vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding wildduck for testing

Browse Source
This commit is contained in:
Sébastien Huss
2023-08-09 21:28:31 +02:00
parent b65ae759c1
commit f32fb8d9a8
10 changed files with 1570 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
share/wildduck/zonemta.tf Normal file
View File

@@ -0,0 +1,197 @@
locals {
zonemta-labels = merge(local.common-labels, {
"app.kubernetes.io/component" = "zonemta"
})
}
resource "kubectl_manifest" "zonemta_deploy" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: "${var.instance}-zonemta"
namespace: "${var.namespace}"
labels: ${jsonencode(local.zonemta-labels)}
spec:
replicas: 1
selector:
matchLabels: ${jsonencode(local.zonemta-labels)}
template:
metadata:
labels: ${jsonencode(local.zonemta-labels)}
spec:
securityContext:
fsGroup: 1000
containers:
- name: wildduck
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
image: "${var.images.zonemta.registry}/${var.images.zonemta.repository}:${var.images.zonemta.tag}"
imagePullPolicy: "${var.images.zonemta.pullPolicy}"
ports:
- name: smtp
containerPort: 5870
protocol: TCP
livenessProbe:
tcpSocket:
port: smtp
initialDelaySeconds: 20
periodSeconds: 30
readinessProbe:
tcpSocket:
port: smtp
initialDelaySeconds: 20
periodSeconds: 30
resources:
{}
volumeMounts:
- name: tls
mountPath: "/var/opt/certs"
readOnly: true
- name: config
mountPath: /app/config
- name: wildduck-zonemta-interfaces-config-volume
mountPath: /app/config/interfaces
- name: wildduck-zonemta-plugins-config-volume
mountPath: /app/config/plugins
- name: wildduck-zonemta-zones-config-volume
mountPath: /app/config/zones
volumes:
- name: config
configMap:
name: "${var.instance}-zonemta"
- name: tls
secret:
secretName: "${var.instance}-cert"
EOF
}
resource "kubectl_manifest" "zonemta_config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.instance}-zonemta"
namespace: "${var.namespace}"
labels: ${jsonencode(local.zonemta-labels)}
data:
feeder.toml: |-
# Default SMTP interface for accepting mail for delivery
[feeder]
enabled=true
# How many worker processes to spawn
processes=1
# Maximum allowed message size 30MB
maxSize=31457280
# Local IP and port to bind to
host="0.0.0.0"
port=5870
# Set to true to require authentication
# If authentication is enabled then you need to use a plugin with an authentication hook
authentication=true
# How many recipients to allow per message
maxRecipients=1000
# Set to true to enable STARTTLS. Do not forget to change default TLS keys
starttls=true
# set to true to start in TLS mode if using port 465
# this probably does not work as TLS support with 465 in ZoneMTA is a bit buggy
secure=false
# define keys for STARTTLS/TLS. These paths are relative to CWD
# NB! Keys must be accessible by process user or SMTP authentication will fail.
key="/var/opt/certs/tls.key"
cert="/var/opt/certs/tls.crt"
dbs-production.toml: |-
# Database configuration
# this file is loaded when NODE_ENV=production
# MongoDB connection string
mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck"
# Redis connection string
redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/2"
# Database name for ZoneMTA data in MongoDB. In most cases it should be the same as in the connection string
sender="wildduck"
# Database name for Wild Duck users
# users="wildduck"
# Database name for Wild Duck attachments
# gridfs="wildduck"
pools.toml: |-
# List local IP addresses that can be used for outbound tcp connections
# Server process must be able to locally bind to these addresses
[[default]]
address="0.0.0.0"
name="${var.sub-domain}.${var.domain-name}"
#
#[[default]]
#address="1.2.3.5"
#name="ip-2.hostname"
loop-breaker.toml: |-
["modules/zonemta-loop-breaker"]
enabled="sender"
secret="${local.secrets.zonemta}"
algo="md5"
wildduck.toml: |-
["modules/zonemta-wildduck"]
enabled=["receiver", "sender"]
# to which SMTP interfaces this plugin applies to. Use "*" for all interfaces
interfaces=["feeder"]
# optional hostname to be used in headers
# defaults to os.hostname()
hostname="${var.sub-domain}.${var.domain-name}"
# How long to keep auth records in log
authlogExpireDays=30
# default smtp recipients for 24h (can be overriden per user)
maxRecipients=2000
disableUploads=false # if true then messages are not uploaded to Sent Mail folder
uploadAll=false # if false then messages from Outlook are not uploaded to Sent Mail folder
# SRS settings for forwarded emails
# ---------------------------------
["modules/zonemta-wildduck".srs]
# Handle rewriting of forwarded emails. If false then SRS is not used
# Only affect messages that have interface set to "forwarder"
enabled=true
# SRS secret value. Must be the same as in the MX side
secret="${local.secrets.srs}"
# SRS domain, must resolve back to MX
rewriteDomain="${var.domain-name}"
# DKIM Settings
# -------------
["modules/zonemta-wildduck".dkim]
# If true then also adds a signature for the outbound domain
signTransportDomain=false
# If set then decrypt encrypted DKIM keys using this password
#secret="a secret cat"
# Cipher to use to decrypt encrypted DKIM keys
#cipher="aes192"
["modules/zonemta-wildduck".gelf]
enabled=false
component="mta"
["modules/zonemta-wildduck".gelf.options]
graylogPort=12201
graylogHostname='127.0.0.1'
connection='lan'
EOF
}
resource "kubectl_manifest" "zonemta_service" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: "${var.instance}-zonemta"
namespace: "${var.namespace}"
labels: ${jsonencode(local.zonemta-labels)}
spec:
type: LoadBalancer
ports:
- port: 587
targetPort: smtp
protocol: TCP
name: smtp
selector: ${jsonencode(local.zonemta-labels)}
EOF
}