roundcube_enabled: true
roundcube_publish: false
roundcube_use_external_db: true
roundcube_default_values:
  env: 
    - name: ROUNDCUBEMAIL_DB_TYPE
      value: "pgsql"
    - name: ROUNDCUBEMAIL_DB_HOST
      value: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
    - name: ROUNDCUBEMAIL_DB_USER
      value: "{{ roundcube_db_username }}"
    - name: ROUNDCUBEMAIL_DB_PASSWORD
      value: "{{ roundcube_db_password }}"
    - name: ROUNDCUBEMAIL_DB_NAME
      value: roundcube
    - name: ROUNDCUBEMAIL_DEFAULT_HOST
      value: "ssl://mail.{{ domain }}"
    - name: ROUNDCUBEMAIL_DEFAULT_PORT
      value: "993"
    - name: ROUNDCUBEMAIL_SMTP_SERVER
      value: "ssl://mail.{{ domain }}"
    - name: ROUNDCUBEMAIL_SMTP_PORT
      value: "465"
    - name: ROUNDCUBEMAIL_SKIN
      value: elastic
    - name: ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE
      value: "25M"
    - name: ROUNDCUBEMAIL_PLUGINS
      value: "archive,zipdownload,managesieve"
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      kubernetes.io/ingress.class: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}" 
      kubernetes.io/tls-acme: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    path: /
    hosts:
      - webmail.{{ domain }}
    tls: 
      - secretName: webmail.{{ domain }}-tls
        hosts:
          - webmail.{{ domain }}
  persistence:
    enabled: true
    storageClass: "{{ roundcube_storage | default('nfs-hdd') }}"
    accessMode: "{{ roundcube_storage_mode | default('ReadWriteMany') }}"
    size: "{{ roundcube_size | default('8Gi') }}"
  configs:
    myconfig.inc.php: |
      <?php
        $config['mail_domain'] = '%d';
        $config['username_domain'] = '%d';
        $config['managesieve_port'] = '4190';
        $config['managesieve_host'] = 'ssl://dovecot.{{ namespace }}.svc.cluster.local';
        $config['managesieve_usetls'] = false;
        $config['managesieve_debug']  = true;
        $config['managesieve_conn_options'] = array(
          'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
        );
        // Enables separate management interface for vacation responses (out-of-office)
        // 0 - no separate section (default),
        // 1 - add Vacation section,
        // 2 - add Vacation section, but hide Filters section
        $config['managesieve_vacation'] = 1;
        $config['imap_conn_options'] = array(
            'ssl' => array(
              'verify_peer'       => false,
              'allow_self_signed' => true,
              'ciphers' => 'TLSv1.2+HIGH:!aNull:@STRENGTH',
            ),
        );
        // For STARTTLS SMTP
        $config['smtp_conn_options'] = array(
            'ssl' => array(
              'verify_peer'       => false,
              'allow_self_signed' => true,
              'ciphers' => 'TLSv1.2+HIGH:!aNull:@STRENGTH',
            ),
        );
      ?>