2025-12-11 23:54:43 -03:00
|
|
|
# services/mailu/helmrelease.yaml
|
|
|
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
|
|
|
kind: HelmRelease
|
|
|
|
|
metadata:
|
|
|
|
|
name: mailu
|
|
|
|
|
namespace: mailu-mailserver
|
|
|
|
|
spec:
|
|
|
|
|
interval: 30m
|
|
|
|
|
chart:
|
|
|
|
|
spec:
|
|
|
|
|
chart: mailu
|
|
|
|
|
version: 2.1.2
|
|
|
|
|
sourceRef:
|
|
|
|
|
kind: HelmRepository
|
|
|
|
|
name: mailu
|
|
|
|
|
namespace: flux-system
|
|
|
|
|
install:
|
|
|
|
|
remediation: { retries: 3 }
|
|
|
|
|
upgrade:
|
|
|
|
|
remediation: { retries: 3 }
|
2025-12-12 01:06:38 -03:00
|
|
|
cleanupOnFail: true
|
2025-12-11 23:54:43 -03:00
|
|
|
values:
|
|
|
|
|
mailuVersion: "2024.06"
|
|
|
|
|
domain: bstein.dev
|
|
|
|
|
hostnames: [mail.bstein.dev]
|
|
|
|
|
domains:
|
|
|
|
|
- name: bstein.dev
|
|
|
|
|
enabled: true
|
|
|
|
|
dkim:
|
|
|
|
|
enabled: true
|
|
|
|
|
timezone: Etc/UTC
|
|
|
|
|
subnet: 10.42.0.0/16
|
|
|
|
|
existingSecret: mailu-secret
|
|
|
|
|
externalDatabase:
|
|
|
|
|
enabled: true
|
|
|
|
|
type: postgresql
|
|
|
|
|
host: postgres-service.postgres.svc.cluster.local
|
|
|
|
|
port: 5432
|
|
|
|
|
database: mailu
|
|
|
|
|
username: mailu
|
|
|
|
|
existingSecret: mailu-db-secret
|
|
|
|
|
existingSecretUsernameKey: username
|
|
|
|
|
existingSecretPasswordKey: password
|
|
|
|
|
existingSecretDatabaseKey: database
|
|
|
|
|
initialAccount:
|
|
|
|
|
enabled: true
|
|
|
|
|
username: test
|
|
|
|
|
domain: bstein.dev
|
|
|
|
|
existingSecret: mailu-initial-account-secret
|
|
|
|
|
existingSecretPasswordKey: password
|
|
|
|
|
persistence:
|
|
|
|
|
accessModes: [ReadWriteMany]
|
|
|
|
|
size: 100Gi
|
|
|
|
|
storageClass: astreae
|
|
|
|
|
single_pvc: true
|
|
|
|
|
front:
|
|
|
|
|
hostnames: [mail.bstein.dev]
|
|
|
|
|
proxied: true
|
2025-12-12 00:49:45 -03:00
|
|
|
hostPort:
|
|
|
|
|
enabled: false
|
2025-12-11 23:54:43 -03:00
|
|
|
https:
|
|
|
|
|
enabled: true
|
|
|
|
|
external: true
|
|
|
|
|
forceHttps: false
|
|
|
|
|
externalService:
|
|
|
|
|
enabled: true
|
|
|
|
|
type: LoadBalancer
|
2025-12-12 00:49:45 -03:00
|
|
|
externalTrafficPolicy: Cluster
|
2025-12-11 23:54:43 -03:00
|
|
|
nodePorts:
|
|
|
|
|
pop3: 30010
|
|
|
|
|
pop3s: 30011
|
|
|
|
|
imap: 30143
|
|
|
|
|
imaps: 30993
|
|
|
|
|
manageSieve: 30419
|
|
|
|
|
smtp: 30025
|
|
|
|
|
smtps: 30465
|
|
|
|
|
submission: 30587
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
admin:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
extraEnvVars:
|
|
|
|
|
- name: FLASK_DEBUG
|
|
|
|
|
value: "1"
|
|
|
|
|
- name: ACCESSLOG
|
|
|
|
|
value: /dev/stdout
|
|
|
|
|
- name: ERRORLOG
|
|
|
|
|
value: /dev/stderr
|
|
|
|
|
- name: WEBROOT_REDIRECT
|
|
|
|
|
value: ""
|
|
|
|
|
- name: FORWARDED_ALLOW_IPS
|
|
|
|
|
value: 127.0.0.1,10.42.0.0/16
|
|
|
|
|
- name: DNS_RESOLVERS
|
|
|
|
|
value: 1.1.1.1,9.9.9.9
|
2025-12-12 01:06:38 -03:00
|
|
|
extraVolumes:
|
|
|
|
|
- name: unbound-config
|
|
|
|
|
configMap:
|
|
|
|
|
name: mailu-unbound
|
|
|
|
|
- name: unbound-run
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
extraVolumeMounts:
|
|
|
|
|
- name: unbound-config
|
|
|
|
|
mountPath: /etc/unbound
|
|
|
|
|
- name: unbound-run
|
|
|
|
|
mountPath: /var/lib/unbound
|
|
|
|
|
extraContainers:
|
|
|
|
|
- name: unbound
|
2025-12-12 01:12:48 -03:00
|
|
|
image: docker.io/mvance/unbound:1.22.0
|
2025-12-12 01:06:38 -03:00
|
|
|
args:
|
|
|
|
|
- -d
|
|
|
|
|
- -c
|
|
|
|
|
- /etc/unbound/unbound.conf
|
|
|
|
|
ports:
|
|
|
|
|
- containerPort: 53
|
|
|
|
|
protocol: UDP
|
|
|
|
|
- containerPort: 53
|
|
|
|
|
protocol: TCP
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: unbound-config
|
|
|
|
|
mountPath: /etc/unbound
|
|
|
|
|
- name: unbound-run
|
|
|
|
|
mountPath: /var/lib/unbound
|
2025-12-12 00:49:45 -03:00
|
|
|
dnsPolicy: None
|
|
|
|
|
dnsConfig:
|
|
|
|
|
nameservers:
|
2025-12-12 01:06:38 -03:00
|
|
|
- 127.0.0.1
|
|
|
|
|
searches:
|
|
|
|
|
- mailu-mailserver.svc.cluster.local
|
|
|
|
|
- svc.cluster.local
|
|
|
|
|
- cluster.local
|
2025-12-11 23:54:43 -03:00
|
|
|
clamav:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
dovecot:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
oletools:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
postfix:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
redis:
|
|
|
|
|
enabled: true
|
|
|
|
|
architecture: standalone
|
|
|
|
|
logLevel: DEBUG
|
2025-12-12 01:12:48 -03:00
|
|
|
image:
|
|
|
|
|
repository: bitnami/redis
|
|
|
|
|
tag: 7.2.4-debian-12-r6
|
2025-12-11 23:54:43 -03:00
|
|
|
master:
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
|
|
|
|
accessModes: [ReadWriteMany]
|
|
|
|
|
size: 8Gi
|
|
|
|
|
storageClass: astreae
|
|
|
|
|
rspamd:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
persistence:
|
|
|
|
|
accessModes: [ReadWriteOnce]
|
|
|
|
|
size: 8Gi
|
|
|
|
|
storageClass: astreae
|
|
|
|
|
tika:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
global:
|
|
|
|
|
logLevel: DEBUG
|
|
|
|
|
storageClass: astreae
|
|
|
|
|
webmail:
|
|
|
|
|
enabled: false
|
|
|
|
|
nodeSelector:
|
|
|
|
|
hardware: rpi4
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
ingressClassName: traefik
|
|
|
|
|
tls: true
|
|
|
|
|
existingSecret: mailu-certificates
|
|
|
|
|
annotations:
|
|
|
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
|
|
|
extraRules:
|
|
|
|
|
- host: mail.bstein.dev
|
|
|
|
|
http:
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
backend:
|
|
|
|
|
service:
|
|
|
|
|
name: mailu-front
|
|
|
|
|
port:
|
|
|
|
|
number: 443
|
|
|
|
|
service:
|
|
|
|
|
ports:
|
|
|
|
|
smtp:
|
|
|
|
|
port: 25
|
|
|
|
|
targetPort: 25
|
|
|
|
|
smtps:
|
|
|
|
|
port: 465
|
|
|
|
|
targetPort: 465
|
|
|
|
|
submission:
|
|
|
|
|
port: 587
|
|
|
|
|
targetPort: 587
|
