From ca4fe6f75f82f46bd7b1d577ebda9c22c39b2b1b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 9 Mar 2024 10:09:48 +0000 Subject: [PATCH] fix(stalwart-mail): update AppVersion to v0.7.2 --- stalwart-mail/Chart.yaml | 4 +- stalwart-mail/templates/configmap.yaml | 10 + stalwart-mail/templates/deployment.yaml | 18 +- stalwart-mail/templates/secrets-env.yaml | 11 + stalwart-mail/templates/secrets.yaml | 20 - stalwart-mail/templates/traefik.yaml | 4 +- stalwart-mail/values.yaml | 726 +++-------------------- 7 files changed, 103 insertions(+), 690 deletions(-) create mode 100644 stalwart-mail/templates/configmap.yaml create mode 100644 stalwart-mail/templates/secrets-env.yaml delete mode 100644 stalwart-mail/templates/secrets.yaml diff --git a/stalwart-mail/Chart.yaml b/stalwart-mail/Chart.yaml index baec791..c0c10a3 100644 --- a/stalwart-mail/Chart.yaml +++ b/stalwart-mail/Chart.yaml @@ -3,9 +3,9 @@ name: stalwart-mail description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) icon: https://stalw.art/home/apple-touch-icon.png type: application -version: 0.0.2 +version: 0.0.3 # renovate: image=docker.io/stalwartlabs/mail-server -appVersion: "0.5.3" +appVersion: "0.7.2" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/stalwart-mail/templates/configmap.yaml b/stalwart-mail/templates/configmap.yaml new file mode 100644 index 0000000..ae34beb --- /dev/null +++ b/stalwart-mail/templates/configmap.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "stalwart-mail.fullname" . }} + labels: + {{- include "stalwart-mail.labels" . | nindent 4 }} +data: + "config.toml": | + {{- toToml .Values.config | replace ".0\n" "\n" | nindent 4 }} diff --git a/stalwart-mail/templates/deployment.yaml b/stalwart-mail/templates/deployment.yaml index c7f63df..9aee1cd 100644 --- a/stalwart-mail/templates/deployment.yaml +++ b/stalwart-mail/templates/deployment.yaml @@ -14,7 +14,8 @@ spec: template: metadata: annotations: - confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} + config-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + secret-env-hash: {{ include (print $.Template.BasePath "/secrets-env.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -39,6 +40,13 @@ spec: image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} {{- end }} + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + envFrom: + - secretRef: + name: {{ include "stalwart-mail.fullname" . }}-env ports: {{- range $name, $port := .Values.service.ports }} - name: {{ $name }} @@ -62,9 +70,7 @@ spec: - name: config mountPath: "/opt/stalwart-mail/etc/config.toml" subPath: "config.toml" - - name: config - mountPath: "/opt/stalwart-mail/etc/dkim/private.key" - subPath: "dkim.key" + readOnly: true {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate mountPath: "/opt/stalwart-mail/etc/certs" @@ -74,8 +80,8 @@ spec: {{- end }} volumes: - name: "config" - secret: - secretName: {{ include "stalwart-mail.fullname" . }} + configMap: + name: {{ include "stalwart-mail.fullname" . }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate secret: diff --git a/stalwart-mail/templates/secrets-env.yaml b/stalwart-mail/templates/secrets-env.yaml new file mode 100644 index 0000000..14a9584 --- /dev/null +++ b/stalwart-mail/templates/secrets-env.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "stalwart-mail.fullname" . }}-env + labels: + {{- include "stalwart-mail.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.secrets.env }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} diff --git a/stalwart-mail/templates/secrets.yaml b/stalwart-mail/templates/secrets.yaml deleted file mode 100644 index 74efdf2..0000000 --- a/stalwart-mail/templates/secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} - annotations: - confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} -data: - "config.toml": {{ regexReplaceAll - "trusted-networks = \\[(.