diff --git a/main.tf b/main.tf index b10c6f04..08e31a20 100644 --- a/main.tf +++ b/main.tf @@ -19,6 +19,7 @@ variable "client_certificate_secret_name" {} variable "mailserver_accounts" {} variable "mailserver_aliases" {} variable "mailserver_opendkim_key" {} +variable "mailserver_roundcubemail_db_password" { type = string } variable "mailserver_sasl_passwd" {} variable "pihole_web_password" {} variable "webhook_handler_secret" {} @@ -363,12 +364,13 @@ module "kubernetes_cluster" { prod = var.prod tls_secret_name = var.tls_secret_name # dockerhub_password = var.dockerhub_password - client_certificate_secret_name = var.client_certificate_secret_name - mailserver_accounts = var.mailserver_accounts - mailserver_sasl_passwd = var.mailserver_sasl_passwd - mailserver_aliases = var.mailserver_aliases - mailserver_opendkim_key = var.mailserver_opendkim_key - pihole_web_password = var.pihole_web_password + client_certificate_secret_name = var.client_certificate_secret_name + mailserver_accounts = var.mailserver_accounts + mailserver_sasl_passwd = var.mailserver_sasl_passwd + mailserver_aliases = var.mailserver_aliases + mailserver_opendkim_key = var.mailserver_opendkim_key + mailserver_roundcubemail_db_password = var.mailserver_roundcubemail_db_password + pihole_web_password = var.pihole_web_password # Webhook tokens webhook_handler_secret = var.webhook_handler_secret diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf index d5adda6d..50521baf 100644 --- a/modules/kubernetes/mailserver/main.tf +++ b/modules/kubernetes/mailserver/main.tf @@ -315,46 +315,6 @@ resource "kubernetes_deployment" "mailserver" { } - container { - name = "roundcube" - image = "roundcube/roundcubemail:1.6.9-apache" - env { - name = "ROUNDCUBEMAIL_DEFAULT_HOST" - # value = "ssl://127.0.0.1" # running in same pod - value = "tls://127.0.0.1" # running in same pod - } - env { - name = "ROUNDCUBEMAIL_SMTP_SERVER" - value = "tls://127.0.0.1" # running in same pod - # value = "ssl://127.0.0.1" # running in same pod - # value = "tls://mailserver.mailserver.svc.cluster.local" # running in same pod - # value = "tls://smtp.viktorbarzin.me" - # value = "tls://mailserver.mailserver.svc.cluster.local" - } - env { - name = "ROUNDCUBEMAIL_DEFAULT_PORT" - value = "993" - } - env { - name = "ROUNDCUBEMAIL_SMTP_DEBUG" - value = "true" - } - env { - name = "ROUNDCUBEMAIL_DEBUG_LEVEL" - value = "6" - } - env { - name = "ROUNDCUBEMAIL_LOG_DRIVER" - # value = "file" - value = "syslog" - } - port { - name = "web" - container_port = 80 - protocol = "TCP" - } - - } container { name = "dovecot-exporter" image = "viktorbarzin/dovecot_exporter:latest" @@ -478,11 +438,3 @@ resource "kubernetes_service" "mailserver" { } } -module "ingress" { - source = "../ingress_factory" - namespace = "mailserver" - name = "mail" - service_name = "mailserver" - tls_secret_name = var.tls_secret_name -} - diff --git a/modules/kubernetes/mailserver/roundcubemail.tf b/modules/kubernetes/mailserver/roundcubemail.tf new file mode 100644 index 00000000..56cf0b9b --- /dev/null +++ b/modules/kubernetes/mailserver/roundcubemail.tf @@ -0,0 +1,159 @@ +variable "roundcube_db_password" { type = string } + +# If you want to override settings mount this in /var/roundcube/config +# more info in https://github.com/roundcube/roundcubemail-docker?tab=readme-ov-file +# resource "kubernetes_config_map" "roundcubemail_config" { +# metadata { +# name = "roundcubemail.config" +# namespace = "mailserver" + +# labels = { +# app = "mailserver" +# } +# annotations = { +# "reloader.stakater.com/match" = "true" +# } +# } + +# data = { +# # if you want to override things see https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php +# "imap.php" = <<-EOF +# +# EOF +# } +# } + + +resource "kubernetes_deployment" "roundcubemail" { + metadata { + name = "roundcubemail" + namespace = "mailserver" + labels = { + "app" = "roundcubemail" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = "1" + strategy { + type = "RollingUpdate" + } + selector { + match_labels = { + "app" = "roundcubemail" + } + } + template { + metadata { + labels = { + "app" = "roundcubemail" + } + } + spec { + container { + name = "roundcube" + image = "roundcube/roundcubemail:latest" + volume_mount { + name = "imap-config" + mount_path = "/var/roundcube/config/imap.php" + sub_path = "imap.php" + } + env { + name = "ROUNDCUBEMAIL_DEFAULT_HOST" + value = "ssl://mail.viktorbarzin.me" # tls cert must be valid! + } + env { + name = "ROUNDCUBEMAIL_DEFAULT_PORT" + value = "993" + } + env { + name = "ROUNDCUBEMAIL_SMTP_SERVER" + value = "tls://mail.viktorbarzin.me" # tls cert must be valid! + } + + env { + name = "ROUNDCUBEMAIL_SMTP_PORT" + value = 587 + } + + env { + name = "ROUNDCUBEMAIL_DB_TYPE" + value = "mysql" + } + env { + name = "ROUNDCUBEMAIL_DB_HOST" + value = "mysql.dbaas" + } + env { + name = "ROUNDCUBEMAIL_DB_USER" + value = "roundcubemail" + } + env { + name = "ROUNDCUBEMAIL_DB_PASSWORD" + value = var.roundcube_db_password + } + env { + name = "ROUNDCUBEMAIL_SMTP_DEBUG" + value = "true" + } + env { + name = "ROUNDCUBEMAIL_DEBUG_LEVEL" + value = "6" + } + env { + name = "ROUNDCUBEMAIL_LOG_DRIVER" + # value = "file" + value = "syslog" + } + port { + name = "web" + container_port = 80 + protocol = "TCP" + } + } + + volume { + name = "imap-config" + config_map { + name = "roundcubemail.config" + } + } + } + } + } +} + +resource "kubernetes_service" "roundcubemail" { + metadata { + name = "roundcubemail" + namespace = "mailserver" + + labels = { + app = "roundcubemail" + } + } + + spec { + selector = { + app = "roundcubemail" + } + + port { + name = "roundcube" + protocol = "TCP" + port = 80 + } + } +} + +module "ingress" { + source = "../ingress_factory" + namespace = "mailserver" + name = "mail" + service_name = "roundcubemail" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 7c94ec5f..c6cdf442 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -5,6 +5,7 @@ variable "hackmd_db_password" {} variable "mailserver_accounts" {} variable "mailserver_aliases" {} variable "mailserver_opendkim_key" {} +variable "mailserver_roundcubemail_db_password" { type = string } variable "mailserver_sasl_passwd" {} variable "pihole_web_password" {} variable "webhook_handler_secret" {} @@ -219,6 +220,7 @@ module "mailserver" { postfix_account_aliases = var.mailserver_aliases opendkim_key = var.mailserver_opendkim_key sasl_passwd = var.mailserver_sasl_passwd + roundcube_db_password = var.mailserver_roundcubemail_db_password depends_on = [null_resource.core_services] } diff --git a/terraform.tfstate b/terraform.tfstate index f64e7b2a..55ed2aa8 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 615896d4..7dd5bf4e 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