dos4dev/kube
1
0
Fork 0
forked from k-space/kube
Code Pull Requests Activity

Migrate the rest of Wildduck stack

Browse Source
This commit is contained in:
Lauri Võsandi
2023-08-24 19:53:07 +03:00
parent b98f173441
commit 0ed3010fed
9 changed files with 516 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
wildduck/haraka.yaml Normal file
View File

@@ -0,0 +1,167 @@
---
apiVersion: codemowers.cloud/v1beta1
kind: RedisClaim
metadata:
name: haraka
spec:
class: ephemeral
capacity: 100Mi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: haraka
data:
loglevel: info
plugin_timeout: "180"
queue_dir: /var/lib/haraka/queue
plugins: |-
spf
clamd
rspamd
wildduck
rspamd.ini: |-
host = rspamd
port = 11333
add_headers = always
timeout = 30
[dkim]
enabled = true
[header]
bar = X-Rspamd-Bar
report = X-Rspamd-Report
score = X-Rspamd-Score
spam = X-Rspamd-Spam
[check]
authenticated = true
private_ip = true
[reject]
spam = false
[soft_reject]
enabled = true
[rmilter_headers]
enabled = true
[spambar]
positive = +
negative = -
neutral = /
clamd.ini: |-
clamd_socket = clamav:3310
[reject]
virus=true
error=false
smtp.ini: |-
listen=0.0.0.0:2525
nodes=1
tls.ini: |-
key=/cert/tls.key
cert=/cert/tls.crt
wildduck.js: |-
module.exports = {
"redis": process.env.REDIS_URI,
"mongo": {
"url": process.env.MONGO_URI,
"sender": "application"
},
"sender": {
"enabled": true,
"zone": "default",
"gfs": "mail",
"collection": "zone-queue"
},
"srs": {
"secret": "foobar"
},
"attachments": {
"type": "gridstore",
"bucket": "attachments",
"decodeBase64": true
},
"log": {
"authlogExpireDays": 30
},
"limits": {
"windowSize": 3600,
"rcptIp": 100,
"rcptWindowSize": 60,
"rcpt": 60
},
"gelf": {
"enabled": false
},
"rspamd": {
"forwardSkip": 10,
"blacklist": [
"DMARC_POLICY_REJECT"
],
"softlist": [
"RBL_ZONE"
],
"responses": {
"DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy",
"RBL_ZONE": "[{host}] was found from Zone RBL"
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haraka
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: haraka
template:
metadata:
labels:
app.kubernetes.io/name: wildduck
app.kubernetes.io/component: haraka
spec:
containers:
- name: haraka
image: docker.io/codemowers/wildduck-haraka-inbound:latest@sha256:a130cc6a60ab2a47cb5971355ed2474136254613b4b8bd30aeabc6e123695ea3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 2525
name: haraka-mta
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
volumeMounts:
- name: wildduck-haraka-config
mountPath: /etc/haraka
readOnly: true
- name: wildduck-haraka-config
mountPath: /etc/haraka/config
readOnly: true
- name: var-lib-haraka
mountPath: /var/lib/haraka
- mountPath: /cert
name: cert
env:
- name: REDIS_URI
valueFrom:
secretKeyRef:
name: redis-wildduck-owner-secrets
key: REDIS_MASTER_0_URI
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: wildduck
key: MONGO_URI
volumes:
- name: cert
secret:
secretName: wildduck-tls
- name: wildduck-haraka-config
projected:
sources:
- configMap:
name: haraka
- name: var-lib-haraka
emptyDir:
sizeLimit: 500Mi