From e9ee733bd3c8b13e7e5b6293682b6124a549dd44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sat, 12 Aug 2023 18:17:40 +0200 Subject: [PATCH] fix --- share/wildduck/index.yaml | 186 ++++++++++++++++++------------------- share/wildduck/mongo.tf | 13 ++- share/wildduck/secret.tf | 3 + share/wildduck/webmail.tf | 5 +- share/wildduck/wildduck.tf | 12 +-- share/wildduck/zonemta.tf | 2 +- 6 files changed, 114 insertions(+), 107 deletions(-) diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index cbe70ef..6b5c651 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,6 +6,99 @@ metadata: name: wildduck description: null options: + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + additional-domains: + default: [] + items: + type: string + type: array + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 2Gi + type: string + type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + sub-domain: + default: mail + examples: + - mail + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string images: default: haraka: @@ -169,99 +262,6 @@ options: type: string type: object type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - additional-domains: - default: [] - items: - type: string - type: array - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 2Gi - type: string - type: object - sub-domain: - default: mail - examples: - - mail - type: string dependencies: - dist: null category: dbo diff --git a/share/wildduck/mongo.tf b/share/wildduck/mongo.tf index fcbe53a..e11b07f 100644 --- a/share/wildduck/mongo.tf +++ b/share/wildduck/mongo.tf @@ -75,13 +75,22 @@ resource "kubectl_manifest" "prj_mongo" { additionalMongodConfig: storage.wiredTiger.engineConfig.cacheSizeGB: 1 users: - - db: ${var.component} - name: ${var.component} + - name: ${var.component} + db: ${var.component} passwordSecretRef: name: "${var.instance}-${var.component}-mongo" roles: - db: ${var.component} name: readWrite + - db: zonemta + name: readWrite + - name: zonemta + db: zonemta + passwordSecretRef: + name: "${var.instance}-${var.component}-mongo" + roles: + - db: zonemta + name: readWrite scramCredentialsSecretName: "${var.instance}-${var.component}-mongo-scram" EOF } diff --git a/share/wildduck/secret.tf b/share/wildduck/secret.tf index a48fd19..c90b1fd 100644 --- a/share/wildduck/secret.tf +++ b/share/wildduck/secret.tf @@ -20,6 +20,8 @@ resource "kubectl_manifest" "wildduck_secret" { length: "32" - fieldName: "dkim" length: "32" + - fieldName: "access" + length: "32" EOF } data "kubernetes_secret_v1" "wildduck" { @@ -36,5 +38,6 @@ locals { webmail = data.kubernetes_secret_v1.wildduck.data["webmail"] totp = data.kubernetes_secret_v1.wildduck.data["totp"] dkim = data.kubernetes_secret_v1.wildduck.data["dkim"] + access = data.kubernetes_secret_v1.wildduck.data["access"] } } \ No newline at end of file diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf index 17b0298..04258ee 100644 --- a/share/wildduck/webmail.tf +++ b/share/wildduck/webmail.tf @@ -100,12 +100,9 @@ resource "kubectl_manifest" "webmail_config" { [api] url="http://${var.instance}-wildduck-api.${var.namespace}.svc.cluster.local:80" - accessToken="wildduck1234" + accessToken="${local.secrets.access}" [dbs] - # mongodb connection string for the main database - mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck-webmail" - # redis connection string for Express sessions redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/5" diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf index d2be044..0cab2d6 100644 --- a/share/wildduck/wildduck.tf +++ b/share/wildduck/wildduck.tf @@ -50,7 +50,7 @@ resource "kubectl_manifest" "wildduck_deploy" { scheme: HTTP httpHeaders: - name: X-Access-Token - value: wildduck1234 + value: "${local.secrets.webmail}" readinessProbe: httpGet: path: /users @@ -58,7 +58,7 @@ resource "kubectl_manifest" "wildduck_deploy" { scheme: HTTP httpHeaders: - name: X-Access-Token - value: wildduck1234 + value: "${local.secrets.webmail}" resources: {} volumeMounts: @@ -189,9 +189,7 @@ resource "kubectl_manifest" "wildduck_config" { host="0.0.0.0" # Use `true` (HTTPS) for port 443 and `false` (HTTP) for 80 secure=false - # If set requires all API calls to have accessToken query argument with that value - # http://localhost:8080/users?accessToken=somesecretvalue - accessToken="wildduck1234" + accessToken="${local.secrets.webmail}" [accessControl] # If true then require a valid access token to perform API calls # If a client provides a token then it is validated even if using a token is not required @@ -231,7 +229,7 @@ resource "kubectl_manifest" "wildduck_config" { origins = ["*"] dbs.toml: |- # mongodb connection string for the main database - mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck" + mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}" # redis connection string to connect to a single master (see below for Sentinel example) redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3" # WildDuck allows using different kind of data in different databases @@ -252,7 +250,7 @@ resource "kubectl_manifest" "wildduck_config" { # Optional database name or connection url for ZoneMTA queue database. This is # used to push outbound emails to the sending queue - sender="zone-mta" + sender="zonemta" #queued="mail" dkim.toml: |- diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf index d9be8b7..b5ac642 100644 --- a/share/wildduck/zonemta.tf +++ b/share/wildduck/zonemta.tf @@ -116,7 +116,7 @@ resource "kubectl_manifest" "zonemta_config" { # Database configuration # this file is loaded when NODE_ENV=production # MongoDB connection string - mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck" + mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/zonemta" # Redis connection string redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/2" # Database name for ZoneMTA data in MongoDB. In most cases it should be the same as in the connection string