email, organization, department, etc.
See program/steps/addressbook/func.inc for a list
value: '{name} <{email}>'
section: 'addressbook'
state: 'init'
# [[[ userprefs
- name: 'default_charset'
comment: 'Use this charset as fallback for message decoding'
value: 'ISO-8859-1'
section: 'userprefs'
state: 'init'
- name: 'skin'
comment: 'Skin name: folder from skins/'
value: 'elastic'
section: 'userprefs'
- name: 'skins_allowed'
comment: 'Limit skins available/shown in the settings section'
value: []
section: 'userprefs'
state: 'init'
- name: 'standard_windows'
comment: |
Enables using standard browser windows (that can be handled as tabs)
instead of popup windows
value: False
section: 'userprefs'
state: 'init'
- name: 'mail_pagesize'
comment: 'Show up to X items in messages list view'
value: 50
section: 'userprefs'
state: 'init'
- name: 'addressbook_pagesize'
comment: 'Show up to X items in contacts list view'
value: 50
section: 'userprefs'
state: 'init'
- name: 'addressbook_sort_col'
comment: |
Sort contacts by this col (preferably either one of name, firstname, surname)
value: 'surname'
section: 'userprefs'
state: 'init'
- name: 'addressbook_name_listing'
comment: |
The way how contact names are displayed in the list.
0: prefix firstname middlename surname suffix (only if display name is not set)
1: firstname middlename surname
2: surname firstname middlename
3: surname, firstname middlename
value: 0
section: 'userprefs'
state: 'init'
- name: 'timezone'
comment: |
Use this timezone to display date/time
Valid timezone identifiers are listed here: php.net/manual/en/timezones.php
'auto' will use the browser's timezone settings
value: 'auto'
section: 'userprefs'
state: 'init'
- name: 'prefer_html'
comment: 'Prefer displaying HTML messages'
value: True
section: 'userprefs'
state: 'init'
- name: 'show_images'
comment: |
Display remote resources (inline images, styles)
0 - Never, always ask
1 - Ask if sender is not in address book
2 - Always allow
value: 0
section: 'userprefs'
state: 'init'
- name: 'message_extwin'
comment: 'Open messages in new window'
value: False
section: 'userprefs'
state: 'init'
- name: 'compose_extwin'
comment: 'Open message compose form in new window'
value: False
section: 'userprefs'
state: 'init'
- name: 'htmleditor'
comment: |
Compose html formatted messages by default
0 - never,
1 - always,
2 - on reply to HTML message,
3 - on forward or reply to HTML message
4 - always, except when replying to plain text message
value: 0
section: 'userprefs'
state: 'init'
- name: 'compose_save_localstorage'
comment: |
Save copies of compose messages in the browser's local storage
for recovery in case of browser crashes and session timeout.
value: True
section: 'userprefs'
state: 'init'
- name: 'prettydate'
comment: 'Show pretty dates as standard'
value: True
section: 'userprefs'
state: 'init'
- name: 'draft_autosave'
comment: 'Save compose message every 300 seconds (5min)'
value: 300
section: 'userprefs'
state: 'init'
- name: 'layout'
comment: |
Interface layout. Default: 'widescreen'.
'widescreen' - three columns
'desktop' - two columns, preview on bottom
'list' - two columns, no preview
value: 'widescreen'
section: 'userprefs'
state: 'init'
- name: 'mail_read_time'
comment: |
Mark as read when viewing a message (delay in seconds)
Set to -1 if messages should not be marked as read
value: 0
section: 'userprefs'
state: 'init'
- name: 'logout_purge'
comment: 'Clear Trash on logout'
value: False
section: 'userprefs'
state: 'init'
- name: 'logout_expunge'
comment: 'Compact INBOX on logout'
value: False
section: 'userprefs'
state: 'init'
- name: 'inline_images'
comment: 'Display attached images below the message body'
value: True
section: 'userprefs'
state: 'init'
- name: 'mime_param_folding'
comment: |
Encoding of long/non-ascii attachment names:
0 - Full RFC 2231 compatible
1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
2 - Full 2047 compatible
value: 1
section: 'userprefs'
state: 'init'
- name: 'skip_deleted'
comment: |
Set true if deleted messages should not be displayed
This will make the application run slower
value: False
section: 'userprefs'
state: 'init'
- name: 'read_when_deleted'
comment: |
Set true to Mark deleted messages as read as well as deleted
False means that a message's read status is not affected by marking it as deleted
value: True
section: 'userprefs'
state: 'init'
- name: 'flag_for_deletion'
comment: |
Set to true to never delete messages immediately
Use 'Purge' to remove messages marked as deleted
value: False
section: 'userprefs'
state: 'init'
- name: 'refresh_interval'
comment: |
Default interval for auto-refresh requests (in seconds)
These are requests for system state updates e.g. checking for new messages, etc.
Setting it to 0 disables the feature.
value: 60
section: 'userprefs'
state: 'init'
- name: 'check_all_folders'
comment: 'If true all folders will be checked for recent messages'
value: False
section: 'userprefs'
state: 'init'
- name: 'display_next'
comment: |
If true, after message/contact delete/move, the next message/contact will be displayed
value: True
section: 'userprefs'
state: 'init'
- name: 'default_list_mode'
comment: |
Default messages listing mode. One of 'threads' or 'list'.
value: 'list'
section: 'userprefs'
state: 'init'
- name: 'autoexpand_threads'
comment: |
0 - Do not expand threads
1 - Expand all threads automatically
2 - Expand only threads with unread messages
value: 0
section: 'userprefs'
state: 'init'
- name: 'reply_mode'
comment: |
When replying:
-1 - don't cite the original message
0 - place cursor below the original message
1 - place cursor above original message (top posting)
2 - place cursor above original message (top posting), but do not indent the quote
value: 0
section: 'userprefs'
state: 'init'
- name: 'strip_existing_sig'
comment: 'When replying strip original signature from message'
value: True
section: 'userprefs'
state: 'init'
- name: 'show_sig'
comment: |
Show signature:
0 - Never
1 - Always
2 - New messages only
3 - Forwards and Replies only
value: 1
section: 'userprefs'
state: 'init'
- name: 'sig_below'
comment: |
By default the signature is placed depending on cursor position (reply_mode).
Sometimes it might be convenient to start the reply on top but keep
the signature below the quoted text (sig_below = true).
value: False
section: 'userprefs'
state: 'init'
- name: 'sig_separator'
comment: |
Enables adding of standard separator to the signature
value: True
section: 'userprefs'
state: 'init'
- name: 'force_7bit'
comment: |
Use MIME encoding (quoted-printable) for 8bit characters in message body
value: False
section: 'userprefs'
state: 'init'
- name: 'search_mods'
comment: |
Defaults of the search field configuration.
The array can contain a per-folder list of header fields which should be considered when searching
The entry with key '*' stands for all folders which do not have a specific list set.
Please note that folder names should to be in sync with $config['*_mbox'] options
Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1));
value: null
section: 'userprefs'
state: 'init'
- name: 'addressbook_search_mods'
comment: |
Defaults of the addressbook search field configuration.
Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
value: null
section: 'userprefs'
state: 'init'
- name: 'delete_junk'
comment: 'Directly delete messages in Junk instead of moving to Trash'
value: False
section: 'userprefs'
state: 'init'
- name: 'mdn_requests'
comment: |
Behavior if a received message requests a message delivery notification (read receipt)
0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
3 = send automatically if sender is in addressbook, otherwise ask the user
4 = send automatically if sender is in addressbook, otherwise ignore
value: 0
section: 'userprefs'
state: 'init'
- name: 'mdn_default'
comment: 'Return receipt checkbox default state'
value: 0
section: 'userprefs'
state: 'init'
- name: 'dsn_default'
comment: |
Delivery Status Notification checkbox default state
Note: This can be used only if smtp_server is non-empty
value: 0
section: 'userprefs'
state: 'init'
- name: 'reply_same_folder'
comment: |
Place replies in the folder of the message being replied to
value: False
section: 'userprefs'
state: 'init'
- name: 'forward_attachment'
comment: |
Sets default mode of Forward feature to "forward as attachment"
value: False
section: 'userprefs'
state: 'init'
- name: 'default_addressbook'
comment: |
Defines address book (internal index) to which new contacts will be added
By default it is the first writeable addressbook.
Note: Use '0' for built-in address book.
value: null
section: 'userprefs'
state: 'init'
- name: 'spellcheck_before_send'
comment: 'Enables spell checking before sending a message.'
value: False
section: 'userprefs'
state: 'init'
- name: 'autocomplete_single'
comment: |
Skip alternative email addresses in autocompletion (show one address per contact)
value: False
section: 'userprefs'
state: 'init'
- name: 'default_font'
comment: |
Default font for composed HTML message.
Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New,
Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana
value: 'Verdana'
section: 'userprefs'
state: 'init'
- name: 'default_font_size'
comment: |
Default font size for composed HTML message.
Supported sizes: 8pt, 10pt, 12pt, 14pt, 18pt, 24pt, 36pt
value: '10pt'
section: 'userprefs'
state: 'init'
- name: 'message_show_email'
comment: |
Enables display of email address with name instead of a name (and address in title)
value: False
section: 'userprefs'
state: 'init'
- name: 'reply_all_mode'
comment: |
Default behavior of Reply-All button:
0 - Reply-All always
1 - Reply-List if mailing list is detected
value: 0
section: 'userprefs'
state: 'init'
- roundcube__default_configuration
This list defines Roundcube configuration options which are defined by the role and override the original configuration options.
roundcube__default_configuration:
- name: 'db_dsnw'
value: '{{ "sqlite:///" + roundcube__git_dest + "/"
+ roundcube__database_map[roundcube__database].dbname|d()
+ "?mode=640" }}'
state: '{{ "present"
if (roundcube__database_map[roundcube__database].dbtype == "sqlite")
else "ignore" }}'
- name: 'db_dsnw'
value: '{{ "mysql://" + roundcube__database_map[roundcube__database].dbuser|d() + ":"
+ roundcube__database_map[roundcube__database].dbpass|d() + "@"
+ roundcube__database_map[roundcube__database].dbhost|d() + "/"
+ roundcube__database_map[roundcube__database].dbname|d() }}'
state: '{{ "present"
if (roundcube__database_map[roundcube__database].dbtype == "mysql")
else "ignore" }}'
- name: 'db_dsnw'
value: '{{ "pgsql://" + roundcube__database_map[roundcube__database].dbuser|d() + ":"
+ roundcube__database_map[roundcube__database].dbpass|d() + "@"
+ roundcube__database_map[roundcube__database].dbhost|d() + "/"
+ roundcube__database_map[roundcube__database].dbname|d() }}'
state: '{{ "present"
if (roundcube__database_map[roundcube__database].dbtype == "postgresql")
else "ignore" }}'
- name: 'log_driver'
comment: |
Log driver: "syslog", "stdout" or "file"
value: '{{ roundcube__log_driver }}'
- name: 'default_host'
value: '{{ roundcube__imap_server }}'
- name: 'default_port'
comment: 'TCP port used for IMAP connections'
value: '{{ roundcube__imap_port }}'
value_cast: 'int'
# Enable use of memcached to cache IMAP indexes, if local memcached
# instance is detected
- name: 'imap_cache'
value: 'memcached'
state: '{{ "present" if roundcube__memcached_enabled|bool else "ignore" }}'
# Enable message caching in the database if the IMAP server is remote
- name: 'messages_cache'
value: True
state: '{{ "ignore"
if (ansible_local|d() and ansible_local.dovecot|d() and
(ansible_local.dovecot.installed|d())|bool)
else "present" }}'
- name: 'smtp_server'
value: '{{ roundcube__smtp_server }}'
- name: 'smtp_port'
value: '{{ roundcube__smtp_port }}'
value_cast: 'int'
- name: 'smtp_user'
value: '{{ roundcube__smtp_user }}'
- name: 'smtp_pass'
value: '{{ roundcube__smtp_pass }}'
# Enable use of memcached to cache LDAP data, if local memcached instance
# is detected
- name: 'ldap_cache'
value: 'memcached'
state: '{{ "present" if roundcube__memcached_enabled|bool else "ignore" }}'
# Enable support for memcached on localhost if it's detected
- name: 'memcache_hosts'
value: '{{ roundcube__memcached_hosts }}'
state: '{{ "present" if roundcube__memcached_enabled|bool else "ignore" }}'
# Enable support for Redis on localhost if it's detected
- name: 'redis_hosts'
value: '{{ roundcube__redis_hosts }}'
state: '{{ "present" if roundcube__redis_enabled|bool else "ignore" }}'
- name: 'skin_logo'
value: '{{ roundcube__skin_logo }}'
# Ensure that all communication to the client is encrypted
- name: 'force_https'
value: True
# Configure preferred session storage backend
- name: 'session_storage'
value: '{{ roundcube__session_storage }}'
state: '{{ "present" if roundcube__session_storage|d() else "ignore" }}'
- name: 'des_key'
value: '{{ roundcube__des_key }}'
# Roundcube developers consider this a better choice
- name: 'cipher_method'
value: 'AES-256-CBC'
- name: 'username_domain'
value: '{{ roundcube__username_domain }}'
# Slow down potential bots
- name: 'sendmail_delay'
value: 5
- name: 'product_name'
value: '{{ roundcube__product_name }}'
# Use the system-wide MIME database from the 'mime-support' APT package
- name: 'mime_types'
value: '/etc/mime.types'
# Help mitigate mails to non-existent DNS domains
- name: 'email_dns_check'
value: True
- name: 'plugins'
value: '{{ roundcube__combined_plugins | parse_kv_items
| selectattr("state", "equalto", "enabled")
| map(attribute="name") | list | unique }}'
# Create Special Folders automatically. This will ensure that the Junk
# folder is present and selected in the preferences.
- name: 'create_default_folders'
value: True
# Set minimum refresh interval available to users to 5 minutes, to lower
# the IMAP server load.
- name: 'min_refresh_interval'
value: 300
# Enable autocompletion for the LDAP address book.
- name: 'autocomplete_addressbooks'
value: '{{ ([ "sql" ] + ([ "People" ] if roundcube__ldap_enabled|bool else []))
| flatten }}'
state: '{{ "present" if roundcube__ldap_enabled|bool else "ignore" }}'
# Set the default number of autocompletion characters for lower sever load.
- name: 'autocomplete_min_length'
value: 3
# Only pick single e-mail address in autocomplete, this reduces the number
# of entries shown to the user.
- name: 'autocomplete_single'
value: True
# Configure the access to the default LDAP address book managed by DebOps.
# Roundcube will use user credentials to login to the LDAP directory.
- name: 'ldap_public_people'
option: [ 'ldap_public', 'People' ]
section: 'addressbook'
state: '{{ "present" if roundcube__ldap_enabled|bool else "ignore" }}'
array:
- name: '{{ roundcube__ldap_addressbook_name }}'
hosts: '{{ roundcube__ldap_hosts }}'
port: '{{ roundcube__ldap_port }}'
use_tls: '{{ roundcube__ldap_use_tls }}'
ldap_version: 3
user_specific: True
base_dn: '{{ roundcube__ldap_people_dn | join(",") }}'
bind_dn: '{{ "uid=%u," + roundcube__ldap_people_dn | join(",") }}'
bind_pass: ''
search_base_dn: '{{ roundcube__ldap_base_dn | join(",") }}'
search_filter: '(&
(objectClass=mailRecipient)
(|
(uid=%u)
(mail=%fu)
)
)'
search_bind_dn: '{{ roundcube__ldap_binddn }}'
search_bind_pw: '{{ roundcube__ldap_bindpw }}'
filter: '(objectClass=inetOrgPerson)'
scope: 'sub'
searchonly: True
vlv: False
sort: 'sn'
search_fields: [ 'sn', 'cn', 'mail', 'telephoneNumber' ]
hidden: '{{ roundcube__ldap_hidden }}'
writable: False
groups:
- base_dn: '{{ roundcube__ldap_groups_dn | join(",") }}'
filter: '(objectClass=groupOfNames)'
object_classes: [ 'groupOfNames' ]
fieldmap: [ '{{ roundcube__ldap_field_map }}' ]
# Set the default mail charset to Unicode
- name: 'default_charset'
value: 'UTF-8'
- name: 'skin'
value: '{{ roundcube__skin_folder }}'
# Don't prefer HTML message view by default
- name: 'prefer_html'
value: False
# Refresh the mail status in longer intervals (15 minutes) by default, to
# make the IMAP server load lower.
- name: 'refresh_interval'
value: 900
# Delete spam messages without moving them to Trash first
- name: 'delete_junk'
value: True
# Forward e-mails as attachments by default
- name: 'forward_attachment'
value: True
# Display the sender e-mail address by default to help users detect forged
# senders
- name: 'message_show_email'
value: True
# Better support for mailing lists
- name: 'reply_all_mode'
value: 1
- name: 'swipe_actions'
comment: |
Configuration for the 'swipe' Roundcube plugin
array:
- messagelist:
- left: 'swipe-read'
right: 'move'
down: 'checkmail'
- contactlist:
- left: 'none'
right: 'compose'
down: 'none'
- name: 'enable_spellcheck'
value: True
state: 'present'
- name: 'spellcheck_engine'
value: 'enchant'
state: 'present'
- name: 'spellcheck_ignore_caps'
value: True
state: 'present'
- name: 'spellcheck_ignore_nums'
value: True
state: 'present'
- name: 'spellcheck_ignore_syms'
value: True
state: 'present'
- roundcube__configuration
This list defines Roundcube configuration options which should be present on all hosts in the Ansible inventory.
roundcube__configuration: []
- roundcube__group_configuration
This list defines Roundcube configuration options which should be present on hosts in a specific Ansible inventory group.
roundcube__group_configuration: []
- roundcube__host_configuration
This list defines Roundcube configuration options which should be present on specific hosts in the Ansible inventory.
roundcube__host_configuration: []
- roundcube__combined_configuration
This variable combines all Roundcube configuration lists and is used in role tasks and templates.
roundcube__combined_configuration: '{{ roundcube__original_configuration
+ roundcube__default_configuration
+ roundcube__configuration
+ roundcube__group_configuration
+ roundcube__host_configuration }}'
Configuration file sections
These variables define the sections in the Roundcube
config/config.inc.php
configuration file. See
roundcube__configuration_sections for more details.
- roundcube__default_configuration_sections
The list of the default configuration sections defined by the role.
roundcube__default_configuration_sections:
- name: 'init'
state: 'hidden'
- name: 'sql'
title: 'SQL DATABASE'
- name: 'logging'
title: 'LOGGING/DEBUGGING'
- name: 'imap'
- name: 'smtp'
- name: 'ldap'
- name: 'cache'
title: 'CACHE(S)'
- name: 'system'
- name: 'plugins'
- name: 'ui'
title: 'USER INTERFACE'
- name: 'addressbook'
title: 'ADDRESSBOOK SETTINGS'
- name: 'userprefs'
title: 'USER PREFERENCES'
- name: 'unknown'
title: 'OTHER OPTIONS'
- roundcube__configuration_sections
List of configuration sections defined by the user.
roundcube__configuration_sections: []
- roundcube__combined_configuration_sections
Variable which combines all of the configuration section lists and is used in role tasks and templates.
roundcube__combined_configuration_sections: '{{ roundcube__default_configuration_sections
+ roundcube__configuration_sections }}'
Roundcube plugins
The variables below contain configuration of Roundcube plugins installed using PHP Composer. See roundcube__plugins for more details.
- roundcube__default_plugins
List of Roundcube plugins configured by the role.
roundcube__default_plugins:
# Plugin that adds a new button to the toolbar to move messages to a (user
# selectable) archive folder.
- name: 'archive'
state: 'enabled'
# This is a core plugin which provides supprt for handling attachments
# through the filesystem. It might be required by other plugins.
- name: 'filesystem_attachments'
state: 'enabled'
# This plugin provides jQuery library and features for other plugins.
- name: 'jqueryui'
state: 'enabled'
# This plugin adds an option to download all attachments to a message in
# one zip file, when a message has multiple attachments. The plugin also
# allows the download of a selection of messages in 1 zip file.
- name: 'zipdownload'
state: 'enabled'
options:
- name: 'zipdownload_attachments'
comment: |
Zip attachments
Only show the link when there are more than this many attachments
-1 to prevent downloading of attachments as zip
value: 1
- name: 'zipdownload_selection'
comment: |
Zip selection of mail messages
This option enables downloading of multiple messages as one zip archive.
The number or string value specifies maximum total size of all messages
in the archive (not the size of the archive itself).
value: '50MB'
- name: 'zipdownload_charset'
comment: |
Charset to use for filenames inside the zip
value: 'UTF-8'
# This entry installs the libraries required for LDAP support in Roundcube.
# It's not a real plugin.
- name: 'ldap_support'
package: 'kolab/net_ldap3'
state: '{{ "present" if roundcube__ldap_enabled|bool else "ignore" }}'
# This plugin adds right-click context menus to various parts of the
# Roundcube interface.
- name: 'contextmenu'
package: 'johndoh/contextmenu{{ ":3.2.1"
if roundcube__git_version is version("1.5", "<") else "" }}'
state: 'enabled'
# This plugin provides a toolbar button annd folder menu option which
# calculates and displays the sizes of the message folders.
- name: 'show_folder_size'
package: 'jfcherng/show-folder-size'
state: 'enabled'
options:
- name: 'auto_show_folder_size'
comment: |
Automatically show the folder size without clicking on the toolbar button.
This could be a serious performance penalty if there are many users
value: False
- name: 'show_mailboxoptions_button'
comment: 'Show mailbox options button'
value: True
- name: 'show_toolbar_button'
comment: 'Show the toolbar button'
value: False
# This plugin adds a button on the main toolbar which opens the
# Nextcloud/ownCloud instance at specified URL.
- name: 'cloud_button'
package: 'san4op/cloud_button'
state: 'enabled'
options:
- name: 'cloud_button_url'
comment: 'URL to cloud storage'
value: '{{ "https://cloud." + ansible_domain + "/" }}'
# This plugin uses the LDAP directory to create the user identity at login.
# Roundcube 1.4.x might need to be patched for this to work correctly.
# See: https://github.com/roundcube/roundcubemail/issues/7667
- name: 'new_user_identity'
state: '{{ "enabled" if roundcube__ldap_enabled|bool else "ignore" }}'
options:
- name: 'new_user_identity_addressbook'
comment: |
The id of the address book to use to automatically set a
user's full name in their new identity. (This should be an
string, which refers to the $config['ldap_public'] array.)
value: 'People'
- name: 'new_user_identity_match'
comment: |
When automatically setting a user's full name in their
new identity, match the user's login name against this field.
value: 'mail'
- name: 'new_user_identity_onlogin'
comment: |
Determine whether to import user's identities on each login.
New user identity will be created for each e-mail address
present in address book, but not assigned to any identity.
value: True
- name: 'password'
state: '{{ "enabled" if roundcube__ldap_password_enabled|bool else "absent" }}'
options:
- name: 'password_driver'
comment: |
Password Plugin options
-----------------------
A driver to use for password change. Default: "sql".
See README file for list of supported driver names.
value: '{{ "ldap_exop" if roundcube__ldap_password_enabled|bool else "sql" }}'
- name: 'password_strength_driver'
comment: |
A driver to use for checking password strength. Default: null (disabled).
See README file for list of supported driver names.
value: null
- name: 'password_confirm_current'
comment: |
Determine whether current password is required to change password.
Default: false.
value: True
- name: 'password_minimum_length'
comment: |
Require the new password to be a certain length.
set to blank to allow passwords of any length
value: 0
- name: 'password_minimum_score'
comment: |
Require the new password to have at least the specified strength score.
Note: Password strength is scored from 1 (week) to 5 (strong).
value: 0
- name: 'password_log'
comment: |
Enables logging of password changes into logs/password
value: False
- name: 'password_login_exceptions'
comment: |
Comma-separated list of login exceptions for which password change
will be not available (no Password tab in Settings)
value: null
- name: 'password_hosts'
comment: |
Array of hosts that support password changing.
Listed hosts will feature a Password option in Settings; others will not.
Example: array('mail.example.com', 'mail2.example.org');
Default is NULL (all hosts supported).
value: null
- name: 'password_force_save'
comment: |
Enables saving the new password even if it matches the old password. Useful
for upgrading the stored passwords after the encryption scheme has changed.
value: False
- name: 'password_force_new_user'
comment: |
Enables forcing new users to change their password at their first login.
value: False
- name: 'password_algorithm'
comment: |
Default password hashing/crypting algorithm.
Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt,
sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, ssha512, samba, ad, dovecot, clear.
For details see password::hash_password() method.
value: 'clear'
- name: 'password_algorithm_prefix'
comment: |
Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated
using password_algorithm above. Default: empty.
value: ''
- name: 'password_dovecotpw'
comment: |
Path for dovecotpw/doveadm-pw (if not in the $PATH).
Used for password_algorithm = 'dovecot'.
$config['password_dovecotpw'] = '/usr/local/sbin/dovecotpw'; // for dovecot-1.x
value: '/usr/bin/doveadm pw' # for dovecot-2.x
- name: 'password_dovecotpw_method'
comment: |
Dovecot password scheme.
Used for password_algorithm = 'dovecot'.
value: 'CRAM-MD5'
- name: 'password_dovecotpw_with_method'
comment: |
Enables use of password with method prefix, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
when using password_algorithm=dovecot
value: False
- name: 'password_blowfish_cost'
comment: |
Iteration count parameter for Blowfish-based hashing algo.
It must be between 4 and 31. Default: 12.
Be aware, the higher the value, the longer it takes to generate the password hashes.
value: 12
- name: 'password_crypt_rounds'
comment: |
Number of rounds for the sha256 and sha512 crypt hashing algorithms.
Must be at least 1000. If not set, then the number of rounds is left up
to the crypt() implementation. On glibc this defaults to 5000.
Be aware, the higher the value, the longer it takes to generate the password hashes.
value: 50000
- name: 'password_disabled'
comment: |
This option temporarily disables the password change functionality.
Use it when the users database server is in maintenance mode or sth like that.
You can set it to TRUE/FALSE or a text describing the reason
which will replace the default.
value: False
- name: 'password_username_format'
comment: |
Various drivers/setups use different format of the username.
This option allows you to force specified format use. Default: '%u'.
Supported variables:
%u - full username,
%l - the local part of the username (in case the username is an email address)
%d - the domain part of the username (in case the username is an email address)
Note: This may no apply to some drivers implementing their own rules, e.g. sql.
value: '%u'
- name: 'password_db_dsn'
comment: |
SQL Driver options
------------------
PEAR database DSN for performing the query. By default
Roundcube DB settings are used.
Supported replacement variables:
%h - user's IMAP hostname
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
%z - IMAP domain (IMAP hostname without the first part)
value: ''
- name: 'password_query'
comment: |
The SQL query used to change the password.
The query can contain the following macros that will be expanded as follows:
%p is replaced with the plaintext new password
%P is replaced with the crypted/hashed new password
according to configured password_method
%o is replaced with the old (current) password
%O is replaced with the crypted/hashed old (current) password
according to configured password_method
%h is replaced with the imap host (from the session info)
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username
(in case the username is an email address)
%d is replaced with the domain part of the username
(in case the username is an email address)
Deprecated macros:
%c is replaced with the crypt version of the new password, MD5 if available
otherwise DES. More hash function can be enabled using the password_crypt_hash
configuration parameter.
%D is replaced with the dovecotpw-crypted version of the new password
%n is replaced with the hashed version of the new password
%q is replaced with the hashed password before the change
Escaping of macros is handled by this module.
Default: "SELECT update_passwd(%c, %u)"
value: 'SELECT update_passwd(%c, %u)'
- name: 'password_crypt_hash'
comment: |
By default the crypt() function which is used to create the %c
parameter uses the md5 algorithm (deprecated, use %P).
You can choose between: des, md5, blowfish, sha256, sha512.
value: 'md5'
- name: 'password_idn_ascii'
comment: |
By default domains in variables are using unicode.
Enable this option to use punycoded names
value: False
- name: 'password_hash_algorithm'
comment: |
Using a password hash for %n and %q variables (deprecated, use %P).
Determine which hashing algorithm should be used to generate
the hashed new and current password for using them within the
SQL query. Requires PHP's 'hash' extension.
value: 'sha1'
- name: 'password_hash_base64'
comment: |
You can also decide whether the hash should be provided
as hex string or in base64 encoded format.
value: False
- name: 'password_pop_host'
comment: |
Poppassd Driver options
-----------------------
The host which changes the password (default: localhost)
Supported replacement variables:
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
%h - IMAP host
%z - IMAP domain without first part
%s - domain name after the '@' from e-mail address provided at login screen
value: 'localhost'
- name: 'password_pop_port'
comment: |
TCP port used for poppassd connections (default: 106)
value: 106
- name: 'password_saslpasswd_args'
comment: |
SASL Driver options
-------------------
Additional arguments for the saslpasswd2 call
value: ''
- name: 'password_ldap_host'
comment: |
LDAP, LDAP_SIMPLE and LDAP_EXOP Driver options
-----------------------------------
LDAP server name to connect to.
You can provide one or several hosts in an array in which case the hosts are tried from left to right.
Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
Default: 'localhost'
value: '{{ (roundcube__ldap_hosts | first)
if roundcube__ldap_hosts|d()
else "" }}'
- name: 'password_ldap_port'
comment: |
LDAP server port to connect to
Default: '389'
value: '{{ roundcube__ldap_port }}'
- name: 'password_ldap_starttls'
comment: |
TLS is started after connecting
Using TLS for password modification is recommended.
Default: false
value: '{{ roundcube__ldap_use_tls | bool }}'
- name: 'password_ldap_version'
comment: |
LDAP version
Default: '3'
value: '3'
- name: 'password_ldap_basedn'
comment: |
LDAP base name (root directory)
Exemple: 'dc=exemple,dc=com'
value: '{{ roundcube__ldap_base_dn | join(",") }}'
- name: 'password_ldap_method'
comment: |
LDAP connection method
There are two connection methods for changing a user's LDAP password.
'user': use user credential (recommended, require password_confirm_current=true)
'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
Default: 'user'
value: 'user'
- name: 'password_ldap_adminDN'
comment: |
LDAP Admin DN
Used only in admin connection mode
Default: null
value: null
- name: 'password_ldap_adminPW'
comment: |
LDAP Admin Password
Used only in admin connection mode
Default: null
value: null
- name: 'password_ldap_userDN_mask'
comment: |
LDAP user DN mask
The user's DN is mandatory and as we only have his login,
we need to re-create his DN using a mask
'%login' will be replaced by the current roundcube user's login
'%name' will be replaced by the current roundcube user's name part
'%domain' will be replaced by the current roundcube user's domain part
'%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
value: 'uid=%login,ou=people,dc=exemple,dc=com'
state: 'comment' # use searches instead
- name: 'password_ldap_searchDN'
comment: |
LDAP search DN
The DN roundcube should bind with to find out user's DN
based on his login. Note that you should comment out the default
password_ldap_userDN_mask setting for this to take effect.
Use this if you cannot specify a general template for user DN with
password_ldap_userDN_mask. You need to perform a search based on
users login to find his DN instead. A common reason might be that
your users are placed under different ou's like engineering or
sales which cannot be derived from their login only.
value: '{{ roundcube__ldap_binddn }}'
- name: 'password_ldap_searchPW'
comment: |
LDAP search password
If password_ldap_searchDN is set, the password to use for
binding to search for user's DN. Note that you should comment out the default
password_ldap_userDN_mask setting for this to take effect.
Warning: Be sure to set approperiate permissions on this file so this password
is only accesible to roundcube and don't forget to restrict roundcube's access to
your directory as much as possible using ACLs. Should this password be compromised
you want to minimize the damage.
value: '{{ roundcube__ldap_bindpw }}'
- name: 'password_ldap_search_base'
comment: |
LDAP search base
If password_ldap_searchDN is set, the base to search in using the filter below.
Note that you should comment out the default password_ldap_userDN_mask setting
for this to take effect.
value: '{{ roundcube__ldap_base_dn | join(",") }}'
- name: 'password_ldap_search_filter'
comment: |
LDAP search filter
If password_ldap_searchDN is set, the filter to use when
searching for user's DN. Note that you should comment out the default
password_ldap_userDN_mask setting for this to take effect.
'%login' will be replaced by the current roundcube user's login
'%name' will be replaced by the current roundcube user's name part
'%domain' will be replaced by the current roundcube user's domain part
'%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
Example: '(uid=%login)'
Example: '(&(objectClass=posixAccount)(uid=%login))'
value: '(&
(objectClass=mailRecipient)
(|
(uid=%name)
(mail=%login)
)
)'
- name: 'password_ldap_encodage'
comment: |
LDAP password hash type
Standard LDAP encryption type which must be one of: crypt,
ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, ad, cram-md5 (dovecot style) or clear.
Set to 'default' if you want to use method specified in password_algorithm option above.
Multiple password Values can be generated by concatenating encodings with a +. E.g. 'cram-md5+crypt'
Default: 'crypt'.
value: 'clear' # default: crypt
- name: 'password_ldap_pwattr'
comment: |
LDAP password attribute
Name of the ldap's attribute used for storing user password
Default: 'userPassword'
value: 'userPassword'
- name: 'password_ldap_force_replace'
comment: |
LDAP password force replace
Force LDAP replace in cases where ACL allows only replace not read
See https://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
Default: true
value: True
- name: 'password_ldap_lchattr'
comment: |
LDAP Password Last Change Date
Some places use an attribute to store the date of the last password change
The date is meassured in "days since epoch" (an integer value)
Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
value: ''
- name: 'password_ldap_samba_pwattr'
comment: |
LDAP Samba password attribute, e.g. sambaNTPassword
Name of the LDAP's Samba attribute used for storing user password
value: ''
- name: 'password_ldap_samba_lchattr'
comment: |
LDAP Samba Password Last Change Date attribute, e.g. sambaPwdLastSet
Some places use an attribute to store the date of the last password change
The date is meassured in "seconds since epoch" (an integer value)
Whenever the password is changed, the attribute will be updated if set
value: ''
- name: 'password_ldap_ppolicy_cmd'
comment: |
LDAP PPolicy Driver options
-----------------------------------
LDAP Change password command - filename of the perl script
Example: 'change_ldap_pass.pl'
value: 'change_ldap_pass.pl'
- name: 'password_ldap_ppolicy_uri'
comment: |
LDAP URI
Example: 'ldap://ldap.example.com/ ldaps://ldap2.example.com:636/'
value: 'ldap://localhost/'
- name: 'password_ldap_ppolicy_basedn'
comment: |
LDAP base name (root directory)
Exemple: 'dc=exemple,dc=com'
value: 'dc=example,dc=com'
- name: 'password_ldap_ppolicy_searchDN'
value: 'cn=someuser,dc=example,dc=com'
- name: 'password_ldap_ppolicy_searchPW'
value: 'secret'
- name: 'password_ldap_policy_search_filter'
comment: |
LDAP search filter
Example: '(uid=%login)'
Example: '(&(objectClass=posixAccount)(uid=%login))'
value: '(uid=%login)'
- name: 'password_ldap_ppolicy_cafile'
comment: |
CA Certificate file if in URI is LDAPS connection
value: '/etc/ssl/certs/ca-certificates.crt'
- name: 'password_directadmin_host'
comment: |
DirectAdmin Driver options
--------------------------
The host which changes the password
Use 'ssl://host' instead of 'tcp://host' when running DirectAdmin over SSL.
The host can contain the following macros that will be expanded as follows:
%h is replaced with the imap host (from the session info)
%d is replaced with the domain part of the username (if the username is an email)
value: 'tcp://localhost'
- name: 'password_directadmin_port'
comment: |
TCP port used for DirectAdmin connections
value: 2222
- name: 'password_vpopmaild_host'
comment: |
vpopmaild Driver options
-----------------------
The host which changes the password
value: 'localhost'
- name: 'password_vpopmaild_port'
comment: |
TCP port used for vpopmaild connections
value: 89
- name: 'password_vpopmaild_timeout'
comment: |
Timeout used for the connection to vpopmaild (in seconds)
value: 10
- name: 'password_cpanel_host'
comment: |
cPanel Driver options
--------------------------
The cPanel Host name
value: 'host.domain.com'
- name: 'password_cpanel_username'
comment: |
The cPanel admin username
value: 'username'
- name: 'password_cpanel_password'
comment: |
The cPanel admin password
value: 'password'
- name: 'password_cpanel_hash'
comment: |
The cPanel admin hash
If you prefer to use a hash (Remote Access Key) instead of plain password, enter it below.
Hash takes precedence over password auth.
