domain: dvirlabs.com
hostnames:
  - mail.dvirlabs.com

replicaCount: 1

ingress:
  enabled: true
  className: traefik
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: "web,websecure"
    traefik.ingress.kubernetes.io/router.tls: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
  hosts:
    - host: mail.dvirlabs.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - mail.dvirlabs.com
      secretName: mailu-certificates

persistence:
  enabled: true
  storageClass: nfs-client
  size: 10Gi

admin:
  username: admin
  initialPassword: "changeme123"

tls:
  certmanager:
    enabled: true

# Internal service (ClusterIP)
service:
  front:
    type: ClusterIP
    port: 80
    targetPort: 80

# External access via MetalLB (LoadBalancer)
front:
  realIpFrom:
    - 192.168.10.0/24
  externalService:
    enabled: true
    type: LoadBalancer
    externalTrafficPolicy: Cluster
    ports:
      smtp: true         # port 25
      submission: true   # port 587
      imap: true         # port 143
      imaps: true        # port 993
    # Optional: You can manually specify a loadBalancerIP here if you want to fix the IP
    # loadBalancerIP: 192.168.10.241
  nodeSelector:
    node-role.kubernetes.io/worker: "true"

dkim:
  enabled: true