current state + english docs

playbooks/managed-mailcow/add-haveged.yaml

@@ -1,6 +1,8 @@
 ---
 - name: Deploy Haveged to VMs
   hosts: all
+  user: tincadmin
+  become: true
   tasks:
     - name: Install Haveged
       apt: 

playbooks/managed-mailcow/change-garbagecleaner.yaml

@@ -1,10 +1,12 @@
 ---
 
-- name: Garbage Cleaner ändern
+- name: Change garbage cleaner configuration
   hosts: all
+  user: tincadmin
+  become: true
   tasks:
 
-  - name: "Prüfe ob mailcow.conf exists"
+  - name: "Check if mailcow.conf exists"
     ansible.builtin.stat:
       path: /opt/mailcow-dockerized/mailcow.conf
     register: mailcow_conf

playbooks/managed-mailcow/count-mailboxes.yml

@@ -1,6 +1,8 @@
 ---
 - name: Mailcow Mailbox Counter
   hosts: all
+  user: tincadmin
+  become: true
   gather_facts: no
   tasks:
     - import_role:
@@ -26,18 +28,18 @@
       ansible.builtin.set_fact:
         mailbox_count_int: "{{ mailbox_count.stdout | int }}"
 
-- name: Summiere alle Mailboxen über alle Hosts
+- name: Summarize all mailboxes across all hosts
   hosts: all
   gather_facts: false
   run_once: true
   tasks:
 
-    - name: Summiere aktive Mailboxen
+    - name: Summarize active mailboxes
       ansible.builtin.set_fact:
         total_mailboxes: "{{ (total_mailboxes | default(0) | int) + (item.value.mailbox_count_int | default(0) | int) }}"
       loop: "{{ hostvars | dict2items }}"
       when: "'mailbox_count_int' in item.value"
 
-    - name: Zeige Gesamtsumme
+    - name: Show total sum
       ansible.builtin.debug:
         msg: "Gesamtanzahl aktiver Mailboxen: {{ total_mailboxes }}"

playbooks/managed-mailcow/enable-sni-globally.yml

@@ -2,6 +2,8 @@
 
 - name: Enable SNI globally
   hosts: all
+  user: tincadmin
+  become: true
   vars:
     debug: false
   tasks:
@@ -11,12 +13,12 @@
       name: managed-mailcow
       tasks_from: find-mailcow-composedir
 
-  - name: "Prüfe ob mailcow.conf exists"
+  - name: "Check if mailcow.conf exists"
     ansible.builtin.stat:
       path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
     register: mailcow_conf
 
-  - name: "Setze SNI global ein"
+  - name: "Set SNI globally"
     ansible.builtin.replace:
       path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
       regexp: "^ENABLE_SSL_SNI=n"

playbooks/managed-mailcow/find-roundcube-versions.yaml

@@ -1,6 +1,7 @@
 ---
-- name: Prüfe mailcow-Installation und extrahiere Roundcube-Version aus CHANGELOG.md
+- name: Check mailcow installation and extract Roundcube version from CHANGELOG.md
   hosts: all
+  user: tincadmin
   become: true
   vars:
     mailcow_search_paths:
@@ -28,20 +29,20 @@
         mailcow_root: "{{ mailcow_dir_result.files[0].path }}"
       when: mailcow_dir_result.matched > 0
 
-    - name: Prüfe auf Roundcube-Ordner unter data/web
+    - name: Check for Roundcube folder under data/web
       ansible.builtin.stat:
         path: "{{ mailcow_root }}/data/web/{{ item }}"
       loop: "{{ rc_dirs }}"
       register: rc_stat
       when: mailcow_root is defined
 
-    - name: Bestimme den tatsächlichen Roundcube-Pfad
+    - name: Determine the actual Roundcube path
       ansible.builtin.set_fact:
         rc_path: "{{ mailcow_root }}/data/web/{{ item.item }}"
       loop: "{{ rc_stat.results }}"
       when: item.stat.exists and item.stat.isdir
 
-    - name: Prüfe ob CHANGELOG.md existiert
+    - name: Check if CHANGELOG.md exists
       ansible.builtin.stat:
         path: "{{ rc_path }}/CHANGELOG.md"
       register: changelog_stat
@@ -61,9 +62,9 @@
         msg: "Roundcube-Version (laut CHANGELOG.md): {{ rc_version.stdout }}"
       when: rc_version.stdout != ""
 
-    - name: Warnung wenn keine CHANGELOG.md gefunden wurde
+    - name: Warning if no CHANGELOG.md found
       ansible.builtin.debug:
-        msg: "Keine CHANGELOG.md unter {{ rc_path }} gefunden."
+        msg: "No CHANGELOG.md found under {{ rc_path }}."
       when:
         - rc_path is defined
         - not changelog_stat.stat.exists

playbooks/managed-mailcow/install-register-cmk-agent.yaml

@@ -1,5 +1,7 @@
 - name: "Register hosts against a remote site. Both for updates and TLS."
   hosts: all
+  user: tincadmin
+  become: true
   strategy: linear
   vars:
     # Basic server and authentication information.

playbooks/managed-mailcow/migrate-clamd.yaml

@@ -2,6 +2,8 @@
 
 - name: ClamAV Server auf neuen shared ClamAV setzen
   hosts: all
+  user: tincadmin
+  become: true
   tasks:
   - name: "Setze ClamAV Server in rspamd Config auf managed mailcows"
     ansible.builtin.replace:

playbooks/managed-mailcow/remove-watchdog-mail.yaml

@@ -2,6 +2,8 @@
 
 - name: Enable SNI globally
   hosts: all
+  user: tincadmin
+  become: true
   vars:
     debug: false
   tasks:

playbooks/managed-mailcow/start-stop-mailcow.yaml

@@ -1,5 +1,7 @@
 - name: Start/Stop mailcow
   hosts: all
+  user: tincadmin
+  become: true
   tasks:
     - import_role:
         name: managed-mailcow

playbooks/managed-mailcow/update-mailcow.yaml

@@ -1,10 +1,23 @@
 - name: Update mailcow (update.sh)
   hosts: all
+  user: tincadmin
+  become: true
   vars:
-    github_mailcow_ver: "2025-09b" # GitHub Version Tag | Value to compare the current running mailcow version to.
-    disk_space_percent_max: "97" # Number in percent | Defines the max allowed disk utilization until ansible is not updating mailcow automatically
+    github_mailcow_ver: "2026-01" # GitHub Version Tag | Value to compare the current running mailcow version to.
+    do_snapshots: true # Set to true to create Proxmox snapshots before updating mailcow
     debug: true # Or False if you dont' wanna see verbose outputs of role outputs
+
+    load_vault: true # Set to true to load vault file for sensitive data like Proxmox API tokens
+
+  pre_tasks:
+    - name: Load vault vars (optional)
+      ansible.builtin.include_vars:
+        file: ../../vault.yml
+      when: load_vault | bool
+      no_log: true
+  
   tasks:
+
     - import_role:
         name: roles/managed-mailcow
         tasks_from: find-mailcow-composedir.yml
@@ -12,16 +25,52 @@
     - import_role:
         name: roles/managed-mailcow
         tasks_from: install-mailcow-components.yml
+      when: mailcow_dir_result.files[0].path is defined
+
+    - ansible.builtin.import_role:
+        name: roles/managed-mailcow
+        tasks_from: check-mailcow-install-status.yml
+      when: mailcow_dir_result.files[0].path is defined
+
+    - ansible.builtin.import_role:
+        name: roles/managed-mailcow
+        tasks_from: get-mailcow-current-version.yml
+      when: mailcow_conf.stat.exists
+      failed_when: local_mailcow_version is not defined
+
+    - name: Check Disk Utilization
+      import_role:
+        name: roles/system
+        tasks_from: check-disk-utilization.yaml
+
+    - block: 
+      - name: Include Proxmox Info task
+        ansible.builtin.include_role:
+          name: proxmox-automation
+          tasks_from: get-vmid
+
+      - name: Create Snapshot before Modifications
+        ansible.builtin.include_role:
+          name: proxmox-automation
+          tasks_from: create-snapshots
+        vars: 
+          snapshot_name: "pre-mailcow-update-{{ github_mailcow_ver }}"
+      when: 
+       - do_snapshots
+       - local_mailcow_version.stdout != github_mailcow_ver
+       - disk_space_output.stdout | bool # Checks if snapshots are available, mailcow needs an update and disk space is sufficient if any of these is false no snapshot will be created
+       - proxmox_host is defined
+       - proxmox_user is defined
+       - proxmox_token_id is defined
+       - proxmox_token_secret is defined
+
 
     - import_role:
         name: roles/managed-mailcow
         tasks_from: update-mailcow.yml
-
-    - import_role:
-        name: roles/docker
-        tasks_from: restart-daemon.yml
-      when: github_mailcow_ver == "2025-09b" # Only restart docker if mailcow was updated
+      when: local_mailcow_version.stdout != github_mailcow_ver and disk_space_output.stdout | bool
     
     - import_role:
         name: roles/docker
-        tasks_from: cleanup-all.yml
+        tasks_from: cleanup-all.yml
+      when: update_mailcow is changed

playbooks/managed-mailcow/update-mailcow.yaml.old

@@ -1,41 +0,0 @@
----
-- name: Update mailcow stacks
-  hosts: all
-  vars:
-    github_mailcow_ver: "2024-08a"
-    mailcow_search_paths:
-      - /opt
-      - /data
-      - /root
-  tasks:
-
-  - name: Find mailcow-dockerized directory
-    ansible.builtin.find:
-      file_type: directory
-      paths: "{{ mailcow_search_paths }}"
-      patterns: mailcow-dockerized
-      recurse: yes
-    register: mailcow_dir_result
-    ignore_errors: true
-
-  - name: 'DEBUG: Show file paths'
-    debug:
-      msg: "{{ mailcow_dir_result.files[0].path }}"
-    when: mailcow_dir_result is defined
-
-  - name: Check if mailcow.conf exists
-    ansible.builtin.stat:
-      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
-    register: mailcow_conf
-    when: mailcow_dir_result is defined
-
-  - name: Check mailcow Version
-    ansible.builtin.shell: |
-      cd {{ mailcow_dir_result.files[0].path }}/data/web/inc
-      grep -oP '\$MAILCOW_GIT_VERSION="\K[^"]+' app_info.inc.php
-    register: local_mailcow_version
-    when: mailcow_conf.stat.exists
-
-  - name: Update mailcow
-    shell: "cd {{ mailcow_dir_result.files[0].path }} && git fetch && git checkout origin/master update.sh && ./update.sh --force"
-    when: local_mailcow_version.stdout != github_mailcow_ver and mailcow_conf.stat.exists 

playbooks/managed-mailcow/use-docker-image-proxy.yaml

@@ -1,7 +1,8 @@
 ---
 - name: Update Docker Daemon configuration and apply proxy settings
   hosts: all
-  become: yes
+  user: tincadmin
+  become: true
   tasks:
     - name: Read current Docker daemon.json
       ansible.builtin.slurp:

playbooks/managed-mailcow/use-syslog-server.yaml

@@ -1,7 +1,8 @@
 ---
 - name: Update Docker Daemon configuration to use Syslog Server
   hosts: all
-  become: yes
+  user: tincadmin
+  become: true
   tasks:   
     - name: Read current Docker daemon.json
       ansible.builtin.slurp: