From 14f42e0a2a0b3ff61af60ee5825896108ac09c6e Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 4 Dec 2023 10:35:27 +0100
Subject: [PATCH] community containers - add stalwart

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 community-containers/caddy/readme.md        |  3 +-
 community-containers/stalwart/readme.md     | 16 ++++++
 community-containers/stalwart/stalwart.json | 64 +++++++++++++++++++++
 3 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 community-containers/stalwart/readme.md
 create mode 100644 community-containers/stalwart/stalwart.json

diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index b17672104c60..c26b39a5d639 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,10 +1,11 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
diff --git a/community-containers/stalwart/readme.md b/community-containers/stalwart/readme.md
new file mode 100644
index 000000000000..f046c232ff1e
--- /dev/null
+++ b/community-containers/stalwart/readme.md
@@ -0,0 +1,16 @@
+## Stalwart mail server
+This container bundles stalwart mail server and auto-configures it for you.
+
+### Notes
+- This is only intended to run on a VPS with static ip-address.
+- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `mail.your-domain.com`.
+- The data of Stalwart will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk`, 2. choose `No, create a new directory for me`, 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as adviced, 5. Take note of the administrator credentials, 6. skip https://stalw.art/docs/install/docker/#add-your-tls-certificate as this is done automatically for you, 7. Review the configuration file, 8. run `sudo docker restart nextcloud-aio-stalwart` in order restart the container and enable the config).
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/marcoambrosini/aio-stalwart
+
+### Maintainer
+https://github.com/marcoambrosini
diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json
new file mode 100644
index 000000000000..9da8e12e5a33
--- /dev/null
+++ b/community-containers/stalwart/stalwart.json
@@ -0,0 +1,64 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-stalwart",
+            "display_name": "Stalwart",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
+            "image": "marcoambrosini/aio-stalwart",
+            "image_tag": "v1",
+            "internal_port": "587",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "25",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "143",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "465",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "587",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "993",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "4190",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_stalwart",
+                    "destination": "/opt/stalwart-mail",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/caddy",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_stalwart"
+            ]
+        }
+    ]
+}