alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

add matrix-synapse

Browse Source
This commit is contained in:
Alex Lebens
2024-05-26 14:02:25 -05:00
parent 362cb93b41
commit 429c7ab4c3
4 changed files with 408 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
clusters/cl01tl/platform/matrix-synapse/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v2
name: matrix-synapse
version: 1.0.0
sources:
- https://github.com/element-hq/synapse
- https://github.com/matrix-org/matrix-hookshot
- https://github.com/mautrix/discord
- https://github.com/mautrix/whatsapp
- https://gitlab.com/ananace/charts/-/tree/master/charts/matrix-synapse
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
dependencies:
- name: matrix-synapse
version: 3.9.2
repository: https://ananace.gitlab.io/charts
- name: matrix-hookshot
version: 0.1.1
repository: http://alexlebens.github.io/helm-charts
- name: redis
version: 19.1.2
repository: https://charts.bitnami.com/bitnami
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.1.0
repository: http://alexlebens.github.io/helm-charts
- name: app-template
alias: cloudflared-synapse
repository: https://bjw-s.github.io/helm-charts/
version: 3.1.0
- name: app-template
alias: cloudflared-hookshot
repository: https://bjw-s.github.io/helm-charts/
version: 3.1.0
appVersion: v1.104.0

151
clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,151 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: oidc.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: oidc.yaml
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: config.yaml
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-hookshot-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-hookshot-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: config
- secretKey: registration.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: matrix-hookshot-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: passkey.pem
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: passkey
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-redis-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-redis-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/redis
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-synapse-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-synapse
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-hookshot-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-hookshot
metadataPolicy: None
property: token

21
clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: matrix-synapse
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: metrics
interval: 15s
scrapeTimeout: 5s
path: /_synapse/metrics
selector:
matchLabels:
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/instance: {{ .Release.Name }}

203
clusters/cl01tl/platform/matrix-synapse/values.yaml Normal file
View File

@@ -0,0 +1,203 @@
matrix-synapse:
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true
signingkey:
job:
enabled: true
config:
reportStats: false
enableRegistration: true
trustedKeyServers: []
extraConfig:
enable_metrics: true
enable_registration_without_verification: false
password_config:
enabled: false
sso:
client_whitelist:
- https://chat.alexlebens.dev/
update_profile_information: true
synapse:
strategy:
type: Recreate
extraVolumes:
- name: matrix-synapse-config-secret
secret:
secretName: matrix-synapse-config-secret
- name: matrix-hookshot-config-secret
secret:
secretName: matrix-hookshot-config-secret
extraVolumeMounts:
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/oidc.yaml
subPath: oidc.yaml
readOnly: true
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/config.yaml
subPath: config.yaml
readOnly: true
- name: matrix-hookshot-config-secret
mountPath: /synapse/config/conf.d/matrix-hookshot-registration.yaml
subPath: matrix-hookshot-registration.yaml
readOnly: true
resources:
requests:
cpu: 100m
memory: 128Mi
workers:
default:
replicaCount: 0
generic_worker:
enabled: false
pusher:
enabled: false
appservice:
enabled: false
federation_sender:
enabled: false
media_repository:
enabled: false
user_dir:
enabled: false
wellknown:
enabled: true
server:
m.server: matrix.alexlebens.dev:443
client:
m.homeserver:
base_url: https://matrix.alexlebens.dev
postgresql:
enabled: false
externalPostgresql:
host: matrix-synapse-postgresql-16-cluster-rw
port: 5432
username: app
database: app
existingSecret: matrix-synapse-postgresql-16-cluster-app
existingSecretPasswordKey: password
redis:
enabled: false
externalRedis:
host: matrix-synapse-redis-headless
port: 6379
existingSecret: matrix-synapse-redis-secret
existingSecretPasswordKey: password
persistence:
enabled: true
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
volumePermissions:
enabled: true
uid: 666
gid: 666
ingress:
enabled: false
matrix-hookshot:
deployment:
resources:
requests:
cpu: 100m
memory: 128Mi
ingress:
webhook:
enabled: false
appservice:
enabled: false
metrics:
enabled: true
serviceMonitor:
enabled: true
hookshot:
existingSecret: matrix-hookshot-config-secret
existingRegistrationSecret: matrix-hookshot-config-secret
existingPasskeySecret: matrix-hookshot-config-secret
redis:
architecture: standalone
auth:
enabled: true
existingSecret: matrix-synapse-redis-secret
existingSecretPasswordKey: password
master:
persistence:
enabled: false
replica:
persistence:
enabled: false
postgres-16-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: false
backup:
enabled: true
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/matrix-synapse
endpointCredentials: matrix-synapse-postgresql-16-cluster-backup-secret
backupIndex: 1
retentionPolicy: 14d
cloudflared-synapse:
global:
nameOverride: cloudflared-synapse
controllers:
main:
type: deployment
strategy: Recreate
containers:
main:
image:
repository: cloudflare/cloudflared
tag: "2024.5.0"
pullPolicy: IfNotPresent
args:
- tunnel
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
name: matrix-synapse-cloudflared-synapse-secret
key: cf-tunnel-token
resources:
requests:
cpu: 100m
memory: 128Mi
cloudflared-hookshot:
global:
nameOverride: cloudflared-hookshot
controllers:
main:
type: deployment
strategy: Recreate
containers:
main:
image:
repository: cloudflare/cloudflared
tag: "2024.5.0"
pullPolicy: IfNotPresent
args:
- tunnel
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
name: matrix-hookshot-cloudflared-secret
key: cf-tunnel-token
resources:
requests:
cpu: 100m
memory: 128Mi