Uninstall mailu

2023-04-28 17:39:56 +02:00 · 2023-04-28 17:39:56 +02:00 · 776d7272e2
parent a9f5b833e8
commit 776d7272e2
12 changed files with 220 additions and 63 deletions
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@ -43,7 +43,7 @@ releases:
    createNamespace: false

  - <<: *mailu
-    installed: true
+    installed: false
    namespace: mailu-application
    createNamespace: true

--- a/badhouseplants/values/secrets.mailu.yaml
+++ b/badhouseplants/values/secrets.mailu.yaml
@ -1,8 +1,9 @@
-secretKey: ENC[AES256_GCM,data:AY41e2XkC0e32L/9MWxK4YkbeGj/piZpgIGjU7Bd,iv:3DRmPKD3YHgqizBq2EAy/BC0qc0mSmpLLMCxRXdakRc=,tag:HgnEjhISDMqUkoObbpf3NA==,type:str]
+secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str]
 initialAccount:
+    enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool]
    username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str]
    domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str]
-    password: ENC[AES256_GCM,data:HR5qr3fZIOs7ye4DkwtacY2BcQbxu+27Yw==,iv:pq+0zNOhxAAWGsy579HQCrymcq0dfbOph1xyzkgPdcA=,tag:dSR8CW94YNaRujBK/Ysmtw==,type:str]
+    password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str]
 postgresql:
    auth:
        password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str]
@ -30,8 +31,8 @@ sops:
            RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp
            QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-22T17:13:44Z"
-    mac: ENC[AES256_GCM,data:GMqaB9uNNkO2oLFncxOIql2vQyLneopSCIZ75sbEQJpbEtc+UltcQ46EaK8MeII3vEuxa5EvEZQbaz04+zfi33lDyYIv/0IsIyKkZg1WtC+6pEzoXUCSAfSLFaPPSsvaycerU+S9rUl4hXPJJmyg/tdm75HWg9KrA0LSnlO2PSI=,iv:XbFgdnsDa8kbX2EwEmyTDiktq3VWm3QBbfpTCB8LCWo=,tag:kLLsjih/YJkQa9K07791oQ==,type:str]
+    lastmodified: "2023-04-28T08:37:51Z"
+    mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/badhouseplants/values/values.istio-ingressgateway.yaml
+++ b/badhouseplants/values/values.istio-ingressgateway.yaml
@ -53,6 +53,8 @@ service:
      port: 995
      protocol: TCP
      targetPort: 995
+podAnnotations:
+  proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }'
 resources:
  requests:
    cpu: 100m
--- a/badhouseplants/values/values.mailu.yaml
+++ b/badhouseplants/values/values.mailu.yaml
@ -9,7 +9,7 @@ certificate:
        name: badhouseplants-issuer
      dnsNames:
        - badhouseplants.net
-        - "*.badhouseplants.net"
+        - "email.badhouseplants.net"
 # ------------------------------------------
 # -- Istio extenstion. Just because I'm
 # --  not using ingress nginx
@ -23,62 +23,67 @@ istio:
      hostname: email.badhouseplants.net
      service: mailu-front
      port: 80
-    - name: mailu-smpt
-      kind: tcp
-      gateway: badhouseplants-mail
-      service: mailu-front
-      hostname: "*"
-      port_match: 25
-      port: 25
-    - name: mailu-smpts
-      kind: tcp
-      gateway: badhouseplants-mail
-      port_match: 465
-      hostname: "*"
-      service: mailu-front
-      port: 465
-    - name: mailu-smpt-startls
-      kind: tcp
-      gateway: badhouseplants-mail
-      hostname: "*"
-      port_match: 587
-      service: mailu-front
-      port: 587
-    - name: mailu-imap
-      kind: tcp
-      hostname: "*"
-      gateway: badhouseplants-mail
-      port_match: 143
-      service: mailu-front
-      port: 143
-    - name: mailu-imaps
-      kind: tcp
-      gateway: badhouseplants-mail
-      hostname: "*"
-      port_match: 993
-      service: mailu-front
-      port: 993
-    - name: mailu-pop3
-      kind: tcp
-      gateway: badhouseplants-mail
-      port_match: 110
-      hostname: "*"
-      service: mailu-front
-      port: 110
-    - name: mailu-pop3s
-      kind: tcp
-      gateway: badhouseplants-mail
-      port_match: 993
-      hostname: "*"
-      service: mailu-front
-      port: 993
+    # - name: mailu-smpt
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # service: mailu-front
+      # hostname: email.badhousplants.net
+      # port_match: 25
+      # port: 25
+    # - name: mailu-smpts
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # port_match: 465
+      # hostname: email.badhousplants.net
+      # service: mailu-front
+      # port: 465
+    # - name: mailu-smpt-startls
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # hostname: email.badhousplants.net
+      # port_match: 587
+      # service: mailu-front
+      # port: 587
+    # - name: mailu-imap
+      # kind: tcp
+      # hostname: email.badhousplants.net
+      # gateway: badhouseplants-mail
+      # port_match: 143
+      # service: mailu-front
+      # port: 143
+    # - name: mailu-imaps
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # hostname: email.badhousplants.net
+      # port_match: 993
+      # service: mailu-front
+      # port: 993
+    # - name: mailu-pop3
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # port_match: 110
+      # hostname: email.badhousplants.net
+      # service: mailu-front
+      # port: 110
+    # - name: mailu-pop3s
+      # kind: tcp
+      # gateway: badhouseplants-mail
+      # port_match: 993
+      # hostname: email.badhousplants.net
+      # service: mailu-front
+      # port: 993
 subnet: 10.1.0.0/16
-sessionCookieSecure: false
+sessionCookieSecure: true
 hostnames:
-  - email.badhouseplants.net
+  - post.badhouseplants.net
 domain: badhouseplants.net
 persistence:
  single_pvc: false
+limits:
+  messageRatelimit:
+    value: "10/day"
+tls:
+  outboundLevel: secure
 ingress:
  enabled: false
  tls: false
@ -108,10 +113,10 @@ redis:
 postfix:
  resources:
    requests:
-      memory: 100Mi
-      cpu: 70m
+      memory: 1024Mi
+      cpu: 200m
    limits:
-      memory: 200Mi
+      memory: 1024Mi
      cpu: 200m 
  persistence:
    size: 1Gi
@ -148,11 +153,11 @@ postgresql:
    enabled: false
    storageClass: ""
    accessMode: ReadWriteOnce
-    size: 1Gi
+    size: 2Gi
 front:
  logLevel: DEBUG
  hostPort:
-    enabled: false
+    enabled: true
 rspamd:
  resources:
    requests:
@ -173,4 +178,4 @@ webmail:
    storageClass: ""
    accessModes: [ReadWriteOnce]
    claimNameOverride: ""
-    annotations: {}
+    annotations: {}
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -40,6 +40,11 @@ releases:
    installed: true
    namespace: openvpn-service
    createNamespace: false
+  
+  - <<: *metallb
+    installed: true
+    namespace: metallb-system
+    createNamespace: true

 helmfiles:
  - path: {{.Environment.Name }}/helmfile.yaml
--- a/manifests/badhouseplants-ip.yaml
+++ b/manifests/badhouseplants-ip.yaml
@ -0,0 +1,10 @@
+# addresspool.yaml
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: custom-addresspool
+  namespace: metallb-system
+spec: 
+  addresses:
+  - 195.201.250.50-195.201.250.50
--- a/manifests/debug/istio-stuff.yaml
+++ b/manifests/debug/istio-stuff.yaml
@ -0,0 +1,17 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: proxy-protocol
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: ingressgateway
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        listener_filters:
+        - name: envoy.listener.proxy_protocol
+
--- a/manifests/debug/proxy-prot.yaml
+++ b/manifests/debug/proxy-prot.yaml
@ -0,0 +1,17 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: proxy-protocol
+  namespace: istio-system
+spec:
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        listener_filters:
+        - name: envoy.listener.proxy_protocol
+        - name: envoy.listener.tls_inspector
+  workloadSelector:
+    labels:
+      istio: ingressgateway
--- a/manifests/debug/test.yaml
+++ b/manifests/debug/test.yaml
@ -0,0 +1,83 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: httpbin-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP2
+    hosts:
+    - "test.badhouseplants.net"
+  - hosts:
+    - "test.badhouseplants.net"
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: badhouseplants-wildcard-tls
+      mode: SIMPLE
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: httpbin
+spec:
+  hosts:
+  - "test.badhouseplants.net"
+  gateways:
+  - httpbin-gateway
+  http:
+  - route:
+    - destination:
+        host: httpbin
+        port:
+          number: 8000
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: httpbin
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: httpbin
+  labels:
+    app: httpbin
+    service: httpbin
+spec:
+  ports:
+  - name: http
+    port: 8000
+    targetPort: 80
+  selector:
+    app: httpbin
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: httpbin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: httpbin
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: httpbin
+        version: v1
+    spec:
+      serviceAccountName: httpbin
+      containers:
+      - image: docker.io/kong/httpbin
+        imagePullPolicy: IfNotPresent
+        name: httpbin
+        ports:
+        - containerPort: 80
--- a/manifests/etersoft-ip.yaml
+++ b/manifests/etersoft-ip.yaml
@ -0,0 +1,10 @@
+# addresspool.yaml
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: custom-addresspool
+  namespace: metallb-system
+spec: 
+  addresses:
+  - 91.232.225.63-91.232.225.63
--- a/releases.yaml
+++ b/releases.yaml
@ -79,6 +79,11 @@ templates:
    values:
      - common/values.{{ .Release.Name }}.yaml

+  metallb: &metallb
+    name: metallb
+    chart: metallb/metallb
+    version: 0.13.9
+
  cert-manager: &cert-manager
    name: cert-manager
    chart: jetstack/cert-manager
--- a/repositories.yaml
+++ b/repositories.yaml
@ -28,3 +28,5 @@ repositories:
    url: https://bedag.github.io/helm-charts/
  - name: mailu
    url: https://mailu.github.io/helm-charts/
+  - name: metallb
+    url: https://metallb.github.io/metallb