mass update
This commit is contained in:
@ -10,7 +10,7 @@ dovecot_default_values:
|
||||
existingSecret: "{{ mail_short_name | default('mail') }}.{{ domain }}-secret"
|
||||
dovecot:
|
||||
configmaps:
|
||||
dovecot:
|
||||
dovecot:
|
||||
dovecot: |
|
||||
protocols = imap lmtp sieve
|
||||
mail_max_userip_connections = 1000
|
||||
@ -51,14 +51,12 @@ dovecot_default_values:
|
||||
auth-ldap: |
|
||||
passdb {
|
||||
driver = ldap
|
||||
|
||||
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
|
||||
args = /etc/dovecot/ldap.conf
|
||||
}
|
||||
userdb {
|
||||
driver = ldap
|
||||
args = /etc/dovecot/ldap.conf
|
||||
|
||||
}
|
||||
10-auth: |
|
||||
auth_default_realm = {{ domain }}
|
||||
@ -80,7 +78,7 @@ dovecot_default_values:
|
||||
mbox_write_locks = fcntl
|
||||
10-master: |
|
||||
protocol imap {
|
||||
mail_plugins = virtual
|
||||
mail_plugins = virtual
|
||||
}
|
||||
service imap-login {
|
||||
inet_listener imap {
|
||||
@ -130,13 +128,13 @@ dovecot_default_values:
|
||||
}
|
||||
|
||||
service auth {
|
||||
inet_listener {
|
||||
inet_listener {
|
||||
port = 12345
|
||||
}
|
||||
unix_listener auth-userdb {
|
||||
mode = 0660
|
||||
user = vmail
|
||||
#group =
|
||||
#group =
|
||||
}
|
||||
|
||||
# Postfix smtp-auth
|
||||
@ -158,7 +156,7 @@ dovecot_default_values:
|
||||
ssl = required
|
||||
#verbose_ssl = yes
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_min_protocol = TLSv1.3
|
||||
ssl_cert = </tls/tls.crt
|
||||
ssl_key = </tls/tls.key
|
||||
10-logging: |
|
||||
@ -170,7 +168,202 @@ dovecot_default_values:
|
||||
hostname = {{ domain }}
|
||||
rejection_reason = Your message to was automatically rejected:%n%r
|
||||
protocol lda {
|
||||
mail_plugins = virtual sieve
|
||||
mail_plugins = virtual sieve
|
||||
}
|
||||
20-lmtp: |
|
||||
protocol lmtp {
|
||||
mail_plugins = virtual sieve
|
||||
postmaster_address = postmaster@{{ domain }}
|
||||
}
|
||||
20-managesieve: |
|
||||
service managesieve-login {
|
||||
inet_listener sieve {
|
||||
port = 4190
|
||||
ssl = yes
|
||||
}
|
||||
service_count = 1
|
||||
vsz_limit = 64M
|
||||
}
|
||||
|
||||
service managesieve {
|
||||
process_limit = 1024
|
||||
}
|
||||
service:
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: "{{ dovecot_loadbalancer_ip | default(omit) }}"
|
||||
|
||||
# WIP
|
||||
dovecot_oidc: false
|
||||
dovecot_oidc_default_values:
|
||||
replicaCount: 1
|
||||
persistence:
|
||||
enabled: true
|
||||
existingClaim: mailboxes
|
||||
tls:
|
||||
enabled: true
|
||||
existingSecret: "{{ mail_short_name | default('mail') }}.{{ domain }}-secret"
|
||||
dovecot:
|
||||
configmaps:
|
||||
dovecot:
|
||||
dovecot: |
|
||||
protocols = imap lmtp sieve
|
||||
mail_max_userip_connections = 1000
|
||||
mail_plugins = virtual
|
||||
|
||||
auth_debug = yes
|
||||
auth_verbose = yes
|
||||
#haproxy_trusted_networks = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
||||
#haproxy_timeout = 30s
|
||||
dict {
|
||||
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||
}
|
||||
|
||||
# Most of the actual configuration gets included below. The filenames are
|
||||
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
||||
# in filenames are intended to make it easier to understand the ordering.
|
||||
!include conf.d/*.conf
|
||||
|
||||
# A config file can also tried to be included without giving an error if
|
||||
# it's not found:
|
||||
!include_try local.conf
|
||||
oauth2: |
|
||||
introspection_mode = post
|
||||
introspection_url = https://{{ dovecot_oidc_username }}:{{ dovecot_oidc_password }}@keycloak.{{ domain }}/auth/realms/{{ keycloak_realm }}/protocol/openid-connect/token/introspect
|
||||
grant_url = https://keycloak.{{ domain }}/auth/realms/{{ keycloak_realm }}/protocol/openid-connect/token
|
||||
#client_id = dovecot
|
||||
#client_secret = X10dQgQprHLxZj8nsvB2fEpJwuBr0hWq
|
||||
tokeninfo_url = https://keycloak.{{ domain }}/auth/realms/{{ keycloak_realm }}/protocol/openid-connect/token
|
||||
#tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
|
||||
rawlog_dir = /tmp/oauth2
|
||||
debug = yes
|
||||
#use_grant_password = no
|
||||
#username_attribute = username
|
||||
#pass_attrs = pass=%{oauth2:access_token}
|
||||
ldap: |
|
||||
confd:
|
||||
auth-ldap: |
|
||||
auth-oauth2: |
|
||||
passdb {
|
||||
driver = oauth2
|
||||
mechanisms = xoauth2 oauthbearer
|
||||
args = /etc/dovecot/oauth2.conf
|
||||
}
|
||||
userdb {
|
||||
driver = static
|
||||
args = uid=vmail gid=vmail home=/home/vmail/%u
|
||||
}
|
||||
10-auth: |
|
||||
auth_default_realm = {{ domain }}
|
||||
auth_username_format = %Lu
|
||||
auth_mechanisms = plain login xoauth2 oauthbearer
|
||||
10-mail: |
|
||||
mail_location = maildir:%h
|
||||
namespace inbox {
|
||||
inbox = yes
|
||||
}
|
||||
mail_uid = vmail
|
||||
mail_gid = vmail
|
||||
first_valid_uid = 1000
|
||||
last_valid_uid = 1000
|
||||
first_valid_gid = 1000
|
||||
last_valid_gid = 1000
|
||||
protocol !indexer-worker {
|
||||
}
|
||||
mbox_write_locks = fcntl
|
||||
10-master: |
|
||||
protocol imap {
|
||||
mail_plugins = virtual
|
||||
}
|
||||
service imap-login {
|
||||
inet_listener imap {
|
||||
#port = 143
|
||||
}
|
||||
inet_listener imaps {
|
||||
#port = 993
|
||||
#ssl = yes
|
||||
}
|
||||
inet_listener imap_haproxy {
|
||||
port = 1109
|
||||
#haproxy = yes
|
||||
}
|
||||
inet_listener imaps_haproxy {
|
||||
port = 10993
|
||||
ssl = yes
|
||||
#haproxy = yes
|
||||
}
|
||||
}
|
||||
|
||||
service pop3-login {
|
||||
inet_listener pop3 {
|
||||
#port = 110
|
||||
}
|
||||
inet_listener pop3s {
|
||||
#port = 995
|
||||
#ssl = yes
|
||||
}
|
||||
}
|
||||
|
||||
service lmtp {
|
||||
inet_listener lmtp {
|
||||
port = 24
|
||||
}
|
||||
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
||||
mode = 0600
|
||||
group = postfix
|
||||
user = postfix
|
||||
}
|
||||
user = vmail
|
||||
}
|
||||
|
||||
service imap {
|
||||
}
|
||||
|
||||
service pop3 {
|
||||
}
|
||||
|
||||
service auth {
|
||||
inet_listener {
|
||||
port = 12345
|
||||
}
|
||||
unix_listener auth-userdb {
|
||||
mode = 0660
|
||||
user = vmail
|
||||
#group =
|
||||
}
|
||||
|
||||
# Postfix smtp-auth
|
||||
unix_listener /var/spool/postfix/private/auth {
|
||||
mode = 0660
|
||||
user = postfix
|
||||
group = postfix
|
||||
}
|
||||
}
|
||||
|
||||
service auth-worker {
|
||||
}
|
||||
|
||||
service dict {
|
||||
unix_listener dict {
|
||||
}
|
||||
}
|
||||
10-ssl: |
|
||||
ssl = required
|
||||
#verbose_ssl = yes
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_min_protocol = TLSv1.3
|
||||
ssl_cert = </tls/tls.crt
|
||||
ssl_key = </tls/tls.key
|
||||
10-logging: |
|
||||
log_path = /dev/stderr
|
||||
info_log_path = /dev/stdout
|
||||
debug_log_path = /dev/stdout
|
||||
15-lda: |
|
||||
postmaster_address = postmaster@{{ domain }}
|
||||
hostname = {{ domain }}
|
||||
rejection_reason = Your message to was automatically rejected:%n%r
|
||||
protocol lda {
|
||||
mail_plugins = virtual sieve
|
||||
}
|
||||
20-lmtp: |
|
||||
protocol lmtp {
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
- set_fact:
|
||||
dovecot_combined_values: "{{ dovecot_default_values | combine(dovecot_values, recursive=true) }}"
|
||||
dovecot_combined_values: "{{ dovecot_default_values | combine(dovecot_values | default({}), recursive=true) }}"
|
||||
when: not mail_oidc
|
||||
|
||||
- set_fact:
|
||||
dovecot_combined_values: "{{ dovecot_oidc_default_values | combine(dovecot_oidc_values | default({}), recursive=true) }}"
|
||||
when: mail_oidc
|
||||
|
||||
- name: Deploy Dovecot
|
||||
kubernetes.core.helm:
|
||||
@ -9,5 +14,4 @@
|
||||
chart_ref: "{{ dovecot_chart_ref }}"
|
||||
chart_version: "{{ dovecot_version | default(omit) }}"
|
||||
release_values: "{{ dovecot_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
||||
|
||||
Reference in New Issue
Block a user