mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
137 lines
5.0 KiB
Go Template
137 lines
5.0 KiB
Go Template
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
certificate:
|
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
request:
|
|
enabled: false
|
|
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: true
|
|
capabilities: {}
|
|
enabled: true
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
privileged: true
|
|
seLinuxOptions:
|
|
{{ .Values.seLinuxOptions.postfix | toYaml | nindent 4 }}
|
|
|
|
global:
|
|
imagePullSecrets:
|
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
|
|
image:
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.postfix.registry | quote }}
|
|
repository: {{ .Values.images.postfix.repository | quote }}
|
|
tag: {{ .Values.images.postfix.tag | quote }}
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
persistence:
|
|
size: {{ .Values.persistence.storages.postfix.size | quote }}
|
|
storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
|
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 101
|
|
|
|
postfix:
|
|
amavisHost: ""
|
|
amavisPortIn: ""
|
|
domain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
|
hostname: "postfix"
|
|
inetProtocols: "ipv4"
|
|
messageSizeLimit: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
|
|
milterDefaultAction: "tempfail"
|
|
{{- if .Values.apps.dkimpy.enabled }}
|
|
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
|
{{- end }}
|
|
minTLSVersion: "TLSv1.2"
|
|
smtpdTLSMandatoryCiphers: "medium"
|
|
rspamdHost: ""
|
|
{{- if .Values.smtp.host }}
|
|
relayHost:
|
|
enabled: true
|
|
host: {{ .Values.smtp.host }}
|
|
port: {{ .Values.smtp.port }}
|
|
authentication:
|
|
username:
|
|
value: {{ .Values.smtp.username }}
|
|
password:
|
|
value: {{ .Values.smtp.password }}
|
|
smtpSASLAuthEnable: "yes"
|
|
{{- else }}
|
|
smtpSASLAuthEnable: "no"
|
|
{{- end }}
|
|
allowRelayNets: false
|
|
smtpTLSSecurityLevel: "encrypt"
|
|
smtpdSASLAuthEnable: "yes"
|
|
smtpdSASLSecurityOptions: {{ .Values.smtp.security.smtpdSASLSecurityOptions | join ", " | quote }}
|
|
smtpSASLSecurityOptions: {{ .Values.smtp.security.smtpSASLSecurityOptions | join ", " | quote }}
|
|
smtpdSASLType: "dovecot"
|
|
smtpdTLSSecurityLevel: "encrypt"
|
|
smtpdTLSCertFile: "/etc/tls/tls.crt"
|
|
smtpdKeyFile: "/etc/tls/tls.key"
|
|
smtpdSASLPath: "inet:dovecot:3659"
|
|
|
|
staticAuthDB:
|
|
enabled: false
|
|
|
|
ldapTransportMaps: []
|
|
|
|
ldapVirtualAliasMaps:
|
|
- host: "ums-ldap-server"
|
|
scheme: "ldap"
|
|
port: 389
|
|
baseDn: "{{ .Values.ldap.baseDn }}"
|
|
bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
|
|
password:
|
|
value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
|
|
# ldap filter to find groups with mail address
|
|
queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
|
|
# -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
|
|
resultAttribute: ""
|
|
# -- do a recursive search on the specified attribute if found, should be a DN
|
|
specialResultAttribute: "uniqueMember"
|
|
# -- return the following attribute from all found leaves when a recursive search is done
|
|
leafResultAttribute: "mailPrimaryAddress"
|
|
|
|
{{- if .Values.antivirus.milter.host }}
|
|
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
|
{{- else }}
|
|
{{- if .Values.apps.clamavDistributed.enabled }}
|
|
smtpdMilters: "inet:clamav-milter:7357"
|
|
{{- else if .Values.apps.clamavSimple.enabled }}
|
|
smtpdMilters: "inet:clamav-simple:7357"
|
|
{{- end }}
|
|
{{- end }}
|
|
virtualMailboxDomains: {{ toYaml (prepend .Values.global.additionalMailDomains (.Values.global.mailDomain | default .Values.global.domain) | uniq) | nindent 4 }}
|
|
virtualTransport: "lmtps:dovecot:24"
|
|
|
|
podAnnotations:
|
|
intents.otterize.com/service-name: "open-xchange-postfix"
|
|
{{- with .Values.annotations.openxchangePostfix.pod }}
|
|
{{ . | toYaml | nindent 2 }}
|
|
{{- end }}
|
|
|
|
replicaCount: {{ .Values.replicas.postfix }}
|
|
|
|
resources:
|
|
{{ .Values.resources.postfix | toYaml | nindent 2 }}
|
|
|
|
{{- if or (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "LoadBalancer") }}
|
|
service:
|
|
annotations:
|
|
{{ .Values.annotations.openxchangePostfix.service | toYaml | nindent 4 }}
|
|
external:
|
|
enabled: true
|
|
annotations:
|
|
{{ .Values.annotations.openxchangePostfix.serviceExternal | toYaml | nindent 6 }}
|
|
type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }}
|
|
{{- end }}
|
|
...
|