ansible-role-inspircd/tasks/main.yml
2026-02-16 01:11:57 -05:00

329 lines
8.6 KiB
YAML

#SPDX-License-Identifier: MIT-0
---
# tasks file for ansible-role-inspircd
- name: namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "{{ inspircd_namespace }}"
- name: certificate
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ssl
namespace: "{{ inspircd_namespace }}"
spec:
secretName: ssl
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
usages:
- server auth
- client auth
subject:
organizations:
- EOM
commonName: inspircd.eom.dev
dnsNames:
- inspircd.eom.dev
issuerRef:
name: ca-issuer
kind: ClusterIssuer
- name: configmap for motd
k8s:
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: motd
namespace: "{{ inspircd_namespace }}"
data:
docker.motd: "{{ lookup('file', 'motd') }}"
- name: pvc for config
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: config
namespace: "{{ inspircd_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ inspircd_pvc_size_config }}"
- name: pvc for data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: "{{ inspircd_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ inspircd_pvc_size_data }}"
- name: pvc for db
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: db
namespace: "{{ inspircd_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ inspircd_pvc_size_db }}"
- name: deployment for mariadb
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mariadb
namespace: "{{ inspircd_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ inspircd_mariadb_root_password }}"
- name: MYSQL_USER
value: "anope"
- name: MYSQL_PASSWORD
value: "{{ inspircd_mariadb_password }}"
- name: MYSQL_DATABASE
value: "anope"
volumeMounts:
- name: db
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
volumes:
- name: db
persistentVolumeClaim:
claimName: db
- name: service for mariadb
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mariadb
namespace: "{{ inspircd_namespace }}"
spec:
selector:
app: mariadb
ports:
- port: 3306
name: mariadb
type: ClusterIP
- name: deployment for anope
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: anope
namespace: "{{ inspircd_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: anope
template:
metadata:
labels:
app: anope
spec:
containers:
- name: anope
image: anope/anope
env:
- name: ANOPE_SERVICES_NAME
value: "{{ inspircd_services_name }}"
- name: ANOPE_SERVICES_VHOST
value: "{{ inspircd_services_vhost }}"
- name: ANOPE_UPLINK_IP
value: "inspircd"
- name: ANOPE_UPLINK_PASSWORD
value: "{{ inspircd_uplink_password }}"
- name: ANOPE_SQL_ENGINE
value: "mysql"
- name: ANOPE_MYSQL_HOST
value: "mariadb"
- name: ANOPE_MYSQL_PASSWORD
value: "{{ inspircd_mariadb_password }}"
ports:
- containerPort: 7000
- name: service for anope
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: anope
namespace: "{{ inspircd_namespace }}"
spec:
selector:
app: anope
ports:
- port: 7000
name: anope
type: ClusterIP
- name: deployment for inspircd
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: inspircd
namespace: "{{ inspircd_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: inspircd
template:
metadata:
labels:
app: inspircd
spec:
containers:
- name: inspircd
image: inspircd/inspircd-docker
command:
- "/bin/bash"
args:
- "-c 'cp /etc/letsencrypt/tls.crt /inspircd/conf/cert.pem && cp /etc/letsencrypt/tls.key /inspircd/conf/key.pem && /entrypoint.sh'"
env:
- name: INSP_NET_SUFFIX
value: "{{ inspircd_net_suffix }}"
- name: INSP_NET_NAME
value: "{{ inspircd_net_name }}"
- name: INSP_SERVER_NAME
value: "{{ inspircd_server_name }}"
- name: INSP_ADMIN_NAME
value: "{{ inspircd_admin_name }}"
- name: INSP_ADMIN_DESC
value: "{{ inspircd_admin_desc }}"
- name: INSP_ADMIN_EMAIL
value: "{{ inspircd_admin_email }}"
- name: INSP_CONNECT_PASSWORD
value: "{{ inspircd_connect_password }}"
- name: INSP_OPER_HASH
value: "{{ inspircd_oper_hash }}"
- name: INSP_OPER_PASSWORD_HASH
value: "{{ inspircd_oper_password_hash }}"
- name: INSP_SERVICES_NAME
value: "{{ inspircd_services_name }}"
- name: INSP_SERVICES_IPADDR
value: "anope"
- name: INSP_SERVICES_PASSWORD
value: "{{ inspircd_uplink_password }}"
volumeMounts:
- name: config
mountPath: /inspircd/conf.d
- name: data
mountPath: /inspircd/data
- name: motd
mountPath: /inspircd/conf/docker.motd
subPath: docker.motd
- name: ssl
mountPath: /etc/
ports:
- containerPort: 6667
- containerPort: 6697
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
persistentVolumeClaim:
claimName: config
- name: motd
configMap:
name: motd
- name: ssl
secret:
secretName: ssl
- name: service for inspircd
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: inspircd
namespace: "{{ inspircd_namespace }}"
spec:
selector:
app: inspircd
ports:
- port: 6667
name: irc
- port: 6697
name: ircs
type: LoadBalancer
- name: onionservice
k8s:
definition:
apiVersion: tor.k8s.torproject.org/v1alpha2
kind: OnionService
metadata:
name: inspircd
namespace: "{{ inspircd_namespace }}"
spec:
version: 3
rules:
- port:
number: 6667
backend:
service:
name: inspircd
port:
number: 6667