# Per-recipe harness config for mailu (Phase 2 Q4.9 — full email stack: nginx front + admin +
# dovecot(imap) + postfix(smtp) + rspamd(antispam) + webmail + redis + certdumper).
#
# cc-ci integration notes:
# - TLS_FLAVOR=notls: mailu's mail-port TLS normally comes from `certdumper`, which dumps certs from
#   traefik's ACME acme.json. cc-ci uses a FILE-PROVIDER wildcard cert (no ACME), so there is no
#   acme.json — certdumper would never produce certs. notls disables mail-port TLS so the stack does
#   not depend on those certs. (certdumper still runs idle, mounting the existing
#   traefik_ci_commoninternet_net_letsencrypt volume; harmless.) The web/admin UI is served over the
#   real wildcard TLS via Traefik regardless.
# - TRAEFIK_STACK_NAME must match cc-ci's traefik stack so the external `*_letsencrypt` volume resolves.
# - MAIL_DOMAIN/HOSTNAMES are pinned to the per-run domain (callable EXTRA_ENV).
# - Mail ports (25/465/587/110/143/993/995) are published mode:host on the cc-ci host, so on-host
#   tests can reach SMTP/IMAP at 127.0.0.1.
# Smoke (mail-smoke deploy) showed the nginx front serves `/` → 301 (redirect to /webmail) once up;
# /admin briefly 502s during admin first-boot, so `/` is the stable readiness signal. (The
# create-mailbox test uses the admin-container `flask mailu` CLI, which bypasses HTTP entirely.)
HEALTH_PATH = "/"
HEALTH_OK = (200, 301, 302)
DEPLOY_TIMEOUT = 900
HTTP_TIMEOUT = 600


def EXTRA_ENV(domain):
    return {
        "MAIL_DOMAIN": domain,
        "HOSTNAMES": domain,
        "TRAEFIK_STACK_NAME": "traefik_ci_commoninternet_net",
        "TLS_FLAVOR": "notls",
        "SITENAME": "ccci-mail",
        "POSTMASTER": "admin",
    }