diff --git a/helmfile.d/postfix.yaml.gotmpl b/helmfile.d/postfix.yaml.gotmpl new file mode 100644 index 00000000..8954d35e --- /dev/null +++ b/helmfile.d/postfix.yaml.gotmpl @@ -0,0 +1,43 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: postfix + url: https://bokysan.github.io/docker-postfix + +commonLabels: + tier: system + +releases: +- name: postfix + namespace: postfix + chart: postfix/mail + version: 5.1.0 + condition: postfix.enabled + values: + - ../values/postfix/values/values.yaml + - ../values/postfix/values/values-{{ .Environment.Name }}.yaml + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/postfix/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: postfix + chart: manifests + condition: postfix.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/postfix/env.yaml.gotmpl + - ../values/postfix/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/postfix/manifests + - manifests diff --git a/shell.nix b/shell.nix index d38ae53c..c3f3b907 100644 --- a/shell.nix +++ b/shell.nix @@ -46,7 +46,7 @@ pkgs.mkShellNoCC { ++ checks.enabledPackages; # Environment variables - ARGOCD_ENV_CLUSTER_NAME = "hel1"; + ARGOCD_ENV_CLUSTER_NAME = "ekman"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; shellHook = builtins.concatStringsSep "\n" [ diff --git a/values/kueue/values/values.yaml b/values/kueue/values/values.yaml index 9fef86de..f5c2d337 100644 --- a/values/kueue/values/values.yaml +++ b/values/kueue/values/values.yaml @@ -13,7 +13,7 @@ controllerManager: - batch/job - jobset.x-k8s.io/jobset internalCertManagement: - enable: true + enable: false enableCertManager: false enablePrometheus: true metrics: diff --git a/values/postfix/env-hel1.yaml.gotmpl b/values/postfix/env-hel1.yaml.gotmpl new file mode 100644 index 00000000..20c70b4e --- /dev/null +++ b/values/postfix/env-hel1.yaml.gotmpl @@ -0,0 +1,2 @@ +postfix: + enabled: true diff --git a/values/postfix/env.yaml.gotmpl b/values/postfix/env.yaml.gotmpl new file mode 100644 index 00000000..823a72f4 --- /dev/null +++ b/values/postfix/env.yaml.gotmpl @@ -0,0 +1,4 @@ +postfix: + enabled: false + autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }} + env: {{ .Environment.Name }} diff --git a/values/postfix/postfix.yaml b/values/postfix/postfix.yaml new file mode 100644 index 00000000..e94816d0 --- /dev/null +++ b/values/postfix/postfix.yaml @@ -0,0 +1,42 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postfix + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: postfix + server: https://kubernetes.default.svc + project: sys + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: {{ .Values.postfix.env }} + - name: HELMFILE_FILE_PATH + value: postfix.yaml.gotmpl + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.postfix.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/postfix/values/values.yaml b/values/postfix/values/values.yaml new file mode 100644 index 00000000..09bf4afa --- /dev/null +++ b/values/postfix/values/values.yaml @@ -0,0 +1,14 @@ +config: + general: + ALLOWED_SENDER_DOMAINS: "oceanbox.io" + DKIM_SELECTOR: "mail" + RELAYHOST: "smtp.office365.com:587" + RELAYHOST_USERNAME: "noreply@oceanbox.io" + POSTFIX_smtp_tls_security_level: "encrypt" + POSTFIX_myhostname: "oceanbox.io" + POSTFIX_mynetworks: "127.0.0.0/8, 10.1.0.0/24, ::1" + XOAUTH2_CLIENT_ID: "00c73c4a-1ad5-477d-b773-d5d63986061e" + XOAUTH2_SECRET: "00c73c4a-1ad5-477d-b773-d5d63986061e" + ALLOW_EMPTY_SENDER_DOMAINS: "true" + XOAUTH2_INITIAL_ACCESS_TOKEN: "" + XOAUTH2_INITIAL_REFRESH_TOKEN: ""