vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-08-12 18:17:40 +02:00
parent 30796fdb3e
commit e9ee733bd3
6 changed files with 114 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
share/wildduck/index.yaml
View File

@@ -6,6 +6,99 @@ metadata:
name: wildduck
description: null
options:
domain:
default: your-company
examples:
- your-company
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
additional-domains:
default: []
items:
type: string
type: array
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.5
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.5
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.5
type: string
storage:
default: 2Gi
type: string
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
sub-domain:
default: mail
examples:
- mail
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
images:
default:
haraka:
@@ -169,99 +262,6 @@ options:
type: string
type: object
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
additional-domains:
default: []
items:
type: string
type: array
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.5
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.5
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.5
type: string
storage:
default: 2Gi
type: string
type: object
sub-domain:
default: mail
examples:
- mail
type: string
dependencies:
- dist: null
category: dbo

13
share/wildduck/mongo.tf
View File

@@ -75,13 +75,22 @@ resource "kubectl_manifest" "prj_mongo" {
additionalMongodConfig:
storage.wiredTiger.engineConfig.cacheSizeGB: 1
users:
- db: ${var.component}
name: ${var.component}
- name: ${var.component}
db: ${var.component}
passwordSecretRef:
name: "${var.instance}-${var.component}-mongo"
roles:
- db: ${var.component}
name: readWrite
- db: zonemta
name: readWrite
- name: zonemta
db: zonemta
passwordSecretRef:
name: "${var.instance}-${var.component}-mongo"
roles:
- db: zonemta
name: readWrite
scramCredentialsSecretName: "${var.instance}-${var.component}-mongo-scram"
EOF
}

3
share/wildduck/secret.tf
View File

@@ -20,6 +20,8 @@ resource "kubectl_manifest" "wildduck_secret" {
length: "32"
- fieldName: "dkim"
length: "32"
- fieldName: "access"
length: "32"
EOF
}
data "kubernetes_secret_v1" "wildduck" {
@@ -36,5 +38,6 @@ locals {
webmail = data.kubernetes_secret_v1.wildduck.data["webmail"]
totp = data.kubernetes_secret_v1.wildduck.data["totp"]
dkim = data.kubernetes_secret_v1.wildduck.data["dkim"]
access = data.kubernetes_secret_v1.wildduck.data["access"]
}
}

5
share/wildduck/webmail.tf
View File

@@ -100,12 +100,9 @@ resource "kubectl_manifest" "webmail_config" {
[api]
url="http://${var.instance}-wildduck-api.${var.namespace}.svc.cluster.local:80"
accessToken="wildduck1234"
accessToken="${local.secrets.access}"
[dbs]
# mongodb connection string for the main database
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck-webmail"
# redis connection string for Express sessions
redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/5"

12
share/wildduck/wildduck.tf
View File

@@ -50,7 +50,7 @@ resource "kubectl_manifest" "wildduck_deploy" {
scheme: HTTP
httpHeaders:
- name: X-Access-Token
value: wildduck1234
value: "${local.secrets.webmail}"
readinessProbe:
httpGet:
path: /users
@@ -58,7 +58,7 @@ resource "kubectl_manifest" "wildduck_deploy" {
scheme: HTTP
httpHeaders:
- name: X-Access-Token
value: wildduck1234
value: "${local.secrets.webmail}"
resources:
{}
volumeMounts:
@@ -189,9 +189,7 @@ resource "kubectl_manifest" "wildduck_config" {
host="0.0.0.0"
# Use `true` (HTTPS) for port 443 and `false` (HTTP) for 80
secure=false
# If set requires all API calls to have accessToken query argument with that value
# http://localhost:8080/users?accessToken=somesecretvalue
accessToken="wildduck1234"
accessToken="${local.secrets.webmail}"
[accessControl]
# If true then require a valid access token to perform API calls
# If a client provides a token then it is validated even if using a token is not required
@@ -231,7 +229,7 @@ resource "kubectl_manifest" "wildduck_config" {
origins = ["*"]
dbs.toml: |-
# mongodb connection string for the main database
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck"
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/${var.component}"
# redis connection string to connect to a single master (see below for Sentinel example)
redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/3"
# WildDuck allows using different kind of data in different databases
@@ -252,7 +250,7 @@ resource "kubectl_manifest" "wildduck_config" {
# Optional database name or connection url for ZoneMTA queue database. This is
# used to push outbound emails to the sending queue
sender="zone-mta"
sender="zonemta"
#queued="mail"
dkim.toml: |-

2
share/wildduck/zonemta.tf
View File

@@ -116,7 +116,7 @@ resource "kubectl_manifest" "zonemta_config" {
# Database configuration
# this file is loaded when NODE_ENV=production
# MongoDB connection string
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck"
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/zonemta"
# Redis connection string
redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/2"
# Database name for ZoneMTA data in MongoDB. In most cases it should be the same as in the connection string