add matrix-synapse

2024-05-26 14:02:25 -05:00
parent 362cb93b41
commit 429c7ab4c3
4 changed files with 408 additions and 0 deletions
--- a/clusters/cl01tl/platform/matrix-synapse/values.yaml
+++ b/clusters/cl01tl/platform/matrix-synapse/values.yaml
@@ -0,0 +1,203 @@
+matrix-synapse:
+  serverName: alexlebens.dev
+  publicServerName: matrix.alexlebens.dev
+  argoCD: true
+  signingkey:
+    job:
+      enabled: true
+  config:
+    reportStats: false
+    enableRegistration: true
+    trustedKeyServers: []
+  extraConfig:
+    enable_metrics: true
+    enable_registration_without_verification: false
+    password_config:
+      enabled: false
+    sso:
+      client_whitelist:
+        - https://chat.alexlebens.dev/
+      update_profile_information: true
+  synapse:
+    strategy:
+      type: Recreate
+    extraVolumes:
+      - name: matrix-synapse-config-secret
+        secret:
+          secretName: matrix-synapse-config-secret
+      - name: matrix-hookshot-config-secret
+        secret:
+          secretName: matrix-hookshot-config-secret
+    extraVolumeMounts:
+      - name: matrix-synapse-config-secret
+        mountPath: /synapse/config/conf.d/oidc.yaml
+        subPath: oidc.yaml
+        readOnly: true
+      - name: matrix-synapse-config-secret
+        mountPath: /synapse/config/conf.d/config.yaml
+        subPath: config.yaml
+        readOnly: true
+      - name: matrix-hookshot-config-secret
+        mountPath: /synapse/config/conf.d/matrix-hookshot-registration.yaml
+        subPath: matrix-hookshot-registration.yaml
+        readOnly: true
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+  workers:
+    default:
+      replicaCount: 0
+    generic_worker:
+      enabled: false
+    pusher:
+      enabled: false
+    appservice:
+      enabled: false
+    federation_sender:
+      enabled: false
+    media_repository:
+      enabled: false
+    user_dir:
+      enabled: false
+  wellknown:
+    enabled: true
+    server:
+      m.server: matrix.alexlebens.dev:443
+    client:
+      m.homeserver:
+        base_url: https://matrix.alexlebens.dev
+  postgresql:
+    enabled: false
+  externalPostgresql:
+    host: matrix-synapse-postgresql-16-cluster-rw
+    port: 5432
+    username: app
+    database: app
+    existingSecret: matrix-synapse-postgresql-16-cluster-app
+    existingSecretPasswordKey: password
+  redis:
+    enabled: false
+  externalRedis:
+    host: matrix-synapse-redis-headless
+    port: 6379
+    existingSecret: matrix-synapse-redis-secret
+    existingSecretPasswordKey: password
+  persistence:
+    enabled: true
+    storageClass: ceph-block
+    accessMode: ReadWriteOnce
+    size: 10Gi
+  volumePermissions:
+    enabled: true
+    uid: 666
+    gid: 666
+  ingress:
+    enabled: false
+matrix-hookshot:
+  deployment:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+  ingress:
+    webhook:
+      enabled: false
+    appservice:
+      enabled: false
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+  hookshot:
+    existingSecret: matrix-hookshot-config-secret
+    existingRegistrationSecret: matrix-hookshot-config-secret
+    existingPasskeySecret: matrix-hookshot-config-secret
+redis:
+  architecture: standalone
+  auth:
+    enabled: true
+    existingSecret: matrix-synapse-redis-secret
+    existingSecretPasswordKey: password
+  master:
+    persistence:
+      enabled: false
+  replica:
+    persistence:
+      enabled: false
+postgres-16-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+      prometheusRule:
+        enabled: false
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/matrix-synapse
+    endpointCredentials: matrix-synapse-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d
+cloudflared-synapse:
+  global:
+    nameOverride: cloudflared-synapse
+  controllers:
+    main:
+      type: deployment
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: cloudflare/cloudflared
+            tag: "2024.5.0"
+            pullPolicy: IfNotPresent
+          args:
+            - tunnel
+            - --no-autoupdate
+            - run
+            - --token
+            - $(CF_MANAGED_TUNNEL_TOKEN)
+          env:
+            - name: CF_MANAGED_TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-synapse-cloudflared-synapse-secret
+                  key: cf-tunnel-token
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+cloudflared-hookshot:
+  global:
+    nameOverride: cloudflared-hookshot
+  controllers:
+    main:
+      type: deployment
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: cloudflare/cloudflared
+            tag: "2024.5.0"
+            pullPolicy: IfNotPresent
+          args:
+            - tunnel
+            - --no-autoupdate
+            - run
+            - --token
+            - $(CF_MANAGED_TUNNEL_TOKEN)
+          env:
+            - name: CF_MANAGED_TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-hookshot-cloudflared-secret
+                  key: cf-tunnel-token
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi