add sendgrid smtp relay settings to postfix [ci skip]
This commit is contained in:
parent
244df31823
commit
d9c6cd6f82
4 changed files with 26 additions and 6 deletions
2
main.tf
2
main.tf
|
|
@ -16,6 +16,7 @@ variable "client_certificate_secret_name" {}
|
||||||
variable "mailserver_accounts" {}
|
variable "mailserver_accounts" {}
|
||||||
variable "mailserver_aliases" {}
|
variable "mailserver_aliases" {}
|
||||||
variable "mailserver_opendkim_key" {}
|
variable "mailserver_opendkim_key" {}
|
||||||
|
variable "mailserver_sasl_passwd" {}
|
||||||
variable "pihole_web_password" {}
|
variable "pihole_web_password" {}
|
||||||
variable "webhook_handler_secret" {}
|
variable "webhook_handler_secret" {}
|
||||||
variable "wireguard_wg_0_conf" {}
|
variable "wireguard_wg_0_conf" {}
|
||||||
|
|
@ -191,6 +192,7 @@ module "kubernetes_cluster" {
|
||||||
# dockerhub_password = var.dockerhub_password
|
# dockerhub_password = var.dockerhub_password
|
||||||
client_certificate_secret_name = var.client_certificate_secret_name
|
client_certificate_secret_name = var.client_certificate_secret_name
|
||||||
mailserver_accounts = var.mailserver_accounts
|
mailserver_accounts = var.mailserver_accounts
|
||||||
|
mailserver_sasl_passwd = var.mailserver_sasl_passwd
|
||||||
mailserver_aliases = var.mailserver_aliases
|
mailserver_aliases = var.mailserver_aliases
|
||||||
mailserver_opendkim_key = var.mailserver_opendkim_key
|
mailserver_opendkim_key = var.mailserver_opendkim_key
|
||||||
pihole_web_password = var.pihole_web_password
|
pihole_web_password = var.pihole_web_password
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,9 @@ variable "tls_secret_name" {}
|
||||||
variable "mailserver_accounts" {}
|
variable "mailserver_accounts" {}
|
||||||
variable "postfix_account_aliases" {}
|
variable "postfix_account_aliases" {}
|
||||||
variable "opendkim_key" {}
|
variable "opendkim_key" {}
|
||||||
|
variable "sasl_passwd" {
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
resource "kubernetes_namespace" "mailserver" {
|
resource "kubernetes_namespace" "mailserver" {
|
||||||
metadata {
|
metadata {
|
||||||
|
|
@ -66,9 +69,10 @@ resource "kubernetes_config_map" "mailserver_config" {
|
||||||
"postfix-main.cf" = var.postfix_cf
|
"postfix-main.cf" = var.postfix_cf
|
||||||
"postfix-virtual.cf" = format("%s%s", var.postfix_account_aliases, file("${path.module}/extra/aliases.txt"))
|
"postfix-virtual.cf" = format("%s%s", var.postfix_account_aliases, file("${path.module}/extra/aliases.txt"))
|
||||||
|
|
||||||
KeyTable = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
|
KeyTable = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
|
||||||
SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
|
SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
|
||||||
TrustedHosts = "127.0.0.1\nlocalhost\n"
|
TrustedHosts = "127.0.0.1\nlocalhost\n"
|
||||||
|
"sasl_passwd" = var.sasl_passwd
|
||||||
}
|
}
|
||||||
# Password hashes are different each time and avoid changing secret constantly.
|
# Password hashes are different each time and avoid changing secret constantly.
|
||||||
# Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
|
# Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
|
||||||
|
|
@ -252,6 +256,12 @@ resource "kubernetes_deployment" "mailserver" {
|
||||||
name = "var-run-dovecot"
|
name = "var-run-dovecot"
|
||||||
mount_path = "/var/run/dovecot"
|
mount_path = "/var/run/dovecot"
|
||||||
}
|
}
|
||||||
|
volume_mount {
|
||||||
|
name = "config"
|
||||||
|
mount_path = "/etc/postfix/sasl/passwd"
|
||||||
|
sub_path = "sasl_passwd"
|
||||||
|
read_only = true
|
||||||
|
}
|
||||||
port {
|
port {
|
||||||
name = "smtp"
|
name = "smtp"
|
||||||
container_port = 25
|
container_port = 25
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,6 @@ readme_directory = no
|
||||||
alias_maps = hash:/etc/aliases
|
alias_maps = hash:/etc/aliases
|
||||||
alias_database = hash:/etc/aliases
|
alias_database = hash:/etc/aliases
|
||||||
mydestination = $myhostname, localhost.$mydomain, localhost
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
relayhost =
|
|
||||||
mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 10.47.0.11/32
|
mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 10.47.0.11/32
|
||||||
mailbox_size_limit = 0
|
mailbox_size_limit = 0
|
||||||
recipient_delimiter = +
|
recipient_delimiter = +
|
||||||
|
|
@ -27,7 +26,6 @@ smtpd_tls_key_file=/tmp/ssl/tls.key
|
||||||
smtpd_tls_security_level = may
|
smtpd_tls_security_level = may
|
||||||
smtpd_use_tls=yes
|
smtpd_use_tls=yes
|
||||||
smtpd_tls_loglevel = 1
|
smtpd_tls_loglevel = 1
|
||||||
smtp_tls_security_level = may
|
|
||||||
smtp_tls_loglevel = 1
|
smtp_tls_loglevel = 1
|
||||||
tls_ssl_options = NO_COMPRESSION
|
tls_ssl_options = NO_COMPRESSION
|
||||||
tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||||
|
|
@ -72,11 +70,19 @@ postscreen_bare_newline_action = enforce
|
||||||
smtpd_sasl_auth_enable = yes
|
smtpd_sasl_auth_enable = yes
|
||||||
smtpd_sasl_path = /var/spool/postfix/private/auth
|
smtpd_sasl_path = /var/spool/postfix/private/auth
|
||||||
smtpd_sasl_type = dovecot
|
smtpd_sasl_type = dovecot
|
||||||
|
|
||||||
smtpd_sasl_security_options = noanonymous
|
smtpd_sasl_security_options = noanonymous
|
||||||
smtpd_sasl_local_domain = $mydomain
|
smtpd_sasl_local_domain = $mydomain
|
||||||
broken_sasl_auth_clients = yes
|
broken_sasl_auth_clients = yes
|
||||||
|
|
||||||
|
# SMTP configuration
|
||||||
|
smtp_sasl_auth_enable = yes
|
||||||
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
|
||||||
|
smtp_sasl_security_options = noanonymous
|
||||||
|
smtp_sasl_tls_security_options = noanonymous
|
||||||
|
smtp_tls_security_level = encrypt
|
||||||
|
header_size_limit = 4096000
|
||||||
|
relayhost = [smtp.sendgrid.net]:587
|
||||||
|
|
||||||
# Mail directory
|
# Mail directory
|
||||||
virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
|
virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
|
||||||
virtual_mailbox_domains = /etc/postfix/vhost
|
virtual_mailbox_domains = /etc/postfix/vhost
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ variable "hackmd_db_password" {}
|
||||||
variable "mailserver_accounts" {}
|
variable "mailserver_accounts" {}
|
||||||
variable "mailserver_aliases" {}
|
variable "mailserver_aliases" {}
|
||||||
variable "mailserver_opendkim_key" {}
|
variable "mailserver_opendkim_key" {}
|
||||||
|
variable "mailserver_sasl_passwd" {}
|
||||||
variable "pihole_web_password" {}
|
variable "pihole_web_password" {}
|
||||||
variable "webhook_handler_secret" {}
|
variable "webhook_handler_secret" {}
|
||||||
variable "wireguard_wg_0_conf" {}
|
variable "wireguard_wg_0_conf" {}
|
||||||
|
|
@ -132,6 +133,7 @@ module "mailserver" {
|
||||||
mailserver_accounts = var.mailserver_accounts
|
mailserver_accounts = var.mailserver_accounts
|
||||||
postfix_account_aliases = var.mailserver_aliases
|
postfix_account_aliases = var.mailserver_aliases
|
||||||
opendkim_key = var.mailserver_opendkim_key
|
opendkim_key = var.mailserver_opendkim_key
|
||||||
|
sasl_passwd = var.mailserver_sasl_passwd
|
||||||
|
|
||||||
depends_on = [null_resource.core_services]
|
depends_on = [null_resource.core_services]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue