fix

2023-08-13 13:15:50 +02:00
parent 64e8bae559
commit deaf69df99
2 changed files with 106 additions and 55 deletions
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -6,6 +6,56 @@ metadata:
  name: wildduck
  description: null
 options:
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  sub-domain:
+    default: mail
+    examples:
+    - mail
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  redis:
    default:
      exporter:
@@ -39,11 +89,6 @@ options:
        default: 2Gi
        type: string
    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  images:
    default:
      haraka:
@@ -207,56 +252,11 @@ options:
            type: string
        type: object
    type: object
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  sub-domain:
-    default: mail
-    examples:
-    - mail
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
  domain-name:
    default: your_company.com
    examples:
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -71,6 +71,9 @@ resource "kubectl_manifest" "wildduck_deploy" {
            - name: configmap
              mountPath: /wildduck/config/api.toml
              subPath: api.toml
+            - name: configmap
+              mountPath: /wildduck/config/dbs.toml
+              subPath: dbs.toml
            - name: configmap
              mountPath: /wildduck/config/dkim.toml
              subPath: dkim.toml
@@ -103,30 +106,52 @@ resource "kubectl_manifest" "wildduck_config" {
      labels: ${jsonencode(local.wildduck-labels)}
    data:
      default.toml: |-
+        # Uncomment if you start the app as root and want to downgrade
+        # once all privileged actions are completed
+        # If you do not use privileged ports then you can start the app already under required user account
+        #user="wildduck"
+        #group="wildduck"
+        # process title
        ident="wildduck"
+        # how many processes to start
        processes=1
+        # default quota storage in MB (can be overriden per user)
        maxStorage=1024
+        # default smtp recipients for 24h (can be overriden per user)
        maxRecipients=2000
+        # default forwarded messages for 24h (can be overriden per user)
        maxForwards=2000
+        # If usernames are not email addresses then use this domain as hostname part
        #emailDomain="mydomain.info"
        [dbs]
-            mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
-            redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
-            sender="wildduck"
+        # @include "dbs.toml"
        [totp]
+            # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds
+            # are not encrypted and stored as cleartext. Once set up do not change these values,
+            # otherwise decrypting totp seeds is going to fail
            cipher="aes192"
            secret="${local.secrets.totp}"
        [u2f]
            # Fully qualified URL of your website (must use HTTPS!)
-            appId="https://${var.sub-domain}.${var.domain-name}"
+            appId="https://localhost:3000"
        [attachments]
        # @include "attachments.toml"
        [log]
            level="debug"
-            skipFetchLog=true
+            skipFetchLog=false # if true, then does not output individual * FETCH responses to log
+            # delete authentication log entries after 30 days
+            # changing this value only affects new entries
+            # set to false to not log authentication events
+            # set to 0 to keep the logs infinitely
            authlogExpireDays=30
            [log.gelf]
                enabled=false
+                hostname=false # defaults to os.hostname()
+                component="wildduck"
+                [log.gelf.options]
+                    graylogPort=12201
+                    graylogHostname="127.0.0.1"
+                    connection="lan"
        [imap]
        # @include "imap.toml"
        [tls]
@@ -202,6 +227,32 @@ resource "kubectl_manifest" "wildduck_config" {
        #cert="/path/to/server/cert.pem"
        [cors]
        origins = ["*"]
+      dbs.toml: |-
+        # mongodb connection string for the main database
+        mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
+        # redis connection string to connect to a single master (see below for Sentinel example)
+        redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
+        # WildDuck allows using different kind of data in different databases
+        # If you do not provide a database config value, then main database connection
+        # is used for everything
+        # You can either use a database name (uses shared connection) or a configutaion
+        # url (creates a separate connection) for each databases
+
+        # Optional database name or connection url for GridFS if you do not want to
+        # use the main db for storing attachments. Useful if you want
+        # to use a different mount folder or storage engine
+        #gridfs="wildduck"
+
+        # Optional database name or connection url for users collection if you do not want to
+        # use the main db for storing user/address data. Useful if you want
+        # to use a different mount folder or storage engine
+        #users="wildduck"
+
+        # Optional database name or connection url for ZoneMTA queue database. This is
+        # used to push outbound emails to the sending queue
+        sender="${var.component}"
+
+        #queued="mail"
      dkim.toml: |-
        # If enabled then encrypt DKIM keys with the secret password. By default DKIM keys
        # are not encrypted and stored as cleartext. Once set up do not change these values,