From 2ac497e1adeffc527af2537b28f8a1605aed61d4 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Tue, 29 Aug 2023 21:50:13 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20stalwart?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kubernetes/apps/default/kustomization.yaml    |  1 +
 .../default/stalwart/app/helmrelease.yaml     | 57 +++++++++++++++++++
 .../default/stalwart/app/kustomization.yaml   |  9 +++
 .../apps/default/stalwart/app/volsync.yaml    | 45 +++++++++++++++
 .../apps/default/stalwart/app/volume.yaml     | 17 ++++++
 5 files changed, 129 insertions(+)
 create mode 100644 kubernetes/apps/default/stalwart/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/default/stalwart/app/kustomization.yaml
 create mode 100644 kubernetes/apps/default/stalwart/app/volsync.yaml
 create mode 100644 kubernetes/apps/default/stalwart/app/volume.yaml

diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
index 2084e66b6..77845e5cb 100644
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -54,6 +54,7 @@ resources:
   - ./semaphore/ks.yaml
   - ./sharry/ks.yaml
   - ./sonarr/ks.yaml
+  - ./stalwart/ks.yaml
   - ./smtp-relay/ks.yaml
   - ./tandoor/ks.yaml
   - ./theme-park/ks.yaml
diff --git a/kubernetes/apps/default/stalwart/app/helmrelease.yaml b/kubernetes/apps/default/stalwart/app/helmrelease.yaml
new file mode 100644
index 000000000..4daf2e9be
--- /dev/null
+++ b/kubernetes/apps/default/stalwart/app/helmrelease.yaml
@@ -0,0 +1,57 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app stalwart
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    image:
+      repository: stalwartlabs/jmap-server
+      tag: v0.3.5
+    service:
+      main:
+        ports:
+          http:
+            port: 8080
+          smtp:
+            port: 587
+          mail:
+            port: 4190
+    probes:
+      liveness: &probes
+        enabled: false
+      readiness: *probes
+      startup: *probes
+    persistence:
+      config:
+        enabled: true
+        existingClaim: stalwart-config
+        mountPath: /opt/stalwart-mail
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        memory: 512Mi
diff --git a/kubernetes/apps/default/stalwart/app/kustomization.yaml b/kubernetes/apps/default/stalwart/app/kustomization.yaml
new file mode 100644
index 000000000..37919074e
--- /dev/null
+++ b/kubernetes/apps/default/stalwart/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+  - ./volsync.yaml
+  - ./volume.yaml
diff --git a/kubernetes/apps/default/stalwart/app/volsync.yaml b/kubernetes/apps/default/stalwart/app/volsync.yaml
new file mode 100644
index 000000000..1a39f9b0c
--- /dev/null
+++ b/kubernetes/apps/default/stalwart/app/volsync.yaml
@@ -0,0 +1,45 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: stalwart-restic
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: stalwart-restic-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/stalwart'
+        RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
+        AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
+        AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
+  dataFrom:
+    - extract:
+        key: volsync-restic-template
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: stalwart
+  namespace: default
+spec:
+  sourcePVC: stalwart-config
+  trigger:
+    schedule: "0 7 * * *"
+  restic:
+    copyMethod: Snapshot
+    pruneIntervalDays: 7
+    repository: stalwart-restic-secret
+    cacheCapacity: 2Gi
+    volumeSnapshotClassName: csi-ceph-blockpool
+    storageClassName: rook-ceph-block
+    retain:
+      daily: 7
+      within: 3d
diff --git a/kubernetes/apps/default/stalwart/app/volume.yaml b/kubernetes/apps/default/stalwart/app/volume.yaml
new file mode 100644
index 000000000..6b42bd9da
--- /dev/null
+++ b/kubernetes/apps/default/stalwart/app/volume.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: stalwart-config
+  namespace: default
+  labels:
+    app.kubernetes.io/name: &name stalwart
+    app.kubernetes.io/instance: *name
+    snapshot.home.arpa/enabled: "true"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 20Gi