diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index b551c5c24..8de67fbcf 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -222,10 +222,10 @@ homepage: siteMonitor: http://home-assistant.home-assistant:8123 statusStyle: dot - Email: - icon: https://raw.githubusercontent.com/stalwartlabs/website/main/static/img/logo.png - description: Stalwart - href: https://stalwart.alexlebens.net - siteMonitor: http://stalwart.stalwart:80 + icon: roundcube.svg + description: Roundcube + href: https://mail.alexlebens.net + siteMonitor: http://roundcube.roundcube:80 statusStyle: dot - Project Planning: icon: taiga.png @@ -345,6 +345,12 @@ homepage: href: https://authentik.alexlebens.net siteMonitor: http://authentik-server.authentik:80 statusStyle: dot + - Email: + icon: https://raw.githubusercontent.com/stalwartlabs/website/main/static/img/logo.png + description: Stalwart + href: https://stalwart.alexlebens.net + siteMonitor: http://stalwart.stalwart:80 + statusStyle: dot - Reverse Proxy (cl01tl): icon: traefik.png description: Traefik diff --git a/clusters/cl01tl/applications/roundcube/Chart.yaml b/clusters/cl01tl/applications/roundcube/Chart.yaml new file mode 100644 index 000000000..5b1110420 --- /dev/null +++ b/clusters/cl01tl/applications/roundcube/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +name: roundcube +version: 1.0.0 +description: Roundcube +keywords: + - roundcube + - email +home: https://wiki.alexlebens.dev/doc/roundcube-miG1qbYSPs +sources: + - https://github.com/roundcube/roundcubemail + - https://github.com/cloudflare/cloudflared + - https://github.com/cloudnative-pg/cloudnative-pg + - https://hub.docker.com/r/roundcube/roundcubemail + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/alexlebens/helm-charts/charts/cloudflared + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: roundcube + repository: https://bjw-s.github.io/helm-charts/ + version: 3.3.2 + - name: cloudflared + alias: cloudflared + repository: http://alexlebens.github.io/helm-charts + version: 1.4.1 + - name: postgres-cluster + alias: postgres-16-cluster + version: 3.8.4 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/roundcube.png +appVersion: 1.6.8 diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml new file mode 100644 index 000000000..89bd08f27 --- /dev/null +++ b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml @@ -0,0 +1,139 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: roundcube-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: DES_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/roundcube/key + metadataPolicy: None + property: DES_KEY + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: roundcube-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/roundcube + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: roundcube-config-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-config-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backup + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/roundcube/roundcube-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-volsync-backups + metadataPolicy: None + property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: roundcube-postgresql-16-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: roundcube-postgresql-16-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-roundcube-postgresql + metadataPolicy: None + property: access_key + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /aws/keys/cl01tl-roundcube-postgresql + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/applications/roundcube/values.yaml b/clusters/cl01tl/applications/roundcube/values.yaml new file mode 100644 index 000000000..761ea014c --- /dev/null +++ b/clusters/cl01tl/applications/roundcube/values.yaml @@ -0,0 +1,225 @@ +roundcube: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: roundcube/roundcubemail + tag: 1.6.8-fpm-alpine + pullPolicy: IfNotPresent + env: + - name: ROUNDCUBEMAIL_DB_TYPE + value: pgsql + - name: ROUNDCUBEMAIL_DB_HOST + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: host + - name: ROUNDCUBEMAIL_DB_NAME + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: dbname + - name: ROUNDCUBEMAIL_DB_USER + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: user + - name: ROUNDCUBEMAIL_DB_PASSWORD + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: password + - name: ROUNDCUBEMAIL_DES_KEY + valueFrom: + secretKeyRef: + name: roundcubemail-key-secret + key: DES_KEY + - name: ROUNDCUBEMAIL_DEFAULT_HOST + value: tls://stalwart.stalwart + - name: ROUNDCUBEMAIL_SMTP_SERVER + value: tls://stalwart.stalwart + - name: ROUNDCUBEMAIL_SKIN + value: elastic + - name: ROUNDCUBEMAIL_PLUGINS + value: archive,zipdownload,newmail_notifier + resources: + requests: + cpu: 100m + memory: 256Mi + nginx: + image: + repository: nginx:alpine + tag: 1.27.0-alpine + pullPolicy: IfNotPresent + env: + - name: NGINX_HOST + value: mail.alexlebens.dev + - name: NGINX_PHP_CGI + value: roundcube.roundcube:9000 + resources: + requests: + cpu: 100m + memory: 256Mi + cleandb: + type: cronjob + cronjob: + suspend: false + concurrencyPolicy: Forbid + timeZone: US/Central + schedule: 0 4 * * * + startingDeadlineSeconds: 90 + successfulJobsHistory: 3 + failedJobsHistory: 3 + backoffLimit: 3 + parallelism: 1 + containers: + backup: + image: + repository: roundcube/roundcubemail + tag: 1.6.8-fpm-alpine + pullPolicy: IfNotPresent + env: + - name: ROUNDCUBEMAIL_DB_TYPE + value: pgsql + - name: ROUNDCUBEMAIL_DB_HOST + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: host + - name: ROUNDCUBEMAIL_DB_NAME + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: dbname + - name: ROUNDCUBEMAIL_DB_USER + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: user + - name: ROUNDCUBEMAIL_DB_PASSWORD + valueFrom: + secretKeyRef: + name: roundcube-postgresql-16-cluster-app + key: password + - name: ROUNDCUBEMAIL_DES_KEY + valueFrom: + secretKeyRef: + name: roundcubemail-key-secret + key: DES_KEY + - name: ROUNDCUBEMAIL_DEFAULT_HOST + value: tls://stalwart.stalwart + - name: ROUNDCUBEMAIL_SMTP_SERVER + value: tls://stalwart.stalwart + - name: ROUNDCUBEMAIL_SKIN + value: elastic + - name: ROUNDCUBEMAIL_PLUGINS + value: archive,zipdownload,newmail_notifier + args: + - bin/cleandb.sh + resources: + requests: + cpu: 100m + memory: 128Mi + serviceAccount: + create: true + configMaps: + config: + enabled: true + data: + default.conf: | + server { + listen 80 default_server; + server_name _; + root /var/www/html; + + location / { + try_files $uri /index.php$is_args$args; + } + + location ~ \.php(/|$) { + try_files $uri =404; + fastcgi_pass roundcubemail:9000; + fastcgi_read_timeout 300; + proxy_read_timeout 300; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + internal; + } + + client_max_body_size 6m; + + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + } + service: + main: + controller: main + ports: + mail: + port: 9000 + targetPort: 9000 + protocol: HTTP + web: + port: 80 + targetPort: 80 + protocol: HTTP + persistence: + data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 5Gi + retain: true + advancedMounts: + main: + main: + - path: /var/www/html + readOnly: false + nginx: + - path: /var/www/html + readOnly: false + temp: + type: emptyDir + advancedMounts: + main: + main: + - path: /tmp/roundcube-temp + readOnly: false + config: + enabled: true + type: configMap + name: roundcube-config + advancedMounts: + main: + nginx: + - path: /etc/nginx/conf.d/default.conf + readOnly: true + mountPropagation: None + subPath: default.conf +cloudflared-roundcube: + existingSecretName: roundcube-cloudflared-secret + name: cloudflared-roundcube +postgres-16-cluster: + mode: standalone + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + prometheusRule: + enabled: false + backup: + enabled: true + endpointURL: https://s3.us-east-2.amazonaws.com + destinationPath: s3://cl01tl-postgresql-backups/roundcube + endpointCredentials: roundcube-postgresql-16-cluster-backup-secret + backupIndex: 1 + retentionPolicy: 14d