add prosody deploy files

prosody/certificate.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: prosody-tls-cert
+  namespace: prosody
+  labels:
+    "use-dns-solver": "true"
+spec:
+  secretName: prosody-tls-cert
+  dnsNames:
+  - ssene.ca
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt-prod

prosody/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prosody
+  namespace: prosody
+  labels:
+    app: prosody
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prosody
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: prosody
+    spec:
+      containers:
+        - image: prosody/prosody:0.11.8
+          name: prosody
+          ports:
+            - containerPort: 5222
+              name: c2s
+            - containerPort: 5269
+              name: s2s
+          volumeMounts:
+            - mountPath: /etc/prosody
+              name: configuration
+              readOnly: true
+            - mountPath: /var/lib/prosody
+              name: data
+            - mountPath: /etc/prosody/certs
+              name: cert
+              readOnly: true
+      restartPolicy: Always
+      volumes:
+        - name: configuration
+          secret:
+            secretName: configuration-secrets
+        - name: data
+          persistentVolumeClaim:
+            claimName: prosody-media
+        - name: cert
+          secret:
+            secretName: prosody-tls-cert
+            items:
+              - key: tls.crt
+                path: ssene.ca.crt
+              - key: tls.key
+                path: ssene.ca.key
+status: {}

prosody/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prosody

prosody/postgresql-secrets.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: postgresql-credentials
+  namespace: prosody
+spec:
+  encryptedData:
+    values.yaml: AgCWMO27Lgliw5tMz36KyKZpwQ5nXBqOOBl7oEuiM0+PCHQ14rq4inXntz+MBKA5LtNzOb2xAQgMV/5FMzSjw0eWEk0m8lFD/y6pf+o0YuNMoa1qO8P5OuqeXnENvT+yDQtenD/+JEvhNn/cm1ilRVsLLpPIIy+4zu16aLPCpW3KgykcucxH0n3OMufZDSdgNllOUzzrvs0GVjC8PuPRzvcgjt5ODXAlKV9jck3p7qNmzSBmUkxYIGKK3PWiDeSg33mbmIgUqHu/kHQ1INC6FtpZ51CGoDl1gLxDPnyyGiRg1I/2Vr7J+X5XF5cbxVNSeuLCgvhinzSDklpQv2JNpO0D7Akl61CRmyH68YAJPabQ+w/qRg/Cq1OQ1guJmGm5Sn3hbhKUX1dMJGn6jKSkBQjbMoQBrOzePPUvR/ScVcLV0cdf2HKkKBXS2p7Zj3z3IYigQ3Ne9J0V3zyByRoAHq42NF1kAUrAqrLwB7DGcs/4AVlQUK+H1B4f2MwMC0jeAX/kQ4wTDUvroW9OKVEndd6qLtV5Yh7RPGXuWFRFpqpeXUjS0GUyjRdL47gtKLtejQS0emFBKEGL5ieKPZnlM4egbA+cbpNb0CJm9jzbVOFlFTjbzBy10Qk61VDsx1/V2XJFi0zLiZHHMmzIC/UplysXlNfWdkqVDcAwAmInxBvRojwMMH9G0XJ8NbSQq95QEwyKRlWqh/rG6Fu2G10GGzMm6//DMN9Lnq0OHGzMd9k8f4M60/gyRxTE1yMsfLiiOITY04aBYG0uGpWYMl7wyWJJB3GVxpnGKbNBJmHhyWBxfnsyFawn0b00vNjuvPG1uKCImu6/Bw==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: postgresql-credentials
+      namespace: prosody
+

prosody/postgresql.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: postgresql
+  namespace: prosody
+  annotations:
+    fluxcd.io/automated: "true"
+    fluxcd.io/tag.chart-image: semver:~13.1
+spec:
+  test:
+    enable: true
+  rollback:
+    enable: true
+    retry: true
+  chart:
+    repository: https://charts.bitnami.com/bitnami
+    name: postgresql
+    version: 10.3.6
+  valuesFrom:
+  - secretKeyRef:
+      name: postgresql-credentials
+  values:
+    image:
+      repository: bitnami/postgresql
+      tag: 13.1.0
+    persistence:
+      existingClaim: database-prosody
+    volumePermissions:
+      enabled: true
+    psp:
+      create: true
+    rbac:
+      create: true

prosody/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prosody
+  namespace: prosody
+spec:
+  ports:
+    - name: c2s
+      port: 5222
+      targetPort: 5222
+    - name: s2s
+      port: 5269
+      targetPort: 5269
+  type: LoadBalancer
+  selector:
+    app: prosody
+status:
+  loadBalancer: {}

prosody/storage-db.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: database-prosody
+spec:
+  storageClassName: local-path
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  local:
+    path: /var/lib/databases/prosody
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - sserver
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: database-prosody
+  namespace: prosody
+spec:
+  storageClassName: local-path
+  volumeName: database-prosody
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

prosody/storage-media.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prosody-media
+spec:
+  storageClassName: local-path
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  local:
+    path: /srv/smb/media/prosody-media
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - sserver
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prosody-media
+  namespace: prosody
+spec:
+  storageClassName: local-path
+  volumeName: prosody-media
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi