Convert from BoltDB to Maildir storage for emails

README.md

@@ -2,8 +2,9 @@
 
 ## What
 
-* SMTP + IMAP email, plus bundled HTTP webmail client
-* Devoted to the task of serving email for a single domain
+* Email!
+* Devoted to the task of being a vertically-integrated email solution for a single domain
+* SMTP+IMAP email, autodiscovery, and bundled HTTP(S) webmail client
 * Can get its own valid TLS certificates via LE, or use supplied ones
 * Built-in anti-spam & anti-virus measures
 * Built-in DKIM support
@@ -13,7 +14,7 @@
 * A "master" wildcard account (if desired)
 * Simple import from GMail, etc
 * Simple export to GMail, etc
-* Nice fast search
+* Nice, fast search
 * Interact with crockery with simple, natural-ish emails to do things
   * SMTP TLS verification - enabled by default
   * Try to email foo@shady.net - verification fails, email marked pending, fail in 7 days
@@ -24,6 +25,7 @@
     * Send just this email
     * Whitelist shady.net (pins certificate)
   * What other interactions might we like?
+  * Use HTTPS links instead of emails?
 
 ## What not
 
@@ -83,10 +85,32 @@ needs (25, 587, 149, 993) **without** running as root. Don't bother with it if
 you're going to be running crockery as root, e.g., as a container or a single-
 purpose system.
 
+You may also provide these capabilities via systemd by using lines like these in
+the `[Service]` definition:
+
+```ini
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+NoNewPrivileges=true
+```
+
+If you're doing this, you may also want to set:
+
+```ini
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
+ReadWriteDirectories=/var/lib/caddy
+```
+
+TODO: write up a .service file that can be dropped in
+
 ### Initialize a new database
 
 ```
-crockery init \
+$ crockery init \
   --domain <domain-name> \
   --cert <cert-file> \
   --key <key-file> \
@@ -96,13 +120,23 @@ crockery init \
 You can also provide the postmaster password in an environment variable:
 
 ```
-CROCKERY_POSTMASTER_PASSWORD="<password>" crockery init --domain <domain-name> ---cert <cert-file> --key <key-file>
+$ CROCKERY_POSTMASTER_PASSWORD="<password>" crockery init \
+  --domain <domain-name> \
+  --cert <cert-file> \
+  --key <key-file>
 ```
 
-You can provide a custom database name with `--db <filename>`:
+By default, crockery will initialize the current user's home directory. You can
+provide a custom directory to work with by specifying `--home`, e.g.:
 
 ```
-crockery --db foo.db init --domain <domain-name> ---cert <cert-file> --key <key-file>
+$ crockery \
+  --home <home-directory> \
+  init \
+  --domain <domain-name> \
+  --cert <cert-file> \
+  --key <key-file> \
+  --postmaster-password <password>
 ```
 
 ### Run the server
@@ -111,9 +145,10 @@ crockery --db foo.db init --domain <domain-name> ---cert <cert-file> --key <key-
 ./crockery run
 ```
 
-Again, you can use `--db <filename>` if the default of `./crockery.db` doesn't
-suit. Crockery will load the configuration from the database and begin serving
-mail based on it. Received emails are also stored in the same file.
+Again, you can use `--home <directory>` if the default of `$HOME` doesn't suit.
+Crockery will load the configuration from the database and begin serving mail
+based on it. Received emails are stored in a mailbox determined by the username,
+to be found in the `<home>/mailboxes` directory
 
 ### Configuration
 
@@ -124,7 +159,7 @@ apart from `init` as detailed above. Some ideas:
 
 ```
 $ crockery change x y z (domain, user password, etc)
-$ crockery reindex (throw away existing indexes, regenerate)
+$ crockery reindex [account] (throw away existing indexes, regenerate)
 $ crockery whitelist tls <domain> (allow the domain to be sent to with insecure/no TLS)
 $ crockery whitelist receipt <domain> (bypass antispam for this domain)
 $ crockery blacklist receipt <domain> (no emails to be permitted from this domain