domain-incoming/share/wildduck/webmail.tf

locals {
  webmail-labels = merge(local.common-labels, {
    "app.kubernetes.io/component" = "webmail"
  })
}

resource "kubectl_manifest" "webmail_deploy" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: "${var.instance}-webmail"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.webmail-labels)}
    spec:
      replicas: 1
      selector:
        matchLabels: ${jsonencode(local.webmail-labels)}
      template:
        metadata:
          labels: ${jsonencode(local.webmail-labels)}
        spec:
          securityContext:
            fsGroup: 1000
          containers:
          - name: webmail
            securityContext:
              capabilities:
                drop:
                - ALL
              readOnlyRootFilesystem: true
              runAsNonRoot: true
              runAsUser: 1000
            image: "${var.images.webmail.registry}/${var.images.webmail.repository}:${var.images.webmail.tag}"
            imagePullPolicy: "${var.images.webmail.pullPolicy}"
            args:
            - "--config=./config/webmail.toml"
            ports:
            - name: http
              containerPort: 8000
              protocol: TCP
            livenessProbe:
              httpGet:
                path: /
                port: http
                scheme: HTTP
            readinessProbe:
              httpGet:
                path: /
                port: http
                scheme: HTTP
            resources:
              {}
            volumeMounts:
            - name: config
              mountPath: /app/views/index.hbs
              subPath: index.hbs
            - name: config
              mountPath: /app/config/webmail.toml
              subPath: webmail.toml
          volumes:
          - name: config
            configMap:
              name: "${var.instance}-webmail"
  EOF
}

resource "kubernetes_config_map_v1" "webmail_config" {
  metadata {
    name = "${var.instance}-webmail"
    namespace = "${var.namespace}"
    labels = local.webmail-labels
  }
  data = yamldecode(<<-EOF
      index.hbs: |-
        <div class="row">
            <div class="col-md-12">
                <h1><span class="glyphicon glyphicon-inbox" aria-hidden="true"></span> {{serviceName}}</h1>
            </div>
        </div>
        <div class="row">
            <div class="col-md-12">
                <p>
                    <a class="btn btn-success btn-md" href="/account/login" role="button"><span class="glyphicon glyphicon-log-in" aria-hidden="true"></span> Log in</a>
                </p>
            </div>
        </div>
      webmail.toml: |-
        name="Wild Duck Mail"

        title="wildduck-www"

        [service]
            # email domain for new users
            domain="${var.domain_name}"
            # default quotas for new users
            quota=1024
            recipients=2000
            forwards=2000
            identities=10
            allowIdentityEdit=true
            allowJoin=false
            enableSpecial=false # if true the allow creating addresses with special usernames
            # allowed domains for new addresses
            domains=["${var.domain_name}"]

            generalNotification="" # static notification to show on top of the page

            [service.sso.http]
                enabled = false
                header = "X-UserName" # value from this header is treated as logged in username
                authRedirect = "http:/127.0.0.1:3000/login" # URL to redirect non-authenticated users
                logoutRedirect = "http:/127.0.0.1:3000/logout"  # URL to redirect when user clicks on "log out"

        [api]
            url="http://${var.instance}-wildduck-api.${var.namespace}.svc.cluster.local:80"
            accessToken="${local.secrets.access}"

        [dbs]
            # redis connection string for Express sessions
            redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/5"

        [www]
            host=false
            port=8000
            proxy=false
            postsize="5MB"
            log="dev"
            secret="${local.secrets.webmail}"
            secure=false
            listSize=20

        [recaptcha]
            enabled=false
            siteKey=""
            secretKey=""

        [totp]
            # Issuer name for TOTP, defaults to config.name
            issuer=false
            # once setup do not change as it would invalidate all existing 2fa sessions
            secret="${local.secrets.totp}"

        [u2f]
            # set to false if not using HTTPS
            enabled=true
            # must be https url or use default
            appId="https://${var.domain_name}"

        [log]
            level="silly"
            mail=true

        [setup]
            # these values are shown in the configuration help page
            [setup.imap]
                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=143
            [setup.pop3]
                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=110
            [setup.smtp]
                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=25
  EOF
  )
}

resource "kubectl_manifest" "webmail_service" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Service
    metadata:
      name: "${var.instance}-webmail"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.webmail-labels)}
    spec:
      type: ClusterIP
      ports:
      - port: 80
        targetPort: http
        protocol: TCP
        name: http
      selector: ${jsonencode(local.webmail-labels)}
  EOF
}