fix roundcubemail and move to separate deploymen t[ci skip]

main.tf

@@ -19,6 +19,7 @@ variable "client_certificate_secret_name" {}
 variable "mailserver_accounts" {}
 variable "mailserver_aliases" {}
 variable "mailserver_opendkim_key" {}
+variable "mailserver_roundcubemail_db_password" { type = string }
 variable "mailserver_sasl_passwd" {}
 variable "pihole_web_password" {}
 variable "webhook_handler_secret" {}
@@ -363,12 +364,13 @@ module "kubernetes_cluster" {
   prod            = var.prod
   tls_secret_name = var.tls_secret_name
   # dockerhub_password             = var.dockerhub_password
-  client_certificate_secret_name = var.client_certificate_secret_name
-  mailserver_accounts            = var.mailserver_accounts
-  mailserver_sasl_passwd         = var.mailserver_sasl_passwd
-  mailserver_aliases             = var.mailserver_aliases
-  mailserver_opendkim_key        = var.mailserver_opendkim_key
-  pihole_web_password            = var.pihole_web_password
+  client_certificate_secret_name       = var.client_certificate_secret_name
+  mailserver_accounts                  = var.mailserver_accounts
+  mailserver_sasl_passwd               = var.mailserver_sasl_passwd
+  mailserver_aliases                   = var.mailserver_aliases
+  mailserver_opendkim_key              = var.mailserver_opendkim_key
+  mailserver_roundcubemail_db_password = var.mailserver_roundcubemail_db_password
+  pihole_web_password                  = var.pihole_web_password
 
   # Webhook tokens
   webhook_handler_secret          = var.webhook_handler_secret

modules/kubernetes/mailserver/main.tf

@@ -315,46 +315,6 @@ resource "kubernetes_deployment" "mailserver" {
 
         }
 
-        container {
-          name  = "roundcube"
-          image = "roundcube/roundcubemail:1.6.9-apache"
-          env {
-            name = "ROUNDCUBEMAIL_DEFAULT_HOST"
-            # value = "ssl://127.0.0.1" # running in same pod
-            value = "tls://127.0.0.1" # running in same pod
-          }
-          env {
-            name  = "ROUNDCUBEMAIL_SMTP_SERVER"
-            value = "tls://127.0.0.1" # running in same pod
-            # value = "ssl://127.0.0.1" # running in same pod
-            # value = "tls://mailserver.mailserver.svc.cluster.local" # running in same pod
-            # value = "tls://smtp.viktorbarzin.me"
-            # value = "tls://mailserver.mailserver.svc.cluster.local"
-          }
-          env {
-            name  = "ROUNDCUBEMAIL_DEFAULT_PORT"
-            value = "993"
-          }
-          env {
-            name  = "ROUNDCUBEMAIL_SMTP_DEBUG"
-            value = "true"
-          }
-          env {
-            name  = "ROUNDCUBEMAIL_DEBUG_LEVEL"
-            value = "6"
-          }
-          env {
-            name = "ROUNDCUBEMAIL_LOG_DRIVER"
-            # value = "file"
-            value = "syslog"
-          }
-          port {
-            name           = "web"
-            container_port = 80
-            protocol       = "TCP"
-          }
-
-        }
         container {
           name  = "dovecot-exporter"
           image = "viktorbarzin/dovecot_exporter:latest"
@@ -478,11 +438,3 @@ resource "kubernetes_service" "mailserver" {
   }
 }
 
-module "ingress" {
-  source          = "../ingress_factory"
-  namespace       = "mailserver"
-  name            = "mail"
-  service_name    = "mailserver"
-  tls_secret_name = var.tls_secret_name
-}
-

modules/kubernetes/mailserver/roundcubemail.tf

@@ -0,0 +1,159 @@
+variable "roundcube_db_password" { type = string }
+
+# If you want to override settings mount this in /var/roundcube/config
+# more info in https://github.com/roundcube/roundcubemail-docker?tab=readme-ov-file
+# resource "kubernetes_config_map" "roundcubemail_config" {
+#   metadata {
+#     name      = "roundcubemail.config"
+#     namespace = "mailserver"
+
+#     labels = {
+#       app = "mailserver"
+#     }
+#     annotations = {
+#       "reloader.stakater.com/match" = "true"
+#     }
+#   }
+
+#   data = {
+#     # if you want to override things see https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php
+#     "imap.php" = <<-EOF
+#     <?php
+#       $config['imap_host'] = 'ssl://mail.viktorbarzin.me:993';
+#     ?>
+#     EOF
+#   }
+# }
+
+
+resource "kubernetes_deployment" "roundcubemail" {
+  metadata {
+    name      = "roundcubemail"
+    namespace = "mailserver"
+    labels = {
+      "app" = "roundcubemail"
+    }
+    annotations = {
+      "reloader.stakater.com/search" = "true"
+    }
+  }
+  spec {
+    replicas = "1"
+    strategy {
+      type = "RollingUpdate"
+    }
+    selector {
+      match_labels = {
+        "app" = "roundcubemail"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app" = "roundcubemail"
+        }
+      }
+      spec {
+        container {
+          name  = "roundcube"
+          image = "roundcube/roundcubemail:latest"
+          volume_mount {
+            name       = "imap-config"
+            mount_path = "/var/roundcube/config/imap.php"
+            sub_path   = "imap.php"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DEFAULT_HOST"
+            value = "ssl://mail.viktorbarzin.me" # tls cert must be valid!
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DEFAULT_PORT"
+            value = "993"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_SMTP_SERVER"
+            value = "tls://mail.viktorbarzin.me" # tls cert must be valid!
+          }
+
+          env {
+            name  = "ROUNDCUBEMAIL_SMTP_PORT"
+            value = 587
+          }
+
+          env {
+            name  = "ROUNDCUBEMAIL_DB_TYPE"
+            value = "mysql"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DB_HOST"
+            value = "mysql.dbaas"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DB_USER"
+            value = "roundcubemail"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DB_PASSWORD"
+            value = var.roundcube_db_password
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_SMTP_DEBUG"
+            value = "true"
+          }
+          env {
+            name  = "ROUNDCUBEMAIL_DEBUG_LEVEL"
+            value = "6"
+          }
+          env {
+            name = "ROUNDCUBEMAIL_LOG_DRIVER"
+            # value = "file"
+            value = "syslog"
+          }
+          port {
+            name           = "web"
+            container_port = 80
+            protocol       = "TCP"
+          }
+        }
+
+        volume {
+          name = "imap-config"
+          config_map {
+            name = "roundcubemail.config"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "roundcubemail" {
+  metadata {
+    name      = "roundcubemail"
+    namespace = "mailserver"
+
+    labels = {
+      app = "roundcubemail"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "roundcubemail"
+    }
+
+    port {
+      name     = "roundcube"
+      protocol = "TCP"
+      port     = 80
+    }
+  }
+}
+
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = "mailserver"
+  name            = "mail"
+  service_name    = "roundcubemail"
+  tls_secret_name = var.tls_secret_name
+}

modules/kubernetes/main.tf

@@ -5,6 +5,7 @@ variable "hackmd_db_password" {}
 variable "mailserver_accounts" {}
 variable "mailserver_aliases" {}
 variable "mailserver_opendkim_key" {}
+variable "mailserver_roundcubemail_db_password" { type = string }
 variable "mailserver_sasl_passwd" {}
 variable "pihole_web_password" {}
 variable "webhook_handler_secret" {}
@@ -219,6 +220,7 @@ module "mailserver" {
   postfix_account_aliases = var.mailserver_aliases
   opendkim_key            = var.mailserver_opendkim_key
   sasl_passwd             = var.mailserver_sasl_passwd
+  roundcube_db_password   = var.mailserver_roundcubemail_db_password
 
   depends_on = [null_resource.core_services]
 }