Add Gitea and Mail modules with configuration and resources

- Created Gitea module with outputs, provider, and variables for deployment.
- Implemented Mail module including configuration for Dovecot and Postfix, along with necessary resources such as secrets, config maps, and deployments.
- Added Python script for bcrypt password hashing and integrated it into the Mail module.
- Defined persistent volumes and claims for Seafile module, along with Nginx configuration for serving content.
- Established necessary variables for all modules to ensure flexibility and configurability.
This commit is contained in:
2025-04-27 22:36:18 +02:00
parent 58fb1ea167
commit b7408fb4d8
25 changed files with 715 additions and 207 deletions
@@ -1,253 +0,0 @@
dovecot_config_version = "2.4.0"
dovecot_storage_version = "2.4.0"
base_dir = /run/dovecot
state_dir = /run/dovecot
protocols = imap lmtp
listen = *
mail_driver=maildir
mailbox_list_layout=index
mailbox_list_utf8=yes
mail_path=~/mail
mail_home=/var/mail/%{user|lower}
mail_utf8_extensions = yes
default_internal_user = vmail
default_login_user = vmail
default_internal_group = vmail
mail_uid = vmail
mail_gid = vmail
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = create
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = create
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = create
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = create
auto = subscribe
}
mailbox Archive {
special_use = \Archive
auto = create
auto = subscribe
}
}
passdb passwd-file {
driver = passwd-file
passwd_file_path = /etc/dovecot/users
}
ssl_server {
cert_file = /etc/letsencrypt/tls.crt
key_file = /etc/letsencrypt/tls.key
}
mail_attribute {
dict file {
path = %{home}/dovecot-attributes
}
}
log_path = /dev/stdout
imap_hibernate_timeout = 5s
mail_plugins {
fts = yes
fts_flatcurve = yes
mail_log = yes
notify = yes
}
mail_log_events = delete undelete expunge save copy mailbox_create mailbox_delete mailbox_rename flag_change
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 999
fts_search_add_missing = yes
language_filters = normalizer-icu snowball stopwords
language_tokenizers = generic email-address
language_tokenizer_generic_algorithm = simple
language en {
default = yes
filters = lowercase snowball english-possessive stopwords
}
fts flatcurve {
substring_search = yes
}
protocol imap {
mail_plugins {
imap_sieve = yes
imap_filter_sieve = yes
}
}
lmtp_save_to_detail_mailbox = yes
recipient_delimiter = +
protocol lmtp {
mail_plugins {
sieve = yes
}
}
service imap-login {
process_min_avail = 1
client_limit = 100
inet_listener imap {
port = 31143
}
inet_listener imaps {
port = 31993
ssl = yes
}
}
service stats {
process_min_avail = 1
inet_listener http {
port = 9090
}
}
auth_mechanisms = plain login
service auth {
inet_listener auth {
port = 31000
}
}
# LMTP service to store sent emails
service lmtp {
inet_listener auth {
port = 31024
}
mail_plugins {
sieve = yes
}
}
event_exporter log {
format = json
time_format = rfc3339
}
metric auth_success {
filter = (event=auth_request_finished AND success=yes)
}
metric auth_failure {
filter = (event=auth_request_finished AND NOT success=yes)
exporter = log
}
metric imap_command {
filter = event=imap_command_finished
group_by cmd_name {
method discrete {
}
}
group_by tagged_reply_state {
method discrete {
}
}
}
metric smtp_command {
filter = event=smtp_server_command_finished and protocol=submission
group_by cmd_name {
method discrete {
}
}
group_by status_code {
method discrete {
}
}
group_by duration {
method exponential {
base = 10
min_magnitude = 1
max_magnitude = 5
}
}
}
metric lmtp_command {
filter = event=smtp_server_command_finished and protocol=lmtp
group_by cmd_name {
method discrete {
}
}
group_by status_code {
method discrete {
}
}
group_by duration {
method exponential {
base = 10
min_magnitude = 1
max_magnitude = 5
}
}
}
metric mail_delivery {
filter = event=mail_delivery_finished
group_by duration {
method exponential {
base = 10
min_magnitude = 1
max_magnitude = 5
}
}
}
sieve_script default {
path = /etc/dovecot/sieve/default.sieve
}
mail_plugins {
mail_crypt = yes
}
crypt_global_private_key main {
crypt_private_key_file = /etc/mail-crypt/ecprivkey.pem
}
crypt_global_public_key_file = /etc/mail-crypt/ecpubkey.pem
log_path = /dev/stdout
info_log_path = /dev/stdout
debug_log_path = /dev/stdout
# Enable verbose logging
# auth_verbose = yes
# auth_debug = yes
# auth_debug_passwords = yes
# mail_debug = yes
@@ -1,20 +0,0 @@
[retriever]
type = SimpleIMAPSSLRetriever
server = ${server}
port = ${port}
username = ${username}
password = ${password}
mailboxes = ('${mailbox}',)
[destination]
type = MDA_lmtp
host = ${dovecot_lmtp_address}
port = ${dovecot_lmtp_port}
override = ${recipient}@${domain}
[options]
read_all = false
delete_after = ${delete_after}
verbose = 1
mark_read = true
@@ -1,81 +0,0 @@
#!/bin/bash
if [ -z "$SMTP_HOST" ]; then
echo "SMTP_HOST is required"
exit 1
fi
if [ -z "$SMTP_PORT" ]; then
echo "SMTP_PORT is required"
exit 1
fi
if [ -z "$SMTP_USER" ]; then
echo "SMTP_USER is required"
exit 1
fi
if [ -z "$SMTP_PASSWORD" ]; then
echo "SMTP_PASSWORD is required"
exit 1
fi
if [ -z "$DOVECOT_AUTH_ADDRESS" ]; then
echo "DOVECOT_AUTH_ADDRESS is required"
exit 1
fi
if [ -z "$DOVECOT_AUTH_PORT" ]; then
echo "DOVECOT_AUTH_PORT is required"
exit 1
fi
postconf -e "myhostname=$MAILNAME"
postconf -e "mydomain=$MY_PRIMARY_DOMAIN"
postconf -e "myorigin=$MY_PRIMARY_DOMAIN"
postconf -e "smtpd_banner=\$myhostname ESMTP \$mail_name"
postconf -e "mydestination=$MY_DESTINATION"
# Relay configuration
postconf -e "relayhost=[$SMTP_HOST]:$SMTP_PORT"
postconf -e "smtp_sasl_auth_enable=yes"
postconf -e "smtp_sasl_password_maps=static:$SMTP_USER:$SMTP_PASSWORD"
postconf -e "smtp_sasl_security_options=noanonymous"
postconf -e "smtp_tls_security_level=encrypt"
postconf -e "smtp_use_tls=yes"
postconf -e "smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt"
# SASL configuration
postconf -e "smtpd_sasl_type=dovecot"
postconf -e "smtpd_sasl_path=inet:$DOVECOT_AUTH_ADDRESS:$DOVECOT_AUTH_PORT"
postconf -e "smtpd_sasl_auth_enable=yes"
postconf -e "smtpd_sasl_security_options=noanonymous"
postconf -e "smtpd_recipient_restrictions=permit_sasl_authenticated, reject"
postconf -e "smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination"
postconf -e "smtpd_sasl_authenticated_header=yes"
postconf -e "smtpd_tls_wrappermode=yes"
# TLS configuration
postconf -e "smtpd_tls_cert_file=/etc/letsencrypt/tls.crt"
postconf -e "smtpd_tls_key_file=/etc/letsencrypt/tls.key"
postconf -e "smtpd_tls_security_level=encrypt"
postconf -e "smtp_tls_wrappermode=yes"
# BCC configuration
postconf -e "virtual_transport=lmtp:[$DOVECOT_LMTP_ADDRESS]:$DOVECOT_LMTP_PORT"
# Other configuration
postconf -e "inet_interfaces=all"
postconf -e "inet_protocols=ipv4"
postconf -e "queue_directory=/var/spool/postfix"
postconf -e "compatibility_level=2"
# Debugging
# postconf -e "debug_peer_list=127.0.0.1"
# postconf -e "debug_peer_level=3"
echo "
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
" | sudo tee -a /etc/postfix/master.cf
/usr/sbin/postfix -c /etc/postfix start
/usr/sbin/postfix -c /etc/postfix abort
exec "$POSTFIX_PATH" -c /etc/postfix -s
-5
View File
@@ -1,5 +0,0 @@
require ["fileinto", "envelope"];
if envelope :is "from" "${user}" {
fileinto "Sent";
}