change default credential secret name

* Update homeassistant/home-assistant Docker tag to v2024.4.3

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Lebens <alexanderlebens@gmail.com>

charts/home-assistant/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.1.4
+version: 0.1.9
 description: Chart for Home Assistant
 keywords:
   - home-automation
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.3.3
+appVersion: v2024.4.3

charts/home-assistant/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: homeassistant/home-assistant
-    tag: 2024.3.3
+    tag: 2024.4.3
     imagePullPolicy: IfNotPresent
   env:
     TZ: UTC
@@ -56,7 +56,7 @@ codeserver:
   enabled: false
   image:
     repository: linuxserver/code-server
-    tag: 4.22.1
+    tag: 4.23.0
     imagePullPolicy: IfNotPresent
   env:
     TZ: UTC

charts/homepage/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.9
+version: 0.0.10
 description: Chart for benphelps homepage
 keywords:
   - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.10
+appVersion: v0.8.11

charts/homepage/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.10
+    tag: v0.8.11
     imagePullPolicy: IfNotPresent
   env:
   envFrom:

charts/matrix-hookshot/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: matrix-hookshot
-version: 0.0.4
+version: 0.1.0
 description: Chart for Matrix Hookshot
 keywords:
   - matrix

charts/matrix-hookshot/templates/_helpers.tpl

@@ -30,3 +30,14 @@ Helper for passkey secret name
 {{- printf "matrix-hookshot-passkey-secret" }}
 {{- end }}
 {{- end }}
+
+{{/*
+Helper for passkey file name
+*/}}
+{{- define "hookshot.passFile" -}}
+{{- if .Values.hookshot.config.passFile }}
+{{- printf "%s" .Values.hookshot.config.passFile -}}
+{{- else }}
+{{- printf "passkey.pem" }}
+{{- end }}
+{{- end }}

charts/matrix-hookshot/templates/deployment.yaml

@@ -4,7 +4,7 @@ metadata:
   name: matrix-hookshot
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: matrix-hookshot
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -24,10 +24,10 @@ spec:
         app.kubernetes.io/name: matrix-hookshot
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
-      serviceAccountName: {{ .Release.Name }}
+      serviceAccountName: matrix-hookshot
       automountServiceAccountToken: true
       containers:
-        - name: {{ .Release.Name }}
+        - name: matrix-hookshot
           image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
           imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
           ports:
@@ -40,6 +40,9 @@ spec:
             - name: appservice
               containerPort: {{ .Values.service.appservice.port }}
               protocol: TCP
+            - name: widgets
+              containerPort: {{ .Values.service.widgets.port }}
+              protocol: TCP              
           env:
           {{- range $k,$v := .Values.deployment.env }}
             - name: {{ $k }}
@@ -61,13 +64,13 @@ spec:
               subPath: registration.yml
               readOnly: true
             - name: passkey
-              mountPath: "/data/{{ .Values.hookshot.config.passFile }}"
-              subPath: "{{ .Values.hookshot.config.passFile }}"
+              mountPath: "/data/{{ template "hookshot.passFile" . }}"
+              subPath: {{ template "hookshot.passFile" . }}
               readOnly: true
       volumes:
         - name: config
           secret:
-            name: {{ template "hookshot.secretName" . }}
+            secretName: {{ template "hookshot.secretName" . }}
         - name: registration
           secret:
             secretName: {{ template "hookshot.registrationSecretName" . }}

charts/matrix-hookshot/templates/ingress.yaml

@@ -2,10 +2,10 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: "{{ .Release.Name }}-webhook"
+  name: matrix-hookshot-webhook
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: "{{ .Release.Name }}-webhook"
+    app.kubernetes.io/name: matrix-hookshot-webhook
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -36,10 +36,10 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: "{{ .Release.Name }}-appservice"
+  name: matrix-hookshot-appservice
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: "{{ .Release.Name }}-appservice"
+    app.kubernetes.io/name: matrix-hookshot-appservice
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -64,3 +64,37 @@ spec:
                 port:
                   name: appservice
 {{- end }}
+
+---
+{{- if .Values.ingress.widgets.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: matrix-hookshot-widgets
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-hookshot-widgets
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    {{- toYaml .Values.ingress.widgets.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.widgets.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.widgets.host }}
+      secretName: {{ .Release.Name }}-widgets-secret-tls
+  rules:
+    - host: {{ .Values.ingress.widgets.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  name: widgets
+{{- end }}

charts/matrix-hookshot/templates/pod.yaml

@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ .Release.Name }}-test-connection"
+  name: matrix-hookshot-test-connection
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: matrix-hookshot-test-connection
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -16,7 +16,7 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.webhook.port }}']
+      args: ['matrix-hookshot:{{ .Values.service.webhook.port }}']
       resources:
         limits:
           cpu: 500m

charts/matrix-hookshot/templates/service-account.yaml

@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Release.Name }}
+  name: matrix-hookshot
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: matrix-hookshot
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web

charts/matrix-hookshot/templates/service.yaml

@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Release.Name }}
+  name: matrix-hookshot
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: matrix-hookshot
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -24,6 +24,10 @@ spec:
       targetPort: appservice
       protocol: TCP
       name: appservice
+    - port: {{ .Values.service.widgets.port }}
+      targetPort: widgets
+      protocol: TCP
+      name: widgets      
   selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: matrix-hookshot
     app.kubernetes.io/instance: {{ .Release.Name }}

charts/matrix-hookshot/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: halfshot/matrix-hookshot
-    tag: "4.5.1"
+    tag: "5.2.1"
     imagePullPolicy: IfNotPresent
   env: {}
   envFrom: []
@@ -22,6 +22,8 @@ service:
     port: 9001
   appservice:
     port: 9002
+  widgets:
+    port: 9003
 ingress:
   webhook:
     enabled: false
@@ -33,6 +35,11 @@ ingress:
     className: ""
     annotations: {}
     host: ""
+  widgets:
+    enabled: false
+    className: ""
+    annotations: {}
+    host: ""    
 metrics:
   enabled: false
   serviceMonitor:
@@ -69,7 +76,7 @@ hookshot:
         resources:
           - metrics
           - provisioning
-      - port: 9002
+      - port: 9003
         bindAddress: 0.0.0.0
         resources:
           - widgets

charts/mautrix-discord/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: mautrix-discord
+version: 0.0.2
+description: Chart for Matrix Discord Bridge
+keywords:
+  - matrix
+  - mautrix-discord
+  - bridge
+  - discord
+sources:
+  - https://github.com/mautrix/discord
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
+appVersion: v0.6.5

charts/mautrix-discord/templates/_helpers.tpl

@@ -0,0 +1,41 @@
+{{/*
+Helper for secret name
+*/}}
+{{- define "mautrix-discord.secretName" -}}
+{{- if .Values.mautrixDiscord.existingSecret }}
+{{- printf "%s" .Values.mautrixDiscord.existingSecret -}}
+{{- else }}
+{{- printf "mautrix-discord-config-secret" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Helper for registration secret name
+*/}}
+{{- define "mautrix-discord.registrationSecretName" -}}
+{{- if .Values.mautrixDiscord.existingRegistrationSecret }}
+{{- printf "%s" .Values.mautrixDiscord.existingRegistrationSecret -}}
+{{- else }}
+{{- printf "mautrix-discord-registration-secret" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Generate registration.yaml if not from existing secret
+*/}}
+{{- define "mautrix-discord.registration-yaml" -}}
+id: {{ .Values.mautrixDiscord.config.appservice.id | quote }}
+as_token: {{ .Values.mautrixDiscord.config.appservice.as_token | quote }}
+hs_token: {{ .Values.mautrixDiscord.config.appservice.hs_token | quote }}
+namespaces:
+  users:
+    - regex: {{ printf "^@discordbot:%s$" (replace "." "\\." .Values.mautrixDiscord.config.homeserver.domain) }}
+      exclusive: true
+    - regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.mautrixDiscord.config.bridge.username_template .)) (replace "." "\\." .Values.mautrixDiscord.config.homeserver.domain) }}
+      exclusive: true
+url: {{ .Values.mautrixDiscord.config.appservice.address | quote }}
+sender_localpart: {{ .Values.mautrixDiscord.registration.sender_localpart | quote }}
+rate_limited: {{ .Values.mautrixDiscord.registration.rate_limited }}
+de.sorunome.msc2409.push_ephemeral: true
+push_ephemeral: true
+{{- end -}}

charts/mautrix-discord/templates/deployment.yaml

@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mautrix-discord
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mautrix-discord
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: mautrix-discord
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: mautrix-discord
+      automountServiceAccountToken: true
+      containers:
+        - name: mautrix-discord
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          env:
+          {{- range $k,$v := .Values.deployment.env }}
+            - name: {{ $k }}
+              value: {{ $v | quote }}
+          {{- end }}
+          {{- with .Values.deployment.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /_matrix/mau/live
+              port: http
+            failureThreshold: {{ .Values.deployment.probes.liveness.failureThreshold }}
+            periodSeconds: {{ .Values.deployment.probes.liveness.periodSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /_matrix/mau/ready
+              port: http
+            failureThreshold: {{ .Values.deployment.probes.readiness.failureThreshold }}
+            periodSeconds: {{ .Values.deployment.probes.readiness.periodSeconds }}
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /data/config.yaml
+              subPath: config.yaml
+              readOnly: true
+            - name: registration
+              mountPath: /data/registration.yaml
+              subPath: registration.yaml
+              readOnly: true
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: config
+          secret:
+            secretName: {{ template "mautrix-discord.secretName" . }}
+        - name: registration
+          secret:
+            secretName: {{ template "mautrix-discord.registrationSecretName" . }}
+        - name: data
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default "mautrix-discord-data" }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+      {{- with .Values.deployment.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.deployment.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.deployment.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/mautrix-discord/templates/ingress.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mautrix-discord
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Release.Name }}-secret-tls
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: mautrix-discord
+                port:
+                  name: http
+{{- end }}

charts/mautrix-discord/templates/persistent-volume-claim.yaml

@@ -0,0 +1,26 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: mautrix-discord-data
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if .Values.persistence.storageClass }}
+  {{- if not .Values.persistence.storageClass }}
+  storageClassName: ""
+  {{- else }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+  {{- end }}
+{{- end }}

charts/mautrix-discord/templates/secret.yaml

@@ -0,0 +1,33 @@
+{{- if not .Values.mautrixDiscord.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mautrix-discord-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord-config
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  config.yaml: |
+{{ toYaml .Values.mautrixDiscord.config | indent 4 }}
+{{- end }}
+
+---
+{{- if not .Values.mautrixDiscord.existingRegistrationSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mautrix-discord-registration-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord-registration
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  registration.yaml: {{ include "mautrix-discord.registration-yaml" . | b64enc | quote }}
+{{- end }}

charts/mautrix-discord/templates/service-account.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mautrix-discord
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/mautrix-discord/templates/service.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mautrix-discord
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  clusterIP: {{ .Values.service.clusterIP | quote }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: mautrix-discord
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/mautrix-discord/values.yaml

@@ -0,0 +1,427 @@
+deployment:
+  replicas: 1
+  strategy: Recreate
+  image:
+    repository: dock.mau.dev/mautrix/discord
+    tag: v0.6.5
+    imagePullPolicy: IfNotPresent
+  env: {}
+  envFrom: []
+  resources:
+    limits:
+      memory: 128Mi
+      cpu: 200m
+    requests:
+      memory: 64Mi
+      cpu: 50m
+  probes:
+    liveness:
+      failureThreshold: 5
+      periodSeconds: 10
+    readiness:
+      failureThreshold: 5
+      periodSeconds: 10
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+serviceAccount:
+  create: true
+  annotations: {}
+service:
+  type: ClusterIP
+  clusterIP: None
+  port: 29334
+  externalTrafficPolicy: ""
+  publishNotReadyAddresses: true
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  host: ""
+persistence:
+  enabled: false
+  existingClaim: ""
+  storageClass: ""
+  accessMode: ReadWriteOnce
+  size: 500Mi
+
+
+# Reference the following for examples
+# https://github.com/mautrix/discord/blob/main/example-config.yaml
+mautrixDiscord:
+
+  # config.yml contents
+  existingSecret: ""
+  config:
+    # Homeserver details.
+    homeserver:
+        # The address that this appservice can use to connect to the homeserver.
+        address: https://matrix.example.com
+        # Publicly accessible base URL for media, used for avatars in relay mode.
+        # If not set, the connection address above will be used.
+        public_address: null
+        # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+        domain: example.com
+
+        # What software is the homeserver running?
+        # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+        software: standard
+        # The URL to push real-time bridge status to.
+        # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
+        # The bridge will use the appservice as_token to authorize requests.
+        status_endpoint: null
+        # Endpoint for reporting per-message status.
+        message_send_checkpoint_endpoint: null
+        # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+        async_media: false
+
+        # Should the bridge use a websocket for connecting to the homeserver?
+        # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+        # mautrix-asmux (deprecated), and hungryserv (proprietary).
+        websocket: false
+        # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+        ping_interval_seconds: 0
+
+    # Application service host/registration related details.
+    # Changing these values requires regeneration of the registration.
+    appservice:
+        # The address that the homeserver can use to connect to this appservice.
+        address: http://localhost:29334
+
+        # The hostname and port where this appservice should listen.
+        hostname: 0.0.0.0
+        port: 29334
+
+        # Database config.
+        database:
+            # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+            type: postgres
+            # The database URI.
+            #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+            #           https://github.com/mattn/go-sqlite3#connection-string
+            #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+            #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+            uri: postgres://user:password@host/database?sslmode=disable
+            # Maximum number of connections. Mostly relevant for Postgres.
+            max_open_conns: 20
+            max_idle_conns: 2
+            # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+            # Parsed with https://pkg.go.dev/time#ParseDuration
+            max_conn_idle_time: null
+            max_conn_lifetime: null
+
+        # The unique ID of this appservice.
+        id: discord
+        # Appservice bot details.
+        bot:
+            # Username of the appservice bot.
+            username: discordbot
+            # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+            # to leave display name/avatar as-is.
+            displayname: Discord bridge bot
+            avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC
+
+        # Whether or not to receive ephemeral events via appservice transactions.
+        # Requires MSC2409 support (i.e. Synapse 1.22+).
+        ephemeral_events: true
+
+        # Should incoming events be handled asynchronously?
+        # This may be necessary for large public instances with lots of messages going through.
+        # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+        async_transactions: false
+
+        # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+        as_token: "This value is generated when generating the registration"
+        hs_token: "This value is generated when generating the registration"
+
+    # Bridge config
+    bridge:
+        # Localpart template of MXIDs for Discord users.
+        # {{.}} is replaced with the internal ID of the Discord user.
+        username_template: discord_{{.}}
+        # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
+        # Available variables:
+        #   .ID - Internal user ID
+        #   .Username - Legacy display/username on Discord
+        #   .GlobalName - New displayname on Discord
+        #   .Discriminator - The 4 numbers after the name on Discord
+        #   .Bot - Whether the user is a bot
+        #   .System - Whether the user is an official system user
+        #   .Webhook - Whether the user is a webhook and is not an application
+        #   .Application - Whether the user is an application
+        displayname_template: '{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}'
+        # Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
+        # Available variables:
+        #   .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
+        #   .ParentName - Parent channel name (used for categories).
+        #   .GuildName - Guild name.
+        #   .NSFW - Whether the channel is marked as NSFW.
+        #   .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
+        channel_name_template: '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}'
+        # Displayname template for Discord guilds (bridged as spaces).
+        # Available variables:
+        #   .Name - Guild name
+        guild_name_template: '{{.Name}}'
+        # Whether to explicitly set the avatar and room name for private chat portal rooms.
+        # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+        # If set to `always`, all DM rooms will have explicit names and avatars set.
+        # If set to `never`, DM rooms will never have names and avatars set.
+        private_chat_portal_meta: default
+
+        portal_message_buffer: 128
+
+        # Number of private channel portals to create on bridge startup.
+        # Other portals will be created when receiving messages.
+        startup_private_channel_create_limit: 5
+        # Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
+        delivery_receipts: false
+        # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+        message_status_events: false
+        # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+        message_error_notices: true
+        # Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
+        # This can avoid unnecessary invite events in guild rooms when members are synced in.
+        restricted_rooms: true
+        # Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix?
+        # This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4).
+        autojoin_thread_on_open: true
+        # Should inline fields in Discord embeds be bridged as HTML tables to Matrix?
+        # Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI.
+        embed_fields_as_tables: true
+        # Should guild channels be muted when the portal is created? This only meant for single-user instances,
+        # it won't mute it for all users if there are multiple Matrix users in the same Discord guild.
+        mute_channels_on_create: false
+        # Should the bridge update the m.direct account data event when double puppeting is enabled.
+        # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+        # and is therefore prone to race conditions.
+        sync_direct_chat_list: false
+        # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+        # This field will automatically be changed back to false after it, except if the config file is not writable.
+        resend_bridge_info: false
+        # Should incoming custom emoji reactions be bridged as mxc:// URIs?
+        # If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
+        custom_emoji_reactions: true
+        # Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
+        # If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
+        delete_portal_on_channel_delete: false
+        # Should the bridge delete all portal rooms when you leave a guild on Discord?
+        # This only applies if the guild has no other Matrix users on this bridge instance.
+        delete_guild_on_leave: true
+        # Whether or not created rooms should have federation enabled.
+        # If false, created portal rooms will never be federated.
+        federate_rooms: true
+        # Prefix messages from webhooks with the profile info? This can be used along with a custom displayname_template
+        # to better handle webhooks that change their name all the time (like ones used by bridges).
+        prefix_webhook_messages: false
+        # Bridge webhook avatars?
+        enable_webhook_avatars: true
+        # Should the bridge upload media to the Discord CDN directly before sending the message when using a user token,
+        # like the official client does? The other option is sending the media in the message send request as a form part
+        # (which is always used by bots and webhooks).
+        use_discord_cdn_upload: true
+        # Should mxc uris copied from Discord be cached?
+        # This can be `never` to never cache, `unencrypted` to only cache unencrypted mxc uris, or `always` to cache everything.
+        # If you have a media repo that generates non-unique mxc uris, you should set this to never.
+        cache_media: unencrypted
+        # Settings for converting Discord media to custom mxc:// URIs instead of reuploading.
+        # More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
+        direct_media:
+            # Should custom mxc:// URIs be used instead of reuploading media?
+            enabled: false
+            # The server name to use for the custom mxc:// URIs.
+            # This server name will effectively be a real Matrix server, it just won't implement anything other than media.
+            # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
+            server_name: discord-media.example.com
+            # Optionally a custom .well-known response. This defaults to `server_name:443`
+            well_known_response:
+            # The bridge supports MSC3860 media download redirects and will use them if the requester supports it.
+            # Optionally, you can force redirects and not allow proxying at all by setting this to false.
+            allow_proxy: true
+            # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
+            # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
+            server_key: generate
+        # Settings for converting animated stickers.
+        animated_sticker:
+            # Format to which animated stickers should be converted.
+            # disable - No conversion, send as-is (lottie JSON)
+            # png - converts to non-animated png (fastest)
+            # gif - converts to animated gif
+            # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
+            # webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
+            target: webp
+            # Arguments for converter. All converters take width and height.
+            args:
+                width: 320
+                height: 320
+                fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
+        # Servers to always allow double puppeting from
+        double_puppet_server_map:
+            example.com: https://example.com
+        # Allow using double puppeting from any server with a valid client .well-known file.
+        double_puppet_allow_discovery: false
+        # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+        #
+        # If set, double puppeting will be enabled automatically for local users
+        # instead of users having to find an access token and run `login-matrix`
+        # manually.
+        login_shared_secret_map:
+            example.com: foobar
+
+        # The prefix for commands. Only required in non-management rooms.
+        command_prefix: '!discord'
+        # Messages sent upon joining a management room.
+        # Markdown is supported. The defaults are listed below.
+        management_room_text:
+            # Sent when joining a room.
+            welcome: "Hello, I'm a Discord bridge bot."
+            # Sent when joining a management room and the user is already logged in.
+            welcome_connected: "Use `help` for help."
+            # Sent when joining a management room and the user is not logged in.
+            welcome_unconnected: "Use `help` for help or `login` to log in."
+            # Optional extra text sent when joining a management room.
+            additional_help: ""
+
+        # Settings for backfilling messages.
+        backfill:
+            # Limits for forward backfilling.
+            forward_limits:
+                # Initial backfill (when creating portal). 0 means backfill is disabled.
+                # A special unlimited value is not supported, you must set a limit. Initial backfill will
+                # fetch all messages first before backfilling anything, so high limits can take a lot of time.
+                initial:
+                    dm: 0
+                    channel: 0
+                    thread: 0
+                # Missed message backfill (on startup).
+                # 0 means backfill is disabled, -1 means fetch all messages since last bridged message.
+                # When using unlimited backfill (-1), messages are backfilled as they are fetched.
+                # With limits, all messages up to the limit are fetched first and backfilled afterwards.
+                missed:
+                    dm: 0
+                    channel: 0
+                    thread: 0
+            # Maximum members in a guild to enable backfilling. Set to -1 to disable limit.
+            # This can be used as a rough heuristic to disable backfilling in channels that are too active.
+            # Currently only applies to missed message backfill.
+            max_guild_members: -1
+
+        # End-to-bridge encryption support options.
+        #
+        # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+        encryption:
+            # Allow encryption, work in group chat rooms with e2ee enabled
+            allow: false
+            # Default to encryption, force-enable encryption in all portals the bridge creates
+            # This will cause the bridge bot to be in private chats for the encryption to work properly.
+            default: false
+            # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+            appservice: false
+            # Require encryption, drop any unencrypted messages.
+            require: false
+            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+            # You must use a client that supports requesting keys from other users to use this feature.
+            allow_key_sharing: false
+            # Should users mentions be in the event wire content to enable the server to send push notifications?
+            plaintext_mentions: false
+            # Options for deleting megolm sessions from the bridge.
+            delete_keys:
+                # Beeper-specific: delete outbound sessions when hungryserv confirms
+                # that the user has uploaded the key to key backup.
+                delete_outbound_on_ack: false
+                # Don't store outbound sessions in the inbound table.
+                dont_store_outbound: false
+                # Ratchet megolm sessions forward after decrypting messages.
+                ratchet_on_decrypt: false
+                # Delete fully used keys (index >= max_messages) after decrypting messages.
+                delete_fully_used_on_decrypt: false
+                # Delete previous megolm sessions from same device when receiving a new one.
+                delete_prev_on_new_session: false
+                # Delete megolm sessions received from a device when the device is deleted.
+                delete_on_device_delete: false
+                # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+                periodically_delete_expired: false
+                # Delete inbound megolm sessions that don't have the received_at field used for
+                # automatic ratcheting and expired session deletion. This is meant as a migration
+                # to delete old keys prior to the bridge update.
+                delete_outdated_inbound: false
+            # What level of device verification should be required from users?
+            #
+            # Valid levels:
+            #   unverified - Send keys to all device in the room.
+            #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+            #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+            #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+            #                           Note that creating user signatures from the bridge bot is not currently possible.
+            #   verified - Require manual per-device verification
+            #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+            verification_levels:
+                # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+                receive: unverified
+                # Minimum level that the bridge should accept for incoming Matrix messages.
+                send: unverified
+                # Minimum level that the bridge should require for accepting key requests.
+                share: cross-signed-tofu
+            # Options for Megolm room key rotation. These options allow you to
+            # configure the m.room.encryption event content. See:
+            # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+            # more information about that event.
+            rotation:
+                # Enable custom Megolm room key rotation settings. Note that these
+                # settings will only apply to rooms created after this option is
+                # set.
+                enable_custom: false
+                # The maximum number of milliseconds a session should be used
+                # before changing it. The Matrix spec recommends 604800000 (a week)
+                # as the default.
+                milliseconds: 604800000
+                # The maximum number of messages that should be sent with a given a
+                # session before changing it. The Matrix spec recommends 100 as the
+                # default.
+                messages: 100
+
+                # Disable rotating keys when a user's devices change?
+                # You should not enable this option unless you understand all the implications.
+                disable_device_change_key_rotation: false
+
+        # Settings for provisioning API
+        provisioning:
+            # Prefix for the provisioning API paths.
+            prefix: /_matrix/provision
+            # Shared secret for authentication. If set to "generate", a random secret will be generated,
+            # or if set to "disable", the provisioning API will be disabled.
+            shared_secret: generate
+            # Enable debug API at /debug with provisioning authentication.
+            debug_endpoints: false
+
+        # Permissions for using the bridge.
+        # Permitted values:
+        #    relay - Talk through the relaybot (if enabled), no access otherwise
+        #     user - Access to use the bridge to chat with a Discord account.
+        #    admin - User level and some additional administration tools
+        # Permitted keys:
+        #        * - All Matrix users
+        #   domain - All users on that homeserver
+        #     mxid - Specific user
+        permissions:
+            "*": relay
+            "example.com": user
+            "@admin:example.com": admin
+
+    # Logging config. See https://github.com/tulir/zeroconfig for details.
+    logging:
+        min_level: debug
+        writers:
+        - type: stdout
+          format: pretty-colored
+        - type: file
+          format: json
+          filename: ./logs/mautrix-discord.log
+          max_size: 100
+          max_backups: 10
+          compress: true
+
+  # registration.yml contents
+  existingRegistrationSecret: ""
+  registration:
+    rate_limited: false
+    sender_localpart: discordbridgebot

charts/mautrix-whatsapp/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: mautrix-whatsapp
+version: 0.0.2
+description: Chart for Matrix Whatsapp Bridge
+keywords:
+  - matrix
+  - mautrix-whatsapp
+  - bridge
+  - whatsapp
+sources:
+  - https://github.com/mautrix/whatsapp
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
+appVersion: v0.10.6

charts/mautrix-whatsapp/templates/_helpers.tpl

@@ -0,0 +1,41 @@
+{{/*
+Helper for secret name
+*/}}
+{{- define "mautrix-whatsapp.secretName" -}}
+{{- if .Values.mautrixWhatsapp.existingSecret }}
+{{- printf "%s" .Values.mautrixWhatsapp.existingSecret -}}
+{{- else }}
+{{- printf "mautrix-whatsapp-config-secret" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Helper for registration secret name
+*/}}
+{{- define "mautrix-whatsapp.registrationSecretName" -}}
+{{- if .Values.mautrixWhatsapp.existingRegistrationSecret }}
+{{- printf "%s" .Values.mautrixWhatsapp.existingRegistrationSecret -}}
+{{- else }}
+{{- printf "mautrix-whatsapp-registration-secret" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Generate registration.yaml if not from existing secret
+*/}}
+{{- define "mautrix-whatsapp.registration-yaml" -}}
+id: {{ .Values.mautrixWhatsapp.config.appservice.id | quote }}
+as_token: {{ .Values.mautrixWhatsapp.config.appservice.as_token | quote }}
+hs_token: {{ .Values.mautrixWhatsapp.config.appservice.hs_token | quote }}
+namespaces:
+  users:
+    - regex: {{ printf "^@whatsappbot:%s$" (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }}
+      exclusive: true
+    - regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.mautrixWhatsapp.config.bridge.username_template .)) (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }}
+      exclusive: true
+url: {{ .Values.mautrixWhatsapp.config.appservice.address | quote }}
+sender_localpart: {{ .Values.mautrixWhatsapp.registration.sender_localpart | quote }}
+rate_limited: {{ .Values.mautrixWhatsapp.registration.rate_limited }}
+de.sorunome.msc2409.push_ephemeral: true
+push_ephemeral: true
+{{- end -}}

charts/mautrix-whatsapp/templates/deployment.yaml

@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mautrix-whatsapp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: mautrix-whatsapp
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: mautrix-whatsapp
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: mautrix-whatsapp
+      automountServiceAccountToken: true
+      containers:
+        - name: mautrix-whatsapp
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          env:
+          {{- range $k,$v := .Values.deployment.env }}
+            - name: {{ $k }}
+              value: {{ $v | quote }}
+          {{- end }}
+          {{- with .Values.deployment.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /_matrix/mau/live
+              port: http
+            failureThreshold: {{ .Values.deployment.probes.liveness.failureThreshold }}
+            periodSeconds: {{ .Values.deployment.probes.liveness.periodSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /_matrix/mau/ready
+              port: http
+            failureThreshold: {{ .Values.deployment.probes.readiness.failureThreshold }}
+            periodSeconds: {{ .Values.deployment.probes.readiness.periodSeconds }}
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /data/config.yaml
+              subPath: config.yaml
+              readOnly: true
+            - name: registration
+              mountPath: /data/registration.yaml
+              subPath: registration.yaml
+              readOnly: true
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: config
+          secret:
+            secretName: {{ template "mautrix-whatsapp.secretName" . }}
+        - name: registration
+          secret:
+            secretName: {{ template "mautrix-whatsapp.registrationSecretName" . }}
+        - name: data
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default "mautrix-whatsapp-data" }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+      {{- with .Values.deployment.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.deployment.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.deployment.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/mautrix-whatsapp/templates/ingress.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mautrix-whatsapp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Release.Name }}-secret-tls
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: mautrix-whatsapp
+                port:
+                  name: http
+{{- end }}

charts/mautrix-whatsapp/templates/persistent-volume-claim.yaml

@@ -0,0 +1,26 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: mautrix-whatsapp-data
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if .Values.persistence.storageClass }}
+  {{- if not .Values.persistence.storageClass }}
+  storageClassName: ""
+  {{- else }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+  {{- end }}
+{{- end }}

charts/mautrix-whatsapp/templates/secret.yaml

@@ -0,0 +1,33 @@
+{{- if not .Values.mautrixWhatsapp.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mautrix-whatsapp-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp-config
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  config.yaml: |
+{{ toYaml .Values.mautrixWhatsapp.config | indent 4 }}
+{{- end }}
+
+---
+{{- if not .Values.mautrixWhatsapp.existingRegistrationSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mautrix-whatsapp-registration-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp-registration
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  registration.yaml: {{ include "mautrix-whatsapp.registration-yaml" . | b64enc | quote }}
+{{- end }}

charts/mautrix-whatsapp/templates/service-account.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mautrix-whatsapp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/mautrix-whatsapp/templates/service.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mautrix-whatsapp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  clusterIP: {{ .Values.service.clusterIP | quote }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: mautrix-whatsapp
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/mautrix-whatsapp/values.yaml

@@ -0,0 +1,534 @@
+deployment:
+  replicas: 1
+  strategy: Recreate
+  image:
+    repository: dock.mau.dev/mautrix/whatsapp
+    tag: v0.10.6
+    imagePullPolicy: IfNotPresent
+  env: {}
+  envFrom: []
+  resources:
+    limits:
+      memory: 128Mi
+      cpu: 200m
+    requests:
+      memory: 64Mi
+      cpu: 50m
+  probes:
+    liveness:
+      failureThreshold: 5
+      periodSeconds: 10
+    readiness:
+      failureThreshold: 5
+      periodSeconds: 10
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+serviceAccount:
+  create: true
+  annotations: {}
+service:
+  type: ClusterIP
+  clusterIP: None
+  port: 29334
+  externalTrafficPolicy: ""
+  publishNotReadyAddresses: true
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  host: ""
+persistence:
+  enabled: false
+  existingClaim: ""
+  storageClass: ""
+  accessMode: ReadWriteOnce
+  size: 500Mi
+
+
+# Reference the following for examples
+# https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
+mautrixWhatsapp:
+
+  # config.yml contents
+  existingSecret: ""
+  config:
+    # Homeserver details.
+    homeserver:
+        # The address that this appservice can use to connect to the homeserver.
+        address: https://matrix.example.com
+        # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+        domain: example.com
+
+        # What software is the homeserver running?
+        # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+        software: standard
+        # The URL to push real-time bridge status to.
+        # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
+        # The bridge will use the appservice as_token to authorize requests.
+        status_endpoint: null
+        # Endpoint for reporting per-message status.
+        message_send_checkpoint_endpoint: null
+        # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+        async_media: false
+
+        # Should the bridge use a websocket for connecting to the homeserver?
+        # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+        # mautrix-asmux (deprecated), and hungryserv (proprietary).
+        websocket: false
+        # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+        ping_interval_seconds: 0
+
+    # Application service host/registration related details.
+    # Changing these values requires regeneration of the registration.
+    appservice:
+        # The address that the homeserver can use to connect to this appservice.
+        address: http://localhost:29318
+
+        # The hostname and port where this appservice should listen.
+        hostname: 0.0.0.0
+        port: 29318
+
+        # Database config.
+        database:
+            # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+            type: postgres
+            # The database URI.
+            #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+            #           https://github.com/mattn/go-sqlite3#connection-string
+            #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+            #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+            uri: postgres://user:password@host/database?sslmode=disable
+            # Maximum number of connections. Mostly relevant for Postgres.
+            max_open_conns: 20
+            max_idle_conns: 2
+            # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+            # Parsed with https://pkg.go.dev/time#ParseDuration
+            max_conn_idle_time: null
+            max_conn_lifetime: null
+
+        # The unique ID of this appservice.
+        id: whatsapp
+        # Appservice bot details.
+        bot:
+            # Username of the appservice bot.
+            username: whatsappbot
+            # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+            # to leave display name/avatar as-is.
+            displayname: WhatsApp bridge bot
+            avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
+
+        # Whether or not to receive ephemeral events via appservice transactions.
+        # Requires MSC2409 support (i.e. Synapse 1.22+).
+        ephemeral_events: true
+
+        # Should incoming events be handled asynchronously?
+        # This may be necessary for large public instances with lots of messages going through.
+        # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+        async_transactions: false
+
+        # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+        as_token: "This value is generated when generating the registration"
+        hs_token: "This value is generated when generating the registration"
+
+    # Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
+    analytics:
+        # Hostname of the tracking server. The path is hardcoded to /v1/track
+        host: api.segment.io
+        # API key to send with tracking requests. Tracking is disabled if this is null.
+        token: null
+        # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
+        user_id: null
+
+    # Prometheus config.
+    metrics:
+        # Enable prometheus metrics?
+        enabled: false
+        # IP and port where the metrics listener should be. The path is always /metrics
+        listen: 127.0.0.1:8001
+
+    # Config for things that are directly sent to WhatsApp.
+    whatsapp:
+        # Device name that's shown in the "WhatsApp Web" section in the mobile app.
+        os_name: Mautrix-WhatsApp bridge
+        # Browser name that determines the logo shown in the mobile app.
+        # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
+        # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
+        browser_name: unknown
+
+    # Bridge config
+    bridge:
+        # Localpart template of MXIDs for WhatsApp users.
+        # {{.}} is replaced with the phone number of the WhatsApp user.
+        username_template: whatsapp_{{.}}
+        # Displayname template for WhatsApp users.
+        # {{.PushName}}     - nickname set by the WhatsApp user
+        # {{.BusinessName}} - validated WhatsApp business name
+        # {{.Phone}}        - phone number (international format)
+        # The following variables are also available, but will cause problems on multi-user instances:
+        # {{.FullName}}  - full name from contact list
+        # {{.FirstName}} - first name from contact list
+        displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
+        # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+        # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
+        personal_filtering_spaces: false
+        # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
+        delivery_receipts: false
+        # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+        message_status_events: false
+        # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+        message_error_notices: true
+        # Should incoming calls send a message to the Matrix room?
+        call_start_notices: true
+        # Should another user's cryptographic identity changing send a message to Matrix?
+        identity_change_notices: false
+        portal_message_buffer: 128
+        # Settings for handling history sync payloads.
+        history_sync:
+            # Enable backfilling history sync payloads from WhatsApp?
+            backfill: true
+            # The maximum number of initial conversations that should be synced.
+            # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
+            max_initial_conversations: -1
+            # Maximum number of messages to backfill in each conversation.
+            # Set to -1 to disable limit.
+            message_count: 50
+            # Should the bridge request a full sync from the phone when logging in?
+            # This bumps the size of history syncs from 3 months to 1 year.
+            request_full_sync: false
+            # Configuration parameters that are sent to the phone along with the request full sync flag.
+            # By default (when the values are null or 0), the config isn't sent at all.
+            full_sync_config:
+                # Number of days of history to request.
+                # The limit seems to be around 3 years, but using higher values doesn't break.
+                days_limit: null
+                # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
+                size_mb_limit: null
+                # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
+                storage_quota_mb: null
+            # If this value is greater than 0, then if the conversation's last message was more than
+            # this number of hours ago, then the conversation will automatically be marked it as read.
+            # Conversations that have a last message that is less than this number of hours ago will
+            # have their unread status synced from WhatsApp.
+            unread_hours_threshold: 0
+
+            ###############################################################################
+            # The settings below are only applicable for backfilling using batch sending, #
+            # which is no longer supported in Synapse.                                    #
+            ###############################################################################
+
+            # Settings for media requests. If the media expired, then it will not be on the WA servers.
+            # Media can always be requested by reacting with the ♻️ (recycle) emoji.
+            # These settings determine if the media requests should be done automatically during or after backfill.
+            media_requests:
+                # Should expired media be automatically requested from the server as part of the backfill process?
+                auto_request_media: true
+                # Whether to request the media immediately after the media message is backfilled ("immediate")
+                # or at a specific time of the day ("local_time").
+                request_method: immediate
+                # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
+                request_local_time: 120
+            # Settings for immediate backfills. These backfills should generally be small and their main purpose is
+            # to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
+            # so that you can continue conversations without losing context.
+            immediate:
+                # The number of concurrent backfill workers to create for immediate backfills.
+                # Note that using more than one worker could cause the room list to jump around
+                # since there are no guarantees about the order in which the backfills will complete.
+                worker_count: 1
+                # The maximum number of events to backfill initially.
+                max_events: 10
+            # Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
+            # the chat history that was not covered by the immediate backfills.
+            # These backfills generally should happen at a slower pace so as not to overload the homeserver.
+            # Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
+            # The fields are as follows:
+            # - start_days_ago: the number of days ago to start backfilling from.
+            #     To indicate the start of time, use -1. For example, for a week ago, use 7.
+            # - max_batch_events: the number of events to send per batch.
+            # - batch_delay: the number of seconds to wait before backfilling each batch.
+            deferred:
+                # Last Week
+                - start_days_ago: 7
+                  max_batch_events: 20
+                  batch_delay: 5
+                # Last Month
+                - start_days_ago: 30
+                  max_batch_events: 50
+                  batch_delay: 10
+                # Last 3 months
+                - start_days_ago: 90
+                  max_batch_events: 100
+                  batch_delay: 10
+                # The start of time
+                - start_days_ago: -1
+                  max_batch_events: 500
+                  batch_delay: 10
+
+        # Should puppet avatars be fetched from the server even if an avatar is already set?
+        user_avatar_sync: true
+        # Should Matrix users leaving groups be bridged to WhatsApp?
+        bridge_matrix_leave: true
+        # Should the bridge update the m.direct account data event when double puppeting is enabled.
+        # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+        # and is therefore prone to race conditions.
+        sync_direct_chat_list: false
+        # Should the bridge use MSC2867 to bridge manual "mark as unread"s from
+        # WhatsApp and set the unread status on initial backfill?
+        # This will only work on clients that support the m.marked_unread or
+        # com.famedly.marked_unread room account data.
+        sync_manual_marked_unread: true
+        # When double puppeting is enabled, users can use `!wa toggle` to change whether
+        # presence is bridged. This setting sets the default value.
+        # Existing users won't be affected when these are changed.
+        default_bridge_presence: true
+        # Send the presence as "available" to whatsapp when users start typing on a portal.
+        # This works as a workaround for homeservers that do not support presence, and allows
+        # users to see when the whatsapp user on the other side is typing during a conversation.
+        send_presence_on_typing: false
