From 149eb0b0202847cdfdb9d9fa110122df858f8271 Mon Sep 17 00:00:00 2001 From: Ronni Baslund Date: Mon, 8 Jun 2026 20:51:56 +0200 Subject: [PATCH] =?UTF-8?q?fix(infra):=20Stalwart=20installer=20=E2=80=94?= =?UTF-8?q?=20repo=20rename=20+=20exact=20asset;=20flag=200.16=20config=20?= =?UTF-8?q?break?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - install.sh: default repo stalwartlabs/mail-server -> stalwartlabs/stalwart (renamed), and select the exact /stalwart-.tar.gz asset excluding the foundationdb build (head -n1 could grab the wrong one). - config.toml: $env{...} -> %{env:...}% (correct Stalwart macro syntax). KNOWN ISSUE: Stalwart v0.16 removed TOML config (single config.json datastore + everything else in the DB via CLI/UI), so this config.toml does not load on 0.16.8 ("Failed to parse data store settings"). Needs either a pinned pre-0.16 version or a migration to the v0.16 config model. Binary is installed; the service is stopped pending that decision. --- infrastructure/production/host/stalwart/config.toml | 4 ++-- infrastructure/production/host/stalwart/install.sh | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/infrastructure/production/host/stalwart/config.toml b/infrastructure/production/host/stalwart/config.toml index 1cc28c3..ce253e4 100644 --- a/infrastructure/production/host/stalwart/config.toml +++ b/infrastructure/production/host/stalwart/config.toml @@ -60,7 +60,7 @@ default = true # management API (STALWART_ADMIN_USER/PASSWORD on the platform-api side). [authentication] fallback-admin.user = "admin" -fallback-admin.secret = "$env{STALWART_ADMIN_PASSWORD}" +fallback-admin.secret = "%{env:STALWART_ADMIN_PASSWORD}%" # ── Resolver ─────────────────────────────────────────────────────────────── # DNSSEC-aware system resolver. Mail deliverability depends on clean DNS. @@ -85,7 +85,7 @@ enable = true # hostname; HMAC-signed so a public endpoint is safe. [webhook."audit-ingest"] url = "https://api.dezky.eu/ingest/stalwart/webhook" -signature-key = "$env{STALWART_WEBHOOK_SECRET}" +signature-key = "%{env:STALWART_WEBHOOK_SECRET}%" events = [ "auth.success", "auth.failure", diff --git a/infrastructure/production/host/stalwart/install.sh b/infrastructure/production/host/stalwart/install.sh index 1a09db3..416958a 100755 --- a/infrastructure/production/host/stalwart/install.sh +++ b/infrastructure/production/host/stalwart/install.sh @@ -24,7 +24,7 @@ HOST_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" CONFIG_FILE="${CONFIG_FILE:-$HOST_DIR/config.env}" PREFIX="/opt/stalwart" -STALWART_REPO="${STALWART_REPO:-stalwartlabs/mail-server}" +STALWART_REPO="${STALWART_REPO:-stalwartlabs/stalwart}" if [[ $EUID -ne 0 ]]; then error "Run as root." @@ -67,7 +67,8 @@ else fi asset_url="$(curl -fsSL "$api" \ - | grep -oE "https://[^\"]+${target}[^\"]+\.tar\.gz" \ + | grep -oE "https://[^\"]+/stalwart-${target}\.tar\.gz" \ + | grep -v foundationdb \ | head -n1)" if [[ -z "$asset_url" ]]; then error "Could not find a ${target} .tar.gz asset in ${STALWART_REPO}@${STALWART_VERSION}."