dos4dev/kube
1
0
Fork 0
forked from k-space/kube
Code Pull Requests Activity

wildduck: Clean up configs

Browse Source
This commit is contained in:
Lauri Võsandi 2023-08-27 20:24:36 +03:00
parent 40445c299d
commit 48567f0630
9 changed files with 46 additions and 12 deletions

1
wildduck/.gitignore vendored

@ -1 +1,2 @@
dhparams.pem
secret.yml

7
wildduck/README.md

@ -22,3 +22,10 @@ The mail stack consists of several moving parts:
Outside Kubernetes there is NAT rule on the Mikrotik router
which rewrites source IP of any TCP port 25 headed traffic to
originate from the IP address of the mail exchange.
TODO: Figure out how to automate DH parameters generation:
```
openssl dhparam -out dhparams.pem 2048
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
```

13
wildduck/haraka.yaml

@ -11,7 +11,9 @@ data:
spf
clamd
rspamd
dkim_verify
wildduck
tls
rspamd.ini: |-
host = rspamd
port = 11333
@ -53,7 +55,7 @@ data:
"redis": process.env.REDIS_URI,
"mongo": {
"url": process.env.MONGO_URI,
"sender": "application"
"sender": "zone-mta",
},
"sender": {
"enabled": true,
@ -62,7 +64,7 @@ data:
"collection": "zone-queue"
},
"srs": {
"secret": "foobar"
"secret": process.env.SRS_SECRET
},
"attachments": {
"type": "gridstore",
@ -135,6 +137,11 @@ spec:
- mountPath: /cert
name: cert
env:
- name: SRS_SECRET
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: REDIS_URI
valueFrom:
secretKeyRef:
@ -152,6 +159,8 @@ spec:
- name: wildduck-haraka-config
projected:
sources:
- secret:
name: dhparams
- configMap:
name: haraka
- name: var-lib-haraka

4
wildduck/loadbalancer.yaml

@ -13,9 +13,6 @@ spec:
selector:
app.kubernetes.io/name: wildduck
ports:
- port: 8080
name: wildduck-api
targetPort: wildduck-api
- port: 993
name: wildduck-mda
targetPort: wildduck-mda
@ -25,4 +22,3 @@ spec:
- port: 25
name: haraka-mta
targetPort: haraka-mta

10
wildduck/srs.yaml Normal file

@ -0,0 +1,10 @@
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: srs
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"

2
wildduck/wildduck-operator.yaml

@ -24,7 +24,7 @@ spec:
- name: ALLOWED_GROUPS
value: k-space:friends,k-space:floor
- name: WILDDUCK_API_URL
value: http://mail2.k-space.ee:8080
value: http://wildduck-api:8080
- name: WILDDUCK_API_TOKEN
valueFrom:
secretKeyRef:

8
wildduck/wildduck.yaml

@ -55,6 +55,14 @@ spec:
cpu: 10m
memory: 100Mi
env:
- name: APPCONF_emailDomain
value: k-space.ee
- name: APPCONF_log_level
value: info
- name: APPCONF_maxForwards
value: "2000"
- name: APPCONF_hostname
value: mail.k-space.ee
- name: APPCONF_tls_key
value: /cert/tls.key
- name: APPCONF_tls_cert

2
wildduck/wildflock.yaml

@ -105,7 +105,7 @@ spec:
- name: NODE_ENV
value: prod
- name: WILDDUCK_URL
value: https://mail.k-space.ee
value: http://wildduck-api:8080
- name: WILDDUCK_TOKEN
valueFrom:
secretKeyRef:

11
wildduck/zonemta.yaml

@ -16,9 +16,7 @@ data:
hostname="mail.k-space.ee"
authlogExpireDays=30
[wildduck.srs]
enabled=false
# SRS secret value. Must be the same as in the MX side
secret="................................"
enabled=true
rewriteDomain="k-space.ee"
zonemta.toml: |-
[log]
@ -57,7 +55,7 @@ spec:
spec:
containers:
- name: zonemta
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
imagePullPolicy: IfNotPresent
command:
- /sbin/tini
@ -83,6 +81,11 @@ spec:
cpu: 10m
memory: 500Mi
env:
- name: APPCONF_plugins_wildduck_srs_secret
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: APPCONF_dbs_sender
value: zone-mta
- name: APPCONF_dbs_mongo