domain-incoming/share/wildduck/secret.tf

resource "random_password" "srs" {
  length           = 32
  special          = false
}

resource "random_password" "zonemta" {
  length           = 32
  special          = false
}

resource "random_password" "webmail" {
  length           = 32
  special          = false
}

resource "random_password" "totp" {
  length           = 32
  special          = false
}

resource "random_password" "access" {
  length           = 32
  special          = false
}

resource "random_password" "dkim" {
  length           = 32
  special          = false
}

resource "random_password" "authentik" {
  length           = 32
  special          = false
}

resource "random_password" "default" {
  length           = 8
  special          = false
}

resource "random_password" "scim-seed" {
  length           = 16
  special          = false
}

locals {
  secrets = {
    srs     = random_password.srs.result
    zonemta = random_password.zonemta.result
    webmail = random_password.webmail.result
    totp    = random_password.totp.result
    dkim    = random_password.dkim.result
    access  = random_password.access.result
    authentik = random_password.authentik.result
  }
}

resource "kubectl_manifest" "wildduck_secret" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: "${var.instance}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    stringData:
      srs: "${local.secrets.srs}"
      zonemta: "${local.secrets.zonemta}"
      webmail: "${local.secrets.webmail}"
      totp: "${local.secrets.totp}"
      dkim: "${local.secrets.dkim}"
      access: "${local.secrets.access}"
      authentik: "${local.secrets.authentik}"
      default: "${random_password.default.result}"
      scim-seed: "${random_password.scim-seed.result}"
EOF
}