Add new infra architecture 2

2026-01-19 12:12:19 +01:00
parent 35f164f0cd
commit 8461226a97
11 changed files with 737 additions and 0 deletions
--- a/infrastructure/platform/mail/mailu/base/mailu-configmap.yaml
+++ b/infrastructure/platform/mail/mailu/base/mailu-configmap.yaml
@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mailu-config
+  namespace: bakery-ia
+  labels:
+    app: mailu
+    component: config
+data:
+  # Domain configuration
+  DOMAIN: "DOMAIN_PLACEHOLDER"
+  HOSTNAMES: "mail.DOMAIN_PLACEHOLDER"
+  POSTMASTER: "admin"
+
+  # Kubernetes-specific settings
+  # These help Mailu components discover each other in K8s
+  FRONT_ADDRESS: "mailu-front.bakery-ia.svc.cluster.local"
+  ADMIN_ADDRESS: "mailu-admin.bakery-ia.svc.cluster.local"
+  SMTP_ADDRESS: "mailu-smtp.bakery-ia.svc.cluster.local"
+  IMAP_ADDRESS: "mailu-imap.bakery-ia.svc.cluster.local"
+  ANTISPAM_ADDRESS: "mailu-antispam.bakery-ia.svc.cluster.local"
+
+  # Redis Configuration - Using shared cluster Redis (database 15 reserved for Mailu)
+  # The shared Redis has 16 databases (0-15), Mailu uses db 15 for isolation
+  # Using plain TCP port 6380 for internal cluster communication (TLS on 6379 for external)
+  # Primary configuration: Redis URL is configured in mailu-secrets.yaml as REDIS_URL
+  # Format: redis://:password@host:port/db
+  # Fallback configuration: REDIS_ADDRESS, REDIS_DB, and REDIS_PW
+  REDIS_ADDRESS: "redis-service.bakery-ia.svc.cluster.local:6380"
+  REDIS_DB: "15"
+  # REDIS_PW is set from secrets for Redis authentication
+
+  # External SMTP Relay Configuration
+  # Mailu relays outbound emails through an external service for better deliverability
+  # Supported providers: Mailgun, SendGrid, AWS SES, Postmark
+  #
+  # Provider RELAYHOST examples:
+  #   Mailgun:  [smtp.mailgun.org]:587
+  #   SendGrid: [smtp.sendgrid.net]:587
+  #   AWS SES:  [email-smtp.us-east-1.amazonaws.com]:587
+  #   Postmark: [smtp.postmarkapp.com]:587
+  #
+  # IMPORTANT: Update RELAY_PASSWORD in mailu-secrets.yaml with your provider's API key
+  RELAYHOST: "[smtp.mailgun.org]:587"
+  RELAY_LOGIN: "postmaster@DOMAIN_PLACEHOLDER"
+
+  # Security settings
+  TLS_FLAVOR: "cert"
+  AUTH_RATELIMIT_IP: "60/hour"
+  AUTH_RATELIMIT_USER: "100/day"
+
+  # Message limits
+  MESSAGE_SIZE_LIMIT: "52428800"  # 50MB
+  MESSAGE_RATELIMIT: "200/day"
+
+  # Features - disable ClamAV in dev to save resources (enable in prod)
+  WEBMAIL: "roundcube"
+  ANTIVIRUS: "none"
+  ANTISPAM: "rspamd"
+
+  # Postfix configuration
+  POSTFIX_MESSAGE_SIZE_LIMIT: "52428800"
+  POSTFIX_QUEUE_MINIMUM: "1"
+  POSTFIX_QUEUE_LIFETIME: "7d"
+
+  # DKIM configuration
+  DKIM_SELECTOR: "mailu"
+  DKIM_KEY_LENGTH: "2048"
+
+  # Webmail settings
+  WEB_WEBMAIL: "/webmail"
+  WEB_ADMIN: "/admin"
+  WEBMAIL_ADMIN: "admin@DOMAIN_PLACEHOLDER"
+
+  # Logging
+  LOG_LEVEL: "INFO"
+
+  # Disable welcome email during development
+  WELCOME: "false"