Skip to content
This repository has been archived by the owner on Nov 2, 2024. It is now read-only.

Commit

Permalink
feat(workers): add mail-archive
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajgon
ajgon committed Feb 7, 2024
1 parent 34d2b3e commit 6086f88
Show file tree
Hide file tree
Showing 8 changed files with 384 additions and 0 deletions.
10 changes: 10 additions & 0 deletions kubernetes/apps/workers/mail-archive/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/chart.json
apiVersion: v2
name: mail-archive
version: 1.0.0
type: application
dependencies:
- name: app-template
version: 2.5.0
repository: https://bjw-s.github.io/helm-charts
23 changes: 23 additions & 0 deletions kubernetes/apps/workers/mail-archive/application.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/argoproj.io/application_v1alpha1.json
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: mail-archive
namespace: argocd
spec:
project: default
sources:
- repoURL: https://github.com/deedee-ops/home-ops.git
path: kubernetes/apps/workers/mail-archive
targetRevision: master
plugin:
name: argocd-vault-plugin-helm
destination:
namespace: workers
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true
35 changes: 35 additions & 0 deletions kubernetes/apps/workers/mail-archive/files/dovecot.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
mail_home=/srv/mail/%Lu
mail_location=sdbox:~/Maildir
mail_uid=1000
mail_gid=1000

protocols = imap

first_valid_uid = 1000
last_valid_uid = 1000

passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/passwd
}

userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/passwd
default_fields = uid=vmail gid=vmail home=/srv/mail/%Lu
}

# No SSL
ssl = no
disable_plaintext_auth = no

namespace {
inbox = yes
separator = /
}

listen = *

log_path = /dev/stdout
info_log_path = /dev/stdout
debug_log_path = /dev/stdout
47 changes: 47 additions & 0 deletions kubernetes/apps/workers/mail-archive/files/mbsyncrc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
IMAPAccount source
Host <path:kubernetes/data/internal/mail-archive#SOURCE_HOST>
Port 993
User <path:kubernetes/data/internal/mail-archive#SOURCE_USER>
Pass <path:kubernetes/data/internal/mail-archive#SOURCE_PASS>
SSLType IMAPS
SSLVersions TLSv1.2

IMAPAccount destination
Host mail-archive.workers.svc.cluster.local
Port 143
User <path:kubernetes/data/internal/mail-archive#DESTINATION_USER>
Pass <path:kubernetes/data/internal/mail-archive#DESTINATION_PASS>
SSLType None

IMAPStore source-remote
Account source

IMAPStore destination-remote
Account destination

MaildirStore local
SubFolders Verbatim
Path /data/mail/
Inbox /data/mail/Inbox

Channel source
Far :source-remote:
Near :local:
Patterns *
Expunge None
Remove None
CopyArrivalDate yes
Sync PullNew
Create Near
SyncState /data/state/source/

Channel destination
Far :destination-remote:
Near :local:
Patterns *
Expunge None
Remove None
CopyArrivalDate yes
Sync Push
Create Far
SyncState /data/state/destination/
16 changes: 16 additions & 0 deletions kubernetes/apps/workers/mail-archive/templates/config.tmpl.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
# yamllint disable rule:line-length
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/secret-v1.json
# yamllint enable rule:line-length
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: mail-archive-secret
stringData:
dovecot.conf: |-
{{ .Files.Get "files/dovecot.conf" | indent 4 }}
mbsyncrc: |-
{{ .Files.Get "files/mbsyncrc" | indent 4 }}
passwd: |-
<path:kubernetes/data/internal/mail-archive#DESTINATION_USER>:<path:kubernetes/data/internal/mail-archive#DESTINATION_PASS>:::
21 changes: 21 additions & 0 deletions kubernetes/apps/workers/mail-archive/templates/network_policy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumnetworkpolicy_v2.json
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: mail-archive
specs:
- endpointSelector:
matchLabels:
app.kubernetes.io/name: mail-archive
app.kubernetes.io/component: mbsync
egress:
- toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: "*"
- toFQDNs:
- matchName: "<path:kubernetes/data/internal/mail-archive#SOURCE_HOST>"
100 changes: 100 additions & 0 deletions kubernetes/apps/workers/mail-archive/templates/volsync.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# yamllint disable rule:line-length
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/secret-v1.json
apiVersion: v1
kind: Secret
metadata:
name: restic-mail-archive-mail-archive-data
annotations:
argocd.argoproj.io/sync-wave: "-1"
type: Opaque
stringData:
AWS_ACCESS_KEY_ID: "<path:kubernetes/data/internal/base#S3_ACCESS_KEY_ID>"
AWS_SECRET_ACCESS_KEY: "<path:kubernetes/data/internal/base#S3_SECRET_ACCESS_KEY>"
RESTIC_PASSWORD: "<path:kubernetes/data/internal/volsync#RESTIC_PASSWORD>"
RESTIC_REPOSITORY: "s3:<path:kubernetes/data/internal/base#S3_URL>/<path:kubernetes/data/internal/base#S3_BUCKET>/volsync/mail-archive-data"
---
# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: backup-mail-archive-mail-archive-data
spec:
sourcePVC: mail-archive-data
trigger:
schedule: "30 1 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: restic-mail-archive-mail-archive-data
volumeSnapshotClassName: ceph-block
cacheCapacity: 60Gi
cacheStorageClassName: ceph-persistent-block
cacheAccessModes:
- ReadWriteOnce
storageClassName: ceph-persistent-block
accessModes:
- ReadWriteOnce
retain:
daily: 7
weekly: 4
monthly: 6
yearly: 3
within: 3d
moverSecurityContext:
runAsNonRoot: true
fsGroup: 65000
runAsUser: 65000
runAsGroup: 65000
seccompProfile:
type: RuntimeDefault
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/persistentvolumeclaim.json
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mail-archive-data
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
accessModes:
- ReadWriteOnce
dataSourceRef:
kind: ReplicationDestination
apiGroup: volsync.backube
name: init-mail-archive-mail-archive-data
resources:
requests:
storage: 60Gi
storageClassName: ceph-persistent-block
---
# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: init-mail-archive-mail-archive-data
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
trigger:
manual: restore-init
restic:
repository: restic-mail-archive-mail-archive-data
copyMethod: Snapshot
volumeSnapshotClassName: ceph-block
cacheStorageClassName: ceph-persistent-block
cacheAccessModes:
- ReadWriteOnce
cacheCapacity: 60Gi
storageClassName: ceph-persistent-block
accessModes:
- ReadWriteOnce
capacity: 60Gi
moverSecurityContext:
runAsNonRoot: true
fsGroup: 65000
runAsUser: 65000
runAsGroup: 65000
seccompProfile:
type: RuntimeDefault
## yamllint enable rule:line-length
132 changes: 132 additions & 0 deletions kubernetes/apps/workers/mail-archive/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
---
app-template:
defaultPodOptions:
securityContext:
fsGroup: 65000
seccompProfile:
type: RuntimeDefault

controllers:
main:
type: deployment
annotations:
reloader.stakater.com/auto: "true"

containers:
main:
image:
repository: ghcr.io/slusarz/dovecot-fts-flatcurve
tag: "v1.0.0"
pullPolicy: IfNotPresent

probes:
startup:
enabled: false
readiness: &probes
enabled: true
custom: true
spec:
tcpSocket:
port: 143
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3
liveness: *probes

resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 256Mi
mbsync:
type: cronjob
cronjob:
schedule: "*/30 * * * *" # every half an hour
successfulJobsHistory: 1
failedJobsHistory: 5

containers:
main:
image:
repository: ghcr.io/deedee-ops/mbsync-devel
tag: "latest@sha256:74f6e797736f27d4131ed2e98692299fcdfe041411dcdd997ed23e9c82e73671"
pullPolicy: IfNotPresent
args:
- -V
- source

securityContext:
runAsNonRoot: true
runAsUser: 65000
runAsGroup: 65000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL

probes:
startup:
enabled: false
readiness: &probes
enabled: true
custom: true
spec:
exec:
command:
- pgrep
- -f
- mbsync
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3
liveness: *probes

resources:
requests:
cpu: 100m
memory: 64Mi
limits:
memory: 256Mi

service:
main:
ports:
http:
enabled: false
imap:
enabled: true
port: 143

persistence:
config:
enabled: true
type: secret
name: mail-archive-secret
readOnly: true
advancedMounts:
main:
main:
- path: /etc/dovecot/dovecot.conf
subPath: dovecot.conf
- path: /etc/dovecot/passwd
subPath: passwd
mbsync:
main:
- path: /config/mbsyncrc
subPath: mbsyncrc
data:
enabled: true
type: persistentVolumeClaim
existingClaim: mail-archive-data
accessMode: ReadWriteOnce
advancedMounts:
main:
main:
- path: /srv/mail
subPath: dovecot
mbsync:
main:
- path: /data
subPath: mbsync

0 comments on commit 6086f88

Please sign in to comment.