From a84c02e1e57ad9c4e622f4a50691a20fab0282ed Mon Sep 17 00:00:00 2001
From: j4n <j4n@systemli.org>
Date: Mon, 16 Feb 2026 17:01:45 +0100
Subject: [PATCH] docker: replace config flags with env vars, drop docker param
 from deploy_chatmail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove change_kernel_settings/fs_inotify_max_user_instances_and_watchers
from chatmail.ini — use CHATMAIL_NOSYSCTL and CHATMAIL_NOPORTCHECK env
vars instead. deploy_chatmail() no longer takes a docker flag; deployers
check the env directly.
---
 chatmaild/src/chatmaild/config.py          |  6 ------
 chatmaild/src/chatmaild/ini/chatmail.ini.f | 10 ----------
 cmdeploy/src/cmdeploy/cmdeploy.py          |  3 ++-
 cmdeploy/src/cmdeploy/deployers.py         |  6 +++---
 cmdeploy/src/cmdeploy/dovecot/deployer.py  |  4 +++-
 cmdeploy/src/cmdeploy/run.py               |  3 +--
 docker/chatmail_relay.dockerfile           |  3 ++-
 docker/files/setup_chatmail_docker.sh      |  4 +++-
 8 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py
index 42fc9c51..d19e966a 100644
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -47,12 +47,6 @@ class Config:
         self.addr_v4 = os.environ.get("CHATMAIL_ADDR_V4", "")
         self.addr_v6 = os.environ.get("CHATMAIL_ADDR_V6", "")
         self.acme_email = params.get("acme_email", "")
-        self.change_kernel_settings = (
-            params.get("change_kernel_settings", "true").lower() == "true"
-        )
-        self.fs_inotify_max_user_instances_and_watchers = int(
-            params["fs_inotify_max_user_instances_and_watchers"]
-        )
         self.imap_rawlog = params.get("imap_rawlog", "false").lower() == "true"
         self.imap_compress = params.get("imap_compress", "false").lower() == "true"
         if "iroh_relay" not in params:
diff --git a/chatmaild/src/chatmaild/ini/chatmail.ini.f b/chatmaild/src/chatmaild/ini/chatmail.ini.f
index fc2cfa78..29d7baa9 100644
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -69,16 +69,6 @@ disable_ipv6 = False
 # Your email adress, which will be used in acmetool to manage Let's Encrypt SSL certificates
 acme_email = 
 
-#
-# Kernel settings
-#
-
-# if you set "True", the kernel settings will be configured according to the values below
-change_kernel_settings  = True
-
-# change fs.inotify.max_user_instances and fs.inotify.max_user_watches kernel settings
-fs_inotify_max_user_instances_and_watchers = 65535
-
 # Defaults to https://iroh.{{mail_domain}} and running `iroh-relay` on the chatmail
 # service.
 # If you set it to anything else, the service will be disabled
diff --git a/cmdeploy/src/cmdeploy/cmdeploy.py b/cmdeploy/src/cmdeploy/cmdeploy.py
index 4336f102..91db914a 100644
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -110,7 +110,8 @@ def run_cmd(args, out):
     cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
     if ssh_host in ["localhost", "@docker"]:
         if ssh_host == "@docker":
-            env["CHATMAIL_DOCKER"] = "True"
+            env["CHATMAIL_NOPORTCHECK"] = "True"
+            env["CHATMAIL_NOSYSCTL"] = "True"
         cmd = f"{pyinf} @local {deploy_path} -y"
 
     if version.parse(pyinfra.__version__) < version.parse("3"):
diff --git a/cmdeploy/src/cmdeploy/deployers.py b/cmdeploy/src/cmdeploy/deployers.py
index c38f2dd5..4bf2995f 100644
--- a/cmdeploy/src/cmdeploy/deployers.py
+++ b/cmdeploy/src/cmdeploy/deployers.py
@@ -2,6 +2,7 @@
 Chat Mail pyinfra deploy.
 """
 
+import os
 import shutil
 import subprocess
 import sys
@@ -538,13 +539,12 @@ class GithashDeployer(Deployer):
         )
 
 
-def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool, docker: bool) -> None:
+def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -> None:
     """Deploy a chat-mail instance.
 
