From 5cf7067c13cafd7bf6eeb2be32f7115b4edbda4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sun, 13 Aug 2023 13:06:50 +0200 Subject: [PATCH] fix --- share/wildduck/index.yaml | 110 ++++++++++++++++++------------------- share/wildduck/webmail.tf | 2 +- share/wildduck/wildduck.tf | 58 ++----------------- 3 files changed, 61 insertions(+), 109 deletions(-) diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 1d79963..d8fbe4c 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -11,16 +11,6 @@ options: examples: - mail type: string - domain: - default: your-company - examples: - - your-company - type: string - additional-domains: - default: [] - items: - type: string - type: array redis: default: exporter: @@ -54,6 +44,61 @@ options: default: 2Gi type: string type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + additional-domains: + default: [] + items: + type: string + type: array + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string images: default: haraka: @@ -217,51 +262,6 @@ options: type: string type: object type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object dependencies: - dist: null category: dbo diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf index 04258ee..e88c3a9 100644 --- a/share/wildduck/webmail.tf +++ b/share/wildduck/webmail.tf @@ -85,7 +85,7 @@ resource "kubectl_manifest" "webmail_config" { forwards=2000 identities=10 allowIdentityEdit=true - allowJoin=true + allowJoin=false enableSpecial=false # if true the allow creating addresses with special usernames # allowed domains for new addresses domains=["${var.domain-name}"] diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf index 9018a89..a406bbd 100644 --- a/share/wildduck/wildduck.tf +++ b/share/wildduck/wildduck.tf @@ -106,52 +106,30 @@ resource "kubectl_manifest" "wildduck_config" { labels: ${jsonencode(local.wildduck-labels)} data: default.toml: |- - # Uncomment if you start the app as root and want to downgrade - # once all privileged actions are completed - # If you do not use privileged ports then you can start the app already under required user account - #user="wildduck" - #group="wildduck" - # process title ident="wildduck" - # how many processes to start processes=1 - # default quota storage in MB (can be overriden per user) maxStorage=1024 - # default smtp recipients for 24h (can be overriden per user) maxRecipients=2000 - # default forwarded messages for 24h (can be overriden per user) maxForwards=2000 - # If usernames are not email addresses then use this domain as hostname part #emailDomain="mydomain.info" [dbs] - # @include "dbs.toml" + mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}" + redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3" + sender="wildduck" [totp] - # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds - # are not encrypted and stored as cleartext. Once set up do not change these values, - # otherwise decrypting totp seeds is going to fail cipher="aes192" secret="${local.secrets.totp}" [u2f] # Fully qualified URL of your website (must use HTTPS!) - appId="https://localhost:3000" + appId="https://${var.sub-domain}.${var.domain-name}" [attachments] # @include "attachments.toml" [log] level="debug" - skipFetchLog=false # if true, then does not output individual * FETCH responses to log - # delete authentication log entries after 30 days - # changing this value only affects new entries - # set to false to not log authentication events - # set to 0 to keep the logs infinitely + skipFetchLog=true authlogExpireDays=30 [log.gelf] enabled=false - hostname=false # defaults to os.hostname() - component="wildduck" - [log.gelf.options] - graylogPort=12201 - graylogHostname="127.0.0.1" - connection="lan" [imap] # @include "imap.toml" [tls] @@ -227,32 +205,6 @@ resource "kubectl_manifest" "wildduck_config" { #cert="/path/to/server/cert.pem" [cors] origins = ["*"] - dbs.toml: |- - # mongodb connection string for the main database - mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}" - # redis connection string to connect to a single master (see below for Sentinel example) - redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3" - # WildDuck allows using different kind of data in different databases - # If you do not provide a database config value, then main database connection - # is used for everything - # You can either use a database name (uses shared connection) or a configutaion - # url (creates a separate connection) for each databases - - # Optional database name or connection url for GridFS if you do not want to - # use the main db for storing attachments. Useful if you want - # to use a different mount folder or storage engine - #gridfs="wildduck" - - # Optional database name or connection url for users collection if you do not want to - # use the main db for storing user/address data. Useful if you want - # to use a different mount folder or storage engine - #users="wildduck" - - # Optional database name or connection url for ZoneMTA queue database. This is - # used to push outbound emails to the sending queue - sender="wildduck" - - #queued="mail" dkim.toml: |- # If enabled then encrypt DKIM keys with the secret password. By default DKIM keys # are not encrypted and stored as cleartext. Once set up do not change these values,