diff --git a/stalwart/DEBIAN/conffiles b/stalwart/DEBIAN/conffiles index dd971ec..8fc1a47 100644 --- a/stalwart/DEBIAN/conffiles +++ b/stalwart/DEBIAN/conffiles @@ -1 +1 @@ -/etc/stalwart.toml +/etc/stalwart/stalwart.env diff --git a/stalwart/DEBIAN/postinst b/stalwart/DEBIAN/postinst index 46bc69d..4ec6512 100644 --- a/stalwart/DEBIAN/postinst +++ b/stalwart/DEBIAN/postinst @@ -28,28 +28,5 @@ case "${1}" in /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/lib/stalwart' /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/log/stalwart' /usr/bin/install --directory --group='stalwart' --mode='750' --owner='stalwart' '/var/logrotate/stalwart' - if ! /usr/bin/grep --quiet "secret =" '/etc/stalwart.toml'; then - PASSWORD=$(/usr/bin/openssl rand -base64 '18') - PASSWORD_SHA512=$(/usr/bin/echo "${PASSWORD}" | /usr/bin/openssl passwd -noverify -stdin -quiet -6) - /usr/bin/echo "secret = \"${PASSWORD_SHA512}\"" >> '/etc/stalwart.toml' - /usr/bin/chown 'stalwart' '/etc/stalwart.toml' - /usr/bin/echo '##' - /usr/bin/echo '##' - /usr/bin/echo '## User: root ' - /usr/bin/echo "## Password: ${PASSWORD}" - /usr/bin/echo '##' - /usr/bin/echo '##' - fi - if [ -x '/usr/bin/deb-systemd-invoke' ]; then - /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \ - /usr/bin/true - if [ -n "${2}" ]; then - _dh_action='restart' - else - _dh_action='start' - fi - /usr/bin/deb-systemd-invoke "${_dh_action}" 'stalwart.service' > '/dev/null' 2>&1 || \ - /usr/bin/true - fi ;; esac diff --git a/stalwart/etc/init.d/stalwart b/stalwart/etc/init.d/stalwart index 470c73b..470db19 100644 --- a/stalwart/etc/init.d/stalwart +++ b/stalwart/etc/init.d/stalwart @@ -22,14 +22,19 @@ GROUP='stalwart' PIDFOLDER="/run/${NAME}" PIDFILE="${PIDFOLDER}/${NAME}.pid" DAEMON='/usr/sbin/stalwart' -DAEMON_CONFIG='/etc/stalwart.toml' +DAEMON_CONFIG='/etc/stalwart/config.json' DAEMON_OPTS="--config ${DAEMON_CONFIG}" +ENVIRONMENT='/etc/stalwart/stalwart.env' set -e [ -f "${DAEMON_CONFIG}" ] +[ -f "${ENVIRONMENT}" ] . '/lib/lsb/init-functions' +set -a +. "${ENVIRONMENT}" +set +a [ -x "${DAEMON}" ] diff --git a/stalwart/etc/stalwart.toml b/stalwart/etc/stalwart.toml deleted file mode 100644 index efdf1b0..0000000 --- a/stalwart/etc/stalwart.toml +++ /dev/null @@ -1,71 +0,0 @@ -[server.listener.smtp] -bind = "[::]:25" -protocol = "smtp" - -[server.listener.submission] -bind = "[::]:587" -protocol = "smtp" - -[server.listener.submissions] -bind = "[::]:465" -protocol = "smtp" -tls.implicit = true - -[server.listener.imap] -bind = "[::]:143" -protocol = "imap" - -[server.listener.imaptls] -bind = "[::]:993" -protocol = "imap" -tls.implicit = true - -[server.listener.pop3] -bind = "[::]:110" -protocol = "pop3" - -[server.listener.pop3s] -bind = "[::]:995" -protocol = "pop3" -tls.implicit = true - -[server.listener.sieve] -bind = "[::]:4190" -protocol = "managesieve" - -[server.listener.https] -protocol = "http" -bind = "[::]:8443" -tls.implicit = true - -[server.listener.http] -protocol = "http" -bind = "[::]:80" - -[storage] -data = "rocksdb" -fts = "rocksdb" -blob = "rocksdb" -lookup = "rocksdb" -directory = "internal" - -[store.rocksdb] -type = "rocksdb" -path = "/var/lib/stalwart" -compression = "lz4" - -[directory.internal] -type = "internal" -store = "rocksdb" - -[tracer.log] -type = "log" -level = "info" -path = "/var/log/stalwart" -prefix = "stalwart.log" -rotate = "never" -ansi = false -enable = true - -[authentication.fallback-admin] -user = "root" diff --git a/stalwart/etc/stalwart/stalwart.env b/stalwart/etc/stalwart/stalwart.env new file mode 100644 index 0000000..ad7a8be --- /dev/null +++ b/stalwart/etc/stalwart/stalwart.env @@ -0,0 +1,30 @@ +# Environment variables for the Stalwart service. +# Uncomment and edit an entry to override its default. + +# Override the hostname used in HTTP responses +STALWART_HOSTNAME=mail.example.com + +# Override the public base URL published in OAuth, OIDC, and JMAP discovery +# documents. Accepts scheme, host, optional port, and optional path prefix. +STALWART_PUBLIC_URL=https://mail.example.com + +# Enable bootstrap / recovery mode on startup. Accepted: 1, true. Default: false. +STALWART_RECOVERY_MODE=false + +# Log level while in recovery mode. Default: info. +STALWART_RECOVERY_MODE_LOG_LEVEL=info + +# HTTP port used in recovery mode. Default: 8080. +STALWART_RECOVERY_MODE_PORT=8080 + +# Fixed administrator credentials — format: username:password +# Default: a temporary random password is generated and printed to the logs. +#STALWART_RECOVERY_ADMIN=admin:changeme + +# Cluster role assigned to this node. Must match a role name defined in the +# cluster registry. Leave unset for a standalone (non-clustered) deployment. +STALWART_ROLE=standalone + +# Push-notification shard this node is responsible for, when running in a +# cluster. +STALWART_PUSH_SHARD=0 \ No newline at end of file diff --git a/stalwart/lib/systemd/system/stalwart.service b/stalwart/lib/systemd/system/stalwart.service index e56274b..4cba1e4 100644 --- a/stalwart/lib/systemd/system/stalwart.service +++ b/stalwart/lib/systemd/system/stalwart.service @@ -10,8 +10,9 @@ After=network-online.target Type=simple AmbientCapabilities=CAP_NET_BIND_SERVICE Restart=on-failure -RestartSec=15 -ExecStart=/usr/sbin/stalwart --config=/etc/stalwart.toml +RestartSec=5 +EnvironmentFile=-/etc/stalwart/stalwart.env +ExecStart=/usr/sbin/stalwart --config=/etc/stalwart/config.json ExecStartPost=/usr/bin/sh -c "umask '022'; /usr/bin/pgrep --newest 'stalwart' > '/run/stalwart/stalwart.pid'" ExecStop=/usr/bin/rm --force '/run/stalwart/stalwart.pid' LimitNOFILE=65536 @@ -22,12 +23,13 @@ Group=stalwart PrivateDevices=true PrivateTmp=true ProtectSystem=strict -ReadWriteDirectories=/etc/stalwart.toml +ReadWriteDirectories=/etc/stalwart ReadWriteDirectories=/var/lib/stalwart ReadWriteDirectories=/var/log/stalwart RuntimeDirectory=stalwart RuntimeDirectoryMode=755 RuntimeDirectoryPreserve=yes +SyslogIdentifier=stalwart WorkingDirectory=/var/lib/stalwart [Install]