From 83ac75ec50c9618a6d47087dbeba44f55817f051 Mon Sep 17 00:00:00 2001
From: Jan Funke <jan@fun.ke>
Date: Sun, 30 Nov 2025 21:58:58 +0100
Subject: [PATCH] Added: configmap + secrets

---
 addy-data.volume |  5 +++++
 addy.kube        |  4 +++-
 addy.yml         | 51 +++++++++++++++++++++++++++++++++---------------
 config.map       | 16 ++++++++++++---
 secrets.yml      |  7 +++----
 5 files changed, 59 insertions(+), 24 deletions(-)
 create mode 100644 addy-data.volume

diff --git a/addy-data.volume b/addy-data.volume
new file mode 100644
index 0000000..ef9eb51
--- /dev/null
+++ b/addy-data.volume
@@ -0,0 +1,5 @@
+[Unit]
+Description=Addy.io Data Volume
+
+[Volume]
+VolumeName=addy-data-volume
\ No newline at end of file
diff --git a/addy.kube b/addy.kube
index c185b06..8bd6ea6 100644
--- a/addy.kube
+++ b/addy.kube
@@ -1,8 +1,10 @@
 [Unit]
 Description=Addy Mail Service (Pod)
-After=network-online.target
 Requires=addy-db.volume
+Requires=addy-data.volume
 After=addy-db.volume
+After=addy-data.volume
+After=network-online.target
 
 [Kube]
 Yaml=addy.yml
diff --git a/addy.yml b/addy.yml
index 9853452..e7a7bb9 100644
--- a/addy.yml
+++ b/addy.yml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: addy
+  name: addy.io
 spec:
   restartPolicy: Always
   containers:
@@ -15,11 +15,20 @@ spec:
         - name: MARIADB_RANDOM_ROOT_PASSWORD
           value: "yes"
         - name: MYSQL_DATABASE
-          value: "anonaddy_db"
+          valueFrom:
+            configMapKeyRef:
+                name: addy.io-config-shared
+                key: DATABASE_NAME
         - name: MYSQL_USER
-          value: "addy_user"
+          valueFrom:
+            configMapKeyRef:
+                name: addy.io-config-shared
+                key: DATABASE_USER
         - name: MYSQL_PASSWORD
-          value: "secure_password"
+          valueFrom:
+              secretKeyRef:
+                name: addy.io-secrets
+                key: db-password
       volumeMounts:
         - mountPath: /var/lib/mysql
           name: addy-db-volume
@@ -38,30 +47,40 @@ spec:
         - containerPort: 8000
           hostPort: 8000
           protocol: TCP
+      envFrom:
+        - configMapRef:
+            name: addy.io-config
       env:
-        # Internal Networking uses localhost inside a Pod
         - name: DB_HOST
           value: "127.0.0.1"
         - name: REDIS_HOST
           value: "127.0.0.1"
-
-          
+        
+        # Database Configuration
         - name: DB_DATABASE
-          value: "anonaddy_db"
+          valueFrom:
+            configMapKeyRef:
+              name: addy.io-config-shared
+              key: DATABASE_NAME
         - name: DB_USERNAME
-          value: "addy_user"
+          valueFrom:
+            configMapKeyRef:
+              name: addy.io-config-shared
+              key: DATABASE_USER
         - name: DB_PASSWORD
-          value: "secure_password"
+          valueFrom:
+              secretKeyRef:
+                name: addy.io-secrets
+                key: db-password
       volumeMounts:
         - mountPath: /data
-          name: data-volume
+          name: addy-data-volume
 
   # --- Volume Definitions ---
   volumes:
     - name: addy-db-volume
       persistentVolumeClaim:
-        claimName: addy-db-volume
-    - name: data-volume
-      hostPath:
-        path: /opt/addy/data
-        type: Directory
\ No newline at end of file
+        claimName: addy.io-db
+    - name: addy-data-volume
+      persistentVolumeClaim:
+        claimName: addy.io-data
diff --git a/config.map b/config.map
index 542943a..42ead00 100644
--- a/config.map
+++ b/config.map
@@ -1,9 +1,19 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: addy-config
+  name: addy.io-config-shared
 data:
   TZ: "Europe/Berlin"
+  DATABASE_NAME: "anonaddy"
+  DATABASE_USER: "anonaddy_user"
+
+--- 
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: addy.io-config
+data:
   PUID: "1000"
   PGID: "1000"
   MEMORY_LIMIT: "256M"
@@ -21,14 +31,14 @@ data:
   ANONADDY_ALL_DOMAINS: "example.com"
   ANONADDY_HOSTNAME: "mail.example.com"
   ANONADDY_DNS_RESOLVER: "127.0.0.1"
-  ANONADDY_SECRET: ""
   ANONADDY_LIMIT: "200"
   ANONADDY_BANDWIDTH_LIMIT: "104857600"
   ANONADDY_NEW_ALIAS_LIMIT: "10"
   ANONADDY_ADDITIONAL_USERNAME_LIMIT: "3"
+  ANONADDY_DKIM_SIGNING_KEY: ""
+  ANONADDY_DKIM_SELECTOR: ""
   MAIL_FROM_NAME: "addy.io"
   MAIL_FROM_ADDRESS: "addy@example.com"
   POSTFIX_DEBUG: "false"
   POSTFIX_SMTPD_TLS: "false"
   POSTFIX_SMTP_TLS: "false"
-  MYSQL_DATABASE: "anonaddy
\ No newline at end of file
diff --git a/secrets.yml b/secrets.yml
index e7fdc53..161ef06 100644
--- a/secrets.yml
+++ b/secrets.yml
@@ -4,7 +4,6 @@ metadata:
   name: addy.io-secrets
 type: Opaque
 data:
-  db-pass: c3VwZXItc2VjcmV0LWRiLXBhc3M=
-  api-token: bXktYXBpLXRva2VuLTEyMw==
-  addy-secret: replace-me
-  app-key: ""
\ No newline at end of file
+  db-password: c3VwZXItc2VjcmV0LWRiLXBhc3M=
+  addy-secret: replace-me-with-a-random-string
+  app-key: base64:CN/JeFqgUyUMUfwgqZDMjOldkBt0ye/HM9esIH7diPU=
\ No newline at end of file