readme

.gitignore

@@ -3,5 +3,8 @@
 .history/
 *.vsix
 
+# Chart autogenerated README
+chart/README-hd.md
+
 # Local development
 devel/local/

chart/Chart.yaml

@@ -1,6 +1,8 @@
 apiVersion: v2
 name: smarthost
-description: smarthost
+description: A smarthost is an MTA (Mail Transfer Agent), or mail relay
+  via which third parties can send emails and have them forwarded to the
+  recipient's email servers.
 
 # A chart can be either an 'application' or a 'library' chart.
 #

chart/README.md

@@ -1 +1,233 @@
 # INSIOS/smarthost Helm chart
+
+A smarthost is an MTA (Mail Transfer Agent), or mail relay via which third parties can send emails and have them forwarded to the recipient's email servers.
+
+See [https://github.com/insios/smarthost](https://github.com/insios/smarthost)
+
+## TL;DR
+
+```shell
+helm upgrade --install -f ./values.yaml smarthost oci://ghcr.io/insios/helm/smarthost
+```
+
+## Configuration details
+
+### Configuration secrets
+
+For each smarthost configuration directory, there is a corresponding secret that can contain files for that directory within its `data` key. See [https://github.com/insios/smarthost#configuration-directories](https://github.com/insios/smarthost#configuration-directories)
+
+| Values key                | Configuration directory           | Description                   |
+| ------------------------- | --------------------------------- | ----------------------------- |
+| `config.yaml`             | `/etc/smarthost/yaml.d`           | Secret for YAML configuration files |
+| `config.postfix`          | `/etc/smarthost/postfix.d`        | Secret for postfix low-level configuration files |
+| `config.postfix-tls`      | `/etc/smarthost/postfix.tls`      | Secret for postfix TLS certificate and private key |
+| `config.opendkim`         | `/etc/smarthost/opendkim`         | Secret for opendkim low-level configuration files |
+| `config.opendkim-keys`    | `/etc/smarthost/opendkim.keys`    | Secret for opendkim private keys |
+| `config.users`            | `/etc/smarthost/users.d`          | Secret for low-level configuration users list |
+| `config.env`              | -                                 | Secret for the container's environment variables |
+
+### Configuration via ENV variables
+
+See [https://github.com/insios/smarthost#configuration-via-env-variables](https://github.com/insios/smarthost#configuration-via-env-variables)
+
+```yaml
+# Your values.yaml 
+config:
+  env:
+    data:
+      SH_HOSTNAME: 'relay.mydomain.com'
+      SH_ALLOWED_NETWORKS: '0.0.0.0/0'
+      SH_AUTH: 'user:password'
+      SH_TLS_LEVEL: 'may'
+```
+
+### Configuration via YAML files
+
+See [https://github.com/insios/smarthost#configuration-via-yaml-files](https://github.com/insios/smarthost#configuration-via-yaml-files)
+
+```yaml
+# Your values.yaml 
+config:
+  yaml:
+    data:
+      smarthost.yaml:
+        config:
+          hostname: 'relay.mydomain.com'
+          auth: true
+          sender_restrictions: 'domain'
+          tls:
+            level: 'may'
+        users:
+          - name: 'user'
+            password: 'password'
+        domains:
+          - name: 'mydomain.com'
+```
+
+OR yaml as a string
+
+```yaml
+# Your values.yaml 
+config:
+  yaml:
+    data:
+      smarthost.yaml: |
+        config:
+          hostname: 'relay.mydomain.com'
+          auth: true
+          sender_restrictions: 'domain'
+          tls:
+            level: 'may'
+        users:
+          - name: 'user'
+            password: 'password'
+        domains:
+          - name: 'mydomain.com'
+```
+
+OR multiple yaml files
+
+```yaml
+# Your values.yaml 
+config:
+  yaml:
+    data:
+      comfig.yaml: |
+        config:
+          hostname: 'relay.mydomain.com'
+          auth: true
+          sender_restrictions: 'domain'
+          tls:
+            level: 'may'
+      users.yaml: |
+        users:
+          - name: 'user'
+            password: 'password'
+      domains.yaml: |
+        domains:
+          - name: 'mydomain.com'
+```
+
+```yaml
+# Your values.yaml 
+config:
+  yaml:
+    data:
+      comfig.yaml: |
+        config:
+          hostname: 'relay.mydomain.com'
+          auth: true
+          sender_restrictions: 'email'
+          tls:
+            level: 'may'
+      domain1.yaml: |
+        domains:
+          - name: 'mydomain1.com'
+        users:
+          - name: 'user1'
+            password: 'password1'
+            allowed_from:
+              - '@mydomain1.com'
+      domain2.yaml: |
+        domains:
+          - name: 'mydomain2.com'
+        users:
+          - name: 'user2'
+            password: 'password2'
+            allowed_from:
+              - '@mydomain2.com'
+```
+
+### Configuration via low-level configuration files
+
+See [https://github.com/insios/smarthost#configuration-via-low-level-configuration-files](https://github.com/insios/smarthost#configuration-via-low-level-configuration-files)
+
+```yaml
+# Your values.yaml 
+config:
+  postfix:
+    data:
+      master.conf: |
+        # Verbose
+        -M -e submission/inet="submission inet n - n - - smtpd -v"
+      main.conf: |
+        -e myhostname="relay.mydomain.com"
+        -e smtp_helo_name="relay.mydomain.com"
+        -e smtpd_tls_security_level="may"
+        -e smtpd_sasl_auth_enable="yes"
+        -e smtpd_client_restrictions="permit_sasl_authenticated, reject"
+  users:
+    data:
+      users.conf: |
+        user1    password1
+        user2    password2
+```
+
+### Cert-Manager TLS certificate
+
+See [https://cert-manager.io/docs/usage/certificate/](https://cert-manager.io/docs/usage/certificate/)
+
+### Existing secrets
+
+### Full example
+
+See [https://github.com/insios/examples/helm-full](https://github.com/insios/examples/helm-full)
+
+## All values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| config.env.data | object | `{}` |  |
+| config.opendkim-keys.data | object | `{}` |  |
+| config.opendkim.data | object | `{}` |  |
+| config.postfix-tls.data | object | `{}` |  |
+| config.postfix.data | object | `{}` |  |
+| config.users.data | object | `{}` |  |
+| config.yaml.data | object | `{}` |  |
+| envFrom | list | `[]` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"insios/smarthost"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| livenessProbe.exec.command[0] | string | `"postfix"` |  |
+| livenessProbe.exec.command[1] | string | `"status"` |  |
+| livenessProbe.failureThreshold | int | `1` |  |
+| livenessProbe.initialDelaySeconds | int | `30` |  |
+| livenessProbe.periodSeconds | int | `60` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistence.accessMode | string | `"ReadWriteOnce"` |  |
+| persistence.enabled | bool | `false` |  |
+| persistence.existingClaim | string | `""` |  |
+| persistence.size | string | `"1Gi"` |  |
+| persistence.storageClass | string | `""` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.create | bool | `true` |  |
+| service.port | int | `587` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `false` |  |
+| serviceAccount.name | string | `""` |  |
+| servicePP.create | bool | `true` |  |
+| servicePP.port | int | `586` |  |
+| servicePP.type | string | `"ClusterIP"` |  |
+| startupProbe.failureThreshold | int | `10` |  |
+| startupProbe.periodSeconds | int | `3` |  |
+| startupProbe.tcpSocket.port | string | `"smtpd"` |  |
+| tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |
+
+> Values table autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

chart/values.yaml

@@ -4,32 +4,52 @@
 
 config:
   postfix:
+    # @ignored
     type: files
+    # @ignored
     directory: postfix.d
     # kind: ConfigMap
+    data: {}
   postfix-tls:
+    # @ignored
     type: tls
+    # @ignored
     directory: postfix.tls
     # existingName: my-postfix-tls
     # cert-manager:
     #   commonName: example.com
     #   issuerRef:
     #     kind: ClusterIssuer
     #     name: letsencrypt-production
+    data: {}
   opendkim:
+    # @ignored
     type: files
+    # @ignored
     directory: opendkim
+    data: {}
   opendkim-keys:
+    # @ignored
     type: files
+    # @ignored
     directory: opendkim.keys
+    data: {}
   users:
+    # @ignored
     type: files
+    # @ignored
     directory: users.d
+    data: {}
   yaml:
+    # @ignored
     type: files
+    # @ignored
     directory: yaml.d
+    data: {}
   env:
+    # @ignored
     type: env
+    data: {}
 
 # /var/spool/postfix
 persistence:

devel/bin/helm-docs

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+helm-docs -c chart -o README-hd.md

examples/helm-full/README.md

@@ -0,0 +1,26 @@
+# Configure via all-in-one YAML file
+
+## Configuration files
+
+| Path                              | Description                   |
+| --------------------------------- | ----------------------------- |
+| `config/yaml.d/all-in-one.yaml`   | All config in one file        |
+
+## Docker
+
+```shell
+docker run -d --restart unless-stopped \
+    --name smarthost \
+    -p 8587:587 -p 8586:586 \
+    -v ./config:/etc/smarthost \
+    insios/smarthost
+```
+
+## Helm
+
+```shell
+helm upgrade --install --atomic --cleanup-on-fail \
+    --namespace smarthost --create-namespace \
+    --set-file config.yaml.data.all-in-one_yaml=./config/yaml.d/all-in-one.yaml \
+    smarthost oci://ghcr.io/insios/helm/smarthost
+```

examples/yaml-all-in-one/README.md

@@ -4,7 +4,7 @@
 
 | Path                              | Description                   |
 | --------------------------------- | ----------------------------- |
-| `./config/yaml.d/all-in-one.yaml` | All config in one file        |
+| `config/yaml.d/all-in-one.yaml`   | All config in one file        |
 
 ## Docker
 

examples/yaml-and-tls/README.md

@@ -2,12 +2,12 @@
 
 ## Configuration files
 
-| Path                                  | Description                   |
-| ------------------------------------- | ----------------------------- |
-| `./config/yaml.d/config.yaml`         | YAML config                   |
-| `./config/postfix.tls/tls.crt`        | Postfix TLS certificate       |
-| `./config/postfix.tls/tls.key`        | Postfix TLS private key       |
-| `./config/opendkim.keys/mydomain.key` | DKIM private key for mydomain.com |
+| Path                                  | Description                       |
+| ------------------------------------- | --------------------------------- |
+| `config/yaml.d/config.yaml`           | YAML config                       |
+| `config/postfix.tls/tls.crt`          | Postfix TLS certificate           |
+| `config/postfix.tls/tls.key`          | Postfix TLS private key           |
+| `config/opendkim.keys/mydomain.key`   | DKIM private key for mydomain.com |
 
 ## Docker