diff --git a/machine-docs/JOURNAL-2.md b/machine-docs/JOURNAL-2.md index 6760b9e..2373e4c 100644 --- a/machine-docs/JOURNAL-2.md +++ b/machine-docs/JOURNAL-2.md @@ -1053,3 +1053,28 @@ Recon (abra recipe fetch + compose inspect; non-deploy) of the 3 remaining unenr (no upstream backup config) needing Adversary §7.1 sign-off or a recipe-PR. Plan discourse next: HTTP health, admin-API create-a-topic (+ read-back) for §4.3, postgres ci_marker for P4 (backupbot present). Hold the deploy until the Adversary's mumble cold-verify frees the single node. + +## 2026-05-29 — mailu (Q4.9) investigation; discourse (Q4.6) blocked +- **discourse Q4.6 BLOCKED**: `bitnami/discourse:*` images removed from Docker Hub (manifest unknown; + swarm "No such image" rejection). bitnamilegacy/discourse exists but install tier uses the gone + prev-published version → recipe-PR can't unblock until upstream re-releases. DEFERRED.md entry filed. + Scaffolding (recipe_meta+postgres-P4 ops/overlays+health) staged at ca7acf3 for when fixed. +- **mailu Q4.9 plan** (images all pullable — ghcr.io/mailu/* OK; NOT bitnami): + - Services: front(nginx)/admin/imap(dovecot)/smtp(postfix)/antispam(rspamd)/webmail(snappymail)/ + resolver/oletools/dkim... (~11). NO backupbot label → P4 N/A (recipe-PR-deferrable like immich) — + document in PARITY.md + DEFERRED, seek Adversary §7.1 sign-off OR file a backup recipe-PR. + - EXTRA_ENV needed: DOMAIN (harness sets), MAIL_DOMAIN, HOSTNAMES, TRAEFIK_STACK_NAME (cc-ci's + traefik stack name = traefik_ci_commoninternet_net), SITENAME, POSTMASTER, TLS_FLAVOR. Set + API=true + a MAILU API token if using the REST API; else use the admin-container CLI. + - Health: front serves; WEBROOT_REDIRECT=/webmail. HEALTH_PATH candidate `/admin` (login 200) or + `/` (302→/webmail). admin healthcheck is DISABLED in compose → rely on front + HTTP probe. + - §4.3 functional: create-an-object+read-back via the admin container CLI (headless, reliable): + exec_in_app(service="admin") `flask mailu domain ` + `flask mailu user + ` → read back via `flask mailu user` list / admin API → assert mailbox exists. Distinctive #2: + real mail flow — SMTP send (smtp service) → IMAP retrieve (imap service) of a unique-marker mail; + reachability likely needs host-published mail ports (like mumble host-ports) OR exec inside the + container using swaks/openssl. Simpler distinctive #2 if SMTP/IMAP host-reach is hard: create a + 2nd domain/alias via CLI + verify, or assert the admin API lists the created user. + - recipe_meta: DEPLOY_TIMEOUT generous (multi-service); confirm version tags for the upgrade tier. + - Build next iteration (fresh context): scaffold tests/mailu/, smoke deploy install,custom to find + the exact `flask mailu` invocation + health path + mail-port reachability, then add §4.3 tests.