initial

modules/kubernetes/mailserver/main.tf

@@ -0,0 +1,65 @@
+variable "mailserver_accounts" {}
+variable postfix_account_aliases {}
+
+resource "kubernetes_namespace" "mailserver" {
+  metadata {
+    name = "mailserver"
+  }
+}
+
+resource "kubernetes_config_map" "mailserver_env_config" {
+  metadata {
+    name      = "mailserver.env.config"
+    namespace = "mailserver"
+    labels = {
+      app = "mailserver"
+    }
+  }
+
+  data = {
+    DMS_DEBUG           = "0"
+    ENABLE_CLAMAV       = "0"
+    ENABLE_FAIL2BAN     = "1"
+    ENABLE_FETCHMAIL    = "0"
+    ENABLE_POSTGREY     = "0"
+    ENABLE_SPAMASSASSIN = "0"
+    ENABLE_SRS          = "1"
+    FETCHMAIL_POLL      = "120"
+    ONE_DIR             = "1"
+    OVERRIDE_HOSTNAME   = "mail.viktorbarzin.me"
+    TLS_LEVEL           = "intermediate"
+  }
+}
+
+locals {
+  postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : "${user}|${bcrypt(pass, 6)}"])
+  #   postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : format("%s%s%s", user, "|{SHA512-CRYPT}$6$$", sha512(pass))])  # Does not work :/
+}
+
+resource "kubernetes_config_map" "mailserver_config" {
+  metadata {
+    name      = "mailserver.config"
+    namespace = "mailserver"
+
+    labels = {
+      app = "mailserver"
+    }
+  }
+
+  data = {
+    # Actual mail settings
+    "postfix-accounts.cf" = local.postfix_accounts_cf
+    "postfix-main.cf"     = var.postfix_cf
+    "postfix-virtual.cf"  = var.postfix_account_aliases
+
+    KeyTable     = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
+    SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
+    TrustedHosts = "127.0.0.1\nlocalhost\n"
+  }
+  # Password hashes are different each time and avoid changing secret constantly. 
+  # Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
+  lifecycle {
+    ignore_changes = [data["postfix-accounts.cf"]]
+  }
+
+}