DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity
2d39534023
ansible-role-eom/tasks/mail.yaml
eric o meehan e26f748f87 v0.0.2
2024-08-05 16:27:30 -04:00

170 lines
5.5 KiB
YAML
Raw Blame History

---
# tasks file for mail
- name: Create ConfigMap for mail
k8s:
state: present
api_version: v1
kind: ConfigMap
name: mail
namespace: "eom-{{ target_namespace }}"
definition:
data:
server.crt: "{{ proxy_server_crt }}"
server.key: "{{ proxy_server_key }}"
- name: Create persistent volume for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: "eom-{{ target_namespace }}-mail"
spec:
capacity:
storage: 32Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/mail"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create a persistent volume claim for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 32Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-mail"
- name: Create a deployment
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: mail
template:
metadata:
labels:
app: mail
spec:
containers:
- name: mail
image: mailserver/docker-mailserver
volumeMounts:
- name: ssl
mountPath: /etc/letsencrypt
- name: mail
mountPath: /var/mail
ports:
- containerPort: 25
- containerPort: 465
- containerPort: 587
- containerPort: 993
env:
- name: OVERRIDE_HOSTNAME
value: "mail.eom.dev"
- name: ACCOUNT_PROVISIONER
value: "LDAP"
- name: LDAP_SERVER_HOST
value: "ldap://openldap/"
- name: LDAP_SEARCH_BASE
value: "dc=eom,dc=dev"
- name: LDAP_BIND_DN
value: "cn=admin,dc=eom,dc=dev"
- name: LDAP_BIND_PW
value: "{{ ldap_admin_password }}"
- name: LDAP_QUERY_FILTER_USER
value: "(&(mail=%s))"
- name: LDAP_QUERY_FILTER_GROUP
value: "(&(mailGroupMember=%s)(mailEnabled=TRUE))"
- name: LDAP_QUERY_FILTER_ALIAS
value: "(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))"
- name: LDAP_QUERY_FILTER_DOMAIN
value: "(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))"
- name: DOVECOT_PASS_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- name: DOVECOT_USER_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- name: ENABLE_SASLAUTHD
value: "1"
- name: SASLAUTHD_MECHANISMS
value: "ldap"
- name: SASLAUTHD_LDAP_SERVER
value: "ldap://openldap/"
- name: SASLAUTHD_LDAP_BIND_DN
value: "cn=admin,dc=eom,dc=dev"
- name: SASLAUTHD_LDAP_PASSWORD
value: "{{ ldap_admin_password }}"
- name: SASLAUTHD_LDAP_SEARCH_BASE
value: "dc=eom,dc=dev"
- name: SASLAUTHD_LDAP_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))"
- name: POSTMASTER_ADDRESS
value: "admin@mail.eom.dev"
- name: SSL_TYPE
value: "manual"
- name: SSL_CERT_PATH
value: "/etc/letsencrypt/server.crt"
- name: SSL_KEY_PATH
value: "/etc/letsencrypt/server.key"
volumes:
- name: ssl
configMap:
name: mail
- name: mail
persistentVolumeClaim:
claimName: mail
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
selector:
app: mail
ports:
- port: 25
name: mail-25
nodePort: 30025
- port: 465
name: mail-465
nodePort: 30465
- port: 587
name: mail-587
nodePort: 30587
- port: 993
name: mail-993
nodePort: 30993
type: NodePort
Reference in New Issue View Git Blame Copy Permalink