shortcuts: hostname: stalwart.badhouseplants.net workload: strategy: type: Recreate initContainers: prepare-config: image: registry: registry.hub.docker.com repository: stalwartlabs/mail-server tag: pullPolicy: Always mounts: files: config: path: /app/config/config.toml subPath: config.toml extraVolumes: etc: path: /app/etc command: - sh args: - -c - cp /app/config/config.toml /app/etc/config.toml containers: stalwart: args: - --config - /app/etc/config.toml mounts: storage: data: path: /app/data extraVolumes: certs: path: /app/certs logs: path: /app/logs etc: path: /app/etc envFrom: - secrets storage: data: enabled: true storageClassName: openebs-hostpath size: 1Gi accessModes: - ReadWriteMany extraVolumes: certs: secret: secretName: stalwart.badhouseplants.net etc: emptyDir: {} logs: emptyDir: {} ingress: main: annotations: cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.class: traefik kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/tls-acme: "true" traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik: enabled: true tcpRoutes: - name: stalwart-smtp service: stalwart-smtp match: HostSNI(`*`) entrypoint: smtp port: 25 proxyProtocolVersion: 2 - name: stalwart-smpt-startls match: HostSNI(`*`) service: stalwart-submission entrypoint: smtp-startls port: 587 proxyProtocolVersion: 2 - name: stalwart-imap match: HostSNI(`*`) service: stalwart-imap entrypoint: imap port: 143 proxyProtocolVersion: 2 - name: stalwart-imaps match: HostSNI(`*`) service: stalwart-imaptls entrypoint: imaps port: 993 proxyProtocolVersion: 2 - name: stalwart-pop3 match: HostSNI(`*`) service: stalwart-pop3 entrypoint: pop3 proxyProtocolVersion: 2 port: 110 - name: stalwart-pop3s match: HostSNI(`*`) service: stalwart-pop3s entrypoint: pop3s port: 995 proxyProtocolVersion: 2 files: config: enabled: true sensitive: false remove: [] entries: # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml config.toml: data: | [lookup.default] hostname = "stalwart.badhouseplants.net" [server.listener."smtp"] bind = ["[::]:25"] protocol = "smtp" proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."submission"] bind = ["[::]:587"] protocol = "smtp" proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."submissions"] bind = ["[::]:465"] protocol = "smtp" tls.implicit = true proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."imap"] bind = ["[::]:143"] protocol = "imap" proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."imaptls"] bind = ["[::]:993"] protocol = "imap" tls.implicit = true proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener.pop3] bind = "[::]:110" protocol = "pop3" proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener.pop3s] bind = "[::]:995" protocol = "pop3" tls.implicit = true proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."sieve"] bind = ["[::]:4190"] protocol = "managesieve" proxy.override = true proxy.trusted-networks.0 = "192.168.0.0/16" [server.listener."https"] protocol = "https" bind = ["[::]:443"] tls.implicit = false [server.listener."http"] bind = "[::]:8080" protocol = "http" hsts = true [storage] data = "rocksdb" fts = "rocksdb" blob = "rocksdb" lookup = "rocksdb" directory = "internal" [store."rocksdb"] type = "rocksdb" path = "/app/data" compression = "lz4" [directory."internal"] type = "internal" store = "rocksdb" [tracer."stdout"] type = "stdout" level = "info" ansi = false enable = true [authentication.fallback-admin] user = "overlord" secret = "%{env:SW_ADMIN_SECRET}%" [tracer.console] type = "console" level = "info" ansi = true enable = true [certificate."default"] cert = "%{file:/app/certs/tls.crt}%" private-key = "%{file:/app/certs/tls.key}%" env: secrets: enabled: true sensitive: true