add e2e email roundtrip monitoring

CronJob (every 30 min) sends test email via Mailgun API to smoke-test@viktorbarzin.me, verifies IMAP delivery in spam@ catch-all, deletes test email, pushes metrics to Pushgateway + Uptime Kuma. Prometheus alerts: EmailRoundtripFailing, EmailRoundtripStale, EmailRoundtripNeverRun. Uptime Kuma: SMTP/IMAP port checks + E2E push.
2026-03-25 22:50:22 +02:00 · 2026-03-25 22:50:22 +02:00 · 78dec8f0ad
commit 78dec8f0ad
parent b9c2d7c1f6
5 changed files with 256 additions and 19 deletions
--- a/stacks/mailserver/main.tf
+++ b/stacks/mailserver/main.tf
@ -11,6 +11,11 @@ data "vault_kv_secret_v2" "secrets" {
  name  = "platform"
 }

+data "vault_kv_secret_v2" "viktor" {
+  mount = "secret"
+  name  = "viktor"
+}
+
 locals {
  mailserver_accounts     = jsondecode(data.vault_kv_secret_v2.secrets.data["mailserver_accounts"])
  mailserver_aliases      = jsondecode(data.vault_kv_secret_v2.secrets.data["mailserver_aliases"])
@ -19,14 +24,16 @@ locals {
 }

 module "mailserver" {
-  source                  = "./modules/mailserver"
-  tls_secret_name         = var.tls_secret_name
-  nfs_server              = var.nfs_server
-  mysql_host              = var.mysql_host
-  mailserver_accounts     = local.mailserver_accounts
-  postfix_account_aliases = local.mailserver_aliases
-  opendkim_key            = local.mailserver_opendkim_key
-  sasl_passwd             = local.mailserver_sasl_passwd
-  roundcube_db_password   = data.vault_kv_secret_v2.secrets.data["mailserver_roundcubemail_db_password"]
-  tier                    = local.tiers.edge
+  source                      = "./modules/mailserver"
+  tls_secret_name             = var.tls_secret_name
+  nfs_server                  = var.nfs_server
+  mysql_host                  = var.mysql_host
+  mailserver_accounts         = local.mailserver_accounts
+  postfix_account_aliases     = local.mailserver_aliases
+  opendkim_key                = local.mailserver_opendkim_key
+  sasl_passwd                 = local.mailserver_sasl_passwd
+  roundcube_db_password       = data.vault_kv_secret_v2.secrets.data["mailserver_roundcubemail_db_password"]
+  tier                        = local.tiers.edge
+  mailgun_api_key             = data.vault_kv_secret_v2.viktor.data["mailgun_api_key"]
+  email_monitor_imap_password = local.mailserver_accounts["spam@viktorbarzin.me"]
 }