badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity
ddb09214b0
k8s-deployment/values/badhouseplants/values.stalwart.yaml
Nikolai Rodionov ce72702593
Update stalwart config 
Put the admin secret to environment, and read it from the main config,
so there are no plain secrets in the repo anymore
2024-09-13 06:47:13 +02:00

191 lines
4.4 KiB
YAML
Raw Blame History

shortcuts:
hostname: stalwart.badhouseplants.net
workload:
initContainers:
prepare-config:
image:
registry: registry.hub.docker.com
repository: stalwartlabs/mail-server
tag:
pullPolicy: Always
mounts:
files:
config:
path: /app/config/config.toml
subPath: config.toml
extraVolumes:
etc:
path: /app/etc
command:
- sh
args:
- -c
- cp /app/config/config.toml /app/etc/config.toml
containers:
stalwart:
args:
- --config
- /app/etc/config.toml
mounts:
storage:
data:
path: /app/data
extraVolumes:
certs:
path: /app/certs
logs:
path: /app/logs
etc:
path: /app/etc
envFrom:
- secrets
storage:
data:
enabled: true
storageClassName: ceph-filesystem
size: 1Gi
accessModes:
- ReadWriteMany
extraVolumes:
certs:
secret:
secretName: stalwart.badhouseplants.net
etc:
emptyDir: {}
logs:
emptyDir: {}
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik:
enabled: true
tcpRoutes:
- name: stalwart-smtp
service: stalwart-smtp
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: stalwart-smpt-startls
match: HostSNI(`*`)
service: stalwart-submission
entrypoint: smtp-startls
port: 587
- name: stalwart-imap
match: HostSNI(`*`)
service: stalwart-imap
entrypoint: imap
port: 143
- name: stalwart-imaps
match: HostSNI(`*`)
service: stalwart-imaptls
entrypoint: imaps
port: 993
- name: stalwart-pop3
match: HostSNI(`*`)
service: stalwart-pop3
entrypoint: pop3
port: 110
- name: stalwart-pop3s
match: HostSNI(`*`)
service: stalwart-pop3s
entrypoint: pop3s
port: 995
files:
config:
enabled: true
sensitive: true
remove: []
entries:
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
config.toml:
data: |
[server.listener."smtp"]
bind = ["[::]:25"]
protocol = "smtp"
[server.listener."submission"]
bind = ["[::]:587"]
protocol = "smtp"
[server.listener."submissions"]
bind = ["[::]:465"]
protocol = "smtp"
tls.implicit = true
[server.listener."imap"]
bind = ["[::]:143"]
protocol = "imap"
[server.listener."imaptls"]
bind = ["[::]:993"]
protocol = "imap"
tls.implicit = true
[server.listener.pop3]
bind = "[::]:110"
protocol = "pop3"
[server.listener.pop3s]
bind = "[::]:995"
protocol = "pop3"
tls.implicit = true
[server.listener."sieve"]
bind = ["[::]:4190"]
protocol = "managesieve"
[server.listener."https"]
protocol = "https"
bind = ["[::]:443"]
tls.implicit = false
[server.listener."http"]
bind = "[::]:8080"
protocol = "http"
[storage]
data = "rocksdb"
fts = "rocksdb"
blob = "rocksdb"
lookup = "rocksdb"
directory = "internal"
[store."rocksdb"]
type = "rocksdb"
path = "/app/data"
compression = "lz4"
[directory."internal"]
type = "internal"
store = "rocksdb"
[tracer."stdout"]
type = "stdout"
level = "info"
ansi = false
enable = true
[authentication.fallback-admin]
user = "overlord"
secret = "%{env:SW_ADMIN_SECRET}%"
[tracer.console]
type = "console"
level = "info"
ansi = true
enable = true
[certificate."default"]
cert = "%{file:/app/certs/tls.crt}%"
private-key = "%{file:/app/certs/tls.key}%"
env:
secrets:
enabled: true
sensitive: true
Reference in New Issue View Git Blame Copy Permalink