From 624f38e9944f9da9ad2e130edbccd5934e34b548 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 3 Mar 2025 11:31:25 -0600 Subject: [PATCH] add matrix --- .../cl01tl/platform/matrix-synapse/Chart.yaml | 69 +++ .../templates/external-secret.yaml | 449 ++++++++++++++++++ .../templates/replication-source.yaml | 91 ++++ .../templates/service-monitor.yaml | 44 ++ .../platform/matrix-synapse/values.yaml | 347 ++++++++++++++ 5 files changed, 1000 insertions(+) create mode 100644 clusters/cl01tl/platform/matrix-synapse/Chart.yaml create mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml create mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml create mode 100644 clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml create mode 100644 clusters/cl01tl/platform/matrix-synapse/values.yaml diff --git a/clusters/cl01tl/platform/matrix-synapse/Chart.yaml b/clusters/cl01tl/platform/matrix-synapse/Chart.yaml new file mode 100644 index 000000000..f3f99709c --- /dev/null +++ b/clusters/cl01tl/platform/matrix-synapse/Chart.yaml @@ -0,0 +1,69 @@ +apiVersion: v2 +name: matrix-synapse +version: 1.0.0 +description: Matrix Synapse +keywords: + - matrix-synapse + - matrix + - chat + - bridge + - matrix-hookshot + - mautrix-discord + - mautrix-whatsapp +home: https://wiki.alexlebens.dev/doc/matrix-gm0OkID2iy +sources: + - https://github.com/element-hq/synapse + - https://github.com/matrix-org/matrix-hookshot + - https://github.com/mautrix/discord + - https://github.com/mautrix/whatsapp + - https://github.com/valkey-io/valkey + - https://github.com/cloudflare/cloudflared + - https://github.com/cloudnative-pg/cloudnative-pg + - https://hub.docker.com/r/halfshot/matrix-hookshot + - https://mau.dev/mautrix/discord/container_registry + - https://mau.dev/mautrix/whatsapp/container_registry + - https://gitlab.com/ananace/charts/-/tree/master/charts/matrix-synapse + - https://github.com/bitnami/charts/tree/main/bitnami/valkey + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: matrix-synapse + version: 3.11.4 + repository: https://ananace.gitlab.io/charts + - name: app-template + alias: matrix-hookshot + version: 3.7.1 + repository: https://bjw-s.github.io/helm-charts/ + # - name: app-template + # alias: mautrix-discord + # repository: https://bjw-s.github.io/helm-charts/ + # version: 3.6.1 + # - name: app-template + # alias: mautrix-whatsapp + # repository: https://bjw-s.github.io/helm-charts/ + # version: 3.6.1 + - name: valkey + alias: valkey-synapse + version: 2.4.0 + repository: https://charts.bitnami.com/bitnami + - name: valkey + alias: valkey-hookshot + version: 2.4.0 + repository: https://charts.bitnami.com/bitnami + - name: cloudflared + alias: cloudflared-synapse + version: 1.14.0 + repository: http://alexlebens.github.io/helm-charts + - name: cloudflared + alias: cloudflared-hookshot + version: 1.14.0 + repository: http://alexlebens.github.io/helm-charts + - name: postgres-cluster + alias: postgres-17-cluster + version: 4.2.0 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/matrix.png +appVersion: 1.121.1 diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml new file mode 100644 index 000000000..8353564e3 --- /dev/null +++ b/clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml @@ -0,0 +1,449 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-synapse-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: oidc.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/config + metadataPolicy: None + property: oidc.yaml + - secretKey: config.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/config + metadataPolicy: None + property: config.yaml + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-hookshot-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.yml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/hookshot + metadataPolicy: None + property: config + - secretKey: registration.yml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/hookshot + metadataPolicy: None + property: registration + - secretKey: hookshot-registration.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/hookshot + metadataPolicy: None + property: registration + - secretKey: passkey.pem + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/hookshot + metadataPolicy: None + property: passkey + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: mautrix-discord-config-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-discord-config-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: web +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: config.yaml +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/matrix-synapse/mautrix-discord +# metadataPolicy: None +# property: config +# - secretKey: mautrix-discord-registration.yaml +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/matrix-synapse/mautrix-discord +# metadataPolicy: None +# property: registration + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: mautrix-whatsapp-config-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-whatsapp-config-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: web +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: config.yaml +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/matrix-synapse/mautrix-whatsapp +# metadataPolicy: None +# property: config +# - secretKey: mautrix-whatsapp-registration.yaml +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/matrix-synapse/mautrix-whatsapp +# metadataPolicy: None +# property: registration + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: double-puppet-registration-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: double-puppet-registration-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: double-puppet-registration.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/double-puppet + metadataPolicy: None + property: registration + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-synapse-valkey-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-valkey-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/valkey + metadataPolicy: None + property: password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-synapse-cloudflared-synapse-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/matrix-synapse + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-synapse-cloudflared-hookshot-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/matrix-hookshot + metadataPolicy: None + property: token + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: matrix-synapse-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: matrix-synapse-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: mautrix-discord-data-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-discord-data-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: mautrix-whatsapp-data-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-whatsapp-data-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: matrix-synapse-postgresql-17-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml new file mode 100644 index 000000000..b264a6144 --- /dev/null +++ b/clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml @@ -0,0 +1,91 @@ +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: matrix-synapse-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: matrix-synapse-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: matrix-synapse +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: matrix-synapse-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot + +# --- +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: mautrix-discord-data-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-discord-data-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: mautrix-discord-data +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: mautrix-discord-data-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# moverSecurityContext: +# runAsUser: 1337 +# runAsGroup: 1337 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot + +# --- +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: mautrix-whatsapp-data-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: mautrix-whatsapp-data-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: mautrix-whatsapp-data +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: mautrix-whatsapp-data-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# moverSecurityContext: +# runAsUser: 1337 +# runAsGroup: 1337 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml b/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml new file mode 100644 index 000000000..c91d7b9fd --- /dev/null +++ b/clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml @@ -0,0 +1,44 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matrix-synapse + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: matrix-synapse + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - targetPort: 9090 + interval: 3m + scrapeTimeout: 1m + path: /_synapse/metrics + +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matrix-hookshot + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: matrix-hookshot + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - targetPort: 9001 + interval: 3m + scrapeTimeout: 1m + path: /metrics diff --git a/clusters/cl01tl/platform/matrix-synapse/values.yaml b/clusters/cl01tl/platform/matrix-synapse/values.yaml new file mode 100644 index 000000000..9d5b711d7 --- /dev/null +++ b/clusters/cl01tl/platform/matrix-synapse/values.yaml @@ -0,0 +1,347 @@ +matrix-synapse: + serverName: alexlebens.dev + publicServerName: matrix.alexlebens.dev + argoCD: true + signingkey: + job: + enabled: false + config: + reportStats: false + enableRegistration: true + trustedKeyServers: [] + extraConfig: + enable_metrics: true + enable_registration_without_verification: true + password_config: + enabled: false + sso: + client_whitelist: + - https://chat.alexlebens.dev/ + update_profile_information: true + synapse: + strategy: + type: Recreate + extraVolumes: + - name: matrix-synapse-config-secret + secret: + secretName: matrix-synapse-config-secret + - name: matrix-hookshot-config-secret + secret: + secretName: matrix-hookshot-config-secret + # - name: mautrix-discord-config-secret + # secret: + # secretName: mautrix-discord-config-secret + # - name: mautrix-whatsapp-config-secret + # secret: + # secretName: mautrix-whatsapp-config-secret + - name: double-puppet-registration-secret + secret: + secretName: double-puppet-registration-secret + extraVolumeMounts: + - name: matrix-synapse-config-secret + mountPath: /synapse/config/conf.d/oidc.yaml + subPath: oidc.yaml + readOnly: true + - name: matrix-synapse-config-secret + mountPath: /synapse/config/conf.d/config.yaml + subPath: config.yaml + readOnly: true + - name: matrix-hookshot-config-secret + mountPath: /synapse/config/conf.d/hookshot-registration.yaml + subPath: hookshot-registration.yaml + readOnly: true + # - name: mautrix-discord-config-secret + # mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml + # subPath: mautrix-discord-registration.yaml + # readOnly: true + # - name: mautrix-whatsapp-config-secret + # mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml + # subPath: mautrix-whatsapp-registration.yaml + # readOnly: true + - name: double-puppet-registration-secret + mountPath: /synapse/config/conf.d/double-puppet-registration.yaml + subPath: double-puppet-registration.yaml + readOnly: true + resources: + requests: + cpu: 10m + memory: 128Mi + workers: + default: + replicaCount: 0 + generic_worker: + enabled: false + pusher: + enabled: false + appservice: + enabled: false + federation_sender: + enabled: false + media_repository: + enabled: false + user_dir: + enabled: false + wellknown: + enabled: true + server: + m.server: matrix.alexlebens.dev:443 + client: + m.homeserver: + base_url: https://matrix.alexlebens.dev + postgresql: + enabled: false + externalPostgresql: + host: matrix-synapse-postgresql-17-cluster-rw + port: 5432 + username: app + database: app + existingSecret: matrix-synapse-postgresql-17-cluster-app + existingSecretPasswordKey: password + redis: + enabled: false + externalRedis: + host: matrix-synapse-valkey-primary + port: 6379 + existingSecret: matrix-synapse-valkey-secret + existingSecretPasswordKey: password + persistence: + enabled: true + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 10Gi + volumePermissions: + enabled: true + uid: 666 + gid: 666 + ingress: + enabled: false +matrix-hookshot: + global: + fullnameOverride: matrix-hookshot + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: halfshot/matrix-hookshot + tag: 6.0.3 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 128Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + webhook: + port: 9000 + targetPort: 9000 + protocol: HTTP + metrics: + port: 9001 + targetPort: 9001 + protocol: HTTP + appservice: + port: 9002 + targetPort: 9002 + protocol: HTTP + homeserver: + port: 9993 + targetPort: 9993 + protocol: HTTP + persistence: + config: + enabled: true + type: secret + name: matrix-hookshot-config-secret + advancedMounts: + main: + main: + - path: /data/config.yml + readOnly: true + mountPropagation: None + subPath: config.yml + registration: + enabled: true + type: secret + name: matrix-hookshot-config-secret + advancedMounts: + main: + main: + - path: /data/registration.yml + readOnly: true + mountPropagation: None + subPath: registration.yml + passkey: + enabled: true + type: secret + name: matrix-hookshot-config-secret + advancedMounts: + main: + main: + - path: /data/passkey.pem + readOnly: true + mountPropagation: None + subPath: passkey.pem +mautrix-discord: + global: + fullnameOverride: mautrix-discord + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: dock.mau.dev/mautrix/discord + tag: v0.7.2 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 128Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 29334 + targetPort: 29334 + protocol: HTTP + persistence: + data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 500Mi + retain: true + advancedMounts: + main: + main: + - path: /data + readOnly: false + config: + enabled: true + type: secret + name: mautrix-discord-config-secret + advancedMounts: + main: + main: + - path: /data/config.yaml + readOnly: true + mountPropagation: None + subPath: config.yaml +mautrix-whatsapp: + global: + fullnameOverride: mautrix-whatsapp + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: dock.mau.dev/mautrix/whatsapp + tag: v0.11.3 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 64Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 29333 + targetPort: 29333 + protocol: HTTP + persistence: + data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 500Mi + retain: true + advancedMounts: + main: + main: + - path: /data + readOnly: false + config: + enabled: true + type: secret + name: mautrix-whatsapp-config-secret + advancedMounts: + main: + main: + - path: /data/config.yaml + readOnly: true + mountPropagation: None + subPath: config.yaml +valkey-synapse: + fullnameOverride: matrix-synapse-valkey + architecture: standalone + auth: + enabled: true + existingSecret: matrix-synapse-valkey-secret + existingSecretPasswordKey: password + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false +valkey-hookshot: + fullnameOverride: matrix-hookshot-valkey + architecture: standalone + auth: + enabled: false + usePasswordFiles: false + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false +cloudflared-synapse: + name: cloudflared-synapse + existingSecretName: matrix-synapse-cloudflared-synapse-secret +cloudflared-hookshot: + name: cloudflared-hookshot + existingSecretName: matrix-synapse-cloudflared-hookshot-secret +postgres-17-cluster: + mode: recovery + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + resources: + requests: + cpu: 200m + monitoring: + enabled: true + recovery: + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster + endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret + backup: + enabled: true + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster + endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret + backupIndex: 1