237 task add blob storage to store the attachment of the emails

.gitignore

@@ -37,5 +37,9 @@ services/raven/
 services/silver-config
 silver-observability
 
+# Ignore SeaweedFS configuration with credentials
+services/seaweedfs/s3-config.json
+services/seaweedfs/.env
+
 # Ignore docker-compose override files
 services/docker-compose.override.yml

scripts/service/cleanup-docker.sh

@@ -34,11 +34,20 @@ fi
 
 # Step 1: Stop all containers using docker compose
 echo -e "\n${YELLOW}Step 1/3: Stopping Docker containers${NC}"
+echo "  - Stopping Silver mail services..."
 (cd "${SERVICES_DIR}" && docker compose down)
 if [ $? -eq 0 ]; then
-    echo -e "${GREEN}✓ Containers stopped successfully${NC}"
+    echo -e "${GREEN}  ✓ Silver services stopped successfully${NC}"
 else
-    echo -e "${RED}✗ Failed to stop containers${NC}"
+    echo -e "${RED}  ✗ Failed to stop Silver services${NC}"
+fi
+
+echo "  - Stopping SeaweedFS services..."
+(cd "${SERVICES_DIR}" && docker compose -f docker-compose.seaweedfs.yaml down)
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}  ✓ SeaweedFS services stopped successfully${NC}"
+else
+    echo -e "${RED}  ✗ Failed to stop SeaweedFS services${NC}"
 fi
 
 # Step 2: Remove all volumes

scripts/service/start-silver.sh

@@ -92,11 +92,38 @@ fi
 # ================================
 echo -e "\n${YELLOW}Step 3/4: Starting Docker services${NC}"
 
+# Check and setup SeaweedFS S3 configuration
+SEAWEEDFS_CONFIG="${SERVICES_DIR}/seaweedfs/s3-config.json"
+SEAWEEDFS_EXAMPLE="${SERVICES_DIR}/seaweedfs/s3-config.json.example"
+
+if [ ! -f "$SEAWEEDFS_CONFIG" ]; then
+	echo "  - SeaweedFS S3 configuration not found. Creating from example..."
+	if [ -f "$SEAWEEDFS_EXAMPLE" ]; then
+		cp "$SEAWEEDFS_EXAMPLE" "$SEAWEEDFS_CONFIG"
+		echo -e "${YELLOW}  ⚠ WARNING: Using example S3 credentials. Update ${SEAWEEDFS_CONFIG} with secure credentials!${NC}"
+	else
+		echo -e "${RED}✗ SeaweedFS example configuration not found at ${SEAWEEDFS_EXAMPLE}${NC}"
+		exit 1
+	fi
+fi
+
+# Start SeaweedFS services first
+echo "  - Starting SeaweedFS blob storage..."
+(cd "${SERVICES_DIR}" && docker compose -f docker-compose.seaweedfs.yaml up -d)
+if [ $? -ne 0 ]; then
+	echo -e "${RED}✗ SeaweedFS docker compose failed. Please check the logs.${NC}"
+	exit 1
+fi
+echo -e "${GREEN}  ✓ SeaweedFS services started${NC}"
+
+# Start main Silver mail services
+echo "  - Starting Silver mail services..."
 (cd "${SERVICES_DIR}" && docker compose up -d)
 if [ $? -ne 0 ]; then
 	echo -e "${RED}✗ Docker compose failed. Please check the logs.${NC}"
 	exit 1
 fi
+echo -e "${GREEN}  ✓ Silver mail services started${NC}"
 
 sleep 1 # Wait a bit for services to initialize
 

scripts/service/stop-silver.sh

@@ -6,4 +6,8 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 SERVICES_DIR="$(cd "${SCRIPT_DIR}/../../services" && pwd)"
 
 # Navigate to services directory and stop docker services
-(cd "${SERVICES_DIR}" && docker compose down)
+echo "Stopping Silver mail services..."
+(cd "${SERVICES_DIR}" && docker compose down)
+
+echo "Stopping SeaweedFS services..."
+(cd "${SERVICES_DIR}" && docker compose -f docker-compose.seaweedfs.yaml down)

scripts/utils/generate-seaweedfs-credentials.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# ============================================
+#  SeaweedFS S3 Credentials Generator
+# ============================================
+#  This script generates secure S3 credentials
+#  for SeaweedFS configuration
+# ============================================
+
+# Colors
+CYAN="\033[0;36m"
+GREEN="\033[0;32m"
+YELLOW="\033[1;33m"
+NC="\033[0m" # No Color
+
+echo -e "${CYAN}"
+echo "========================================="
+echo "  SeaweedFS S3 Credentials Generator"
+echo "========================================="
+echo -e "${NC}"
+
+# Check if openssl is available
+if ! command -v openssl &> /dev/null; then
+    echo -e "${YELLOW}⚠ Warning: openssl not found. Using basic random generation.${NC}"
+    ACCESS_KEY=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20)
+    SECRET_KEY=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
+else
+    # Generate secure random credentials
+    ACCESS_KEY=$(openssl rand -base64 32 | tr -d /=+ | cut -c -20)
+    SECRET_KEY=$(openssl rand -base64 32)
+fi
+
+echo ""
+echo -e "${GREEN}Generated Credentials:${NC}"
+echo "---------------------------------------------"
+echo "Access Key: ${ACCESS_KEY}"
+echo "Secret Key: ${SECRET_KEY}"
+echo "---------------------------------------------"
+echo ""
+
+# Get the script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SERVICES_DIR="$(cd "${SCRIPT_DIR}/../../services" && pwd)"
+CONFIG_FILE="${SERVICES_DIR}/seaweedfs/s3-config.json"
+EXAMPLE_FILE="${SERVICES_DIR}/seaweedfs/s3-config.json.example"
+ENV_FILE="${SERVICES_DIR}/seaweedfs/.env"
+ENV_EXAMPLE="${SERVICES_DIR}/seaweedfs/.env.example"
+
+echo "S3 Config file: ${CONFIG_FILE}"
+echo "Environment file: ${ENV_FILE}"
+echo ""
+
+# Ask if user wants to update the config files
+read -p "Do you want to update configuration files with these credentials? (y/n): " UPDATE_CONFIG
+
+if [[ "$UPDATE_CONFIG" == "y" || "$UPDATE_CONFIG" == "Y" ]]; then
+    # Create directory if it doesn't exist
+    mkdir -p "$(dirname "$CONFIG_FILE")"
+
+    # Create s3-config.json
+    cat > "$CONFIG_FILE" <<EOF
+{
+  "identities": [
+    {
+      "name": "raven",
+      "credentials": [
+        {
+          "accessKey": "${ACCESS_KEY}",
+          "secretKey": "${SECRET_KEY}"
+        }
+      ],
+      "actions": [
+        "Admin",
+        "Read",
+        "Write"
+      ]
+    }
+  ]
+}
+EOF
+
+    echo -e "${GREEN}✓ s3-config.json updated successfully!${NC}"
+
+    # Create .env file
+    cat > "$ENV_FILE" <<EOF
+# SeaweedFS S3 Configuration
+# NEVER commit this file to git!
+
+# S3 Access Credentials
+S3_ACCESS_KEY=${ACCESS_KEY}
+S3_SECRET_KEY=${SECRET_KEY}
+
+# S3 Endpoint Configuration
+S3_ENDPOINT=http://seaweedfs-s3:8333
+S3_REGION=us-east-1
+S3_BUCKET=email-attachments
+S3_TIMEOUT=30
+EOF
+
+    echo -e "${GREEN}✓ .env file created successfully!${NC}"
+    echo ""
+    echo -e "${YELLOW}Next steps:${NC}"
+    echo "1. Configuration files updated:"
+    echo "   - ${CONFIG_FILE}"
+    echo "   - ${ENV_FILE}"
+    echo "2. Restart SeaweedFS S3 service: docker restart seaweedfs-s3"
+    echo "3. Regenerate Raven configuration: cd services/config-scripts && ./gen-raven-conf.sh"
+    echo "4. Restart Raven service: docker restart raven"
+    echo "5. Store these credentials securely (e.g., password manager)"
+    echo ""
+    echo -e "${YELLOW}⚠ IMPORTANT: Both files are in .gitignore - never commit them to git!${NC}"
+else
+    echo "Configuration files not updated."
+    echo ""
+    echo "You can manually update:"
+    echo "1. ${CONFIG_FILE}"
+    echo "2. ${ENV_FILE}"
+    echo ""
+    echo "Or copy from examples:"
+    echo "  cp ${ENV_EXAMPLE} ${ENV_FILE}"
+    echo "  # Then edit with your credentials"
+fi
+
+echo ""
+echo -e "${CYAN}Done!${NC}"

services/config-scripts/gen-raven-conf.sh

@@ -13,13 +13,46 @@ GEN_DIR="${ROOT_DIR}/silver-config/raven" # Base path
 
 CONFIG_FILE="${ROOT_DIR}/../conf/silver.yaml"
 OUTPUT_FILE="${GEN_DIR}/conf/raven.yaml"
+DELIVERY_FILE="${GEN_DIR}/conf/delivery.yaml"
 MAILS_DB_PATH="${GEN_DIR}/data/databases/shared.db"
+SEAWEEDFS_ENV_FILE="${ROOT_DIR}/seaweedfs/.env"
+SEAWEEDFS_ENV_EXAMPLE="${ROOT_DIR}/seaweedfs/.env.example"
 
 # --- Extract primary (first) domain from silver.yaml ---
 # Look for the first domain entry under the domains list
 MAIL_DOMAIN=$(grep -m 1 '^\s*-\s*domain:' "$CONFIG_FILE" | sed 's/.*domain:\s*//' | xargs)
 MAIL_DOMAIN=${MAIL_DOMAIN:-example.local}
 
+# --- Load SeaweedFS credentials from .env file ---
+if [ -f "$SEAWEEDFS_ENV_FILE" ]; then
+	# Source the .env file
+	set -a  # automatically export all variables
+	source "$SEAWEEDFS_ENV_FILE"
+	set +a
+	echo "✅ Loaded SeaweedFS credentials from .env file"
+else
+	echo "⚠️  Warning: SeaweedFS .env file not found at $SEAWEEDFS_ENV_FILE"
+	if [ -f "$SEAWEEDFS_ENV_EXAMPLE" ]; then
+		echo "   Creating .env from .env.example..."
+		cp "$SEAWEEDFS_ENV_EXAMPLE" "$SEAWEEDFS_ENV_FILE"
+		set -a
+		source "$SEAWEEDFS_ENV_FILE"
+		set +a
+		echo "   ⚠️  Using example credentials. Please update $SEAWEEDFS_ENV_FILE with secure credentials!"
+	else
+		echo "   ❌ Error: .env.example not found. Using fail to prevent insecure defaults."
+		exit 1
+	fi
+fi
+
+# Set defaults if variables are not set
+S3_ACCESS_KEY=${S3_ACCESS_KEY:-raven}
+S3_SECRET_KEY=${S3_SECRET_KEY:-raven-secret}
+S3_ENDPOINT=${S3_ENDPOINT:-http://seaweedfs-s3:8333}
+S3_REGION=${S3_REGION:-us-east-1}
+S3_BUCKET=${S3_BUCKET:-email-attachments}
+S3_TIMEOUT=${S3_TIMEOUT:-30}
+
 # --- Certificate paths ---
 LETSENCRYPT_PATH="${ROOT_DIR}/silver-config/certbot/keys/etc/live/${MAIL_DOMAIN}"
 RAVEN_CERT_PATH="${ROOT_DIR}/silver-config/raven/certs"
@@ -31,10 +64,48 @@ mkdir -p "$(dirname "$OUTPUT_FILE")" "$(dirname "$MAILS_DB_PATH")" "$RAVEN_CERT_
 cat >"$OUTPUT_FILE" <<EOF
 domain: ${MAIL_DOMAIN}
 auth_server_url: https://thunder-server:8090/auth/credentials/authenticate
+
+# S3-Compatible Blob Storage Configuration
+blob_storage:
+  enabled: true
+  endpoint: "${S3_ENDPOINT}"
+  region: "${S3_REGION}"
+  bucket: "${S3_BUCKET}"
+  access_key: "${S3_ACCESS_KEY}"
+  secret_key: "${S3_SECRET_KEY}"
+  timeout: ${S3_TIMEOUT}  # seconds
 EOF
 
 echo "✅ Generated: $OUTPUT_FILE (domain: ${MAIL_DOMAIN})"
 
