diff --git a/apps/irc/irc.yaml b/apps/irc/irc.yaml index 9d8fb69..94645a6 100644 --- a/apps/irc/irc.yaml +++ b/apps/irc/irc.yaml @@ -1,9 +1,9 @@ -# UnrealIRCd + Anope IRC Services -# ArgoCD managed - BlueJay Lab -# Credentials: 1Password → OnePasswordItem → K8s Secret → initContainer sed injection ---- -apiVersion: v1 -kind: Namespace +# UnrealIRCd + Anope IRC Services + The Lounge web client +# ArgoCD managed - BlueJay Lab +# Credentials: 1Password → OnePasswordItem → K8s Secret → initContainer sed injection +--- +apiVersion: v1 +kind: Namespace metadata: name: irc labels: @@ -24,19 +24,71 @@ kind: Certificate metadata: name: irc-tls namespace: irc -spec: - secretName: irc-tls - issuerRef: - name: step-ca-acme - kind: ClusterIssuer - dnsNames: - - irc.iamworkin.lan ---- -# UnrealIRCd configuration template (passwords replaced by placeholders) -apiVersion: v1 -kind: ConfigMap -metadata: - name: unrealircd-config-template +spec: + secretName: irc-tls + issuerRef: + name: step-ca-acme + kind: ClusterIssuer + dnsNames: + - irc.iamworkin.lan +--- +# TLS Certificate for The Lounge web IRC +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: webirc-tls + namespace: irc +spec: + secretName: webirc-tls + issuerRef: + name: step-ca-acme + kind: ClusterIssuer + dnsNames: + - webirc.iamworkin.lan +--- +# The Lounge configuration +apiVersion: v1 +kind: ConfigMap +metadata: + name: thelounge-config + namespace: irc +data: + config.js: | + "use strict"; + + module.exports = { + public: true, + host: "0.0.0.0", + port: 9000, + reverseProxy: true, + maxHistory: 2500, + theme: "default", + prefetch: false, + disableMediaPreview: true, + fileUpload: { + enable: false + }, + defaults: { + name: "BlueJayIRC", + host: "unrealircd.irc.svc.cluster.local", + port: 6667, + password: "", + tls: false, + rejectUnauthorized: true, + nick: "BlueJayWeb%%", + username: "bluejayweb", + realname: "BlueJay Web IRC", + join: "#general" + }, + lockNetwork: true, + leaveMessage: "BlueJay Web IRC" + }; +--- +# UnrealIRCd configuration template (passwords replaced by placeholders) +apiVersion: v1 +kind: ConfigMap +metadata: + name: unrealircd-config-template namespace: irc data: unrealircd.conf: | @@ -537,11 +589,11 @@ spec: --- # Anope IRC Services Deployment apiVersion: apps/v1 -kind: Deployment -metadata: - name: anope - namespace: irc - labels: +kind: Deployment +metadata: + name: anope + namespace: irc + labels: app: anope spec: replicas: 1 @@ -601,24 +653,76 @@ spec: limits: memory: 128Mi cpu: 100m - volumes: - - name: irc-credentials - secret: - secretName: irc-credentials - - name: anope-config-template - configMap: - name: anope-config-template - - name: injected-config - emptyDir: {} - - name: anope-data - persistentVolumeClaim: - claimName: anope-data ---- -# UnrealIRCd Service -apiVersion: v1 -kind: Service -metadata: - name: unrealircd + volumes: + - name: irc-credentials + secret: + secretName: irc-credentials + - name: anope-config-template + configMap: + name: anope-config-template + - name: injected-config + emptyDir: {} + - name: anope-data + persistentVolumeClaim: + claimName: anope-data +--- +# The Lounge web IRC Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: thelounge + namespace: irc + labels: + app: thelounge +spec: + replicas: 1 + selector: + matchLabels: + app: thelounge + template: + metadata: + labels: + app: thelounge + spec: + containers: + - name: thelounge + image: ghcr.io/thelounge/thelounge:4.4.3 + ports: + - containerPort: 9000 + name: http + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 20 + resources: + requests: + memory: 64Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 250m + volumeMounts: + - name: thelounge-config + mountPath: /var/opt/thelounge/config.js + subPath: config.js + volumes: + - name: thelounge-config + configMap: + name: thelounge-config +--- +# UnrealIRCd Service +apiVersion: v1 +kind: Service +metadata: + name: unrealircd namespace: irc spec: selector: @@ -643,16 +747,30 @@ metadata: spec: selector: app: anope - ports: - - port: 8067 - targetPort: 8067 - name: services-link ---- -# Traefik IngressRouteTCP - IRC plain (6667) -apiVersion: traefik.io/v1alpha1 -kind: IngressRouteTCP -metadata: - name: irc-plain + ports: + - port: 8067 + targetPort: 8067 + name: services-link +--- +# The Lounge web IRC Service +apiVersion: v1 +kind: Service +metadata: + name: thelounge + namespace: irc +spec: + selector: + app: thelounge + ports: + - port: 9000 + targetPort: 9000 + name: http +--- +# Traefik IngressRouteTCP - IRC plain (6667) +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: irc-plain namespace: irc spec: entryPoints: @@ -672,10 +790,28 @@ metadata: spec: entryPoints: - irctls - routes: - - match: HostSNI(`*`) - services: - - name: unrealircd - port: 6697 - tls: - passthrough: true + routes: + - match: HostSNI(`*`) + services: + - name: unrealircd + port: 6697 + tls: + passthrough: true +--- +# Traefik IngressRoute - The Lounge web IRC +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: webirc + namespace: irc +spec: + entryPoints: + - websecure + routes: + - match: Host(`webirc.iamworkin.lan`) + kind: Rule + services: + - name: thelounge + port: 9000 + tls: + secretName: webirc-tls