     :param config_path: path to chatmail.ini
     :param disable_mail: whether to disable postfix & dovecot
     :param website_only: if True, only deploy the website
-    :param docker: whether it is running in a docker container
     """
     config = read_config(config_path)
     check_config(config)
@@ -570,7 +570,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool, d
             Out().red(f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n")
             exit(1)
 
-    if not docker:
+    if not os.environ.get("CHATMAIL_NOPORTCHECK"):
         port_services = [
             (["master", "smtpd"], 25),
             ("unbound", 53),
diff --git a/cmdeploy/src/cmdeploy/dovecot/deployer.py b/cmdeploy/src/cmdeploy/dovecot/deployer.py
index 9a7a4232..90f6ecc7 100644
--- a/cmdeploy/src/cmdeploy/dovecot/deployer.py
+++ b/cmdeploy/src/cmdeploy/dovecot/deployer.py
@@ -1,3 +1,5 @@
+import os
+
 from chatmaild.config import Config
 from pyinfra import host
 from pyinfra.facts.server import Arch, Sysctl
@@ -118,7 +120,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> (bool, bool):
 
     # as per https://doc.dovecot.org/2.3/configuration_manual/os/
     # it is recommended to set the following inotify limits
-    if config.change_kernel_settings:
+    if not os.environ.get("CHATMAIL_NOSYSCTL"):
         for name in ("max_user_instances", "max_user_watches"):
             key = f"fs.inotify.{name}"
             if host.get_fact(Sysctl)[key] > 65535:
diff --git a/cmdeploy/src/cmdeploy/run.py b/cmdeploy/src/cmdeploy/run.py
index e95d5a1e..0b0fc858 100644
--- a/cmdeploy/src/cmdeploy/run.py
+++ b/cmdeploy/src/cmdeploy/run.py
@@ -15,9 +15,8 @@ def main():
     )
     disable_mail = bool(os.environ.get("CHATMAIL_DISABLE_MAIL"))
     website_only = bool(os.environ.get("CHATMAIL_WEBSITE_ONLY"))
-    docker = bool(os.environ.get("CHATMAIL_DOCKER"))
 
-    deploy_chatmail(config_path, disable_mail, website_only, docker)
+    deploy_chatmail(config_path, disable_mail, website_only)
 
 
 if pyinfra.is_cli:
diff --git a/docker/chatmail_relay.dockerfile b/docker/chatmail_relay.dockerfile
index 859b39c9..3223a736 100644
--- a/docker/chatmail_relay.dockerfile
+++ b/docker/chatmail_relay.dockerfile
@@ -68,7 +68,7 @@ RUN python3 -m venv /opt/cmdeploy && \
 
 RUN CMDEPLOY_STAGES=install \
     CHATMAIL_INI=/tmp/chatmail.ini \
-    CHATMAIL_DOCKER=True \
+    CHATMAIL_NOSYSCTL=True \
     /opt/cmdeploy/bin/pyinfra @local \
         /opt/chatmail/cmdeploy/src/cmdeploy/run.py -y
 
@@ -78,6 +78,7 @@ RUN rm -f /tmp/chatmail.ini
 # --- End build-time install ---
 
 ENV CHATMAIL_INI=/etc/chatmail/chatmail.ini
+ENV PATH="/opt/cmdeploy/bin:${PATH}"
 
 ARG SETUP_CHATMAIL_SERVICE_PATH=/lib/systemd/system/setup_chatmail.service
 COPY ./docker/files/setup_chatmail.service "$SETUP_CHATMAIL_SERVICE_PATH"
diff --git a/docker/files/setup_chatmail_docker.sh b/docker/files/setup_chatmail_docker.sh
index d863a836..74ab0aed 100755
--- a/docker/files/setup_chatmail_docker.sh
+++ b/docker/files/setup_chatmail_docker.sh
@@ -50,7 +50,9 @@ chown opendkim:opendkim /etc/dkimkeys/opendkim.txt
 
 # Create chatmail.ini (skips if file already exists, e.g. volume-mounted)
 mkdir -p "$(dirname "$CHATMAIL_INI")"
-$CMDEPLOY init --config "$CHATMAIL_INI" $MAIL_DOMAIN || true
+if [ ! -f "$CHATMAIL_INI" ]; then
+    $CMDEPLOY init --config "$CHATMAIL_INI" $MAIL_DOMAIN
+fi
 
 export CMDEPLOY_STAGES="${CMDEPLOY_STAGES:-configure,activate}"
 $CMDEPLOY run --config "$CHATMAIL_INI" --ssh-host @docker