DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity
e6d38bbfd0
ansible-role-eom/tasks/mail.yaml

175 lines
5.3 KiB
YAML
Raw Blame History

---
# tasks file for mail
- name: Create DMS namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: mail
- name: Request a certificate for DMS
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mail
namespace: mail
spec:
secretName: mail
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
usages:
- server auth
- client auth
subject:
organizations:
- EOM
commonName: eom.dev
dnsNames:
- eom.dev
- postfix.eom.dev
- dovecot.eom.dev
issuerRef:
name: ca-issuer
kind: ClusterIssuer
- name: Create a persistent volume claim for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mail
namespace: mail
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Ti
- name: Create a deployment
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mail
namespace: mail
spec:
replicas: 1
selector:
matchLabels:
app: mail
template:
metadata:
labels:
app: mail
spec:
containers:
- name: mail
image: mailserver/docker-mailserver
volumeMounts:
- name: ssl
mountPath: /etc/letsencrypt
- name: mail
mountPath: /var/mail
ports:
- containerPort: 25
- containerPort: 465
- containerPort: 587
- containerPort: 993
- containerPort: 995
env:
- name: OVERRIDE_HOSTNAME
value: "postfix.eom.dev"
- name: POSTMASTER_ADDRESS
value: "postfix@eom.dev"
- name: ENABLE_POP3
value: "1"
- name: ACCOUNT_PROVISIONER
value: "LDAP"
- name: LDAP_SERVER_HOST
value: "ldap://openldap.openldap.svc.cluster.local/"
- name: LDAP_SEARCH_BASE
value: "dc=eom,dc=dev"
- name: LDAP_BIND_DN
value: "cn=readonly,dc=eom,dc=dev"
- name: LDAP_BIND_PW
value: "{{ openldap_readonly_password }}"
- name: LDAP_QUERY_FILTER_DOMAIN
value: "(mail=*@%s)"
- name: LDAP_QUERY_FILTER_USER
value: "(&(mail=%s)(memberOf=cn=Postfix Users,ou=Postfix,ou=Services,dc=eom,dc=dev))"
- name: LDAP_QUERY_FILTER_ALIAS
value: "(&(objectClass=posixAccount)(mailAlias=%s))"
- name: LDAP_QUERY_FILTER_GROUP
value: "(&(objectClass=posixAccount)(mailGroupMember=%s))"
- name: LDAP_QUERY_FILTER_SENDERS
value: "(&(objectClass=posixAccount)(|(mail=%s)(mailAlias=%s)(mailGroupMember=%s)))"
- name: SPOOF_PROTECTION
value: "1"
- name: DOVECOT_AUTH_BIND
value: "yes"
- name: DOVECOT_DEFAULT_PASS_SCHEME
value: "MD5-CRYPT"
- name: DOVECOT_USER_FILTER
value: "(&(objectClass=posixAccount)(uid=%n)(memberOf=cn=Dovecot Users,ou=Dovecot,ou=Services,dc=eom,dc=dev))"
- name: DOVECOT_PASS_ATTRS
value: "uid=user,userPassword=password"
- name: DOVECOT_USER_ATTRS
value: "=home=/var/mail/%{ldap:uid},=uid=%{ldap:uidNumber},=gid=%{ldap:gidNumber},=mail=maildir:~/Maildir"
- name: ENABLE_SASLAUTHD
value: "1"
- name: SASLAUTHD_MECHANISMS
value: "ldap"
- name: SASLAUTHD_LDAP_FILTER
value: "(mail=%U@eom.dev)"
- name: SSL_TYPE
value: "manual"
- name: SSL_CERT_PATH
value: "/etc/letsencrypt/tls.crt"
- name: SSL_KEY_PATH
value: "/etc/letsencrypt/tls.key"
volumes:
- name: ssl
secret:
secretName: mail
- name: mail
persistentVolumeClaim:
claimName: mail
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mail
namespace: mail
spec:
selector:
app: mail
ports:
- port: 25
name: smtp-a
- port: 465
name: smtp-b
- port: 587
name: smtps
- port: 993
name: imap
- port: 995
name: pop3
type: LoadBalancer
Reference in New Issue View Git Blame Copy Permalink