cert

2025-10-23 20:45:53 +02:00
parent 56dbf87d7f
commit f0c3a986ee
5 changed files with 41 additions and 7 deletions
--- a/deployment/deploy-yml.tmpl
+++ b/deployment/deploy-yml.tmpl
@@ -1,3 +1,28 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: exim-forwarder-cert
+spec:
+  secretName: exim-forwarder-cert
+  duration: 2160h
+  renewBefore: 360h
+  subject:
+    organizations:
+      - hottis-de
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - server auth
+  dnsNames:
+    - mx.mainscnt.eu
+  issuerRef:
+    name: letsencrypt-staging-http
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -35,6 +60,9 @@ spec:
            - name: exim-config
              mountPath: /etc/exim/db
              readOnly: true
+            - name: tls-cert
+              mountPath: /etc/exim/db
+              readOnly: true
      volumes:
        - name: exim-config
          configMap:
@@ -44,6 +72,14 @@ spec:
                path: forward_domains
              - key: addresses
                path: forward_addresses
+        - name: tls-cert
+          secret:
+            secretName: exim-forwarder-cert
+            items:
+              - key: tls.crt
+                path: server.crt
+              - key: tls.key
+                path: server.key
 ---
 apiVersion: v1
 kind: Service
--- a/exim.conf
+++ b/exim.conf
@@ -1,6 +1,8 @@
 domainlist forward_domains = lsearch;/etc/exim/db/forward_domains

 tls_advertise_hosts = *
+tls_certificate = /etc/exim/db/server.crt
+tls_privatekey = /etc/exim/db/server.key


 # acl_smtp_connect = acl_connect
--- a/1
+++ b/1
@@ -1 +0,0 @@
-wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com
--- a/2
+++ b/2
@@ -1,2 +0,0 @@
-mainscnt.eu
-
--- a/snippets/certificate-test.yml
+++ b/snippets/certificate-test.yml
@@ -1,10 +1,9 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: wiki-mainscnt-eu
-  namespace: homea
+  name: mx-hottis-de
 spec:
-  secretName: wiki-mainscnt-eu-cert
+  secretName: mx-hottis-de-cert
  duration: 2160h
  renewBefore: 360h
  subject:
@@ -18,7 +17,7 @@ spec:
  usages:
    - server auth
  dnsNames:
-    - wiki.mainscnt.eu
+    - mx.hottis.de
  issuerRef:
    name: letsencrypt-staging-http
    kind: ClusterIssuer
				`@@ -1 +0,0 @@`
				`wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com`