# services/mailu/helmrelease.yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: mailu namespace: mailu-mailserver spec: interval: 30m chart: spec: chart: mailu version: 2.1.2 sourceRef: kind: HelmRepository name: mailu namespace: flux-system install: remediation: { retries: 3 } timeout: 10m upgrade: remediation: retries: 3 remediateLastFailure: true cleanupOnFail: true timeout: 10m values: mailuVersion: "2024.06" domain: bstein.dev hostnames: [mail.bstein.dev] domains: - name: bstein.dev enabled: true dkim: enabled: true timezone: Etc/UTC subnet: 10.42.0.0/16 existingSecret: mailu-secret externalDatabase: enabled: true type: postgresql host: postgres-service.postgres.svc.cluster.local port: 5432 database: mailu username: mailu existingSecret: mailu-db-secret existingSecretUsernameKey: username existingSecretPasswordKey: password existingSecretDatabaseKey: database initialAccount: enabled: true username: test domain: bstein.dev existingSecret: mailu-initial-account-secret existingSecretPasswordKey: password persistence: accessModes: [ReadWriteMany] size: 100Gi storageClass: astreae single_pvc: true front: hostnames: [mail.bstein.dev] proxied: true hostPort: enabled: false https: enabled: false external: false forceHttps: false externalService: enabled: true type: LoadBalancer externalTrafficPolicy: Cluster ports: submission: true nodePorts: pop3: 30010 pop3s: 30011 imap: 30143 imaps: 30993 manageSieve: 30419 smtp: 30025 smtps: 30465 submission: 30587 logLevel: DEBUG nodeSelector: hardware: rpi4 admin: logLevel: DEBUG nodeSelector: hardware: rpi4 podLivenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 podReadinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 extraEnvVars: - name: FLASK_DEBUG value: "1" - name: ACCESSLOG value: /dev/stdout - name: ERRORLOG value: /dev/stderr - name: WEBROOT_REDIRECT value: "" - name: FORWARDED_ALLOW_IPS value: 127.0.0.1,10.42.0.0/16 - name: DNS_RESOLVERS value: 1.1.1.1,9.9.9.9 extraVolumes: - name: unbound-config configMap: name: mailu-unbound - name: unbound-run emptyDir: {} extraVolumeMounts: - name: unbound-run mountPath: /var/lib/unbound extraContainers: - name: unbound image: docker.io/alpine:3.20 command: ["/bin/sh", "-c"] args: - | while :; do printf "nameserver 10.43.0.10\n" > /etc/resolv.conf if apk add --no-cache unbound bind-tools; then break fi echo "apk failed, retrying" >&2 sleep 10 done cat >/etc/resolv.conf <<'EOF' search mailu-mailserver.svc.cluster.local svc.cluster.local cluster.local nameserver 127.0.0.1 EOF unbound-anchor -a /var/lib/unbound/root.key || true exec unbound -d -c /opt/unbound/etc/unbound/unbound.conf ports: - containerPort: 53 protocol: UDP - containerPort: 53 protocol: TCP volumeMounts: - name: unbound-config mountPath: /opt/unbound/etc/unbound - name: unbound-run mountPath: /var/lib/unbound dnsPolicy: None dnsConfig: nameservers: - 127.0.0.1 searches: - mailu-mailserver.svc.cluster.local - svc.cluster.local - cluster.local clamav: image: repository: clamav/clamav-debian tag: "1.4" logLevel: DEBUG nodeSelector: hardware: rpi5 resources: requests: cpu: 200m memory: 1Gi limits: cpu: 500m memory: 3Gi livenessProbe: enabled: false initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 startupProbe: enabled: false initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 20 successThreshold: 1 readinessProbe: enabled: false initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 dovecot: logLevel: DEBUG nodeSelector: hardware: rpi4 oletools: logLevel: DEBUG nodeSelector: hardware: rpi4 postfix: logLevel: DEBUG nodeSelector: hardware: rpi4 redis: enabled: true architecture: standalone logLevel: DEBUG image: repository: bitnamilegacy/redis tag: 8.0.3-debian-12-r3 master: nodeSelector: hardware: rpi4 persistence: enabled: true accessModes: [ReadWriteMany] size: 8Gi storageClass: astreae rspamd: logLevel: DEBUG nodeSelector: hardware: rpi4 persistence: accessModes: [ReadWriteOnce] size: 8Gi storageClass: astreae tika: logLevel: DEBUG nodeSelector: hardware: rpi4 global: logLevel: DEBUG storageClass: astreae webmail: enabled: false nodeSelector: hardware: rpi4 ingress: enabled: false ingressClassName: traefik tls: true existingSecret: mailu-certificates annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/service.serversscheme: https traefik.ingress.kubernetes.io/service.serverstransport: mailu-transport@kubernetescrd extraRules: - host: mail.bstein.dev http: paths: - path: / pathType: Prefix backend: service: name: mailu-front port: number: 443 service: ports: smtp: port: 25 targetPort: 25 smtps: port: 465 targetPort: 465 submission: port: 587 targetPort: 587