wildduck: Clean up configs

This commit is contained in:
Lauri Võsandi 2023-08-27 20:24:36 +03:00
parent 40445c299d
commit 48567f0630
9 changed files with 46 additions and 12 deletions

1
wildduck/.gitignore vendored
View File

@ -1 +1,2 @@
dhparams.pem
secret.yml secret.yml

View File

@ -22,3 +22,10 @@ The mail stack consists of several moving parts:
Outside Kubernetes there is NAT rule on the Mikrotik router Outside Kubernetes there is NAT rule on the Mikrotik router
which rewrites source IP of any TCP port 25 headed traffic to which rewrites source IP of any TCP port 25 headed traffic to
originate from the IP address of the mail exchange. originate from the IP address of the mail exchange.
TODO: Figure out how to automate DH parameters generation:
```
openssl dhparam -out dhparams.pem 2048
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
```

View File

@ -11,7 +11,9 @@ data:
spf spf
clamd clamd
rspamd rspamd
dkim_verify
wildduck wildduck
tls
rspamd.ini: |- rspamd.ini: |-
host = rspamd host = rspamd
port = 11333 port = 11333
@ -53,7 +55,7 @@ data:
"redis": process.env.REDIS_URI, "redis": process.env.REDIS_URI,
"mongo": { "mongo": {
"url": process.env.MONGO_URI, "url": process.env.MONGO_URI,
"sender": "application" "sender": "zone-mta",
}, },
"sender": { "sender": {
"enabled": true, "enabled": true,
@ -62,7 +64,7 @@ data:
"collection": "zone-queue" "collection": "zone-queue"
}, },
"srs": { "srs": {
"secret": "foobar" "secret": process.env.SRS_SECRET
}, },
"attachments": { "attachments": {
"type": "gridstore", "type": "gridstore",
@ -135,6 +137,11 @@ spec:
- mountPath: /cert - mountPath: /cert
name: cert name: cert
env: env:
- name: SRS_SECRET
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: REDIS_URI - name: REDIS_URI
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -152,6 +159,8 @@ spec:
- name: wildduck-haraka-config - name: wildduck-haraka-config
projected: projected:
sources: sources:
- secret:
name: dhparams
- configMap: - configMap:
name: haraka name: haraka
- name: var-lib-haraka - name: var-lib-haraka

View File

@ -13,9 +13,6 @@ spec:
selector: selector:
app.kubernetes.io/name: wildduck app.kubernetes.io/name: wildduck
ports: ports:
- port: 8080
name: wildduck-api
targetPort: wildduck-api
- port: 993 - port: 993
name: wildduck-mda name: wildduck-mda
targetPort: wildduck-mda targetPort: wildduck-mda
@ -25,4 +22,3 @@ spec:
- port: 25 - port: 25
name: haraka-mta name: haraka-mta
targetPort: haraka-mta targetPort: haraka-mta

10
wildduck/srs.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: srs
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"

View File

@ -24,7 +24,7 @@ spec:
- name: ALLOWED_GROUPS - name: ALLOWED_GROUPS
value: k-space:friends,k-space:floor value: k-space:friends,k-space:floor
- name: WILDDUCK_API_URL - name: WILDDUCK_API_URL
value: http://mail2.k-space.ee:8080 value: http://wildduck-api:8080
- name: WILDDUCK_API_TOKEN - name: WILDDUCK_API_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

View File

@ -55,6 +55,14 @@ spec:
cpu: 10m cpu: 10m
memory: 100Mi memory: 100Mi
env: env:
- name: APPCONF_emailDomain
value: k-space.ee
- name: APPCONF_log_level
value: info
- name: APPCONF_maxForwards
value: "2000"
- name: APPCONF_hostname
value: mail.k-space.ee
- name: APPCONF_tls_key - name: APPCONF_tls_key
value: /cert/tls.key value: /cert/tls.key
- name: APPCONF_tls_cert - name: APPCONF_tls_cert

View File

@ -105,7 +105,7 @@ spec:
- name: NODE_ENV - name: NODE_ENV
value: prod value: prod
- name: WILDDUCK_URL - name: WILDDUCK_URL
value: https://mail.k-space.ee value: http://wildduck-api:8080
- name: WILDDUCK_TOKEN - name: WILDDUCK_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

View File

@ -16,9 +16,7 @@ data:
hostname="mail.k-space.ee" hostname="mail.k-space.ee"
authlogExpireDays=30 authlogExpireDays=30
[wildduck.srs] [wildduck.srs]
enabled=false enabled=true
# SRS secret value. Must be the same as in the MX side
secret="................................"
rewriteDomain="k-space.ee" rewriteDomain="k-space.ee"
zonemta.toml: |- zonemta.toml: |-
[log] [log]
@ -57,7 +55,7 @@ spec:
spec: spec:
containers: containers:
- name: zonemta - name: zonemta
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49 image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- /sbin/tini - /sbin/tini
@ -83,6 +81,11 @@ spec:
cpu: 10m cpu: 10m
memory: 500Mi memory: 500Mi
env: env:
- name: APPCONF_plugins_wildduck_srs_secret
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: APPCONF_dbs_sender - name: APPCONF_dbs_sender
value: zone-mta value: zone-mta
- name: APPCONF_dbs_mongo - name: APPCONF_dbs_mongo