add smtp config to vaultwarden to enable email 2fa [ci skip]

2023-11-18 19:13:40 +00:00 · 2023-11-18 19:13:40 +00:00 · ef6f5b5e51
commit ef6f5b5e51
parent 3cea41106c
4 changed files with 31 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -57,6 +57,7 @@ variable "finance_app_gocardless_secret_id" {}
 variable "headscale_config" {}
 variable "immich_postgresql_password" {}
 variable "ingress_honeypotapikey" {}
+variable "vaultwarden_smtp_password" {}

 variable "ansible_prefix" {
  default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@ -283,6 +284,8 @@ module "kubernetes_cluster" {
  immich_postgresql_password = var.immich_postgresql_password

  ingress_honeypotapikey = var.ingress_honeypotapikey
+
+  vaultwarden_smtp_password = var.vaultwarden_smtp_password
 }


--- a/modules/kubernetes/mailserver/extra/aliases.txt
+++ b/modules/kubernetes/mailserver/extra/aliases.txt
@ -2,3 +2,4 @@ firmly-gerardo-generated@viktorbarzin.me me@viktorbarzin.me
 closely-keith-generated@viktorbarzin.me vbarzin@gmail.com
 literally-paolo-generated@viktorbarzin.me viktorbarzin@fb.com
 hastily-stefanie-generated@viktorbarzin.me elliestamenova@gmail.com
+vaultwarden@viktorbarzin.me me@viktorbarzin.me
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -44,6 +44,7 @@ variable "finance_app_gocardless_secret_id" {}
 variable "headscale_config" {}
 variable "immich_postgresql_password" {}
 variable "ingress_honeypotapikey" {}
+variable "vaultwarden_smtp_password" {}

 resource "null_resource" "core_services" {
  # List all the core modules that must be provisioned first
@ -312,6 +313,7 @@ module "dashy" {
 module "vaultwarden" {
  source          = "./vaultwarden"
  tls_secret_name = var.tls_secret_name
+  smtp_password = var.vaultwarden_smtp_password
 }

 module "reverse-proxy" {
--- a/modules/kubernetes/vaultwarden/main.tf
+++ b/modules/kubernetes/vaultwarden/main.tf
@ -1,4 +1,5 @@
 variable "tls_secret_name" {}
+variable "smtp_password" {}

 resource "kubernetes_namespace" "vaultwarden" {
  metadata {
@ -44,6 +45,30 @@ resource "kubernetes_deployment" "vaultwarden" {
            name  = "DOMAIN"
            value = "https://vaultwarden.viktorbarzin.me"
          }
+          env {
+            name  = "SMTP_HOST"
+            value = "smtp.viktorbarzin.me"
+          }
+          env {
+            name  = "SMTP_FROM"
+            value = "vaultwarden@viktorbarzin.me"
+          }
+          env {
+            name  = "SMTP_PORT"
+            value = "587"
+          }
+          env {
+            name  = "SMTP_SECURITY"
+            value = "starttls"
+          }
+          env {
+            name  = "SMTP_USERNAME"
+            value = "vaultwarden@viktorbarzin.me"
+          }
+          env {
+            name  = "SMTP_PASSWORD"
+            value = var.smtp_password
+          }

          port {
            container_port = 80