Commit Graph

21 Commits

Author SHA1 Message Date
Pascal Bleser
ad4ad0e1f9 stalwart.yml: remove image tag for stalwart-import, which makes a 'docker compose pull' fail needlessly 2026-07-09 14:30:14 +02:00
Pascal Bleser
a725485f00 groupware: upgrade Stalwart to 0.16.9 in opencloud_full 2026-07-09 14:30:14 +02:00
Pascal Bleser
153631d39f opencloud_full: add healthchecks for traefik, opencloud and stalwart to the docker compose project 2026-07-09 14:30:14 +02:00
Pascal Bleser
db84c2d13a groupware: fix building the stalwart:cli container
* fix the inline dockerfile for building the stalwart:cli container,
   cannot be based on scratch since we need a shell and wget, and it
   should thus retain the alpine container as its base

 * remove stdin_open and tty from the container attributes, not needed
2026-07-09 14:30:14 +02:00
Pascal Bleser
878e7b96ea groupware: upgrade opencloud_full to Stalwart 0.16.8 and fix configuration by adding default roles as well as adding the 'impersonate' permission on the admin@example.org user 2026-07-09 14:30:13 +02:00
Pascal Bleser
7533369c63 groupware: port opencloud_full to Stalwart 0.16 (only the built-in IDM LDAP option for now) 2026-07-09 14:30:13 +02:00
Pascal Bleser
1402ef2707 groupware: upgrade Stalwart image in opencloud_full from 0.15.0 to 0.15.5 2026-07-09 14:15:52 +02:00
Pascal Bleser
0664f533df groupware: update to Stalwart 0.15.0 2026-07-09 14:15:52 +02:00
Pascal Bleser
3c8628bbdb groupware: minor: remove network declaration in stalwart.yml 2026-07-09 14:15:52 +02:00
Pascal Bleser
23ebc63b4d groupware: upgrade the Stalwart image in devtools from 0.14.0 to 0.14.1 2026-07-09 14:15:51 +02:00
Pascal Bleser
07665871f6 upgrade to Stalwart 0.14.0
* upgrade image version in devtools to 0.14.0

 * fix idmldap configuration to use the cn attribute in order for that
   to also work for groups (groups don't have a uid attribute in the IDM
   built-in LDAP)

 * group resources are now checked against LDAP, changed
   demo-principals.yaml accordingly to refer to a group that exists in
   LDAP as part of the demo data
2026-07-09 14:15:51 +02:00
Pascal Bleser
f39601b15e groupware: try an alternative way to configure Stalwart dynamically in the devtools Docker Compose setup, by using separate files and ${STALWART_AUTH_DIRECTORY} to name to file to mount 2026-07-09 14:15:50 +02:00
Pascal Bleser
080da88ea8 groupware: make everything also work with the built-in LDAP and IDP 2026-07-09 14:15:50 +02:00
Pascal Bleser
af3e40bd02 groupware: upgrade Stalwart in devtools from 0.13.2 to 0.13.4
* changes from 0.13.4:
   - JMAP: Protocol layer rewrite for zero-copy deserialization and
     architectural improvements.
   - IMAP: Unbounded memory allocation in request parser
     (CVE-2025-61600)
   - IMAP: Wrong permission checked for GETACL.
   - JMAP: References to previous method fail when there are no results
     (stalwartlabs#1507).
   - JMAP: Enforce quota checks on Blob/copy.
   - JMAP: Mailbox/get fails without accountId argument (stalwartlabs#1936).
   - JMAP: Do not return invalidProperties when email update doesn't
     contain changes (stalwartlabs#1139)
   - iTIP: Include date properties in REPLY (stalwartlabs#2102).
   - OIDC: Do not set username field if it is the same as the email field.
   - Telemetry: Fix calculateMetrics housekeeper task (stalwartlabs#2155).
   - Directory: Always use rsplit to extract the domain part from email
     addresses.

  * changes from 0.13.3:
   - CLI: Health checks
   - WebDAV: Assisted discovery v2
   - iTIP: Do not send a REPLY when deleting an event that was not
     accepted.
   - iTIP: Include event details in REPLY messages (stalwart#2102).
   - iTIP: Add organizer to iMIP replies if missing to deal with MS
     Exchange 2010 bug.
   - OIDC: Do not overwrite locally defined aliases (stalwart#2065).
   - HTTP: Scan ban should only be triggered by HTTP parse errors.
   - HTTP: Skip scanner fail2ban checks when the proxy client IP can't
     be parsed (stalwart#2121).
   - JMAP: Do not allow roles to be removed from system mailboxes
     (stalwart#1977).
   - JMAP WS: Fix panic when using invalid server url.
   - SMTP: Do no send EHLO twice when STARTTLS is unavailable
     (stalwart#2050).
   - IMAP: Allow ENABLE UTF8 in IMAPrev1.
   - IMAP: Include administer permission in ACL responses.
   - IMAP: Add owner rights to ACL get responses.
   - IMAP: Do not auto-train Bayes when moving messages from Junk to
     Trash.
   - IMAP/ManageSieve: Increase maximum quoted argument size
     (stalwart#2039).
   - CalDAV: Limit recurrence expansions in calendar reports
     (CVE-2025-59045).
   - WebDAV: Do not fix percent encoding on WebDAV FS (stalwart#2036).
2026-07-09 14:15:50 +02:00
Pascal Bleser
9ef4ea7f80 Docker Compose Groupware improvements
* made a few changes in order to further simplify the setup for
   developers of the Groupware backend

 * add STALWART_DOMAIN to deployments/examples/opencloud_full/.env

 * adapt the Stalwart configuration file to not set server.hostname and,
   instead, pick it up from /etc/hostname, which is set by Docker
   Compose as we can use default values for STALWART_DOMAIN there, in an
   analogous fashion to the other containers in that project

 * add config/keycloak/clients/groupware.json to avoid requiring manual
   configuration of Keycloak via the admin web UI

 * Stalwart container:
   - listen for SMTPS on :1465
   - remove the stalwart-logs volume, not needed (logs are going to
     stdout)

 * updated services/groupware/DEVELOPER.md:
   - refer to a variable OCDIR to make instructions more copy-pasteable
   - remove manual Keycloak configuration section as it is now obsolete,
     replaced by provisioning a configuration file instead
2026-07-09 14:15:50 +02:00
Pascal Bleser
bc676fd0a7 upgrade Stalwart to 0.13.2 2026-07-09 14:15:49 +02:00
Pascal Bleser
f0242898bf Refactor groupware service after ADR decision on the Groupware API
* after having decided that the Groupware API should be a standalone
   independent custom REST API that is using JMAP data models as much as
   possible,
 * removed Groupware APIs from the Graph service
 * moved Groupware implementation to the Groupware service, and
   refactored a few things accordingly
2026-07-09 14:15:49 +02:00
Pascal Bleser
f5573a53f3 opencloud_full: upgrade Stalwart to 0.12.5, and use the ghcr.io container repository to avoid Hub limits 2026-07-09 14:15:49 +02:00
Pascal Bleser
0dee74399d upgrade Stalwart to 0.12.4 2026-07-09 14:15:49 +02:00
Pascal Bleser
7307e0143a upgrade Stalwart to 0.12 2026-07-09 14:15:48 +02:00
Pascal Bleser
6f03eae368 Add Stalwart container to the opencloud_full deployment, using the OpenLDAP container as a directory for user authentication 2026-07-09 14:15:48 +02:00