Docker Compose Groupware improvements

* made a few changes in order to further simplify the setup for
   developers of the Groupware backend

 * add STALWART_DOMAIN to deployments/examples/opencloud_full/.env

 * adapt the Stalwart configuration file to not set server.hostname and,
   instead, pick it up from /etc/hostname, which is set by Docker
   Compose as we can use default values for STALWART_DOMAIN there, in an
   analogous fashion to the other containers in that project

 * add config/keycloak/clients/groupware.json to avoid requiring manual
   configuration of Keycloak via the admin web UI

 * Stalwart container:
   - listen for SMTPS on :1465
   - remove the stalwart-logs volume, not needed (logs are going to
     stdout)

 * updated services/groupware/DEVELOPER.md:
   - refer to a variable OCDIR to make instructions more copy-pasteable
   - remove manual Keycloak configuration section as it is now obsolete,
     replaced by provisioning a configuration file instead

devtools/deployments/opencloud_full/.env

@@ -308,6 +308,9 @@ KEYCLOAK_ADMIN_PASSWORD=
 ### Stalwart Settings ###
 # Note: the leading colon is required to enable the service.
 #STALWART=:stalwart.yml
+# Domain of Stalwart
+# Defaults to "stalwart.opencloud.test"
+STALWART_DOMAIN=
 
 ## IMPORTANT ##
 # This MUST be the last line as it assembles the supplemental compose files to be used.

devtools/deployments/opencloud_full/config/keycloak/clients/groupware.json

@@ -0,0 +1,58 @@
+{
+  "clientId": "groupware",
+  "name": "OpenCloud Groupware",
+  "description": "Used for authenticating automated HTTP clients of the OpenCloud Groupware API",
+  "rootUrl": "",
+  "adminUrl": "",
+  "baseUrl": "",
+  "surrogateAuthRequired": false,
+  "enabled": true,
+  "alwaysDisplayInConsole": false,
+  "clientAuthenticatorType": "client-secret",
+  "redirectUris": [
+    "/*"
+  ],
+  "webOrigins": [
+    "/*"
+  ],
+  "notBefore": 0,
+  "bearerOnly": false,
+  "consentRequired": false,
+  "standardFlowEnabled": true,
+  "implicitFlowEnabled": false,
+  "directAccessGrantsEnabled": true,
+  "serviceAccountsEnabled": false,
+  "publicClient": true,
+  "frontchannelLogout": true,
+  "protocol": "openid-connect",
+  "attributes": {
+    "oidc.ciba.grant.enabled": "false",
+    "backchannel.logout.session.required": "true",
+    "oauth2.device.authorization.grant.enabled": "false",
+    "backchannel.logout.revoke.offline.tokens": "false"
+  },
+  "authenticationFlowBindingOverrides": {},
+  "fullScopeAllowed": true,
+  "nodeReRegistrationTimeout": -1,
+  "defaultClientScopes": [
+    "web-origins",
+    "acr",
+    "profile",
+    "roles",
+    "groups",
+    "OpenCloudUnique_ID",
+    "basic",
+    "email"
+  ],
+  "optionalClientScopes": [
+    "address",
+    "phone",
+    "offline_access",
+    "microprofile-jwt"
+  ],
+  "access": {
+    "view": true,
+    "configure": true,
+    "manage": true
+  }
+}

devtools/deployments/opencloud_full/config/stalwart/config.toml

@@ -38,7 +38,6 @@ directory.ldap.url = "ldap://ldap-server:1389"
 metrics.prometheus.auth.secret = "secret"
 metrics.prometheus.auth.username = "metrics"
 metrics.prometheus.enable = true
-server.hostname = "stalwart.opencloud.test"
 http.allowed-endpoint = 200
 http.hsts = true
 http.permissive-cors = false

devtools/deployments/opencloud_full/stalwart.yml

@@ -8,16 +8,17 @@ services:
 
   stalwart:
     image: ghcr.io/stalwartlabs/stalwart:v0.13.2-alpine
+    hostname: ${STALWART_DOMAIN:-stalwart.opencloud.test}
     networks:
       - opencloud-net
     ports:
       - "127.0.0.1:143:143"
       - "127.0.0.1:993:993"
+      - "127.0.0.1:1465:465"
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ./config/stalwart:/opt/stalwart/etc
       - stalwart-data:/opt/stalwart/data
-      - stalwart-logs:/opt/stalwart/logs
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.stalwart.entrypoints=https"
@@ -31,7 +32,6 @@ services:
 
 volumes:
   stalwart-data:
-  stalwart-logs:
 
 networks:
   opencloud-net: