65 lines
1.8 KiB
HCL
65 lines
1.8 KiB
HCL
variable "mailserver_accounts" {}
|
|
variable postfix_account_aliases {}
|
|
|
|
resource "kubernetes_namespace" "mailserver" {
|
|
metadata {
|
|
name = "mailserver"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_config_map" "mailserver_env_config" {
|
|
metadata {
|
|
name = "mailserver.env.config"
|
|
namespace = "mailserver"
|
|
labels = {
|
|
app = "mailserver"
|
|
}
|
|
}
|
|
|
|
data = {
|
|
DMS_DEBUG = "0"
|
|
ENABLE_CLAMAV = "0"
|
|
ENABLE_FAIL2BAN = "1"
|
|
ENABLE_FETCHMAIL = "0"
|
|
ENABLE_POSTGREY = "0"
|
|
ENABLE_SPAMASSASSIN = "0"
|
|
ENABLE_SRS = "1"
|
|
FETCHMAIL_POLL = "120"
|
|
ONE_DIR = "1"
|
|
OVERRIDE_HOSTNAME = "mail.viktorbarzin.me"
|
|
TLS_LEVEL = "intermediate"
|
|
}
|
|
}
|
|
|
|
locals {
|
|
postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : "${user}|${bcrypt(pass, 6)}"])
|
|
# postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : format("%s%s%s", user, "|{SHA512-CRYPT}$6$$", sha512(pass))]) # Does not work :/
|
|
}
|
|
|
|
resource "kubernetes_config_map" "mailserver_config" {
|
|
metadata {
|
|
name = "mailserver.config"
|
|
namespace = "mailserver"
|
|
|
|
labels = {
|
|
app = "mailserver"
|
|
}
|
|
}
|
|
|
|
data = {
|
|
# Actual mail settings
|
|
"postfix-accounts.cf" = local.postfix_accounts_cf
|
|
"postfix-main.cf" = var.postfix_cf
|
|
"postfix-virtual.cf" = var.postfix_account_aliases
|
|
|
|
KeyTable = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
|
|
SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
|
|
TrustedHosts = "127.0.0.1\nlocalhost\n"
|
|
}
|
|
# Password hashes are different each time and avoid changing secret constantly.
|
|
# Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
|
|
lifecycle {
|
|
ignore_changes = [data["postfix-accounts.cf"]]
|
|
}
|
|
|
|
}
|