feat: create stalwart module (#418)

- add stalwart module
- add psql database on the shared patroni instance
- add ceph-rgw credentials to eyaml
- ensure psql pass and s3 access key are converted to sensitive

Reviewed-on: #418
This commit was merged in pull request #418.
This commit is contained in:
2025-11-08 19:09:30 +11:00
parent 92a48b4113
commit 9dd74013ea
13 changed files with 1067 additions and 2 deletions
+26
View File
@@ -0,0 +1,26 @@
# @summary Manages Stalwart Mail Server service
#
# @api private
class stalwart::service {
assert_private()
# Service is installed by the RPM package
service { 'stalwart':
ensure => running,
enable => true,
subscribe => [
File[$stalwart::tls_cert],
File[$stalwart::tls_key],
],
}
# Add capability to bind to privileged ports (143, 443, 993)
systemd::manage_dropin { 'bind-capabilities.conf':
ensure => present,
unit => 'stalwart.service',
service_entry => {
'AmbientCapabilities' => 'CAP_NET_BIND_SERVICE',
},
notify => Service['stalwart'],
}
}