vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-08-10 07:26:56 +02:00
parent f32fb8d9a8
commit 0aca51fcfc
4 changed files with 75 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
share/wildduck/haraka.tf
View File

@@ -51,7 +51,17 @@ resource "kubectl_manifest" "haraka_deploy" {
{} {}
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /app/config mountPath: /app/config/me
subPath: me
- name: config
mountPath: /app/config/host_list
subPath: host_list
- name: config
mountPath: /app/config/rspamd.ini
subPath: rspamd.ini
- name: config
mountPath: /app/config/wildduck.yaml
subPath: wildduck.yaml
volumes: volumes:
- name: config - name: config
configMap: configMap:

32
share/wildduck/index.yaml
View File

@@ -6,10 +6,15 @@ metadata:
name: wildduck name: wildduck
description: null description: null
options: options:
domain-name: sub-domain:
default: your_company.com default: mail
examples: examples:
- your_company.com - mail
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string type: string
domain: domain:
default: your-company default: your-company
@@ -21,10 +26,15 @@ options:
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
ingress-class: additional-domains:
default: traefik default: []
items:
type: string
type: array
domain-name:
default: your_company.com
examples: examples:
- traefik - your_company.com
type: string type: string
images: images:
default: default:
@@ -222,16 +232,6 @@ options:
default: 2Gi default: 2Gi
type: string type: string
type: object type: object
additional-domains:
default: []
items:
type: string
type: array
sub-domain:
default: mail
examples:
- mail
type: string
dependencies: dependencies:
- dist: null - dist: null
category: dbo category: dbo

39
share/wildduck/wildduck.tf
View File

@@ -62,12 +62,37 @@ resource "kubectl_manifest" "wildduck_deploy" {
resources: resources:
{} {}
volumeMounts: volumeMounts:
- name: wildduck-config-volume - name: tls
mountPath: /wildduck/config mountPath: "/var/opt/certs"
readOnly: true
- name: config
mountPath: /wildduck/config/default.toml
subPath: default.toml
- name: config
mountPath: /wildduck/config/api.toml
subPath: api.toml
- name: config
mountPath: /wildduck/config/dbs.toml
subPath: dbs.toml
- name: config
mountPath: /wildduck/config/dkim.toml
subPath: dkim.toml
- name: config
mountPath: /wildduck/config/imap.toml
subPath: imap.toml
- name: config
mountPath: /wildduck/config/pop3.toml
subPath: pop3.toml
- name: config
mountPath: /wildduck/config/sender.toml
subPath: sender.toml
volumes: volumes:
- name: config - name: config
configMap: configMap:
name: "${var.instance}-wildduck" name: "${var.instance}-wildduck"
- name: tls
secret:
secretName: "${var.instance}-cert"
EOF EOF
} }
@@ -267,7 +292,7 @@ resource "kubectl_manifest" "wildduck_config" {
# if `true` then do not autodelete expired messages # if `true` then do not autodelete expired messages
disableRetention=false disableRetention=false
# If true, then disables STARTTLS support # If true, then disables STARTTLS support
disableSTARTTLS=true disableSTARTTLS=false
# If true, then advertises COMPRESS=DEFLATE capability # If true, then advertises COMPRESS=DEFLATE capability
enableCompression=false enableCompression=false
# If true, then expect HAProxy PROXY header as the first line of data # If true, then expect HAProxy PROXY header as the first line of data
@@ -297,8 +322,8 @@ resource "kubectl_manifest" "wildduck_config" {
port=9930 port=9930
[tls] [tls]
## If certificate path is not defined, use global or built-in self-signed certs ## If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem" key="/var/opt/certs/tls.key"
#cert="/path/to/server/cert.pem" cert="/var/opt/certs/tls.crt"
## You can also define extra options for specific TLS settings: ## You can also define extra options for specific TLS settings:
#ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" #ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
#secureProtocol="SSLv23_server_method" #secureProtocol="SSLv23_server_method"
@@ -335,8 +360,8 @@ resource "kubectl_manifest" "wildduck_config" {
#version="1.0.0" #version="1.0.0"
[tls] [tls]
# If certificate path is not defined, use global or built-in self-signed certs # If certificate path is not defined, use global or built-in self-signed certs
#key="/path/to/server/key.pem" key="/var/opt/certs/tls.key"
#cert="/path/to/server/cert.pem" cert="/var/opt/certs/tls.crt"
[setup] [setup]
# Public configuration for POP3 # Public configuration for POP3
hostname="${var.sub-domain}.${var.domain-name}" hostname="${var.sub-domain}.${var.domain-name}"

25
share/wildduck/zonemta.tf
View File

@@ -51,16 +51,23 @@ resource "kubectl_manifest" "zonemta_deploy" {
{} {}
volumeMounts: volumeMounts:
- name: tls - name: tls
mountPath: "/var/opt/certs" mountPath: "/var/opt/certs"
readOnly: true readOnly: true
- name: config - name: config
mountPath: /app/config mountPath: /app/config/dbs-production.toml
- name: wildduck-zonemta-interfaces-config-volume subPath: dbs-production.toml
mountPath: /app/config/interfaces - name: config
- name: wildduck-zonemta-plugins-config-volume mountPath: /app/config/pools.toml
mountPath: /app/config/plugins subPath: pools.toml
- name: wildduck-zonemta-zones-config-volume - name: config
mountPath: /app/config/zones mountPath: /app/config/plugins/wildduck.toml
subPath: wildduck.toml
- name: config
mountPath: /app/config/plugins/loop-breaker.toml
subPath: loop-breaker.toml
- name: config
mountPath: /app/config/interfaces/feeder.toml
subPath: feeder.toml
volumes: volumes:
- name: config - name: config
configMap: configMap: