From 617f459f83dc1cac45ae8c376f3e5dae7f71bf63 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Fri, 3 Apr 2026 21:03:54 -0500 Subject: [PATCH] feat: refactor matrix --- clusters/cl01tl/helm/directus/values.yaml | 1 - clusters/cl01tl/helm/foldergram/values.yaml | 1 - .../cl01tl/helm/matrix-synapse/Chart.lock | 10 +-- .../cl01tl/helm/matrix-synapse/Chart.yaml | 19 ++--- .../templates/external-secret.yaml | 42 ---------- .../cl01tl/helm/matrix-synapse/values.yaml | 81 ++++++------------- 6 files changed, 37 insertions(+), 117 deletions(-) diff --git a/clusters/cl01tl/helm/directus/values.yaml b/clusters/cl01tl/helm/directus/values.yaml index ef0967145..b4f6d20a4 100644 --- a/clusters/cl01tl/helm/directus/values.yaml +++ b/clusters/cl01tl/helm/directus/values.yaml @@ -9,7 +9,6 @@ directus: image: repository: ghcr.io/directus/directus tag: 11.17.1@sha256:1dd2080a50a9f6df2b6f49df15a7734424bbd1a5902983c4b6e447f22027b80b - pullPolicy: IfNotPresent env: - name: PUBLIC_URL value: https://directus.alexlebens.net diff --git a/clusters/cl01tl/helm/foldergram/values.yaml b/clusters/cl01tl/helm/foldergram/values.yaml index 7d2142c87..abbed407d 100644 --- a/clusters/cl01tl/helm/foldergram/values.yaml +++ b/clusters/cl01tl/helm/foldergram/values.yaml @@ -13,7 +13,6 @@ foldergram: image: repository: ghcr.io/foldergram/foldergram tag: 1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a - pullPolicy: IfNotPresent env: - name: IMAGE_DETAIL_SOURCE value: original diff --git a/clusters/cl01tl/helm/matrix-synapse/Chart.lock b/clusters/cl01tl/helm/matrix-synapse/Chart.lock index e76c91e4e..d8a7dd33b 100644 --- a/clusters/cl01tl/helm/matrix-synapse/Chart.lock +++ b/clusters/cl01tl/helm/matrix-synapse/Chart.lock @@ -19,13 +19,13 @@ dependencies: version: 2.4.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.1 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 + version: 0.5.0 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 + version: 0.5.0 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 @@ -38,5 +38,5 @@ dependencies: - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:8fb2d00605ade15db97e778f47ecc1ffae3705ce3408a17e0a21f7def65de884 -generated: "2026-03-24T16:59:56.540825394Z" +digest: sha256:70a7f9dc242a1102eafa0b8a5c481954793d3450eea907c7fb5fd86cb81b1bea +generated: "2026-04-03T21:00:39.545529-05:00" diff --git a/clusters/cl01tl/helm/matrix-synapse/Chart.yaml b/clusters/cl01tl/helm/matrix-synapse/Chart.yaml index 9eae3afef..e4849dd7d 100644 --- a/clusters/cl01tl/helm/matrix-synapse/Chart.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/Chart.yaml @@ -4,20 +4,15 @@ version: 1.0.0 description: Matrix Synapse keywords: - matrix-synapse - - matrix - chat - - bridge - - matrix-hookshot - - mautrix-discord - - mautrix-whatsapp -home: https://wiki.alexlebens.dev/s/bd7e7f66-136a-41b8-8144-847bacbb3059 +home: https://docs.alexlebens.dev/applications/matrix-synapse/ sources: - https://github.com/element-hq/synapse - https://github.com/matrix-org/matrix-hookshot - https://github.com/mautrix/discord - https://github.com/mautrix/whatsapp - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/rtsp/docker-lighttpd/pkgs/container/docker-lighttpd + - https://hub.docker.com/_/alpine - https://hub.docker.com/r/halfshot/matrix-hookshot - https://mau.dev/mautrix/discord/container_registry - https://mau.dev/mautrix/whatsapp/container_registry @@ -25,6 +20,8 @@ sources: - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -53,15 +50,15 @@ dependencies: repository: oci://harbor.alexlebens.net/helm-charts - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.1 repository: oci://harbor.alexlebens.net/helm-charts - name: valkey alias: valkey-matrix-synapse - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts - name: valkey alias: valkey-hookshot - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-synapse diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml index 9c8cc7500..dea8bfe15 100644 --- a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: oidc.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/config - metadataPolicy: None property: oidc.yaml - secretKey: config.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/config - metadataPolicy: None property: config.yaml --- @@ -44,10 +38,7 @@ spec: data: - secretKey: signing.key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/config - metadataPolicy: None property: signing-key --- @@ -67,31 +58,19 @@ spec: data: - secretKey: config.yml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None property: config - secretKey: registration.yml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None property: registration - secretKey: hookshot-registration.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None property: registration - secretKey: passkey.pem remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/hookshot - metadataPolicy: None property: passkey --- @@ -110,17 +89,11 @@ spec: data: - secretKey: config.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/mautrix-discord - metadataPolicy: None property: config - secretKey: mautrix-discord-registration.