forked from k-space/kube
wildduck: Clean up configs
This commit is contained in:
parent
40445c299d
commit
48567f0630
1
wildduck/.gitignore
vendored
1
wildduck/.gitignore
vendored
@ -1 +1,2 @@
|
||||
dhparams.pem
|
||||
secret.yml
|
||||
|
@ -22,3 +22,10 @@ The mail stack consists of several moving parts:
|
||||
Outside Kubernetes there is NAT rule on the Mikrotik router
|
||||
which rewrites source IP of any TCP port 25 headed traffic to
|
||||
originate from the IP address of the mail exchange.
|
||||
|
||||
TODO: Figure out how to automate DH parameters generation:
|
||||
|
||||
```
|
||||
openssl dhparam -out dhparams.pem 2048
|
||||
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
|
||||
```
|
||||
|
@ -11,7 +11,9 @@ data:
|
||||
spf
|
||||
clamd
|
||||
rspamd
|
||||
dkim_verify
|
||||
wildduck
|
||||
tls
|
||||
rspamd.ini: |-
|
||||
host = rspamd
|
||||
port = 11333
|
||||
@ -53,7 +55,7 @@ data:
|
||||
"redis": process.env.REDIS_URI,
|
||||
"mongo": {
|
||||
"url": process.env.MONGO_URI,
|
||||
"sender": "application"
|
||||
"sender": "zone-mta",
|
||||
},
|
||||
"sender": {
|
||||
"enabled": true,
|
||||
@ -62,7 +64,7 @@ data:
|
||||
"collection": "zone-queue"
|
||||
},
|
||||
"srs": {
|
||||
"secret": "foobar"
|
||||
"secret": process.env.SRS_SECRET
|
||||
},
|
||||
"attachments": {
|
||||
"type": "gridstore",
|
||||
@ -135,6 +137,11 @@ spec:
|
||||
- mountPath: /cert
|
||||
name: cert
|
||||
env:
|
||||
- name: SRS_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: srs
|
||||
key: secret
|
||||
- name: REDIS_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -152,6 +159,8 @@ spec:
|
||||
- name: wildduck-haraka-config
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: dhparams
|
||||
- configMap:
|
||||
name: haraka
|
||||
- name: var-lib-haraka
|
||||
|
@ -13,9 +13,6 @@ spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: wildduck
|
||||
ports:
|
||||
- port: 8080
|
||||
name: wildduck-api
|
||||
targetPort: wildduck-api
|
||||
- port: 993
|
||||
name: wildduck-mda
|
||||
targetPort: wildduck-mda
|
||||
@ -25,4 +22,3 @@ spec:
|
||||
- port: 25
|
||||
name: haraka-mta
|
||||
targetPort: haraka-mta
|
||||
|
||||
|
10
wildduck/srs.yaml
Normal file
10
wildduck/srs.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: srs
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: secret
|
||||
value: "%(plaintext)s"
|
@ -24,7 +24,7 @@ spec:
|
||||
- name: ALLOWED_GROUPS
|
||||
value: k-space:friends,k-space:floor
|
||||
- name: WILDDUCK_API_URL
|
||||
value: http://mail2.k-space.ee:8080
|
||||
value: http://wildduck-api:8080
|
||||
- name: WILDDUCK_API_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
@ -55,6 +55,14 @@ spec:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
env:
|
||||
- name: APPCONF_emailDomain
|
||||
value: k-space.ee
|
||||
- name: APPCONF_log_level
|
||||
value: info
|
||||
- name: APPCONF_maxForwards
|
||||
value: "2000"
|
||||
- name: APPCONF_hostname
|
||||
value: mail.k-space.ee
|
||||
- name: APPCONF_tls_key
|
||||
value: /cert/tls.key
|
||||
- name: APPCONF_tls_cert
|
||||
|
@ -105,7 +105,7 @@ spec:
|
||||
- name: NODE_ENV
|
||||
value: prod
|
||||
- name: WILDDUCK_URL
|
||||
value: https://mail.k-space.ee
|
||||
value: http://wildduck-api:8080
|
||||
- name: WILDDUCK_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
@ -16,9 +16,7 @@ data:
|
||||
hostname="mail.k-space.ee"
|
||||
authlogExpireDays=30
|
||||
[wildduck.srs]
|
||||
enabled=false
|
||||
# SRS secret value. Must be the same as in the MX side
|
||||
secret="................................"
|
||||
enabled=true
|
||||
rewriteDomain="k-space.ee"
|
||||
zonemta.toml: |-
|
||||
[log]
|
||||
@ -57,7 +55,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: zonemta
|
||||
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49
|
||||
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /sbin/tini
|
||||
@ -83,6 +81,11 @@ spec:
|
||||
cpu: 10m
|
||||
memory: 500Mi
|
||||
env:
|
||||
- name: APPCONF_plugins_wildduck_srs_secret
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: srs
|
||||
key: secret
|
||||
- name: APPCONF_dbs_sender
|
||||
value: zone-mta
|
||||
- name: APPCONF_dbs_mongo
|
||||
|
Loading…
Reference in New Issue
Block a user