davejansen/docker-bitlbee
1
0
Fork 0
Code Issues Pull Requests Activity

Refactor: add/remove services, general refactoring

Browse Source
This commit is contained in:
Michele Bologna
2024-11-23 13:43:15 +01:00
parent 8eecc2bb3f
commit afac4af31f
19 changed files with 510 additions and 498 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
.github/workflows/build-scan-push.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: Build and Push Docker Image
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Lint Dockerfile with Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Lint Shell Scripts with ShellCheck
uses: ludeeus/action-shellcheck@master
- name: Lint Kubernetes Resources with KubeLinter
id: kube-lint-scan
uses: stackrox/kube-linter-action@v1
with:
directory: k8s
config: .kube-linter/config.yaml
# Set up Docker Buildx for multi-architecture builds
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Cache Docker layers for faster builds
- name: Cache Docker Layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-latest
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log into registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:latest
ghcr.io/${{ github.repository_owner }}/docker-bitlbee:latest
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ github.event_name != 'pull_request' }}
- name: Scan Docker Image for Vulnerabilities with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:latest
format: 'table'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy Report
uses: actions/upload-artifact@v3
with:
name: trivy-scan-results
path: trivy-results.json

91
.github/workflows/docker-image.yml vendored
View File

@@ -1,91 +0,0 @@
name: Docker Image CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
env:
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build_and_push_to_dockerhub:
name: Build and push Docker image to DockerHub
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry
if: github.event_name != 'pull_request'
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
build_and_push_to_ghcr:
name: Build and push Docker image to GHCR
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ghcr.io/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

13
.gitignore vendored Normal file
View File

@@ -0,0 +1,13 @@
# Logs
*.log
# Docker
docker/data/
.env
# Kubernetes
k8s/*.secret.yaml
# Build artifacts
*.o
*.out

1
.hadolint.yaml Normal file
View File

@@ -0,0 +1 @@
failure-threshold: error

5
.kube-linter/config.yaml Normal file
View File

@@ -0,0 +1,5 @@
checks:
exclude:
- "latest-tag"
- "no-read-only-root-fs"
- "run-as-non-root"

125
Dockerfile
View File

@@ -1,16 +1,119 @@
FROM docker.io/buildpack-deps:stable-scm FROM docker.io/buildpack-deps:stable-scm AS builder
LABEL maintainer="Michele Bologna <github@michelebologna.net>"
LABEL name="BitlBee Docker container by Michele Bologna"
LABEL version="mb-3.6-20232412"
ENV BITLBEE_VERSION=3.6 LABEL org.opencontainers.image.title="BitlBee container" \
org.opencontainers.image.description="A containerized version of BitlBee with additional plugins." \
org.opencontainers.image.url="https://github.com/mbologna/docker-bitlbee" \
org.opencontainers.image.licenses="MIT"
COPY build.sh /root ENV BITLBEE_VERSION="3.6" SKYPE4PIDGIN_VERSION="1.7" FACEBOOK_VERSION="1.2.2"
RUN /root/build.sh
WORKDIR "/"
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
autoconf automake build-essential cmake g++ gettext gcc git \
gperf imagemagick libtool make libglib2.0-dev libhttp-parser-dev \
libotr5-dev libpurple-dev libgnutls28-dev libjson-glib-dev libnss3-dev \
libpng-dev libolm-dev libprotobuf-c-dev libqrencode-dev libssl-dev \
protobuf-c-compiler libgcrypt20-dev libmarkdown2-dev \
libpng-dev libpurple-dev librsvg2-bin libsqlite3-dev libwebp-dev \
libgdk-pixbuf2.0-dev libopusfile-dev \
libtool-bin netcat-traditional pkg-config sudo && \
curl -LO https://get.bitlbee.org/src/bitlbee-"$BITLBEE_VERSION".tar.gz && \
git clone https://github.com/EionRobb/purple-hangouts && \
git clone https://github.com/EionRobb/purple-discord && \
git clone https://github.com/matrix-org/purple-matrix && \
git clone https://github.com/EionRobb/purple-teams && \
git clone https://github.com/dylex/slack-libpurple && \
curl -LO https://github.com/EionRobb/skype4pidgin/archive/"$SKYPE4PIDGIN_VERSION".tar.gz && \
curl -LO https://github.com/bitlbee/bitlbee-facebook/archive/v"$FACEBOOK_VERSION".tar.gz && \
git clone https://src.alexschroeder.ch/bitlbee-mastodon.git && \
git clone https://github.com/BenWiederhake/tdlib-purple && \
rm -fr /var/lib/apt/lists/*
RUN tar zxvf bitlbee-"$BITLBEE_VERSION".tar.gz
WORKDIR /bitlbee-"$BITLBEE_VERSION"
RUN ./configure --verbose=1 --jabber=1 --otr=1 --purple=1 --strip=1 && \
make -j"$(nproc)" && \
make install && \
make install-bin && \
make install-doc && \
make install-dev && \
make install-etc && \
make install-plugin-otr
WORKDIR /purple-hangouts
RUN make -j"$(nproc)" && make install
WORKDIR /purple-discord
RUN make -j"$(nproc)" && make install
WORKDIR /purple-matrix
RUN make -j"$(nproc)" && make install
WORKDIR /purple-teams
RUN make -j"$(nproc)" && make install
