Ben Vincent
0e890c7b56
All checks were successful
Build / precommit (pull_request) Successful in 5m42s
- add stalwart module - add psql database on the shared patroni instance - add ceph-rgw credentials to eyaml - ensure psql pass and s3 access key are converted to sensitive
58 lines
2.3 KiB
YAML
58 lines
2.3 KiB
YAML
# Example hieradata for profiles::mail::stalwart
|
|
# This shows the required and optional parameters for Stalwart configuration
|
|
|
|
# Required: Unique node ID for each server in the cluster (1, 2, 3, etc.)
|
|
profiles::mail::stalwart::node_id: 1
|
|
|
|
# Required: Cluster role name for query_nodes() discovery
|
|
profiles::mail::stalwart::cluster_role: 'mail-backend'
|
|
|
|
# Required: PostgreSQL connection settings
|
|
profiles::mail::stalwart::postgresql_host: 'pgsql.example.com'
|
|
profiles::mail::stalwart::postgresql_port: 5432
|
|
profiles::mail::stalwart::postgresql_database: 'stalwart'
|
|
profiles::mail::stalwart::postgresql_user: 'stalwart'
|
|
profiles::mail::stalwart::postgresql_password: >
|
|
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
|
profiles::mail::stalwart::postgresql_ssl: true
|
|
|
|
# Required: S3/Ceph-RGW connection settings
|
|
profiles::mail::stalwart::s3_endpoint: 'https://ceph-rgw.example.com'
|
|
profiles::mail::stalwart::s3_bucket: 'stalwart-blobs'
|
|
profiles::mail::stalwart::s3_region: 'default'
|
|
profiles::mail::stalwart::s3_access_key: 'stalwart_access_key'
|
|
profiles::mail::stalwart::s3_secret_key: >
|
|
ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
|
|
profiles::mail::stalwart::s3_key_prefix: 'stalwart/'
|
|
|
|
# Required: Domains this mail backend serves
|
|
profiles::mail::stalwart::domains:
|
|
- 'example.com'
|
|
- 'mail.example.com'
|
|
|
|
# Required: Postfix relay host for SMTP delivery
|
|
profiles::mail::stalwart::postfix_relay_host: 'postfix.example.com'
|
|
|
|
# Optional: Protocol configuration (defaults shown)
|
|
profiles::mail::stalwart::enable_imap: true
|
|
profiles::mail::stalwart::enable_imap_tls: true
|
|
profiles::mail::stalwart::enable_http: true
|
|
profiles::mail::stalwart::enable_smtp_relay: true
|
|
|
|
# Optional: Management settings
|
|
profiles::mail::stalwart::manage_dns_records: true
|
|
profiles::mail::stalwart::log_level: 'info'
|
|
|
|
# Optional: TLS certificate paths (defaults shown)
|
|
profiles::mail::stalwart::tls_cert: '/etc/pki/tls/vault/certificate.crt'
|
|
profiles::mail::stalwart::tls_key: '/etc/pki/tls/vault/private.key'
|
|
|
|
# Example PKI alt_names configuration for TLS certificates
|
|
# This should include all domains and hostnames that need certificates
|
|
profiles::pki::vault::alt_names:
|
|
mail-backend:
|
|
- 'imap.example.com'
|
|
- 'mail.example.com'
|
|
- 'autoconfig.example.com'
|
|
- 'autodiscover.example.com'
|