wildduck: Clean up configs

This commit is contained in:
Lauri Võsandi 2023-08-27 20:24:36 +03:00
parent 40445c299d
commit 48567f0630
9 changed files with 46 additions and 12 deletions

1
wildduck/.gitignore vendored
View File

@ -1 +1,2 @@
dhparams.pem
secret.yml

View File

@ -22,3 +22,10 @@ The mail stack consists of several moving parts:
Outside Kubernetes there is NAT rule on the Mikrotik router
which rewrites source IP of any TCP port 25 headed traffic to
originate from the IP address of the mail exchange.
TODO: Figure out how to automate DH parameters generation:
```
openssl dhparam -out dhparams.pem 2048
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
```

View File

@ -11,7 +11,9 @@ data:
spf
clamd
rspamd
dkim_verify
wildduck
tls
rspamd.ini: |-
host = rspamd
port = 11333
@ -53,7 +55,7 @@ data:
"redis": process.env.REDIS_URI,
"mongo": {
"url": process.env.MONGO_URI,
"sender": "application"
"sender": "zone-mta",
},
"sender": {
"enabled": true,
@ -62,7 +64,7 @@ data:
"collection": "zone-queue"
},
"srs": {
"secret": "foobar"
"secret": process.env.SRS_SECRET
},
"attachments": {
"type": "gridstore",
@ -135,6 +137,11 @@ spec:
- mountPath: /cert
name: cert
env:
- name: SRS_SECRET
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: REDIS_URI
valueFrom:
secretKeyRef:
@ -152,6 +159,8 @@ spec:
- name: wildduck-haraka-config
projected:
sources:
- secret:
name: dhparams
- configMap:
name: haraka
- name: var-lib-haraka

View File

@ -13,9 +13,6 @@ spec:
selector:
app.kubernetes.io/name: wildduck
ports:
- port: 8080
name: wildduck-api
targetPort: wildduck-api
- port: 993
name: wildduck-mda
targetPort: wildduck-mda
@ -25,4 +22,3 @@ spec:
- port: 25
name: haraka-mta
targetPort: haraka-mta

10
wildduck/srs.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: srs
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"

View File

@ -24,7 +24,7 @@ spec:
- name: ALLOWED_GROUPS
value: k-space:friends,k-space:floor
- name: WILDDUCK_API_URL
value: http://mail2.k-space.ee:8080
value: http://wildduck-api:8080
- name: WILDDUCK_API_TOKEN
valueFrom:
secretKeyRef:

View File

@ -55,6 +55,14 @@ spec:
cpu: 10m
memory: 100Mi
env:
- name: APPCONF_emailDomain
value: k-space.ee
- name: APPCONF_log_level
value: info
- name: APPCONF_maxForwards
value: "2000"
- name: APPCONF_hostname
value: mail.k-space.ee
- name: APPCONF_tls_key
value: /cert/tls.key
- name: APPCONF_tls_cert

View File

@ -105,7 +105,7 @@ spec:
- name: NODE_ENV
value: prod
- name: WILDDUCK_URL
value: https://mail.k-space.ee
value: http://wildduck-api:8080
- name: WILDDUCK_TOKEN
valueFrom:
secretKeyRef:

View File

@ -16,9 +16,7 @@ data:
hostname="mail.k-space.ee"
authlogExpireDays=30
[wildduck.srs]
enabled=false
# SRS secret value. Must be the same as in the MX side
secret="................................"
enabled=true
rewriteDomain="k-space.ee"
zonemta.toml: |-
[log]
@ -57,7 +55,7 @@ spec:
spec:
containers:
- name: zonemta
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
imagePullPolicy: IfNotPresent
command:
- /sbin/tini
@ -83,6 +81,11 @@ spec:
cpu: 10m
memory: 500Mi
env:
- name: APPCONF_plugins_wildduck_srs_secret
valueFrom:
secretKeyRef:
name: srs
key: secret
- name: APPCONF_dbs_sender
value: zone-mta
- name: APPCONF_dbs_mongo