badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 3 Actions Packages Projects Releases Activity
k8s-deployment/values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml

318 lines
8.2 KiB
YAML
Raw Blame History

shortcuts:
hostname: stalwart.badhouseplants.net
base:
workload:
initContainers:
prepare-config:
image:
registry: registry.hub.docker.com
repository: library/alpine
tag: latest
pullPolicy: Always
volumeMounts:
files:
config:
path: /app/config/config.toml
subPath: config.toml
extraVolumes:
config:
path: /app/etc
command:
- sh
args:
- -c
- cp /app/config/config.toml /app/etc/config.toml && echo "" >> /app/etc/config.toml
containers:
stalwart:
volumeMounts:
extraVolumes:
certs:
path: /app/certs
stalwart:
path: /opt/stalwart-mail
config:
path: /opt/stalwart-mail/etc
envFrom:
secrets: {}
raw:
- secretRef:
name: app-stalwart-db-creds-17
extraVolumes:
certs:
secret:
secretName: stalwart.badhouseplants.net
stalwart:
emptyDir: {}
config:
emptyDir: {}
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
config:
files:
config:
enabled: true
sensitive: false
remove: []
entries:
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
config.toml:
data: |-
[lookup.default]
hostname = "{{ .Values.shortcuts.hostname }}"
[server.listener."smtp"]
bind = ["[::]:25"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."smtp-startls"]
bind = ["[::]:587"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."smtps"]
bind = ["[::]:465"]
protocol = "smtp"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imap"]
bind = ["[::]:143"]
protocol = "imap"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imaptls"]
bind = ["[::]:993"]
protocol = "imap"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3]
bind = "[::]:110"
protocol = "pop3"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3s]
bind = "[::]:995"
protocol = "pop3"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."sieve"]
bind = ["[::]:4190"]
protocol = "managesieve"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."https"]
protocol = "https"
bind = ["[::]:443"]
tls.implicit = false
[server.listener."http"]
bind = "[::]:8080"
protocol = "http"
hsts = true
[store."minio"]
type = "s3"
bucket = "stalwart"
region = "eu-central-1"
access-key = "%{env:MINIO_ACCESS_ID}%"
secret-key = "%{env:MINIO_SECRET_KEY}%"
endpoint = "https://s3.badhouseplants.net:443"
timeout = "30s"
key-prefix = "/"
[store."postgresql"]
type = "postgresql"
host = "postgres17-postgresql.databases.svc.cluster.local"
port = 5432
database = "%{env:POSTGRES_DB}%"
user = "%{env:POSTGRES_USER}%"
password = "%{env:POSTGRES_PASSWORD}%"
timeout = "15s"
[storage]
data = "postgresql"
fts = "postgresql"
blob = "minio"
lookup = "postgresql"
directory = "internal"
[directory."internal"]
type = "internal"
store = "postgresql"
[authentication.fallback-admin]
user = "overlord"
secret = "%{env:SW_ADMIN_SECRET}%"
[tracer.console]
type = "console"
level = "info"
ansi = true
enable = true
[certificate."default"]
cert = "%{file:/app/certs/tls.crt}%"
private-key = "%{file:/app/certs/tls.key}%"
env:
secrets:
enabled: true
sensitive: true
extra:
templates:
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtp"
spec:
entryPoints:
- smtp
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 25
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtps"
spec:
entryPoints:
- smtps
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 465
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtp-startls"
spec:
entryPoints:
- smtp-startls
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 587
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-imap"
spec:
entryPoints:
- imap
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 143
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-imaps"
spec:
entryPoints:
- imaps
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 993
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-pop3"
spec:
entryPoints:
- pop3
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 110
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-pop3s"
spec:
entryPoints:
- pop3s
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 995
proxyProtocol:
version: 2
- |
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Release.Name }}-postgres17"
spec:
secretName: {{ .Release.Name }}-db-creds-17
backup:
cron: 0 0 * * *
enable: false
credentials:
templates:
- name: POSTGRES_HOST
secret: true
template: "{{` {{ .Hostname }} `}}"
- name: POSTGRES_PORT
secret: true
template: "{{` {{ .Port }} `}}"
deletionProtected: true
instance: postgres17
postgres: {}
Reference in New Issue View Git Blame Copy Permalink