feat: create stalwart module (#418)
- add stalwart module - add psql database on the shared patroni instance - add ceph-rgw credentials to eyaml - ensure psql pass and s3 access key are converted to sensitive Reviewed-on: #418
This commit was merged in pull request #418.
This commit is contained in:
@@ -0,0 +1,57 @@
|
||||
# Example hieradata for profiles::mail::stalwart
|
||||
# This shows the required and optional parameters for Stalwart configuration
|
||||
|
||||
# Required: Unique node ID for each server in the cluster (1, 2, 3, etc.)
|
||||
profiles::mail::stalwart::node_id: 1
|
||||
|
||||
# Required: Cluster role name for query_nodes() discovery
|
||||
profiles::mail::stalwart::cluster_role: 'mail-backend'
|
||||
|
||||
# Required: PostgreSQL connection settings
|
||||
profiles::mail::stalwart::postgresql_host: 'pgsql.example.com'
|
||||
profiles::mail::stalwart::postgresql_port: 5432
|
||||
profiles::mail::stalwart::postgresql_database: 'stalwart'
|
||||
profiles::mail::stalwart::postgresql_user: 'stalwart'
|
||||
profiles::mail::stalwart::postgresql_password: >
|
||||
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
||||
profiles::mail::stalwart::postgresql_ssl: true
|
||||
|
||||
# Required: S3/Ceph-RGW connection settings
|
||||
profiles::mail::stalwart::s3_endpoint: 'https://ceph-rgw.example.com'
|
||||
profiles::mail::stalwart::s3_bucket: 'stalwart-blobs'
|
||||
profiles::mail::stalwart::s3_region: 'default'
|
||||
profiles::mail::stalwart::s3_access_key: 'stalwart_access_key'
|
||||
profiles::mail::stalwart::s3_secret_key: >
|
||||
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
||||
profiles::mail::stalwart::s3_key_prefix: 'stalwart/'
|
||||
|
||||
# Required: Domains this mail backend serves
|
||||
profiles::mail::stalwart::domains:
|
||||
- 'example.com'
|
||||
- 'mail.example.com'
|
||||
|
||||
# Required: Postfix relay host for SMTP delivery
|
||||
profiles::mail::stalwart::postfix_relay_host: 'postfix.example.com'
|
||||
|
||||
# Optional: Protocol configuration (defaults shown)
|
||||
profiles::mail::stalwart::enable_imap: true
|
||||
profiles::mail::stalwart::enable_imap_tls: true
|
||||
profiles::mail::stalwart::enable_http: true
|
||||
profiles::mail::stalwart::enable_smtp_relay: true
|
||||
|
||||
# Optional: Management settings
|
||||
profiles::mail::stalwart::manage_dns_records: true
|
||||
profiles::mail::stalwart::log_level: 'info'
|
||||
|
||||
# Optional: TLS certificate paths (defaults shown)
|
||||
profiles::mail::stalwart::tls_cert: '/etc/pki/tls/vault/certificate.crt'
|
||||
profiles::mail::stalwart::tls_key: '/etc/pki/tls/vault/private.key'
|
||||
|
||||
# Example PKI alt_names configuration for TLS certificates
|
||||
# This should include all domains and hostnames that need certificates
|
||||
profiles::pki::vault::alt_names:
|
||||
mail-backend:
|
||||
- 'imap.example.com'
|
||||
- 'mail.example.com'
|
||||
- 'autoconfig.example.com'
|
||||
- 'autodiscover.example.com'
|
||||
@@ -0,0 +1,58 @@
|
||||
# Example hieradata for roles::infra::mail::backend
|
||||
# Place this in: hieradata/roles/infra/mail/backend.yaml
|
||||
|
||||
# Stalwart module configuration - all parameters passed directly to the module
|
||||
# stalwart::node_id: 1234 # Optional - automatically extracted from last 4 digits of hostname
|
||||
stalwart::cluster_role: 'mail-backend'
|
||||
|
||||
# PostgreSQL connection settings
|
||||
stalwart::postgresql_host: 'pgsql.example.com'
|
||||
stalwart::postgresql_port: 5432
|
||||
stalwart::postgresql_database: 'stalwart'
|
||||
stalwart::postgresql_user: 'stalwart'
|
||||
stalwart::postgresql_password: >
|
||||
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
||||
stalwart::postgresql_ssl: true
|
||||
|
||||
# S3/Ceph-RGW connection settings
|
||||
stalwart::s3_endpoint: 'https://ceph-rgw.example.com'
|
||||
stalwart::s3_bucket: 'stalwart-blobs'
|
||||
stalwart::s3_region: 'default'
|
||||
stalwart::s3_access_key: 'stalwart_access_key'
|
||||
stalwart::s3_secret_key: >
|
||||
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
||||
stalwart::s3_key_prefix: 'stalwart/'
|
||||
|
||||
# Domains this mail backend serves
|
||||
stalwart::domains:
|
||||
- 'example.com'
|
||||
- 'mail.example.com'
|
||||
|
||||
# Postfix relay host for SMTP delivery
|
||||
stalwart::postfix_relay_host: 'postfix.example.com'
|
||||
|
||||
# Optional protocol configuration (defaults shown)
|
||||
stalwart::enable_imap: true
|
||||
stalwart::enable_imap_tls: true
|
||||
stalwart::enable_http: true
|
||||
stalwart::enable_smtp_relay: true
|
||||
|
||||
# Optional management settings
|
||||
stalwart::manage_dns_records: true
|
||||
stalwart::log_level: 'info'
|
||||
|
||||
# Optional TLS certificate paths (defaults work with profiles::pki::vault)
|
||||
# stalwart::tls_cert: '/etc/pki/tls/vault/certificate.crt'
|
||||
# stalwart::tls_key: '/etc/pki/tls/vault/private.key'
|
||||
|
||||
# Optional path overrides (RPM package sets up these defaults)
|
||||
# stalwart::config_dir: '/opt/stalwart/etc'
|
||||
# stalwart::data_dir: '/var/lib/stalwart'
|
||||
|
||||
# PKI alt_names configuration for TLS certificates
|
||||
# This should include all domains and hostnames that need certificates
|
||||
profiles::pki::vault::alt_names:
|
||||
- 'imap.example.com'
|
||||
- 'mail.example.com'
|
||||
- 'autoconfig.example.com'
|
||||
- 'autodiscover.example.com'
|
||||
Reference in New Issue
Block a user