fix(stalwart): move config responsibility to deployment

charts/stalwart-mail/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: stalwart-mail
 description: Stalwart is a JMAP, IMAP4 and SMTP server
 version: 0.1.5
-appVersion: 0.8.0
+appVersion: 0.8.1
 maintainers:
 - name: Tommy Skaug
   email: tommy@skaug.me

charts/stalwart-mail/templates/configuration.yaml

@@ -1,179 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "stalwart-mail.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "stalwart-mail.labels" . | nindent 4 }}
-data:
-  stalwart-mail.conf: |
-    [server.listener."smtp"]
-    bind = ["[::]:25"]
-    protocol = "smtp"
-    tls.implicit = true
-
-    [queue.outbound]
-    next-hop = [ { if = "is_local_domain('', rcpt_domain)", then = "'relay'" }, 
-                { else = false } ]
-
-    [remote."relay"]
-    address = "relay.example.org"
-    port = 25
-    protocol = "smtp"
-
-    [remote."relay".tls]
-    implicit = false
-    allow-invalid-certs = false
-
-    [server.listener."submissions"]
-    bind = ["[::]:465"]
-    protocol = "smtp"
-    tls.implicit = true
-
-    [server.listener."imaptls"]
-    bind = ["[::]:993"]
-    protocol = "imap"
-    tls.implicit = true
-
-    [server.listener."management"]
-    bind = ["[::]:8080"]
-    protocol = "http"
-
-    [server.http]
-    use-x-forwarded = true
-    hsts = false
-
-    [certificate."default"]
-    cert = "%{env:STALWART_TLS_CERT}%"
-    private-key = "%{env:STALWART_TLS_KEY}%"
-
-    [store."postgresql"]
-    type = "postgresql"
-    host = "%{env:STALWART_POSTGRES_HOST}%"
-    port = 5432
-    database = "%{env:STALWART_POSTGRES_DATABASE}%"
-    user = "%{env:STALWART_POSTGRES_USERNAME}%"
-    password = "%{env:STALWART_POSTGRES_PASSWORD}%"
-    timeout = "15s"
-    enable = true
-    allow-invalid-certs = false
-
-    [storage]
-    data = "postgresql"
-    fts = "postgresql"
-    blob = "postgresql"
-    lookup = "postgresql"
-    directory = "ldap"
-
-    [store."postgresql".tls]
-    enable = false
-    allow-invalid-certs = false
-
-    [store."postgresql".pool]
-    max-connections = 10
-
-    [storage.full-text]
-    default-language = "en"
-
-    [tracer."stdout"]
-    type = "stdout"
-    level = "info"
-    ansi = false
-    enable = true
-
-    [tracer.otel]
-    type = "open-telemetry"
-    transport = "http"
-    endpoint = "{{ .Values.tracer.http.endpoint }}"
-    level = "info"
-    enable = true
-
-    [authentication.fallback-admin]
-    user = "admin"
-    secret = "%{env:STALWART_ADMIN_SECRET}%"
-
-    [directory."ldap"]
-    type = "ldap"
-    url = "{{ .Values.ldap.url }}"
-    base-dn = "{{ .Values.ldap.baseDN }}"
-    timeout = "30s"
-    
-    [directory."ldap".bind]
-    dn = "{{ .Values.ldap.bindDN }}"
-    secret = "%{env:STALWART_LDAP_BIND_SECRET}%"
-
-    [directory."ldap".bind.auth]
-    enable = true
-    dn = "cn=?,{{ .Values.ldap.baseDN }}"
-
-    [directory."ldap".tls]
-    enable = false
-    allow-invalid-certs = false
-
-    [directory."ldap".filter]
-    name = "{{ .Values.ldap.filter.name }}"
-    email = "{{ .Values.ldap.filter.email }}"
-    verify = "{{ .Values.ldap.filter.verify }}"
-    expand = "{{ .Values.ldap.filter.expand }}"
-    domains = "{{ .Values.ldap.filter.domains }}"
-
-    [directory."ldap".attributes]
-    name = "uid"
-    class = "objectclass"
-    description = ["cn"]
-    secret = "userPassword"
-    email = "mail"
-    groups = ["memberOf"]
-
-    [auth.iprev]
-    verify = [ { if = "listener = 'smtp'", then = "strict" }, 
-              { else = "disable" } ]
-
-    [auth.dmarc]
-    verify = "disable"
-    # [ { if = "listener = 'smtp'", then = "strict" }, { else = "disable" } ]
-
-    [auth.arc]
-    seal = "'ed'"
-    verify = "strict"
-
-    [signature."ed25519"]
-    private-key = "%{env:STALWART_DKIM_ED_KEY}%"
-    domain = "{{ .Values.config.domain }}"
-    selector = "_default"
-    headers = ["From", "To", "Date", "Subject", "Message-ID"]
-    algorithm = "ed25519-sha256"
-    canonicalization = "simple/simple"
-    set-body-length = true
-    report = true
-
-    [auth.dkim]
-    verify = "relaxed"
-    sign = [ { if = "sender_domain = '{{ .Values.config.domain }}'", then = "'ed25519'" }, 
-         { else = false } ]
-    
-    [report.analysis]
-    addresses = ["dmarc@*", "abuse@*"]
-    forward = true
-    store = "365d"
-
-    # [report.dkim]
-    # from-name = "'Report Subsystem'"
-    # from-address = "'noreply-dkim@{{ .Values.config.domain }}'"
-    # subject = "'DKIM Authentication Failure Report'"
-    # sign = ["ed"]
-    # send = "1/1d"
-
-    [oauth]
-    key = "%{env:STALWART_OAUTH_KEY}%"
-
-    [oauth.expiry]
-    user-code = "30m"
-    auth-code = "10m"
-    token = "1h"
-    refresh-token = "30d"
-    refresh-token-renew = "4d"
-
-    [authentication]
-    fail2ban = "100/1s"

charts/stalwart-mail/templates/deployment.yaml

@@ -95,4 +95,4 @@ spec:
           claimName: {{ include "stalwart-mail.fullname" . }}
       - name: stalwart-conf
         configMap:
-          name: {{ include "stalwart-mail.fullname" . }}
+          name: {{ .Values.existingConfigMap }}

charts/stalwart-mail/values.yaml

@@ -1,26 +1,12 @@
 config:
   domain: 252.no
 
-ldap:
-  url: ldap://lldap.security.svc.cluster.local:389
-  baseDN: "ou=people,dc=home,dc=arpa"
-  bindDN: "cn=admin,ou=people,dc=home,dc=arpa"
-  filter:
-    name: "(&(objectClass=person)(uid=?))"
-    email: "(&(objectClass=person)(|(mail=?)(mailAlias=?)))"
-    verify: "(&(objectClass=person)(|(mail=*?*)(mailAlias=*?*)))"
-    expand: "(&(objectClass=person)(|(mail=*?*)(mailAlias=*?*)))"
-    domains: "(&(objectClass=person)(|(mail=*@?)(mailAlias=*@?)))"
-
 existingSecret: stalwart-mail-secret
+existingConfigMap: stalwart-mail-config
 tlsSecret: stalwart-mail-tls
 
 replicaCount: 1
 
-tracer:
-  http:
-    endpoint: http://tempo-distributor.monitoring.svc.cluster.local:4318
-
 initContainers:
   dbInit:
     image: