diff --git a/ct/protonmail-bridge.sh b/ct/protonmail-bridge.sh new file mode 100644 index 000000000..3bcf518ca --- /dev/null +++ b/ct/protonmail-bridge.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Stephen Chin (steveonjava) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/ProtonMail/proton-bridge + +APP="ProtonMail-Bridge" +var_tags="${var_tags:-mail;proton}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-1024}" +var_disk="${var_disk:-8}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -x /usr/bin/protonmail-bridge ]]; then + msg_error "No ${APP} Installation Found!" + exit 1 + fi + + if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then + local -a bridge_units=( + protonmail-bridge + protonmail-bridge-imap.socket + protonmail-bridge-smtp.socket + protonmail-bridge-imap-proxy + protonmail-bridge-smtp-proxy + ) + local unit + declare -A was_active + for unit in "${bridge_units[@]}"; do + if systemctl is-active --quiet "$unit" 2>/dev/null; then + was_active["$unit"]=1 + else + was_active["$unit"]=0 + fi + done + + msg_info "Stopping Services" + systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge + msg_ok "Stopped Services" + + fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary" + + if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then + msg_info "Starting Services" + for unit in "${bridge_units[@]}"; do + if [[ "${was_active[$unit]:-0}" == "1" ]]; then + systemctl start "$unit" + fi + done + msg_ok "Started Services" + else + msg_ok "Initialization not completed. Services remain disabled." + fi + msg_ok "Updated successfully!" + fi + exit +} + +start +build_container +description + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}" +echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}" diff --git a/frontend/public/json/protonmail-bridge.json b/frontend/public/json/protonmail-bridge.json new file mode 100644 index 000000000..51847b26f --- /dev/null +++ b/frontend/public/json/protonmail-bridge.json @@ -0,0 +1,48 @@ +{ + "name": "Proton Mail Bridge", + "slug": "protonmail-bridge", + "categories": [ + 18 + ], + "date_created": "2026-02-22", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": null, + "documentation": "https://proton.me/support/bridge-cli-guide", + "website": "https://proton.me/mail/bridge", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/proton-mail.webp", + "config_path": "", + "description": "Proton Mail Bridge runs a local IMAP/SMTP service that lets traditional mail clients access a Proton mailbox. This LXC runs Bridge headless and forwards IMAP/SMTP to the LAN using systemd socket activation (systemd-socket-proxyd).", + "install_methods": [ + { + "type": "default", + "script": "ct/protonmail-bridge.sh", + "resources": { + "cpu": 2, + "ram": 1024, + "hdd": 8, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "After install, run protonmailbridge-configure inside the container for first-time setup.", + "type": "info" + }, + { + "text": "LAN forwarding (container IP): IMAP 143 -> 127.0.0.1:1143, SMTP 587 -> 127.0.0.1:1025.", + "type": "info" + }, + { + "text": "You can later use protonmailbridge-configure to temporarily stop the service and enter the Bridge CLI.", + "type": "info" + } + ] +} diff --git a/install/protonmail-bridge-install.sh b/install/protonmail-bridge-install.sh new file mode 100644 index 000000000..baba5dfe0 --- /dev/null +++ b/install/protonmail-bridge-install.sh @@ -0,0 +1,192 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Stephen Chin (steveonjava) +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/ProtonMail/proton-bridge + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y pass +msg_ok "Installed Dependencies" + +msg_info "Creating Service User" +useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge +install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge +msg_ok "Created Service User" + +fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary" + +msg_info "Creating Services" +cat </etc/systemd/system/protonmail-bridge.service +[Unit] +Description=Proton Mail Bridge (noninteractive) +After=network-online.target +Wants=network-online.target +ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized + +[Service] +Type=simple +User=protonbridge +Group=protonbridge +WorkingDirectory=/home/protonbridge +Environment=HOME=/home/protonbridge +ExecStart=/usr/bin/protonmail-bridge --noninteractive +Restart=always +RestartSec=3 +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=full +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes + +[Install] +WantedBy=multi-user.target +EOF +cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket +[Unit] +Description=Proton Mail Bridge IMAP Socket (143) +ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized + +[Socket] +ListenStream=143 +Accept=no +Service=protonmail-bridge-imap-proxy.service + +[Install] +WantedBy=sockets.target +EOF +cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service +[Unit] +Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143) +After=protonmail-bridge.service +Requires=protonmail-bridge.service +ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized + +[Service] +Type=simple +Sockets=protonmail-bridge-imap.socket +ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143 +NoNewPrivileges=yes +PrivateTmp=yes +EOF +cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket +[Unit] +Description=Proton Mail Bridge SMTP Socket (587) +ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized + +[Socket] +ListenStream=587 +Accept=no +Service=protonmail-bridge-smtp-proxy.service + +[Install] +WantedBy=sockets.target +EOF +cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service +[Unit] +Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025) +After=protonmail-bridge.service +Requires=protonmail-bridge.service +ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized + +[Service] +Type=simple +Sockets=protonmail-bridge-smtp.socket +ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025 +NoNewPrivileges=yes +PrivateTmp=yes +EOF +msg_ok "Created Services" + +msg_info "Creating Helper Commands" + +cat <<'EOF' >/usr/local/bin/protonmailbridge-configure +#!/usr/bin/env bash +set -euo pipefail + +BRIDGE_USER="protonbridge" +BRIDGE_HOME="/home/${BRIDGE_USER}" +GNUPG_HOME="${BRIDGE_HOME}/.gnupg" +MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized" + +FIRST_TIME=0 +if [[ ! -f "${MARKER}" ]]; then + FIRST_TIME=1 +fi + +# Stop sockets/proxies/bridge daemon before configuration +systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket +systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge + +if [[ "${FIRST_TIME}" == "1" ]]; then + echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)." + + install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}" + + FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ + gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')" + + if [[ -z "${FPR}" ]]; then + runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ + gpg --batch --pinentry-mode loopback --passphrase '' \ + --quick-gen-key 'ProtonMail Bridge' default default never + + FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ + gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')" + fi + + if [[ -z "${FPR}" ]]; then + echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2 + exit 1 + fi + + runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ + pass init "${FPR}" + + echo + echo "To do initial configuration of the Proton Mail Bridge:" + echo "Run: login" + echo "Run: info" + echo "Run: exit" + echo +else + echo + echo "Launching Proton Mail Bridge CLI for configuration." + echo "External access is disabled until you exit." + echo "Run: exit" + echo +fi + +runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \ + protonmail-bridge -c + +if [[ "${FIRST_TIME}" == "1" ]]; then + touch "${MARKER}" + chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}" + chmod 0644 "${MARKER}" +fi + +systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket + +if [[ "${FIRST_TIME}" == "1" ]]; then + echo "Initialization complete. Services enabled and started." +else + echo "Configuration complete. Services enabled and started." +fi +EOF +chmod +x /usr/local/bin/protonmailbridge-configure +ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure +msg_ok "Created Helper Commands" + +motd_ssh +customize +cleanup_lxc