wildduck: Clean up configs
This commit is contained in:
parent
40445c299d
commit
48567f0630
1
wildduck/.gitignore
vendored
1
wildduck/.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
|
dhparams.pem
|
||||||
secret.yml
|
secret.yml
|
||||||
|
@ -22,3 +22,10 @@ The mail stack consists of several moving parts:
|
|||||||
Outside Kubernetes there is NAT rule on the Mikrotik router
|
Outside Kubernetes there is NAT rule on the Mikrotik router
|
||||||
which rewrites source IP of any TCP port 25 headed traffic to
|
which rewrites source IP of any TCP port 25 headed traffic to
|
||||||
originate from the IP address of the mail exchange.
|
originate from the IP address of the mail exchange.
|
||||||
|
|
||||||
|
TODO: Figure out how to automate DH parameters generation:
|
||||||
|
|
||||||
|
```
|
||||||
|
openssl dhparam -out dhparams.pem 2048
|
||||||
|
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem
|
||||||
|
```
|
||||||
|
@ -11,7 +11,9 @@ data:
|
|||||||
spf
|
spf
|
||||||
clamd
|
clamd
|
||||||
rspamd
|
rspamd
|
||||||
|
dkim_verify
|
||||||
wildduck
|
wildduck
|
||||||
|
tls
|
||||||
rspamd.ini: |-
|
rspamd.ini: |-
|
||||||
host = rspamd
|
host = rspamd
|
||||||
port = 11333
|
port = 11333
|
||||||
@ -53,7 +55,7 @@ data:
|
|||||||
"redis": process.env.REDIS_URI,
|
"redis": process.env.REDIS_URI,
|
||||||
"mongo": {
|
"mongo": {
|
||||||
"url": process.env.MONGO_URI,
|
"url": process.env.MONGO_URI,
|
||||||
"sender": "application"
|
"sender": "zone-mta",
|
||||||
},
|
},
|
||||||
"sender": {
|
"sender": {
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
@ -62,7 +64,7 @@ data:
|
|||||||
"collection": "zone-queue"
|
"collection": "zone-queue"
|
||||||
},
|
},
|
||||||
"srs": {
|
"srs": {
|
||||||
"secret": "foobar"
|
"secret": process.env.SRS_SECRET
|
||||||
},
|
},
|
||||||
"attachments": {
|
"attachments": {
|
||||||
"type": "gridstore",
|
"type": "gridstore",
|
||||||
@ -135,6 +137,11 @@ spec:
|
|||||||
- mountPath: /cert
|
- mountPath: /cert
|
||||||
name: cert
|
name: cert
|
||||||
env:
|
env:
|
||||||
|
- name: SRS_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: srs
|
||||||
|
key: secret
|
||||||
- name: REDIS_URI
|
- name: REDIS_URI
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
@ -152,6 +159,8 @@ spec:
|
|||||||
- name: wildduck-haraka-config
|
- name: wildduck-haraka-config
|
||||||
projected:
|
projected:
|
||||||
sources:
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: dhparams
|
||||||
- configMap:
|
- configMap:
|
||||||
name: haraka
|
name: haraka
|
||||||
- name: var-lib-haraka
|
- name: var-lib-haraka
|
||||||
|
@ -13,9 +13,6 @@ spec:
|
|||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: wildduck
|
app.kubernetes.io/name: wildduck
|
||||||
ports:
|
ports:
|
||||||
- port: 8080
|
|
||||||
name: wildduck-api
|
|
||||||
targetPort: wildduck-api
|
|
||||||
- port: 993
|
- port: 993
|
||||||
name: wildduck-mda
|
name: wildduck-mda
|
||||||
targetPort: wildduck-mda
|
targetPort: wildduck-mda
|
||||||
@ -25,4 +22,3 @@ spec:
|
|||||||
- port: 25
|
- port: 25
|
||||||
name: haraka-mta
|
name: haraka-mta
|
||||||
targetPort: haraka-mta
|
targetPort: haraka-mta
|
||||||
|
|
||||||
|
10
wildduck/srs.yaml
Normal file
10
wildduck/srs.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: srs
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: secret
|
||||||
|
value: "%(plaintext)s"
|
@ -24,7 +24,7 @@ spec:
|
|||||||
- name: ALLOWED_GROUPS
|
- name: ALLOWED_GROUPS
|
||||||
value: k-space:friends,k-space:floor
|
value: k-space:friends,k-space:floor
|
||||||
- name: WILDDUCK_API_URL
|
- name: WILDDUCK_API_URL
|
||||||
value: http://mail2.k-space.ee:8080
|
value: http://wildduck-api:8080
|
||||||
- name: WILDDUCK_API_TOKEN
|
- name: WILDDUCK_API_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
@ -55,6 +55,14 @@ spec:
|
|||||||
cpu: 10m
|
cpu: 10m
|
||||||
memory: 100Mi
|
memory: 100Mi
|
||||||
env:
|
env:
|
||||||
|
- name: APPCONF_emailDomain
|
||||||
|
value: k-space.ee
|
||||||
|
- name: APPCONF_log_level
|
||||||
|
value: info
|
||||||
|
- name: APPCONF_maxForwards
|
||||||
|
value: "2000"
|
||||||
|
- name: APPCONF_hostname
|
||||||
|
value: mail.k-space.ee
|
||||||
- name: APPCONF_tls_key
|
- name: APPCONF_tls_key
|
||||||
value: /cert/tls.key
|
value: /cert/tls.key
|
||||||
- name: APPCONF_tls_cert
|
- name: APPCONF_tls_cert
|
||||||
|
@ -105,7 +105,7 @@ spec:
|
|||||||
- name: NODE_ENV
|
- name: NODE_ENV
|
||||||
value: prod
|
value: prod
|
||||||
- name: WILDDUCK_URL
|
- name: WILDDUCK_URL
|
||||||
value: https://mail.k-space.ee
|
value: http://wildduck-api:8080
|
||||||
- name: WILDDUCK_TOKEN
|
- name: WILDDUCK_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
@ -16,9 +16,7 @@ data:
|
|||||||
hostname="mail.k-space.ee"
|
hostname="mail.k-space.ee"
|
||||||
authlogExpireDays=30
|
authlogExpireDays=30
|
||||||
[wildduck.srs]
|
[wildduck.srs]
|
||||||
enabled=false
|
enabled=true
|
||||||
# SRS secret value. Must be the same as in the MX side
|
|
||||||
secret="................................"
|
|
||||||
rewriteDomain="k-space.ee"
|
rewriteDomain="k-space.ee"
|
||||||
zonemta.toml: |-
|
zonemta.toml: |-
|
||||||
[log]
|
[log]
|
||||||
@ -57,7 +55,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: zonemta
|
- name: zonemta
|
||||||
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:a35453409c29882bacb4a758909a38ed62daa875ad72cf706996bb144703ef49
|
image: docker.io/codemowers/wildduck-zonemta-outbound:latest@sha256:0878c803164e636820398f11a3811f3d92b7771c6202cfe229f97449d0009119
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- /sbin/tini
|
- /sbin/tini
|
||||||
@ -83,6 +81,11 @@ spec:
|
|||||||
cpu: 10m
|
cpu: 10m
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
env:
|
env:
|
||||||
|
- name: APPCONF_plugins_wildduck_srs_secret
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: srs
|
||||||
|
key: secret
|
||||||
- name: APPCONF_dbs_sender
|
- name: APPCONF_dbs_sender
|
||||||
value: zone-mta
|
value: zone-mta
|
||||||
- name: APPCONF_dbs_mongo
|
- name: APPCONF_dbs_mongo
|
||||||
|
Loading…
Reference in New Issue
Block a user