You can generate a Remote Access Key in WHM -> Clusters -> Remote Access Key
value: ''
- name: 'password_cpanel_port'
comment: |
The cPanel port to use
value: 2087
- name: 'password_cpanel_webmail_host'
comment: |
cPanel Webmail Driver options
-----------------------------
The cPanel Host name
value: 'host.domain.com'
- name: 'password_cpanel_webmail_port'
comment: |
The cPanel port to use
value: 2096
- name: 'password_ximss_host'
comment: |
XIMSS (Communigate server) Driver options
-----------------------------------------
Host name of the Communigate server
value: 'mail.example.com'
- name: 'password_ximss_port'
comment: |
XIMSS port on Communigate server
value: 11024
- name: 'password_chpasswd_cmd'
comment: |
chpasswd Driver options
---------------------
Command to use (see "Sudo setup" in README)
value: 'sudo /usr/sbin/chpasswd 2> /dev/null'
- name: 'xmail_host'
comment: |
XMail Driver options
---------------------
value: 'localhost'
- name: 'xmail_user'
value: 'YourXmailControlUser'
- name: 'xmail_pass'
value: 'YourXmailControlPass'
- name: 'xmail_port'
value: 6017
- name: 'hmailserver_remote_dcom'
comment: |
hMail Driver options
-----------------------
Remote hMailServer configuration
true: HMailserver is on a remote box (php.ini: com.allow_dcom = true)
false: Hmailserver is on same box as PHP
value: False
- name: 'hmailserver_server'
comment: 'Windows credentials'
array:
- Server: 'localhost'
- Username: 'administrator'
- Password: 'password'
- name: 'password_pw_usermod_cmd'
comment: |
pw_usermod Driver options
--------------------------
Use comma delimited exlist to disable password change for users.
See "Sudo setup" in README file.
value: 'sudo /usr/sbin/pw usermod -h 0 -n'
- name: 'password_dbmail_args'
comment: |
DBMail Driver options
-------------------
Additional arguments for the dbmail-users call
value: '-p sha512'
- name: 'password_expect_bin'
comment: |
Expect Driver options
---------------------
Location of expect binary
value: '/usr/bin/expect'
- name: 'password_expect_script'
comment: |
Location of expect script (see helpers/passwd-expect)
value: ''
- name: 'password_expect_params'
comment: |
Arguments for the expect script. See the helpers/passwd-expect file for details.
This is probably a good starting default:
-telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log
value: ''
- name: 'password_smb_host'
comment: |
smb Driver options
---------------------
Samba host (default: localhost)
Supported replacement variables:
%n - hostname ($_SERVER['SERVER_NAME'])
%t - hostname without the first part
%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
value: 'localhost'
- name: 'password_smb_cmd'
comment: |
Location of smbpasswd binary (default: /usr/bin/smbpasswd)
value: '/usr/bin/smbpasswd'
- name: 'password_gearman_host'
comment: |
gearman driver options
---------------------
Gearman host (default: localhost)
value: 'localhost'
- name: 'password_plesk_host'
comment: |
Plesk/PPA Driver options
--------------------
You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel
Plesk RCP Host
value: '10.0.0.5'
- name: 'password_plesk_user'
comment: 'Plesk RPC Username'
value: 'admin'
- name: 'password_plesk_pass'
comment: 'Plesk RPC Password'
value: 'password'
- name: 'password_plesk_rpc_port'
comment: 'Plesk RPC Port'
value: '8443'
- name: 'password_plesk_rpc_path'
comment: 'Plesk RPC Path'
value: 'enterprise/control/agent.php'
- name: 'password_kpasswd_cmd'
comment: |
kasswd Driver options
---------------------
Command to use
value: '/usr/bin/kpasswd'
- name: 'password_modoboa_api_token'
comment: |
Modoboa Driver options
---------------------
put token number from Modoboa server
value: ''
- name: 'help'
state: 'enabled'
options:
- name: 'help_source'
comment: |
Help content iframe source
%l will be replaced by the language code resolved using the 'help_language_map' option
If you are serving roundcube via https, then change this URL to https also.
value: 'https://docs.roundcube.net/doc/help/1.1/%l/'
- name: 'help_index_map'
comment: |
Map task/action combinations to deep-links
Use '<task>/<action>' or only '<task>' strings as keys
The values will be appended to the 'help_source' URL
array:
- 'login': 'login.html'
'mail': 'mail/index.html'
'mail/compose': 'mail/compose.html'
'addressbook': 'addressbook/index.html'
'settings': 'settings/index.html'
'settings/preferences': 'settings/preferences.html'
'settings/folders': 'settings/folders.html'
'settings/identities': 'settings/identities.html'
- name: 'help_language_map'
comment: |
Map to translate Roundcube language codes into help document languages
The '*' entry will be used as default
array:
- '*': 'en_US'
- name: 'help_about_url'
comment: |
Enter an absolute URL to a page displaying information about this webmail
Alternatively, create a HTML file under <this-plugin-dir>/content/about.html
value: null
- name: 'help_license_url'
comment: |
Enter an absolute URL to a page displaying information about this webmail
Alternatively, put your license text to <this-plugin-dir>/content/license.html
value: null
- name: 'help_open_extwin'
comment: 'Determine whether to open the elp in a new window'
value: False
- name: 'help_csrf_info'
comment: 'URL to additional information about CSRF protection'
value: null
- name: 'markasjunk'
state: 'enabled'
options:
- name: 'markasjunk_learning_driver'
comment: |
Learning driver
Use an external process such as sa-learn to learn from spam/ham messages. Default: null.
Please see the README for more information
value: null
- name: 'markasjunk_ham_mbox'
comment: |
Ham mailbox
Mailbox messages should be moved to when they are marked as ham. null = INBOX
set to FALSE to disable message moving
value: null
- name: 'markasjunk_spam_mbox'
comment: |
Spam mailbox
Mailbox messages should be moved to when they are marked as spam.
null = the mailbox assigned as the spam folder in Roundcube settings
set to FALSE to disable message moving
value: null
- name: 'markasjunk_read_spam'
comment: 'Mark messages as read when reporting them as spam'
value: True # original: False
- name: 'markasjunk_unread_ham'
comment: 'Mark messages as unread when reporting them as ham'
value: True # original: False
- name: 'markasjunk_spam_flag'
comment: |
Add flag to messages marked as spam (flag will be removed when marking as ham)
If you do not want to use message flags set this to false
value: 'Junk'
- name: 'markasjunk_ham_flag'
comment: |
Add flag to messages marked as ham (flag will be removed when marking as spam)
If you do not want to use message flags set this to false
value: 'NonJunk'
- name: 'markasjunk_debug'
comment: 'Write output from spam/ham commands to the log for debug'
value: False
- name: 'markasjunk_toolbar'
comment: |
The mark as spam/ham icon can either be displayed on the toolbar or as part of the mark messages menu.
Set to False to use Mark menu instead of the toolbar. Default: true.
value: True
- name: 'markasjunk_move_spam'
comment: |
Learn any message moved to the spam mailbox as spam (not just when the button is pressed)
value: True # original: False
- name: 'markasjunk_move_ham'
comment: |
Learn any message moved from the spam mailbox to the ham mailbox as ham (not just when the button is pressed)
value: True # original: False
- name: 'markasjunk_permanently_remove'
comment: |
Some drivers create new copies of the target message(s), in this case the original message(s) will be deleted
Rather than deleting the message(s) (moving to Trash) setting this option true will cause the original message(s) to be permanently removed
value: False
- name: 'markasjunk_spam_only'
comment: 'Display only a mark as spam button'
value: False
- name: 'markasjunk_allowed_hosts'
comment: |
Activate markasjunk for selected mail hosts only. If this is not set all mail hosts are allowed.
Example: $config['markasjunk_allowed_hosts'] = array('mail1.domain.tld', 'mail2.domain.tld');
value: null
- name: 'markasjunk_host_config'
comment: |
Load specific config for different mail hosts
Example: $config['markasjunk_host_config'] = array(
'mail1.domain.tld' => 'mail1_config.inc.php',
'mail2.domain.tld' => 'mail2_config.inc.php',
);
value: null
- name: 'markasjunk_spam_cmd'
comment: |
cmd_learn Driver options
------------------------
The command used to learn that a message is spam
The command can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%i is replaced with the email address from the user's default identity
%s is replaced with the email address the message is from
%f is replaced with the path to the message file
%h:<header name> is replaced with the content of that header from the message (lower case) eg: %h:x-dspam-signature
If you do not want to run the command set this to null
value: null
- name: 'markasjunk_ham_cmd'
comment: |
The command used to learn that a message is ham
The command can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%i is replaced with the email address from the user's default identity
%s is replaced with the email address the message is from
%f is replaced with the path to the message file
%h:<header name> is replaced with the content of that header from the message (lower case) eg: %h:x-dspam-signature
If you do not want to run the command set this to null
value: null
- name: 'markasjunk_spam_dir'
comment: |
dir_learn Driver options
------------------------
The full path of the directory used to store spam (must be writable by webserver)
value: null
- name: 'markasjunk_ham_dir'
comment: |
The full path of the directory used to store ham (must be writable by webserver)
value: null
- name: 'markasjunk_filename'
comment: |
The filename prefix
The filename can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%t is replaced with the type of message (spam/ham)
value: null
- name: 'markasjunk_email_spam'
comment: |
email_learn Driver options
--------------------------
The email address that spam messages will be sent to
The address can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%i is replaced with the email address from the user's default identity
If you do not want to send an email set this to null
value: null
- name: 'markasjunk_email_ham'
comment: |
The email address that ham messages will be sent to
The address can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%i is replaced with the email address from the user's default identity
If you do not want to send an email set this to null
value: null
- name: 'markasjunk_email_attach'
comment: 'Should the spam/ham message be sent as an attachment'
value: True
- name: 'markasjunk_email_subject'
comment: |
The email subject (when sending as attachment)
The subject can contain the following macros that will be expanded as follows:
%u is replaced with the username (from the session info)
%l is replaced with the local part of the username (if the username is an email address)
%d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
%t is replaced with the type of message (spam/ham)
value: 'learn this message as %t'
- name: 'markasjunk_sauserprefs_config'
comment: |
sa_blacklist Driver options
---------------------------
Path to SAUserPrefs config file
value: '../sauserprefs/config.inc.php'
- name: 'markasjunk_amacube_config'
comment: |
amavis_blacklist Driver options
---------------------------
Path to amacube config file
value: '../amacube/config.inc.php'
- name: 'markasjunk_spam_patterns'
comment: |
edit_headers Driver options
---------------------------
Patterns to match and replace headers for spam messages
Replacement method uses preg_replace - http://www.php.net/manual/function.preg-replace.php
WARNING: Be sure to match the entire header line, including the name of the header, also use ^ and $ and the 'm' flag
see the README for an example
TEST CAREFULLY BEFORE USE ON REAL MESSAGES
array:
- patterns: []
replacements: []
- name: 'markasjunk_ham_patterns'
comment: |
Patterns to match and replace headers for spam messages
Replacement method uses preg_replace - http://www.php.net/manual/function.preg-replace.php
WARNING: Be sure to match the entire header line, including the name of the header, also use ^ and $ and the 'm' flag
see the README for an example
TEST CAREFULLY BEFORE USE ON REAL MESSAGES
array:
- patterns: []
replacements: []
# This plugin adds additional commands in the header of the message if
# Roundcube detects it's a mailing list message.
- name: 'listcommands'
package: 'cor/listcommands'
state: 'enabled'
# This plugin provides support for swipe gestures on mobile devices in the
# Elastic skin.
- name: 'swipe'
package: 'johndoh/swipe:0.1.0'
state: 'enabled'
# This plugin includes additional information in Dovecot connections to
# provide better logging capabilities.
- name: 'dovecot_ident'
package: 'cor/dovecot-ident'
state: 'enabled'
# This plugin adds support for parsing vCard attachments in e-mail
# messages.
- name: 'vcard_attachments'
state: 'enabled'
# This plugin adds support for generating Identicon avatars for contacts
# without images.
- name: 'identicon'
state: 'enabled'
- name: 'managesieve'
state: 'enabled'
options:
- name: 'managesieve_port'
comment: |
managesieve server port. When empty the port will be determined automatically
using getservbyname() function, with 4190 as a fallback.
value: null
- name: 'managesieve_host'
comment: |
managesieve server address, default is localhost.
Replacement variables supported in host name:
%h - user's IMAP hostname
%n - http hostname ($_SERVER['SERVER_NAME'])
%d - domain (http hostname without the first part)
For example %n = mail.domain.tld, %d = domain.tld
value: '{{ roundcube__sieve_server }}'
- name: 'managesieve_auth_type'
comment: |
Authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
or none. Optional, defaults to best method supported by server.
value: null
- name: 'managesieve_auth_cid'
comment: |
Optional managesieve authentication identifier to be used as authorization proxy.
Authenticate as a different user but act on behalf of the logged in user.
Works with PLAIN and DIGEST-MD5 auth.
value: null
- name: 'managesieve_auth_pw'
comment: |
Optional managesieve authentication password to be used for imap_auth_cid
value: null
- name: 'managesieve_usetls'
comment: |
Use or not TLS for managesieve server connection
Note: tls:// prefix in managesieve_host is also supported
value: False
- name: 'managesieve_conn_options'
comment: |
Connection scket context options
See https://php.net/manual/en/context.ssl.php
The example below enables server certificate validation
array:
- ssl:
- verify_peer: True
verify_depth: 3
cafile: '/etc/ssl/certs/ca-certificates.crt'
state: 'comment'
- name: 'managesieve_default'
comment: |
A file with default script content (eg. spam filter)
value: '/etc/dovecot/sieve/global'
- name: 'managesieve_script_name'
comment: |
The name of the script which will be used when there's no user script
value: 'managesieve'
- name: 'managesieve_mbox_encoding'
comment: |
Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
but some implementations does not covert UTF-8 to modified UTF-7.
Defaults to UTF7-IMAP
value: 'UTF-8'
- name: 'managesieve_replace_delimiter'
comment: |
I need this because my dovecot (with listescape plugin) uses
':' delimiter, but creates folders with dot delimiter
value: ''
- name: 'managesieve_disabled_extensions'
comment: |
Disabled sieve extensions (body, copy, date, editheader, encoded-character,
envelope, environment, ereject, fileinto, ihave, imap4flags, index,
mailbox, mboxmetadata, regex, reject, relational, servermetadata,
spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
Note: not all extensions are implemented
value: []
- name: 'managesieve_debug'
comment: |
Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
value: False
- name: 'managesieve_kolab_master'
comment: |
Enables features described in http://wiki.kolab.org/KEP:14
value: False
- name: 'managesieve_filename_extension'
comment: |
Script name extension used for scripts including. Dovecot uses '.sieve',
Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
value: '.sieve'
- name: 'managesieve_filename_exceptions'
comment: |
List of reserved script names (without extension).
Scripts listed here will be not presented to the user.
value: []
- name: 'managesieve_domains'
comment: |
List of domains limiting destination emails in redirect action
If not empty, user will need to select domain from a list
value: []
- name: 'managesieve_default_headers'
comment: |
Default list of entries in header selector
value: [ 'Subject', 'From', 'To' ]
- name: 'managesieve_vacation'
comment: |
Enables separate management interface for vacation responses (out-of-office)
0 - no separate section (default),
1 - add Vacation section,
2 - add Vacation section, but hide Filters section
value: 1
- name: 'managesieve_forward'
comment: |
Enables separate management interface for setting forwards (redirect to and copy to)
0 - no separate section (default),
1 - add Forward section,
2 - add Forward section, but hide Filters section
value: 1
- name: 'managesieve_vacation_interval'
comment: |
Default vacation interval (in days).
Note: If server supports vacation-seconds extension it is possible
to define interval in seconds here (as a string), e.g. "3600s".
value: 0
- name: 'managesieve_vacation_addresses_init'
comment: |
Some servers require vacation :addresses to be filled with all
user addresses (aliases). This option enables automatic filling
of these on initial vacation form creation.
value: True
- name: 'managesieve_vacation_from_init'
comment: |
Sometimes you want to always reply with mail email address
This option enables automatic filling of :from field on initial
vacation form creation.
value: True
- name: 'managesieve_notify_methods'
comment: |
Supported methods of notify extension. Default: 'mailto'
value: [ 'mailto' ]
- name: 'managesieve_raw_editor'
comment: 'Enables scripts RAW editor feature'
value: True
- name: 'managesieve_disabled_actions'
comment: |
Disabled actions
Prevent user from performing specific actions:
list_sets, enable_disable_set, delete_set, new_set, download_set, new_rule, delete_rule
Note: disabling list_sets removes the Filter sets widget from the UI and means
the set defined in managesieve_script_name will always be used (and activated)
value: []
- name: 'managesieve_allowed_hosts'
comment: |
List of hosts that support managesieve.
Activate managesieve for selected hosts only. If this is not set all hosts are allowed.
Example: $config['managesieve_allowed_hosts'] = array('host1.mydomain.com','host2.mydomain.com');
value: null
- roundcube__plugins
List of Roundcube plugins configured on all hosts in the Ansible inventory.
roundcube__plugins: []
- roundcube__group_plugins
List of Roundcube plugins configured on hosts in a specific Ansible inventory group.
roundcube__group_plugins: []
- roundcube__host_plugins
List of Roundcube plugins configured on specific hosts in the Ansible inventory.
roundcube__host_plugins: []
- roundcube__combined_plugins
Varlabie which combines all Roundcube plugin lists and is used in role tasks and templates.
roundcube__combined_plugins: '{{ roundcube__default_plugins
+ roundcube__plugins
+ roundcube__group_plugins
+ roundcube__host_plugins }}'
Skins
- roundcube__skin_folder
skin name: folder from /skins Currently available:
classic
elastic [default] (mobile-ready, requires nodejs dependency, due to CSS-LESS syntax)
larry
roundcube__skin_folder: 'elastic'
- roundcube__skin_logo
Logo image replacement. Specifies location of the image as:
URL relative to the document root of this Roundcube installation
URL relative to the current skin folder (when starts with a '/')
roundcube__skin_logo: null
Other variables
- roundcube__max_file_size
Maximum upload size, in MB.
roundcube__max_file_size: '30'
Role-dependent configuration
- roundcube__keyring__dependent_gpg_user
The UNIX account which will be used to install additional GPG keys by the debops.keyring role.
roundcube__keyring__dependent_gpg_user: '{{ roundcube__user }}'
- roundcube__keyring__dependent_gpg_keys
GPG key configuration for the debops.keyring Ansible role.
roundcube__keyring__dependent_gpg_keys:
- user: '{{ roundcube__user }}'
group: '{{ roundcube__group }}'
home: '{{ roundcube__home }}'
id: '{{ roundcube__git_gpg_key }}'
- '{{ roundcube__git_additional_gpg_keys }}'
- roundcube__ldap__dependent_tasks
Configuration for the debops.ldap Ansible role.
roundcube__ldap__dependent_tasks:
- name: 'Create roundcube account for {{ roundcube__ldap_device_dn | join(",") }}'
dn: '{{ roundcube__ldap_binddn }}'
objectClass: '{{ roundcube__ldap_self_object_classes }}'
attributes: '{{ roundcube__ldap_self_attributes }}'
no_log: True
state: '{{ "present" if roundcube__ldap_password_enabled and
roundcube__ldap_device_dn|d() else "ignore" }}'
- roundcube__nginx__dependent_servers
nginx server configuration managed by the debops.nginx role.
roundcube__nginx__dependent_servers:
- name: '{{ roundcube__fqdn }}'
filename: 'debops.roundcube'
by_role: 'debops.roundcube'
type: 'php'
root: '{{ roundcube__git_dest }}'
webroot_create: False
access_policy: '{{ roundcube__nginx_access_policy }}'
index: 'index.php'
options: |
autoindex off;
client_max_body_size {{ roundcube__max_file_size }}M;
client_body_buffer_size 128k;
location_list:
- pattern: '/'
options: |
try_files $uri $uri/ @roundcube;
- pattern: '@roundcube'
options: |
rewrite ^/favicon\.ico$ skins/{{ roundcube__skin_folder }}/images/favicon.ico last;
- pattern: '~ ^/?(installer|[A-Z0-9]+$)'
options: |
deny all;
- pattern: '~ ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps))'
options: |
deny all;
- pattern: '~ /(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$'
options: |
deny all;
php_options: |
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
php_upstream: 'php_roundcube'
- roundcube__nginx_access_policy
Name of the "nginx access policy" for Roundcube webpage. See debops.nginx Ansible role for more details.
roundcube__nginx_access_policy: ''
- roundcube__nginx__dependent_upstreams
PHP upstream server configuration managed by the debops.nginx role.
roundcube__nginx__dependent_upstreams:
- name: 'php_roundcube'
by_role: 'debops.roundcube'
enabled: True
type: 'php'
php_pool: 'roundcube'
- roundcube__php__dependent_packages
List of PHP packages to install using the debops.php role.
roundcube__php__dependent_packages:
- '{{ roundcube__base_php_packages }}'
- '{{ roundcube__optional_php_packages }}'
- '{{ roundcube__custom_php_packages }}'
- roundcube__php__dependent_pools
PHP pools managed by the debops.php role.
roundcube__php__dependent_pools:
name: 'roundcube'
by_role: 'debops.roundcube'
user: '{{ roundcube__user }}'
group: '{{ roundcube__group }}'
owner: '{{ roundcube__user }}'
home: '{{ roundcube__home }}'
php_values:
## https://secure.php.net/manual/en/info.configuration.php#ini.upload-max-filesize
upload_max_filesize: '{{ roundcube__max_file_size }}M'
## https://secure.php.net/manual/en/ini.core.php#ini.post-max-size
post_max_size: '{{ roundcube__max_file_size }}M'
## https://github.com/roundcube/roundcubemail/wiki/Install-Requirements
file_uploads: 'on'
mbstring.func_overload: 'off'
memory_limit: '64M'
magic_quotes_runtime: 'off'
magic_quotes_sybase: 'off'
session.auto_start: 'off'
suhosin.session.encrypt: 'off'
- roundcube__nodejs__npm_dependent_packages
Configuration for the debops.nodejs Ansible role.
roundcube__nodejs__npm_dependent_packages:
# Dependency for the 'elastic' skin to compile the CSS files
- 'less'
- 'tslib'