50 lines
1.5 KiB
HCL
50 lines
1.5 KiB
HCL
resource "kubectl_manifest" "wildduck_secret" {
|
|
ignore_fields = ["metadata.annotations"]
|
|
yaml_body = <<-EOF
|
|
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
|
|
kind: "StringSecret"
|
|
metadata:
|
|
name: "${var.instance}"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
spec:
|
|
forceRegenerate: false
|
|
fields:
|
|
- fieldName: "srs"
|
|
length: "32"
|
|
- fieldName: "zonemta"
|
|
length: "32"
|
|
- fieldName: "webmail"
|
|
length: "32"
|
|
- fieldName: "totp"
|
|
length: "32"
|
|
- fieldName: "dkim"
|
|
length: "32"
|
|
- fieldName: "access"
|
|
length: "32"
|
|
- fieldName: "authentik" # Bearer for authentik to wildduck-scim
|
|
length: "32"
|
|
- fieldName: "default" # Default user password
|
|
length: "8"
|
|
- fieldName: "scim-seed"
|
|
length: "16"
|
|
EOF
|
|
}
|
|
data "kubernetes_secret_v1" "wildduck" {
|
|
depends_on = [ kubectl_manifest.wildduck_secret ]
|
|
metadata {
|
|
name = var.instance
|
|
namespace = var.namespace
|
|
}
|
|
}
|
|
locals {
|
|
secrets = {
|
|
srs = data.kubernetes_secret_v1.wildduck.data["srs"]
|
|
zonemta = data.kubernetes_secret_v1.wildduck.data["zonemta"]
|
|
webmail = data.kubernetes_secret_v1.wildduck.data["webmail"]
|
|
totp = data.kubernetes_secret_v1.wildduck.data["totp"]
|
|
dkim = data.kubernetes_secret_v1.wildduck.data["dkim"]
|
|
access = data.kubernetes_secret_v1.wildduck.data["access"]
|
|
authentik = data.kubernetes_secret_v1.wildduck.data["authentik"]
|
|
}
|
|
} |