150 lines
3.8 KiB
Nix
150 lines
3.8 KiB
Nix
let
|
|
appName = "snikket";
|
|
snikketImage = "git.gmem.ca/arch/snikket-server:latest";
|
|
snikketPortalImage = "snikket/snikket-web-portal:stable";
|
|
in
|
|
{
|
|
lib,
|
|
config,
|
|
kubenix,
|
|
...
|
|
}: {
|
|
kubernetes.resources.services.snikket = {
|
|
metadata.namespace = "snikket";
|
|
spec = {
|
|
selector.app = appName;
|
|
ports.http = {
|
|
port = 5280;
|
|
targetPort = 5280;
|
|
};
|
|
};
|
|
};
|
|
kubernetes.resources.services.snikket-xmpp = {
|
|
metadata.namespace = "snikket";
|
|
spec = {
|
|
type = "NodePort";
|
|
selector.app = appName;
|
|
ports.http = {
|
|
port = 5222;
|
|
targetPort = 5222;
|
|
nodePort = 5222;
|
|
};
|
|
};
|
|
};
|
|
kubernetes.resources.services.snikket-web-portal = {
|
|
metadata.namespace = "snikket";
|
|
spec = {
|
|
selector.app = appName + "-web-portal";
|
|
ports.http = {
|
|
port = 5765;
|
|
targetPort = 5765;
|
|
};
|
|
};
|
|
};
|
|
kubernetes.resources.deployments.snikket = {
|
|
metadata.namespace = "snikket";
|
|
spec = {
|
|
selector.matchLabels.app = appName;
|
|
template = {
|
|
metadata.labels.app = appName;
|
|
spec = {
|
|
containers = {
|
|
snikket = {
|
|
image = snikketImage;
|
|
env.SNIKKET_TWEAK_TURNSERVER.value = "0";
|
|
env.SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE.value = "0.0.0.0";
|
|
envFrom = [{configMapRef.name = "snikket";}];
|
|
imagePullPolicy = "Always";
|
|
volumeMounts = [
|
|
{
|
|
name = "certs";
|
|
mountPath = "/etc/prosody/certs/chat.gmem.ca.crt";
|
|
subPath = "tls.crt";
|
|
}
|
|
{
|
|
name = "certs";
|
|
mountPath = "/etc/prosody/certs/chat.gmem.ca.key";
|
|
subPath = "tls.key";
|
|
}
|
|
];
|
|
ports.http.containerPort = 5280;
|
|
};
|
|
};
|
|
volumes = {
|
|
certs.secret.secretName = "chat-gmem-ca";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
kubernetes.resources.deployments.snikket-web-portal = {
|
|
metadata.namespace = "snikket";
|
|
spec = {
|
|
selector.matchLabels.app = appName + "-web-portal";
|
|
template = {
|
|
metadata.labels.app = appName + "-web-portal";
|
|
spec = {
|
|
containers = {
|
|
snikket = {
|
|
image = snikketPortalImage;
|
|
env.SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE.value = "0.0.0.0";
|
|
env.SNIKKET_WEB_PROSODY_ENDPOINT.value = "http://snikket:5280";
|
|
imagePullPolicy = "Always";
|
|
ports.http.containerPort = 5765;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
kubernetes.resources.ingresses.snikket = {
|
|
metadata = {
|
|
name = appName;
|
|
namespace = "snikket";
|
|
annotations = {
|
|
"cert-manager.io/cluster-issuer" = "le-issuer";
|
|
};
|
|
};
|
|
spec = {
|
|
tls = [
|
|
{
|
|
hosts = ["chat.gmem.ca"];
|
|
}
|
|
];
|
|
rules = [
|
|
{
|
|
host = "chat.gmem.ca";
|
|
http.paths = [
|
|
{
|
|
path = "/";
|
|
pathType = "Prefix";
|
|
backend.service = {
|
|
name = appName + "-web-portal";
|
|
port.name = "http";
|
|
};
|
|
}
|
|
]
|
|
++ lib.lists.forEach [
|
|
# Routes we want to hit Prosody's backend
|
|
"/admin_api"
|
|
"/invites_api"
|
|
"/invites_bootstrap"
|
|
"/upload"
|
|
"/http-bind"
|
|
"/xmpp-websocket"
|
|
"/.well-known/host-meta"
|
|
"/.well-known/host-meta.json"
|
|
] (path: {
|
|
path = path;
|
|
pathType = "Prefix";
|
|
backend.service = {
|
|
name = appName;
|
|
port.name = "http";
|
|
};
|
|
});
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|