vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-08-10 07:26:56 +02:00
parent f32fb8d9a8
commit 0aca51fcfc
4 changed files with 75 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
share/wildduck/wildduck.tf
View File

@@ -62,12 +62,37 @@ resource "kubectl_manifest" "wildduck_deploy" {
resources:
{}
volumeMounts:
- name: wildduck-config-volume
mountPath: /wildduck/config
- name: tls
mountPath: "/var/opt/certs"
readOnly: true
- name: config
mountPath: /wildduck/config/default.toml
subPath: default.toml
- name: config
mountPath: /wildduck/config/api.toml
subPath: api.toml
- name: config
mountPath: /wildduck/config/dbs.toml
subPath: dbs.toml
- name: config
mountPath: /wildduck/config/dkim.toml
subPath: dkim.toml
- name: config
mountPath: /wildduck/config/imap.toml
subPath: imap.toml
- name: config
mountPath: /wildduck/config/pop3.toml
subPath: pop3.toml
- name: config
mountPath: /wildduck/config/sender.toml
subPath: sender.toml
volumes:
- name: config
configMap:
name: "${var.instance}-wildduck"
- name: tls
secret:
secretName: "${var.instance}-cert"
EOF
}
@@ -267,7 +292,7 @@ resource "kubectl_manifest" "wildduck_config" {
# if `true` then do not autodelete expired messages
disableRetention=false
# If true, then disables STARTTLS support
disableSTARTTLS=true
disableSTARTTLS=false
# If true, then advertises COMPRESS=DEFLATE capability
enableCompression=false
# If true, then expect HAProxy PROXY header as the first line of data
@@ -297,8 +322,8 @@ resource "kubectl_manifest" "wildduck_config" {
port=9930
[tls]
## If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
key="/var/opt/certs/tls.key"
cert="/var/opt/certs/tls.crt"
## You can also define extra options for specific TLS settings:
#ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
#secureProtocol="SSLv23_server_method"
@@ -335,8 +360,8 @@ resource "kubectl_manifest" "wildduck_config" {
#version="1.0.0"
[tls]
# If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
key="/var/opt/certs/tls.key"
cert="/var/opt/certs/tls.crt"
[setup]
# Public configuration for POP3
hostname="${var.sub-domain}.${var.domain-name}"