feat: create stalwart module (#418)

- add stalwart module
- add psql database on the shared patroni instance
- add ceph-rgw credentials to eyaml
- ensure psql pass and s3 access key are converted to sensitive

Reviewed-on: #418
This commit was merged in pull request #418.
This commit is contained in:
2025-11-08 19:09:30 +11:00
parent 92a48b4113
commit 9dd74013ea
13 changed files with 1067 additions and 2 deletions
+5
View File
@@ -0,0 +1,5 @@
---
profiles::sql::postgresdb::dbpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEZkKX2ThGom2PffofEuRBHbyiq68PCsq0+19eSa02fpVPKgZ/5BEjzBhwvrt0BWZWsjYGhccFQ69DR+lTuqS50GcRSAiNQ2LDX2a3J1pu39oIKsNVmcJTza0f5T0VeI3A7sZkn7jL+NVz5ANp8V0EMfAjaduGQ7Jac+8dBsvTrLbJ+1AZVrjaKPxOI1+5tpE7qx35mM0oDVy0NwmlaVf8vbK6jyzyUJRs4Sb+mpioPi5sDxHgClzsQnu93HqqAIqR5UzsUv7MDMljOGYUF5ITyPU836I1LEZ9UfiVO7AikQ3A31LaSUWvwsxRHKxiQXJ7v6W/O+Nt3jdIR0eoqC5xTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC11+SUDLmz6bBrGyfYT9DPgDB3UhuhJ3kUruMTdRCW0Y6hoSBBQYCO+ZRFJToGTkz/BcxVw2Xtwjc7UmKmLodsDAo=]
stalwart::s3_access_key: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAkMQhrgL/+XvSk2VTXruccabDTc6xA8RddymI7lwSfIs8rZ0houCeHqjBpWC7VMuZwger1R7CChlx0VoD657HNJNaDvXas/6gFLRIZgyl/EI5xcJ9V9247d3IPOd2yRVlniVQswBzlJOQa8/wJdjLOD1hxw56eEnqTfqmz3YUweEWBNtb0rNuti3eYTXA0MRVEAi7/PoSyAiDIMRMLFCZx5vo12GHNk5Ei6NioUbgzvazcVnvwPwGg9l5eKMqmGGGEobIcXSquV6aLqX5lbXM21hz0SSLLDOG8QRLbMR2yGX0w9lR1rU+5uNKiRYlOwoySQRx2Z0JX2G37OBa0srr2zBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAfExMqDF1zLjgY6YvwRrd+gCCV8+cT80RyNiWpLocDUjaQ66HK0K/gDpLiF3UZtoVpGw==]
stalwart::s3_secret_key: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEApO6B2vhdbciclFgKHK0hl7Vj3ssA60JTW71G1cdBMgp0vuvzl3jCTFsTRTfm0Xf+mdhfaDI0f2WmFs+e+0i8Aqmum1eTOda0TUwkUbE2d0TBlt+mAjdyDsiqBlwbU5sP+DLvweyM26w46u0SKqOufnIs0ZcPD5Hrv2Zut6OIPsMa6d3GTYHeOAIkC1T06wbpaYr31Z32NRhaHRgex4uduOUtZ7V2RJIX+HzTvCi4iFYNZvXI8sj4CG8SBCFq7SBYhegFnYh/L8RRwhz6qkCLJbmqqASZkYoPBFNqBFKyyTMsFprPPWM/nEGlkUOdGt6OgjsjsFs3hmGl69s5Nq2ixjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBClR0dhOig5w37ZDWdW16k/gDDJsGAJLQpXi3DqXNBegFC4T6A1Mn0fvKatZo2ET0xlkfaKJas484pMdOs0gQil9As=]
stalwart::fallback_admin_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAMp9wmIhRwj5kxfUcvc+/q/oUs/vBhSqP19ZfErM4vLDK20VOBTnPhSP2lfVh9pqO0c2hpWFeuqBWMynghO+HUBJfAn29Vrc8a9iSBxQ3XuF/uiRq1inOKCQpdsU18TyCrYV9AJFNf9U20JuUoav79m7EKLHS07PHAZ0osqIYy93eXdCFhwXAGHijp4wMMQz/5z1F1mZoSrc1cXe3y8iBeAvvjnRfpw14gOKZBjmEGUbo7AIyc3wax5hbOQYf/v+Hd90JarvAufxGytg9WKO20cChWYbmYDnIkytVt3vHdHf4RT8M635l6qwLr/70O1MdE7bkrVRKP8M3KLyH072pJTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDSJwptBDvPd0WpxiIovZsjgDBBwesNW+UNo4b0idhyqsyWL2rtO7wLStWHgUIvRFJACCrTKKqlu7sta6mhu/ZsnF0=]
+39
View File
@@ -0,0 +1,39 @@
---
hiera_include:
- stalwart
- profiles::sql::postgresdb
# additional altnames
profiles::pki::vault::alt_names:
- mail.main.unkin.net
- imap.main.unkin.net
# manage a pgsql database + user
profiles::sql::postgresdb::cluster_name: "patroni-shared-%{facts.environment}"
profiles::sql::postgresdb::dbname: stalwart
profiles::sql::postgresdb::dbuser: stalwart
# Cluster role for node discovery
stalwart::cluster_role: "%{facts.enc_role}"
# PostgreSQL connection
stalwart::postgresql_host: "master.%{hiera('profiles::sql::postgresdb::cluster_name')}.service.%{facts.country}-%{facts.region}.consul"
stalwart::postgresql_database: "%{hiera('profiles::sql::postgresdb::dbname')}"
stalwart::postgresql_user: "%{hiera('profiles::sql::postgresdb::dbuser')}"
stalwart::postgresql_password: "%{hiera('profiles::sql::postgresdb::dbpass')}"
# S3/Ceph-RGW connection
stalwart::s3_endpoint: 'https://radosgw.service.consul'
stalwart::s3_bucket: 'stalwart-maildata'
stalwart::s3_region: "%{facts.region}"
# Domains and relay
stalwart::domains:
- 'mail.unkin.net'
stalwart::postfix_relay_host: 'out-mta.main.unkin.net'
stalwart::manage_dns_records: true # DNS records point to individual servers
## With load balancer:
#stalwart::manage_dns_records: true
#stalwart::loadbalancer_host: 'mail-lb.example.com'