HGKeeper

Fix up the pidgin prosody vhost, move the imfreedom xmmp ingress to 50-xmpp.imfreedom.org.yaml, and add xmpp.pidgin.im and conference.pidgin.im to the pidgin.im Certificate

2020-02-11, Gary Kramlich

c6c741eb3df2

Parents e01adf01abde
Children 9147514af29c

Fix up the pidgin prosody vhost, move the imfreedom xmmp ingress to 50-xmpp.imfreedom.org.yaml, and add xmpp.pidgin.im and conference.pidgin.im to the pidgin.im Certificate

3 files changed, 52 insertions(+), 15 deletions(-)

+0 -5

50-imfreedom.org.yaml

+2 -0

50-nest.pidgin.im.yaml

+50 -10

50-xmpp.imfreedom.org.yaml

~~--- a/50-imfreedom.org.yaml Tue Feb 11 21:07:36 2020 -0600~~

+++ b/50-imfreedom.org.yaml Tue Feb 11 22:30:30 2020 -0600

@@ -15,11 +15,6 @@

port: 3000

middlewares:

- name: common-headers

~~- - match: Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: prosody~~

~~- port: 5280~~

tls:

secretName: imfreedom-tls

---

~~--- a/50-nest.pidgin.im.yaml Tue Feb 11 21:07:36 2020 -0600~~

+++ b/50-nest.pidgin.im.yaml Tue Feb 11 22:30:30 2020 -0600

@@ -147,6 +147,8 @@

dnsNames:

- pidgin.im

- www.pidgin.im

+ - conference.pidgin.im

+ - xmpp.pidgin.im

---

apiVersion: v1

kind: Service

~~--- a/50-xmpp.imfreedom.org.yaml Tue Feb 11 21:07:36 2020 -0600~~

+++ b/50-xmpp.imfreedom.org.yaml Tue Feb 11 22:30:30 2020 -0600

@@ -2,6 +2,40 @@

# handles virtualhosts for adium.im, imfreedom.org, as well as pidgin.im.

---

apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: xmpp-imfreedom

+ namespace: roost

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`xmpp.imfreedom.org`) || Host(`conference.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: prosody

+ port: 5280

+ tls:

+ secretName: imfreedom-tls

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: xmpp-pidgin

+ namespace: roost

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`xmpp.pidgin.im`) || Host(`conference.pidgin.im`)

+ kind: Rule

+ services:

+ - name: prosody

+ port: 5280

+ tls:

+ secretName: nest-tls

+---

+apiVersion: traefik.containo.us/v1alpha1

kind: IngressRouteTCP

metadata:

name: prosody-c2s

@@ -135,7 +169,7 @@

VirtualHost "pidgin.im"

modules_enabled = {"prometheus"}

certificate = "pidgin/tls.crt"

~~- jetbrains_hub_groups = { "Pidgin Admin", "Pidgin Contributor" }~~

+ jetbrains_hub_groups = { "Pidgin Admin", "Pidgin Contributor", "Pidgin XMPP" }

http_host = "xmpp.pidgin.im"

http_interfaces = {"*"}

http_external_url = "https://xmpp.pidgin.im/"

@@ -144,19 +178,19 @@

key = "certs/pidgin/tls.key";

}

disco_items = {

~~- { "conference.imfreedom.org", "Instant Messaging Freedom MUC" };~~

+ { "conference.pidgin.im", "Pidgin Internet Messaging MUC" };

}

~~- Component "conference.imfreedom.org" "muc"~~

~~- http_host = "conference.imfreedom.org"~~

~~- http_external_url = "https://conference.imfreedom.org/"~~

+ Component "conference.pidgin.im" "muc"

+ http_host = "conference.pidgin.im"

+ http_external_url = "https://conference.pidgin.im/"

ssl = {

~~- certificate = "certs/imfreedom/tls.crt";~~

~~- key = "certs/imfreedom/tls.key";~~

+ certificate = "certs/pidgin/tls.crt";

+ key = "certs/pidgin/tls.key";

}

restrict_room_creation = "local"

~~- Component "xmpp.imfreedom.org" "http"~~

~~- http_external_url = "https://xmpp.imfreedom.org/"~~

~~- http_host = "xmpp.imfreedom.org"~~

+ Component "xmpp.pidgin.im" "http"

+ http_external_url = "https://xmpp.pidgin.im/"

+ http_host = "xmpp.pidgin.im"

modules_enabled = {"bosh"}

---

apiVersion: apps/v1

@@ -217,6 +251,9 @@

- mountPath: /etc/prosody/certs/imfreedom/

name: imfreedom-tls

readOnly: true

+ - mountPath: /etc/prosody/certs/pidgin/

+ name: pidgin-tls

+ readOnly: true

securityContext:

fsGroup: 101

runAsUser: 101

@@ -233,6 +270,9 @@

- name: imfreedom-tls

secret:

secretName: imfreedom-tls

+ - name: pidgin-tls

+ secret:

+ secretName: nest-tls

---

apiVersion: v1

kind: PersistentVolumeClaim

imfreedom/k8s-cluster