bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity

Fix mail (accounts), matrix (homeserver.yaml), irc (proper image+config)

Browse Source
This commit is contained in:
root
2026-03-09 17:02:59 -05:00
parent ef442e29eb
commit 3c29b0abe5
3 changed files with 1179 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files

738
apps/irc/irc.yaml
View File

@@ -1,184 +1,554 @@
# UnrealIRCd + Anope IRC Services
# PLACEHOLDER - UnrealIRCd needs config files mounted before running
# ArgoCD managed - BlueJay Lab
---
apiVersion: v1
kind: Namespace
metadata:
name: irc
labels:
app.kubernetes.io/part-of: bluejay-infra
---
# UnrealIRCd PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unrealircd-data
namespace: irc
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 1Gi
---
# Anope PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: anope-data
namespace: irc
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 1Gi
---
# UnrealIRCd Deployment
# NOTE: This is a placeholder. UnrealIRCd requires configuration files
# (unrealircd.conf, TLS certs, etc.) to be present in /data before starting.
# Mount config via ConfigMap/Secret or init container before enabling.
apiVersion: apps/v1
kind: Deployment
metadata:
name: unrealircd
namespace: irc
labels:
app: unrealircd
spec:
replicas: 1
selector:
matchLabels:
app: unrealircd
template:
metadata:
labels:
app: unrealircd
spec:
containers:
- name: unrealircd
image: ghcr.io/unrealircd/unrealircd:latest
ports:
- containerPort: 6667
name: irc-plain
- containerPort: 6697
name: irc-tls
- containerPort: 8067
name: services-link
volumeMounts:
- name: unrealircd-data
mountPath: /data
resources:
requests:
memory: 64Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 250m
volumes:
- name: unrealircd-data
persistentVolumeClaim:
claimName: unrealircd-data
---
# Anope IRC Services Deployment
# NOTE: Placeholder. Anope requires services.conf with link block
# matching UnrealIRCd's link configuration.
apiVersion: apps/v1
kind: Deployment
metadata:
name: anope
namespace: irc
labels:
app: anope
spec:
replicas: 1
selector:
matchLabels:
app: anope
template:
metadata:
labels:
app: anope
spec:
containers:
- name: anope
image: anope/anope:latest
volumeMounts:
- name: anope-data
mountPath: /data
resources:
requests:
memory: 64Mi
cpu: 25m
limits:
memory: 128Mi
cpu: 100m
volumes:
- name: anope-data
persistentVolumeClaim:
claimName: anope-data
---
# UnrealIRCd Service (ClusterIP for internal + Traefik TCP routing)
apiVersion: v1
kind: Service
metadata:
name: unrealircd
namespace: irc
spec:
selector:
app: unrealircd
ports:
- port: 6667
targetPort: 6667
name: irc-plain
- port: 6697
targetPort: 6697
name: irc-tls
- port: 8067
targetPort: 8067
name: services-link
---
# Anope Service
apiVersion: v1
kind: Service
metadata:
name: anope
namespace: irc
spec:
selector:
app: anope
ports:
- port: 8067
targetPort: 8067
name: services-link
---
# Traefik IngressRouteTCP - IRC plain (6667)
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: irc-plain
namespace: irc
spec:
entryPoints:
- irc
routes:
- match: HostSNI(`*`)
services:
- name: unrealircd
port: 6667
---
# Traefik IngressRouteTCP - IRC TLS passthrough (6697)
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: irc-tls
namespace: irc
spec:
entryPoints:
- ircs
routes:
- match: HostSNI(`*`)
services:
- name: unrealircd
port: 6697
tls:
passthrough: true
# UnrealIRCd + Anope IRC Services
# ArgoCD managed - BlueJay Lab
---
apiVersion: v1
kind: Namespace
metadata:
name: irc
labels:
app.kubernetes.io/part-of: bluejay-infra
---
# TLS Certificate for IRC
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: irc-tls
namespace: irc
spec:
secretName: irc-tls
issuerRef:
name: step-ca-acme
kind: ClusterIssuer
dnsNames:
- irc.iamworkin.lan
---
# UnrealIRCd configuration
apiVersion: v1
kind: Secret
metadata:
name: unrealircd-config
namespace: irc
type: Opaque
stringData:
unrealircd.conf: |
/* BlueJay Lab IRC - UnrealIRCd 6.x config */
/* Managed by ArgoCD */
include "modules.default.conf";
include "help/help.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
me {
name "irc.iamworkin.lan";
info "BlueJay Lab IRC Server";
sid 001;
}
admin {
"BlueJay Lab IRC";
"admin@iamwork.in";
}
class clients {
pingfreq 90;
maxclients 500;
sendq 200k;
recvq 8000;
}
class opers {
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}
class servers {
pingfreq 60;
connfreq 15;
maxclients 10;
sendq 20M;
}
allow {
mask *;
class clients;
maxperip 5;
}
listen {
ip *;
port 6667;
}
listen {
ip *;
port 6697;
options { tls; }
tls-options {
certificate "/etc/ssl/irc/tls.crt";
key "/etc/ssl/irc/tls.key";
}
}
listen {
ip *;
port 8067;
}
oper bluejay {
mask *;
password "BlueJay-IRC-Oper-2026";
operclass netadmin-with-override;
class opers;
}
drpass {
restart "BlueJay-IRC-Oper-2026";
die "BlueJay-IRC-Oper-2026";
}
link services.iamworkin.lan {
incoming {
mask *;
}
password "BlueJay-Services-Link-2026";
class servers;
}
ulines {
services.iamworkin.lan;
}
log {
source {
all;
\!debug;
}
destination {
channel "#ops";
}
}
set {
network-name "BlueJayIRC";
default-server "irc.iamworkin.lan";
services-server "services.iamworkin.lan";
stats-server "stats.iamworkin.lan";
help-channel "#general";
cloak-keys {
"bluejay-cloak-key-1-aHR0cHM6Ly9pcmM";
"bluejay-cloak-key-2-aWFtd29ya2luLmxhbg";
"bluejay-cloak-key-3-Ymx1ZWpheS1pcmM";
}
kline-address "admin@iamwork.in";
maxchannelsperuser 25;
anti-flood {
everyone {
connect-flood 3:60;
}
}
options {
hide-ulines;
show-connect-info;
}
/* TLS config */
tls {
certificate "/etc/ssl/irc/tls.crt";
key "/etc/ssl/irc/tls.key";
}
}
---
# Anope configuration
apiVersion: v1
kind: Secret
metadata:
name: anope-config
namespace: irc
type: Opaque
stringData:
services.conf: |
define {
name = "services.host"
value = "services.iamworkin.lan"
}
uplink {
host = "unrealircd.irc.svc.cluster.local"
port = 8067
password = "BlueJay-Services-Link-2026"
}
serverinfo {
name = "services.iamworkin.lan"
description = "BlueJay IRC Services"
pid = "/data/services.pid"
motd = "/data/services.motd"
}
module {
name = "unreal4"
}
networkinfo {
networkname = "BlueJayIRC"
nicklen = 31
userlen = 10
hostlen = 64
chanlen = 32
mail_from = "noreply@iamwork.in"
}
options {
casemap = "ascii"
seed = 42
strictpasswords
}
module { name = "nickserv" }
module { name = "chanserv" }
module { name = "operserv" }
module { name = "botserv" }
module { name = "hostserv" }
module { name = "memoserv" }
module { name = "global" }
module { name = "db_flatfile" }
module { name = "enc_sha256" }
module { name = "ns_access" }
module { name = "ns_ajoin" }
module { name = "ns_cert" }
module { name = "ns_drop" }
module { name = "ns_group" }
module { name = "ns_identify" }
module { name = "ns_info" }
module { name = "ns_list" }
module { name = "ns_logout" }
module { name = "ns_recover" }
module { name = "ns_register" }
module { name = "ns_set" }
module { name = "ns_suspend" }
module { name = "ns_update" }
module { name = "cs_access" }
module { name = "cs_akick" }
module { name = "cs_ban" }
module { name = "cs_clone" }
module { name = "cs_drop" }
module { name = "cs_enforce" }
module { name = "cs_entrymsg" }
module { name = "cs_flags" }
module { name = "cs_info" }
module { name = "cs_invite" }
module { name = "cs_kick" }
module { name = "cs_list" }
module { name = "cs_log" }
module { name = "cs_mode" }
module { name = "cs_register" }
module { name = "cs_seen" }
module { name = "cs_set" }
module { name = "cs_suspend" }
module { name = "cs_topic" }
module { name = "cs_unban" }
module { name = "os_akill" }
module { name = "os_chankill" }
module { name = "os_defcon" }
module { name = "os_forbid" }
module { name = "os_ignore" }
module { name = "os_info" }
module { name = "os_jupe" }
module { name = "os_kick" }
module { name = "os_kill" }
module { name = "os_list" }
module { name = "os_login" }
module { name = "os_logsearch" }
module { name = "os_mode" }
module { name = "os_modinfo" }
module { name = "os_module" }
module { name = "os_noop" }
module { name = "os_oper" }
module { name = "os_reload" }
module { name = "os_session" }
module { name = "os_set" }
module { name = "os_shutdown" }
module { name = "os_stats" }
module { name = "os_svsnick" }
module { name = "os_sxline" }
module { name = "os_update" }
module { name = "bs_assign" }
module { name = "bs_badwords" }
module { name = "bs_bot" }
module { name = "bs_info" }
module { name = "bs_kick" }
module { name = "bs_set" }
module { name = "hs_del" }
module { name = "hs_group" }
module { name = "hs_list" }
module { name = "hs_off" }
module { name = "hs_on" }
module { name = "hs_request" }
module { name = "hs_set" }
module { name = "ms_cancel" }
module { name = "ms_check" }
module { name = "ms_del" }
module { name = "ms_ignore" }
module { name = "ms_info" }
module { name = "ms_list" }
module { name = "ms_read" }
module { name = "ms_rsend" }
module { name = "ms_send" }
module { name = "ms_set" }
module { name = "gl_global" }
module { name = "m_dns" }
module { name = "m_helpchan" }
module { name = "m_httpd" }
module { name = "m_ldap" }
module { name = "m_xmlrpc" }
module { name = "m_proxyscan" }
nickserv {
nick = "NickServ"
defaults = "kill_quick ns_secure ns_private hide_email"
registration = "none"
expire = 90d
}
chanserv {
nick = "ChanServ"
defaults = "keeptopic peace cs_secure"
expire = 14d
}
operserv {
nick = "OperServ"
}
botserv {
nick = "BotServ"
defaults = "dontkickops fantasy greet"
}
hostserv {
nick = "HostServ"
}
memoserv {
nick = "MemoServ"
maxmemos = 20
}
global {
nick = "Global"
}
service {
nick = "bluejay"
}
oper {
name = "bluejay"
type = "Services Root"
}
db_flatfile {
database = "/data/anope.db"
fork = yes
}
log {
target = "/data/services.log"
admin = "*"
override = "chanserv/* nickserv/* operserv/*"
commands = "chanserv/* nickserv/* operserv/*"
servers = "*"
channels = "*"
users = "connect disconnect"
}
---
# UnrealIRCd PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unrealircd-data
namespace: irc
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 1Gi
---
# Anope PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: anope-data
namespace: irc
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 1Gi
---
# UnrealIRCd Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: unrealircd
namespace: irc
labels:
app: unrealircd
spec:
replicas: 1
selector:
matchLabels:
app: unrealircd
template:
metadata:
labels:
app: unrealircd
spec:
containers:
- name: unrealircd
image: ircd/unrealircd:latest
ports:
- containerPort: 6667
name: irc-plain
- containerPort: 6697
name: irc-tls
- containerPort: 8067
name: services-link
volumeMounts:
- name: unrealircd-config
mountPath: /ircd/unrealircd.conf
subPath: unrealircd.conf
- name: unrealircd-data
mountPath: /data
- name: irc-tls
mountPath: /etc/ssl/irc
readOnly: true
resources:
requests:
memory: 64Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 250m
volumes:
- name: unrealircd-config
secret:
secretName: unrealircd-config
- name: unrealircd-data
persistentVolumeClaim:
claimName: unrealircd-data
- name: irc-tls
secret:
secretName: irc-tls
---
# Anope IRC Services Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: anope
namespace: irc
labels:
app: anope
spec:
replicas: 1
selector:
matchLabels:
app: anope
template:
metadata:
labels:
app: anope
spec:
containers:
- name: anope
image: anope/anope:latest
volumeMounts:
- name: anope-config
mountPath: /data/conf/services.conf
subPath: services.conf
- name: anope-data
mountPath: /data
resources:
requests:
memory: 64Mi
cpu: 25m
limits:
memory: 128Mi
cpu: 100m
volumes:
- name: anope-config
secret:
secretName: anope-config
- name: anope-data
persistentVolumeClaim:
claimName: anope-data
---
# UnrealIRCd Service
apiVersion: v1
kind: Service
metadata:
name: unrealircd
namespace: irc
spec:
selector:
app: unrealircd
ports:
- port: 6667
targetPort: 6667
name: irc-plain
- port: 6697
targetPort: 6697
name: irc-tls
- port: 8067
targetPort: 8067
name: services-link
---
# Anope Service
apiVersion: v1
kind: Service
metadata:
name: anope
namespace: irc
spec:
selector:
app: anope
ports:
- port: 8067
targetPort: 8067
name: services-link
---
# Traefik IngressRouteTCP - IRC plain (6667)
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: irc-plain
namespace: irc
spec:
entryPoints:
- irc
routes:
- match: HostSNI(`*`)
services:
- name: unrealircd
port: 6667
---
# Traefik IngressRouteTCP - IRC TLS passthrough (6697)
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: irc-tls
namespace: irc
spec:
entryPoints:
- irctls
routes:
- match: HostSNI(`*`)
services:
- name: unrealircd
port: 6697
tls:
passthrough: true