alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

add matrix

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 11:31:25 -06:00
parent 1b89833697
commit 624f38e994
5 changed files with 1000 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
clusters/cl01tl/platform/matrix-synapse/Chart.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v2
name: matrix-synapse
version: 1.0.0
description: Matrix Synapse
keywords:
- matrix-synapse
- matrix
- chat
- bridge
- matrix-hookshot
- mautrix-discord
- mautrix-whatsapp
home: https://wiki.alexlebens.dev/doc/matrix-gm0OkID2iy
sources:
- https://github.com/element-hq/synapse
- https://github.com/matrix-org/matrix-hookshot
- https://github.com/mautrix/discord
- https://github.com/mautrix/whatsapp
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/halfshot/matrix-hookshot
- https://mau.dev/mautrix/discord/container_registry
- https://mau.dev/mautrix/whatsapp/container_registry
- https://gitlab.com/ananace/charts/-/tree/master/charts/matrix-synapse
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: matrix-synapse
version: 3.11.4
repository: https://ananace.gitlab.io/charts
- name: app-template
alias: matrix-hookshot
version: 3.7.1
repository: https://bjw-s.github.io/helm-charts/
# - name: app-template
# alias: mautrix-discord
# repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1
# - name: app-template
# alias: mautrix-whatsapp
# repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1
- name: valkey
alias: valkey-synapse
version: 2.4.0
repository: https://charts.bitnami.com/bitnami
- name: valkey
alias: valkey-hookshot
version: 2.4.0
repository: https://charts.bitnami.com/bitnami
- name: cloudflared
alias: cloudflared-synapse
version: 1.14.0
repository: http://alexlebens.github.io/helm-charts
- name: cloudflared
alias: cloudflared-hookshot
version: 1.14.0
repository: http://alexlebens.github.io/helm-charts
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/matrix.png
appVersion: 1.121.1

449
clusters/cl01tl/platform/matrix-synapse/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,449 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: oidc.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: oidc.yaml
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: config.yaml
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-hookshot-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-hookshot-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: config
- secretKey: registration.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: hookshot-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: passkey.pem
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: passkey
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: mautrix-discord-config-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-discord-config-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: web
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: config.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-discord
# metadataPolicy: None
# property: config
# - secretKey: mautrix-discord-registration.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-discord
# metadataPolicy: None
# property: registration
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: mautrix-whatsapp-config-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-whatsapp-config-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: web
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# data:
# - secretKey: config.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-whatsapp
# metadataPolicy: None
# property: config
# - secretKey: mautrix-whatsapp-registration.yaml
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/matrix-synapse/mautrix-whatsapp
# metadataPolicy: None
# property: registration
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: double-puppet-registration-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: double-puppet-registration-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: double-puppet-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/double-puppet
metadataPolicy: None
property: registration
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-valkey-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-valkey-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/valkey
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-synapse-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-synapse
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-cloudflared-hookshot-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/matrix-hookshot
metadataPolicy: None
property: token
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: matrix-synapse-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: matrix-synapse-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: mautrix-discord-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-discord-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
# ---
# apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret
# metadata:
# name: mautrix-whatsapp-data-backup-secret
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-whatsapp-data-backup-secret
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# secretStoreRef:
# kind: ClusterSecretStore
# name: vault
# target:
# template:
# mergePolicy: Merge
# engineVersion: v2
# data:
# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
# data:
# - secretKey: BUCKET_ENDPOINT
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: S3_BUCKET_ENDPOINT
# - secretKey: RESTIC_PASSWORD
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: RESTIC_PASSWORD
# - secretKey: AWS_DEFAULT_REGION
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /cl01tl/volsync/restic/config
# metadataPolicy: None
# property: AWS_DEFAULT_REGION
# - secretKey: AWS_ACCESS_KEY_ID
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: access_key
# - secretKey: AWS_SECRET_ACCESS_KEY
# remoteRef:
# conversionStrategy: Default
# decodingStrategy: None
# key: /digital-ocean/home-infra/volsync-backups
# metadataPolicy: None
# property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: matrix-synapse-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

91
clusters/cl01tl/platform/matrix-synapse/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,91 @@
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: matrix-synapse-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: matrix-synapse-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: matrix-synapse
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: matrix-synapse-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot
# ---
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: mautrix-discord-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-discord-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: mautrix-discord-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: mautrix-discord-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1337
# runAsGroup: 1337
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot
# ---
# apiVersion: volsync.backube/v1alpha1
# kind: ReplicationSource
# metadata:
# name: mautrix-whatsapp-data-backup-source
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: mautrix-whatsapp-data-backup-source
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: backup
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# sourcePVC: mautrix-whatsapp-data
# trigger:
# schedule: 0 0 */3 * *
# restic:
# pruneIntervalDays: 14
# repository: mautrix-whatsapp-data-backup-secret
# retain:
# hourly: 1
# daily: 1
# weekly: 1
# monthly: 2
# yearly: 4
# moverSecurityContext:
# runAsUser: 1337
# runAsGroup: 1337
# copyMethod: Snapshot
# storageClassName: ceph-block
# volumeSnapshotClassName: ceph-blockpool-snapshot

44
clusters/cl01tl/platform/matrix-synapse/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,44 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: matrix-synapse
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- targetPort: 9090
interval: 3m
scrapeTimeout: 1m
path: /_synapse/metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: matrix-hookshot
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-hookshot
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: matrix-hookshot
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- targetPort: 9001
interval: 3m
scrapeTimeout: 1m
path: /metrics

347
clusters/cl01tl/platform/matrix-synapse/values.yaml Normal file
View File

@@ -0,0 +1,347 @@
matrix-synapse:
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true
signingkey:
job:
enabled: false
config:
reportStats: false
enableRegistration: true
trustedKeyServers: []
extraConfig:
enable_metrics: true
enable_registration_without_verification: true
password_config:
enabled: false
sso:
client_whitelist:
- https://chat.alexlebens.dev/
update_profile_information: true
synapse:
strategy:
type: Recreate
extraVolumes:
- name: matrix-synapse-config-secret
secret:
secretName: matrix-synapse-config-secret
- name: matrix-hookshot-config-secret
secret:
secretName: matrix-hookshot-config-secret
# - name: mautrix-discord-config-secret
# secret:
# secretName: mautrix-discord-config-secret
# - name: mautrix-whatsapp-config-secret
# secret:
# secretName: mautrix-whatsapp-config-secret
- name: double-puppet-registration-secret
secret:
secretName: double-puppet-registration-secret
extraVolumeMounts:
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/oidc.yaml
subPath: oidc.yaml
readOnly: true
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/config.yaml
subPath: config.yaml
readOnly: true
- name: matrix-hookshot-config-secret
mountPath: /synapse/config/conf.d/hookshot-registration.yaml
subPath: hookshot-registration.yaml
readOnly: true
# - name: mautrix-discord-config-secret
# mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml
# subPath: mautrix-discord-registration.yaml
# readOnly: true
# - name: mautrix-whatsapp-config-secret
# mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
# subPath: mautrix-whatsapp-registration.yaml
# readOnly: true
- name: double-puppet-registration-secret
mountPath: /synapse/config/conf.d/double-puppet-registration.yaml
subPath: double-puppet-registration.yaml
readOnly: true
resources:
requests:
cpu: 10m
memory: 128Mi
workers:
default:
replicaCount: 0
generic_worker:
enabled: false
pusher:
enabled: false
appservice:
enabled: false
federation_sender:
enabled: false
media_repository:
enabled: false
user_dir:
enabled: false
wellknown:
enabled: true
server:
m.server: matrix.alexlebens.dev:443
client:
m.homeserver:
base_url: https://matrix.alexlebens.dev
postgresql:
enabled: false
externalPostgresql:
host: matrix-synapse-postgresql-17-cluster-rw
port: 5432
username: app
database: app
existingSecret: matrix-synapse-postgresql-17-cluster-app
existingSecretPasswordKey: password
redis:
enabled: false
externalRedis:
host: matrix-synapse-valkey-primary
port: 6379
existingSecret: matrix-synapse-valkey-secret
existingSecretPasswordKey: password
persistence:
enabled: true
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
volumePermissions:
enabled: true
uid: 666
gid: 666
ingress:
enabled: false
matrix-hookshot:
global:
fullnameOverride: matrix-hookshot
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: halfshot/matrix-hookshot
tag: 6.0.3
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
webhook:
port: 9000
targetPort: 9000
protocol: HTTP
metrics:
port: 9001
targetPort: 9001
protocol: HTTP
appservice:
port: 9002
targetPort: 9002
protocol: HTTP
homeserver:
port: 9993
targetPort: 9993
protocol: HTTP
persistence:
config:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
registration:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/registration.yml
readOnly: true
mountPropagation: None
subPath: registration.yml
passkey:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/passkey.pem
readOnly: true
mountPropagation: None
subPath: passkey.pem
mautrix-discord:
global:
fullnameOverride: mautrix-discord
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: dock.mau.dev/mautrix/discord
tag: v0.7.2
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 29334
targetPort: 29334
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
config:
enabled: true
type: secret
name: mautrix-discord-config-secret
advancedMounts:
main:
main:
- path: /data/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml
mautrix-whatsapp:
global:
fullnameOverride: mautrix-whatsapp
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: dock.mau.dev/mautrix/whatsapp
tag: v0.11.3
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 64Mi
serviceAccount:
create: true
service:
main:
controller: main
ports:
http:
port: 29333
targetPort: 29333
protocol: HTTP
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
config:
enabled: true
type: secret
name: mautrix-whatsapp-config-secret
advancedMounts:
main:
main:
- path: /data/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml
valkey-synapse:
fullnameOverride: matrix-synapse-valkey
architecture: standalone
auth:
enabled: true
existingSecret: matrix-synapse-valkey-secret
existingSecretPasswordKey: password
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
valkey-hookshot:
fullnameOverride: matrix-hookshot-valkey
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
cloudflared-synapse:
name: cloudflared-synapse
existingSecretName: matrix-synapse-cloudflared-synapse-secret
cloudflared-hookshot:
name: cloudflared-hookshot
existingSecretName: matrix-synapse-cloudflared-hookshot-secret
postgres-17-cluster:
mode: recovery
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
resources:
requests:
cpu: 200m
monitoring:
enabled: true
recovery:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret
backupIndex: 1