upgrade to v0.16 with declarative bootstrap

2026-05-29 15:35:59 +00:00 · 2026-04-25 23:57:31 +00:00
parent 139ccb3f0c
commit 2cfdc58518
7 changed files with 70 additions and 4 deletions
@@ -0,0 +1,4 @@
+STALWART_CF_TOKEN=
+STALWART_RECOVERY_ADMIN=
+STALWART_BOOTSTRAP_USER=
+STALWART_BOOTSTRAP_PASSWORD=
@@ -0,0 +1,9 @@
+FROM alpine:3.20
+RUN apk add --no-cache ca-certificates curl xz \
+ && curl -fsSL https://github.com/stalwartlabs/cli/releases/download/v1.0.2/stalwart-cli-x86_64-unknown-linux-musl.tar.xz \
+    | tar -xJ -C /tmp \
+ && mv /tmp/stalwart-cli-*/stalwart-cli /usr/local/bin/stalwart-cli \
+ && chmod +x /usr/local/bin/stalwart-cli \
+ && rm -rf /tmp/* \
+ && apk del curl xz
+ENTRYPOINT ["/usr/local/bin/stalwart-cli"]
@@ -1,2 +1,2 @@
-/data/*
+/var/*
 !.gitkeep
@@ -0,0 +1,4 @@
+{
+  "@type": "RocksDb",
+  "path": "/var/lib/stalwart"
+}
@@ -1,4 +1,6 @@
 networks:
+  stalwart:
+    external: false
  caddy:
    name: caddy
    driver: bridge
@@ -9,10 +11,16 @@ services:
    image: stalwartlabs/stalwart:v0.16
    container_name: stalwart
    restart: unless-stopped
+    user: "1001:1001"
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
+      - stalwart
      - caddy
+    environment:
+      STALWART_RECOVERY_ADMIN: "${STALWART_RECOVERY_ADMIN}"
+      STALWART_HTTPS_PORT: "443"
+      STALWART_CF_TOKEN: "${STALWART_CF_TOKEN}"
    ports:
      - "25:25"
      - "587:587"
@@ -23,11 +31,51 @@ services:
      - "110:110"
      - "995:995"
    volumes:
-      - ./data:/opt/stalwart
-      - ../caddy/data/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.aykhans.me/mail.aykhans.me.crt:/opt/stalwart/cert/mail.aykhans.me.pem
-      - ../caddy/data/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.aykhans.me/mail.aykhans.me.key:/opt/stalwart/cert/mail.aykhans.me.priv.pem
+      - ./data/etc:/etc/stalwart
+      - ./data/var:/var/lib/stalwart
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "3"
+
+  stalwart-bootstrap:
+    build:
+      context: .
+      dockerfile: Dockerfile.bootstrap
+    container_name: stalwart-bootstrap
+    networks:
+      - stalwart
+    environment:
+      STALWART_URL: "http://stalwart:8080"
+      STALWART_USER: "${STALWART_BOOTSTRAP_USER}"
+      STALWART_PASSWORD: "${STALWART_BOOTSTRAP_PASSWORD}"
+      STALWART_DEFAULT_HOSTNAME: "mail.aykhans.me"
+      STALWART_DEFAULT_DOMAIN: "aykhans.me"
+    volumes:
+      - ./plan.json:/plan.json:ro
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        set -e
+        # 1) Apply plan.json (Domain, etc.); tolerate primaryKeyViolation as expected.
+        out=$$(stalwart-cli apply --file /plan.json --continue-on-error 2>&1) || true
+        echo "$$out"
+        real=$$(echo "$$out" | grep -E "^✗" | grep -v "primaryKeyViolation" || true)
+        [ -z "$$real" ] || { echo "Unexpected apply errors"; exit 1; }
+
+        # 2) Resolve Domain id by name
+        DOMAIN_ID=$$(stalwart-cli query Domain 2>/dev/null | awk -v n="$$STALWART_DEFAULT_DOMAIN" 'NR>1 && $$2==n {print $$1; exit}')
+        [ -n "$$DOMAIN_ID" ] || { echo "Domain $$STALWART_DEFAULT_DOMAIN not found"; exit 1; }
+
+        # 3) Idempotent SystemSettings update (singleton)
+        stalwart-cli update SystemSettings --field "defaultHostname=$$STALWART_DEFAULT_HOSTNAME" --field "defaultDomainId=$$DOMAIN_ID"
+
+        # 4) Trigger settings reload so url_https recomputes (no restart needed)
+        stalwart-cli create Action/ReloadSettings --json "{}"
+
+        echo "Bootstrap complete"
+    depends_on:
+      stalwart:
+        condition: service_healthy
+    restart: "no"
@@ -0,0 +1 @@
+{"@type":"create","object":"Domain","value":{"aykhans-me":{"name":"aykhans.me","isEnabled":true,"dkimManagement":{"@type":"Automatic"}}}}
				`@@ -0,0 +1 @@`
				`{"@type":"create","object":"Domain","value":{"aykhans-me":{"name":"aykhans.me","isEnabled":true,"dkimManagement":{"@type":"Automatic"}}}}`