diff options
Diffstat (limited to 'cluster/prod/app/email')
18 files changed, 23 insertions, 44 deletions
diff --git a/cluster/prod/app/email/config/dovecot/certs.gen b/cluster/prod/app/email/config/dovecot/certs.gen deleted file mode 100755 index f26e917..0000000 --- a/cluster/prod/app/email/config/dovecot/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - diff --git a/cluster/prod/app/email/config/postfix/certs.gen b/cluster/prod/app/email/config/postfix/certs.gen deleted file mode 100755 index f25439b..0000000 --- a/cluster/prod/app/email/config/postfix/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - diff --git a/cluster/prod/app/email/deploy/email.hcl b/cluster/prod/app/email/deploy/email.hcl index 7925975..84f4c3b 100644 --- a/cluster/prod/app/email/deploy/email.hcl +++ b/cluster/prod/app/email/deploy/email.hcl @@ -150,13 +150,11 @@ job "email" { # ----- secrets ------ template { - # data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/certs/dovecot.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/private/dovecot.key" perms = "400" @@ -381,14 +379,12 @@ job "email" { # --- secrets --- template { - # data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/postfix.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/postfix/postfix.key\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/postfix.key" perms = "400" diff --git a/cluster/prod/app/email/secrets.toml b/cluster/prod/app/email/secrets.toml new file mode 100644 index 0000000..6263e33 --- /dev/null +++ b/cluster/prod/app/email/secrets.toml @@ -0,0 +1,23 @@ +# ---- POSTFIX ---- + +[secrets."email/dkim/smtp.private"] +type = 'RSA_PRIVATE_KEY' +name = 'dkim' + +# ---- DOVECOT ---- + +[service_users."dovecot"] +dn_secret = "email/dovecot/ldap_binddn" +password_secret = "email/dovecot/ldap_bindpwd" + + +# ---- SOGO ---- + +[service_users."sogo"] +dn_secret = "email/sogo/ldap_binddn" +password_secret = "email/sogo/ldap_bindpw" + +[secrets."email/sogo/postgre_auth"] +type = 'user' +description = 'SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template)' + diff --git a/cluster/prod/app/email/secrets/email/dkim/smtp.private b/cluster/prod/app/email/secrets/email/dkim/smtp.private deleted file mode 100644 index 3aa3621..0000000 --- a/cluster/prod/app/email/secrets/email/dkim/smtp.private +++ /dev/null @@ -1 +0,0 @@ -RSA_PRIVATE_KEY dkim diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id b/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id deleted file mode 100644 index 9ae6adf..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_access_key_id +++ /dev/null @@ -1 +0,0 @@ -USER AWS Acces Key ID diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key b/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key deleted file mode 100644 index ac95906..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/backup_aws_secret_access_key +++ /dev/null @@ -1 +0,0 @@ -USER AWS Secret Access key diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password b/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password deleted file mode 100644 index c19a4a3..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_password +++ /dev/null @@ -1 +0,0 @@ -USER Restic backup password to encrypt data diff --git a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository b/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository deleted file mode 100644 index 0434a15..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/backup_restic_repository +++ /dev/null @@ -1 +0,0 @@ -USER Restic Repository URL, check op_guide/backup-minio to see the format diff --git a/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt b/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt deleted file mode 100644 index 7229cfc..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/dovecot.crt +++ /dev/null @@ -1 +0,0 @@ -SSL_CERT dovecot deuxfleurs.fr diff --git a/cluster/prod/app/email/secrets/email/dovecot/dovecot.key b/cluster/prod/app/email/secrets/email/dovecot/dovecot.key deleted file mode 100644 index 0d42c79..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/dovecot.key +++ /dev/null @@ -1 +0,0 @@ -SSL_KEY dovecot diff --git a/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn b/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn deleted file mode 100644 index da380f2..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/ldap_binddn +++ /dev/null @@ -1 +0,0 @@ -SERVICE_DN dovecot Dovecot IMAP server diff --git a/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd b/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd deleted file mode 100644 index 068f663..0000000 --- a/cluster/prod/app/email/secrets/email/dovecot/ldap_bindpwd +++ /dev/null @@ -1 +0,0 @@ -SERVICE_PASSWORD dovecot diff --git a/cluster/prod/app/email/secrets/email/postfix/postfix.crt b/cluster/prod/app/email/secrets/email/postfix/postfix.crt deleted file mode 100644 index f004d67..0000000 --- a/cluster/prod/app/email/secrets/email/postfix/postfix.crt +++ /dev/null @@ -1 +0,0 @@ -SSL_CERT postfix deuxfleurs.fr diff --git a/cluster/prod/app/email/secrets/email/postfix/postfix.key b/cluster/prod/app/email/secrets/email/postfix/postfix.key deleted file mode 100644 index 2cf1706..0000000 --- a/cluster/prod/app/email/secrets/email/postfix/postfix.key +++ /dev/null @@ -1 +0,0 @@ -SSL_KEY postfix diff --git a/cluster/prod/app/email/secrets/email/sogo/ldap_binddn b/cluster/prod/app/email/secrets/email/sogo/ldap_binddn deleted file mode 100644 index df627d3..0000000 --- a/cluster/prod/app/email/secrets/email/sogo/ldap_binddn +++ /dev/null @@ -1 +0,0 @@ -SERVICE_DN sogo SoGo email frontend diff --git a/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw b/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw deleted file mode 100644 index 8d2f35b..0000000 --- a/cluster/prod/app/email/secrets/email/sogo/ldap_bindpw +++ /dev/null @@ -1 +0,0 @@ -SERVICE_PASSWORD sogo diff --git a/cluster/prod/app/email/secrets/email/sogo/postgre_auth b/cluster/prod/app/email/secrets/email/sogo/postgre_auth deleted file mode 100644 index 4f66253..0000000 --- a/cluster/prod/app/email/secrets/email/sogo/postgre_auth +++ /dev/null @@ -1 +0,0 @@ -USER SoGo postgres auth (format: sogo:<password>) (TODO: replace this with two separate files and change template) |