tests: let remote fixture run commands locally in a docker container

tests: skip test_logged for DockerExec
tests: catch AssertionError by DockerExec
2026-05-10 16:04:37 +00:00 · 2025-10-18 17:35:43 +02:00 · 2025-10-18 17:35:43 +02:00 · 2025-10-18 17:35:43 +02:00 · 2025-10-18 17:35:43 +02:00 · 2025-10-14 22:29:34 +02:00
29 changed files with 323 additions and 325 deletions
--- a/.github/workflows/test-and-deploy-ipv4only.yaml
+++ b/.github/workflows/test-and-deploy-ipv4only.yaml
@@ -77,7 +77,7 @@ jobs:
          cmdeploy init staging-ipv4.testrun.org
          sed -i 's#disable_ipv6 = False#disable_ipv6 = True#' chatmail.ini

-      - run: cmdeploy run
+      - run: cmdeploy run --verbose --skip-dns-check

      - name: set DNS entries
        run: |
--- a/.github/workflows/test-and-deploy.yaml
+++ b/.github/workflows/test-and-deploy.yaml
@@ -75,7 +75,7 @@ jobs:

      - run: cmdeploy init staging2.testrun.org

-      - run: cmdeploy run --verbose
+      - run: cmdeploy run --verbose --skip-dns-check

      - name: set DNS entries
        run: |
--- a/.gitignore
+++ b/.gitignore
@@ -170,4 +170,3 @@ chatmail.zone
 /custom/
 docker-compose.yaml
 .env
-/traefik/data/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,30 +2,47 @@

 ## untagged

+- Setup TURN server
+  ([#621](https://github.com/chatmail/relay/pull/621))
+
 - cmdeploy: make --ssh-host work with localhost
  ([#659](https://github.com/chatmail/relay/pull/659))

 - Update iroh-relay to 0.35.0
  ([#650](https://github.com/chatmail/relay/pull/650))

+- filtermail: accept mails from Protonmail
+  ([#616](https://github.com/chatmail/relay/pull/655))
+
 - Ignore all RCPT TO: parameters
  ([#651](https://github.com/chatmail/relay/pull/651))

+- Add config parameter for Let's Encrypt ACME email
+  ([#663](https://github.com/chatmail/relay/pull/663))
+
 - Use max username length in newemail.py, not min
  ([#648](https://github.com/chatmail/relay/pull/648))

+- Add startup for `fcgiwrap.service` because sometimes it did not start automatically.
+  ([#657](https://github.com/chatmail/relay/pull/657))
+
+- Add `cmdeploy init --force` command for recreating chatmail.ini
+  ([#656](https://github.com/chatmail/relay/pull/656))
+
 - Increase maxproc for reinjecting ports from 10 to 100
  ([#646](https://github.com/chatmail/relay/pull/646))

 - Allow ports 143 and 993 to be used by `dovecot` process
  ([#639](https://github.com/chatmail/relay/pull/639))

+- Add `--skip-dns-check` argument to `cmdeploy run` command, which disables DNS record checking before installation.
+  ([#661](https://github.com/chatmail/relay/pull/661))
+
 - Add installation via docker compose (MVP 1). The instructions, known issues and limitations are located in `/docs` 
  ([#614](https://github.com/chatmail/relay/pull/614))

 - Add configuration parameters
  ([#614](https://github.com/chatmail/relay/pull/614)):
-  - `use_foreign_cert_manager` - Use a third-party certificate manager instead of acmetool (default: `False`)
  - `change_kernel_settings` - Whether to change kernel parameters during installation (default: `True`)
  - `fs_inotify_max_user_instances_and_watchers` - Value for kernel parameters `fs.inotify.max_user_instances` and `fs.inotify.max_user_watches` (default: `65535`)

--- a/README.md
+++ b/README.md
@@ -101,7 +101,10 @@ Please substitute it with your own domain.
   (it can take some time until they are public).

 ### Docker installation
-Installation using docker compose is presented [here](./docs/DOCKER_INSTALLATION_EN.md)
+
+We have experimental support for [docker compose](./docs/DOCKER_INSTALLATION_EN.md),
+but it is not covered by automated tests yet,
+so don't expect everything to work.

 ### Other helpful commands

--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -29,6 +29,7 @@ echobot = "chatmaild.echo:main"
 chatmail-metrics = "chatmaild.metrics:main"
 delete_inactive_users = "chatmaild.delete_inactive_users:main"
 lastlogin = "chatmaild.lastlogin:main"
+turnserver = "chatmaild.turnserver:main"

 [project.entry-points.pytest11]
 "chatmaild.testplugin" = "chatmaild.tests.plugin"
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -44,9 +44,7 @@ class Config:
        )
        self.mtail_address = params.get("mtail_address")
        self.disable_ipv6 = params.get("disable_ipv6", "false").lower() == "true"
-        self.use_foreign_cert_manager = (
-            params.get("use_foreign_cert_manager", "false").lower() == "true"
-        )
+        self.acme_email = params.get("acme_email", "")
        self.change_kernel_settings = (
            params.get("change_kernel_settings", "true").lower() == "true"
        )
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -83,8 +83,14 @@ def check_openpgp_payload(payload: bytes):
    return False


-def check_armored_payload(payload: str):
-    prefix = "-----BEGIN PGP MESSAGE-----\r\n\r\n"
+def check_armored_payload(payload: str, outgoing: bool):
+    """Check the armored PGP message for invalid content.
+
+    :param payload: the armored PGP message
+    :param outgoing: whether the message is outgoing or incoming
+    :return: whether the message is a valid PGP message
+    """
+    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
    if not payload.startswith(prefix):
        return False
    payload = payload.removeprefix(prefix)
@@ -96,6 +102,17 @@ def check_armored_payload(payload: str):
        return False
    payload = payload.removesuffix(suffix)

+    # Disallow comments in outgoing messages
+    version_comment = "Version: "
+    if payload.startswith(version_comment):
+        version_line = payload.splitlines()[0]
+        payload = payload.removeprefix(version_line)
+        if outgoing:
+            return False
+
+    while payload.startswith("\r\n"):
+        payload = payload.removeprefix("\r\n")
+
    # Remove CRC24.
    payload = payload.rpartition("=")[0]

@@ -131,7 +148,7 @@ def is_securejoin(message):
    return True


-def check_encrypted(message):
+def check_encrypted(message, outgoing=True):
    """Check that the message is an OpenPGP-encrypted message.

    MIME structure of the message must correspond to <https://www.rfc-editor.org/rfc/rfc3156>.
@@ -158,7 +175,7 @@ def check_encrypted(message):
            if part.get_content_type() != "application/octet-stream":
                return False

-            if not check_armored_payload(part.get_payload()):
+            if not check_armored_payload(part.get_payload(), outgoing=outgoing):
                return False
        else:
            return False
@@ -241,7 +258,7 @@ class OutgoingBeforeQueueHandler:
        logging.info(f"Processing DATA message from {envelope.mail_from}")

        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
-        mail_encrypted = check_encrypted(message)
+        mail_encrypted = check_encrypted(message, outgoing=True)

        _, from_addr = parseaddr(message.get("from").strip())

@@ -301,7 +318,7 @@ class IncomingBeforeQueueHandler:
        logging.info(f"Processing DATA message from {envelope.mail_from}")

        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
-        mail_encrypted = check_encrypted(message)
+        mail_encrypted = check_encrypted(message, outgoing=False)

        if mail_encrypted or is_securejoin(message):
            print("Incoming: Filtering encrypted mail.", file=sys.stderr)
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -45,11 +45,14 @@ passthrough_senders =
 # (space-separated, item may start with "@" to whitelist whole recipient domains)
 passthrough_recipients = xstore@testrun.org echo@{mail_domain}

+# path to www directory - documented here: https://github.com/chatmail/relay/#custom-web-pages
+#www_folder = www
+
 #
 # Deployment Details
 #

-# SMTP outgoing filtermail and reinjection
+# SMTP outgoing filtermail and reinjection 
 filtermail_smtp_port = 10080
 postfix_reinject_port = 10025

@@ -60,8 +63,8 @@ postfix_reinject_port_incoming = 10026
 # if set to "True" IPv6 is disabled
 disable_ipv6 = False

-# if you set "True", acmetool will not be installed and you will have to manage certificates yourself.
-use_foreign_cert_manager = False
+# Your email adress, which will be used in acmetool to manage Let's Encrypt SSL certificates
+acme_email = 

 #
 # Kernel settings
--- a/chatmaild/src/chatmaild/metadata.py
+++ b/chatmaild/src/chatmaild/metadata.py
@@ -7,6 +7,7 @@ from .config import read_config
 from .dictproxy import DictProxy
 from .filedict import FileDict
 from .notifier import Notifier
+from .turnserver import turn_credentials


 def _is_valid_token_timestamp(timestamp, now):
@@ -75,11 +76,12 @@ class Metadata:


 class MetadataDictProxy(DictProxy):
-    def __init__(self, notifier, metadata, iroh_relay=None):
+    def __init__(self, notifier, metadata, iroh_relay=None, turn_hostname=None):
        super().__init__()
        self.notifier = notifier
        self.metadata = metadata
        self.iroh_relay = iroh_relay
+        self.turn_hostname = turn_hostname

    def handle_lookup(self, parts):
        # Lpriv/43f5f508a7ea0366dff30200c15250e3/devicetoken\tlkj123poi@c2.testrun.org
@@ -98,6 +100,11 @@ class MetadataDictProxy(DictProxy):
            ):
                # Handle `GETMETADATA "" /shared/vendor/deltachat/irohrelay`
                return f"O{self.iroh_relay}\n"
+            elif keyname == "vendor/vendor.dovecot/pvt/server/vendor/deltachat/turn":
+                res = turn_credentials()
+                port = 3478
+                return f"O{self.turn_hostname}:{port}:{res}\n"
+
        logging.warning(f"lookup ignored: {parts!r}")
        return "N\n"

@@ -121,6 +128,7 @@ def main():

    config = read_config(config_path)
    iroh_relay = config.iroh_relay
+    mail_domain = config.mail_domain

    vmail_dir = config.mailboxes_dir
    if not vmail_dir.exists():
@@ -134,7 +142,10 @@ def main():
    notifier.start_notification_threads(metadata.remove_token_from_addr)

    dictproxy = MetadataDictProxy(
-        notifier=notifier, metadata=metadata, iroh_relay=iroh_relay
+        notifier=notifier,
+        metadata=metadata,
+        iroh_relay=iroh_relay,
+        turn_hostname=mail_domain,
    )

    dictproxy.serve_forever_from_socket(socket)
--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -241,8 +241,9 @@ def test_cleartext_passthrough_senders(gencreds, handler, maildata):


 def test_check_armored_payload():
-    payload = """-----BEGIN PGP MESSAGE-----\r
-\r
+    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
+    comment = "Version: ProtonMail\r\n"
+    payload = """\r
 wU4DSqFx0d1yqAoSAQdAYkX/ZN/Az4B0k7X47zKyWrXxlDEdS3WOy0Yf2+GJTFgg\r
 Zk5ql0mLG8Ze+ZifCS0XMO4otlemSyJ0K1ZPdFMGzUDBTgNqzkFabxXoXRIBB0AM\r
 755wlX41X6Ay3KhnwBq7yEqSykVH6F3x11iHPKraLCAGZoaS8bKKNy/zg5slda1X\r
@@ -278,16 +279,25 @@ UN4fiB0KR9JyG2ayUdNJVkXZSZLnHyRgiaadlpUo16LVvw==\r
 \r
 """

-    assert check_armored_payload(payload) == True
+    commented_payload = prefix + comment + payload
+    assert check_armored_payload(commented_payload, outgoing=False) == True
+    assert check_armored_payload(commented_payload, outgoing=True) == False
+
+    payload = prefix + payload
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True

    payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload) == True
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True

    payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload) == True
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True

    payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload) == True
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True

    payload = """-----BEGIN PGP MESSAGE-----\r
 \r
@@ -295,7 +305,8 @@ HELLOWORLD
 -----END PGP MESSAGE-----\r
 \r
 """
-    assert check_armored_payload(payload) == False
+    assert check_armored_payload(payload, outgoing=False) == False
+    assert check_armored_payload(payload, outgoing=True) == False

    payload = """-----BEGIN PGP MESSAGE-----\r
 \r
@@ -303,7 +314,8 @@ HELLOWORLD
 -----END PGP MESSAGE-----\r
 \r
 """
-    assert check_armored_payload(payload) == False
+    assert check_armored_payload(payload, outgoing=False) == False
+    assert check_armored_payload(payload, outgoing=True) == False

    # Test payload using partial body length
    # as generated by GopenPGP.
@@ -345,4 +357,5 @@ myLbG7cJB787QjplEyVe2P/JBO6xYvbkJLf9Q+HaviTO25rugRSrYsoKMDfO8VlQ\r
 =6iHb\r
 -----END PGP MESSAGE-----\r
 """
-    assert check_armored_payload(payload) == True
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True
--- a/chatmaild/src/chatmaild/turnserver.py
+++ b/chatmaild/src/chatmaild/turnserver.py
@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+import socket
+
+
+def turn_credentials() -> str:
+    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_socket:
+        client_socket.connect("/run/chatmail-turn/turn.socket")
+        with client_socket.makefile("rb") as file:
+            return file.readline().decode("utf-8")
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -128,6 +128,7 @@ def _install_remote_venv_with_chatmaild(config) -> None:
        "echobot",
        "chatmail-metadata",
        "lastlogin",
+        "turnserver",
    ):
        execpath = fn if fn != "filtermail-incoming" else "filtermail"
        params = dict(
@@ -498,6 +499,56 @@ def check_config(config):
    return config


+def deploy_turn_server(config):
+    (url, sha256sum) = {
+        "x86_64": (
+            "https://github.com/chatmail/chatmail-turn/releases/download/v0.3/chatmail-turn-x86_64-linux",
+            "841e527c15fdc2940b0469e206188ea8f0af48533be12ecb8098520f813d41e4",
+        ),
+        "aarch64": (
+            "https://github.com/chatmail/chatmail-turn/releases/download/v0.3/chatmail-turn-aarch64-linux",
+            "a5fc2d06d937b56a34e098d2cd72a82d3e89967518d159bf246dc69b65e81b42",
+        ),
+    }[host.get_fact(facts.server.Arch)]
+
+    need_restart = False
+
+    existing_sha256sum = host.get_fact(Sha256File, "/usr/local/bin/chatmail-turn")
+    if existing_sha256sum != sha256sum:
+        server.shell(
+            name="Download chatmail-turn",
+            commands=[
+                f"(curl -L {url} >/usr/local/bin/chatmail-turn.new && (echo '{sha256sum} /usr/local/bin/chatmail-turn.new' | sha256sum -c) && mv /usr/local/bin/chatmail-turn.new /usr/local/bin/chatmail-turn)",
+                "chmod 755 /usr/local/bin/chatmail-turn",
+            ],
+        )
+        need_restart = True
+
+    source_path = importlib.resources.files(__package__).joinpath(
+        "service", "turnserver.service.f"
+    )
+    content = source_path.read_text().format(mail_domain=config.mail_domain).encode()
+
+    systemd_unit = files.put(
+        name="Upload turnserver.service",
+        src=io.BytesIO(content),
+        dest="/etc/systemd/system/turnserver.service",
+        user="root",
+        group="root",
+        mode="644",
+    )
+    need_restart |= systemd_unit.changed
+
+    systemd.service(
+        name="Setup turnserver service",
+        service="turnserver.service",
+        running=True,
+        enabled=True,
+        restarted=need_restart,
+        daemon_reload=systemd_unit.changed,
+    )
+
+
 def deploy_mtail(config):
    # Uninstall mtail package, we are going to install a static binary.
    apt.packages(name="Uninstall mtail", packages=["mtail"], present=False)
@@ -674,6 +725,8 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
        packages=["rsync"],
    )

+    deploy_turn_server(config)
+
    # Run local DNS resolver `unbound`.
    # `resolvconf` takes care of setting up /etc/resolv.conf
    # to use 127.0.0.1 as the resolver.
@@ -726,11 +779,11 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
    deploy_iroh_relay(config)

    # Deploy acmetool to have TLS certificates.
-    if not config.use_foreign_cert_manager:
-        tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
-        deploy_acmetool(
-            domains=tls_domains,
-        )
+    tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
+    deploy_acmetool(
+        email=config.acme_email,
+        domains=tls_domains,
+    )

    apt.packages(
        # required for setfacl for echobot
@@ -767,7 +820,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
        if build_dir:
            www_path = build_webpages(src_dir, build_dir, config)
        # if it is not a hugo page, upload it as is
-        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz"])
+        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz", "--chown=www-data"])

    _install_remote_venv_with_chatmaild(config)
    debug = False
@@ -815,6 +868,13 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
        restarted=nginx_need_restart,
    )

+    systemd.service(
+        name="Start and enable fcgiwrap",
+        service="fcgiwrap.service",
+        running=True,
+        enabled=True,
+    )
+
    systemd.service(
        name="Restart echobot if postfix and dovecot were just started",
        service="echobot.service",
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -19,7 +19,7 @@ from packaging import version
 from termcolor import colored

 from . import dns, remote
-from .sshexec import SSHExec
+from .sshexec import SSHExec, LocalExec

 #
 # cmdeploy sub commands and options
@@ -32,17 +32,30 @@ def init_cmd_options(parser):
        action="store",
        help="fully qualified DNS domain name for your chatmail instance",
    )
+    parser.add_argument(
+        "--force",
+        dest="recreate_ini",
+        action="store_true",
+        help="force reacreate ini file",
+    )


 def init_cmd(args, out):
    """Initialize chatmail config file."""
    mail_domain = args.chatmail_domain
+    inipath = args.inipath
    if args.inipath.exists():
-        print(f"Path exists, not modifying: {args.inipath}")
-        return 1
-    else:
-        write_initial_config(args.inipath, mail_domain, overrides={})
-        out.green(f"created config file for {mail_domain} in {args.inipath}")
+        if not args.recreate_ini:
+            print(f"[WARNING] Path exists, not modifying: {inipath}")
+            return 1
+        else:
+            print(
+                f"[WARNING] Force argument was provided, deleting config file: {inipath}"
+            )
+            inipath.unlink()
+
+    write_initial_config(inipath, mail_domain, overrides={})
+    out.green(f"created config file for {mail_domain} in {inipath}")


 def run_cmd_options(parser):
@@ -59,10 +72,12 @@ def run_cmd_options(parser):
        help="install/upgrade the server, but disable postfix & dovecot for now",
    )
    parser.add_argument(
-        "--ssh-host",
-        dest="ssh_host",
-        help="Deploy to 'localhost', via 'docker', or to a specific SSH host",
+        "--skip-dns-check",
+        dest="dns_check_disabled",
+        action="store_true",
+        help="disable checks nslookup for dns",
    )
+    add_ssh_host_option(parser)


 def run_cmd(args, out):
@@ -71,9 +86,10 @@ def run_cmd(args, out):
    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
    sshexec = get_sshexec(ssh_host)
    require_iroh = args.config.enable_iroh_relay
-    remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
-    if not dns.check_initial_remote_data(remote_data, print=out.red):
-        return 1
+    if not args.dns_check_disabled:
+        remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
+        if not dns.check_initial_remote_data(remote_data, print=out.red):
+            return 1

    env = os.environ.copy()
    env["CHATMAIL_INI"] = args.inipath
@@ -83,7 +99,7 @@ def run_cmd(args, out):
    pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"

    cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
-    if ssh_host in ["localhost", "docker"]:
+    if ssh_host in ["localhost", "@docker"]:
        cmd = f"{pyinf} @local {deploy_path} -y"

    if version.parse(pyinfra.__version__) < version.parse("3"):
@@ -93,14 +109,15 @@ def run_cmd(args, out):
    try:
        retcode = out.check_call(cmd, env=env)
        if retcode == 0:
-            print("\nYou can try out the relay by talking to this echo bot: ")
-            sshexec = SSHExec(args.config.mail_domain, verbose=args.verbose)
-            print(
-                sshexec(
-                    call=remote.rshell.shell,
-                    kwargs=dict(command="cat /var/lib/echobot/invite-link.txt"),
+            if not args.disable_mail:
+                print("\nYou can try out the relay by talking to this echo bot: ")
+                sshexec = SSHExec(args.config.mail_domain, verbose=args.verbose)
+                print(
+                    sshexec(
+                        call=remote.rshell.shell,
+                        kwargs=dict(command="cat /var/lib/echobot/invite-link.txt"),
+                    )
                )
-            )
            server_deployed_message = f"Chatmail server started: https://{args.config.mail_domain}/"
            delimiter_line = "=" * len(server_deployed_message)
            out.green(f"{delimiter_line}\n{server_deployed_message}\n{delimiter_line}")
@@ -125,11 +142,7 @@ def dns_cmd_options(parser):
        default=None,
        help="write out a zonefile",
    )
-    parser.add_argument(
-        "--ssh-host",
-        dest="ssh_host",
-        help="Run the DNS queries on 'localhost', in the chatmail 'docker' container, or on a specific SSH host",
-    )
+    add_ssh_host_option(parser)


 def dns_cmd(args, out):
@@ -289,6 +302,15 @@ class Out:
        return proc.returncode


+def add_ssh_host_option(parser):
+    parser.add_argument(
+        "--ssh-host",
+        dest="ssh_host",
+        help="Run commands on 'localhost', via '@docker', or on a specific SSH host "
+             "instead of chatmail.ini's mail_domain.",
+    )
+
+
 def add_config_option(parser):
    parser.add_argument(
        "--config",
@@ -346,9 +368,9 @@ def get_parser():

 def get_sshexec(ssh_host: str, verbose=True):
    if ssh_host in ["localhost", "@local"]:
-        return "localhost"
-    elif ssh_host == "docker":
-        return "docker"
+        return LocalExec(verbose, docker=False)
+    elif ssh_host == "@docker":
+        return LocalExec(verbose, docker=True)
    if verbose:
        print(f"[ssh] login to {ssh_host}")
    return SSHExec(ssh_host, verbose=verbose)
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -7,15 +7,9 @@ from . import remote


 def get_initial_remote_data(sshexec, mail_domain):
-    if sshexec == "localhost":
-        result = remote.rdns.perform_initial_checks(mail_domain)
-    elif sshexec == "docker":
-        result = remote.rdns.perform_initial_checks(mail_domain, pre_command="docker exec chatmail ")
-    else:
-        result = sshexec.logged(
-            call=remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=mail_domain)
-        )
-    return result
+    return sshexec.logged(
+        call=remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=mail_domain)
+    )


 def check_initial_remote_data(remote_data, *, print=print):
@@ -50,14 +44,9 @@ def check_full_zone(sshexec, remote_data, out, zonefile) -> int:
    """Check existing DNS records, optionally write them to zone file
    and return (exitcode, remote_data) tuple."""

-    if sshexec in ["localhost", "docker"]:
-        required_diff, recommended_diff = remote.rdns.check_zonefile(
-            zonefile=zonefile, verbose=False
-        )
-    else:
-        required_diff, recommended_diff = sshexec.logged(
-            remote.rdns.check_zonefile, kwargs=dict(zonefile=zonefile, verbose=False),
-        )
+    required_diff, recommended_diff = sshexec.logged(
+        remote.rdns.check_zonefile, kwargs=dict(zonefile=zonefile, verbose=False),
+    )

    returncode = 0
    if required_diff:
--- a/cmdeploy/src/cmdeploy/iroh-relay.toml
+++ b/cmdeploy/src/cmdeploy/iroh-relay.toml
@@ -1,5 +1,11 @@
 enable_relay = true
 http_bind_addr = "[::]:3340"
-enable_stun = true
+
+# Disable built-in STUN server in iroh-relay 0.35
+# as we deploy our own TURN server instead.
+# STUN server is going to be removed in iroh-relay 1.0
+# and this line can be removed after upgrade.
+enable_stun = false
+
 enable_metrics = false
 metrics_bind_addr = "127.0.0.1:9092"
--- a/cmdeploy/src/cmdeploy/service/turnserver.service.f
+++ b/cmdeploy/src/cmdeploy/service/turnserver.service.f
@@ -0,0 +1,16 @@
+[Unit]
+Description=A wrapper for the TURN server
+After=network.target
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/local/bin/chatmail-turn --realm {mail_domain} --socket /run/chatmail-turn/turn.socket
+
+# Create /run/chatmail-turn
+RuntimeDirectory=chatmail-turn
+User=vmail
+Group=vmail
+
+[Install]
+WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/sshexec.py
+++ b/cmdeploy/src/cmdeploy/sshexec.py
@@ -82,3 +82,19 @@ class SSHExec:
            res = self(call, kwargs, log_callback=remote.rshell.log_progress)
            print_stderr()
            return res
+
+
+class LocalExec:
+    def __init__(self, verbose=False, docker=False):
+        self.verbose = verbose
+        self.docker = docker
+
+    def logged(self, call, kwargs: dict):
+        where = "locally"
+        if self.docker:
+            if call == remote.rdns.perform_initial_checks:
+                kwargs['pre_command'] = "docker exec chatmail "
+                where = "in docker"
+        if self.verbose:
+            print(f"Running {where}: {call.__name__}(**{kwargs})")
+        return call(**kwargs)
--- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
@@ -2,6 +2,7 @@ import datetime
 import smtplib
 import socket
 import subprocess
+import time

 import pytest

@@ -9,10 +10,37 @@ from cmdeploy import remote
 from cmdeploy.sshexec import SSHExec


+class FuncError(Exception):
+    pass
+
+
+class DockerExec:
+    FuncError = FuncError
+
+    def __init__(self, pre_command):
+        self.pre_command = pre_command
+
+    def __call__(self, call, kwargs=None):
+        if kwargs is None:
+            kwargs = {}
+        return call(**kwargs)
+
+    def logged(self, call, kwargs):
+        title = call.__doc__
+        if not title:
+            title = call.__name__
+        print("[ssh] " + title)
+        return self(call, kwargs)
+
+
 class TestSSHExecutor:
    @pytest.fixture(scope="class")
    def sshexec(self, sshdomain):
-        return SSHExec(sshdomain)
+        try:
+            sshexec = SSHExec(sshdomain)
+        except FileNotFoundError:
+            sshexec = DockerExec("docker exec chatmail ")
+        return sshexec

    def test_ls(self, sshexec):
        out = sshexec(call=remote.rdns.shell, kwargs=dict(command="ls"))
@@ -26,11 +54,14 @@ class TestSSHExecutor:
        assert res["A"] or res["AAAA"]

    def test_logged(self, sshexec, maildomain, capsys):
+        if isinstance(sshexec, DockerExec):
+            pytest.skip("This test only works via SSH")
        sshexec.logged(
            remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=maildomain)
        )
        out, err = capsys.readouterr()
        assert err.startswith("Collecting")
+        # XXX could not figure out how capturing can be made to work properly
        #assert err.endswith("....\n")
        assert err.count("\n") == 1

@@ -40,6 +71,7 @@ class TestSSHExecutor:
        )
        out, err = capsys.readouterr()
        lines = err.split("\n")
+        # XXX could not figure out how capturing can be made to work properly
        #assert len(lines) > 4
        assert remote.rdns.perform_initial_checks.__doc__ in lines[0]

@@ -52,6 +84,8 @@ class TestSSHExecutor:
        except sshexec.FuncError as e:
            assert "rdns.py" in str(e)
            assert "AssertionError" in str(e)
+        except AssertionError:
+            assert isinstance(sshexec, DockerExec)
        else:
            pytest.fail("didn't raise exception")

@@ -69,7 +103,7 @@ def test_timezone_env(remote):
    for line in remote.iter_output("env"):
        print(line)
        if line == "tz=:/etc/localtime":
-            return True
+            return
    pytest.fail("TZ is not set")


@@ -146,6 +180,16 @@ def test_reject_missing_dkim(cmsetup, maildata, from_addr):
            s.sendmail(from_addr=from_addr, to_addrs=recipient.addr, msg=msg)


+def try_n_times(n, f):
+    for _ in range(n - 1):
+        try:
+            return f()
+        except Exception:
+            time.sleep(1)
+
+    return f()
+
+
 def test_rewrite_subject(cmsetup, maildata):
    """Test that subject gets replaced with [...]."""
    user1, user2 = cmsetup.gen_users(2)
@@ -158,7 +202,8 @@ def test_rewrite_subject(cmsetup, maildata):
    ).as_string()
    user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user2.addr], msg=sent_msg)

-    messages = user2.imap.fetch_all_messages()
+    # The message may need some time to get delivered by postfix.
+    messages = try_n_times(5, user2.imap.fetch_all_messages)
    assert len(messages) == 1
    rcvd_msg = messages[0]
    assert "Subject: [...]" not in sent_msg
--- a/cmdeploy/src/cmdeploy/tests/plugin.py
+++ b/cmdeploy/src/cmdeploy/tests/plugin.py
@@ -337,10 +337,14 @@ class Remote:

    def iter_output(self, logcmd=""):
        getjournal = "journalctl -f" if not logcmd else logcmd
-        self.popen = subprocess.Popen(
-            ["ssh", f"root@{self.sshdomain}", getjournal],
-            stdout=subprocess.PIPE,
-        )
+        try:
+            self.popen = subprocess.Popen(
+                ["ssh", f"root@{self.sshdomain}", getjournal],
+                stdout=subprocess.PIPE,
+            )
+        except FileNotFoundError:
+            # inside docker container, run locally
+            self.popen = subprocess.Popen([getjournal], stdout=subprocess.PIPE)
        while 1:
            line = self.popen.stdout.readline()
            res = line.decode().strip().lower()
--- a/cmdeploy/src/cmdeploy/tests/test_cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/tests/test_cmdeploy.py
@@ -26,10 +26,15 @@ class TestCmdline:
    def test_init_not_overwrite(self, capsys):
        assert main(["init", "chat.example.org"]) == 0
        capsys.readouterr()
+
        assert main(["init", "chat.example.org"]) == 1
        out, err = capsys.readouterr()
        assert "path exists" in out.lower()

+        assert main(["init", "chat.example.org", "--force"]) == 0
+        out, err = capsys.readouterr()
+        assert "deleting config file" in out.lower()
+

 def test_www_folder(example_config, tmp_path):
    reporoot = importlib.resources.files(__package__).joinpath("../../../../").resolve()
--- a/docker/docker-compose-traefik.yaml
+++ b/docker/docker-compose-traefik.yaml
@@ -1,136 +0,0 @@
-services:
-  chatmail:
-    build:
-      context: ./docker
-      dockerfile: chatmail_relay.dockerfile
-      tags:
-        - chatmail-relay:latest
-    image: chatmail-relay:latest
-    restart: unless-stopped
-    container_name: chatmail
-    depends_on:
-      - traefik-certs-dumper
-    cgroup: host # required for systemd
-    tty: true # required for logs
-    tmpfs: # required for systemd
-      - /tmp
-      - /run
-      - /run/lock
-    logging:
-      driver: json-file
-      options:
-        max-size: "10m"
-        max-file: "3"
-    environment: #all possible variables you can check inside README and /chatmaild/src/chatmaild/ini/chatmail.ini.f
-      MAIL_DOMAIN: $MAIL_DOMAIN
-      # MAX_MESSAGE_SIZE: "50M"
-      # DEBUG_COMMANDS_ENABLED: "true"
-      # FORCE_REINIT_INI_FILE: "true"
-      # RECREATE_VENV: "false"
-      USE_FOREIGN_CERT_MANAGER: "true"
-      CHANGE_KERNEL_SETTINGS: "false"
-      PATH_TO_SSL: "${CERTS_ROOT_DIR_CONTAINER}/${MAIL_DOMAIN}"
-      ENABLE_CERTS_MONITORING: "true"
-      # CERTS_MONITORING_TIMEOUT: 60
-      # IS_DEVELOPMENT_INSTANCE: "true"
-    ports:
-      - "25:25"
-      - "587:587"
-      - "143:143"
-      - "465:465"
-      - "993:993"
-    volumes:
-      ## system
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd
-      - ./:/opt/chatmail
-      - ${CERTS_ROOT_DIR_HOST}:${CERTS_ROOT_DIR_CONTAINER}:ro
-
-      ## data
-      - ./data/chatmail:/home
-      # - ./data/chatmail-dkimkeys:/etc/dkimkeys
-      # - ./data/chatmail-echobot:/run/echobot
-      # - ./data/chatmail-acme:/var/lib/acme
-
-      ## custom resources
-      # - ./custom/www/src/index.md:/opt/chatmail/www/src/index.md
-
-      ## debug
-      # - ./docker/files/setup_chatmail_docker.sh:/setup_chatmail_docker.sh
-      # - ./docker/files/entrypoint.sh:/entrypoint.sh
-      # - ./docker/files/update_ini.sh:/update_ini.sh
-
-    labels:
-      - traefik.enable=true
-      - traefik.http.services.chatmail-relay.loadbalancer.server.scheme=https
-      - traefik.http.services.chatmail-relay.loadbalancer.server.port=443
-      - traefik.http.services.chatmail-relay.loadbalancer.serverstransport=insecure@file
-      - traefik.http.routers.chatmail-relay.rule=Host(`${MAIL_DOMAIN}`) || Host(`mta-sts.${MAIL_DOMAIN}`) || Host(`www.${MAIL_DOMAIN}`)
-      - traefik.http.routers.chatmail-relay.service=chatmail-relay
-      - traefik.http.routers.chatmail-relay.tls=true
-      - traefik.http.routers.chatmail-relay.tls.certresolver=letsEncrypt
-
-  traefik_init:
-    image: alpine:latest
-    restart: on-failure
-    logging:
-      driver: json-file
-      options:
-        max-size: "10m"
-        max-file: "3"
-    working_dir: /app
-    entrypoint: sh -c '
-      touch acme.json &&
-      chown 0:0 ./acme.json &&
-      chmod 600 ./acme.json'
-    volumes:
-      - ./traefik/data:/app
-
-  traefik:
-    image: traefik:v3.3
-    container_name: traefik
-    restart: unless-stopped
-    logging:
-      driver: json-file
-      options:
-        max-size: "10m"
-        max-file: "3"
-    command:
-      - "--configFile=/config.yaml"
-      - "--certificatesresolvers.letsEncrypt.acme.email=${ACME_EMAIL}"
-    # ports:
-    #   - "80:80"
-    #   - "443:443"
-    network_mode: host
-    depends_on:
-      traefik_init:
-        condition: service_completed_successfully
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik/config.yaml:/config.yaml
-      - ./traefik/data/acme.json:/acme.json
-      - ./traefik/dynamic-configs:/dynamic/conf
-
-  traefik-certs-dumper:
-    image: ldez/traefik-certs-dumper:v2.10.0
-    restart: unless-stopped
-    logging:
-      driver: json-file
-      options:
-        max-size: "10m"
-        max-file: "3"
-    depends_on:
-      - traefik
-    entrypoint: sh -c '
-      apk add openssl &&
-      while ! [ -e /data/acme.json ]
-      || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
-      sleep 1
-      ; done
-      && traefik-certs-dumper file --version v3 --watch --domain-subdir=true
-      --source /data/acme.json --dest /data/letsencrypt/certs --post-hook "sh /post-hook.sh"'
-    environment:
-      CERTS_DIR: /data/letsencrypt/certs
-    volumes:
-      - ./traefik/data/letsencrypt:/data/letsencrypt
-      - ./traefik/data/acme.json:/data/acme.json
-      - ./traefik/post-hook.sh:/post-hook.sh
--- a/docker/example.env
+++ b/docker/example.env
@@ -1,5 +1 @@
 MAIL_DOMAIN="chat.example.com"
-ACME_EMAIL="my.email@gmail.com"
-
-CERTS_ROOT_DIR_HOST="./traefik/data/letsencrypt/certs"
-CERTS_ROOT_DIR_CONTAINER="/var/lib/acme/live"
--- a/docker/files/entrypoint.sh
+++ b/docker/files/entrypoint.sh
@@ -3,19 +3,6 @@ set -eo pipefail

 unlink /etc/nginx/sites-enabled/default || true

-if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then
-    if [ ! -f "$PATH_TO_SSL/fullchain" ]; then
-        echo "Error: file '$PATH_TO_SSL/fullchain' does not exist. Exiting..." > /dev/stderr
-        sleep 2
-        exit 1
-    fi
-    if [ ! -f "$PATH_TO_SSL/privkey" ]; then
-        echo "Error: file '$PATH_TO_SSL/privkey' does not exist. Exiting..." > /dev/stderr
-        sleep 2
-        exit 1
-    fi
-fi
-
 SETUP_CHATMAIL_SERVICE_PATH="${SETUP_CHATMAIL_SERVICE_PATH:-/lib/systemd/system/setup_chatmail.service}"

 env_vars=$(printenv | cut -d= -f1 | xargs)
--- a/docs/DOCKER_INSTALLATION_EN.md
+++ b/docs/DOCKER_INSTALLATION_EN.md
@@ -32,25 +32,11 @@ Please substitute it with your own domain.
   ```

 ## Installation
-When installing via Docker, there are several options:

- Use the built-in nginx and acmetool in Chatmail container to host the chat and manage certificates.
- Use third-party tools for certificate management.
-
-For the third-party certificate manager example, traefik will be used, but you can use whatever is more convenient for you.
-
-1. Copy the file `./docker/docker-compose-default.yaml` or `./docker/docker-compose-traefik.yaml` and rename it to `docker-compose.yaml`. This is necessary because `docker-compose.yaml` is in `.gitignore` and won’t cause conflicts when updating the git repository.
+1. Copy the file `./docker/docker-compose-default.yaml` to `docker-compose.yaml`. This is necessary because `docker-compose.yaml` is in `.gitignore` and won’t cause conflicts when updating the git repository.

 ```shell
 cp ./docker/docker-compose-default.yaml docker-compose.yaml
-## or
-# cp ./docker/docker-compose-traefik.yaml docker-compose.yaml
-```
-
-2. Copy `./docker/example.env` and rename it to `.env`. This file stores variables used in `docker-compose.yaml`.
-
-```shell
-cp ./docker/example.env .env
 ```

 3. Configure environment variables in the `.env` file. These variables are used in the `docker-compose.yaml` file to pass repeated values.
@@ -96,11 +82,6 @@ docker compose logs -f chatmail # view container logs, press CTRL+C to exit

 8. After installation is complete, you can open `https://<your_domain_name>` in your browser.

-9. To send messages to other chatmail relays,
-   you need to set additional DNS records.
-   Run `docker exec chatmail scripts/cmdeploy.sh dns --ssh-host localhost`
-   to see recommended DNS records and check whether they are correct.
-
 ## Using custom files

 When using Docker, you can apply modified configuration files to make the installation more personalized. This is usually needed for the `www/src` section so that the Chatmail landing page is customized to your taste, but it can be used for any other cases as well.
--- a/docs/DOCKER_INSTALLATION_RU.md
+++ b/docs/DOCKER_INSTALLATION_RU.md
@@ -29,22 +29,10 @@ Please substitute it with your own domain.
   ```

 ## Installation
-При установке через docker есть несколько вариантов:
- использовать встроенный в chatmail контейнер nginx и acmetool для хостинга чата и управления сертификатами.
- использовать сторонние инструменты для менеджмента сертификатов

-В качестве примера для стороннего менеджера сертификатов будет использоваться traefik, но вы можете использовать то что удобнее вам.
-
-1. Скопировать файл `./docker/docker-compose-default.yaml` или `./docker/docker-compose-traefik.yaml` и переименовать в `docker-compose.yaml`. Это нужно потому что `docker-compose.yaml` находится в `.gitignore` и не будет создавать конфликты при обновлении гит репозитория.
+1. Скопировать файл `./docker/docker-compose-default.yaml` в `docker-compose.yaml`. Это нужно потому что `docker-compose.yaml` находится в `.gitignore` и не будет создавать конфликты при обновлении гит репозитория.
 ```shell
 cp ./docker/docker-compose-default.yaml docker-compose.yaml
-## or
-# cp ./docker/docker-compose-traefik.yaml docker-compose.yaml
-```
-
-2. Скопировать `./docker/example.env` и переименовать в `.env`. Здесь хранятся переменные, которые используятся в `docker-compose.yaml`.
-```shell
-cp ./docker/example.env .env
 ```

