611 lines
17 KiB
YAML
611 lines
17 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for ansible-role-ejabberd
|
|
- name: namespace
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: "{{ ejabberd_namespace }}"
|
|
|
|
- name: certificate
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: ssl
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
secretName: ssl
|
|
privateKey:
|
|
algorithm: RSA
|
|
encoding: PKCS1
|
|
size: 2048
|
|
duration: 2160h # 90d
|
|
renewBefore: 360h # 15d
|
|
isCA: false
|
|
usages:
|
|
- server auth
|
|
- client auth
|
|
subject:
|
|
organizations:
|
|
- EOM
|
|
commonName: eom.dev
|
|
dnsNames:
|
|
- ejabberd.eom.dev
|
|
issuerRef:
|
|
name: ca-issuer
|
|
kind: ClusterIssuer
|
|
|
|
- name: configmap
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: config
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
data:
|
|
ejabberd.yml: "{{ lookup('template', 'ejabberd.yml.j2') }}"
|
|
|
|
- name: pvc for data
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: data
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "{{ ejabberd_pvc_size_data }}"
|
|
|
|
- name: pvc for db
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: db
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "{{ ejabberd_pvc_size_db }}"
|
|
|
|
- name: deployment for ejabberd
|
|
k8s:
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: ejabberd
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: ejabberd
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ejabberd
|
|
spec:
|
|
containers:
|
|
- name: ejabberd
|
|
image: ejabberd/ecs
|
|
env:
|
|
- name: EJABBERD_MACRO_ADMIN
|
|
value: "{{ ejabberd_macro_admin }}"
|
|
- name: EJABBERD_MACRO_PASSWORD
|
|
value: "{{ ejabberd_macro_password }}"
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /etc/letsencrypt
|
|
- name: config
|
|
mountPath: /opt/ejabberd/conf/ejabberd.yml
|
|
subPath: ejabberd.yml
|
|
- name: data
|
|
mountPath: /opt/ejabberd/upload
|
|
- name: db
|
|
mountPath: /opt/ejabberd/database
|
|
ports:
|
|
- containerPort: 5222
|
|
- containerPort: 5269
|
|
- containerPort: 5280
|
|
- containerPort: 5443
|
|
- containerPort: 1880
|
|
- containerPort: 1883
|
|
- containerPort: 50000
|
|
- containerPort: 50001
|
|
- containerPort: 50002
|
|
- containerPort: 50003
|
|
- containerPort: 50004
|
|
- containerPort: 50005
|
|
- containerPort: 50006
|
|
- containerPort: 50007
|
|
- containerPort: 50008
|
|
- containerPort: 50009
|
|
- containerPort: 50010
|
|
- containerPort: 50011
|
|
- containerPort: 50012
|
|
- containerPort: 50013
|
|
- containerPort: 50014
|
|
- containerPort: 50015
|
|
- containerPort: 50016
|
|
- containerPort: 50017
|
|
- containerPort: 50018
|
|
- containerPort: 50019
|
|
- containerPort: 50020
|
|
- containerPort: 50021
|
|
- containerPort: 50022
|
|
- containerPort: 50023
|
|
- containerPort: 50024
|
|
- containerPort: 50025
|
|
- containerPort: 50026
|
|
- containerPort: 50027
|
|
- containerPort: 50028
|
|
- containerPort: 50029
|
|
- containerPort: 50030
|
|
- containerPort: 50031
|
|
- containerPort: 50032
|
|
- containerPort: 50033
|
|
- containerPort: 50034
|
|
- containerPort: 50035
|
|
- containerPort: 50036
|
|
- containerPort: 50037
|
|
- containerPort: 50038
|
|
- containerPort: 50039
|
|
- containerPort: 50040
|
|
- containerPort: 50041
|
|
- containerPort: 50042
|
|
- containerPort: 50043
|
|
- containerPort: 50044
|
|
- containerPort: 50045
|
|
- containerPort: 50046
|
|
- containerPort: 50047
|
|
- containerPort: 50048
|
|
- containerPort: 50049
|
|
- containerPort: 50050
|
|
- containerPort: 50051
|
|
- containerPort: 50052
|
|
- containerPort: 50053
|
|
- containerPort: 50054
|
|
- containerPort: 50055
|
|
- containerPort: 50056
|
|
- containerPort: 50057
|
|
- containerPort: 50058
|
|
- containerPort: 50059
|
|
- containerPort: 50060
|
|
- containerPort: 50061
|
|
- containerPort: 50062
|
|
- containerPort: 50063
|
|
- containerPort: 50064
|
|
- containerPort: 50065
|
|
- containerPort: 50066
|
|
- containerPort: 50067
|
|
- containerPort: 50068
|
|
- containerPort: 50069
|
|
- containerPort: 50070
|
|
- containerPort: 50071
|
|
- containerPort: 50072
|
|
- containerPort: 50073
|
|
- containerPort: 50074
|
|
- containerPort: 50075
|
|
- containerPort: 50076
|
|
- containerPort: 50077
|
|
- containerPort: 50078
|
|
- containerPort: 50079
|
|
- containerPort: 50080
|
|
- containerPort: 50081
|
|
- containerPort: 50082
|
|
- containerPort: 50083
|
|
- containerPort: 50084
|
|
- containerPort: 50085
|
|
- containerPort: 50086
|
|
- containerPort: 50087
|
|
- containerPort: 50088
|
|
- containerPort: 50089
|
|
- containerPort: 50090
|
|
- containerPort: 50091
|
|
- containerPort: 50092
|
|
- containerPort: 50093
|
|
- containerPort: 50094
|
|
- containerPort: 50095
|
|
- containerPort: 50096
|
|
- containerPort: 50097
|
|
- containerPort: 50098
|
|
- containerPort: 50099
|
|
- containerPort: 5210
|
|
- containerPort: 4369
|
|
- containerPort: 4370
|
|
- containerPort: 4371
|
|
- containerPort: 4372
|
|
- containerPort: 4373
|
|
- containerPort: 4374
|
|
- containerPort: 4375
|
|
- containerPort: 4376
|
|
- containerPort: 4377
|
|
- containerPort: 4378
|
|
- containerPort: 4379
|
|
- containerPort: 4380
|
|
- containerPort: 4381
|
|
- containerPort: 4382
|
|
- containerPort: 4383
|
|
- containerPort: 4384
|
|
- containerPort: 4385
|
|
- containerPort: 4386
|
|
- containerPort: 4387
|
|
- containerPort: 4388
|
|
- containerPort: 4389
|
|
- containerPort: 4390
|
|
- containerPort: 4391
|
|
- containerPort: 4392
|
|
- containerPort: 4393
|
|
- containerPort: 4394
|
|
- containerPort: 4395
|
|
- containerPort: 4396
|
|
- containerPort: 4397
|
|
- containerPort: 4398
|
|
- containerPort: 4399
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: data
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: db
|
|
persistentVolumeClaim:
|
|
claimName: db
|
|
|
|
- name: service for ejabberd
|
|
k8s:
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: ejabberd
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
selector:
|
|
app: ejabberd
|
|
ports:
|
|
- port: 5222
|
|
name: xmpp
|
|
- port: 5269
|
|
name: federation
|
|
- port: 5280
|
|
name: admin
|
|
- port: 5443
|
|
name: http
|
|
- port: 1880
|
|
name: admin2
|
|
- port: 1883
|
|
name: mqtt
|
|
- port: 5478
|
|
name: stun
|
|
- port: 50000
|
|
name: turn50000
|
|
- port: 50001
|
|
name: turn50001
|
|
- port: 50002
|
|
name: turn50002
|
|
- port: 50003
|
|
name: turn50003
|
|
- port: 50004
|
|
name: turn50004
|
|
- port: 50005
|
|
name: turn50005
|
|
- port: 50006
|
|
name: turn50006
|
|
- port: 50007
|
|
name: turn50007
|
|
- port: 50008
|
|
name: turn50008
|
|
- port: 50009
|
|
name: turn50009
|
|
- port: 50010
|
|
name: turn50010
|
|
- port: 50011
|
|
name: turn50011
|
|
- port: 50012
|
|
name: turn50012
|
|
- port: 50013
|
|
name: turn50013
|
|
- port: 50014
|
|
name: turn50014
|
|
- port: 50015
|
|
name: turn50015
|
|
- port: 50016
|
|
name: turn50016
|
|
- port: 50017
|
|
name: turn50017
|
|
- port: 50018
|
|
name: turn50018
|
|
- port: 50019
|
|
name: turn50019
|
|
- port: 50020
|
|
name: turn50020
|
|
- port: 50021
|
|
name: turn50021
|
|
- port: 50022
|
|
name: turn50022
|
|
- port: 50023
|
|
name: turn50023
|
|
- port: 50024
|
|
name: turn50024
|
|
- port: 50025
|
|
name: turn50025
|
|
- port: 50026
|
|
name: turn50026
|
|
- port: 50027
|
|
name: turn50027
|
|
- port: 50028
|
|
name: turn50028
|
|
- port: 50029
|
|
name: turn50029
|
|
- port: 50030
|
|
name: turn50030
|
|
- port: 50031
|
|
name: turn50031
|
|
- port: 50032
|
|
name: turn50032
|
|
- port: 50033
|
|
name: turn50033
|
|
- port: 50034
|
|
name: turn50034
|
|
- port: 50035
|
|
name: turn50035
|
|
- port: 50036
|
|
name: turn50036
|
|
- port: 50037
|
|
name: turn50037
|
|
- port: 50038
|
|
name: turn50038
|
|
- port: 50039
|
|
name: turn50039
|
|
- port: 50040
|
|
name: turn50040
|
|
- port: 50041
|
|
name: turn50041
|
|
- port: 50042
|
|
name: turn50042
|
|
- port: 50043
|
|
name: turn50043
|
|
- port: 50044
|
|
name: turn50044
|
|
- port: 50045
|
|
name: turn50045
|
|
- port: 50046
|
|
name: turn50046
|
|
- port: 50047
|
|
name: turn50047
|
|
- port: 50048
|
|
name: turn50048
|
|
- port: 50049
|
|
name: turn50049
|
|
- port: 50050
|
|
name: turn50050
|
|
- port: 50051
|
|
name: turn50051
|
|
- port: 50052
|
|
name: turn50052
|
|
- port: 50053
|
|
name: turn50053
|
|
- port: 50054
|
|
name: turn50054
|
|
- port: 50055
|
|
name: turn50055
|
|
- port: 50056
|
|
name: turn50056
|
|
- port: 50057
|
|
name: turn50057
|
|
- port: 50058
|
|
name: turn50058
|
|
- port: 50059
|
|
name: turn50059
|
|
- port: 50060
|
|
name: turn50060
|
|
- port: 50061
|
|
name: turn50061
|
|
- port: 50062
|
|
name: turn50062
|
|
- port: 50063
|
|
name: turn50063
|
|
- port: 50064
|
|
name: turn50064
|
|
- port: 50065
|
|
name: turn50065
|
|
- port: 50066
|
|
name: turn50066
|
|
- port: 50067
|
|
name: turn50067
|
|
- port: 50068
|
|
name: turn50068
|
|
- port: 50069
|
|
name: turn50069
|
|
- port: 50070
|
|
name: turn50070
|
|
- port: 50071
|
|
name: turn50071
|
|
- port: 50072
|
|
name: turn50072
|
|
- port: 50073
|
|
name: turn50073
|
|
- port: 50074
|
|
name: turn50074
|
|
- port: 50075
|
|
name: turn50075
|
|
- port: 50076
|
|
name: turn50076
|
|
- port: 50077
|
|
name: turn50077
|
|
- port: 50078
|
|
name: turn50078
|
|
- port: 50079
|
|
name: turn50079
|
|
- port: 50080
|
|
name: turn50080
|
|
- port: 50081
|
|
name: turn50081
|
|
- port: 50082
|
|
name: turn50082
|
|
- port: 50083
|
|
name: turn50083
|
|
- port: 50084
|
|
name: turn50084
|
|
- port: 50085
|
|
name: turn50085
|
|
- port: 50086
|
|
name: turn50086
|
|
- port: 50087
|
|
name: turn50087
|
|
- port: 50088
|
|
name: turn50088
|
|
- port: 50089
|
|
name: turn50089
|
|
- port: 50090
|
|
name: turn50090
|
|
- port: 50091
|
|
name: turn50091
|
|
- port: 50092
|
|
name: turn50092
|
|
- port: 50093
|
|
name: turn50093
|
|
- port: 50094
|
|
name: turn50094
|
|
- port: 50095
|
|
name: turn50095
|
|
- port: 50096
|
|
name: turn50096
|
|
- port: 50097
|
|
name: turn50097
|
|
- port: 50098
|
|
name: turn50098
|
|
- port: 50099
|
|
name: turn50099
|
|
- port: 7777
|
|
name: socks5
|
|
- port: 5210
|
|
name: erlang
|
|
- port: 4369
|
|
name: epmd4369
|
|
- port: 4370
|
|
name: epmd4370
|
|
- port: 4371
|
|
name: epmd4371
|
|
- port: 4372
|
|
name: epmd4372
|
|
- port: 4373
|
|
name: epmd4373
|
|
- port: 4374
|
|
name: epmd4374
|
|
- port: 4375
|
|
name: epmd4375
|
|
- port: 4376
|
|
name: epmd4376
|
|
- port: 4377
|
|
name: epmd4377
|
|
- port: 4378
|
|
name: epmd4378
|
|
- port: 4379
|
|
name: epmd4379
|
|
- port: 4380
|
|
name: epmd4380
|
|
- port: 4381
|
|
name: epmd4381
|
|
- port: 4382
|
|
name: epmd4382
|
|
- port: 4383
|
|
name: epmd4383
|
|
- port: 4384
|
|
name: epmd4384
|
|
- port: 4385
|
|
name: epmd4385
|
|
- port: 4386
|
|
name: epmd4386
|
|
- port: 4387
|
|
name: epmd4387
|
|
- port: 4388
|
|
name: epmd4388
|
|
- port: 4389
|
|
name: epmd4389
|
|
- port: 4390
|
|
name: epmd4390
|
|
- port: 4391
|
|
name: epmd4391
|
|
- port: 4392
|
|
name: epmd4392
|
|
- port: 4393
|
|
name: epmd4393
|
|
- port: 4394
|
|
name: epmd4394
|
|
- port: 4395
|
|
name: epmd4395
|
|
- port: 4396
|
|
name: epmd4396
|
|
- port: 4397
|
|
name: epmd4397
|
|
- port: 4398
|
|
name: epmd4398
|
|
- port: 4399
|
|
name: epmd4399
|
|
type: LoadBalancer
|
|
|
|
- name: onionservice
|
|
k8s:
|
|
definition:
|
|
apiVersion: tor.k8s.torproject.org/v1alpha2
|
|
kind: OnionService
|
|
metadata:
|
|
name: ejabberd
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
version: 3
|
|
rules:
|
|
- port:
|
|
number: 5222
|
|
backend:
|
|
service:
|
|
name: ejabberd
|
|
port:
|
|
number: 5222
|
|
|
|
- name: ingress
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: ca-issuer
|
|
name: ejabberd
|
|
namespace: "{{ ejabberd_namespace }}"
|
|
spec:
|
|
ingressClassName: nginx
|
|
rules:
|
|
- host: ejabberd.eom.dev
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: /
|
|
backend:
|
|
service:
|
|
name: ejabberd
|
|
port:
|
|
number: 5280
|