locals { webmail-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "webmail" }) } resource "kubectl_manifest" "webmail_deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.instance}-webmail" namespace: "${var.namespace}" labels: ${jsonencode(local.webmail-labels)} spec: replicas: 1 selector: matchLabels: ${jsonencode(local.webmail-labels)} template: metadata: labels: ${jsonencode(local.webmail-labels)} spec: securityContext: fsGroup: 1000 containers: - name: webmail securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 image: "${var.images.webmail.registry}/${var.images.webmail.repository}:${var.images.webmail.tag}" imagePullPolicy: "${var.images.webmail.pullPolicy}" args: - "--config=./config/webmail.toml" ports: - name: http containerPort: 8000 protocol: TCP livenessProbe: httpGet: path: / port: http scheme: HTTP readinessProbe: httpGet: path: / port: http scheme: HTTP resources: {} volumeMounts: - name: config mountPath: /app/views/index.hbs subPath: index.hbs - name: config mountPath: /app/config/webmail.toml subPath: webmail.toml volumes: - name: config configMap: name: "${var.instance}-webmail" EOF } resource "kubernetes_config_map_v1" "webmail_config" { metadata { name = "${var.instance}-webmail" namespace = "${var.namespace}" labels = local.webmail-labels } data = yamldecode(<<-EOF index.hbs: |-

webmail.toml: |- name="Wild Duck Mail" title="wildduck-www" [service] # email domain for new users domain="${var.domain_name}" # default quotas for new users quota=1024 recipients=2000 forwards=2000 identities=10 allowIdentityEdit=true allowJoin=false enableSpecial=false # if true the allow creating addresses with special usernames # allowed domains for new addresses domains=["${var.domain_name}"] generalNotification="" # static notification to show on top of the page [service.sso.http] enabled = false header = "X-UserName" # value from this header is treated as logged in username authRedirect = "http:/127.0.0.1:3000/login" # URL to redirect non-authenticated users logoutRedirect = "http:/127.0.0.1:3000/logout" # URL to redirect when user clicks on "log out" [api] url="http://${var.instance}-wildduck-api.${var.namespace}.svc.cluster.local:80" accessToken="${local.secrets.access}" [dbs] # redis connection string for Express sessions redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/5" [www] host=false port=8000 proxy=false postsize="5MB" log="dev" secret="${local.secrets.webmail}" secure=false listSize=20 [recaptcha] enabled=false siteKey="" secretKey="" [totp] # Issuer name for TOTP, defaults to config.name issuer=false # once setup do not change as it would invalidate all existing 2fa sessions secret="${local.secrets.totp}" [u2f] # set to false if not using HTTPS enabled=true # must be https url or use default appId="https://${var.domain_name}" [log] level="silly" mail=true [setup] # these values are shown in the configuration help page [setup.imap] hostname="${var.sub_domain}.${var.domain_name}" secure=true port=143 [setup.pop3] hostname="${var.sub_domain}.${var.domain_name}" secure=true port=110 [setup.smtp] hostname="${var.sub_domain}.${var.domain_name}" secure=true port=25 EOF ) } resource "kubectl_manifest" "webmail_service" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: name: "${var.instance}-webmail" namespace: "${var.namespace}" labels: ${jsonencode(local.webmail-labels)} spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: ${jsonencode(local.webmail-labels)} EOF }

{{serviceName}}