fix

2023-08-13 13:06:50 +02:00
parent d778b90ab8
commit 5cf7067c13
3 changed files with 61 additions and 109 deletions
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -11,16 +11,6 @@ options:
    examples:
    - mail
    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
  additional-domains:
    default: []
    items:
      type: string
    type: array
  redis:
    default:
      exporter:
@@ -54,6 +44,61 @@ options:
        default: 2Gi
        type: string
    type: object
  backups:
    default:
      enable: false
      endpoint: ''
      key-id-key: s3-id
      secret-key: s3-secret
      secret-name: backup-settings
    examples:
    - enable: false
      endpoint: ''
      key-id-key: s3-id
      secret-key: s3-secret
      secret-name: backup-settings
    properties:
      enable:
        default: false
        type: boolean
      endpoint:
        default: ''
        type: string
      key-id-key:
        default: s3-id
        type: string
      secret-key:
        default: s3-secret
        type: string
      secret-name:
        default: backup-settings
        type: string
    type: object
  additional-domains:
    default: []
    items:
      type: string
    type: array
  domain:
    default: your-company
    examples:
    - your-company
    type: string
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
  images:
    default:
      haraka:
@@ -217,51 +262,6 @@ options:
            type: string
        type: object
    type: object
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
  backups:
    default:
      enable: false
      endpoint: ''
      key-id-key: s3-id
      secret-key: s3-secret
      secret-name: backup-settings
    examples:
    - enable: false
      endpoint: ''
      key-id-key: s3-id
      secret-key: s3-secret
      secret-name: backup-settings
    properties:
      enable:
        default: false
        type: boolean
      endpoint:
        default: ''
        type: string
      key-id-key:
        default: s3-id
        type: string
      secret-key:
        default: s3-secret
        type: string
      secret-name:
        default: backup-settings
        type: string
    type: object
 dependencies:
 - dist: null
  category: dbo
--- a/share/wildduck/webmail.tf
+++ b/share/wildduck/webmail.tf
@@ -85,7 +85,7 @@ resource "kubectl_manifest" "webmail_config" {
            forwards=2000
            identities=10
            allowIdentityEdit=true
-            allowJoin=true
+            allowJoin=false
            enableSpecial=false # if true the allow creating addresses with special usernames
            # allowed domains for new addresses
            domains=["${var.domain-name}"]
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -106,52 +106,30 @@ resource "kubectl_manifest" "wildduck_config" {
      labels: ${jsonencode(local.wildduck-labels)}
    data:
      default.toml: |-
        # Uncomment if you start the app as root and want to downgrade
        # once all privileged actions are completed
        # If you do not use privileged ports then you can start the app already under required user account
        #user="wildduck"
        #group="wildduck"
        # process title
        ident="wildduck"
        # how many processes to start
        processes=1
        # default quota storage in MB (can be overriden per user)
        maxStorage=1024
        # default smtp recipients for 24h (can be overriden per user)
        maxRecipients=2000
        # default forwarded messages for 24h (can be overriden per user)
        maxForwards=2000
        # If usernames are not email addresses then use this domain as hostname part
        #emailDomain="mydomain.info"
        [dbs]
-        # @include "dbs.toml"
+            mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
            redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
            sender="wildduck"
        [totp]
            # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds
            # are not encrypted and stored as cleartext. Once set up do not change these values,
            # otherwise decrypting totp seeds is going to fail
            cipher="aes192"
            secret="${local.secrets.totp}"
        [u2f]
            # Fully qualified URL of your website (must use HTTPS!)
-            appId="https://localhost:3000"
+            appId="https://${var.sub-domain}.${var.domain-name}"
        [attachments]
        # @include "attachments.toml"
        [log]
            level="debug"
-            skipFetchLog=false # if true, then does not output individual * FETCH responses to log
+            skipFetchLog=true
            # delete authentication log entries after 30 days
            # changing this value only affects new entries
            # set to false to not log authentication events
            # set to 0 to keep the logs infinitely
            authlogExpireDays=30
            [log.gelf]
                enabled=false
                hostname=false # defaults to os.hostname()
                component="wildduck"
                [log.gelf.options]
                    graylogPort=12201
                    graylogHostname="127.0.0.1"
                    connection="lan"
        [imap]
        # @include "imap.toml"
        [tls]
@@ -227,32 +205,6 @@ resource "kubectl_manifest" "wildduck_config" {
        #cert="/path/to/server/cert.pem"
        [cors]
        origins = ["*"]
      dbs.toml: |-
        # mongodb connection string for the main database
        mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
        # redis connection string to connect to a single master (see below for Sentinel example)
        redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
        # WildDuck allows using different kind of data in different databases
        # If you do not provide a database config value, then main database connection
        # is used for everything
        # You can either use a database name (uses shared connection) or a configutaion
        # url (creates a separate connection) for each databases
        # Optional database name or connection url for GridFS if you do not want to
        # use the main db for storing attachments. Useful if you want
        # to use a different mount folder or storage engine
        #gridfs="wildduck"
        # Optional database name or connection url for users collection if you do not want to
        # use the main db for storing user/address data. Useful if you want
        # to use a different mount folder or storage engine
        #users="wildduck"
        # Optional database name or connection url for ZoneMTA queue database. This is
        # used to push outbound emails to the sending queue
        sender="wildduck"
        #queued="mail"
      dkim.toml: |-
        # If enabled then encrypt DKIM keys with the secret password. By default DKIM keys
        # are not encrypted and stored as cleartext. Once set up do not change these values,