vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-08-10 07:26:56 +02:00
parent f32fb8d9a8
commit 0aca51fcfc
4 changed files with 75 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
share/wildduck/haraka.tf
View File

@@ -51,7 +51,17 @@ resource "kubectl_manifest" "haraka_deploy" {
{}
volumeMounts:
- name: config
mountPath: /app/config
mountPath: /app/config/me
subPath: me
- name: config
mountPath: /app/config/host_list
subPath: host_list
- name: config
mountPath: /app/config/rspamd.ini
subPath: rspamd.ini
- name: config
mountPath: /app/config/wildduck.yaml
subPath: wildduck.yaml
volumes:
- name: config
configMap:

32
share/wildduck/index.yaml
View File

@@ -6,10 +6,15 @@ metadata:
name: wildduck
description: null
options:
domain-name:
default: your_company.com
sub-domain:
default: mail
examples:
- your_company.com
- mail
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
domain:
default: your-company
@@ -21,10 +26,15 @@ options:
examples:
- letsencrypt-prod
type: string
ingress-class:
default: traefik
additional-domains:
default: []
items:
type: string
type: array
domain-name:
default: your_company.com
examples:
- traefik
- your_company.com
type: string
images:
default:
@@ -222,16 +232,6 @@ options:
default: 2Gi
type: string
type: object
additional-domains:
default: []
items:
type: string
type: array
sub-domain:
default: mail
examples:
- mail
type: string
dependencies:
- dist: null
category: dbo

39
share/wildduck/wildduck.tf
View File

@@ -62,12 +62,37 @@ resource "kubectl_manifest" "wildduck_deploy" {
resources:
{}
volumeMounts:
- name: wildduck-config-volume
mountPath: /wildduck/config
- name: tls
mountPath: "/var/opt/certs"
readOnly: true
- name: config
mountPath: /wildduck/config/default.toml
subPath: default.toml
- name: config
mountPath: /wildduck/config/api.toml
subPath: api.toml
- name: config
mountPath: /wildduck/config/dbs.toml
subPath: dbs.toml
- name: config
mountPath: /wildduck/config/dkim.toml
subPath: dkim.toml
- name: config
mountPath: /wildduck/config/imap.toml
subPath: imap.toml
- name: config
mountPath: /wildduck/config/pop3.toml
subPath: pop3.toml
- name: config
mountPath: /wildduck/config/sender.toml
subPath: sender.toml
volumes:
- name: config
configMap:
name: "${var.instance}-wildduck"
- name: tls
secret:
secretName: "${var.instance}-cert"
EOF
}
@@ -267,7 +292,7 @@ resource "kubectl_manifest" "wildduck_config" {
# if `true` then do not autodelete expired messages
disableRetention=false
# If true, then disables STARTTLS support
disableSTARTTLS=true
disableSTARTTLS=false
# If true, then advertises COMPRESS=DEFLATE capability
enableCompression=false
# If true, then expect HAProxy PROXY header as the first line of data
@@ -297,8 +322,8 @@ resource "kubectl_manifest" "wildduck_config" {
port=9930
[tls]
## If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
key="/var/opt/certs/tls.key"
cert="/var/opt/certs/tls.crt"
## You can also define extra options for specific TLS settings:
#ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
#secureProtocol="SSLv23_server_method"
@@ -335,8 +360,8 @@ resource "kubectl_manifest" "wildduck_config" {
#version="1.0.0"
[tls]
# If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem"
#cert="/path/to/server/cert.pem"
key="/var/opt/certs/tls.key"
cert="/var/opt/certs/tls.crt"
[setup]
# Public configuration for POP3
hostname="${var.sub-domain}.${var.domain-name}"

21
share/wildduck/zonemta.tf
View File

@@ -54,13 +54,20 @@ resource "kubectl_manifest" "zonemta_deploy" {
mountPath: "/var/opt/certs"
readOnly: true
- name: config
mountPath: /app/config
- name: wildduck-zonemta-interfaces-config-volume
mountPath: /app/config/interfaces
- name: wildduck-zonemta-plugins-config-volume
mountPath: /app/config/plugins
- name: wildduck-zonemta-zones-config-volume
mountPath: /app/config/zones
mountPath: /app/config/dbs-production.toml
subPath: dbs-production.toml
- name: config
mountPath: /app/config/pools.toml
subPath: pools.toml
- name: config
mountPath: /app/config/plugins/wildduck.toml
subPath: wildduck.toml
- name: config
mountPath: /app/config/plugins/loop-breaker.toml
subPath: loop-breaker.toml
- name: config
mountPath: /app/config/interfaces/feeder.toml
subPath: feeder.toml
volumes:
- name: config
configMap: