vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-26 10:19:34 +01:00
parent e8ad81c3db
commit 94e78fa7e9
187 changed files with 3355 additions and 2857 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
share/wildduck/application.tf
View File

@@ -14,10 +14,10 @@ resource "authentik_application" "prj_app" {
name = "${var.instance}"
slug = "${var.component}-${var.instance}"
#protocol_provider = authentik_provider_oauth2.oauth2.id
group = var.app_group
group = var.app-group
backchannel_providers = [authentik_provider_scim.scim.id]
meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name)
meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "favicon-32x32.png")
meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name)
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png")
}
resource "authentik_policy_expression" "policy" {

8
share/wildduck/haraka.tf
View File

@@ -96,11 +96,11 @@ resource "kubernetes_config_map_v1" "haraka_config" {
}
data = yamldecode(<<-EOF
me: |-
${var.sub_domain}.${var.domain_name}
${var.sub-domain}.${var.domain-name}
host_list: |-
# add hosts in here we want to accept mail for
${var.sub_domain}.${var.domain_name}
${var.domain_name}
${var.sub-domain}.${var.domain-name}
${var.domain-name}
${join("\n ",var.additional-domains)}
rspamd.ini: |-
host = ${var.instance}-rspamd.${var.namespace}.svc.cluster.local
@@ -188,7 +188,7 @@ resource "kubernetes_config_map_v1" "haraka_config" {
dkim_sign.ini: |-
disabled = true
selector = mail
domain = ${var.domain_name}
domain = ${var.domain-name}
headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version
wildduck.yaml: |-
redis:

152
share/wildduck/index.yaml
View File

@@ -6,11 +6,83 @@ metadata:
name: wildduck
description: null
options:
app_group:
domain:
default: your-company
examples:
- your-company
type: string
redis:
default:
exporter:
enabled: true
examples:
- exporter:
enabled: true
properties:
exporter:
default:
enabled: true
properties:
enabled:
default: true
type: boolean
type: object
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: ''
examples:
- ''
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub-domain:
default: mail
examples:
- mail
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
additional-domains:
default: []
items:
type: string
type: array
images:
default:
haraka:
@@ -288,38 +360,11 @@ options:
type: string
type: object
type: object
sub_domain:
default: mail
ingress-class:
default: traefik
examples:
- mail
- traefik
type: string
additional-domains:
default: []
items:
type: string
type: array
domain:
default: your-company
examples:
- your-company
type: string
redis:
default:
exporter:
enabled: true
examples:
- exporter:
enabled: true
properties:
exporter:
default:
enabled: true
properties:
enabled:
default: true
type: boolean
type: object
type: object
storage:
default:
redis:
@@ -337,51 +382,6 @@ options:
type: string
type: object
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
ingress_class:
default: traefik
examples:
- traefik
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dependencies:
- dist: null
category: dbo

6
share/wildduck/ingress.tf
View File

@@ -1,6 +1,6 @@
locals {
dns_names = ["${var.sub_domain}.${var.domain_name}"]
cert-names = concat(local.dns_names, ["${var.domain_name}"])
dns_names = ["${var.sub-domain}.${var.domain-name}"]
cert-names = concat(local.dns_names, ["${var.domain-name}"])
middlewares = ["${var.instance}-https"]
service = {
"name" = "${var.instance}-webmail"
@@ -67,7 +67,7 @@ resource "kubectl_manifest" "prj_ingress" {
annotations:
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
spec:
ingressClassName: "${var.ingress_class}"
ingressClassName: "${var.ingress-class}"
rules: ${jsonencode(local.rules)}
tls:
- hosts: ${jsonencode(local.dns_names)}

2
share/wildduck/scimgateway.tf
View File

@@ -55,7 +55,7 @@ resource "kubectl_manifest" "scimgateway_deploy" {
- name: "PORT"
value: "8880"
- name: "WILDDUCK_DOMAIN"
value: "${var.domain_name}"
value: "${var.domain-name}"
- name: "WILDDUCK_API"
value: "http://${var.instance}-wildduck-api.${var.namespace}.svc"
- name: SEED

12
share/wildduck/webmail.tf
View File

@@ -92,7 +92,7 @@ resource "kubernetes_config_map_v1" "webmail_config" {
[service]
# email domain for new users
domain="${var.domain_name}"
domain="${var.domain-name}"
# default quotas for new users
quota=1024
recipients=2000
@@ -102,7 +102,7 @@ resource "kubernetes_config_map_v1" "webmail_config" {
allowJoin=false
enableSpecial=false # if true the allow creating addresses with special usernames
# allowed domains for new addresses
domains=["${var.domain_name}"]
domains=["${var.domain-name}"]
generalNotification="" # static notification to show on top of the page
@@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "webmail_config" {
# set to false if not using HTTPS
enabled=true
# must be https url or use default
appId="https://${var.domain_name}"
appId="https://${var.domain-name}"
[log]
level="silly"
@@ -154,15 +154,15 @@ resource "kubernetes_config_map_v1" "webmail_config" {
[setup]
# these values are shown in the configuration help page
[setup.imap]
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
port=143
[setup.pop3]
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
port=110
[setup.smtp]
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
port=25
EOF

6
share/wildduck/wildduck.tf
View File

@@ -173,7 +173,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
enabled=true
[smtp.setup]
# Public configuration for SMTP MDA, needed for mobileconfig files
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
port=465
[webhooks]
@@ -312,7 +312,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
autoExpunge=true
[setup]
# Public configuration for IMAP
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
# port defaults to imap.port
port=9930
@@ -360,7 +360,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
cert="/var/opt/certs/tls.crt"
[setup]
# Public configuration for POP3
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
secure=true
# port defaults to pop3.port
port=995

6
share/wildduck/zonemta.tf
View File

@@ -128,7 +128,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
# Server process must be able to locally bind to these addresses
[[default]]
address="0.0.0.0"
name="${var.sub_domain}.${var.domain_name}"
name="${var.sub-domain}.${var.domain-name}"
#
#[[default]]
#address="1.2.3.5"
@@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
interfaces=["feeder"]
# optional hostname to be used in headers
# defaults to os.hostname()
hostname="${var.sub_domain}.${var.domain_name}"
hostname="${var.sub-domain}.${var.domain-name}"
# How long to keep auth records in log
authlogExpireDays=30
# default smtp recipients for 24h (can be overriden per user)
@@ -161,7 +161,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
# SRS secret value. Must be the same as in the MX side
secret="${local.secrets.srs}"
# SRS domain, must resolve back to MX
rewriteDomain="${var.domain_name}"
rewriteDomain="${var.domain-name}"
# DKIM Settings
# -------------
["modules/zonemta-wildduck".dkim]