docker: drop env to ini translation, use chatmail.ini directly

Remove update_ini.sh and the env-var-to-ini pipeline. The container now
has two config modes:

- Simple: set MAIL_DOMAIN in .env, container generates chatmail.ini
  with defaults via `cmdeploy init` on first start.
- Advanced: mount a custom chatmail.ini into the container; the init
  step is skipped when the file already exists.

This eliminates the fragile FORCE_REINIT_INI_FILE / INI_CMD_ARGS
machinery and the env vars that duplicated chatmail.ini settings

Also add *.ini and .env to .dockerignore so local config files
don't leak into the image.

.dockerignore

@@ -4,4 +4,6 @@ venv/
 __pycache__
 *.pyc
 *.orig
+*.ini
 .pytest_cache
+.env

docker-compose.yaml

@@ -20,18 +20,12 @@ services:
         max-size: "10m"
         max-file: "3"
     environment:
-      CHANGE_KERNEL_SETTINGS: "False"
       MAIL_DOMAIN: $MAIL_DOMAIN
-      ACME_EMAIL: $ACME_EMAIL
-      WWW_FOLDER: /opt/chatmail-www
-      MAX_MESSAGE_SIZE: $MAX_MESSAGE_SIZE
-      DEBUG_COMMANDS_ENABLED: $DEBUG_COMMANDS_ENABLED
-      FORCE_REINIT_INI_FILE: $FORCE_REINIT_INI_FILE
-      USE_FOREIGN_CERT_MANAGER: $USE_FOREIGN_CERT_MANAGER
-      ENABLE_CERTS_MONITORING: $ENABLE_CERTS_MONITORING
-      CERTS_MONITORING_TIMEOUT: $CERTS_MONITORING_TIMEOUT
-      IS_DEVELOPMENT_INSTANCE: $IS_DEVELOPMENT_INSTANCE
       CMDEPLOY_STAGES: ${CMDEPLOY_STAGES:-}
+      # Certificate monitoring (only needed with USE_FOREIGN_CERT_MANAGER)
+      USE_FOREIGN_CERT_MANAGER: ${USE_FOREIGN_CERT_MANAGER:-}
+      ENABLE_CERTS_MONITORING: ${ENABLE_CERTS_MONITORING:-}
+      CERTS_MONITORING_TIMEOUT: ${CERTS_MONITORING_TIMEOUT:-}
     network_mode: "host"
     volumes:
       ## system
@@ -49,4 +43,3 @@ services:
       ## debug
       # - ./docker/files/setup_chatmail_docker.sh:/setup_chatmail_docker.sh
       # - ./docker/files/entrypoint.sh:/entrypoint.sh
-      # - ./docker/files/update_ini.sh:/update_ini.sh

docker/chatmail_relay.dockerfile

@@ -84,7 +84,6 @@ COPY ./docker/files/setup_chatmail.service "$SETUP_CHATMAIL_SERVICE_PATH"
 RUN ln -sf "$SETUP_CHATMAIL_SERVICE_PATH" "/etc/systemd/system/multi-user.target.wants/setup_chatmail.service"
 
 COPY --chmod=555 ./docker/files/setup_chatmail_docker.sh /setup_chatmail_docker.sh
-COPY --chmod=555 ./docker/files/update_ini.sh /update_ini.sh
 COPY --chmod=555 ./docker/files/entrypoint.sh /entrypoint.sh
 
 VOLUME ["/sys/fs/cgroup", "/home"]

docker/example.env

@@ -1,10 +1,9 @@
 MAIL_DOMAIN="chat.example.com"
-# ACME_EMAIL=""
-# MAX_MESSAGE_SIZE="50M"
-# DEBUG_COMMANDS_ENABLED="true"
-# FORCE_REINIT_INI_FILE="true"
+
+# CMDEPLOY_STAGES - default: "configure,activate". Set to "install,configure,activate" to force full reinstall.
+# CMDEPLOY_STAGES="configure,activate"
+
+# Certificate monitoring (only needed with USE_FOREIGN_CERT_MANAGER)
 # USE_FOREIGN_CERT_MANAGER="True"
 # ENABLE_CERTS_MONITORING="true"
-# CERTS_MONITORING_TIMEOUT=10
-# IS_DEVELOPMENT_INSTANCE="True"
-# CMDEPLOY_STAGES - default: "configure,activate". Set to "install,configure,activate" to force full reinstall.
+# CERTS_MONITORING_TIMEOUT=60

docker/files/setup_chatmail_docker.sh

@@ -5,7 +5,6 @@ export CHATMAIL_INI="${CHATMAIL_INI:-/etc/chatmail/chatmail.ini}"
 export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
 export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
 export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
-export CHANGE_KERNEL_SETTINGS=${CHANGE_KERNEL_SETTINGS:-"False"}
 
 CMDEPLOY=/opt/cmdeploy/bin/cmdeploy
 
@@ -43,20 +42,15 @@ monitor_certificates() {
 
 ### MAIN
 
-if [ "$FORCE_REINIT_INI_FILE" = true ]; then
-    INI_CMD_ARGS=--force
-fi
-
 if [ ! -f /etc/dkimkeys/opendkim.private ]; then
     /usr/sbin/opendkim-genkey -D /etc/dkimkeys -d $MAIL_DOMAIN -s opendkim
 fi
 chown opendkim:opendkim /etc/dkimkeys/opendkim.private
 chown opendkim:opendkim /etc/dkimkeys/opendkim.txt
 
-# Create chatmail.ini from env vars (skips if file already exists, e.g. volume-mounted)
+# Create chatmail.ini (skips if file already exists, e.g. volume-mounted)
 mkdir -p "$(dirname "$CHATMAIL_INI")"
-$CMDEPLOY init --config "$CHATMAIL_INI" $INI_CMD_ARGS $MAIL_DOMAIN || true
-INI_FILE="$CHATMAIL_INI" bash /update_ini.sh
+$CMDEPLOY init --config "$CHATMAIL_INI" $MAIL_DOMAIN || true
 
 export CMDEPLOY_STAGES="${CMDEPLOY_STAGES:-configure,activate}"
 $CMDEPLOY run --ssh-host @docker

docs/DOCKER_INSTALLATION_EN.md

@@ -64,19 +64,12 @@ If you are running from the cloned repo directory, just copy the env file:
 cp ./docker/example.env .env
 ```
 
-2. Configure environment variables in the `.env` file.
-   Below is the list of variables used during deployment:
+2. Configure the `.env` file. Only `MAIL_DOMAIN` is required:
 
 - `MAIL_DOMAIN` – The domain name of the future server. (required)
-- `DEBUG_COMMANDS_ENABLED` – Run debug commands before installation. (default: `false`)
-- `FORCE_REINIT_INI_FILE` – Recreate the ini configuration file on startup. (default: `false`)
-- `USE_FOREIGN_CERT_MANAGER` – Use a third-party certificate manager. (default: `false`)
-- `PATH_TO_SSL` – Path to where the certificates are stored. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
-- `ENABLE_CERTS_MONITORING` – Enable certificate monitoring if `USE_FOREIGN_CERT_MANAGER=true`. If certificates change, services will be automatically restarted. (default: `false`)
-- `CERTS_MONITORING_TIMEOUT` – Interval in seconds to check if certificates have changed. (default: `60`)
 - `CMDEPLOY_STAGES` – Deployment stages to run on container start. (default: `"configure,activate"`). Set to `"install,configure,activate"` to force a full reinstall.
 
-You can also use any variables from the [ini configuration file](https://github.com/chatmail/relay/blob/main/chatmaild/src/chatmaild/ini/chatmail.ini.f); they must be in uppercase.
+The container generates a `chatmail.ini` with defaults from `MAIL_DOMAIN` on first start. To customize chatmail settings, mount your own `chatmail.ini` instead (see [Customization](#custom-chatmailini) below).
 
 3. Start the container:
 
@@ -134,9 +127,21 @@ docker compose up -d
 
 ### Custom chatmail.ini
 
-Instead of using environment variables, you can mount your own `chatmail.ini` configuration file. This is useful if you prefer managing the full ini file directly or want to share one configuration across environments.
+There are two configuration modes:
 
-1. In `docker-compose.yaml`, uncomment or add the ini volume mount:
+**Simple (default):** Set `MAIL_DOMAIN` in `.env`. The container auto-generates `chatmail.ini` with defaults on first start. This is sufficient for most deployments.
+
+**Advanced:** Generate a `chatmail.ini`, edit it, and mount it into the container. This gives you full control over all chatmail settings.
+
+1. Extract the generated config from a running container:
+
+```shell
+docker cp chatmail:/etc/chatmail/chatmail.ini ./chatmail.ini
+```
+
+2. Edit `chatmail.ini` as needed.
+
+3. In `docker-compose.yaml`, uncomment or add the ini volume mount:
 
 ```yaml
 services:
@@ -146,7 +151,7 @@ services:
       - ./chatmail.ini:/etc/chatmail/chatmail.ini
 ```
 
-2. Environment variables from `.env` are still applied on top of the mounted file at container start, so you can combine both approaches.
+4. Restart the container. The mounted file is used directly — the container skips generating a new one.
 
 ## Migrating from a bare-metal install
 
@@ -163,14 +168,12 @@ systemctl disable postfix dovecot doveauth nginx opendkim unbound acmetool-redir
   lastlogin mtail
 ```
 
-2. Convert your existing `chatmail.ini` to the Docker `.env` format:
+2. Copy your existing `chatmail.ini` and mount it into the container (see [Custom chatmail.ini](#custom-chatmailini) above):
 
 ```shell
-python3 docker/cm_ini_to_env.py /usr/local/lib/chatmaild/chatmail.ini .env
+cp /usr/local/lib/chatmaild/chatmail.ini ./chatmail.ini
 ```
 
-or mount it (see above).
-
 3. Copy persistent data into the `./data/` subdirectories:
 
 ```shell