From 6850c8b69573595c0345cebfe77028e3f98c754b Mon Sep 17 00:00:00 2001 From: WrenIX Date: Mon, 22 Apr 2024 18:38:45 +0200 Subject: [PATCH] fix(stalwart-mail): secret generate --- stalwart-mail/templates/deployment.yaml | 11 ++++++ stalwart-mail/templates/secrets.yaml | 12 +++++++ stalwart-mail/values.yaml | 45 +++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 stalwart-mail/templates/secrets.yaml diff --git a/stalwart-mail/templates/deployment.yaml b/stalwart-mail/templates/deployment.yaml index 9aee1cd..3a268df 100644 --- a/stalwart-mail/templates/deployment.yaml +++ b/stalwart-mail/templates/deployment.yaml @@ -71,6 +71,14 @@ spec: mountPath: "/opt/stalwart-mail/etc/config.toml" subPath: "config.toml" readOnly: true + - name: secrets + mountPath: "/opt/stalwart-smtp/etc/private/dkim-rsa.key" + subPath: "dkim-rsa.key" + readOnly: true + - name: secrets + mountPath: "/opt/stalwart-smtp/etc/private/dkim-ed.key" + subPath: "dkim-ed.key" + readOnly: true {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate mountPath: "/opt/stalwart-mail/etc/certs" @@ -82,6 +90,9 @@ spec: - name: "config" configMap: name: {{ include "stalwart-mail.fullname" . }} + - name: "secrets" + secret: + secretName: {{ include "stalwart-mail.fullname" . }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate secret: diff --git a/stalwart-mail/templates/secrets.yaml b/stalwart-mail/templates/secrets.yaml new file mode 100644 index 0000000..8ad7b41 --- /dev/null +++ b/stalwart-mail/templates/secrets.yaml @@ -0,0 +1,12 @@ +--- +{{- $secretName := include "stalwart-mail.fullname" . }} +{{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "stalwart-mail.fullname" . }} + labels: + {{- include "stalwart-mail.labels" . | nindent 4 }} +data: + dkim-rsa.key: {{ $dkimSigningRSA := (dig "data" "dkim-rsa.key" "" $currentData | b64dec) | default (genPrivateKey "rsa") | b64enc }} + dkim-ed.key: {{ $dkimSigning := (dig "data" "dkim-ed.key" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") | b64enc }} diff --git a/stalwart-mail/values.yaml b/stalwart-mail/values.yaml index 142ecdf..ef92680 100644 --- a/stalwart-mail/values.yaml +++ b/stalwart-mail/values.yaml @@ -105,6 +105,51 @@ config: # -- verify of dkim signature (relaxed, strict, disable) # @section -- DKIM verify: "relaxed" + signature: + rsa: + # -- private key for dkim signing (use file for store in secrets of kubernetes - rsa) + # @section -- DKIM + private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-rsa.key}%" + # @section -- DKIM + domain: "foobar.org" + # @section -- DKIM + selector: "rsa_default" + # -- signing of this headers (rsa) + # @section -- DKIM + headers: ["From", "To", "Date", "Subject", "Message-ID"] + # -- alogorithm of signing (rsa) + # @section -- DKIM + algorithm: "rsa-sha256" + # @section -- DKIM + canonicalization: "relaxed/relaxed" + # @section -- DKIM + expire: "10d" + # @section -- DKIM + set-body-length: false + # -- report of signing (rsa) + # @section -- DKIM + report: true + ed25519: + # -- private key for dkim signing (use file for store in secrets of kubernetes - ed25519) + # @section -- DKIM + private-key: "%{file:/opt/stalwart-smtp/etc/private/dkim-ed.key}%" + # @section -- DKIM + domain: "foobar.org" + # @section -- DKIM + selector: "ed_default" + # -- signing of this headers (ed25519) + # @section -- DKIM + headers: ["From", "To", "Date", "Subject", "Message-ID"] + # -- alogorithm of signing (ed25519) + # @section -- DKIM + algorithm: "ed25519-sha256" + # @section -- DKIM + canonicalization: "simple/simple" + # @section -- DKIM + set-body-length: true + # -- report of signing (ed25519) + # @section -- DKIM + report: false authentication: fallback-admin: