diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/personal-services')
20 files changed, 847 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml new file mode 100644 index 0000000..ee8a4d3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: biboumi + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: louiz/biboumi:9.0 + name: biboumi + ports: + - containerPort: 5437 + env: + - name: BIBOUMI_ADMIN + value: tyil@chat.tyil.nl + - name: BIBOUMI_DB_NAME + valueFrom: + secretKeyRef: + name: biboumi-config + key: db-name + - name: BIBOUMI_HOSTNAME + value: biboumi.chat.tyil.nl + - name: BIBOUMI_PASSWORD + valueFrom: + secretKeyRef: + name: biboumi-config + key: password + - name: BIBOUMI_XMPP_SERVER_IP + value: prosody + - name: BIBOUMI_PERSISTENT_BY_DEFAULT + value: "true" + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml new file mode 100644 index 0000000..0e1ed9b --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: biboumi-config + namespace: personal-services +spec: + encryptedData: + db-name: AgBTyqCQE9tlteDjO0q2hdXTUb0arZnY+mfni9D7Yq23w0bmjxa4P3YZUZ4aIaYnxIsLek1YQ6W2EgVJtWu+uWn3qwuogkQJ6zhRFjB4Gewu+EtPgCCqCFkrSb92Y7M/E/znna78q3az7dkLD0sH3NAozmZd5jeNrAzS+kIxIS2hfmIMojEJYJz/ESaAj/6J93117UUxizxoysYcFaMxoyEdeJV4+mCFENZpMsp6tqxKpTVCoPOKa62I7yVzxkHDFxJGaI7un1swt297vgB7dCM2wwtr5NA/Y1ccmYz0FgTt4oz0oiwN2HkiC7PLEAV1ru3r+3OZ9HFpgcrps6CfQBGvvgmcRgumOAl7ZGyI2Oxx3OrymojSqSxofks22IGYXmqhqhhRzGEfGK6tybIBdxB0PJ1yg6ziWNogxvvh9sNRB6rinaOZ+M9UQ7/qWo/SmP70DYkC9vbyl1AdolSEgpbENZBSPQmWhdzUktTJUhagZVmhaahsna+85zq+0wh1M3+12iIghfB8vjHCRxicQLlKBgqAiN96ZnYHhRyMgFi7zCpzNFeMXx1Kn5h29QuhcloIRTMV+S3L/ilQTDk3+1xK/ODslhNPPdoqe5YkGpu/0fTNYcb2slILO2t4mOCvo188bK4LzLfRmkRCfIJOf8vrv1uVfD3GhHH2l9diq0hadSz5kzWZydyugvpk5DNTTNj4TiCU5lmP7m7SlGgUChY2iAtP9Lz+tu3UthSvTW1Ct7dO/n68jJ9t/IvIoEZBuhlapF2jFDupkarJz/mruj+2jAt/bvlqtjA0CgZnwj/8KJjv6+9tMN+s5rJKkO8CfVDZlHF+BODmrg== + password: AgAXpJTkQIqKTPpube8O4AcRpAEPnbWvDnQg83DiCHejImXMrTKGr8mjaylqSnCz0AzZofF235ic/22yQrBwl0Ymk4/5KWaNfQD7sEbZwBMUnR1zvCGVtY4rQwge+FCxoGfUFKF+S6eeneIhQxlMfG1fRDvHcJuqrattn13Rv7L5QGW4kMujs+Dz6ZPwoQV3Vd4Jy400wYAElKEckVsNlPmmHz1zOW+p0ZkRRosGZHlMslNcHMAhXJwvj9Eedod/Xk61d7G/MDozCHtYtFTUvoU/QrgNzoVFOVy3sM4oVan4B+uywxQDMbhZbqGzNP/Xp/cmKHe9QTbw2jiXYgXWDdW6tRSlc9b1ic2T3Lflv1qBmzIzwvixEGJSZi14me+O6vUftattwxiH7C4nihfCwohC9GfRUGK+kHLsX7t0InN4KFClFA9bysldqHVKU9xKQc6oya/HAN5qZnBD3HyEBd4GL2lpiTgo/vyzGA7oHX1c57hl891JTnGm7fklC5fANvjDDcYbQHBAMsG91kdBYR2AXSxDJWK4eoph00uBChHA5iUYpeRWND14hDXrWcjoWRWpi2bRQJ06cp0nJ+897dfDHAj7iC7ciMhcoKW601UpxirOHbncMsSxgInW6/Q6raaEI0ezfqYRhamjPH+6uZTDZZFLfIg4/9hkSi/0ZnwEv30B1DJd9phTISUzWT1uBgW0QHzx9X/GWcx/efUk2/cZbmmUIPHZskw+C/R/e/5THuGiRteIxagFHuZ8jGcXlCt7wzd9YHePNn0mY0Y= + template: + metadata: + creationTimestamp: null + name: biboumi-config + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml new file mode 100644 index 0000000..bdbc8b2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +data: + cgitrc: | + root-desc=All public repos from tyil + + source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh + about-filter=/usr/lib/cgit/filters/about-formatting.sh + + readme=:INSTALL + readme=:INSTALL.htm + readme=:INSTALL.html + readme=:INSTALL.md + readme=:INSTALL.mkd + readme=:INSTALL.rst + readme=:INSTALL.txt + readme=:README + readme=:README.htm + readme=:README.html + readme=:README.md + readme=:README.mkd + readme=:README.pod6 + readme=:README.rakudoc + readme=:README.rst + readme=:README.txt + readme=:install + readme=:install.htm + readme=:install.html + readme=:install.md + readme=:install.mkd + readme=:install.rst + readme=:install.txt + readme=:readme + readme=:readme.htm + readme=:readme.html + readme=:readme.md + readme=:readme.mkd + readme=:readme.rst + readme=:readme.txt + + css=/cgit-css/cgit.css + logo=/cgit-css/cgit.png + + #cache-root=/var/cache/cgit + #cache-size=1000 + + clone-prefix=https://git.tyil.nl + enable-git-config=1 + enable-index-links=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + remove-suffix=1 + robots=index, follow + scan-path=/srv/git/ + section-from-path=1 + snapshots=tar.gz tar.bz2 + virtual-root=/ +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml new file mode 100644 index 0000000..715a3f6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: emarcs/nginx-cgit + name: cgit + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /srv/git + name: data + - mountPath: /etc/cgitrc + subPath: cgitrc + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/git + type: DirectoryOrCreate + - name: config + configMap: + name: cgit +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml new file mode 100644 index 0000000..4de2546 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - git.tyil.nl + secretName: tls-nl.tyil.git + rules: + - host: git.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: cgit + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml new file mode 100644 index 0000000..7a6a5a2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml new file mode 100644 index 0000000..5a85a00 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dist + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: docker.io/svenstaro/miniserve:latest + args: + - --qrcode + - /var/www + name: miniserve + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /var/www + name: bucket + readOnly: true + restartPolicy: Always + volumes: + - name: bucket + persistentVolumeClaim: + claimName: dist +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml new file mode 100644 index 0000000..5c67478 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dist + namespace: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + ingressClassName: nginx + tls: + - hosts: + - dist.tyil.nl + secretName: tls-nl.tyil.dist + rules: + - host: dist.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: dist + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml new file mode 100644 index 0000000..de9111f --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dist + namespace: personal-services +spec: + storageClassName: seaweedfs + volumeName: dist + accessModes: + - ReadWriteMany + resources: + requests: + storage: 20Gi +... diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml new file mode 100644 index 0000000..999025f --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: dist + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dist + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8080 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml new file mode 100644 index 0000000..79a1f15 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud + namespace: personal-services +spec: + schedule: "*/5 * * * *" + successfulJobsHistoryLimit: 0 + failedJobsHistoryLimit: 2 + jobTemplate: + spec: + template: + spec: + securityContext: + runAsUser: 33 + runAsGroup: 33 + nodeName: "mieshu.tyil.net" + containers: + - name: nextcloud + image: nextcloud:27 + command: + - php + args: + - -f + - /var/www/html/cron.php + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: OnFailure + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml new file mode 100644 index 0000000..250f670 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: nextcloud:27 + name: nextcloud + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml new file mode 100644 index 0000000..33060ab --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + nginx.ingress.kubernetes.io/proxy-body-size: 512m +# nginx.ingress.kubernetes.io/configuration-snippet: | +# client_max_body_size 512M; +# fastcgi_buffers 64 4K; +spec: + ingressClassName: nginx + tls: + - hosts: + - cloud.tyil.nl + secretName: tls-nl.tyil.cloud + rules: + - host: cloud.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml new file mode 100644 index 0000000..7e03fe2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml new file mode 100644 index 0000000..2785249 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml @@ -0,0 +1,160 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-config + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + prosody.cfg.lua: | + -- Information on configuring Prosody can be found on our + -- website at https://prosody.im/doc/configure + + daemonize = false; + + ---------- Server-wide settings ---------- + admins = { + "tyil@chat.tyil.nl", + } + + log = { + { levels = { min = "debug" }, to = "console" }; + } + + plugin_paths = { "/usr/local/lib/prosody/modules" } + installer_plugin_path = "/var/lib/prosody/custom_plugins" + + modules_enabled = { + -- Generally required + "disco"; -- Service discovery + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + + -- Not essential, but recommended + "adhoc"; -- XEP-0050 + "blocklist"; -- Allow users to block communications with other users + --"bookmarks"; -- Synchronise the list of open rooms between clients + "carbons"; -- Keep multiple online clients in sync + "dialback"; -- Support for verifying remote servers using DNS + "limits"; -- Enable bandwidth limiting for XMPP connections + "pep"; -- Allow users to store public and private data in their account + "private"; -- Legacy account storage mechanism (XEP-0049) + --"smacks"; -- Stream management and resumption (XEP-0198) + "vcard4"; -- User profiles (stored in PEP) + "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard + + -- Nice to have + "csi_simple"; -- Simple but effective traffic optimizations for mobile devices + --"invites"; -- Create and manage invites + --"invites_adhoc"; -- Allow admins/users to create invitations via their client + --"invites_register"; -- Allows invited users to create accounts + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "time"; -- Let others know the time here on this server + "uptime"; -- Report how long server has been running + "version"; -- Replies to server version requests + "mam"; -- Store recent messages to allow multi-device synchronization + --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_shell"; -- Allow secure administration via 'prosodyctl shell' + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_openmetrics"; -- for exposing metrics to stats collectors + --"websocket"; -- XMPP over WebSockets + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"announce"; -- Send announcement to all online users + --"groups"; -- Shared roster support + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"mimicking"; -- Prevent address spoofing + --"motd"; -- Send a message to users when they log in + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) + --"server_contact_info"; -- Publish contact information for this service + --"tombstones"; -- Prevent registration of deleted accounts + --"watchregistrations"; -- Alert admins of registrations + --"welcome"; -- Welcome users who register accounts + } + + modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + } + + s2s_secure_auth = true + + limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; + } + + authentication = "internal_hashed" + archive_expires_after = "1w" -- Remove archived messages after 1 week + + -- Audio/video call relay (STUN/TURN) + -- To ensure clients connected to the server can establish connections for + -- low-latency media streaming (such as audio and video calls), it is + -- recommended to run a STUN/TURN server for clients to use. If you do this, + -- specify the details here so clients can discover it. + -- Find more information at https://prosody.im/doc/turn + + -- Specify the address of the TURN service (you may use the same domain as XMPP) + --turn_external_host = "turn.example.com" + + -- This secret must be set to the same value in both Prosody and the TURN server + --turn_external_secret = "your-secret-turn-access-token" + statistics = "internal" + + -- Load configuration from secrets + Include "secrets.d/*" + + -- Configure components + component_ports = { + 5347, + } + component_interfaces = { + "*", + "::", + } + + Include "components.d/*" + + -- Load configuration for additional hosts + Include "hosts.d/*" +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-vhosts + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +data: + chat.tyil.nl: | + VirtualHost "chat.tyil.nl" + ssl = { + certificate = "certs.d/chat.tyil.nl/tls.crt"; + key = "certs.d/chat.tyil.nl/tls.key"; + } + + Component "muc.chat.tyil.nl" "muc" + name = "Tyil's Chatrooms" +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml new file mode 100644 index 0000000..6e2e995 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: prosody/prosody:0.11 + name: prosody + ports: + - containerPort: 5222 + - containerPort: 5269 + - containerPort: 5347 + volumeMounts: + - mountPath: /etc/prosody + name: config + - mountPath: /etc/prosody/secrets.d + name: config-secret + - mountPath: /etc/prosody/components.d + name: config-components + - mountPath: /etc/prosody/hosts.d + name: config-hosts + - mountPath: /etc/prosody/certs.d/chat.tyil.nl + name: cert-nl-tyil-chat + readOnly: true + restartPolicy: Always + volumes: + - name: config + configMap: + name: prosody-config + - name: config-secret + secret: + secretName: prosody-config + - name: config-components + secret: + secretName: prosody-components + - name: config-hosts + configMap: + name: prosody-vhosts + - name: cert-nl-tyil-chat + secret: + secretName: tls-nl.tyil.chat +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml new file mode 100644 index 0000000..dfb78cd --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - chat.tyil.nl + - muc.chat.tyil.nl + - share.chat.tyil.nl + secretName: tls-nl.tyil.chat + rules: + - host: chat.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prosody + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml new file mode 100644 index 0000000..27857a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services +spec: + encryptedData: + biboumi.conf: AgAOjX2cxWU2bj7GDIJ5l6GlFGqnko1/o8w3VeDcTRK8lw0gGWXEQe4fn8MAwKpaauMYU9ItSWASWF0oxG9BIlV73YXRZbeiWwCZImH9No2uaaYESOssnx+Yq3kDaYUybw2ycG74ixy7ZynoH00Pkv3QMTNrmOOvUwuJdnU8mChwVbyAh1XiG253Y7eALZ7t8r7exlQ5SqPLoWt+l/loCPXPo8/mlPZX4eOngCHbgX6UPznESynn+Kjk4Jo5mNzQngPZa9+LHAjFvRnn+fZpbX7bvv01Gj6enbdmrgN0hcOncrXmZ59t746Sqwfo91LKZjqlKbD2lqO9sXjAqh3SLH1L2XRxCRBZDJTm7EuNuTJ/0tWgWI+8o9NlH3eSTbCjafBfApdK8gl2KR7XrYpQoTXiE68osP068FNmrGldr4m3qWlZ35lzEuXD93Aey4vDl0K1mSBWJ67eAhbOFrlCwhdhMyxReacdlXLOAIytQ2vPtKiInlSLlcZklBWyrHHz4l6JTMrRSehGlwjT2jDnc8Zg5lpj8msb4vNcbTM9o8RJ8p3+s01tVZU5uZ4imaZ2OUEmVxnZb5lGbEGydbULkZKGXyQSJ2vYzveLiiXuijV3jlShVol8MN2C4OHkDkuxMJKUbMc1TD5HEZDeW45Gk9+bXL2DUC9i8H/seuZp7XFrhsPbnvYqwltPecRhyJJNFSFPlGch2yFNtWvXTFfRFw1wBMwYHbnlLdCkxaDShx6KpfqexpvMdLluKuN2LIBV/+EmWjK5zQ1UcYeMwCm6Zn43CuwNurk9Lv3+7y8vfIunkpOkYjMh5gWiigaaiPbEbiBvLtP3TOGK61y2iGmAA+beA4b6mAE= + sleamdge.conf: AgA2akX2XFsgBWl5FN1gRjQTnkhHejr1Puixw634sAfPoGVwP7/qdFQNE6hEtvuFJ2ocBguLZviJyxJZye8G0wLDR5NZ+yg+DIWYiZBYIPHHxc6gBW1PNsb/sW9j4rDj3KX/Gr63MNdOyuh/8+z6Tf8TfbGjGorGlGH18buHAACqraumEK8/uh0WCzTMPw+lmLdmtI2YAXiHWPHck0TcKtAoKaRzr3BKqOO50Lqw20Zr5EtDqj/xvK/zZI1yE1PDDaQpxnS/PRzspvx2owyTJHTAwukZLY1Jn0deRFnkoXgL6AUt3wz7uHqEVXTxfMuvanhqUE4/Ze8kFbc0FTF8fUZZoue2tIOBKlqCN68wn1Ow6HjUlhYZlF9CLHPj/hKL+OhEx/ejCUv79gWb1/GQijJcehXnWpFzXROiW85+CoRvVgb/aan5hEVpNOBZ6KfwSyYJHfOVSKlwxE/T8NjguQMN1WEqljYq3rmtwD0T/t+xZzlVJ1xh6hEiRmwlYOrI1mAxDdUKOnvNt/VxV1lSudsDWaXhLHqlj8pz4r4Y1y418kX4v8o7GOmKOWMrCj+g/aSM2m74UIi09dLoY9bCJK+4k6zXWfJ+aTmSz1m6NzmwV9H4Gg82S9v+T5TK9vqkw9/7HnPpEu3dWbWyH4mhl1tx2/XoJp/iTc8e+e/zIhs9SETrETQkwVYIXu5fpnKAIbzf/7FFQEUTMBrgCCc7QWWhrAFAqxN69fiyEi9aGDNDzzAp6ESg2kQo/0U3oAbqdRCJj3isApgllmcFj1QYsU+FYKbPsmXk2jfU4KqWKPlXbZ4srX1wqSKSqyB64ZBvI65RXOWCFmXS4fwBsya1t6evhgj5Sw4r + template: + metadata: + creationTimestamp: null + name: prosody-components + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml new file mode 100644 index 0000000..64e1d2a --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services +spec: + encryptedData: + storage: AgBIomSzF4Wzwl/+oRYsQLSVuiCj/7Jwr3ftXwDGiZ6GRqsOmm9KZp71+4AUGvYSp1tTkSafzwK67ZZ7k6xuiOFXFDURczN/KDw5eduCtuGVcwrJAdJmpF4S3KghKkHuFDPJyZP95uI8bkHxGr1/J2QmQ1sT0pH3sWMr5E3e7cN1j4V8dzr98I+bCOgCVghbd187gEDz0QrIRespyvjvD28kopx/eri3re+zRkTep6krbH2w1x8H/Xdgs/iqCM3IXUugT1YbBuKJBPYc2T48K/ul4ww0GqVDnpYnzP3ThL9PClhXVeKKLLyvkKPn6JW43eWy1XVZ1xNwnZZAzcr1quteZeqLDSZlK/rr3PJ8uJVvHFlNrhZn61cl3TjQ8XjLgLOapDxLIX9yLEe+uK15TJCCnnmjSBQ5mETCW/vaxeCbFOjD+qdQbU2O/GbZ06fQNWqSmu5/Z75LNWYuwn3CT09B+4lctjDjrGMuYOxhtvug6Bt0qKtqMoIYg4FTPAueLj5nJ3vWu320xBpd7RgTIt/x+f/um23OjsaGsilAoz95V1bUdHs6t8txTlsgtXDM6GpiZoY5j7NfUuxm6Px+GaHsYDj0RZRlpOVZVhyucvvJxCc975BrvYjCmyrgopAQGzFO8TSdb91N9UnJ3lxcZM9KChZC3LGjAiqEz6aZ13Yxcd5f02Q7Nfp3DXYUYqL+HnDpi4fRkysmYkYO6jqT7joc9c57I8Zw0YRIoVPm5rU04aEe9V4DsQjR70cKpyaqk3eHxzVr+kYb+zqt21q+iBTHpK4XOsiV522XPsd56aU4ukf+j2g/XduK2SSIBqV1DYntYrFEzZAmuSpDRlYMw/AIh647ksrmt04y+SHV+IoegKVu0bWfOQJbWOtQYiskMnXBNXIqk9asIPyo2nuNAbDRxH0veuY4akM6QUhJ3jjfm/uU8O/A/kaQP9P6M0Z2buL/KSlTCDnGSPx8NSkGUSe0V/izO7WuK558zg== + template: + metadata: + creationTimestamp: null + name: prosody-config + namespace: personal-services + type: Opaque diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml new file mode 100644 index 0000000..22e9539 --- /dev/null +++ b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: xmpp + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: xmpp + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + type: LoadBalancer + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 +... +--- +apiVersion: v1 +kind: Service +metadata: + name: prosody + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: personal-services + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 + - name: components + port: 5347 + targetPort: 5347 +... |