puppet-prod/hieradata/roles/infra/mail/backend.yaml

---
hiera_include:
  - stalwart
  - profiles::sql::postgresdb
  - profiles::stalwart::haproxy

# additional altnames
profiles::pki::vault::alt_names:
  - mail.main.unkin.net
  - imap.main.unkin.net

# manage a pgsql database + user
profiles::sql::postgresdb::cluster_name: "patroni-shared-%{facts.environment}"
profiles::sql::postgresdb::dbname: stalwart
profiles::sql::postgresdb::dbuser: stalwart

# export backends to haproxy
profiles::stalwart::haproxy::enable: true

# Cluster role for node discovery
stalwart::cluster_role: "%{facts.enc_role}"

# PostgreSQL connection
stalwart::postgresql_host: "master.%{hiera('profiles::sql::postgresdb::cluster_name')}.service.%{facts.country}-%{facts.region}.consul"
stalwart::postgresql_database: "%{hiera('profiles::sql::postgresdb::dbname')}"
stalwart::postgresql_user: "%{hiera('profiles::sql::postgresdb::dbuser')}"
stalwart::postgresql_password: "%{hiera('profiles::sql::postgresdb::dbpass')}"

# S3/Ceph-RGW connection
stalwart::s3_endpoint: 'https://radosgw.service.consul'
stalwart::s3_bucket: 'stalwart-maildata'
stalwart::s3_region: "%{facts.region}"

# Domains and relay
stalwart::domains:
  - 'mail.unkin.net'
stalwart::postfix_relay_host: 'out-mta.main.unkin.net'
stalwart::manage_dns_records: false

## With load balancer:
#stalwart::manage_dns_records: true
#stalwart::loadbalancer_host: 'mail-lb.example.com'