studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

checkpoint: stalwart deploy, beam-design, migration scripts, config tweaks

Browse Source 
Stalwart + Bulwark mail server deployment with OIDC, TLS cert, vault
secrets. Beam design service. Pingora config cleanup. SeaweedFS
replication fix. Kratos values tweak. Migration scripts for mbox/messages
/calendars from La Suite to Stalwart.
This commit is contained in:
Sienna Meridian Satterwhite
2026-04-06 17:52:30 +01:00
parent 6b05616edd
commit 8662c79212
22 changed files with 1353 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
base/stalwart/bulwark-deployment.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bulwark
namespace: stalwart
spec:
replicas: 1
selector:
matchLabels:
app: bulwark
template:
metadata:
labels:
app: bulwark
spec:
containers:
- name: bulwark
image: src.DOMAIN_SUFFIX/studio/bulwark:latest
ports:
- name: http
containerPort: 3000
env:
- name: JMAP_SERVER_URL
value: https://mail.DOMAIN_SUFFIX
- name: OAUTH_ENABLED
value: "true"
- name: OAUTH_ONLY
value: "true"
- name: LOG_LEVEL
value: "debug"
- name: OAUTH_SCOPES
value: "openid email profile offline_access"
- name: COOKIE_SECURE
value: "false"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-bulwark
key: CLIENT_ID
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-bulwark
key: CLIENT_SECRET
- name: OAUTH_ISSUER_URL
value: https://auth.DOMAIN_SUFFIX
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: stalwart-app-secrets
key: admin-password
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 512Mi
cpu: 500m