 3. Настроить переменные окружения в `.env` файле. Эти переменные используются в `docker-compose.yaml` файле, чтобы передавать повторяющиеся значения.
--- a/traefik/config.yaml
+++ b/traefik/config.yaml
@@ -1,33 +0,0 @@
-log:
-  level: TRACE
-
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          permanent: true
-  websecure:
-    address: ":443"
-
-providers:
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-  file:
-    directory: /dynamic/conf
-    watch: true
-
-serverstransport:
-  insecureskipverify: true
-
-certificatesResolvers:
-  letsEncrypt:
-    acme:
-      storage: /acme.json
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-      tlschallenge: true
-      httpChallenge:
-        entryPoint: web
--- a/traefik/dynamic-configs/insecure.yaml
+++ b/traefik/dynamic-configs/insecure.yaml
@@ -1,4 +0,0 @@
-http:
-  serversTransports:
-    insecure:
-      insecureSkipVerify: true
--- a/traefik/post-hook.sh
+++ b/traefik/post-hook.sh
@@ -1,15 +0,0 @@
-CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
-
-echo "CERTS_DIR: $CERTS_DIR"
-
-for dir in "$CERTS_DIR"/*/; do
-    echo "Processing: $dir"
-    cd "$dir"
-    if [ -f "certificate.crt" ]; then
-        ln -sf certificate.crt fullchain
-    fi
-    if [ -f "privatekey.key" ]; then
-        ln -sf privatekey.key privkey
-    fi
-    cd -
-done
Author	SHA1	Message	Date
missytake	ff1fff288b	tests: let remote fixture run commands locally in a docker container	2025-10-18 17:35:43 +02:00
missytake	b070677362	tests: skip test_logged for DockerExec	2025-10-18 17:35:43 +02:00
missytake	00342dd667	tests: catch AssertionError by DockerExec	2025-10-18 17:35:43 +02:00
missytake	a23e8a8e59	tests: run tests in docker if SSH is not available	2025-10-18 17:35:43 +02:00
missytake	2f4cfcc03d	README: docker compose support is experimental	2025-10-14 22:29:34 +02:00
missytake	8ffb97a538	docker: enable DNS checks before cmdeploy run again	2025-10-14 22:29:34 +02:00
Keonik1	ad03bdb80d	fix unlink if default nginx conf is not exist - https://github.com/chatmail/relay/pull/614#discussion_r2297828830	2025-10-14 22:29:34 +02:00
Keonik1	28bf01912a	Fix issue with acmetool - https://github.com/chatmail/relay/pull/614#discussion_r2279630626	2025-10-14 22:29:34 +02:00
Keonik1	209a3cc272	Delete ssh connection from docker installation - https://github.com/chatmail/relay/pull/614#discussion_r2269986372 - https://github.com/chatmail/relay/pull/614#discussion_r2269991175 - https://github.com/chatmail/relay/pull/614#discussion_r2269995037 - https://github.com/chatmail/relay/pull/614#discussion_r2270004922	2025-10-14 22:29:34 +02:00
Keonik1	884bd9570b	fix docs - nginx "restart" to "reload" https://github.com/chatmail/relay/pull/614#discussion_r2269896158	2025-10-14 22:29:34 +02:00
Keonik1	07010c27e6	Fix bug with attaching certs	2025-10-14 22:29:34 +02:00
Keonik1	e102f1ace2	pass values to `MAIL_DOMAIN` and `ACME_EMAIL` from vars for docker-compose-default https://github.com/chatmail/relay/pull/614#discussion_r2279591922	2025-10-14 22:29:34 +02:00
Keonik1	1c4e118986	change "restart nginx" to "reload nginx" https://github.com/chatmail/relay/pull/614#discussion_r2269896158	2025-10-14 22:29:34 +02:00
Keonik1	ae3214f45e	add RECREATE_VENV var https://github.com/chatmail/relay/pull/614#discussion_r2279742769	2025-10-14 22:29:34 +02:00
Keonik1	4463c62ba7	add 465 port https://github.com/chatmail/relay/pull/614#discussion_r2279707059	2025-10-14 22:29:34 +02:00
Keonik1	2136469f02	add port 80 to docker-compose-default https://github.com/chatmail/relay/pull/614#discussion_r2279656441	2025-10-14 22:29:34 +02:00
Keonik1	5952465690	rename dockerfile https://github.com/chatmail/relay/pull/614#discussion_r2270031966	2025-10-14 22:29:34 +02:00
Keonik1	29b8bb34ee	Add installation via docker compose (MVP 1) - Adds configuration parameters (`change_kernel_settings`, `fs_inotify_max_user_instances_and_watchers`)	2025-10-14 22:29:34 +02:00
missytake	e7ddf6dc32	cmdeploy: make --ssh-host expect '@docker' instead of 'docker'	2025-10-14 22:27:02 +02:00
missytake	e3c77a5b37	cmdeploy: introduce LocalExec object	2025-10-14 22:27:02 +02:00
missytake	8256080ad1	Revert "tests: first attempt to mock shell() call" This reverts commit a0c632a7006a83c8b39cff86228296c32c5c5b9e.	2025-10-14 22:27:02 +02:00
missytake	248b225665	tests: first attempt to mock shell() call	2025-10-14 22:27:02 +02:00
missytake	79591adca4	cmdeploy: prepare for being able to run commands in docker containers	2025-10-14 22:27:02 +02:00
missytake	185757cf40	tests: disable failing stderr capturing in test_logged for now	2025-10-14 22:27:02 +02:00
missytake	87a3adec03	cmdeploy: allow to run SSH commands locally fix #604 related to #629 pulled out of https://github.com/Keonik1/relay/pull/3	2025-10-14 22:27:02 +02:00
cliffmccarthy	4f5719f590	test: Add retries to test_rewrite_subject() (#670 ) - test_rewrite_subject() is prone to failure when it checks for the delivered message, because fetch_all_messages() raises "ValueError: no messages in imap folder". The check has the potential to happen before the server has had a chance to deliver the message to the user's inbox. - Added a function try_n_times() that attempts to call a function the specified number of times, with a 1-second sleep between calls. The call is retried until it doesn't raise an exception. The last call is made without a 'try' block, so that the final exception passes through to the caller if it does not return. - Wrapped call to fetch_all_messages() in try_n_times(), with 5 attempts specified. This should usually allow enough time for the message to get moved from the postfix queue to the user's inbox.	2025-10-14 21:18:15 +02:00
cliffmccarthy	9787b63cbb	test: Return None for success in test_timezone_env() (#671 ) - test_timezone_env() is producing the warning, "PytestReturnNotNoneWarning: Test functions should return None, but src/cmdeploy/tests/online/test_1_basic.py::test_timezone_env returned <class 'bool'>". - Revised test_timezone_env() to return None for success instead of True.	2025-10-14 21:17:56 +02:00
missytake	6f600fa329	config: add www_folder to default config (#634 )	2025-10-14 21:17:08 +02:00
missytake	20b6e0c528	www: chown /var/www/html to www-data	2025-10-14 21:16:49 +02:00
missytake	262e98f0ba	filtermail: allow Version comment in incoming PGP messages (#655 ) fix #616 * filtermail: accept any Version comment in incoming messages	2025-10-14 19:15:13 +02:00
cliffmccarthy	d720b8107d	Don't print echobot link when disabling mail - On a fresh install, if cmdeploy is run the first time with the --disable-mail option, the echobot invite-link.txt file will not exist yet. - Only print the echobot invite link if --disable-mail was not specified. This fixes the fresh-install error case, and also makes sense when disabling mail in general, because the echo bot will not be available at that time.	2025-10-13 21:46:47 +02:00
link2xt	d7f50183ea	feat: setup TURN server	2025-10-10 18:32:32 +00:00
missytake	248603ab0a	cmdeploy: remove colors from cmdeploy init again, hard to test	2025-10-09 23:54:44 +02:00
missytake	123531f1eb	cmdeploy: add --force to cmdeploy init for recreating chatmail.ini	2025-10-09 23:54:44 +02:00
Keonik1	1170adc1d4	cmdeploy: start and enable fcgiwrap	2025-10-08 13:11:02 +02:00
missytake	a6f7ff3652	ci: skip DNS checks during cmdeploy run	2025-10-08 13:07:24 +02:00
Keonik1	d39076f0d6	cmdeploy: cmdeploy run option to skip DNS checks	2025-10-08 13:07:24 +02:00
Keonik1	65c0bf13f2	cmdeploy: add acme_email config value	2025-10-08 13:06:48 +02:00