add roundcube

clusters/cl01tl/applications/roundcube/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+name: roundcube
+version: 1.0.0
+description: Roundcube
+keywords:
+  - roundcube
+  - email
+home: https://wiki.alexlebens.dev/doc/roundcube-miG1qbYSPs
+sources:
+  - https://github.com/roundcube/roundcubemail
+  - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://hub.docker.com/r/roundcube/roundcubemail
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: roundcube
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.6.1
+  - name: postgres-cluster
+    alias: postgres-17-cluster
+    version: 4.1.4
+    repository: http://alexlebens.github.io/helm-charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/roundcube.png
+appVersion: 1.6.9

clusters/cl01tl/applications/roundcube/templates/external-secret.yaml

@@ -0,0 +1,114 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: roundcube-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: roundcube-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: DES_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/roundcube/key
+        metadataPolicy: None
+        property: DES_KEY
+
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: roundcube-data-backup-secret
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: roundcube-data-backup-secret
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: vault
+#   target:
+#     template:
+#       mergePolicy: Merge
+#       engineVersion: v2
+#       data:
+#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data"
+#   data:
+#     - secretKey: BUCKET_ENDPOINT
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: S3_BUCKET_ENDPOINT
+#     - secretKey: RESTIC_PASSWORD
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: RESTIC_PASSWORD
+#     - secretKey: AWS_DEFAULT_REGION
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: AWS_DEFAULT_REGION
+#     - secretKey: AWS_ACCESS_KEY_ID
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: access_key
+#     - secretKey: AWS_SECRET_ACCESS_KEY
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: secret_key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: roundcube-postgresql-17-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: roundcube-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: secret

clusters/cl01tl/applications/roundcube/templates/replication-source.yaml

@@ -0,0 +1,27 @@
+# apiVersion: volsync.backube/v1alpha1
+# kind: ReplicationSource
+# metadata:
+#   name: roundcube-data-backup-source
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: roundcube-data-backup-source
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   sourcePVC: roundcube-data
+#   trigger:
+#     schedule: 0 0 */3 * *
+#   restic:
+#     pruneIntervalDays: 14
+#     repository: roundcube-data-backup-secret
+#     retain:
+#       hourly: 1
+#       daily: 1
+#       weekly: 1
+#       monthly: 2
+#       yearly: 4
+#     copyMethod: Snapshot
+#     storageClassName: ceph-block
+#     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/applications/roundcube/values.yaml

@@ -0,0 +1,238 @@
+roundcube:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: roundcube/roundcubemail
+            tag: 1.6.9-fpm-alpine
+            pullPolicy: IfNotPresent
+          env:
+            - name: ROUNDCUBEMAIL_DB_TYPE
+              value: pgsql
+            - name: ROUNDCUBEMAIL_DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: host
+            - name: ROUNDCUBEMAIL_DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: dbname
+            - name: ROUNDCUBEMAIL_DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: user
+            - name: ROUNDCUBEMAIL_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: password
+            - name: ROUNDCUBEMAIL_DES_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-key-secret
+                  key: DES_KEY
+            - name: ROUNDCUBEMAIL_DEFAULT_HOST
+              value: stalwart.stalwart
+            - name: ROUNDCUBEMAIL_DEFAULT_PORT
+              value: 143
+            - name: ROUNDCUBEMAIL_SMTP_SERVER
+              value: stalwart.stalwart
+            - name: ROUNDCUBEMAIL_SMTP_PORT
+              value: 25
+            - name: ROUNDCUBEMAIL_SKIN
+              value: elastic
+            - name: ROUNDCUBEMAIL_PLUGINS
+              value: archive,zipdownload,newmail_notifier
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+        nginx:
+          image:
+            repository: nginx
+            tag: 1.27.4-alpine
+            pullPolicy: IfNotPresent
+          env:
+            - name: NGINX_HOST
+              value: mail.alexlebens.dev
+            - name: NGINX_PHP_CGI
+              value: roundcube.roundcube:9000
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+    cleandb:
+      type: cronjob
+      cronjob:
+        suspend: false
+        concurrencyPolicy: Forbid
+        timeZone: US/Central
+        schedule: 0 4 * * *
+        startingDeadlineSeconds: 90
+        successfulJobsHistory: 3
+        failedJobsHistory: 3
+        backoffLimit: 3
+        parallelism: 1
+      containers:
+        backup:
+          image:
+            repository: roundcube/roundcubemail
+            tag: 1.6.9-fpm-alpine
+            pullPolicy: IfNotPresent
+          env:
+            - name: ROUNDCUBEMAIL_DB_TYPE
+              value: pgsql
+            - name: ROUNDCUBEMAIL_DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: host
+            - name: ROUNDCUBEMAIL_DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: dbname
+            - name: ROUNDCUBEMAIL_DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: user
+            - name: ROUNDCUBEMAIL_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-postgresql-17-cluster-app
+                  key: password
+            - name: ROUNDCUBEMAIL_DES_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: roundcube-key-secret
+                  key: DES_KEY
+            - name: ROUNDCUBEMAIL_DEFAULT_HOST
+              value: tls://stalwart.stalwart
+            - name: ROUNDCUBEMAIL_SMTP_SERVER
+              value: tls://stalwart.stalwart
+            - name: ROUNDCUBEMAIL_SKIN
+              value: elastic
+            - name: ROUNDCUBEMAIL_PLUGINS
+              value: archive,zipdownload,newmail_notifier
+          args:
+            - bin/cleandb.sh
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+  serviceAccount:
+    create: true
+  configMaps:
+    config:
+      enabled: true
+      data:
+        default.conf: |
+          server {
+              listen 80 default_server;
+              server_name _;
+              root /var/www/html;
+
+              location / {
+                  try_files $uri /index.php$is_args$args;
+              }
+
+              location ~ \.php(/|$) {
+                  try_files $uri =404;
+                  fastcgi_pass roundcube:9000;
+                  fastcgi_read_timeout 300;
+                  proxy_read_timeout 300;
+                  fastcgi_split_path_info ^(.+\.php)(/.*)$;
+                  include fastcgi_params;
+                  fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+                  fastcgi_param DOCUMENT_ROOT $realpath_root;
+                  internal;
+              }
+
+              client_max_body_size 6m;
+
+              error_log  /var/log/nginx/error.log;
+              access_log /var/log/nginx/access.log;
+          }
+  service:
+    main:
+      controller: main
+      ports:
+        mail:
+          port: 9000
+          targetPort: 9000
+          protocol: HTTP
+        web:
+          port: 80
+          targetPort: 80
+          protocol: HTTP
+  ingress:
+    tailscale:
+      enabled: true
+      className: tailscale
+      hosts:
+        - host: mail-cl01tl
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                name: roundcube
+                port: 80
+      tls:
+        - hosts:
+            - mail-cl01tl
+  persistence:
+    data:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /var/www/html
+              readOnly: false
+          nginx:
+            - path: /var/www/html
+              readOnly: false
+    temp:
+      type: emptyDir
+      advancedMounts:
+        main:
+          main:
+            - path: /tmp/roundcube-temp
+              readOnly: false
+    config:
+      enabled: true
+      type: configMap
+      name: roundcube-config
+      advancedMounts:
+        main:
+          nginx:
+            - path: /etc/nginx/conf.d/default.conf
+              readOnly: true
+              mountPropagation: None
+              subPath: default.conf
+postgres-17-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+  backup:
+    enabled: true
+    endpointURL: https://nyc3.digitaloceanspaces.com
+    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/roundcube/roundcube-postgresql-17-cluster
+    endpointCredentials: roundcube-postgresql-17-cluster-backup-secret
+    backupIndex: 1