roundcube:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      containers:
        main:
          image:
            repository: roundcube/roundcubemail
            tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
          env:
            - name: ROUNDCUBEMAIL_DB_TYPE
              value: pgsql
            - name: ROUNDCUBEMAIL_DB_HOST
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: host
            - name: ROUNDCUBEMAIL_DB_NAME
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: dbname
            - name: ROUNDCUBEMAIL_DB_USER
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: user
            - name: ROUNDCUBEMAIL_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: password
            - name: ROUNDCUBEMAIL_DES_KEY
              valueFrom:
                secretKeyRef:
                  name: roundcube-key-secret
                  key: DES_KEY
            - name: ROUNDCUBEMAIL_DEFAULT_HOST
              value: stalwart.stalwart
            - name: ROUNDCUBEMAIL_DEFAULT_PORT
              value: 143
            - name: ROUNDCUBEMAIL_SMTP_SERVER
              value: stalwart.stalwart
            - name: ROUNDCUBEMAIL_SMTP_PORT
              value: 25
            - name: ROUNDCUBEMAIL_SKIN
              value: elastic
            - name: ROUNDCUBEMAIL_PLUGINS
              value: archive,zipdownload,newmail_notifier
          resources:
            requests:
              cpu: 1m
              memory: 40Mi
        nginx:
          image:
            repository: nginx
            tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
          env:
            - name: NGINX_HOST
              value: mail.alexlebens.net
            - name: NGINX_PHP_CGI
              value: roundcube.roundcube:9000
    cleandb:
      type: cronjob
      cronjob:
        suspend: false
        timeZone: America/Chicago
        schedule: 30 4 * * *
        backoffLimit: 3
        parallelism: 1
      containers:
        backup:
          image:
            repository: roundcube/roundcubemail
            tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
          args:
            - bin/cleandb.sh
          env:
            - name: ROUNDCUBEMAIL_DB_TYPE
              value: pgsql
            - name: ROUNDCUBEMAIL_DB_HOST
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: host
            - name: ROUNDCUBEMAIL_DB_NAME
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: dbname
            - name: ROUNDCUBEMAIL_DB_USER
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: user
            - name: ROUNDCUBEMAIL_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: roundcube-postgresql-18-cluster-app
                  key: password
            - name: ROUNDCUBEMAIL_DES_KEY
              valueFrom:
                secretKeyRef:
                  name: roundcube-key-secret
                  key: DES_KEY
            - name: ROUNDCUBEMAIL_DEFAULT_HOST
              value: tls://stalwart.stalwart
            - name: ROUNDCUBEMAIL_SMTP_SERVER
              value: tls://stalwart.stalwart
            - name: ROUNDCUBEMAIL_SKIN
              value: elastic
            - name: ROUNDCUBEMAIL_PLUGINS
              value: archive,zipdownload,newmail_notifier
  configMaps:
    config:
      enabled: true
      data:
        default.conf: |
          server {
              listen 80 default_server;
              server_name _;
              root /var/www/html;

              location / {
                  try_files $uri /index.php$is_args$args;
              }

              location ~ \.php(/|$) {
                  try_files $uri =404;
                  fastcgi_pass roundcube:9000;
                  fastcgi_read_timeout 300;
                  proxy_read_timeout 300;
                  fastcgi_split_path_info ^(.+\.php)(/.*)$;
                  include fastcgi_params;
                  fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                  fastcgi_param DOCUMENT_ROOT $realpath_root;
                  internal;
              }

              client_max_body_size 6m;

              error_log  /var/log/nginx/error.log;
              access_log /var/log/nginx/access.log;
          }
  service:
    main:
      controller: main
      ports:
        mail:
          port: 9000
          targetPort: 9000
        web:
          port: 80
          targetPort: 80
  route:
    main:
      kind: HTTPRoute
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: traefik-gateway
          namespace: traefik
      hostnames:
        - mail.alexlebens.net
      rules:
        - backendRefs:
            - name: roundcube
              port: 80
          matches:
            - path:
                type: PathPrefix
                value: /
  persistence:
    config:
      enabled: true
      type: configMap
      name: roundcube-config
      advancedMounts:
        main:
          nginx:
            - path: /etc/nginx/conf.d/default.conf
              readOnly: true
              mountPropagation: None
              subPath: default.conf
    data:
      forceRename: roundcube-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      advancedMounts:
        main:
          main:
            - path: /var/www/html
              readOnly: false
          nginx:
            - path: /var/www/html
              readOnly: false
    temp:
      type: emptyDir
      advancedMounts:
        main:
          main:
            - path: /tmp/roundcube-temp
              readOnly: false
postgres-18-cluster:
  mode: recovery
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 40 15 * * *"
        backupName: garage-local
volsync-target-data:
  pvcTarget: roundcube-data
  local:
    enabled: true
    schedule: 12 11 * * *
  remote:
    enabled: true
    schedule: 12 12 * * *
  external:
    enabled: true
    schedule: 12 13 * * *