*)\\]" - ( - toToml .Values.config - | replace ".0\n" "\n" - | replace "fts-table-duplicated-workaround" "fts" - ) - "trusted-networks = {${1}}" - | b64enc }} - "dkim.key": {{ genPrivateKey "rsa" | b64enc }} diff --git a/stalwart-mail/templates/traefik.yaml b/stalwart-mail/templates/traefik.yaml index c6be692..1be77ef 100644 --- a/stalwart-mail/templates/traefik.yaml +++ b/stalwart-mail/templates/traefik.yaml @@ -9,10 +9,10 @@ spec: entryPoints: - {{ $entryport }} routes: - - match: HostSNI(`{{ $.Values.config.macros.host }}`) + - match: HostSNI(`{{ $.Values.traefik.host }}`) services: - name: {{ include "stalwart-mail.fullname" $ }} - port: {{ $port}} + port: {{ $port }} proxyProtocol: version: 2 tls: diff --git a/stalwart-mail/values.yaml b/stalwart-mail/values.yaml index 8eaedbd..142ecdf 100644 --- a/stalwart-mail/values.yaml +++ b/stalwart-mail/values.yaml @@ -21,701 +21,105 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" - -## -# Configuration of stalwart mail-server -# defaults taken from: https://github.com/stalwartlabs/mail-server/tree/6aeadb9cda301ec5f210d8e8390515e6292592fa/resources/config -# -# files import completed: -# - config.toml -# - common/*.toml -# - imap/*.toml -# -## config: - - - ## - # macros - ## - - # -- macros (from: config.toml) - macros: - host: "__HOST__" - default_domain: "__DOMAIN__" - default_directory: "memory" - default_store: "sqlite" - - - ## - # global - ## - - global: - shared-map: - # -- global shared-map capacity (from: common/server.toml) - capacity: 10 - # -- global shared-map shard (from: common/server.toml) - shard: 32 - - # -- global thead-pool (from: common/server.toml) - thread-pool: - - # -- global tracing (from: common/tracing.toml) - tracing: - method: "stdout" - level: "info" - - - ## - # server - ## - server: - # -- server hostname (from: common/server.toml) - hostname: "%{HOST}%" - - security: - # -- server security blocked-networks (from: common/server.toml) - blocked-networks: {} - # -- server security fail2ban (from: common/server.toml) - fail2ban: "100/1d" - - run-as: - # -- server run-as user (from: common/server.toml) - user: "stalwart-mail" - # -- server run-as group (from: common/server.toml) - group: "stalwart-mail" - - socket: - # -- server socket nodelay (from: common/server.toml) - nodelay: true - # -- server socket reuse-addr (from: common/server.toml) - reuse-addr: true - # -- server socket reuse-port (from: common/server.toml) - reuse-port: false - # -- server socket backlog (from: common/server.toml) - backlog: 1024 - # -- server socket ttl (from: common/server.toml) - ttl: 3600 - # -- server socket send-buffer-size (from: common/server.toml) - send-buffer-size: 65535 - # -- server socket recv-buffer-size (from: common/server.toml) - recv-buffer-size: 65535 - # -- server socket linger (from: common/server.toml) - linger: 1 - # -- server socket tos (from: common/server.toml) - tos: 1 - - tls: - # -- server tls enable (from: common/tls.toml) - enable: true - # -- server tls implicit (from: common/tls.toml) - implicit: false - # -- server tls timeout (from: common/tls.toml) - timeout: "1m" - # -- server tls certificate (from: common/tls.toml) - certificate: "default" - # -- server tls acme (from: common/tls.toml) - # example: "letsencrypt" - acme: - # -- server tls sni (from: common/tls.toml) - # example: [{subject: "", certificate: ""}] - sni: - # -- server tls protocols (from: common/tls.toml) - # example: ["TLSv1.2", "TLSv1.3"] - protocols: - # -- server tls #ciphers (from: common/tls.toml) - # example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256", - # "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - # "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", - # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - # "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] - ciphers: - # -- server tls ignore-client-order (from: common/tls.toml) - ignore-client-order: true - - # -- server listener listener: smtp: - protocol: "smtp" bind: ["[::]:25"] - smtp-submission: protocol: "smtp" + submission: bind: ["[::]:587"] - smtps: protocol: "smtp" + submissions: bind: ["[::]:465"] + protocol: "smtp" tls: implicit: true - - # -- server listener with name imap (from: imap/listener.toml) imap: bind: ["[::]:143"] protocol: "imap" - - # -- server listener with name imaps (from: imap/listener.toml) - imaps: + imaptls: bind: ["[::]:993"] protocol: "imap" tls: implicit: true - # -- server listener with name sieve (from: imap/listener.toml) sieve: bind: ["[::]:4190"] protocol: "managesieve" + + https: + protocol: "http" + bind: ["[::]:80"] tls: implicit: true - # -- jmap/listener.yaml - http: - protocol: "jmap" - bind: ["[::]:80"] - url: "https://%{HOST}%" - - - ## - # sieve - ## - - sieve: - untrusted: - # -- sieve untrusted disable-capabilities (from: common/sieve.toml) - disable-capabilities: [] - # -- sieve untrusted notification-uris (from: common/sieve.toml) - notification-uris: ["mailto"] - # -- sieve untrusted protected-headers (from: common/sieve.toml) - protected-headers: ["Original-Subject", "Original-From", "Received", "Auto-Submitted"] - - limits: - # -- sieve untrusted limit name-length (from: common/sieve.toml) - name-length: 512 - # -- sieve untrusted limit max-scripts (from: common/sieve.toml) - max-scripts: 256 - # -- sieve untrusted limit script-size (from: common/sieve.toml) - script-size: 102400 - # -- sieve untrusted limit string-length (from: common/sieve.toml) - string-length: 4096 - # -- sieve untrusted limit variable-name-length (from: common/sieve.toml) - variable-name-length: 32 - # -- sieve untrusted limit variable-size (from: common/sieve.toml) - variable-size: 4096 - # -- sieve untrusted limit nested-blocks (from: common/sieve.toml) - nested-blocks: 15 - # -- sieve untrusted limit nested-tests (from: common/sieve.toml) - nested-tests: 15 - # -- sieve untrusted limit nested-foreverypart (from: common/sieve.toml) - nested-foreverypart: 3 - # -- sieve untrusted limit match-variables (from: common/sieve.toml) - match-variables: 30 - # -- sieve untrusted limit local-variables (from: common/sieve.toml) - local-variables: 128 - # -- sieve untrusted limit header-size (from: common/sieve.toml) - header-size: 1024 - # -- sieve untrusted limit includes (from: common/sieve.toml) - includes: 3 - # -- sieve untrusted limit nested-includes (from: common/sieve.toml) - nested-includes: 3 - # -- sieve untrusted limit cpu (from: common/sieve.toml) - cpu: 5000 - # -- sieve untrusted limit redirects (from: common/sieve.toml) - redirects: 1 - # -- sieve untrusted limit received-headers (from: common/sieve.toml) - received-headers: 10 - # -- sieve untrusted limit outgoing-messages (from: common/sieve.toml) - outgoing-messages: 3 - - vacation: - # -- sieve untrusted vacation default-subject (from: common/sieve.toml) - default-subject: "Automated reply" - # -- sieve untrusted vacation subject-prefix (from: common/sieve.toml) - subject-prefix: "Auto: " - - default-expiry: - # -- sieve untrusted default-expiry vacation (from: common/sieve.toml) - vacation: "30d" - # -- sieve untrusted default-expiry duplicate (from: common/sieve.toml) - duplicate: "7d" - - trusted: - # -- sieve trusted from-name (from: common/sieve.toml) - from-name: "Automated Message" - # -- sieve trusted from-addr (from: common/sieve.toml) - from-addr: "no-reply@%{DEFAULT_DOMAIN}%" - # -- sieve trusted return-path (from: common/sieve.toml) - return-path: "" - # -- sieve trusted hostname (from: common/sieve.toml) - hostname: "%{HOST}%" - # -- sieve trusted no-capability-check (from: common/sieve.toml) - no-capability-check: true - # -- sieve trusted sign (from: common/sieve.toml) - sign: ["rsa"] - - limits: - # -- sieve trusted limits redirects (from: common/sieve.toml) - redirects: 3 - # -- sieve trusted limits out-messages (from: common/sieve.toml) - out-messages: 5 - # -- sieve trusted limits received-headers (from: common/sieve.toml) - received-headers: 50 - # -- sieve trusted limits cpu (from: common/sieve.toml) - cpu: 1048576 - # -- sieve trusted limits nested-includes (from: common/sieve.toml) - nested-includes: 5 - # -- sieve trusted limits duplicate-expiry (from: common/sieve.toml) - duplicate-expiry: "7d" - - scripts: - # -- sieve trusted scripts connect (from: common/sieve.toml) - connect: - # -- sieve trusted scripts ehlo (from: common/sieve.toml) - ehlo: - # -- sieve trusted scripts mail (from: common/sieve.toml) - mail: - - ## - # storage - ## + run-as: + # -- server run-as user + user: "stalwart-mail" + # -- server run-as group + group: "stalwart-mail" storage: - # -- storage data (from: common/store.toml) - data: "%{DEFAULT_STORE}%" - # -- storage fts (from: common/store.toml) - # BROKEN / TODO - # see: https://github.com/stalwartlabs/mail-server/issues/211 - fts: "%{DEFAULT_STORE}%" - # -- storage blob (from: common/store.toml) - blob: "%{DEFAULT_STORE}%" - # -- storage lookup (from: common/store.toml) - lookup: "%{DEFAULT_STORE}%" - # -- storage directory (from: common/store.toml) - directory: "%{DEFAULT_DIRECTORY}%" - encryption: - # -- storage encryption enable (from: common/store.toml) - enable: true - # -- storage encryption append (from: common/store.toml) - append: false - spam: - # -- storage spam header (from: common/store.toml) - header: "X-Spam-Status: Yes" - # BROKEN / TODO - # should be fts: - # see: https://github.com/stalwartlabs/mail-server/issues/211 - fts-table-duplicated-workaround: - # -- storage - fts - default-language (from: common/store.toml) - default-language: "en" - cluster: - # -- storage - cluster - node-id (from: common/store.toml) - node-id: - - - ## - # ACME - ## - - acme: - # -- acme with name letsencrypt (from: common/tls.toml) - letsencrypt: - # -- acme directory (from: common/tls.toml) - directory: "https://acme-v02.api.letsencrypt.org/directory" - # -- acme contact (from: common/tls.toml) - contact: ["postmaster@%{DEFAULT_DOMAIN}%"] - # -- acme cache (from: common/tls.toml) - cache: "/opt/stalwart-mail/etc/acme" - # -- acme port (from: common/tls.toml) - port: 443 - # -- acme renew-before (from: common/tls.toml) - renew-before: "30d" - - ## - # certificate - ## - - certificate: - # -- certificate with name default (from: common/tls.toml) - default: - # -- certificate cert (from: common/tls.toml) - cert: "file:///opt/stalwart-mail/etc/certs/tls.crt" - # -- certificate private-key (from: common/tls.toml) - private-key: "file:///opt/stalwart-mail/etc/certs/tls.key" - - - ## - # directory - ## - - directory: - - # -- directory - with name memory (from: directory/internal.yaml) - memory: - type: memory - # -- overwrite me, if not wanted - disable: false - options: - catch-all: true - subaddressing: true - principals: - - type: "admin" - description: "Superuser" - name: "admin" - secret: "changeme" - mail: - - "postmaster@%{DEFAULT_DOMAIN}%" - - - ## - # store - ## + data: "rocksdb" + fts: "rocksdb" + blob: "rocksdb" + lookup: "rocksdb" + directory: "internal" store: + rocksdb: + type: rocksdb + path: "/data" + compression: "lz4" - # -- store - with name sqlite - sqlite: - type: "sqlite" - # -- overwrite me, if not wanted - disable: false - path: "/data/index.sqlite3" - purge: - frequency: "0 3 *" - query: - name: "SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true" - members: "SELECT member_of FROM group_members WHERE name = ?" - recipients: "SELECT name FROM emails WHERE address = ?" - emails: "SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC" - verify: "SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5" - expand: "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50" - domains: "SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1" + directory: + internal: + type: "internal" + store: "rocksdb" - # -- store - with name fs - fs: - type: "fs" - # -- overwrite me, if not wanted - disable: false - path: "/data/blobs" - depth: 2 - purge: - frequency: "0 3 *" + tracer: + otel: + enable: false + type: "open-telemetry" + level: "info" + # -- grpc or http + transport: "grpc" + endpoint: "https://127.0.0.1/otel" + # -- headers for usage with http (e.g. 'Authorization: ') + headers: [] + stdout: + enable: true + type: "stdout" + level: "info" + ansi: false - - ## - # OAuth - ## - - oauth: - - # -- oauth - key - key: "__OAUTH_KEY__" - - # -- oauth - auth - auth: - max-attempts: 3 - - # -- oauth - expiry - expiry: - user-code: "30m" - auth-code: "10m" - token: "1h" - refresh-token: "30d" - refresh-token-renew: "4d" - - # -- oauth - cache - cache: - size: 128 - - - ## - # SMTP configuration (smtp/*.yaml) - ## - - - ## - # query (from: smtp/queue.yaml) - ## - - queue: - # -- queue-path - path: "/data/queue" - # -- queue-hash - hash: 64 - - # -- queue-schedule - schedule: - retry: ["2m", "5m", "10m", "15m", "30m", "1h", "2h"] - notify: ["1d", "3d"] - expire: "5d" - - # -- queue-outbound - outbound: - # hostname: "%{HOST}%" - next-hop: - - if: "rcpt-domain" - in-list: "%{DEFAULT_DIRECTORY}%/domains" - then: "local" - - else: false - ip-strategy: "ipv4-then-ipv6" - tls: - dane: "optional" - mta-sts: "optional" - starttls: "require" - allow-invalid-certs: false - limits: - mx: 7 - multihomed: 2 - timeouts: - connect: "3m" - greeting: "3m" - tls: "2m" - ehlo: "3m" - mail-from: "3m" - rcpt-to: "3m" - data: "10m" - mta-sts: "2m" - - - ## - # Report (from: smtp/report.yaml) - ## - - report: - # -- report-path - path: "/data/reports" - # -- report-hash - hash: 64 - # submitter: "%{HOST}%" - - # -- report-analysis - analysis: - addresses: ["dmarc@*", "abuse@*", "postmaster@*"] - forward: true - # store: "/data/incoming" - - # -- report-dsn - dsn: - from-name: "Mail Delivery Subsystem" - from-address: "MAILER-DAEMON@%{DEFAULT_DOMAIN}%" - sign: ["rsa"] - - # -- report-dkim + auth: dkim: - from-name: "Report Subsystem" - from-address: "noreply-dkim@%{DEFAULT_DOMAIN}%" - subject: "DKIM Authentication Failure Report" - sign: ["rsa"] - send: "1/1d" + # -- auth rule for signing with dkim + # @section -- DKIM + sign: + - if: "listener != 'smtp'" + then: "['rsa', 'ed25519']" + - else: false + # -- verify of dkim signature (relaxed, strict, disable) + # @section -- DKIM + verify: "relaxed" - # -- report-spf - spf: - from-name: "Report Subsystem" - from-address: "noreply-spf@%{DEFAULT_DOMAIN}%" - subject: "SPF Authentication Failure Report" - send: "1/1d" - sign: ["rsa"] + authentication: + fallback-admin: + # -- username for fallback authentfication + # @section -- Authentification + user: "admin" + # -- password for fallback authentfication (use env for store in secrets of kubernetes) + # @section -- Authentification + secret: "%{env:FALLBACK_ADMIN_SECRET}%" - # -- report-dmarc - dmarc: - from-name: "Report Subsystem" - from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%" - subject: "DMARC Authentication Failure Report" - send: "1/1d" - sign: ["rsa"] - aggregate: - from-name: "DMARC Report" - from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%" - org-name: "%{DEFAULT_DOMAIN}%" - # contact-info: "" - send: "daily" - # -- default: 25 mb - max-size: 26214400 - sign: ["rsa"] - - # -- report-tls - tls: - aggregate: - from-name: "TLS Report" - from-address: "noreply-tls@%{DEFAULT_DOMAIN}%" - org-name: "%{DEFAULT_DOMAIN}%" - # contact-info: "" - send: "daily" - # -- default: 25 mb - max-size: 26214400 - sign: ["rsa"] - - - ## - # resolver (from: smtp/resolver.yaml) - ## - - resolver: - # -- resolver-type - type: "system" - # -- resolver-preserve-intermediates - preserve-intermediates: true - # -- resolver-concurrency - concurrency: 2 - # -- resolver-timeout - timeout: "5s" - # -- resolver-attempts - attempts: 2 - # -- resolver-try-tcp-on-error - try-tcp-on-error: true - # -- resolver-public-suffix - public-suffix: - - "https://publicsuffix.org/list/public_suffix_list.dat" - - "file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz" - - # -- resolver-cache - cache: - txt: 2048 - mx: 1024 - ipv4: 1024 - ipv6: 1024 - ptr: 1024 - tlsa: 1024 - mta-sts: 1024 - - - ## - # signature (from: smtp/signature.yaml) - ## - - signature: - # -- signature-rsa - rsa: - # public-key: "file://opt/stalwart-mail/etc/dkim/%{DEFAULT_DOMAIN}%.cert" - private-key: "file://opt/stalwart-mail/etc/dkim/private.key" - domain: "%{DEFAULT_DOMAIN}%" - selector: "stalwart" - headers: ["From", "To", "Date", "Subject", "Message-ID"] - algorithm: "rsa-sha256" - canonicalization: "relaxed/relaxed" - # expire: "10d" - # third-party: "" - # third-party-algo: "" - # auid: "" - set-body-length: false - report: true - - - ## - # IMAP - ## - - imap: - request: - # -- imap request max-size (from: imap/settings.toml) - max-size: 52428800 - auth: - # -- imap auth max-failures(from: imap/settings.toml) - max-failures: 3 - # -- imap auth allow-plain-text (from: imap/settings.toml) - allow-plain-text: false - folders: - name: - # -- imap folders name shared (from: imap/settings.toml) - shared: "Shared Folders" - timeout: - # -- imap timeout authenticated (from: imap/settings.toml) - authenticated: "30m" - # -- imap timeout anonymous (from: imap/settings.toml) - anonymous: "1m" - # -- imap timeout idle (from: imap/settings.toml) - idle: "30m" - rate-limit: - # -- imap rate-limit requests (from: imap/settings.toml) - requests: "2000/1m" - # -- imap rate-limit concurrent (from: imap/settings.toml) - concurrent: 6 - protocol: - # -- imap protocol uidplus (from: imap/settings.toml) - uidplus: false - - - ## - # JMAP - ## - - jmap: - # -- jmap-directory (from: jmap/auth.yaml) - directory: "%{DEFAULT_DIRECTORY}%" - # -- jmap-session (from: jmap/auth.yaml) - session: - cache: - ttl: "1h" - size: 100 - purge: - frequency: "0 3 *" - - # -- jmap-protocol (from: jmap/protocol.yaml) - protocol: - get: - max-objects: 500 - set: - max-objects: 500 - request: - max-concurrent: 4 - max-size: 10000000 - max-calls: 16 - query: - max-results: 5000 - upload: - max-size: 50000000 - max-concurrent: 4 - ttl: "1h" - quota: - files: 1000 - size: 50000000 - changes: - max-results: 5000 - - # -- jmap-mailbox - mailbox: - max-depth: 10 - max-name-length: 255 - - # -- jmap-email - email: - max-attachment-size: 50000000 - max-size: 75000000 - - parse: - max-items: 10 - - # -- jmap-principal - principal: - allow-lookups: true - - # -- jmap-push (from: jmap/push.yaml) - push: - max-total: 100 - throttle: "1ms" - attempts: - interval: "1m" - max: 3 - retry: - interval: "1s" - timeout: - request: "10s" - verify: "1s" - - # -- jmap-event-source - event-source: - throttle: "1s" - - # -- jmap-rate-limit (from: jmap/ratelimit.yaml) - rate-limit: - account: "1000/1m" - authentication: "10/1m" - anonymous: "100/1m" - use-forwarded: true - cache: - size: 1024 - - # -- jmap-web-sockets (from: jmap/websocket.yaml) - web-sockets: - throttle: "1s" - timeout: "10m" - heartbeat: "1m" +secrets: + env: + # -- password for fallback authentfication (env) + # @section -- Authentification + FALLBACK_ADMIN_SECRET: supersecret serviceAccount: # Specifies whether a service account should be created @@ -731,6 +135,8 @@ serviceAccount: podAnnotations: {} podLabels: {} +env: [] + podSecurityContext: {} # fsGroup: 2000