Initialize Git Repository: 'Stalwart'

root/DEBIAN/conffiles

@@ -0,0 +1 @@
+/etc/stalwart.toml

root/DEBIAN/control

@@ -0,0 +1,10 @@
+Package: stalwart
+Version: 0.15.4
+Architecture:
+Installed-Size:
+Depends: openssl
+Priority: optional
+Section: misc
+Homepage: http://www.privlab.it
+Maintainer: PrivLab <repository@privlab.it>
+Description: Stalwart Mail & Collaboration Server

root/DEBIAN/postinst

@@ -0,0 +1,55 @@
+#!/usr/bin/sh
+
+set -e
+set -u
+
+if [ -d '/run/systemd/system' ]; then
+  /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+    /usr/bin/true
+fi
+
+case "${1}" in
+  configure)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper unmask 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if /usr/bin/deb-systemd-helper --quiet was-enabled 'stalwart.service'; then
+      /usr/bin/deb-systemd-helper enable 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    else
+      /usr/bin/deb-systemd-helper update-state 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if [ -x '/etc/init.d/stalwart' ]; then
+      /usr/sbin/update-rc.d 'stalwart' defaults > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/lib/stalwart'
+    /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/log/stalwart'
+    /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/logrotate/stalwart'
+    if ! /usr/bin/grep --quiet "secret =" '/etc/stalwart.toml'; then
+    PASSWORD=$(/usr/bin/openssl rand -base64 '18')
+    PASSWORD_SHA512=$(/usr/bin/echo "${PASSWORD}" | /usr/bin/openssl passwd -noverify -stdin -quiet -6)
+      /usr/bin/echo "secret = \"${PASSWORD_SHA512}\"" > '/etc/stalwart.toml'
+      /ust/bin/chown 'stalwart' '/etc/stalwart.toml'
+      /usr/bin/echo '##'
+      /usr/bin/echo '##'
+      /usr/bin/echo '## User: root '
+      /usr/bin/echo "## Password: ${PASSWORD}"
+      /usr/bin/echo '##'
+      /usr/bin/echo '##'
+    fi
+    if [ -x '/usr/bin/deb-systemd-invoke' ]; then
+      /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      if [ -n "${2}" ]; then
+        _dh_action='restart'
+      else
+        _dh_action='start'
+      fi
+      /usr/bin/deb-systemd-invoke "${_dh_action}" 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+esac

root/DEBIAN/postrm

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+set -u
+
+if [ -d '/run/systemd/system' ]; then
+  /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+    /usr/bin/true
+fi
+
+case "${1}" in
+  remove)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper mask 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+  purge)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper purge 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      /usr/bin/deb-systemd-helper unmask 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if /usr/bin/getent passwd 'stalwart' > '/dev/null' 2>&1; then
+      /usr/sbin/deluser 'stalwart' > '/dev/null' 2>&1
+    fi
+    if /usr/bin/getent group 'stalwart' > '/dev/null' 2>&1; then
+      /usr/sbin/deluser --group 'stalwart' > '/dev/null' 2>&1
+    fi
+    /usr/bin/rm --force --recursive '/var/lib/stalwart'
+  ;;
+esac
+
+/usr/bin/rm --force --recursive '/var/log/stalwart'
+/usr/bin/rm --force --recursive '/var/logrotate/stalwart'

root/DEBIAN/preinst

@@ -0,0 +1,20 @@
+#!/usr/bin/sh
+
+set -e
+set -u
+
+case "${1}" in
+  install)
+    if ! /usr/bin/getent passwd 'stalwart' > '/dev/null' 2>&1; then
+      /usr/sbin/adduser --quiet \
+                        --system \
+                        --home '/nonexistent' \
+                        --shell '/usr/sbin/nologin' \
+                        --no-create-home \
+                        --group \
+                        --disabled-password \
+                        --disabled-login \
+                        'stalwart' > '/dev/null' 2>&1
+    fi
+  ;;
+esac

root/DEBIAN/prerm

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+set -u
+
+case "${1}" in
+  remove)
+    if [ -x '/usr/bin/deb-systemd-invoke' ]; then
+      /usr/bin/deb-systemd-invoke stop 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      /usr/bin/deb-systemd-invoke disable 'stalwart.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if [ -x '/etc/init.d/stalwart' ]; then
+      /usr/sbin/update-rc.d 'stalwart' remove > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+esac

root/etc/init.d/stalwart

@@ -0,0 +1,86 @@
+#!/usr/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          stalwart
+# Required-Start:    $local_fs $network $remote_fs
+# Required-Stop:     $local_fs $network $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Secure, scalable mail & collaboration server
+#                    with comprehensive protocol support.
+# Description:       Stalwart is an open-source mail & collaboration
+#                    server with JMAP, IMAP4, POP3, SMTP, CalDAV,
+#                    CardDAV and WebDAV support and a wide range of
+#                    modern features. It is written in Rust and
+#                    designed to be secure, fast, robust and scalable.
+### END INIT INFO
+
+NAME='stalwart'
+DESC='Stalwart'
+USER='stalwart'
+GROUP='stalwart'
+PIDFOLDER="/run/${NAME}"
+PIDFILE="${PIDFOLDER}/${NAME}.pid"
+DAEMON='/usr/sbin/stalwart'
+DAEMON_CONFIG='/etc/stalwart.toml'
+DAEMON_OPTS="--config ${DAEMON_CONFIG}"
+
+set -e
+
+[ -f "${DAEMON_CONFIG}" ]
+
+. '/lib/lsb/init-functions'
+
+[ -x "${DAEMON}" ]
+
+case "${1}" in
+  start)
+    /usr/bin/install --directory --group="${GROUP}" ---mode='0755' --owner="${USER}" "${PIDFOLDER}"
+    log_daemon_msg "Starting ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --start \
+                                   --oknodo \
+                                   --make-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}" -- "${DAEMON_OPTS}"; then
+      log_end_msg 0
+    else
+      log_end_msg 1
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+    fi
+  ;;
+  stop)
+    log_daemon_msg "Stopping ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --stop \
+                                   --oknodo \
+                                   --retry 30 \
+                                   --remove-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}"; then
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+      log_end_msg 0
+    else
+      log_end_msg 1
+    fi
+  ;;
+  restart)
+    "${0}" stop
+    "${0}" start
+  ;;
+  status)
+    status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" && \
+      exit 0 || \
+      exit "${?}"
+  ;;
+  *)
+    echo "Usage: /etc/init.d/${NAME} {start|stop|restart|status}" >&2
+    exit 1
+  ;;
+esac

root/etc/logrotate.d/stalwart

@@ -0,0 +1,71 @@
+/var/log/stalwart/*.log {
+  # Truncate the original log file in place after creating a copy,
+  # instead of moving the old log file and optionally creating a
+  # new one. It can be used when some program cannot be told to
+  # close its logfile and thus might continue writing (appending)
+  # to the previous log file forever. Note that there is a very
+  # small time slice between copying the file and truncating it, so
+  # some logging data might be lost. When this option is used, the
+  # create option will have no effect, as the old log file stays in
+  # place.
+  copytruncate
+
+  # Log files are rotated every day.
+  daily
+
+  # Archive old versions of log files adding a daily extension like
+  # YYYYMMDD instead of simply adding a number. The extension may
+  # be configured using the dateformat option.
+  dateext
+
+  # Specify the extension for dateext using the notation similar to
+  # strftime(3) function. Only %Y %m %d and %s specifiers are allowed.
+  # The default value is -%Y%m%d. Note that also the character
+  # separating log name from the extension is part of the dateformat
+  # string. The system clock must be set past Sep 9th 2001 for %s to
+  # work correctly. Note that the datestamps generated by this format
+  # must be lexically sortable (i.e., first the year, then the month
+  # then the day. e.g., 2001/12/01 is ok, but 01/12/2001 is not, since
+  # 01/11/2002 would sort lower while it is later). This is because when
+  # using the rotate option, logrotate sorts all rotated filenames to
+  # find out which logfiles are older and should be removed.
+  dateformat .%Y-%m-%d
+
+  # Use yesterday's instead of today's date to create the dateext
+  # extension, so that the rotated log file has a date in its name that
+  # is the same as the timestamps within it.
+  dateyesterday
+
+  # Postpone compression of the previous log file to the next rotation
+  # cycle. This only has effect when used in combination with compress.
+  # It can be used when some program cannot be told to close its logfile
+  # and thus might continue writing to the previous log file for some time.
+  delaycompress
+
+  # Do not copy the original log file and leave it in place.
+  nocopy
+
+  # New log files are not created.
+  nocreate
+
+  # Don't mail old log files to any address.
+  nomail
+
+  # Do not use shred when deleting old log files.
+  noshred
+
+  # Do not rotate the log if it is empty.
+  notifempty
+
+  # Logs are moved into directory for rotation. The directory must be on the
+  # same physical device as the log file being rotated, and is assumed to be
+  # relative to the directory holding the log file unless an absolute path
+  # name is specified. When this option is used all old versions of the log
+  # end up in directory.
+  olddir /var/logrotate/stalwart
+
+  # Log files are rotated count times before being removed or mailed to the
+  # address specified in a mail directive. If count is 0, old versions are
+  # removed rather than rotated.
+  rotate 7
+}

root/etc/stalwart.toml

@@ -0,0 +1,71 @@
+[server.listener.smtp]
+bind = "[::]:25"
+protocol = "smtp"
+
+[server.listener.submission]
+bind = "[::]:587"
+protocol = "smtp"
+
+[server.listener.submissions]
+bind = "[::]:465"
+protocol = "smtp"
+tls.implicit = true
+
+[server.listener.imap]
+bind = "[::]:143"
+protocol = "imap"
+
+[server.listener.imaptls]
+bind = "[::]:993"
+protocol = "imap"
+tls.implicit = true
+
+[server.listener.pop3]
+bind = "[::]:110"
+protocol = "pop3"
+
+[server.listener.pop3s]
+bind = "[::]:995"
+protocol = "pop3"
+tls.implicit = true
+
+[server.listener.sieve]
+bind = "[::]:4190"
+protocol = "managesieve"
+
+[server.listener.https]
+protocol = "http"
+bind = "[::]:8443"
+tls.implicit = true
+
+[server.listener.http]
+protocol = "http"
+bind = "[::]:80"
+
+[storage]
+data = "rocksdb"
+fts = "rocksdb"
+blob = "rocksdb"
+lookup = "rocksdb"
+directory = "internal"
+
+[store.rocksdb]
+type = "rocksdb"
+path = "/var/lib/stalwart"
+compression = "lz4"
+
+[directory.internal]
+type = "internal"
+store = "rocksdb"
+
+[tracer.log]
+type = "log"
+level = "info"
+path = "/var/log/stalwart"
+prefix = "stalwart.log"
+rotate = "never"
+ansi = false
+enable = true
+
+[authentication.fallback-admin]
+user = "root"

root/lib/systemd/system/stalwart.service

@@ -0,0 +1,33 @@
+[Unit]
+Description=Stalwart Mail & Collaboration Server
+ConditionPathExists=/etc/stalwart.toml
+StartLimitBurst=3
+StartLimitIntervalSec=60
+Conflicts=postfix.service sendmail.service exim4.service
+After=network-online.target
+
+[Service]
+Type=simple
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Restart=on-failure
+ExecStart=/usr/sbin/stalwart --config=/etc/stalwart.toml
+ExecStartPost=/usr/bin/sh -c "umask '022'; /usr/bin/pgrep --newest 'stalwart' > '/run/stalwart/stalwart.pid'"
+ExecStop=/usr/bin/rm --force '/run/stalwart/stalwart.pid'
+LimitNOFILE=65536
+KillMode=process
+KillSignal=SIGINT
+User=stalwart
+Group=stalwart
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=strict
+ReadWriteDirectories=/etc/stalwart.toml
+ReadWriteDirectories=/var/lib/stalwart
+ReadWriteDirectories=/var/log/stalwart
+RuntimeDirectory=stalwart
+RuntimeDirectoryMode=755
+RuntimeDirectoryPreserve=yes
+WorkingDirectory=/var/lib/stalwart
+
+[Install]
+WantedBy=multi-user.target

root/usr/lib/sysusers.d/stalwart.conf

@@ -0,0 +1,2 @@
+g stalwart - -
+u stalwart - "stalwart" /nonexistent /usr/sbin/nologin