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/mautrix-discord - metadataPolicy: None property: registration --- @@ -140,17 +113,11 @@ spec: data: - secretKey: config.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/mautrix-whatsapp - metadataPolicy: None property: config - secretKey: mautrix-whatsapp-registration.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/mautrix-whatsapp - metadataPolicy: None property: registration --- @@ -170,10 +137,7 @@ spec: data: - secretKey: double-puppet-registration.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/double-puppet - metadataPolicy: None property: registration --- @@ -193,15 +157,9 @@ spec: data: - secretKey: default remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/redis - metadataPolicy: None property: password - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/matrix-synapse/redis - metadataPolicy: None property: password diff --git a/clusters/cl01tl/helm/matrix-synapse/values.yaml b/clusters/cl01tl/helm/matrix-synapse/values.yaml index 8657bf2f7..c06a35ef2 100644 --- a/clusters/cl01tl/helm/matrix-synapse/values.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/values.yaml @@ -1,4 +1,7 @@ matrix-synapse: + image: + repository: ghcr.io/element-hq/synapse + tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d serverName: alexlebens.dev publicServerName: matrix.alexlebens.dev argoCD: true @@ -77,7 +80,7 @@ matrix-synapse: resources: requests: cpu: 10m - memory: 128Mi + memory: 130Mi workers: default: replicaCount: 0 @@ -100,6 +103,9 @@ matrix-synapse: client: m.homeserver: base_url: https://matrix.alexlebens.dev + image: + repository: ghcr.io/rtsp/docker-lighttpd + tag: 1.4.76@sha256:b4b58d217a35dbd6cade82927677de404a46fb3d2b1d5fcb42042b6a6f17b2fb postgresql: enabled: false externalPostgresql: @@ -125,6 +131,9 @@ matrix-synapse: enabled: true uid: 666 gid: 666 + image: + repository: alpine + tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 ingress: enabled: false gateway: @@ -138,17 +147,15 @@ matrix-hookshot: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: halfshot/matrix-hookshot - tag: 7.3.2 - pullPolicy: IfNotPresent + tag: 7.3.2@sha256:44283e5131a1a5818bbbf6d9d1e07dccdc29ac5bb6002fcf159af6ac09cf8085 resources: requests: - cpu: 10m - memory: 128Mi + cpu: 5m + memory: 90Mi service: main: controller: main @@ -156,19 +163,15 @@ matrix-hookshot: webhook: port: 9000 targetPort: 9000 - protocol: HTTP metrics: port: 9001 targetPort: 9001 - protocol: HTTP widgets: port: 9002 targetPort: 9002 - protocol: HTTP appservice: port: 9993 targetPort: 9993 - protocol: HTTP serviceMonitor: main: selector: @@ -220,7 +223,6 @@ matrix-hookshot: storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi - retain: true advancedMounts: main: main: @@ -235,13 +237,11 @@ mautrix-discord: type: statefulset replicas: 1 strategy: RollingUpdate - revisionHistoryLimit: 3 # initContainers: # init-copy-config: # image: # repository: busybox # tag: 1.37.0 - # pullPolicy: IfNotPresent # resources: # requests: # cpu: 10m @@ -260,12 +260,11 @@ mautrix-discord: main: image: repository: dock.mau.dev/mautrix/discord - tag: v0.7.6 - pullPolicy: IfNotPresent + tag: v0.7.6@sha256:e4946b0df6a2786c88ed490e0d2692e352f1b79b9ff0e821a33764bd8bd1fffd resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 40Mi service: main: controller: main @@ -273,7 +272,6 @@ mautrix-discord: http: port: 29334 targetPort: 29334 - protocol: HTTP persistence: config: enabled: true @@ -302,7 +300,6 @@ mautrix-discord: storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi - retain: true advancedMounts: main: init-copy-config: @@ -320,13 +317,11 @@ mautrix-whatsapp: type: statefulset replicas: 0 strategy: RollingUpdate - revisionHistoryLimit: 3 # initContainers: # init-copy-config: # image: # repository: busybox # tag: 1.37.0 - # pullPolicy: IfNotPresent # resources: # requests: # cpu: 10m @@ -345,12 +340,11 @@ mautrix-whatsapp: main: image: repository: dock.mau.dev/mautrix/whatsapp - tag: v0.2602.0 - pullPolicy: IfNotPresent + tag: v0.2602.0@sha256:07fca07f8746c09e6d5f486d002e638da014d0a134e053e2ed7af9875053104d resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 40Mi service: main: controller: main @@ -358,7 +352,6 @@ mautrix-whatsapp: http: port: 29318 targetPort: 29318 - protocol: HTTP persistence: config: enabled: true @@ -387,7 +380,6 @@ mautrix-whatsapp: storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi - retain: true advancedMounts: main: init-copy-config: @@ -402,10 +394,6 @@ cloudflared-hookshot: name: hookshot postgres-18-cluster: mode: recovery - cluster: - resources: - requests: - cpu: 200m recovery: method: objectStore objectStore: @@ -417,42 +405,19 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 15 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external databases: - name: mautrix-discord ensure: present owner: app - - name: mautrix-whatsapp - ensure: present - owner: app + # - name: mautrix-whatsapp + # ensure: present + # owner: app valkey-matrix-synapse: valkey: auth: @@ -461,6 +426,8 @@ valkey-matrix-synapse: aclUsers: default: permissions: "~* &* +@all" + # No option to configure metrics when auth is enabled + # https://github.com/valkey-io/valkey-helm/issues/135 metrics: enabled: false valkey-hookshot: