bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mailu: add portal sender mailbox

Browse Source
This commit is contained in:
Brad Stein 2026-01-19 01:40:27 -03:00
parent aaf7e23603
commit f4b08b93eb
6 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/bstein-dev-home/backend-deployment.yaml
View File

@ -38,9 +38,9 @@ spec:
export SMTP_PORT="587"
export SMTP_STARTTLS="true"
export SMTP_USE_TLS="false"
export SMTP_USERNAME="test@bstein.dev"
export SMTP_USERNAME="no-reply-portal@bstein.dev"
export SMTP_PASSWORD="{{ .Data.data.password }}"
export SMTP_FROM="test@bstein.dev"
export SMTP_FROM="no-reply-portal@bstein.dev"
{{ end }}
spec:
automountServiceAccountToken: true

5
services/mailu/mailu-sync-cronjob.yaml
View File

@ -32,6 +32,9 @@ spec:
vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
{{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
{{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
spec:
restartPolicy: OnFailure
serviceAccountName: mailu-vault-sync
@ -55,6 +58,8 @@ spec:
value: bstein.dev
- name: MAILU_DEFAULT_QUOTA
value: "20000000000"
- name: MAILU_SYSTEM_USERS
value: no-reply-portal@bstein.dev
- name: MAILU_DB_HOST
value: postgres-service.postgres.svc.cluster.local
- name: MAILU_DB_PORT

7
services/mailu/mailu-sync-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: mailu-sync-7
name: mailu-sync-8
namespace: mailu-mailserver
spec:
template:
@ -26,6 +26,9 @@ spec:
vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
{{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
{{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
spec:
restartPolicy: OnFailure
affinity:
@ -63,6 +66,8 @@ spec:
value: bstein.dev
- name: MAILU_DEFAULT_QUOTA
value: "20000000000"
- name: MAILU_SYSTEM_USERS
value: no-reply-portal@bstein.dev
- name: MAILU_DB_HOST
value: postgres-service.postgres.svc.cluster.local
- name: MAILU_DB_PORT

5
services/mailu/mailu-sync-listener.yaml
View File

@ -46,6 +46,9 @@ spec:
vault.hashicorp.com/agent-inject-secret-mailu-sync-credentials__client-secret: "kv/data/atlas/mailu/mailu-sync-credentials"
vault.hashicorp.com/agent-inject-template-mailu-sync-credentials__client-secret: |
{{- with secret "kv/data/atlas/mailu/mailu-sync-credentials" -}}{{ index .Data.data "client-secret" }}{{- end -}}
vault.hashicorp.com/agent-inject-secret-mailu-initial-account-secret__password: "kv/data/atlas/mailu/mailu-initial-account-secret"
vault.hashicorp.com/agent-inject-template-mailu-initial-account-secret__password: |
{{- with secret "kv/data/atlas/mailu/mailu-initial-account-secret" -}}{{ .Data.data.password }}{{- end -}}
spec:
restartPolicy: Always
serviceAccountName: mailu-vault-sync
@ -69,6 +72,8 @@ spec:
value: bstein.dev
- name: MAILU_DEFAULT_QUOTA
value: "20000000000"
- name: MAILU_SYSTEM_USERS
value: no-reply-portal@bstein.dev
- name: MAILU_DB_HOST
value: postgres-service.postgres.svc.cluster.local
- name: MAILU_DB_PORT

26
services/mailu/scripts/mailu_sync.py
View File

@ -27,6 +27,12 @@ MAILU_DOMAIN = os.environ["MAILU_DOMAIN"]
MAILU_DEFAULT_QUOTA = int(os.environ.get("MAILU_DEFAULT_QUOTA", "20000000000"))
MAILU_ENABLED_ATTR = os.environ.get("MAILU_ENABLED_ATTR", "mailu_enabled")
MAILU_EMAIL_ATTR = "mailu_email"
MAILU_SYSTEM_USERS = [
item.strip()
for item in os.environ.get("MAILU_SYSTEM_USERS", "").split(",")
if item.strip()
]
MAILU_SYSTEM_PASSWORD = os.environ.get("MAILU_SYSTEM_PASSWORD", "").strip()
DB_CONFIG = {
"host": os.environ["MAILU_DB_HOST"],
@ -213,10 +219,26 @@ def ensure_mailu_user(cursor, email, password, display_name):
)
def ensure_system_mailboxes(cursor):
if not MAILU_SYSTEM_USERS:
return
if not MAILU_SYSTEM_PASSWORD:
log("MAILU_SYSTEM_USERS set but MAILU_SYSTEM_PASSWORD is missing; skipping system mailboxes")
return
for email in MAILU_SYSTEM_USERS:
localpart = email.split("@", 1)[0] if "@" in email else email
try:
ensure_mailu_user(cursor, email, MAILU_SYSTEM_PASSWORD, localpart)
log(f"Ensured system mailbox for {email}")
except Exception as exc:
log(f"Failed to ensure system mailbox {email}: {exc}")
def main():
token = retry_request("Keycloak token", get_kc_token)
users = retry_request("Keycloak user list", lambda: kc_get_users(token))
if not users:
if not users and not MAILU_SYSTEM_USERS:
log("No users found; exiting.")
return
@ -257,6 +279,8 @@ def main():
ensure_mailu_user(cursor, mailu_email, app_pw, display_name)
log(f"Synced mailbox for {mailu_email}")
ensure_system_mailboxes(cursor)
cursor.close()
conn.close()

1
services/mailu/scripts/mailu_vault_env.sh
View File

@ -12,3 +12,4 @@ export MAILU_DB_USER="$(read_secret mailu-db-secret__username)"
export MAILU_DB_PASSWORD="$(read_secret mailu-db-secret__password)"
export KEYCLOAK_CLIENT_ID="$(read_secret mailu-sync-credentials__client-id)"
export KEYCLOAK_CLIENT_SECRET="$(read_secret mailu-sync-credentials__client-secret)"
export MAILU_SYSTEM_PASSWORD="$(read_secret mailu-initial-account-secret__password)"