When ensureCertificate renews the cert, the filename will match the
nginx config cert file. The current code detects that this implies
that the cert has not changed and thus does not update mail container.
Move the notification into ensureCertificate() itself. If we have a wildcard
cert and it gets renewed when installing a new app, then mail container will
still get it.
we had a generic ssh key management api. this was causing issues because
the ssh format is more complicated than what we had implemented. currently,
the only use case we have is to add our ssh key.
Fixes#600
Our current setup had a mailbox allocated for an app during app
install (into the mailboxes table). This has many issues:
* When set to a custom mailbox location, there was no way to access
this mailbox even via IMAP. Even when using app credentials, we
cannot use IMAP since the ldap logic was testing on the addon type
(most of our apps only use sendmail addon and thus cannot recvmail).
* The mailboxes table was being used to add hidden 'app' type entries.
This made it very hard for the user to understand why a mailbox conflicts.
For example, if you set an app to use custom mailbox 'blog', this is
hidden from all views.
The solution is to let an app send email as whatever mailbox name is
allocated to it (which we now track in the apps table. the default is in the
db already so that REST response contains it). When not using
Cloudron email, it will just send mail as that mailbox and the auth
checks the "app password" in the addons table. Any replies to that
mailbox will end up in the domain's mail server (not our problem).
When using cloudron email, the app can send mail like above. Any responses
will not end anywhere and bounce since there is no 'mailbox'. This is the
expected behavior. If user wants to access this mailbox name, he can
create a concrete mailbox and set himself as owner OR set this as
an alias.
For apps using the recvmail addon, the workflow is to actually create
a mailbox at some point. Currently, we have no UI for this 'flow'.
It's fine because we have only meemo using it.
Intuitive much!
