feat: initial version of ejabberd chart

charts/ejabberd/.helmignore

@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# helm-docs templates
+*.gotmpl

charts/ejabberd/Chart.yaml

@@ -0,0 +1,31 @@
+apiVersion: v2
+name: ejabberd
+description: Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
+type: application
+version: 0.1.0
+# renovate: image=ghcr.io/juniorjpdj/containers/ejabberd-captcha
+appVersion: 24.02-r1
+kubeVersion: ">=1.22.0-0"
+keywords:
+  - ejabberd
+  - jabber
+  - xmpp
+  - communication
+  - IM
+  - instant-messenger
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts
+    version: 3.0.4
+sources:
+  - https://github.com/processone/ejabberd
+  - https://github.com/JuniorJPDJ/containers
+  - https://github.com/JuniorJPDJ/charts/tree/master/charts/ejabberd
+annotations:
+  artifacthub.io/links: |-
+    - name: App Source
+      url: https://github.com/processone/ejabberd
+    - name: Dockerfile Source
+      url: https://github.com/JuniorJPDJ/containers
+    - name: Chart Source
+      url: https://github.com/JuniorJPDJ/charts/tree/master/charts/ejabberd

charts/ejabberd/templates/certificates.yaml

@@ -0,0 +1,17 @@
+{{- include "bjw-s.common.loader.init" . }}
+{{- range $name, $v := .Values.certificates }}
+{{- if $v.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-{{ $name }}
+spec:
+  dnsNames:
+    {{- toYaml $v.dnsNames | nindent 4 }}
+  issuerRef:
+    {{- toYaml $v.issuerRef | nindent 4 }}
+  secretName: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-{{ $name }}-cert
+---
+
+{{- end }}
+{{- end }}

charts/ejabberd/templates/common.yaml

@@ -0,0 +1,13 @@
+{{/* Preprocess values and prepare config file */}}
+{{- define "ejabberd.preprocess" -}}
+controllers:
+  main:
+    containers:
+      main:
+        image:
+          {{- toYaml .Values.image | nindent 10 }}
+{{- end -}}
+{{- $_ := merge .Values (include "ejabberd.preprocess" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{- include "bjw-s.common.loader.all" . }}

charts/ejabberd/values.yaml

@@ -0,0 +1,302 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
+#
+
+configMaps:
+  config:
+    data:
+      ejabberd.yml:
+        # This config uses envsubst internally to replace ${ENV_VAR_NAME} with environment variable values.
+        # The ${CAPTCHA_CMD} variable is always provided using entrypoint script and points to the captcha-ng.sh script/
+        # You can put your sensitive variables into secret below and those will be provided as env vars to the container,
+        # then you can use those in your config.
+        # Example config from https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example
+        captcha_cmd: "${CAPTCHA_CMD}"
+        # hosts:
+        #   - localhost
+        # loglevel: info
+        # ## If you already have certificates, list them here
+        # # certfiles:
+        # #  - /etc/letsencrypt/live/domain.tld/fullchain.pem
+        # #  - /etc/letsencrypt/live/domain.tld/privkey.pem
+        # captcha_url: auto
+        # listen:
+        #   - port: 5222
+        #     ip: "::"
+        #     module: ejabberd_c2s
+        #     max_stanza_size: 262144
+        #     shaper: c2s_shaper
+        #     access: c2s
+        #     starttls_required: true
+        #   - port: 5223
+        #     ip: "::"
+        #     module: ejabberd_c2s
+        #     max_stanza_size: 262144
+        #     shaper: c2s_shaper
+        #     access: c2s
+        #     tls: true
+        #   - port: 5269
+        #     ip: "::"
+        #     module: ejabberd_s2s_in
+        #     max_stanza_size: 524288
+        #     shaper: s2s_shaper
+        #   - port: 5443
+        #     ip: "::"
+        #     module: ejabberd_http
+        #     tls: true
+        #     request_handlers:
+        #       /admin: ejabberd_web_admin
+        #       /api: mod_http_api
+        #       /bosh: mod_bosh
+        #       /captcha: ejabberd_captcha
+        #       /upload: mod_http_upload
+        #       /ws: ejabberd_http_ws
+        #   - port: 1883
+        #     ip: "::"
+        #     module: mod_mqtt
+        #     backlog: 1000
+        # s2s_use_starttls: optional
+        # acl:
+        #   local:
+        #     user_regexp: ""
+        #   loopback:
+        #     ip:
+        #       - 127.0.0.0/8
+        #       - ::1/128
+        # access_rules:
+        #   local:
+        #     allow: local
+        #   c2s:
+        #     deny: blocked
+        #     allow: all
+        #   announce:
+        #     allow: admin
+        #   configure:
+        #     allow: admin
+        #   muc_create:
+        #     allow: local
+        #   pubsub_createnode:
+        #     allow: local
+        #   trusted_network:
+        #     allow: loopback
+        # api_permissions:
+        #   "console commands":
+        #     from:
+        #       - ejabberd_ctl
+        #     who: all
+        #     what: "*"
+        #   "admin access":
+        #     who:
+        #       access:
+        #         allow:
+        #           - acl: loopback
+        #           - acl: admin
+        #       oauth:
+        #         scope: "ejabberd:admin"
+        #         access:
+        #           allow:
+        #             - acl: loopback
+        #             - acl: admin
+        #     what:
+        #       - "*"
+        #       - "!stop"
+        #       - "!start"
+        #   "public commands":
+        #     who:
+        #       ip: 127.0.0.1/8
+        #     what:
+        #       - status
+        #       - connected_users_number
+        # shaper:
+        #   normal:
+        #     rate: 3000
+        #     burst_size: 20000
+        #   fast: 100000
+        # shaper_rules:
+        #   max_user_sessions: 10
+        #   max_user_offline_messages:
+        #     5000: admin
+        #     100: all
+        #   c2s_shaper:
+        #     none: admin
+        #     normal: all
+        #   s2s_shaper: fast
+        # modules:
+        #   mod_adhoc: {}
+        #   mod_admin_extra: {}
+        #   mod_announce:
+        #     access: announce
+        #   mod_avatar: {}
+        #   mod_blocking: {}
+        #   mod_bosh: {}
+        #   mod_caps: {}
+        #   mod_carboncopy: {}
+        #   mod_client_state: {}
+        #   mod_configure: {}
+        #   mod_disco: {}
+        #   mod_fail2ban: {}
+        #   mod_http_api: {}
+        #   mod_http_upload:
+        #     put_url: https://@HOST@:5443/upload
+        #     custom_headers:
+        #       "Access-Control-Allow-Origin": "https://@HOST@"
+        #       "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
+        #       "Access-Control-Allow-Headers": "Content-Type"
+        #   mod_last: {}
+        #   mod_mam:
+        #     ## Mnesia is limited to 2GB, better to use an SQL backend
+        #     ## For small servers SQLite is a good fit and is very easy
+        #     ## to configure. Uncomment this when you have SQL configured:
+        #     ## db_type: sql
+        #     assume_mam_usage: true
+        #     default: always
+        #   mod_mqtt: {}
+        #   mod_muc:
+        #     access:
+        #       - allow
+        #     access_admin:
+        #       - allow: admin
+        #     access_create: muc_create
+        #     access_persistent: muc_create
+        #     access_mam:
+        #       - allow
+        #     default_room_options:
+        #       mam: true
+        #   mod_muc_admin: {}
+        #   mod_offline:
+        #     access_max_user_messages: max_user_offline_messages
+        #   mod_ping: {}
+        #   mod_privacy: {}
+        #   mod_private: {}
+        #   mod_proxy65:
+        #     access: local
+        #     max_connections: 5
+        #   mod_pubsub:
+        #     access_createnode: pubsub_createnode
+        #     plugins:
+        #       - flat
+        #       - pep
+        #     force_node_config:
+        #       ## Avoid buggy clients to make their bookmarks public
+        #       storage:bookmarks:
+        #         access_model: whitelist
+        #   mod_push: {}
+        #   mod_push_keepalive: {}
+        #   mod_register:
+        #     ## Only accept registration requests from the "trusted"
+        #     ## network (see access_rules section above).
+        #     ## Think twice before enabling registration from any
+        #     ## address. See the Jabber SPAM Manifesto for details:
+        #     ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
+        #     ip_access: trusted_network
+        #   mod_roster:
+        #     versioning: true
+        #   mod_s2s_dialback: {}
+        #   mod_shared_roster: {}
+        #   mod_stream_mgmt:
+        #     resend_on_timeout: if_offline
+        #   mod_stun_disco: {}
+        #   mod_vcard: {}
+        #   mod_vcard_xupdate: {}
+        #   mod_version:
+        #     show_os: false
+
+secrets:
+  envs:
+    stringData:
+      # POSTGRES_SERVER:
+      # POSTGRES_DB:
+      # POSTGRES_USER:
+      # POSTGRES_PASSWORD:
+
+certificates:
+  # requires working installation of cert-manager
+  xmpp-example-com:
+    enabled: false
+    dnsNames: ["xmpp.example.com"]
+    issuerRef:
+      group: cert-manager.io
+      kind: ClusterIssuer
+      name: letsencrypt
+
+image:
+  repository: ghcr.io/juniorjpdj/containers/ejabberd-captcha
+  pullPolicy: Always
+  tag: 24.02-r1
+
+persistence:
+  upload:
+    type: persistentVolumeClaim
+    accessMode: ReadWriteOnce
+    retain: true
+    globalMounts:
+      - path: /home/ejabberd/upload
+        readOnly: false
+    size: 1Gi
+  database:
+    type: persistentVolumeClaim
+    accessMode: ReadWriteOnce
+    retain: true
+    globalMounts:
+      - path: /home/ejabberd/database
+        readOnly: false
+    size: 1Gi
+  logs:
+    type: emptyDir
+    retain: true
+    globalMounts:
+      - path: /home/ejabberd/logs
+        readOnly: false
+  config:
+    type: configMap
+    identifier: config
+    globalMounts:
+      - path: /home/ejabberd/conf
+        readOnly: true
+
+defaultPodOptions:
+  securityContext:
+    fsGroup: 9000
+    fsGroupChangePolicy: Always
+
+controllers:
+  main:
+    type: statefulset
+    containers:
+      main:
+        # image: <templated from `image` section>
+        securityContext:
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 9000
+          runAsGroup: 9000
+        envFrom:
+          - secret: envs
+
+service:
+  main:
+    type: ClusterIP
+    controller: main
+    ports:
+      c2s:
+        port: 5222
+        protocol: TCP
+      c2s-tls:
+        port: 5223
+        protocol: TCP
+      s2s:
+        port: 5269
+        protocol: TCP
+      https:
+        port: 5443
+        protocol: HTTPS
+        primary: true
+      mqtt:
+        port: 1883
+        protocol: TCP