diff --git a/charts/stalwart-mail/Chart.yaml b/charts/stalwart-mail/Chart.yaml index a39f8b1..eee5a8d 100644 --- a/charts/stalwart-mail/Chart.yaml +++ b/charts/stalwart-mail/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: stalwart-mail description: Stalwart is a JMAP, IMAP4 and SMTP server version: 0.1.5 -appVersion: 0.8.0 +appVersion: 0.8.1 maintainers: - name: Tommy Skaug email: tommy@skaug.me diff --git a/charts/stalwart-mail/templates/configuration.yaml b/charts/stalwart-mail/templates/configuration.yaml deleted file mode 100644 index 6c1b3ef..0000000 --- a/charts/stalwart-mail/templates/configuration.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "stalwart-mail.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -data: - stalwart-mail.conf: | - [server.listener."smtp"] - bind = ["[::]:25"] - protocol = "smtp" - tls.implicit = true - - [queue.outbound] - next-hop = [ { if = "is_local_domain('', rcpt_domain)", then = "'relay'" }, - { else = false } ] - - [remote."relay"] - address = "relay.example.org" - port = 25 - protocol = "smtp" - - [remote."relay".tls] - implicit = false - allow-invalid-certs = false - - [server.listener."submissions"] - bind = ["[::]:465"] - protocol = "smtp" - tls.implicit = true - - [server.listener."imaptls"] - bind = ["[::]:993"] - protocol = "imap" - tls.implicit = true - - [server.listener."management"] - bind = ["[::]:8080"] - protocol = "http" - - [server.http] - use-x-forwarded = true - hsts = false - - [certificate."default"] - cert = "%{env:STALWART_TLS_CERT}%" - private-key = "%{env:STALWART_TLS_KEY}%" - - [store."postgresql"] - type = "postgresql" - host = "%{env:STALWART_POSTGRES_HOST}%" - port = 5432 - database = "%{env:STALWART_POSTGRES_DATABASE}%" - user = "%{env:STALWART_POSTGRES_USERNAME}%" - password = "%{env:STALWART_POSTGRES_PASSWORD}%" - timeout = "15s" - enable = true - allow-invalid-certs = false - - [storage] - data = "postgresql" - fts = "postgresql" - blob = "postgresql" - lookup = "postgresql" - directory = "ldap" - - [store."postgresql".tls] - enable = false - allow-invalid-certs = false - - [store."postgresql".pool] - max-connections = 10 - - [storage.full-text] - default-language = "en" - - [tracer."stdout"] - type = "stdout" - level = "info" - ansi = false - enable = true - - [tracer.otel] - type = "open-telemetry" - transport = "http" - endpoint = "{{ .Values.tracer.http.endpoint }}" - level = "info" - enable = true - - [authentication.fallback-admin] - user = "admin" - secret = "%{env:STALWART_ADMIN_SECRET}%" - - [directory."ldap"] - type = "ldap" - url = "{{ .Values.ldap.url }}" - base-dn = "{{ .Values.ldap.baseDN }}" - timeout = "30s" - - [directory."ldap".bind] - dn = "{{ .Values.ldap.bindDN }}" - secret = "%{env:STALWART_LDAP_BIND_SECRET}%" - - [directory."ldap".bind.auth] - enable = true - dn = "cn=?,{{ .Values.ldap.baseDN }}" - - [directory."ldap".tls] - enable = false - allow-invalid-certs = false - - [directory."ldap".filter] - name = "{{ .Values.ldap.filter.name }}" - email = "{{ .Values.ldap.filter.email }}" - verify = "{{ .Values.ldap.filter.verify }}" - expand = "{{ .Values.ldap.filter.expand }}" - domains = "{{ .Values.ldap.filter.domains }}" - - [directory."ldap".attributes] - name = "uid" - class = "objectclass" - description = ["cn"] - secret = "userPassword" - email = "mail" - groups = ["memberOf"] - - [auth.iprev] - verify = [ { if = "listener = 'smtp'", then = "strict" }, - { else = "disable" } ] - - [auth.dmarc] - verify = "disable" - # [ { if = "listener = 'smtp'", then = "strict" }, { else = "disable" } ] - - [auth.arc] - seal = "'ed'" - verify = "strict" - - [signature."ed25519"] - private-key = "%{env:STALWART_DKIM_ED_KEY}%" - domain = "{{ .Values.config.domain }}" - selector = "_default" - headers = ["From", "To", "Date", "Subject", "Message-ID"] - algorithm = "ed25519-sha256" - canonicalization = "simple/simple" - set-body-length = true - report = true - - [auth.dkim] - verify = "relaxed" - sign = [ { if = "sender_domain = '{{ .Values.config.domain }}'", then = "'ed25519'" }, - { else = false } ] - - [report.analysis] - addresses = ["dmarc@*", "abuse@*"] - forward = true - store = "365d" - - # [report.dkim] - # from-name = "'Report Subsystem'" - # from-address = "'noreply-dkim@{{ .Values.config.domain }}'" - # subject = "'DKIM Authentication Failure Report'" - # sign = ["ed"] - # send = "1/1d" - - [oauth] - key = "%{env:STALWART_OAUTH_KEY}%" - - [oauth.expiry] - user-code = "30m" - auth-code = "10m" - token = "1h" - refresh-token = "30d" - refresh-token-renew = "4d" - - [authentication] - fail2ban = "100/1s" \ No newline at end of file diff --git a/charts/stalwart-mail/templates/deployment.yaml b/charts/stalwart-mail/templates/deployment.yaml index 4858e03..ad31cf6 100644 --- a/charts/stalwart-mail/templates/deployment.yaml +++ b/charts/stalwart-mail/templates/deployment.yaml @@ -95,4 +95,4 @@ spec: claimName: {{ include "stalwart-mail.fullname" . }} - name: stalwart-conf configMap: - name: {{ include "stalwart-mail.fullname" . }} \ No newline at end of file + name: {{ .Values.existingConfigMap }} \ No newline at end of file diff --git a/charts/stalwart-mail/values.yaml b/charts/stalwart-mail/values.yaml index e0e46e7..7602275 100644 --- a/charts/stalwart-mail/values.yaml +++ b/charts/stalwart-mail/values.yaml @@ -1,26 +1,12 @@ config: domain: 252.no -ldap: - url: ldap://lldap.security.svc.cluster.local:389 - baseDN: "ou=people,dc=home,dc=arpa" - bindDN: "cn=admin,ou=people,dc=home,dc=arpa" - filter: - name: "(&(objectClass=person)(uid=?))" - email: "(&(objectClass=person)(|(mail=?)(mailAlias=?)))" - verify: "(&(objectClass=person)(|(mail=*?*)(mailAlias=*?*)))" - expand: "(&(objectClass=person)(|(mail=*?*)(mailAlias=*?*)))" - domains: "(&(objectClass=person)(|(mail=*@?)(mailAlias=*@?)))" - existingSecret: stalwart-mail-secret +existingConfigMap: stalwart-mail-config tlsSecret: stalwart-mail-tls replicaCount: 1 -tracer: - http: - endpoint: http://tempo-distributor.monitoring.svc.cluster.local:4318 - initContainers: dbInit: image: