diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/personal-services/prosody')
6 files changed, 348 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml new file mode 100644 index 0000000..2785249 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml @@ -0,0 +1,160 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-config + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + prosody.cfg.lua: | + -- Information on configuring Prosody can be found on our + -- website at https://prosody.im/doc/configure + + daemonize = false; + + ---------- Server-wide settings ---------- + admins = { + "tyil@chat.tyil.nl", + } + + log = { + { levels = { min = "debug" }, to = "console" }; + } + + plugin_paths = { "/usr/local/lib/prosody/modules" } + installer_plugin_path = "/var/lib/prosody/custom_plugins" + + modules_enabled = { + -- Generally required + "disco"; -- Service discovery + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + + -- Not essential, but recommended + "adhoc"; -- XEP-0050 + "blocklist"; -- Allow users to block communications with other users + --"bookmarks"; -- Synchronise the list of open rooms between clients + "carbons"; -- Keep multiple online clients in sync + "dialback"; -- Support for verifying remote servers using DNS + "limits"; -- Enable bandwidth limiting for XMPP connections + "pep"; -- Allow users to store public and private data in their account + "private"; -- Legacy account storage mechanism (XEP-0049) + --"smacks"; -- Stream management and resumption (XEP-0198) + "vcard4"; -- User profiles (stored in PEP) + "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard + + -- Nice to have + "csi_simple"; -- Simple but effective traffic optimizations for mobile devices + --"invites"; -- Create and manage invites + --"invites_adhoc"; -- Allow admins/users to create invitations via their client + --"invites_register"; -- Allows invited users to create accounts + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "time"; -- Let others know the time here on this server + "uptime"; -- Report how long server has been running + "version"; -- Replies to server version requests + "mam"; -- Store recent messages to allow multi-device synchronization + --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_shell"; -- Allow secure administration via 'prosodyctl shell' + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_openmetrics"; -- for exposing metrics to stats collectors + --"websocket"; -- XMPP over WebSockets + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"announce"; -- Send announcement to all online users + --"groups"; -- Shared roster support + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"mimicking"; -- Prevent address spoofing + --"motd"; -- Send a message to users when they log in + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) + --"server_contact_info"; -- Publish contact information for this service + --"tombstones"; -- Prevent registration of deleted accounts + --"watchregistrations"; -- Alert admins of registrations + --"welcome"; -- Welcome users who register accounts + } + + modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + } + + s2s_secure_auth = true + + limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; + } + + authentication = "internal_hashed" + archive_expires_after = "1w" -- Remove archived messages after 1 week + + -- Audio/video call relay (STUN/TURN) + -- To ensure clients connected to the server can establish connections for + -- low-latency media streaming (such as audio and video calls), it is + -- recommended to run a STUN/TURN server for clients to use. If you do this, + -- specify the details here so clients can discover it. + -- Find more information at https://prosody.im/doc/turn + + -- Specify the address of the TURN service (you may use the same domain as XMPP) + --turn_external_host = "turn.example.com" + + -- This secret must be set to the same value in both Prosody and the TURN server + --turn_external_secret = "your-secret-turn-access-token" + statistics = "internal" + + -- Load configuration from secrets + Include "secrets.d/*" + + -- Configure components + component_ports = { + 5347, + } + component_interfaces = { + "*", + "::", + } + + Include "components.d/*" + + -- Load configuration for additional hosts + Include "hosts.d/*" +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-vhosts + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + chat.tyil.nl: | + VirtualHost "chat.tyil.nl" + ssl = { + certificate = "certs.d/chat.tyil.nl/tls.crt"; + key = "certs.d/chat.tyil.nl/tls.key"; + } + + Component "muc.chat.tyil.nl" "muc" + name = "Tyil's Chatrooms" +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml new file mode 100644 index 0000000..6e2e995 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: prosody/prosody:0.11 + name: prosody + ports: + - containerPort: 5222 + - containerPort: 5269 + - containerPort: 5347 + volumeMounts: + - mountPath: /etc/prosody + name: config + - mountPath: /etc/prosody/secrets.d + name: config-secret + - mountPath: /etc/prosody/components.d + name: config-components + - mountPath: /etc/prosody/hosts.d + name: config-hosts + - mountPath: /etc/prosody/certs.d/chat.tyil.nl + name: cert-nl-tyil-chat + readOnly: true + restartPolicy: Always + volumes: + - name: config + configMap: + name: prosody-config + - name: config-secret + secret: + secretName: prosody-config + - name: config-components + secret: + secretName: prosody-components + - name: config-hosts + configMap: + name: prosody-vhosts + - name: cert-nl-tyil-chat + secret: + secretName: tls-nl.tyil.chat +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml new file mode 100644 index 0000000..dfb78cd --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - chat.tyil.nl + - muc.chat.tyil.nl + - share.chat.tyil.nl + secretName: tls-nl.tyil.chat + rules: + - host: chat.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prosody + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml new file mode 100644 index 0000000..27857a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services +spec: + encryptedData: + biboumi.conf: AgAOjX2cxWU2bj7GDIJ5l6GlFGqnko1/o8w3VeDcTRK8lw0gGWXEQe4fn8MAwKpaauMYU9ItSWASWF0oxG9BIlV73YXRZbeiWwCZImH9No2uaaYESOssnx+Yq3kDaYUybw2ycG74ixy7ZynoH00Pkv3QMTNrmOOvUwuJdnU8mChwVbyAh1XiG253Y7eALZ7t8r7exlQ5SqPLoWt+l/loCPXPo8/mlPZX4eOngCHbgX6UPznESynn+Kjk4Jo5mNzQngPZa9+LHAjFvRnn+fZpbX7bvv01Gj6enbdmrgN0hcOncrXmZ59t746Sqwfo91LKZjqlKbD2lqO9sXjAqh3SLH1L2XRxCRBZDJTm7EuNuTJ/0tWgWI+8o9NlH3eSTbCjafBfApdK8gl2KR7XrYpQoTXiE68osP068FNmrGldr4m3qWlZ35lzEuXD93Aey4vDl0K1mSBWJ67eAhbOFrlCwhdhMyxReacdlXLOAIytQ2vPtKiInlSLlcZklBWyrHHz4l6JTMrRSehGlwjT2jDnc8Zg5lpj8msb4vNcbTM9o8RJ8p3+s01tVZU5uZ4imaZ2OUEmVxnZb5lGbEGydbULkZKGXyQSJ2vYzveLiiXuijV3jlShVol8MN2C4OHkDkuxMJKUbMc1TD5HEZDeW45Gk9+bXL2DUC9i8H/seuZp7XFrhsPbnvYqwltPecRhyJJNFSFPlGch2yFNtWvXTFfRFw1wBMwYHbnlLdCkxaDShx6KpfqexpvMdLluKuN2LIBV/+EmWjK5zQ1UcYeMwCm6Zn43CuwNurk9Lv3+7y8vfIunkpOkYjMh5gWiigaaiPbEbiBvLtP3TOGK61y2iGmAA+beA4b6mAE= + sleamdge.conf: AgA2akX2XFsgBWl5FN1gRjQTnkhHejr1Puixw634sAfPoGVwP7/qdFQNE6hEtvuFJ2ocBguLZviJyxJZye8G0wLDR5NZ+yg+DIWYiZBYIPHHxc6gBW1PNsb/sW9j4rDj3KX/Gr63MNdOyuh/8+z6Tf8TfbGjGorGlGH18buHAACqraumEK8/uh0WCzTMPw+lmLdmtI2YAXiHWPHck0TcKtAoKaRzr3BKqOO50Lqw20Zr5EtDqj/xvK/zZI1yE1PDDaQpxnS/PRzspvx2owyTJHTAwukZLY1Jn0deRFnkoXgL6AUt3wz7uHqEVXTxfMuvanhqUE4/Ze8kFbc0FTF8fUZZoue2tIOBKlqCN68wn1Ow6HjUlhYZlF9CLHPj/hKL+OhEx/ejCUv79gWb1/GQijJcehXnWpFzXROiW85+CoRvVgb/aan5hEVpNOBZ6KfwSyYJHfOVSKlwxE/T8NjguQMN1WEqljYq3rmtwD0T/t+xZzlVJ1xh6hEiRmwlYOrI1mAxDdUKOnvNt/VxV1lSudsDWaXhLHqlj8pz4r4Y1y418kX4v8o7GOmKOWMrCj+g/aSM2m74UIi09dLoY9bCJK+4k6zXWfJ+aTmSz1m6NzmwV9H4Gg82S9v+T5TK9vqkw9/7HnPpEu3dWbWyH4mhl1tx2/XoJp/iTc8e+e/zIhs9SETrETQkwVYIXu5fpnKAIbzf/7FFQEUTMBrgCCc7QWWhrAFAqxN69fiyEi9aGDNDzzAp6ESg2kQo/0U3oAbqdRCJj3isApgllmcFj1QYsU+FYKbPsmXk2jfU4KqWKPlXbZ4srX1wqSKSqyB64ZBvI65RXOWCFmXS4fwBsya1t6evhgj5Sw4r + template: + metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml new file mode 100644 index 0000000..64e1d2a --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services +spec: + encryptedData: + storage: AgBIomSzF4Wzwl/+oRYsQLSVuiCj/7Jwr3ftXwDGiZ6GRqsOmm9KZp71+4AUGvYSp1tTkSafzwK67ZZ7k6xuiOFXFDURczN/KDw5eduCtuGVcwrJAdJmpF4S3KghKkHuFDPJyZP95uI8bkHxGr1/J2QmQ1sT0pH3sWMr5E3e7cN1j4V8dzr98I+bCOgCVghbd187gEDz0QrIRespyvjvD28kopx/eri3re+zRkTep6krbH2w1x8H/Xdgs/iqCM3IXUugT1YbBuKJBPYc2T48K/ul4ww0GqVDnpYnzP3ThL9PClhXVeKKLLyvkKPn6JW43eWy1XVZ1xNwnZZAzcr1quteZeqLDSZlK/rr3PJ8uJVvHFlNrhZn61cl3TjQ8XjLgLOapDxLIX9yLEe+uK15TJCCnnmjSBQ5mETCW/vaxeCbFOjD+qdQbU2O/GbZ06fQNWqSmu5/Z75LNWYuwn3CT09B+4lctjDjrGMuYOxhtvug6Bt0qKtqMoIYg4FTPAueLj5nJ3vWu320xBpd7RgTIt/x+f/um23OjsaGsilAoz95V1bUdHs6t8txTlsgtXDM6GpiZoY5j7NfUuxm6Px+GaHsYDj0RZRlpOVZVhyucvvJxCc975BrvYjCmyrgopAQGzFO8TSdb91N9UnJ3lxcZM9KChZC3LGjAiqEz6aZ13Yxcd5f02Q7Nfp3DXYUYqL+HnDpi4fRkysmYkYO6jqT7joc9c57I8Zw0YRIoVPm5rU04aEe9V4DsQjR70cKpyaqk3eHxzVr+kYb+zqt21q+iBTHpK4XOsiV522XPsd56aU4ukf+j2g/XduK2SSIBqV1DYntYrFEzZAmuSpDRlYMw/AIh647ksrmt04y+SHV+IoegKVu0bWfOQJbWOtQYiskMnXBNXIqk9asIPyo2nuNAbDRxH0veuY4akM6QUhJ3jjfm/uU8O/A/kaQP9P6M0Z2buL/KSlTCDnGSPx8NSkGUSe0V/izO7WuK558zg== + template: + metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml new file mode 100644 index 0000000..22e9539 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: xmpp + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: xmpp + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + type: LoadBalancer + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 +... +--- +apiVersion: v1 +kind: Service +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 + - name: components + port: 5347 + targetPort: 5347 +... |