diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf index 41eba4a..c65758e 100644 --- a/share/wildduck/haraka.tf +++ b/share/wildduck/haraka.tf @@ -205,7 +205,7 @@ resource "kubectl_manifest" "haraka_config" { ## database name or connection string for the attachments db #gridfs: "attachments" ## database name or connection string for the outbound queue - sender: 'mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/zone-mta' + sender: 'zone-mta' sender: # Push messages to ZoneMTA queue for delivery # if `false` then no messages are sent @@ -224,7 +224,7 @@ resource "kubectl_manifest" "haraka_config" { loopSecret: '${local.secrets.srs}' srs: # must be shared with ZoneMTA SRS config, otherwise messages sent from ZoneMTA are not recognized by Haraka - secret: 'secret value' + secret: '${local.secrets.srs}' attachments: type: 'gridstore' bucket: 'attachments' diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 00eb550..cbe70ef 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,11 +6,6 @@ metadata: name: wildduck description: null options: - domain-name: - default: your_company.com - examples: - - your_company.com - type: string images: default: haraka: @@ -179,6 +174,56 @@ options: examples: - letsencrypt-prod type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + additional-domains: + default: [] + items: + type: string + type: array + domain-name: + default: your_company.com + examples: + - your_company.com + type: string redis: default: exporter: @@ -212,51 +257,6 @@ options: default: 2Gi type: string type: object - additional-domains: - default: [] - items: - type: string - type: array - domain: - default: your-company - examples: - - your-company - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object sub-domain: default: mail examples: diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf index 5564efd..d9be8b7 100644 --- a/share/wildduck/zonemta.tf +++ b/share/wildduck/zonemta.tf @@ -167,20 +167,11 @@ resource "kubectl_manifest" "zonemta_config" { # DKIM Settings # ------------- ["modules/zonemta-wildduck".dkim] - # If true then also adds a signature for the outbound domain + cipher="aes192" + secret="${local.secrets.dkim}" + useOpenSSL=true signTransportDomain=false - # If set then decrypt encrypted DKIM keys using this password - #secret="a secret cat" - # Cipher to use to decrypt encrypted DKIM keys - #cipher="aes192" - ["modules/zonemta-wildduck".gelf] - enabled=false - component="mta" - ["modules/zonemta-wildduck".gelf.options] - graylogPort=12201 - graylogHostname='127.0.0.1' - connection='lan' - + hashAlgo="sha256" EOF }