+if [ -f "$DELIVERY_FILE" ]; then
+	echo "ℹ️ Updating blob_storage section in delivery.yaml"
+
+	awk '
+	BEGIN { skip=0 }
+	/^blob_storage:/ { skip=1; next }
+	skip && /^[^[:space:]]/ { skip=0 }
+	!skip { print }
+	' "$DELIVERY_FILE" > "${DELIVERY_FILE}.tmp"
+
+	cat >> "${DELIVERY_FILE}.tmp" <<EOF
+
+blob_storage:
+  enabled: true
+  endpoint: "${S3_ENDPOINT}"
+  region: "${S3_REGION}"
+  bucket: "${S3_BUCKET}"
+  access_key: "${S3_ACCESS_KEY}"
+  secret_key: "${S3_SECRET_KEY}"
+  timeout: ${S3_TIMEOUT}
+EOF
+
+	mv "${DELIVERY_FILE}.tmp" "$DELIVERY_FILE"
+	echo "✅ blob_storage section updated in delivery.yaml"
+else
+	echo "⚠️ Warning: delivery.yaml not found at $DELIVERY_FILE"
+fi
+
 # --- Create shared.db if not exists ---
 if [ ! -f "$MAILS_DB_PATH" ]; then
 	touch "$MAILS_DB_PATH"

services/docker-compose.seaweedfs.yaml

@@ -0,0 +1,82 @@
+services:
+  master:
+    image: chrislusf/seaweedfs:latest
+    container_name: seaweedfs-master
+    ports:
+      - "9333:9333"
+      - "19333:19333"
+    command: "master -ip=master -ip.bind=0.0.0.0 -port=9333"
+    networks:
+      - seaweedfs-net
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:9333/cluster/status"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    restart: unless-stopped
+
+  volume:
+    image: chrislusf/seaweedfs:latest
+    container_name: seaweedfs-volume
+    ports:
+      - "8081:8080"
+      - "18081:18080"
+    command: 'volume -mserver="master:9333" -ip.bind=0.0.0.0 -port=8080 -max=10'
+    depends_on:
+      master:
+        condition: service_healthy
+    networks:
+      - seaweedfs-net
+    volumes:
+      - seaweedfs-volume:/data
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/status"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    restart: unless-stopped
+
+  filer:
+    image: chrislusf/seaweedfs:latest
+    container_name: seaweedfs-filer
+    ports:
+      - "8888:8888"
+      - "18888:18888"
+    command: 'filer -master="master:9333" -ip.bind=0.0.0.0'
+    depends_on:
+      master:
+        condition: service_healthy
+      volume:
+        condition: service_healthy
+    networks:
+      - seaweedfs-net
+    volumes:
+      - seaweedfs-filer:/data
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:8888/"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    restart: unless-stopped
+
+  s3:
+    image: chrislusf/seaweedfs:latest
+    container_name: seaweedfs-s3
+    ports:
+      - "8333:8333"
+    command: 's3 -filer="filer:8888" -ip.bind=0.0.0.0 -port=8333 -config=/etc/seaweedfs/s3.json'
+    depends_on:
+      filer:
+        condition: service_healthy
+    networks:
+      - seaweedfs-net
+    volumes:
+      - ./seaweedfs/s3-config.json:/etc/seaweedfs/s3.json:ro
+    restart: unless-stopped
+networks:
+  seaweedfs-net:
+    driver: bridge
+
+volumes:
+  seaweedfs-volume:
+  seaweedfs-filer:

services/docker-compose.yaml

@@ -36,7 +36,6 @@ services:
       - ./silver-config/raven/conf:/etc/raven:rw
       - ./silver-config/raven/data:/app/data:rw
       - ./silver-config/raven/certs:/certs:ro
-      - ./silver-config/raven/delivery.yaml:/etc/raven/delivery.yaml:ro
     environment:
       - DB_FILE=/app/data/databases/shared.db
     networks: