#SPDX-License-Identifier: MIT-0 --- # tasks file for ansible-role-inspircd - name: namespace k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: "{{ inspircd_namespace }}" - name: certificate k8s: state: present definition: apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ssl namespace: "{{ inspircd_namespace }}" spec: secretName: ssl privateKey: algorithm: RSA encoding: PKCS1 size: 2048 duration: 2160h # 90d renewBefore: 360h # 15d isCA: false usages: - server auth - client auth subject: organizations: - EOM commonName: inspircd.eom.dev dnsNames: - inspircd.eom.dev issuerRef: name: ca-issuer kind: ClusterIssuer - name: configmap for motd k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: motd namespace: "{{ inspircd_namespace }}" data: docker.motd: "{{ lookup('file', 'motd') }}" - name: pvc for config k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: config namespace: "{{ inspircd_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ inspircd_pvc_size_config }}" - name: pvc for data k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data namespace: "{{ inspircd_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ inspircd_pvc_size_data }}" - name: pvc for db k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: db namespace: "{{ inspircd_namespace }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ inspircd_pvc_size_db }}" - name: deployment for mariadb k8s: definition: apiVersion: v1 kind: Deployment metadata: name: mariadb namespace: "{{ inspircd_namespace }}" spec: replicas: 1 selector: matchLabels: app: mariadb template: metadata: labels: app: mariadb spec: containers: - name: mariadb image: mariadb env: - name: MYSQL_ROOT_PASSWORD value: "{{ inspircd_mariadb_root_password }}" - name: MYSQL_USER value: "anope" - name: MYSQL_PASSWORD value: "{{ inspircd_mariadb_password }}" - name: MYSQL_DATABASE value: "anope" volumeMounts: - name: db mountPath: /var/lib/mysql ports: - containerPort: 3306 volumes: - name: db persistentVolumeClaim: claimName: db - name: service for mariadb k8s: definition: apiVersion: v1 kind: Service metadata: name: mariadb namespace: "{{ inspircd_namespace }}" spec: selector: app: mariadb ports: - port: 3306 name: mariadb type: ClusterIP - name: deployment for anope k8s: definition: apiVersion: v1 kind: Deployment metadata: name: anope namespace: "{{ inspircd_namespace }}" spec: replicas: 1 selector: matchLabels: app: anope template: metadata: labels: app: anope spec: containers: - name: anope image: anope/anope env: - name: ANOPE_SERVICES_NAME value: "{{ inspircd_services_name }}" - name: ANOPE_SERVICES_VHOST value: "{{ inspircd_services_vhost }}" - name: ANOPE_UPLINK_IP value: "inspircd" - name: ANOPE_UPLINK_PASSWORD value: "{{ inspircd_uplink_password }}" - name: ANOPE_SQL_ENGINE value: "mysql" - name: ANOPE_MYSQL_HOST value: "mariadb" - name: ANOPE_MYSQL_PASSWORD value: "{{ inspircd_mariadb_password }}" ports: - containerPort: 7000 - name: service for anope k8s: definition: apiVersion: v1 kind: Service metadata: name: anope namespace: "{{ inspircd_namespace }}" spec: selector: app: anope ports: - port: 7000 name: anope type: ClusterIP - name: deployment for inspircd k8s: definition: apiVersion: v1 kind: Deployment metadata: name: inspircd namespace: "{{ inspircd_namespace }}" spec: replicas: 1 selector: matchLabels: app: inspircd template: metadata: labels: app: inspircd spec: containers: - name: inspircd image: inspircd/inspircd-docker command: - "/bin/bash" args: - "-c 'cp /etc/letsencrypt/tls.crt /inspircd/conf/cert.pem && cp /etc/letsencrypt/tls.key /inspircd/conf/key.pem && /entrypoint.sh'" env: - name: INSP_NET_SUFFIX value: "{{ inspircd_net_suffix }}" - name: INSP_NET_NAME value: "{{ inspircd_net_name }}" - name: INSP_SERVER_NAME value: "{{ inspircd_server_name }}" - name: INSP_ADMIN_NAME value: "{{ inspircd_admin_name }}" - name: INSP_ADMIN_DESC value: "{{ inspircd_admin_desc }}" - name: INSP_ADMIN_EMAIL value: "{{ inspircd_admin_email }}" - name: INSP_CONNECT_PASSWORD value: "{{ inspircd_connect_password }}" - name: INSP_OPER_HASH value: "{{ inspircd_oper_hash }}" - name: INSP_OPER_PASSWORD_HASH value: "{{ inspircd_oper_password_hash }}" - name: INSP_SERVICES_NAME value: "{{ inspircd_services_name }}" - name: INSP_SERVICES_IPADDR value: "anope" - name: INSP_SERVICES_PASSWORD value: "{{ inspircd_uplink_password }}" volumeMounts: - name: config mountPath: /inspircd/conf.d - name: data mountPath: /inspircd/data - name: motd mountPath: /inspircd/conf/docker.motd subPath: docker.motd - name: ssl mountPath: /etc/ ports: - containerPort: 6667 - containerPort: 6697 volumes: - name: data persistentVolumeClaim: claimName: data - name: config persistentVolumeClaim: claimName: config - name: motd configMap: name: motd - name: ssl secret: secretName: ssl - name: service for inspircd k8s: definition: apiVersion: v1 kind: Service metadata: name: inspircd namespace: "{{ inspircd_namespace }}" spec: selector: app: inspircd ports: - port: 6667 name: irc - port: 6697 name: ircs type: LoadBalancer - name: onionservice k8s: definition: apiVersion: tor.k8s.torproject.org/v1alpha2 kind: OnionService metadata: name: inspircd namespace: "{{ inspircd_namespace }}" spec: version: 3 rules: - port: number: 6667 backend: service: name: inspircd port: number: 6667