studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
265a68d85f2a76a4e750bf4eb799fcd07e33984e
sbbb/base/lasuite/messages-config.yaml
Sienna Meridian Satterwhite ccfe8b877a feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates 
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
  proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
  monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
  remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00

46 lines
2.6 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: messages-config
namespace: lasuite
data:
DJANGO_CONFIGURATION: Production
DJANGO_SETTINGS_MODULE: messages.settings
DJANGO_ALLOWED_HOSTS: mail.DOMAIN_SUFFIX,messages-backend.lasuite.svc.cluster.local
ALLOWED_HOSTS: mail.DOMAIN_SUFFIX,messages-backend.lasuite.svc.cluster.local
DJANGO_CSRF_TRUSTED_ORIGINS: https://mail.DOMAIN_SUFFIX
DB_NAME: messages_db
DB_USER: messages
OPENSEARCH_URL: http://opensearch.data.svc.cluster.local:9200
MDA_API_BASE_URL: http://messages-backend.lasuite.svc.cluster.local:80/api/v1.0/
MYHOSTNAME: mail.DOMAIN_SUFFIX
# rspamd URL (auth token injected separately from messages-mpa-credentials secret)
SPAM_RSPAMD_URL: http://messages-mpa.lasuite.svc.cluster.local:8010/_api
MESSAGES_FRONTEND_BACKEND_SERVER: messages-backend.lasuite.svc.cluster.local:80
STORAGE_MESSAGE_IMPORTS_BUCKET_NAME: sunbeam-messages-imports
STORAGE_MESSAGE_IMPORTS_ENDPOINT_URL: http://seaweedfs-filer.storage.svc.cluster.local:8333
AWS_STORAGE_BUCKET_NAME: sunbeam-messages
IDENTITY_PROVIDER: oidc
FRONTEND_THEME: default
DRIVE_BASE_URL: https://drive.DOMAIN_SUFFIX
LOGIN_REDIRECT_URL: https://mail.DOMAIN_SUFFIX
LOGOUT_REDIRECT_URL: https://mail.DOMAIN_SUFFIX
OIDC_REDIRECT_ALLOWED_HOSTS: '["https://auth.DOMAIN_SUFFIX"]'
MTA_OUT_MODE: direct
# Create user accounts on first OIDC login (required — no pre-provisioning)
OIDC_CREATE_USER: "True"
# Redirect to home on auth failure (avoids HttpResponseRedirect(None) → /callback/None 404)
LOGIN_REDIRECT_URL_FAILURE: https://mail.DOMAIN_SUFFIX
# Store OIDC tokens in session so the Drive integration can proxy requests on behalf of the user.
OIDC_STORE_ACCESS_TOKEN: "True"
OIDC_STORE_REFRESH_TOKEN: "True"
# Session lives 7 days — long enough to survive overnight/weekend without re-auth.
# Default is 43200 (12h) which forces a login after a browser restart.
SESSION_COOKIE_AGE: "604800"
# Renew the id token 60 s before it expires (access_token TTL = 1h).
# Without this the default falls back to SESSION_COOKIE_AGE (7 days), which means
# every request sees the 1h token as "expiring within 7 days" and triggers a
# prompt=none renewal on every page load — causing repeated auth loops.
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: "60"
# offline_access scope is set directly in the deployment env (overrides lasuite-oidc-provider envFrom).
Reference in New Issue View Git Blame Copy Permalink