+        # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
+        # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
+        #
+        # By default, the bridge acts like WhatsApp web, which only sends active delivery
+        # receipts when it's in the foreground.
+        force_active_delivery_receipts: false
+        # Servers to always allow double puppeting from
+        double_puppet_server_map:
+            example.com: https://example.com
+        # Allow using double puppeting from any server with a valid client .well-known file.
+        double_puppet_allow_discovery: false
+        # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+        #
+        # If set, double puppeting will be enabled automatically for local users
+        # instead of users having to find an access token and run `login-matrix`
+        # manually.
+        login_shared_secret_map:
+            example.com: foobar
+        # Whether to explicitly set the avatar and room name for private chat portal rooms.
+        # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+        # If set to `always`, all DM rooms will have explicit names and avatars set.
+        # If set to `never`, DM rooms will never have names and avatars set.
+        private_chat_portal_meta: default
+        # Should group members be synced in parallel? This makes member sync faster
+        parallel_member_sync: false
+        # Should Matrix m.notice-type messages be bridged?
+        bridge_notices: true
+        # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+        # This field will automatically be changed back to false after it, except if the config file is not writable.
+        resend_bridge_info: false
+        # When using double puppeting, should muted chats be muted in Matrix?
+        mute_bridging: false
+        # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
+        # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
+        # This can be set to a tag (e.g. m.lowpriority), or null to disable.
+        archive_tag: null
+        # Same as above, but for pinned chats. The favorite tag is called m.favourite
+        pinned_tag: null
+        # Should mute status and tags only be bridged when the portal room is created?
+        tag_only_on_create: true
+        # Should WhatsApp status messages be bridged into a Matrix room?
+        # Disabling this won't affect already created status broadcast rooms.
+        enable_status_broadcast: true
+        # Should sending WhatsApp status messages be allowed?
+        # This can cause issues if the user has lots of contacts, so it's disabled by default.
+        disable_status_broadcast_send: true
+        # Should the status broadcast room be muted and moved into low priority by default?
+        # This is only applied when creating the room, the user can unmute it later.
+        mute_status_broadcast: true
+        # Tag to apply to the status broadcast room.
+        status_broadcast_tag: m.lowpriority
+        # Should the bridge use thumbnails from WhatsApp?
+        # They're disabled by default due to very low resolution.
+        whatsapp_thumbnail: false
+        # Allow invite permission for user. User can invite any bots to room with whatsapp
+        # users (private chat and groups)
+        allow_user_invite: false
+        # Whether or not created rooms should have federation enabled.
+        # If false, created portal rooms will never be federated.
+        federate_rooms: true
+        # Should the bridge never send alerts to the bridge management room?
+        # These are mostly things like the user being logged out.
+        disable_bridge_alerts: false
+        # Should the bridge stop if the WhatsApp server says another user connected with the same session?
+        # This is only safe on single-user bridges.
+        crash_on_stream_replaced: false
+        # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
+        # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
+        # key in the event content even if this is disabled.
+        url_previews: false
+        # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+        # This is currently not supported in most clients.
+        caption_in_message: false
+        # Send galleries as a single event? This is not an MSC (yet).
+        beeper_galleries: false
+        # Should polls be sent using MSC3381 event types?
+        extev_polls: false
+        # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
+        cross_room_replies: false
+        # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
+        # but they're being phased out and will be completely removed in the future.
+        disable_reply_fallbacks: false
+        # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
+        # Null means there's no enforced timeout.
+        message_handling_timeout:
+            # Send an error message after this timeout, but keep waiting for the response until the deadline.
+            # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
+            # If the message is older than this when it reaches the bridge, the message won't be handled at all.
+            error_after: null
+            # Drop messages after this timeout. They may still go through if the message got sent to the servers.
+            # This is counted from the time the bridge starts handling the message.
+            deadline: 120s
+
+        # The prefix for commands. Only required in non-management rooms.
+        command_prefix: "!wa"
+
+        # Messages sent upon joining a management room.
+        # Markdown is supported. The defaults are listed below.
+        management_room_text:
+            # Sent when joining a room.
+            welcome: "Hello, I'm a WhatsApp bridge bot."
+            # Sent when joining a management room and the user is already logged in.
+            welcome_connected: "Use `help` for help."
+            # Sent when joining a management room and the user is not logged in.
+            welcome_unconnected: "Use `help` for help or `login` to log in."
+            # Optional extra text sent when joining a management room.
+            additional_help: ""
+
+        # End-to-bridge encryption support options.
+        #
+        # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+        encryption:
+            # Allow encryption, work in group chat rooms with e2ee enabled
+            allow: false
+            # Default to encryption, force-enable encryption in all portals the bridge creates
+            # This will cause the bridge bot to be in private chats for the encryption to work properly.
+            default: false
+            # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+            appservice: false
+            # Require encryption, drop any unencrypted messages.
+            require: false
+            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+            # You must use a client that supports requesting keys from other users to use this feature.
+            allow_key_sharing: false
+            # Should users mentions be in the event wire content to enable the server to send push notifications?
+            plaintext_mentions: false
+            # Options for deleting megolm sessions from the bridge.
+            delete_keys:
+                # Beeper-specific: delete outbound sessions when hungryserv confirms
+                # that the user has uploaded the key to key backup.
+                delete_outbound_on_ack: false
+                # Don't store outbound sessions in the inbound table.
+                dont_store_outbound: false
+                # Ratchet megolm sessions forward after decrypting messages.
+                ratchet_on_decrypt: false
+                # Delete fully used keys (index >= max_messages) after decrypting messages.
+                delete_fully_used_on_decrypt: false
+                # Delete previous megolm sessions from same device when receiving a new one.
+                delete_prev_on_new_session: false
+                # Delete megolm sessions received from a device when the device is deleted.
+                delete_on_device_delete: false
+                # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
+                periodically_delete_expired: false
+                # Delete inbound megolm sessions that don't have the received_at field used for
+                # automatic ratcheting and expired session deletion. This is meant as a migration
+                # to delete old keys prior to the bridge update.
+                delete_outdated_inbound: false
+            # What level of device verification should be required from users?
+            #
+            # Valid levels:
+            #   unverified - Send keys to all device in the room.
+            #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+            #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+            #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+            #                           Note that creating user signatures from the bridge bot is not currently possible.
+            #   verified - Require manual per-device verification
+            #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+            verification_levels:
+                # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+                receive: unverified
+                # Minimum level that the bridge should accept for incoming Matrix messages.
+                send: unverified
+                # Minimum level that the bridge should require for accepting key requests.
+                share: cross-signed-tofu
+            # Options for Megolm room key rotation. These options allow you to
+            # configure the m.room.encryption event content. See:
+            # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+            # more information about that event.
+            rotation:
+                # Enable custom Megolm room key rotation settings. Note that these
+                # settings will only apply to rooms created after this option is
+                # set.
+                enable_custom: false
+                # The maximum number of milliseconds a session should be used
+                # before changing it. The Matrix spec recommends 604800000 (a week)
+                # as the default.
+                milliseconds: 604800000
+                # The maximum number of messages that should be sent with a given a
+                # session before changing it. The Matrix spec recommends 100 as the
+                # default.
+                messages: 100
+
+                # Disable rotating keys when a user's devices change?
+                # You should not enable this option unless you understand all the implications.
+                disable_device_change_key_rotation: false
+
+        # Settings for provisioning API
+        provisioning:
+            # Prefix for the provisioning API paths.
+            prefix: /_matrix/provision
+            # Shared secret for authentication. If set to "generate", a random secret will be generated,
+            # or if set to "disable", the provisioning API will be disabled.
+            shared_secret: generate
+            # Enable debug API at /debug with provisioning authentication.
+            debug_endpoints: false
+
+        # Permissions for using the bridge.
+        # Permitted values:
+        #    relay - Talk through the relaybot (if enabled), no access otherwise
+        #     user - Access to use the bridge to chat with a WhatsApp account.
+        #    admin - User level and some additional administration tools
+        # Permitted keys:
+        #        * - All Matrix users
+        #   domain - All users on that homeserver
+        #     mxid - Specific user
+        permissions:
+            "*": relay
+            "example.com": user
+            "@admin:example.com": admin
+
+        # Settings for relay mode
+        relay:
+            # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
+            # authenticated user into a relaybot for that chat.
+            enabled: false
+            # Should only admins be allowed to set themselves as relay users?
+            admin_only: true
+            # The formats to use when sending messages to WhatsApp via the relaybot.
+            message_formats:
+                m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
+                m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
+                m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
+                m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
+                m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
+                m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
+                m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
+                m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
+
+    # Logging config. See https://github.com/tulir/zeroconfig for details.
+    logging:
+        min_level: debug
+        writers:
+        - type: stdout
+          format: pretty-colored
+        - type: file
+          format: json
+          filename: ./logs/mautrix-whatsapp.log
+          max_size: 100
+          max_backups: 10
+          compress: true
+
+  # registration.yml contents
+  existingRegistrationSecret: ""
+  registration:
+    rate_limited: false
+    sender_localpart: whatsappbridgebot

charts/outline/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.0.9
+version: 0.4.0
 description: Chart for Outline wiki
 keywords:
   - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
   - name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 18.19.4
+    version: 19.1.0
 appVersion: v0.75.2

charts/outline/templates/deployment.yaml

@@ -51,16 +51,16 @@ spec:
                 secretKeyRef:
                   name: "{{ .Values.outline.utilsSecret.existingSecretName }}"
                   key: "{{ .Values.outline.secretKey.existingSecretKey }}"
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.passwordSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.passwordSecret.existingSecretKey }}"
             - name: POSTGRES_USERNAME
               valueFrom:
                 secretKeyRef:
                   name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
                   key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"                  
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.passwordSecret.existingSecretName }}"
+                  key: "{{ .Values.outline.database.passwordSecret.existingSecretKey }}"
             - name: POSTGRES_DATABASE_NAME
               valueFrom:
                 secretKeyRef:
@@ -71,10 +71,15 @@ spec:
                 secretKeyRef:
                   name: "{{ .Values.outline.database.databaseHost.existingSecretName }}"
                   key: "{{ .Values.outline.database.databaseHost.existingSecretKey }}"
+            - name: POSTGRES_DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.databasePort.existingSecretName }}"
+                  key: "{{ .Values.outline.database.databasePort.existingSecretKey }}"                  
             - name: DATABASE_URL
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)"
+              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)"
             - name: DATABASE_URL_TEST
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)-test"
+              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test"
             - name: DATABASE_CONNECTION_POOL_MIN
               value: "{{ .Values.outline.database.connectionPoolMin }}"
             - name: DATABASE_CONNECTION_POOL_MAX
@@ -119,14 +124,18 @@ spec:
                   name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                   key: BUCKET_PORT
             - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)|"
+              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
+            - name: AWS_S3_ACCELERATE_URL
+              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"         
           {{- else }}
             - name: AWS_REGION
               value: "{{ .Values.persistence.s3.region }}"
             - name: AWS_S3_UPLOAD_BUCKET_NAME
               value: "{{ .Values.persistence.s3.bucketName }}"
             - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.endpoint }}"
+              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
+            - name: AWS_S3_ACCELERATE_URL
+              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"              
           {{- end }}
             - name: AWS_S3_FORCE_PATH_STYLE
               value: "{{ .Values.persistence.s3.forcePathStyle }}"

charts/outline/values.yaml

@@ -29,7 +29,8 @@ persistence:
       name:
     region:
     bucketName:
-    endpoint:
+    host:
+    urlProtocol: http
     uploadMaxSize: "26214400"
     forcePathStyle: false
     acl: private
@@ -38,10 +39,6 @@ persistence:
     storageSize: 50Gi
     localRootDir: /var/lib/outline/data
     uploadMaxSize: 26214400
-redis:
-  architecture: standalone
-  auth:
-    enabled: false
 outline:
   nodeEnv: production
   url:
@@ -64,6 +61,9 @@ outline:
     databaseHost:
       existingSecretName:
       existingSecretKey:
+    databasePort:
+      existingSecretName:
+      existingSecretKey:      
     connectionPoolMin: ""
     connectionPoolMax: "20"
     sslMode: disable
@@ -94,3 +94,7 @@ outline:
       usernameClaim:
       displayName:
       scopes: openid profile email
+redis:
+  architecture: standalone
+  auth:
+    enabled: false

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.3
+version: 2.1.0
 description: Chart for cloudnative-pg cluster
 keywords:
   - database
@@ -10,4 +10,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.1
+appVersion: v1.22.2

charts/postgres-cluster/templates/_backup.tpl

@@ -0,0 +1,30 @@
+{{- define "cluster.backup" -}}
+{{- if .Values.backup.enabled }}
+backup:
+  retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  barmanObjectStore:
+    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.name" . }}"
+    endpointURL: {{ .Values.backup.endpointURL }}
+    {{- if .Values.backup.endpointCA }}
+    endpointCA:
+      name: {{ .Values.backup.endpointCA }}
+      key: ca-bundle.crt
+    {{- end }}
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_SECRET_KEY
+    wal:
+      compression: {{ .Values.backup.wal.compression }}
+      encryption: {{ .Values.backup.wal.encryption }}
+      maxParallel: {{ .Values.backup.wal.maxParallel }}
+    data:
+      compression: {{ .Values.backup.data.compression }}
+      encryption: {{ .Values.backup.data.encryption }}
+      jobs: {{ .Values.backup.data.jobs }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -0,0 +1,92 @@
+{{- define "cluster.bootstrap" -}}
+bootstrap:
+{{- if eq .Values.mode "standalone" }}
+  initdb:
+    {{- with .Values.cluster.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
+    postInitApplicationSQL:
+      {{- if eq .Values.type "postgis" }}
+      - CREATE EXTENSION IF NOT EXISTS postgis;
+      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
+      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+      {{- else if eq .Values.type "timescaledb" }}
+      - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- end }}
+      {{- with .Values.cluster.initdb }}
+      {{- range .postInitApplicationSQL }}
+      {{- printf "- %s" . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+{{- else if eq .Values.mode "replica" }}
+  initdb:
+    import:
+      type: {{ .Values.replica.importType }}
+      databases:
+        {{- if and (len .Values.replica.importDatabases gt 1) (.Values.replica.importType eq "microservice") }}
+          {{ fail "Too many databases in import type of microservice!" }}
+        {{- else}}
+        {{- with .Values.replica.importDatabases }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+        {{- end }}        
+      {{- if .Values.replica.importType eq "monolith" }}
+      roles:
+        {{- with .Values.replica.importRoles }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
+      postImportApplicationSQL:
+        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}      
+      {{- end }}
+      source:
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
+externalClusters:
+  - name: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.replica.externalCluster }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}    
+{{- else if eq .Values.mode "recovery" }}
+  recovery:
+    {{- with .Values.recovery.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+externalClusters:
+  - name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+    barmanObjectStore:
+      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Values.recovery.recoveryName }}"
+      endpointURL: {{ .Values.recovery.endpointURL }}
+      {{- with .Values.recovery.endpointCA }}
+      endpointCA:
+        name: {{ . }}
+        key: ca-bundle.crt
+      {{- end }}
+      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+      s3Credentials:
+        accessKeyId:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_SECRET_KEY
+      wal:
+        compression: {{ .Values.recovery.wal.compression }}
+        encryption: {{ .Values.recovery.wal.encryption }}
+        maxParallel: {{ .Values.recovery.wal.maxParallel }}
+      data:
+        compression: {{ .Values.recovery.data.compression }}
+        encryption: {{ .Values.recovery.data.encryption }}
+        jobs: {{ .Values.recovery.data.jobs }}
+{{- else }}
+  {{ fail "Invalid cluster mode!" }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{ $version := split "." .Values.cluster.image.tag }}
+    {{- printf "postgresql-%s-%s" $version._0 .Release.Name | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Generate name for object store credentials
+*/}}
+{{- define "cluster.recoveryCredentials" -}}
+  {{- if .Values.recovery.endpointCredentials -}}
+    {{- .Values.recovery.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{- define "cluster.backupCredentials" -}}
+  {{- if .Values.backup.endpointCredentials -}}
+    {{- .Values.backup.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryName" -}}
+  {{- if .Values.recovery.recoveryName -}}
+    {{- .Values.recovery.recoveryName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -0,0 +1,52 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  instances: {{ .Values.cluster.instances }}
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
+  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  postgresUID: {{ .Values.cluster.postgresUID }}
+  postgresGID: {{ .Values.cluster.postgresGID }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  storage:
+    size: {{ .Values.cluster.storage.size }}
+    storageClass: {{ .Values.cluster.storage.storageClass }}
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.cluster.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  priorityClassName: {{ .Values.cluster.priorityClassName }}
+  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
+  logLevel: {{ .Values.cluster.logLevel }}
+  postgresql:
+    shared_preload_libraries:
+      {{- if eq .Values.type "timescaledb" }}
+      - timescaledb
+      {{- end }}
+    {{- with .Values.cluster.postgresql.parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  monitoring:
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}
+  {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -1,81 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: postgresql
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  instances: {{ .Values.cluster.instances }}
-  replicationSlots:
-    highAvailability:
-      enabled: true
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-  postgresql:
-    parameters:
-      {{- toYaml .Values.cluster.parameters | nindent 6 }}
-  resources:
-    {{- toYaml .Values.cluster.resources | nindent 4 }}
-  storage:
-    storageClass: {{ .Values.cluster.storage.data.storageClass }}
-    size: {{ .Values.cluster.storage.data.size }}
-  walStorage:
-    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
-    size: {{ .Values.cluster.storage.wal.size }}
-  monitoring:
-    enablePodMonitor: true
-
-  {{- if .Values.bootstrap.initdbEnabled }}
-  bootstrap:
-    initdb:
-      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
-  {{- end }}
-
-  {{- if .Values.bootstrap.recoveryEnabled }}
-  bootstrap:
-    recovery:
-      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-  externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-      barmanObjectStore:
-        endpointURL: {{ .Values.bootstrap.endpointURL }}
-        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-        s3Credentials:
-          accessKeyId:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_KEY_ID
-          secretAccessKey:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_SECRET_KEY
-        data:
-          compression: {{ .Values.cluster.compression }}
-        wal:
-          compression: {{ .Values.cluster.compression }}
-  {{- end }}
-
-  {{- if .Values.backup.backupEnabled }}
-  backup:
-    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
-    barmanObjectStore:
-      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-      endpointURL: {{ .Values.backup.endpointURL }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
-      s3Credentials:
-        accessKeyId:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_SECRET_KEY
-      data:
-        compression: {{ .Values.cluster.compression }}
-      wal:
-        compression: {{ .Values.cluster.compression }}
-  {{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "cluster.name" . }}-alert-rules
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
+      rules:
+        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
+        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "Values"      .Values -}}
+        {{- $_ := set $dict "Template"    .Template -}}
+        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
+        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
+        {{- with $tpl }}
+        - {{ $tpl }}
+        {{- end -}}
+        {{- end -}}
+{{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,16 +1,18 @@
+{{ if .Values.backup.enabled }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: postgresql
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
 spec:
+  immediate: true
   schedule: {{ .Values.backup.schedule }}
   backupOwnerReference: self
   cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
+{{ end }}

charts/postgres-cluster/values.yaml

@@ -1,42 +1,192 @@
+# -- Override the name of the cluster
+nameOverride: ""
+
+###
+# -- Type of the CNPG database. Available types:
+# * `postgresql`
+# * `postgis`
+# * `timescaledb`
+type: postgresql
+
+###
+# Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
+# * `replica` - Create database as a replica from another CNPG cluster
+mode: standalone
+
+# Generates bucket name and path for recovery and backup, creates: <endpointBucket>/<clusterName>/postgresql/{{ .Release.Name }}
+kubernetesClusterName: ""
+
 cluster:
-  name: cl01tl
+  instances: 3
+
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.0
-  instances: 2
+    tag: "16.2"
+    pullPolicy: IfNotPresent
+
+  # The UID and GID of the postgres user inside the image
+  postgresUID: 26
+  postgresGID: 26
+
+  walStorage:
+    size: 2Gi
+    storageClass: ""
+  storage:
+    size: 10Gi
+    storageClass: ""
+
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 10m
+    limits:
+      memory: 1Gi
+      cpu: 100m
+      hugepages-2Mi: 256Mi
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: kubernetes.io/hostname
+
+  additionalLabels: {}
+  annotations: {}
+
+  priorityClassName: ""
+
+  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated. It can be switchover (default) or in-place (restart).
+  primaryUpdateMethod: switchover
+
+  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  primaryUpdateStrategy: unsupervised
+
+  logLevel: "info"
+
+  monitoring:
+    enabled: false
+    podMonitor:
+      enabled: true
+    prometheusRule:
+      enabled: true
+      excludeRules: []
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
+  postgresql:
     parameters:
       shared_buffers: 128MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
-  compression: snappy
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 100m
-    limits:
-      memory: 2Gi
-      cpu: 1500m
-      hugepages-2Mi: 512Mi
-  storage:
-    data:
-      storageClass: default
-      size: 10Gi
-    wal:
-      storageClass: default
-      size: 2Gi
-bootstrap:
-  recoveryEnabled: false
+
+  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+  initdb: {}
+    # database: app
+    # owner: app
+    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # postInitApplicationSQL:
+    #   - CREATE TABLE IF NOT EXISTS example;
+
+recovery:
+  # Point in time recovery target in RFC3339 format
+  pitrTarget:
+    time: ""
+
+  # Overrides the provider specific default endpoint. Defaults to:
+  # S3: https://s3.<region>.amazonaws.com"
+  endpointURL: ""
+  endpointBucket: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
   recoveryIndex: 1
-  endpointURL:
-  bucket:
-  initdbEnabled: false
-  initdb:
-    database: app
-    owner: app
+
+  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+  recoveryName: ""
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+replica:
+  # See https://cloudnative-pg.io/documentation/current/database_import/
+  # * `microservice` - Single database import as expected from cnpg clusters
+  # * `monolith` - Import multiple databases and roles
+  importType: microservice
+
+  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  importDatabases:
+    - app
+  
+  # If type microservice no roles are imported and ignored
+  importRoles: []
+
+  # If import type is monolith postImportApplicationSQL is not supported and ignored
+  postImportApplicationSQL: []
+
+  # External cluster connection, password specifies a secret name and the key containing the password value
+  externalCluster:
+    connectionParameters:
+      host: postgresql
+      user: app
+      dbname: app
+    password:
+      name: postgresql
+      key: password
+
 backup:
-  backupEnabled: true
-  schedule: "0 0 0 * * *"
-  retentionPolicy: 14d
+  enabled: false
+
+  # Overrides the provider specific default endpoint
+  endpointURL: ""
+  endpointBucket: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
-  endpointURL:
-  bucket:
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+  # Retention policy for backups
+  retentionPolicy: "30d"
+
+  # Scheduled backup in cron format
+  schedule: "0 0 0 * * *"

charts/tubearchivist-to-jellyfin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist-to-jellyfin
-version: 0.0.3
+version: 0.0.4
 description: Import library from tubearchivist to jellyfin
 keywords:
   - tubearchivist

charts/tubearchivist-to-jellyfin/templates/job.yaml

@@ -24,10 +24,23 @@ spec:
               imagePullPolicy: {{ .Values.image.pullPolicy }}
               command: ["python"]
               args: ["main.py"]
-              {{- with .Values.envFrom }}
-              envFrom:
-                {{- toYaml . | nindent 16 }}
-              {{- end }}
+              env:
+                - name: TA_URL
+                  value: "{{ .Values.config.tubearchivistUrl }}"
+                - name: TA_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: "{{ .Values.secrets.tubearchivistToken.existingSecretName }}"
+                      key: "{{ .Values.secrets.tubearchivistToken.existingSecretKey }}"
+                - name: JF_URL
+                  value: "{{ .Values.config.jellyfinUrl }}"
+                - name: JF_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: "{{ .Values.secrets.jellyfinToken.existingSecretName }}"
+                      key: "{{ .Values.secrets.jellyfinToken.existingSecretKey }}"
+                - name: LISTEN_PORT
+                  value: "8001"
               volumeMounts:
                 - name: tubearchivist-youtube
                   mountPath: /youtube

charts/tubearchivist-to-jellyfin/values.yaml

@@ -4,7 +4,16 @@ image:
   repository: bbilly1/tubearchivist-jf
   tag: v0.1.2
   pullPolicy: IfNotPresent
-envFrom: 
 persistence:
   youtube:
-    claimName:
+    claimName: ""
+config:
+  tubearchivistUrl: ""
+  jellyfinUrl: ""
+secrets:
+  tubearchivistToken:
+    existingSecretName: ""
+    existingSecretKey: token
+  jellyfinToken:
+    existingSecretName: ""
+    existingSecretKey: token

charts/tubearchivist/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist
-version: 0.0.7
+version: 0.2.0
 description: Chart for Tube Archivist
 keywords:
   - download
@@ -14,9 +14,9 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
 dependencies:
   - name: redis
-    version: 18.19.4
+    version: 19.1.0
     repository: https://charts.bitnami.com/bitnami
   - name: elasticsearch
-    version: 19.21.2
+    version: 20.0.4
     repository: https://charts.bitnami.com/bitnami
-appVersion: v0.4.6
+appVersion: v0.4.7

charts/tubearchivist/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: bbilly1/tubearchivist
-    tag: v0.4.6
+    tag: v0.4.7
     imagePullPolicy: IfNotPresent
   env:
     TZ: UTC
@@ -35,7 +35,7 @@ persistence:
 redis:
   image:
     repository: redis/redis-stack-server
-    tag: 7.2.0-v9
+    tag: 7.2.0-v10
   architecture: standalone
   auth:
     enabled: false