fix(stalwart-mail): secret generate

2024-04-22 18:38:45 +02:00 · 2024-04-22 18:38:45 +02:00 · 6850c8b695
commit 6850c8b695
parent ca4fe6f75f
3 changed files with 68 additions and 0 deletions
--- a/stalwart-mail/templates/deployment.yaml
+++ b/stalwart-mail/templates/deployment.yaml
@ -71,6 +71,14 @@ spec:
              mountPath: "/opt/stalwart-mail/etc/config.toml"
              subPath: "config.toml"
              readOnly: true
+            - name: secrets
+              mountPath: "/opt/stalwart-smtp/etc/private/dkim-rsa.key"
+              subPath: "dkim-rsa.key"
+              readOnly: true
+            - name: secrets
+              mountPath: "/opt/stalwart-smtp/etc/private/dkim-ed.key"
+              subPath: "dkim-ed.key"
+              readOnly: true
            {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
            - name: certificate
              mountPath: "/opt/stalwart-mail/etc/certs"
@ -82,6 +90,9 @@ spec:
        - name: "config"
          configMap:
            name: {{ include "stalwart-mail.fullname" . }}
+        - name: "secrets"
+          secret:
+            secretName: {{ include "stalwart-mail.fullname" . }}
        {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
        - name: certificate
          secret:
--- a/stalwart-mail/templates/secrets.yaml
+++ b/stalwart-mail/templates/secrets.yaml
@ -0,0 +1,12 @@
+---
+{{- $secretName := include "stalwart-mail.fullname" . }}
+{{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "stalwart-mail.fullname" . }}
+  labels:
+    {{- include "stalwart-mail.labels" . | nindent 4 }}
+data:
+  dkim-rsa.key: {{ $dkimSigningRSA := (dig "data" "dkim-rsa.key" "" $currentData | b64dec) | default (genPrivateKey "rsa") | b64enc }}
+  dkim-ed.key: {{ $dkimSigning := (dig "data" "dkim-ed.key" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") | b64enc }}
--- a/stalwart-mail/values.yaml
+++ b/stalwart-mail/values.yaml
@ -105,6 +105,51 @@ config:
      # -- verify of dkim signature (relaxed, strict, disable)
      # @section -- DKIM
      verify: "relaxed"
+  signature:
+    rsa:
+      # -- private key for dkim signing (use file for store in secrets of kubernetes - rsa)
+      # @section -- DKIM
+      private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-rsa.key}%"
+      # @section -- DKIM
+      domain: "foobar.org"
+      # @section -- DKIM
+      selector: "rsa_default"
+      # -- signing of this headers (rsa)
+      # @section -- DKIM
+      headers: ["From", "To", "Date", "Subject", "Message-ID"]
+      # -- alogorithm of signing (rsa)
+      # @section -- DKIM
+      algorithm: "rsa-sha256"
+      # @section -- DKIM
+      canonicalization: "relaxed/relaxed"
+      # @section -- DKIM
+      expire: "10d"
+      # @section -- DKIM
+      set-body-length: false
+      # -- report of signing (rsa)
+      # @section -- DKIM
+      report: true
+    ed25519:
+      # -- private key for dkim signing (use file for store in secrets of kubernetes - ed25519)
+      # @section -- DKIM
+      private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-ed.key}%"
+      # @section -- DKIM
+      domain: "foobar.org"
+      # @section -- DKIM
+      selector: "ed_default"
+      # -- signing of this headers (ed25519)
+      # @section -- DKIM
+      headers: ["From", "To", "Date", "Subject", "Message-ID"]
+      # -- alogorithm of signing (ed25519)
+      # @section -- DKIM
+      algorithm: "ed25519-sha256"
+      # @section -- DKIM
+      canonicalization: "simple/simple"
+      # @section -- DKIM
+      set-body-length: true
+      # -- report of signing (ed25519)
+      # @section -- DKIM
+      report: false

  authentication:
    fallback-admin: