k8s-deployment/values/badhouseplants/values.stalwart.yaml

shortcuts:
  hostname: stalwart.badhouseplants.net
workload:
  strategy:
    type: Recreate
  initContainers:
    prepare-config:
      image:
        registry: registry.hub.docker.com
        repository: stalwartlabs/mail-server
        tag:
        pullPolicy: Always
      mounts:
        files:
          config:
            path: /app/config/config.toml
            subPath: config.toml
        extraVolumes:
          etc:
            path: /app/etc
      command:
        - sh
      args:
        - -c
        - cp /app/config/config.toml /app/etc/config.toml
  containers:
    stalwart:
      args:
        - --config
        - /app/etc/config.toml
      mounts:
        storage:
          data:
            path: /app/data
        extraVolumes:
          certs:
            path: /app/certs
          logs:
            path: /app/logs
          etc:
            path: /app/etc
      envFrom:
        - secrets
storage:
  data:
    enabled: true
    storageClassName: openebs-hostpath
    size: 1Gi
    accessModes:
      - ReadWriteOnce
extraVolumes:
  certs:
    secret:
      secretName: stalwart.badhouseplants.net
  etc:
    emptyDir: {}
  logs:
    emptyDir: {}
ingress:
  main:
    annotations:
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik:
  enabled: true
  tcpRoutes:
    - name: stalwart-smtp
      service: stalwart-smtp
      match: HostSNI(`*`)
      entrypoint: smtp
      port: 25
      proxyProtocolVersion: 2
    - name: stalwart-smpt-startls
      match: HostSNI(`*`)
      service: stalwart-submission
      entrypoint: smtp-startls
      port: 587
      proxyProtocolVersion: 2
    - name: stalwart-imap
      match: HostSNI(`*`)
      service: stalwart-imap
      entrypoint: imap
      port: 143
      proxyProtocolVersion: 2
    - name: stalwart-imaps
      match: HostSNI(`*`)
      service: stalwart-imaptls
      entrypoint: imaps
      port: 993
      proxyProtocolVersion: 2
    - name: stalwart-pop3
      match: HostSNI(`*`)
      service: stalwart-pop3
      entrypoint: pop3
      proxyProtocolVersion: 2
      port: 110
    - name: stalwart-pop3s
      match: HostSNI(`*`)
      service: stalwart-pop3s
      entrypoint: pop3s
      port: 995
      proxyProtocolVersion: 2
files:
  config:
    enabled: true
    sensitive: false
    remove: []
    entries:
      # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
      config.toml:
        data: |
          [lookup.default]
          hostname = "stalwart.badhouseplants.net"

          [server.listener."smtp"]
          bind = ["[::]:25"]
          protocol = "smtp"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."submission"]
          bind = ["[::]:587"]
          protocol = "smtp"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."submissions"]
          bind = ["[::]:465"]
          protocol = "smtp"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."imap"]
          bind = ["[::]:143"]
          protocol = "imap"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."imaptls"]
          bind = ["[::]:993"]
          protocol = "imap"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener.pop3]
          bind = "[::]:110"
          protocol = "pop3"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener.pop3s]
          bind = "[::]:995"
          protocol = "pop3"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."sieve"]
          bind = ["[::]:4190"]
          protocol = "managesieve"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"

          [server.listener."https"]
          protocol = "https"
          bind = ["[::]:443"]
          tls.implicit = false

          [server.listener."http"]
          bind = "[::]:8080"
          protocol = "http"
          hsts = true

          [storage]
          data = "rocksdb"
          fts = "rocksdb"
          blob = "rocksdb"
          lookup = "rocksdb"
          directory = "internal"

          [store."rocksdb"]
          type = "rocksdb"
          path = "/app/data"
          compression = "lz4"

          [directory."internal"]
          type = "internal"
          store = "rocksdb"

          [tracer."stdout"]
          type = "stdout"
          level = "info"
          ansi = false
          enable = true

          [authentication.fallback-admin]
          user = "overlord"
          secret = "%{env:SW_ADMIN_SECRET}%"

          [tracer.console]
          type = "console"
          level = "info"
          ansi = true
          enable = true

          [certificate."default"]
          cert = "%{file:/app/certs/tls.crt}%"
          private-key = "%{file:/app/certs/tls.key}%"
env:
  secrets:
    enabled: true
    sensitive: true
Update a lot of releases 2024-08-03 19:17:21 +00:00			`shortcuts:`
			`hostname: stalwart.badhouseplants.net`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`workload:`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`strategy:`
			`type: Recreate`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`initContainers:`
			`prepare-config:`
			`image:`
			`registry: registry.hub.docker.com`
			`repository: stalwartlabs/mail-server`
			`tag:`
			`pullPolicy: Always`
			`mounts:`
			`files:`
			`config:`
			`path: /app/config/config.toml`
			`subPath: config.toml`
			`extraVolumes:`
			`etc:`
			`path: /app/etc`
			`command:`
			`- sh`
			`args:`
			`- -c`
			`- cp /app/config/config.toml /app/etc/config.toml`
			`containers:`
			`stalwart:`
			`args:`
			`- --config`
			`- /app/etc/config.toml`
			`mounts:`
Update vaultwarden and stalwart 2024-09-06 11:49:45 +00:00			`storage:`
			`data:`
			`path: /app/data`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`extraVolumes:`
			`certs:`
			`path: /app/certs`
			`logs:`
			`path: /app/logs`
			`etc:`
			`path: /app/etc`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00			`envFrom:`
			`- secrets`
Update vaultwarden and stalwart 2024-09-06 11:49:45 +00:00			`storage:`
			`data:`
			`enabled: true`
Migrate to the new cluster 2024-09-28 19:55:26 +00:00			`storageClassName: openebs-hostpath`
Update vaultwarden and stalwart 2024-09-06 11:49:45 +00:00			`size: 1Gi`
			`accessModes:`
Install vaultwarden in the new ns 2024-12-29 21:27:12 +00:00			`- ReadWriteOnce`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`extraVolumes:`
			`certs:`
			`secret:`
			`secretName: stalwart.badhouseplants.net`
			`etc:`
			`emptyDir: {}`
			`logs:`
			`emptyDir: {}`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`ingress:`
			`main:`
			`annotations:`
			`cert-manager.io/cluster-issuer: badhouseplants-issuer-http01`
			`kubernetes.io/ingress.allow-http: "false"`
			`kubernetes.io/ingress.class: traefik`
			`kubernetes.io/ingress.global-static-ip-name: ""`
			`kubernetes.io/tls-acme: "true"`
			`traefik.ingress.kubernetes.io/router.entrypoints: web,websecure`
			`traefik:`
			`enabled: true`
			`tcpRoutes:`
			`- name: stalwart-smtp`
			`service: stalwart-smtp`
			match: HostSNI(`*`)
			`entrypoint: smtp`
			`port: 25`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`- name: stalwart-smpt-startls`
			match: HostSNI(`*`)
			`service: stalwart-submission`
			`entrypoint: smtp-startls`
			`port: 587`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`- name: stalwart-imap`
			match: HostSNI(`*`)
			`service: stalwart-imap`
			`entrypoint: imap`
			`port: 143`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`- name: stalwart-imaps`
			match: HostSNI(`*`)
			`service: stalwart-imaptls`
			`entrypoint: imaps`
			`port: 993`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`- name: stalwart-pop3`
			match: HostSNI(`*`)
			`service: stalwart-pop3`
			`entrypoint: pop3`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
Update a lot of releases 2024-08-03 19:17:21 +00:00			`port: 110`
			`- name: stalwart-pop3s`
			match: HostSNI(`*`)
			`service: stalwart-pop3s`
			`entrypoint: pop3s`
			`port: 995`
Add istio for the dynamic xray 2024-11-08 20:01:38 +00:00			`proxyProtocolVersion: 2`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`files:`
			`config:`
			`enabled: true`
Add postgres to etersoft 2024-11-07 09:09:56 +00:00			`sensitive: false`
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`remove: []`
			`entries:`
			`# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml`
			`config.toml:`
			`data: \|`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`[lookup.default]`
			`hostname = "stalwart.badhouseplants.net"`

A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."smtp"]`
			`bind = ["[::]:25"]`
			`protocol = "smtp"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."submission"]`
			`bind = ["[::]:587"]`
			`protocol = "smtp"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."submissions"]`
			`bind = ["[::]:465"]`
			`protocol = "smtp"`
			`tls.implicit = true`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."imap"]`
			`bind = ["[::]:143"]`
			`protocol = "imap"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."imaptls"]`
			`bind = ["[::]:993"]`
			`protocol = "imap"`
			`tls.implicit = true`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener.pop3]`
			`bind = "[::]:110"`
			`protocol = "pop3"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener.pop3s]`
			`bind = "[::]:995"`
			`protocol = "pop3"`
			`tls.implicit = true`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."sieve"]`
			`bind = ["[::]:4190"]`
			`protocol = "managesieve"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`proxy.override = true`
Fix the CIDR for the proxy protocol 2024-11-03 15:08:10 +00:00			`proxy.trusted-networks.0 = "192.168.0.0/16"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[server.listener."https"]`
			`protocol = "https"`
			`bind = ["[::]:443"]`
			`tls.implicit = false`

			`[server.listener."http"]`
			`bind = "[::]:8080"`
			`protocol = "http"`
More pre-commit logic and fixes 2024-10-30 12:35:38 +00:00			`hsts = true`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[storage]`
			`data = "rocksdb"`
			`fts = "rocksdb"`
			`blob = "rocksdb"`
			`lookup = "rocksdb"`
			`directory = "internal"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[store."rocksdb"]`
			`type = "rocksdb"`
			`path = "/app/data"`
			`compression = "lz4"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[directory."internal"]`
			`type = "internal"`
			`store = "rocksdb"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[tracer."stdout"]`
			`type = "stdout"`
			`level = "info"`
			`ansi = false`
			`enable = true`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[authentication.fallback-admin]`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00			`user = "overlord"`
			`secret = "%{env:SW_ADMIN_SECRET}%"`

A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[tracer.console]`
			`type = "console"`
			`level = "info"`
			`ansi = true`
			`enable = true`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00
A lot of untrackable changes 2024-09-03 12:15:47 +00:00			`[certificate."default"]`
			`cert = "%{file:/app/certs/tls.crt}%"`
			`private-key = "%{file:/app/certs/tls.key}%"`
Update stalwart config Put the admin secret to environment, and read it from the main config, so there are no plain secrets in the repo anymore 2024-09-13 04:42:35 +00:00			`env:`
			`secrets:`
			`enabled: true`
			`sensitive: true`