#SPDX-License-Identifier: MIT-0 --- # tasks file for ansible-role-ejabberd - name: namespace k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: "{{ ejabberd_namespace }}" - name: certificate k8s: state: present definition: apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ssl namespace: "{{ ejabberd_namespace }}" spec: secretName: ssl privateKey: algorithm: RSA encoding: PKCS1 size: 2048 duration: 2160h # 90d renewBefore: 360h # 15d isCA: false usages: - server auth - client auth subject: organizations: - EOM commonName: eom.dev dnsNames: - ejabberd.eom.dev issuerRef: name: ca-issuer kind: ClusterIssuer - name: configmap k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: config namespace: "{{ ejabberd_namespace }}" data: ejabberd.yml: "{{ lookup('template', 'ejabberd.yml.j2') }}" - name: pvc for data k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data namespace: "{{ ejabberd_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ ejabberd_pvc_size_data }}" - name: pvc for db k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: db namespace: "{{ ejabberd_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ ejabberd_pvc_size_db }}" - name: deployment for ejabberd k8s: definition: apiVersion: v1 kind: Deployment metadata: name: ejabberd namespace: "{{ ejabberd_namespace }}" spec: replicas: 1 selector: matchLabels: app: ejabberd template: metadata: labels: app: ejabberd spec: containers: - name: ejabberd image: ejabberd/ecs env: - name: EJABBERD_MACRO_ADMIN value: "{{ ejabberd_macro_admin }}" - name: EJABBERD_MACRO_PASSWORD value: "{{ ejabberd_macro_password }}" volumeMounts: - name: certs mountPath: /etc/letsencrypt - name: config mountPath: /opt/ejabberd/conf/ejabberd.yml subPath: ejabberd.yml - name: data mountPath: /opt/ejabberd/upload - name: db mountPath: /opt/ejabberd/database ports: - containerPort: 5222 - containerPort: 5269 - containerPort: 5280 - containerPort: 5443 - containerPort: 1880 - containerPort: 1883 - containerPort: 50000 - containerPort: 50001 - containerPort: 50002 - containerPort: 50003 - containerPort: 50004 - containerPort: 50005 - containerPort: 50006 - containerPort: 50007 - containerPort: 50008 - containerPort: 50009 - containerPort: 50010 - containerPort: 50011 - containerPort: 50012 - containerPort: 50013 - containerPort: 50014 - containerPort: 50015 - containerPort: 50016 - containerPort: 50017 - containerPort: 50018 - containerPort: 50019 - containerPort: 50020 - containerPort: 50021 - containerPort: 50022 - containerPort: 50023 - containerPort: 50024 - containerPort: 50025 - containerPort: 50026 - containerPort: 50027 - containerPort: 50028 - containerPort: 50029 - containerPort: 50030 - containerPort: 50031 - containerPort: 50032 - containerPort: 50033 - containerPort: 50034 - containerPort: 50035 - containerPort: 50036 - containerPort: 50037 - containerPort: 50038 - containerPort: 50039 - containerPort: 50040 - containerPort: 50041 - containerPort: 50042 - containerPort: 50043 - containerPort: 50044 - containerPort: 50045 - containerPort: 50046 - containerPort: 50047 - containerPort: 50048 - containerPort: 50049 - containerPort: 50050 - containerPort: 50051 - containerPort: 50052 - containerPort: 50053 - containerPort: 50054 - containerPort: 50055 - containerPort: 50056 - containerPort: 50057 - containerPort: 50058 - containerPort: 50059 - containerPort: 50060 - containerPort: 50061 - containerPort: 50062 - containerPort: 50063 - containerPort: 50064 - containerPort: 50065 - containerPort: 50066 - containerPort: 50067 - containerPort: 50068 - containerPort: 50069 - containerPort: 50070 - containerPort: 50071 - containerPort: 50072 - containerPort: 50073 - containerPort: 50074 - containerPort: 50075 - containerPort: 50076 - containerPort: 50077 - containerPort: 50078 - containerPort: 50079 - containerPort: 50080 - containerPort: 50081 - containerPort: 50082 - containerPort: 50083 - containerPort: 50084 - containerPort: 50085 - containerPort: 50086 - containerPort: 50087 - containerPort: 50088 - containerPort: 50089 - containerPort: 50090 - containerPort: 50091 - containerPort: 50092 - containerPort: 50093 - containerPort: 50094 - containerPort: 50095 - containerPort: 50096 - containerPort: 50097 - containerPort: 50098 - containerPort: 50099 - containerPort: 5210 - containerPort: 4369 - containerPort: 4370 - containerPort: 4371 - containerPort: 4372 - containerPort: 4373 - containerPort: 4374 - containerPort: 4375 - containerPort: 4376 - containerPort: 4377 - containerPort: 4378 - containerPort: 4379 - containerPort: 4380 - containerPort: 4381 - containerPort: 4382 - containerPort: 4383 - containerPort: 4384 - containerPort: 4385 - containerPort: 4386 - containerPort: 4387 - containerPort: 4388 - containerPort: 4389 - containerPort: 4390 - containerPort: 4391 - containerPort: 4392 - containerPort: 4393 - containerPort: 4394 - containerPort: 4395 - containerPort: 4396 - containerPort: 4397 - containerPort: 4398 - containerPort: 4399 volumes: - name: data persistentVolumeClaim: claimName: data - name: config configMap: name: config - name: db persistentVolumeClaim: claimName: db - name: service for ejabberd k8s: definition: apiVersion: v1 kind: Service metadata: name: ejabberd namespace: "{{ ejabberd_namespace }}" spec: selector: app: ejabberd ports: - port: 5222 name: xmpp - port: 5269 name: federation - port: 5280 name: admin - port: 5443 name: http - port: 1880 name: admin2 - port: 1883 name: mqtt - port: 5478 name: stun - port: 50000 name: turn50000 - port: 50001 name: turn50001 - port: 50002 name: turn50002 - port: 50003 name: turn50003 - port: 50004 name: turn50004 - port: 50005 name: turn50005 - port: 50006 name: turn50006 - port: 50007 name: turn50007 - port: 50008 name: turn50008 - port: 50009 name: turn50009 - port: 50010 name: turn50010 - port: 50011 name: turn50011 - port: 50012 name: turn50012 - port: 50013 name: turn50013 - port: 50014 name: turn50014 - port: 50015 name: turn50015 - port: 50016 name: turn50016 - port: 50017 name: turn50017 - port: 50018 name: turn50018 - port: 50019 name: turn50019 - port: 50020 name: turn50020 - port: 50021 name: turn50021 - port: 50022 name: turn50022 - port: 50023 name: turn50023 - port: 50024 name: turn50024 - port: 50025 name: turn50025 - port: 50026 name: turn50026 - port: 50027 name: turn50027 - port: 50028 name: turn50028 - port: 50029 name: turn50029 - port: 50030 name: turn50030 - port: 50031 name: turn50031 - port: 50032 name: turn50032 - port: 50033 name: turn50033 - port: 50034 name: turn50034 - port: 50035 name: turn50035 - port: 50036 name: turn50036 - port: 50037 name: turn50037 - port: 50038 name: turn50038 - port: 50039 name: turn50039 - port: 50040 name: turn50040 - port: 50041 name: turn50041 - port: 50042 name: turn50042 - port: 50043 name: turn50043 - port: 50044 name: turn50044 - port: 50045 name: turn50045 - port: 50046 name: turn50046 - port: 50047 name: turn50047 - port: 50048 name: turn50048 - port: 50049 name: turn50049 - port: 50050 name: turn50050 - port: 50051 name: turn50051 - port: 50052 name: turn50052 - port: 50053 name: turn50053 - port: 50054 name: turn50054 - port: 50055 name: turn50055 - port: 50056 name: turn50056 - port: 50057 name: turn50057 - port: 50058 name: turn50058 - port: 50059 name: turn50059 - port: 50060 name: turn50060 - port: 50061 name: turn50061 - port: 50062 name: turn50062 - port: 50063 name: turn50063 - port: 50064 name: turn50064 - port: 50065 name: turn50065 - port: 50066 name: turn50066 - port: 50067 name: turn50067 - port: 50068 name: turn50068 - port: 50069 name: turn50069 - port: 50070 name: turn50070 - port: 50071 name: turn50071 - port: 50072 name: turn50072 - port: 50073 name: turn50073 - port: 50074 name: turn50074 - port: 50075 name: turn50075 - port: 50076 name: turn50076 - port: 50077 name: turn50077 - port: 50078 name: turn50078 - port: 50079 name: turn50079 - port: 50080 name: turn50080 - port: 50081 name: turn50081 - port: 50082 name: turn50082 - port: 50083 name: turn50083 - port: 50084 name: turn50084 - port: 50085 name: turn50085 - port: 50086 name: turn50086 - port: 50087 name: turn50087 - port: 50088 name: turn50088 - port: 50089 name: turn50089 - port: 50090 name: turn50090 - port: 50091 name: turn50091 - port: 50092 name: turn50092 - port: 50093 name: turn50093 - port: 50094 name: turn50094 - port: 50095 name: turn50095 - port: 50096 name: turn50096 - port: 50097 name: turn50097 - port: 50098 name: turn50098 - port: 50099 name: turn50099 - port: 7777 name: socks5 - port: 5210 name: erlang - port: 4369 name: epmd4369 - port: 4370 name: epmd4370 - port: 4371 name: epmd4371 - port: 4372 name: epmd4372 - port: 4373 name: epmd4373 - port: 4374 name: epmd4374 - port: 4375 name: epmd4375 - port: 4376 name: epmd4376 - port: 4377 name: epmd4377 - port: 4378 name: epmd4378 - port: 4379 name: epmd4379 - port: 4380 name: epmd4380 - port: 4381 name: epmd4381 - port: 4382 name: epmd4382 - port: 4383 name: epmd4383 - port: 4384 name: epmd4384 - port: 4385 name: epmd4385 - port: 4386 name: epmd4386 - port: 4387 name: epmd4387 - port: 4388 name: epmd4388 - port: 4389 name: epmd4389 - port: 4390 name: epmd4390 - port: 4391 name: epmd4391 - port: 4392 name: epmd4392 - port: 4393 name: epmd4393 - port: 4394 name: epmd4394 - port: 4395 name: epmd4395 - port: 4396 name: epmd4396 - port: 4397 name: epmd4397 - port: 4398 name: epmd4398 - port: 4399 name: epmd4399 type: LoadBalancer - name: onionservice k8s: definition: apiVersion: tor.k8s.torproject.org/v1alpha2 kind: OnionService metadata: name: ejabberd namespace: "{{ ejabberd_namespace }}" spec: version: 3 rules: - port: number: 5222 backend: service: name: ejabberd port: number: 5222 - name: ingress k8s: state: present definition: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: ca-issuer name: ejabberd namespace: "{{ ejabberd_namespace }}" spec: ingressClassName: nginx rules: - host: ejabberd.eom.dev http: paths: - pathType: Prefix path: / backend: service: name: ejabberd port: number: 5280