fix

2023-08-13 13:06:50 +02:00
parent d778b90ab8
commit 5cf7067c13
3 changed files with 61 additions and 109 deletions
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -11,16 +11,6 @@ options:
    examples:
    - mail
    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
  redis:
    default:
      exporter:
@@ -54,6 +44,61 @@ options:
        default: 2Gi
        type: string
    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
  images:
    default:
      haraka:
@@ -217,51 +262,6 @@ options:
            type: string
        type: object
    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
 dependencies:
 - dist: null
  category: dbo
--- a/share/wildduck/webmail.tf
+++ b/share/wildduck/webmail.tf
@@ -85,7 +85,7 @@ resource "kubectl_manifest" "webmail_config" {
            forwards=2000
            identities=10
            allowIdentityEdit=true
-            allowJoin=true
+            allowJoin=false
            enableSpecial=false # if true the allow creating addresses with special usernames
            # allowed domains for new addresses
            domains=["${var.domain-name}"]
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -106,52 +106,30 @@ resource "kubectl_manifest" "wildduck_config" {
      labels: ${jsonencode(local.wildduck-labels)}
    data:
      default.toml: |-
-        # Uncomment if you start the app as root and want to downgrade
-        # once all privileged actions are completed
-        # If you do not use privileged ports then you can start the app already under required user account
-        #user="wildduck"
-        #group="wildduck"
-        # process title
        ident="wildduck"
-        # how many processes to start
        processes=1
-        # default quota storage in MB (can be overriden per user)
        maxStorage=1024
-        # default smtp recipients for 24h (can be overriden per user)
        maxRecipients=2000
-        # default forwarded messages for 24h (can be overriden per user)
        maxForwards=2000
-        # If usernames are not email addresses then use this domain as hostname part
        #emailDomain="mydomain.info"
        [dbs]
-        # @include "dbs.toml"
+            mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
+            redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
+            sender="wildduck"
        [totp]
-            # If enabled then encrypt TOTP seed tokens with the secret password. By default TOTP seeds
-            # are not encrypted and stored as cleartext. Once set up do not change these values,
-            # otherwise decrypting totp seeds is going to fail
            cipher="aes192"
            secret="${local.secrets.totp}"
        [u2f]
            # Fully qualified URL of your website (must use HTTPS!)
-            appId="https://localhost:3000"
+            appId="https://${var.sub-domain}.${var.domain-name}"
        [attachments]
        # @include "attachments.toml"
        [log]
            level="debug"
-            skipFetchLog=false # if true, then does not output individual * FETCH responses to log
-            # delete authentication log entries after 30 days
-            # changing this value only affects new entries
-            # set to false to not log authentication events
-            # set to 0 to keep the logs infinitely
+            skipFetchLog=true
            authlogExpireDays=30
            [log.gelf]
                enabled=false
-                hostname=false # defaults to os.hostname()
-                component="wildduck"
-                [log.gelf.options]
-                    graylogPort=12201
-                    graylogHostname="127.0.0.1"
-                    connection="lan"
        [imap]
        # @include "imap.toml"
        [tls]
@@ -227,32 +205,6 @@ resource "kubectl_manifest" "wildduck_config" {
        #cert="/path/to/server/cert.pem"
        [cors]
        origins = ["*"]
-      dbs.toml: |-
-        # mongodb connection string for the main database
-        mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
-        # redis connection string to connect to a single master (see below for Sentinel example)
-        redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
-        # WildDuck allows using different kind of data in different databases
-        # If you do not provide a database config value, then main database connection
-        # is used for everything
-        # You can either use a database name (uses shared connection) or a configutaion
-        # url (creates a separate connection) for each databases
-
-        # Optional database name or connection url for GridFS if you do not want to
-        # use the main db for storing attachments. Useful if you want
-        # to use a different mount folder or storage engine
-        #gridfs="wildduck"
-
-        # Optional database name or connection url for users collection if you do not want to
-        # use the main db for storing user/address data. Useful if you want
-        # to use a different mount folder or storage engine
-        #users="wildduck"
-
-        # Optional database name or connection url for ZoneMTA queue database. This is
-        # used to push outbound emails to the sending queue
-        sender="wildduck"
-
-        #queued="mail"
      dkim.toml: |-
        # If enabled then encrypt DKIM keys with the secret password. By default DKIM keys
        # are not encrypted and stored as cleartext. Once set up do not change these values,