diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2024-02-12 09:08:46 +0100 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2024-02-12 09:08:46 +0100 |
| commit | ab1c9c078c0e62f8dbe2918d609b980438db37f1 (patch) | |
| tree | b8a50857d3b88f6d3fb778fe40a407b77448e97d | |
| parent | 12277a8498a3869d64b9230153965a0970319b81 (diff) | |
Add prosody deployment
5 files changed, 277 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml new file mode 100644 index 0000000..445d568 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml @@ -0,0 +1,147 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-config + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +data: + prosody.cfg.lua: | + -- Information on configuring Prosody can be found on our + -- website at https://prosody.im/doc/configure + + daemonize = false; + + ---------- Server-wide settings ---------- + admins = { + "tyil@chat.tyil.nl", + } + + log = { + { levels = { min = "debug" }, to = "console" }; + } + + plugin_paths = { "/usr/local/lib/prosody/modules" } + + modules_enabled = { + -- Generally required + "disco"; -- Service discovery + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + + -- Not essential, but recommended + "blocklist"; -- Allow users to block communications with other users + --"bookmarks"; -- Synchronise the list of open rooms between clients + "carbons"; -- Keep multiple online clients in sync + "dialback"; -- Support for verifying remote servers using DNS + "limits"; -- Enable bandwidth limiting for XMPP connections + "pep"; -- Allow users to store public and private data in their account + "private"; -- Legacy account storage mechanism (XEP-0049) + --"smacks"; -- Stream management and resumption (XEP-0198) + "vcard4"; -- User profiles (stored in PEP) + "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard + + -- Nice to have + "csi_simple"; -- Simple but effective traffic optimizations for mobile devices + --"invites"; -- Create and manage invites + --"invites_adhoc"; -- Allow admins/users to create invitations via their client + --"invites_register"; -- Allows invited users to create accounts + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "time"; -- Let others know the time here on this server + "uptime"; -- Report how long server has been running + "version"; -- Replies to server version requests + "mam"; -- Store recent messages to allow multi-device synchronization + --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_shell"; -- Allow secure administration via 'prosodyctl shell' + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_openmetrics"; -- for exposing metrics to stats collectors + --"websocket"; -- XMPP over WebSockets + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"announce"; -- Send announcement to all online users + --"groups"; -- Shared roster support + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"mimicking"; -- Prevent address spoofing + --"motd"; -- Send a message to users when they log in + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) + --"server_contact_info"; -- Publish contact information for this service + --"tombstones"; -- Prevent registration of deleted accounts + --"watchregistrations"; -- Alert admins of registrations + --"welcome"; -- Welcome users who register accounts + } + + modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + } + + s2s_secure_auth = true + + limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; + } + + authentication = "internal_hashed" + archive_expires_after = "1w" -- Remove archived messages after 1 week + + -- Audio/video call relay (STUN/TURN) + -- To ensure clients connected to the server can establish connections for + -- low-latency media streaming (such as audio and video calls), it is + -- recommended to run a STUN/TURN server for clients to use. If you do this, + -- specify the details here so clients can discover it. + -- Find more information at https://prosody.im/doc/turn + + -- Specify the address of the TURN service (you may use the same domain as XMPP) + --turn_external_host = "turn.example.com" + + -- This secret must be set to the same value in both Prosody and the TURN server + --turn_external_secret = "your-secret-turn-access-token" + statistics = "internal" + + -- Load configuration from secrets + Include "conf.d/*" + + -- Load configuration for additional hosts + Include "hosts.d/*" +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-vhosts + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +data: + chat.tyil.nl: | + VirtualHost "chat.tyil.nl" + ssl = { + certificate = "certs.d/chat.tyil.nl/tls.crt"; + key = "certs.d/chat.tyil.nl/tls.key"; + } + + Component "muc.chat.tyil.nl" "muc" + name = "Tyil's Chatrooms" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml new file mode 100644 index 0000000..80713c8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prosody + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + spec: + containers: + - image: prosody/prosody:0.11 + name: prosody + ports: + - containerPort: 5222 + - containerPort: 5269 + volumeMounts: + - mountPath: /etc/prosody + name: config + - mountPath: /etc/prosody/conf.d + name: config-secret + - mountPath: /etc/prosody/hosts.d + name: config-hosts + - mountPath: /etc/prosody/certs.d/chat.tyil.nl + name: cert-nl-tyil-chat + readOnly: true + restartPolicy: Always + volumes: + - name: config + configMap: + name: prosody-config + - name: config-secret + secret: + secretName: prosody-config + - name: config-hosts + configMap: + name: prosody-vhosts + - name: cert-nl-tyil-chat + secret: + secretName: tls-nl.tyil.chat +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml new file mode 100644 index 0000000..64b47c8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prosody + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + ingressClassName: traefik + tls: + - hosts: + - chat.tyil.nl + - muc.chat.tyil.nl + - share.chat.tyil.nl + secretName: tls-nl.tyil.chat + rules: + - host: chat.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prosody + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml new file mode 100644 index 0000000..4e7bb3f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: xmpp + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + type: NodePort + ports: + - name: xmpp-c2s + port: 5222 + nodePort: 5222 + - name: xmpp-s2s + port: 5269 + nodePort: 5269 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml index bc0f4ad..768c5f4 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml @@ -8,6 +8,11 @@ metadata: apiVersion: v1 kind: Namespace metadata: + name: chat-system +--- +apiVersion: v1 +kind: Namespace +metadata: name: cicd-system ... --- @@ -38,5 +43,11 @@ metadata: apiVersion: v1 kind: Namespace metadata: + name: ravenhosting +... +--- +apiVersion: v1 +kind: Namespace +metadata: name: servarr ... |