WORKDIR /slack-libpurple
RUN make install
WORKDIR /
RUN tar zxvf "$SKYPE4PIDGIN_VERSION".tar.gz
WORKDIR /skype4pidgin-$SKYPE4PIDGIN_VERSION/skypeweb
RUN make -j"$(nproc)" && make install
WORKDIR /
RUN tar zxvf v"$FACEBOOK_VERSION".tar.gz
WORKDIR /bitlbee-facebook-$FACEBOOK_VERSION
RUN ./autogen.sh && make -j"$(nproc)" && make install
WORKDIR /bitlbee-mastodon
RUN sh autogen.sh && ./configure && make -j"$(nproc)" && make install
WORKDIR /tdlib-purple
RUN ./build_and_install.sh
WORKDIR /
RUN libtool --finish /usr/local/lib/bitlbee
RUN rm -fr ./bitlbee-"$BITLBEE_VERSION" && \
rm -fr ./purple* && \
rm -fr ./slack-libpurple && \
rm -fr ./skype4pidgin* && \
rm -fr ./bitlbee-facebook* && \
rm -fr ./bitlbee-mastodon* && \
rm -fr ./tdlib-purple && \
rm -fr -- *.gz && \
apt-get clean && \
rm -fr /tmp/* /var/tmp/*
# FROM docker.io/debian:stable-slim
# COPY --from=builder /usr/local/etc/bitlbee/ /usr/local/etc/bitlbee/
# COPY --from=builder /usr/local/lib/bitlbee/ /usr/local/lib/bitlbee/
# COPY --from=builder /usr/local/lib/pkgconfig/ /usr/local/lib/pkgconfig/
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libskypeweb.so /usr/slib/x86_64-linux-gnu/purple-2/libskypeweb.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libslack.so /usr/lib/x86_64-linux-gnu/purple-2/libslack.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams.so /usr/lib/x86_64-linux-gnu/purple-2/libteams.so
# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so
# COPY --from=builder /usr/local/sbin/bitlbee /usr/local/sbin/bitlbee
# COPY --from=builder /usr/local/share/bitlbee/ /usr/local/share/bitlbee/
# COPY --from=builder /usr/local/share/locale/ /usr/local/share/locale/
# COPY --from=builder /usr/local/share/man/ /usr/local/share/man/
# COPY --from=builder /usr/local/share/metainfo/ /usr/local/share/metainfo/
# RUN apt-get update && apt-get install --no-install-recommends -y \
# libpurple0 \
# libotr5
RUN adduser --system --home /var/lib/bitlbee --disabled-password \
--disabled-login --shell /usr/sbin/nologin bitlbee
RUN touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid
VOLUME ["/usr/local/etc/bitlbee"]
VOLUME ["/var/lib/bitlbee"]
EXPOSE 6667 EXPOSE 6667
ENTRYPOINT ["/usr/local/sbin/bitlbee"]
CMD ["-c", "/usr/local/etc/bitlbee/bitlbee.conf", "-n", "-v"]
USER bitlbee USER bitlbee
# Define volumes for persistent data
VOLUME ["/var/lib/bitlbee"]
# Needed for VOLUME permissions
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/local/sbin/bitlbee", "-D", "-n", "-v", "-u", "bitlbee"]

126
README.md
View File

@@ -1,62 +1,100 @@
# BitlBee with additional plugins in a container
![Docker](https://img.shields.io/docker/pulls/mbologna/docker-bitlbee)
![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mbologna/docker-bitlbee/build-scan-push.yml?branch=master)
This repository provides a Docker-based setup for running [Bitlbee](https://www.bitlbee.org/) with additional plugins for extended functionality and an optional [Stunnel](https://www.stunnel.org/) service to enable secure IRC communications over TLS.
## Features ## Features
* In addition to the [Bitlbee's out of the box supported protocols](https://wiki.bitlbee.org/), this container also supports the following protocols: - **[Bitlbee](https://www.bitlbee.org)**: A popular gateway that connects instant messaging services with IRC. In addition to the [Bitlbee's out of the box supported protocols](https://wiki.bitlbee.org/), these are the pre-installed plugins:
- Skype via [skype4pidgin](https://github.com/EionRobb/skype4pidgin)
- Telegram via [tdlib-purple](https://github.com/ars3niy/tdlib-purple)
- Facebook (MQTT) via [bitlbee-facebook](https://github.com/bitlbee/bitlbee-facebook)
- Google Hangouts via [purple-hangouts](https://github.com/EionRobb/purple-hangouts) - Google Hangouts via [purple-hangouts](https://github.com/EionRobb/purple-hangouts)
- Mastodon via [bitlbee-mastodon](https://alexschroeder.ch/software/Bitlbee_Mastodon) - Discord via [purple-discord](https://github.com/EionRobb/purple-discord)
- Rocket.Chat via [purple-rocketchat](https://github.com/EionRobb/purple-rocketchat)
- Discord via [bitlbee-discord](https://github.com/sm00th/bitlbee-discord/)
- Slack via [slack-libpurple](https://github.com/dylex/slack-libpurple)
- Steam via [bitlbee-steam](https://github.com/bitlbee/bitlbee-steam)
- Matrix via [purple-matrix](https://github.com/matrix-org/purple-matrix) - Matrix via [purple-matrix](https://github.com/matrix-org/purple-matrix)
- Mattermost via [puple-mattermost](https://github.com/EionRobb/purple-mattermost) - Microsoft Teams via [teams](https://github.com/EionRobb/purple-teams)
- Instagram via [purple-instagram](https://github.com/EionRobb/purple-instagram) - Slack via [slack-libpurple](https://github.com/dylex/slack-libpurple)
- Skype via [skype4pidgin](https://github.com/EionRobb/skype4pidgin)
- Facebook (MQTT) via [bitlbee-facebook](https://github.com/bitlbee/bitlbee-facebook)
- Mastodon via [bitlbee-mastodon](https://alexschroeder.ch/software/Bitlbee_Mastodon)
- Telegram via [tdlib-purple](https://github.com/BenWiederhake/
- **[Stunnel](https://www.stunnel.org/)**: Adds TLS encryption for secure IRC connections.
- Multi-architecture support: builds for `linux/amd64` and `linux/arm64`.
- Kubernetes resources included for deployment in containerized environments.
- Linting and security scans integrated into CI/CD workflows.
* The `docker-compose.yml` provided in this repository enables bitlbee to be TLS terminated via [stunnel](https://www.stunnel.org/). ## Quick Start
## Usage ### Running Locally with Podman or Docker Compose
1. Clone the project: 1. Clone this repository:
```bash
git clone https://github.com/mbologna/docker-bitlbee.git
cd docker-bitlbee
% git clone https://www.github.com/mbologna/docker-bitlbee 2. Build and run the containers:
2. (Optional) Customize bitlbee configuration file in `etc/bitlbee/bitlbee.conf` ```
podman-compose up --build
```
3. Start `bitlbee` either via: If you're using Docker:
```
docker-compose up --build
```
* [Docker Compose](https://docs.docker.com/compose/install/) (recommended): 3. Access the Bitlbee service on port 6667 and the Stunnel service on port 16697.
``` #### Environment Variables
% docker-compose up
```
* Docker: `UID` and `GID`: Set these to match your local user for proper volume permissions.
``` #### Persistent Data
% docker volume create bitlbee_data
% docker run -d --name bitlbee \
--restart=always \
-p 16667:6667 \
-v $PWD/etc/bitlbee:/usr/local/etc/bitlbee \
mbologna/docker-bitlbee
% docker run -d --name bitlbee-stunnel \
--restart=always \
--link bitlbee:bitlbee
-e STUNNEL_SERVICE=bitlbee-stunnel \
-e STUNNEL_ACCEPT=6697 \
-e STUNNEL_CONNECT=bitlbee:6667 \
-p 16697:6697 \
dweomer/stunnel
```
4. Connect your IRC client either to: The `data/` directory is mounted as a volume to store Bitlbee configurations and data. Ensure it is backed up for persistent setups.
* localhost:16697 (TLS terminated) (recommended) ### Kubernetes Deployment
* localhost:16667 (non-TLS, plain connection)
## Building Kubernetes manifests for deploying Bitlbee and Stunnel are located in the `k8s/` directory.
You can build a `bitlbee` image from Dockerfile: `docker build -t="mbologna/docker-bitlbee" github.com/mbologna/docker-bitlbee` 1. Apply the manifests:
```
kubectl apply -f k8s/
```
Verify deployment:
```
kubectl get pods -n bitlbee
```
Expose the service as needed (e.g., via `NodePort` or `Ingress`).
## CI/CD Workflow
This repository uses GitHub Actions for automated builds and deployments:
* Build and Push: Docker images are built for amd64 and arm64 platforms and pushed to:
- Docker Hub: `mbologna/docker-bitlbee:latest`
- GitHub Container Registry: `ghcr.io/mbologna/docker-bitlbee:latest`
* Linting: Integrated linters for Dockerfile, shell scripts, and Kubernetes resources.
* Security Scans: Uses Trivy to scan Docker images for vulnerabilities.
## Local Development
### Building Multi-Arch Images Locally
For multi-architecture builds with Podman:
```
podman build --platform linux/amd64,linux/arm64 -t mbologna/docker-bitlbee:latest .
```
Or with Docker:
```
docker buildx build --platform linux/amd64,linux/arm64 -t mbologna/docker-bitlbee:latest --push .
```
## Resources
[BitlBee Documentation](https://wiki.bitlbee.org/)

140
build.sh
View File

@@ -1,140 +0,0 @@
#!/bin/bash
apt update
apt install -y --no-install-recommends autoconf automake build-essential \
cmake g++ gettext gcc git gperf libtool make libglib2.0-dev libhttp-parser-dev \
libotr5-dev libpurple-dev libgnutls28-dev libjson-glib-dev libpng-dev \
libolm-dev libprotobuf-c-dev libssl-dev protobuf-c-compiler libgcrypt20-dev \
libmarkdown2-dev libpng-dev libpurple-dev libsqlite3-dev libwebp-dev \
libtool-bin pkg-config software-properties-common sudo
cd
curl -LO# https://get.bitlbee.org/src/bitlbee-$BITLBEE_VERSION.tar.gz
curl -LO# https://github.com/EionRobb/skype4pidgin/archive/1.7.tar.gz
git clone https://github.com/BenWiederhake/tdlib-purple.git
curl -LO# https://github.com/bitlbee/bitlbee-facebook/archive/v1.2.2.tar.gz
git clone https://github.com/EionRobb/purple-hangouts.git
git clone https://alexschroeder.ch/cgit/bitlbee-mastodon
git clone https://github.com/EionRobb/purple-rocketchat.git
git clone https://github.com/sm00th/bitlbee-discord
git clone https://github.com/dylex/slack-libpurple.git
git clone https://github.com/jgeboski/bitlbee-steam.git
git clone https://github.com/matrix-org/purple-matrix.git
git clone https://github.com/EionRobb/purple-mattermost.git
git clone https://github.com/EionRobb/purple-instagram.git
# # bitlbee
tar zxvf bitlbee-$BITLBEE_VERSION.tar.gz
cd bitlbee-$BITLBEE_VERSION
./configure --jabber=1 --otr=1 --purple=1
make
make install
make install-dev
# skypeweb
cd
tar zxvf 1.7.tar.gz
cd skype4pidgin-1.7/skypeweb
make
make install
# tdlib-purple
cd
cd tdlib-purple
./build_and_install.sh
# bitlbee-facebook
cd
tar zxvf v1.2.2.tar.gz
cd bitlbee-facebook-1.2.2
./autogen.sh
make
make install
# purple-hangouts
cd
cd purple-hangouts
make
make install
# bitlbee-mastodon
cd
cd bitlbee-mastodon
sh autogen.sh
./configure
make
make install
# purple-rocketchat
cd
cd purple-rocketchat
make
make install
# bitlbee-discord
cd
cd bitlbee-discord
./autogen.sh
./configure
make
make install
# slack-libpurple
cd
cd slack-libpurple
make install
# bitlbee-steam
cd
cd bitlbee-steam
./autogen.sh
make
make install
# purple-matrix
cd
cd purple-matrix
make
make install
# purple-mattermost
cd
cd purple-mattermost
make
make install
# purple-instagram
cd
cd purple-instagram
make
make install
# libtool --finish
libtool --finish /usr/local/lib/bitlbee
# cleanup
apt autoremove --purge -y
apt remove -y --purge autoconf automake autotools-dev binutils binutils-common binutils-x86-64-linux-gnu build-essential \
bzip2 cmake cpp* dpkg-dev gettext gettext-base libbinutils libgcc-*-dev libsqlite3-dev libstdc++-*-dev \
libtasn1-*-dev libtool libtool-bin m4 make nettle-dev patch xz-utils
apt clean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /tmp/*
cd
rm -fr /root/build.sh
rm -fr $BITLBEE_VERSION*
rm -fr 1.7.tar.gz skype4pidgin-*
rm -fr tdlib-purple*
rm -fr v1.2.1.tar.gz bitlbee-facebook-*
rm -fr purple-hangouts
rm -rf bitlbee-mastodon
rm -rf purple-rocketchat
rm -fr bitlbee-discord*
rm -fr slack-libpurple
rm -fr bitlbee-steam
rm -fr purple-matrix
rm -fr purple-mattermost
rm -fr purple-instagram
# add user bitlbee
adduser --system --home /var/lib/bitlbee --disabled-password --disabled-login --shell /usr/sbin/nologin bitlbee
touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid

65
docker-compose.yml
View File

@@ -1,24 +1,41 @@
version: "2.0" version: '3.8'
services: services:
bitlbee: bitlbee:
build: . build:
image: docker.io/mbologna/docker-bitlbee context: .
dockerfile: Dockerfile
image: docker.io/mbologna/docker-bitlbee:latest
container_name: bitlbee container_name: bitlbee
restart: always restart: unless-stopped
ports: ports:
- "16667:6667" - "6667:6667"
networks:
- bitlbee
volumes: volumes:
- ./etc/bitlbee:/usr/local/etc/bitlbee - ./data:/var/lib/bitlbee
- bitlbee_data:/var/lib/bitlbee user: "${UID}:${GID}" # Needed for VOLUME permissions
healthcheck:
test: [ "CMD", "nc", "-z", "localhost", "6667" ]
interval: 30s
retries: 3
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
- bitlbee-net
deploy:
resources:
limits:
memory: 512m
cpus: "1.0"
reservations:
memory: 256m
stunnel: stunnel:
image: docker.io/dweomer/stunnel image: docker.io/dweomer/stunnel:latest
container_name: bitlbee-stunnel container_name: bitlbee-stunnel
restart: always restart: always
networks:
- bitlbee
ports: ports:
- "16697:6697" - "16697:6697"
environment: environment:
@@ -27,9 +44,25 @@ services:
- STUNNEL_CONNECT=bitlbee:6667 - STUNNEL_CONNECT=bitlbee:6667
depends_on: depends_on:
- bitlbee - bitlbee
healthcheck:
volumes: test: [ "CMD", "nc", "-z", "localhost", "6697" ]
bitlbee_data: interval: 30s
retries: 3
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
- bitlbee-net
deploy:
resources:
limits:
memory: 256m
cpus: "1.0"
reservations:
memory: 128m
networks: networks:
bitlbee: bitlbee-net:
driver: bridge

7
entrypoint.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
set -euxo pipefail
# Ensure proper permissions on the mounted data directory
if [ "$(stat -c %U /var/lib/bitlbee)" != "bitlbee" ]; then
chown -R bitlbee:nogroup /var/lib/bitlbee
fi
exec "$@"

180
etc/bitlbee/bitlbee.conf
View File

@@ -1,180 +0,0 @@
## BitlBee default configuration file
##
## Comments are marked like this. The rest of the file is INI-style. The
## comments should tell you enough about what all settings mean.
##
[settings]
## RunMode:
##
## Inetd -- Run from inetd (default)
## Daemon -- Run as a stand-alone daemon, serving all users from one process.
## This saves memory if there are more users, the downside is that when one
## user hits a crash-bug, all other users will also lose their connection.
## ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate
## child processes. This should be pretty safe and reliable to use instead
## of inetd mode.
##
RunMode = ForkDaemon
## User:
##
## If BitlBee is started by root as a daemon, it can drop root privileges,
## and change to the specified user.
##
User = bitlbee
## DaemonPort/DaemonInterface:
##
## For daemon mode, you can specify on what interface and port the daemon
## should be listening for connections.
##
# DaemonInterface = 0.0.0.0
# DaemonPort = 6667
## ClientInterface:
##
## If for any reason, you want BitlBee to use a specific address/interface
## for outgoing traffic (IM connections, HTTP(S), etc.), set it here.
##
# ClientInterface = 0.0.0.0
## AuthMode
##
## Open -- Accept connections from anyone, use NickServ for user authentication.
## (default)
## Closed -- Require authorization (using the PASS command during login) before
## allowing the user to connect at all.
## Registered -- Only allow registered users to use this server; this disables
## the register- and the account command until the user identifies itself.
##
# AuthMode = Open
## AuthBackend
##
## By default, the authentication data for a user is stored in the storage
## backend. If you want to authenticate against another authentication system
## (e.g. ldap), you can specify that here.
##
## Beware that this disables password changes and causes passwords for the
## accounts people create to be stored in plain text instead of encrypted with
## their bitlbee password.
##
## Currently available backends:
##
## - storage (internal storage)
## - pam (Linux PAM authentication)
## - ldap (LDAP server configured in the openldap settings)
#
# AuthBackend = storage
#
## AuthPassword
##
## Password the user should enter when logging into a closed BitlBee server.
## You can also have a BitlBee-style MD5 hash here. Format: "md5:", followed
## by a hash as generated by "bitlbee -x hash <password>".
##
# AuthPassword = ItllBeBitlBee ## Heh.. Our slogan. ;-)
## or
# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl
## OperPassword
##
## Password that unlocks access to special operator commands.
##
# OperPassword = ChangeMe!
## or
# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX
## AllowAccountAdd
##
## Whether to allow registered and identified users to add new accounts using
## 'account add'
##
# AllowAccountAdd 1
## HostName
##
## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
## alias for your BitlBee daemon, you can set it here and BitlBee will identify
## itself with that name instead.
##
HostName = bitlbee
## MotdFile
##
## Specify an alternative MOTD (Message Of The Day) file. Default value depends
## on the --etcdir argument to configure.
##
# MotdFile = /etc/bitlbee/motd.txt
## ConfigDir
##
## Specify an alternative directory to store all the per-user configuration
## files. (.nicks/.accounts)
##
# ConfigDir = /var/lib/bitlbee
## Ping settings
##
## BitlBee can send PING requests to the client to check whether it's still
## alive. This is not very useful on local servers, but it does make sense
## when most clients connect to the server over a real network interface.
## (Public servers) Pinging the client will make sure lost clients are
## detected and cleaned up sooner.
##
## PING requests are sent every PingInterval seconds. If no PONG reply has
## been received for PingTimeOut seconds, BitlBee aborts the connection.
##
## To disable the pinging, set at least one of these to 0.
##
# PingInterval = 180
# PingTimeOut = 300
## Using proxy servers for outgoing connections
##
## If you're running BitlBee on a host which is behind a restrictive firewall
## and a proxy server, you can tell BitlBee to use that proxy server here.
## The setting has to be a URL, formatted like one of these examples:
##
## (Obviously, the username and password are optional)
##
# Proxy = http://john:doe@proxy.localnet.com:8080
# Proxy = socks4://socksproxy.localnet.com
# Proxy = socks5://socksproxy.localnet.com
## Protocols offered by bitlbee
##
## As recompiling may be quite unpractical for some people, this option
## allows to remove the support of protocol, even if compiled in. If
## nothing is given, there are no restrictions.
##
# Protocols = jabber yahoo
## Trusted CAs
##
## Path to a file containing a list of trusted certificate authorities used in
## the verification of server certificates.
##
## Uncomment this and make sure the file actually exists and contains all
## certificate authorities you're willing to accept (default value should
## work on at least Debian/Ubuntu systems with the "ca-certificates" package
## installed). As long as the line is commented out, SSL certificate
## verification is completely disabled.
##
## The location of this file may be different on other distros/OSes. For
## example, try /etc/ssl/ca-bundle.pem on OpenSUSE.
##
CAfile = /etc/ssl/certs/ca-certificates.crt
[defaults]
## Here you can override the defaults for some per-user settings. Users are
## still able to override your defaults, so this is not a way to restrict
## your users...
## To enable private mode by default, for example:
## private = 1

16
etc/bitlbee/motd.txt
View File

@@ -1,16 +0,0 @@
Welcome to the BitlBee server at %h.
This server is running BitlBee version %v.
The newest version can be found on http://www.bitlbee.org/
You are getting this message because the server administrator has not
yet had the time (or need) to change it.
For those who don't know it yet, this is not quite a regular Internet
Relay Chat server. Please see the site mentioned above for more
information.
The developers of the Bee hope you have a buzzing time.
-- BitlBee development team.
... Buzzing, haha, get it?

52
k8s/bitlbee-deployment.yaml Executable file
View File

@@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bitlbee
namespace: bitlbee
spec:
replicas: 1
selector:
matchLabels:
app: bitlbee
template:
metadata:
labels:
app: bitlbee
spec:
containers:
- name: bitlbee
image: docker.io/mbologna/docker-bitlbee:latest
ports:
- containerPort: 6667
volumeMounts:
- mountPath: /var/lib/bitlbee
name: bitlbee-data
resources:
limits:
memory: "512Mi"
cpu: "1"
requests:
memory: "256Mi"
cpu: "1"
livenessProbe:
exec:
command:
- nc
- -z
- localhost
- "6667"
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
exec:
command:
- nc
- -z
- localhost
- "6667"
initialDelaySeconds: 10
periodSeconds: 30
volumes:
- name: bitlbee-data
persistentVolumeClaim:
claimName: bitlbee-pvc

4
k8s/bitlbee-namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: bitlbee

11
k8s/bitlbee-pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bitlbee-pvc
namespace: bitlbee
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Mi

12
k8s/bitlbee-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: bitlbee
namespace: bitlbee
spec:
ports:
- protocol: TCP
port: 6667
targetPort: 6667
selector:
app: bitlbee

9
k8s/bitlbee-stunnel-configmap.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stunnel-config
namespace: bitlbee
data:
STUNNEL_SERVICE: bitlbee-stunnel
STUNNEL_ACCEPT: "6697"
STUNNEL_CONNECT: bitlbee:6667

48
k8s/bitlbee-stunnel-deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bitlbee-stunnel
namespace: bitlbee
spec:
replicas: 1
selector:
matchLabels:
app: bitlbee-stunnel
template:
metadata:
labels:
app: bitlbee-stunnel
spec:
containers:
- name: stunnel
image: docker.io/dweomer/stunnel:latest
ports:
- containerPort: 6697
envFrom:
- configMapRef:
name: stunnel-config
resources:
limits:
memory: "256Mi"
cpu: "1"
requests:
memory: "128Mi"
cpu: "1"
livenessProbe:
exec:
command:
- nc
- -z
- localhost
- "6697"
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
exec:
command:
- nc
- -z
- localhost
- "6697"
initialDelaySeconds: 10
periodSeconds: 30

12
k8s/bitlbee-stunnel-service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: bitlbee-stunnel
namespace: bitlbee
spec:
ports:
- protocol: TCP
port: 6697
targetPort: 6697
selector:
app: bitlbee-stunnel