# UnrealIRCd + Anope IRC Services # ArgoCD managed - BlueJay Lab --- apiVersion: v1 kind: Namespace metadata: name: irc labels: app.kubernetes.io/part-of: bluejay-infra --- # TLS Certificate for IRC apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: irc-tls namespace: irc spec: secretName: irc-tls issuerRef: name: step-ca-acme kind: ClusterIssuer dnsNames: - irc.iamworkin.lan --- # UnrealIRCd configuration apiVersion: v1 kind: Secret metadata: name: unrealircd-config namespace: irc type: Opaque stringData: unrealircd.conf: | /* BlueJay Lab IRC - UnrealIRCd 6.x config */ /* Managed by ArgoCD */ include "modules.default.conf"; include "help/help.conf"; include "operclass.default.conf"; include "snomasks.default.conf"; me { name "irc.iamworkin.lan"; info "BlueJay Lab IRC Server"; sid 001; } admin { "BlueJay Lab IRC"; "admin@iamwork.in"; } class clients { pingfreq 90; maxclients 500; sendq 200k; recvq 8000; } class opers { pingfreq 90; maxclients 50; sendq 1M; recvq 8000; } class servers { pingfreq 60; connfreq 15; maxclients 10; sendq 20M; } allow { mask *; class clients; maxperip 5; } listen { ip *; port 6667; } listen { ip *; port 6697; options { tls; } tls-options { certificate "/etc/ssl/irc/tls.crt"; key "/etc/ssl/irc/tls.key"; } } listen { ip *; port 8067; } oper bluejay { mask *; password "BlueJay-IRC-Oper-2026"; operclass netadmin-with-override; class opers; } drpass { restart "BlueJay-IRC-Oper-2026"; die "BlueJay-IRC-Oper-2026"; } link services.iamworkin.lan { incoming { mask *; } password "BlueJay-Services-Link-2026"; class servers; } ulines { services.iamworkin.lan; } log { source { all; \!debug; } destination { channel "#ops"; } } set { network-name "BlueJayIRC"; default-server "irc.iamworkin.lan"; services-server "services.iamworkin.lan"; stats-server "stats.iamworkin.lan"; help-channel "#general"; cloak-keys { "bluejay-cloak-key-1-aHR0cHM6Ly9pcmM"; "bluejay-cloak-key-2-aWFtd29ya2luLmxhbg"; "bluejay-cloak-key-3-Ymx1ZWpheS1pcmM"; } kline-address "admin@iamwork.in"; maxchannelsperuser 25; anti-flood { everyone { connect-flood 3:60; } } options { hide-ulines; show-connect-info; } /* TLS config */ tls { certificate "/etc/ssl/irc/tls.crt"; key "/etc/ssl/irc/tls.key"; } } --- # Anope configuration apiVersion: v1 kind: Secret metadata: name: anope-config namespace: irc type: Opaque stringData: services.conf: | define { name = "services.host" value = "services.iamworkin.lan" } uplink { host = "unrealircd.irc.svc.cluster.local" port = 8067 password = "BlueJay-Services-Link-2026" } serverinfo { name = "services.iamworkin.lan" description = "BlueJay IRC Services" pid = "/data/services.pid" motd = "/data/services.motd" } module { name = "unreal4" } networkinfo { networkname = "BlueJayIRC" nicklen = 31 userlen = 10 hostlen = 64 chanlen = 32 mail_from = "noreply@iamwork.in" } options { casemap = "ascii" seed = 42 strictpasswords } module { name = "nickserv" } module { name = "chanserv" } module { name = "operserv" } module { name = "botserv" } module { name = "hostserv" } module { name = "memoserv" } module { name = "global" } module { name = "db_flatfile" } module { name = "enc_sha256" } module { name = "ns_access" } module { name = "ns_ajoin" } module { name = "ns_cert" } module { name = "ns_drop" } module { name = "ns_group" } module { name = "ns_identify" } module { name = "ns_info" } module { name = "ns_list" } module { name = "ns_logout" } module { name = "ns_recover" } module { name = "ns_register" } module { name = "ns_set" } module { name = "ns_suspend" } module { name = "ns_update" } module { name = "cs_access" } module { name = "cs_akick" } module { name = "cs_ban" } module { name = "cs_clone" } module { name = "cs_drop" } module { name = "cs_enforce" } module { name = "cs_entrymsg" } module { name = "cs_flags" } module { name = "cs_info" } module { name = "cs_invite" } module { name = "cs_kick" } module { name = "cs_list" } module { name = "cs_log" } module { name = "cs_mode" } module { name = "cs_register" } module { name = "cs_seen" } module { name = "cs_set" } module { name = "cs_suspend" } module { name = "cs_topic" } module { name = "cs_unban" } module { name = "os_akill" } module { name = "os_chankill" } module { name = "os_defcon" } module { name = "os_forbid" } module { name = "os_ignore" } module { name = "os_info" } module { name = "os_jupe" } module { name = "os_kick" } module { name = "os_kill" } module { name = "os_list" } module { name = "os_login" } module { name = "os_logsearch" } module { name = "os_mode" } module { name = "os_modinfo" } module { name = "os_module" } module { name = "os_noop" } module { name = "os_oper" } module { name = "os_reload" } module { name = "os_session" } module { name = "os_set" } module { name = "os_shutdown" } module { name = "os_stats" } module { name = "os_svsnick" } module { name = "os_sxline" } module { name = "os_update" } module { name = "bs_assign" } module { name = "bs_badwords" } module { name = "bs_bot" } module { name = "bs_info" } module { name = "bs_kick" } module { name = "bs_set" } module { name = "hs_del" } module { name = "hs_group" } module { name = "hs_list" } module { name = "hs_off" } module { name = "hs_on" } module { name = "hs_request" } module { name = "hs_set" } module { name = "ms_cancel" } module { name = "ms_check" } module { name = "ms_del" } module { name = "ms_ignore" } module { name = "ms_info" } module { name = "ms_list" } module { name = "ms_read" } module { name = "ms_rsend" } module { name = "ms_send" } module { name = "ms_set" } module { name = "gl_global" } module { name = "m_dns" } module { name = "m_helpchan" } module { name = "m_httpd" } module { name = "m_ldap" } module { name = "m_xmlrpc" } module { name = "m_proxyscan" } nickserv { nick = "NickServ" defaults = "kill_quick ns_secure ns_private hide_email" registration = "none" expire = 90d } chanserv { nick = "ChanServ" defaults = "keeptopic peace cs_secure" expire = 14d } operserv { nick = "OperServ" } botserv { nick = "BotServ" defaults = "dontkickops fantasy greet" } hostserv { nick = "HostServ" } memoserv { nick = "MemoServ" maxmemos = 20 } global { nick = "Global" } service { nick = "bluejay" } oper { name = "bluejay" type = "Services Root" } db_flatfile { database = "/data/anope.db" fork = yes } log { target = "/data/services.log" admin = "*" override = "chanserv/* nickserv/* operserv/*" commands = "chanserv/* nickserv/* operserv/*" servers = "*" channels = "*" users = "connect disconnect" } --- # UnrealIRCd PVC apiVersion: v1 kind: PersistentVolumeClaim metadata: name: unrealircd-data namespace: irc spec: accessModes: [ReadWriteOnce] resources: requests: storage: 1Gi --- # Anope PVC apiVersion: v1 kind: PersistentVolumeClaim metadata: name: anope-data namespace: irc spec: accessModes: [ReadWriteOnce] resources: requests: storage: 1Gi --- # UnrealIRCd Deployment apiVersion: apps/v1 kind: Deployment metadata: name: unrealircd namespace: irc labels: app: unrealircd spec: replicas: 1 selector: matchLabels: app: unrealircd template: metadata: labels: app: unrealircd spec: containers: - name: unrealircd image: ircd/unrealircd:latest ports: - containerPort: 6667 name: irc-plain - containerPort: 6697 name: irc-tls - containerPort: 8067 name: services-link volumeMounts: - name: unrealircd-config mountPath: /ircd/unrealircd.conf subPath: unrealircd.conf - name: unrealircd-data mountPath: /data - name: irc-tls mountPath: /etc/ssl/irc readOnly: true resources: requests: memory: 64Mi cpu: 50m limits: memory: 256Mi cpu: 250m volumes: - name: unrealircd-config secret: secretName: unrealircd-config - name: unrealircd-data persistentVolumeClaim: claimName: unrealircd-data - name: irc-tls secret: secretName: irc-tls --- # Anope IRC Services Deployment apiVersion: apps/v1 kind: Deployment metadata: name: anope namespace: irc labels: app: anope spec: replicas: 1 selector: matchLabels: app: anope template: metadata: labels: app: anope spec: containers: - name: anope image: anope/anope:latest volumeMounts: - name: anope-config mountPath: /data/conf/services.conf subPath: services.conf - name: anope-data mountPath: /data resources: requests: memory: 64Mi cpu: 25m limits: memory: 128Mi cpu: 100m volumes: - name: anope-config secret: secretName: anope-config - name: anope-data persistentVolumeClaim: claimName: anope-data --- # UnrealIRCd Service apiVersion: v1 kind: Service metadata: name: unrealircd namespace: irc spec: selector: app: unrealircd ports: - port: 6667 targetPort: 6667 name: irc-plain - port: 6697 targetPort: 6697 name: irc-tls - port: 8067 targetPort: 8067 name: services-link --- # Anope Service apiVersion: v1 kind: Service metadata: name: anope namespace: irc spec: selector: app: anope ports: - port: 8067 targetPort: 8067 name: services-link --- # Traefik IngressRouteTCP - IRC plain (6667) apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: irc-plain namespace: irc spec: entryPoints: - irc routes: - match: HostSNI(`*`) services: - name: unrealircd port: 6667 --- # Traefik IngressRouteTCP - IRC TLS passthrough (6697) apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: irc-tls namespace: irc spec: entryPoints: - irctls routes: - match: HostSNI(`*`) services: - name: unrealircd port: 6697 tls: passthrough: true