wildduck: Cleanups

wildduck/clamav.yaml

@@ -19,8 +19,8 @@ spec:
           image: mirror.gcr.io/clamav/clamav:1.1
           imagePullPolicy: IfNotPresent
           ports:
-          - containerPort: 3310
+            - containerPort: 3310
-            name: api
+              name: api
           volumeMounts:
             - mountPath: /var/lib/clamav
               name: avdata
@@ -41,5 +41,5 @@ spec:
   selector:
     app.kubernetes.io/name: clamav
   ports:
-  - port: 3310
+    - port: 3310
-    name: clamav
+      name: clamav

wildduck/dns.yaml

@@ -5,13 +5,13 @@ metadata:
   name: wildduck-mx
 spec:
   endpoints:
-  - dnsName: k-space.ee
+    - dnsName: k-space.ee
-    recordTTL: 300
+      recordTTL: 300
-    recordType: MX
+      recordType: MX
-    targets:
+      targets:
-      - "10 mail.k-space.ee"
+        - "10 mail.k-space.ee"
-  - dnsName: k-space.ee
+    - dnsName: k-space.ee
-    recordTTL: 300
+      recordTTL: 300
-    recordType: TXT
+      recordType: TXT
-    targets:
+      targets:
-      - "v=spf1 mx include:servers.mcsv.net -all"
+        - "v=spf1 mx include:servers.mcsv.net -all"

wildduck/loadbalancer.yaml

@@ -13,12 +13,12 @@ spec:
   selector:
     app.kubernetes.io/name: wildduck
   ports:
-  - port: 993
+    - port: 993
-    name: wildduck-mda
+      name: wildduck-mda
-    targetPort: wildduck-mda
+      targetPort: wildduck-mda
-  - port: 465
+    - port: 465
-    name: zonemta-msa
+      name: zonemta-msa
-    targetPort: zonemta-msa
+      targetPort: zonemta-msa
-  - port: 25
+    - port: 25
-    name: haraka-mta
+      name: haraka-mta
-    targetPort: haraka-mta
+      targetPort: haraka-mta

wildduck/rspamd.yaml

@@ -75,5 +75,5 @@ spec:
   selector:
     app.kubernetes.io/name: rspamd
   ports:
-  - port: 11333
+    - port: 11333
-    name: rspamd
+      name: rspamd

wildduck/sessions.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: dragonfly-auth
+spec:
+  size: 32
+  mapping:
+    - key: password
+      value: "%(plaintext)s"
+    - key: REDIS_WILDDUCK_URI
+      value: "redis://:%(plaintext)s@dragonfly/1"
+    - key: REDIS_WILDFLOCK_URI
+      value: "redis://:%(plaintext)s@dragonfly/2"
+---
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: dragonfly
+spec:
+  authentication:
+    passwordFromSecret:
+      key: password
+      name: dragonfly-auth
+  replicas: 3
+  resources:
+    limits:
+      memory: 1Gi

wildduck/webmail.yaml

@@ -1,13 +1,3 @@
-# ---
-# Commented out by argocd config drift
-#
-# apiVersion: codemowers.cloud/v1beta1
-# kind: RedisClaim
-# metadata:
-#   name: webmail
-# spec:
-#   class: ephemeral
-#   capacity: 100Mi
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: OIDCMiddlewareClient
@@ -116,9 +106,9 @@ spec:
   selector:
     app.kubernetes.io/name: webmail
   ports:
-  - protocol: TCP
+    - protocol: TCP
-    port: 80
+      port: 80
-    targetPort: 3000
+      targetPort: 3000
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -133,19 +123,19 @@ metadata:
     external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
 spec:
   rules:
-  - host: webmail.k-space.ee
+    - host: webmail.k-space.ee
-    http:
+      http:
-      paths:
+        paths:
-      - pathType: Prefix
+          - pathType: Prefix
-        path: "/"
+            path: "/"
-        backend:
+            backend:
-          service:
+              service:
-            name: webmail
+                name: webmail
-            port:
+                port:
-              number: 80
+                  number: 80
   tls:
-  - hosts:
+    - hosts:
-    - "*.k-space.ee"
+        - "*.k-space.ee"
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
@@ -156,24 +146,3 @@ spec:
     regex: ^https://webmail.k-space.ee/$
     replacement: https://webmail.k-space.ee/webmail/
     permanent: false
-# ---
-# apiVersion: networking.k8s.io/v1
-# kind: NetworkPolicy
-# metadata:
-#   name: webmail
-# spec:
-#   podSelector:
-#     matchLabels:
-#       app.kubernetes.io/name: webmail
-#   policyTypes:
-#     - Ingress
-#   ingress:
-#     - ports:
-#         - port: 3000
-#       from:
-#         - namespaceSelector:
-#             matchLabels:
-#               kubernetes.io/metadata.name: traefik
-#           podSelector:
-#             matchLabels:
-#               app.kubernetes.io/name: traefik

wildduck/wildduck.yaml

@@ -1,30 +1,4 @@
 ---
-apiVersion: codemowers.cloud/v1beta1
-kind: SecretClaim
-metadata:
-  name: dragonfly-auth
-spec:
-  size: 32
-  mapping:
-    - key: password
-      value: "%(plaintext)s"
-    - key: REDIS_URI
-      value: "redis://:%(plaintext)s@dragonfly"
----
-apiVersion: dragonflydb.io/v1alpha1
-kind: Dragonfly
-metadata:
-  name: dragonfly
-spec:
-  authentication:
-    passwordFromSecret:
-      key: password
-      name: dragonfly-auth
-  replicas: 3
-  resources:
-    limits:
-      memory: 5Gi
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -119,7 +93,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: dragonfly-auth
-                  key: REDIS_URI
+                  key: REDIS_WILDDUCK_URI
           volumeMounts:
             - mountPath: /cert
               name: cert

wildduck/wildflock.yaml

@@ -96,8 +96,8 @@ spec:
             - name: REDIS_URL
               valueFrom:
                 secretKeyRef:
-                  name: dragonfly-wildflock-auth
+                  name: dragonfly-auth
-                  key: REDIS_URI
+                  key: REDIS_WILDFLOCK_URI
             - name: CLIENT_URL
               value: https://wildflock.k-space.ee
             - name: WILDDUCK_DOMAIN
@@ -120,48 +120,22 @@ spec:
               valueFrom:
                 secretKeyRef:
                   key: OIDC_IDP_URI
-                  name: oidc-client-wildflock-owner-secrets            
+                  name: oidc-client-wildflock-owner-secrets
             - name: OIDC_GATEWAY_AUTH_URI
               valueFrom:
                 secretKeyRef:
                   key: OIDC_IDP_AUTH_URI
-                  name: oidc-client-wildflock-owner-secrets  
+                  name: oidc-client-wildflock-owner-secrets
             - name: OIDC_GATEWAY_TOKEN_URI
               valueFrom:
                 secretKeyRef:
                   key: OIDC_IDP_TOKEN_URI
-                  name: oidc-client-wildflock-owner-secrets  
+                  name: oidc-client-wildflock-owner-secrets
             - name: OIDC_GATEWAY_USERINFO_URI
               valueFrom:
                 secretKeyRef:
                   key: OIDC_IDP_USERINFO_URI
-                  name: oidc-client-wildflock-owner-secrets                                      
+                  name: oidc-client-wildflock-owner-secrets
           envFrom:
             - secretRef:
                 name: oidc-client-wildflock-owner-secrets
----
-apiVersion: codemowers.cloud/v1beta1
-kind: SecretClaim
-metadata:
-  name: dragonfly-wildflock-auth
-spec:
-  size: 32
-  mapping:
-    - key: password
-      value: "%(plaintext)s"
-    - key: REDIS_URI
-      value: "redis://:%(plaintext)s@dragonfly-wildflock"
----
-apiVersion: dragonflydb.io/v1alpha1
-kind: Dragonfly
-metadata:
-  name: dragonfly-wildflock
-spec:
-  authentication:
-    passwordFromSecret:
-      key: password
-      name: dragonfly-wildflock-auth
-  replicas: 3
-  resources:
-    limits:
-      memory: 5Gi