Issues / #127
maddy on the hub crashloops with 'at least one endpoint should be configured'
open
bug
Project: nimsforest
Reporter:
11 May 2026 19:27
Description
Tracked from #123 followup. The maddy mail server container in `sharedRole()` crashes on startup with `at least one endpoint should be configured` because the file at `/opt/maddy/maddy.conf` on land-shared-one is empty/missing/malformed.
Root cause: `landconfigregistry/internal/store/seed.go` declares the volume mount `/opt/maddy/maddy.conf:/data/maddy.conf:ro` and the env vars (`MADDY_HOSTNAME`, `MADDY_DOMAIN`) but **never adds a `Configs["maddy"]` entry** to render the actual maddy.conf. The file must currently be placed out-of-band by an operator and isn't reconciled.
A reference template exists locally at `/home/claude-user/maddy.conf` (147 lines, valid endpoints).
## Fix
In `landconfigregistry/internal/store/seed.go sharedRole()` Configs map, add:
```go
Configs: map[string]string{
...
"maddy": `<contents of /home/claude-user/maddy.conf, with template variables for hostname/domain>`,
}
```
Verify before shipping:
1. The landconfigregistry render endpoint writes Configs entries to the expected path. The existing `nimsforest` entry suggests it writes to `/opt/<key>/config.yaml`; maddy needs `/opt/maddy/maddy.conf` — different filename. May require a small render-path tweak or a different convention for non-config.yaml files.
2. No secrets in the template — quick scan of the reference shows TLS file paths, SQLite DBs, env-var interpolation for hostname/domain. Safe to seed.
3. The existing on-disk file (if any) shouldn't be silently overwritten without operator awareness.
Low-priority because maddy is not on the bringup path. Separated from #123 to keep that issue focused.
Root cause: `landconfigregistry/internal/store/seed.go` declares the volume mount `/opt/maddy/maddy.conf:/data/maddy.conf:ro` and the env vars (`MADDY_HOSTNAME`, `MADDY_DOMAIN`) but **never adds a `Configs["maddy"]` entry** to render the actual maddy.conf. The file must currently be placed out-of-band by an operator and isn't reconciled.
A reference template exists locally at `/home/claude-user/maddy.conf` (147 lines, valid endpoints).
## Fix
In `landconfigregistry/internal/store/seed.go sharedRole()` Configs map, add:
```go
Configs: map[string]string{
...
"maddy": `<contents of /home/claude-user/maddy.conf, with template variables for hostname/domain>`,
}
```
Verify before shipping:
1. The landconfigregistry render endpoint writes Configs entries to the expected path. The existing `nimsforest` entry suggests it writes to `/opt/<key>/config.yaml`; maddy needs `/opt/maddy/maddy.conf` — different filename. May require a small render-path tweak or a different convention for non-config.yaml files.
2. No secrets in the template — quick scan of the reference shows TLS file paths, SQLite DBs, env-var interpolation for hostname/domain. Safe to seed.
3. The existing on-disk file (if any) shouldn't be silently overwritten without operator awareness.
Low-priority because maddy is not on the bringup path. Separated from #123 to keep that issue focused.