Stalwart Mail Server on Cloudron - Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)

I'm experimenting with packaging this. Please help me test it: https://git.due.ren/andreas/stalwart-cloudron/-/raw/main/CloudronVersions.json?ref_type=heads

@umnz on my cloudron. Not even behind cloudflare. Not sure why it won't work for you.

@timconsidine Thanks but I had packaged it a while ago as a test but never published it.

@umnz Here you go: https://git.due.ren/andreas/hermes-cloudron/-/raw/main/CloudronVersions.json?ref_type=heads

@timconsidine I used nanoclaw but switched to Hermes when Claude closed down the subscription. Thinking about going back to nanoclaw though since they added more auth options besides Claude.

@ekevu123 Cool app, toying with it right now. One observation:

• when trying to connect to my nextcloud calendar, it connects and recognizes the different calendars but when I press Add integration, it returns Base url Must be a valid HTTP or HTTPS URL (e.g., https://example.com) nonetheless.

CI/CD fires now on the 1st of each month.

@jdaviescoates said:

this thread is about OpenClaw

Obviously, but it sounded your concerns were about community apps not OpenClaw in specific. I'll set up monthly updates then

Absolutely lame.

https://x.com/pumfleet/status/2044406553508274554?s=20

Oh well, we had a good run.

@jdaviescoates maybe. But honestly I’ve been running Ente fully automatically updated with CI/CD for a year? now and never had any issues whatsoever.

@timconsidine Nope. That was before those existed. Is anyone using this package? If so I'll udpdate and set up CI/CD

@creative567145 @robi What's the preference here? My original CI/CD was set up before the community apps existed so that's why there haven't been any proper package updates. I'm happy to set up the proper pipeline, but I need to know how people want me to set this up. Should I build daily? Weekly?

I'm not actually using openclaw. I had switched to nano claw early on and am now using Hermes agent. So I can't test this before pushing updates.

@JLX89 updated to include the Tailscale CLI + daemon installed in the Docker image

To use it, add to /app/data/.env:

TS_AUTHKEY=tskey-auth-...
TS_HOSTNAME=openclaw

@creative567145 added the SEARXNG_URL= as well env

@creative567145 I have added these to the package. However I can't test them so please leave feedback here if something isn't working.

@Joseph Sorry about that, just updated the package. It's now here: https://git.due.ren/andreas/ente-cloudron/-/raw/main/CloudronVersions.json

@Joseph Sure! Did you already add the ente package?

@robi These were patches made to the openclaw package. I'd say best is you guys test what you are trying to do then we can make all moving parts work

I think it works now. Too slow on CPU so can't actually test it without waiting ages. Ollama will only work with a model that supports tool use, so no tinyllama.

1. Node.js version override

Cloudron base image ships Node 22.14, OpenClaw requires 22.16+. We symlink /usr/local/node-22.14.0/bin/node → /usr/bin/node (NodeSource 22.22) so both the gateway
and openclaw CLI use the correct version.

2. Gateway config for reverse proxy

OpenClaw doesn't expect to run behind a proxy by default. start.sh creates /app/data/config/openclaw.json on first run with:

• gateway.mode: "local" — skips pairing requirement
• gateway.trustedProxies: ["172.18.0.0/16"] — trusts Cloudron's Docker network
• gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback: true — allows web UI behind Cloudron's reverse proxy
• gateway.controlUi.dangerouslyDisableDeviceAuth: true — skips device pairing for web UI

3. Ollama auth proxy

OpenClaw's Ollama model discovery (/api/tags) doesn't send auth headers. Cloudron's Ollama package requires Bearer token auth. start.sh starts a Node.js HTTP proxy on localhost:11434 that:

• Intercepts all requests to Ollama
• Injects Authorization: Bearer <OLLAMA_API_KEY> header
• Forwards to the real OLLAMA_BASE_URL
• Overrides OLLAMA_BASE_URL to http://127.0.0.1:11434 so OpenClaw talks to the proxy

Activated when both OLLAMA_API_KEY and OLLAMA_BASE_URL are set in /app/data/.env.

4. Auth auto-provisioning

start.sh auto-creates /app/data/agents/main/agent/auth-profiles.json from:

• CLAUDE_SETUP_TOKEN → type: "token" profile
• ANTHROPIC_API_KEY → type: "api_key" profile

Not sure if this is actually valuable for anyone but it should work.

actually looks a bit more complicated and that ollama won't let openclaw do model discovery without api key… I'll have to look more into this