locals { webmail-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "webmail" }) } resource "kubectl_manifest" "webmail_deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.instance}-webmail" namespace: "${var.namespace}" labels: ${jsonencode(local.webmail-labels)} spec: replicas: 1 selector: matchLabels: ${jsonencode(local.webmail-labels)} template: metadata: labels: ${jsonencode(local.webmail-labels)} spec: securityContext: fsGroup: 1000 containers: - name: webmail securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 image: "${var.images.webmail.registry}/${var.images.webmail.repository}:${var.images.webmail.tag}" imagePullPolicy: "${var.images.webmail.pullPolicy}" args: - "--config=./config/webmail.toml" ports: - name: http containerPort: 8000 protocol: TCP livenessProbe: httpGet: path: / port: http scheme: HTTP readinessProbe: httpGet: path: / port: http scheme: HTTP resources: {} volumeMounts: - name: config mountPath: /app/config/webmail.toml subPath: webmail.toml volumes: - name: config configMap: name: "${var.instance}-webmail" EOF } resource "kubectl_manifest" "webmail_config" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-webmail" namespace: "${var.namespace}" labels: ${jsonencode(local.webmail-labels)} data: webmail.toml: |- name="Wild Duck Mail" title="wildduck-www" [service] # email domain for new users domain="${var.domain-name}" # default quotas for new users quota=1024 recipients=2000 forwards=2000 identities=10 allowIdentityEdit=true allowJoin=true enableSpecial=false # if true the allow creating addresses with special usernames # allowed domains for new addresses domains=["${var.domain-name}"] generalNotification="" # static notification to show on top of the page [service.sso.http] enabled = false header = "X-UserName" # value from this header is treated as logged in username authRedirect = "http:/127.0.0.1:3000/login" # URL to redirect non-authenticated users logoutRedirect = "http:/127.0.0.1:3000/logout" # URL to redirect when user clicks on "log out" [api] url="http://${var.instance}-wildduck-api.${var.namespace}.svc.cluster.local:80" accessToken="wildduck1234" [dbs] # mongodb connection string for the main database mongo="mongodb://${var.component}:${local.mongo-password}@${var.instance}-${var.component}-mongo-svc.${var.namespace}.svc:27017/wildduck-webmail" # redis connection string for Express sessions redis="redis://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/5" [www] host=false port=8000 proxy=false postsize="5MB" log="dev" secret="${local.secrets.webmail}" secure=false listSize=20 [recaptcha] enabled=false siteKey="" secretKey="" [totp] # Issuer name for TOTP, defaults to config.name issuer=false # once setup do not change as it would invalidate all existing 2fa sessions secret="${local.secrets.totp}" [u2f] # set to false if not using HTTPS enabled=true # must be https url or use default appId="https://${var.domain-name}" [log] level="silly" mail=true [setup] # these values are shown in the configuration help page [setup.imap] hostname="${var.sub-domain}.${var.domain-name}" secure=true port=143 [setup.pop3] hostname="${var.sub-domain}.${var.domain-name}" secure=true port=110 [setup.smtp] hostname="${var.sub-domain}.${var.domain-name}" secure=true port=25 EOF } resource "kubectl_manifest" "webmail_service" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: name: "${var.instance}-webmail" namespace: "${var.namespace}" labels: ${jsonencode(local.webmail-labels)} spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: ${jsonencode(local.webmail-labels)} EOF }