From f0198c2c65affb24744ee839f8c7de8be688e307 Mon Sep 17 00:00:00 2001
From: root <root@rke2-server.iamworkin.lan>
Date: Mon, 9 Mar 2026 17:16:00 -0500
Subject: [PATCH] IRC: TLS emptyDir+initContainer, Anope initContainer for
 permissions

---
 apps/irc/irc.yaml | 49 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 37 insertions(+), 12 deletions(-)

diff --git a/apps/irc/irc.yaml b/apps/irc/irc.yaml
index b673a57..a804d73 100644
--- a/apps/irc/irc.yaml
+++ b/apps/irc/irc.yaml
@@ -87,8 +87,8 @@ stringData:
       port 6697;
       options { tls; }
       tls-options {
-        certificate "/app/conf/tls/tls.crt";
-        key "/app/conf/tls/tls.key";
+        certificate "/app/conf/tls/server.cert.pem";
+        key "/app/conf/tls/server.key.pem";
       }
     }
 
@@ -156,8 +156,8 @@ stringData:
 
       /* TLS config */
       tls {
-        certificate "/app/conf/tls/tls.crt";
-        key "/app/conf/tls/tls.key";
+        certificate "/app/conf/tls/server.cert.pem";
+        key "/app/conf/tls/server.key.pem";
       }
     }
 ---
@@ -408,6 +408,22 @@ spec:
       labels:
         app: unrealircd
     spec:
+      initContainers:
+        - name: copy-tls
+          image: busybox:1.36
+          command: ["sh", "-c"]
+          args:
+            - |
+              cp /tls-secret/tls.crt /tls/server.cert.pem
+              cp /tls-secret/tls.key /tls/server.key.pem
+              chmod 644 /tls/server.cert.pem
+              chmod 600 /tls/server.key.pem
+          volumeMounts:
+            - name: irc-tls-secret
+              mountPath: /tls-secret
+              readOnly: true
+            - name: irc-tls
+              mountPath: /tls
       containers:
         - name: unrealircd
           image: djlegolas/unrealircd:6.1.9.1
@@ -426,7 +442,6 @@ spec:
               mountPath: /app/data
             - name: irc-tls
               mountPath: /app/conf/tls
-              readOnly: true
           resources:
             requests:
               memory: 64Mi
@@ -441,9 +456,11 @@ spec:
         - name: unrealircd-data
           persistentVolumeClaim:
             claimName: unrealircd-data
-        - name: irc-tls
+        - name: irc-tls-secret
           secret:
             secretName: irc-tls
+        - name: irc-tls
+          emptyDir: {}
 ---
 # Anope IRC Services Deployment
 apiVersion: apps/v1
@@ -463,15 +480,23 @@ spec:
       labels:
         app: anope
     spec:
+      initContainers:
+        - name: fix-perms
+          image: busybox:1.36
+          command: ["sh", "-c"]
+          args:
+            - |
+              mkdir -p /data/conf /data/logs /data/runtime
+              cp -f /config/services.conf /data/conf/services.conf
+              chown -R 10000:10000 /data 2>/dev/null || chmod -R 777 /data
+          volumeMounts:
+            - name: anope-config
+              mountPath: /config
+            - name: anope-data
+              mountPath: /data
       containers:
         - name: anope
           image: anope/anope:latest
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              mkdir -p /data/conf /data/logs
-              cp /config/services.conf /data/conf/services.conf
-              exec /anope/bin/services --nofork
           volumeMounts:
             - name: anope-config
               mountPath: /config