From d7e37581f5ea9bfa2c98135d07db17800d040c62 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 13 Dec 2025 18:38:08 +0000 Subject: [PATCH] chore: Update manifests after change --- .../ConfigMap-matrix-synapse.yaml | 2 +- ...-18-cluster-mautrix-whatsapp-database.yaml | 14 +++++ .../Deployment-matrix-synapse.yaml | 9 ++- ...Secret-mautrix-whatsapp-config-secret.yaml | 28 +++++++++ ...t-mautrix-whatsapp-data-backup-secret.yaml | 54 +++++++++++++++++ ...ersistentVolumeClaim-mautrix-whatsapp.yaml | 19 ++++++ .../Service-mautrix-whatsapp.yaml | 22 +++++++ .../StatefulSet-mautrix-whatsapp.yaml | 60 +++++++++++++++++++ 8 files changed, 206 insertions(+), 2 deletions(-) create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-config-secret.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-data-backup-secret.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-whatsapp.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-whatsapp.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-whatsapp.yaml diff --git a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml index 44fcdb570..13fd37345 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml @@ -30,4 +30,4 @@ data: root: level: INFO handlers: [console] - homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"alexlebens.dev\"\npublic_baseurl: \"https://matrix.alexlebens.dev\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n main:\n host: matrix-synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n x_forwarded: true\n\n resources:\n - names: \n - client\n - federation\n compress: false\n\n - port: 9090\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: true\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n []\n\n## Workers ##\n\n## Extra config ##\n\napp_service_config_files:\n- /synapse/config/conf.d/hookshot-registration.yaml\n- /synapse/config/conf.d/double-puppet-registration.yaml\nenable_metrics: true\nenable_registration_without_verification: true\nexperimental_features:\n msc2409_to_device_messages_enabled: true\n msc3202_device_masquerading: true\n msc3202_transaction_extensions: true\npassword_config:\n enabled: false\nsso:\n client_whitelist:\n - https://chat.alexlebens.dev/\n update_profile_information: true\n" + homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"alexlebens.dev\"\npublic_baseurl: \"https://matrix.alexlebens.dev\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n main:\n host: matrix-synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n x_forwarded: true\n\n resources:\n - names: \n - client\n - federation\n compress: false\n\n - port: 9090\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: true\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n []\n\n## Workers ##\n\n## Extra config ##\n\napp_service_config_files:\n- /synapse/config/conf.d/hookshot-registration.yaml\n- /synapse/config/conf.d/double-puppet-registration.yaml\n- /synapse/config/conf.d/mautrix-whatsapp-registration.yaml\nenable_metrics: true\nenable_registration_without_verification: true\nexperimental_features:\n msc2409_to_device_messages_enabled: true\n msc3202_device_masquerading: true\n msc3202_transaction_extensions: true\npassword_config:\n enabled: false\nsso:\n client_whitelist:\n - https://chat.alexlebens.dev/\n update_profile_information: true\n" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database.yaml b/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database.yaml new file mode 100644 index 000000000..ef44e60da --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database + namespace: matrix-synapse + labels: + app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/part-of: matrix-synapse +spec: + cluster: + name: matrix-synapse-postgresql-18-cluster + name: mautrix-whatsapp + owner: app diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml index fd5cc4dc4..7e2e9f30b 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml @@ -21,7 +21,7 @@ spec: template: metadata: annotations: - checksum/config: 5cdcaa22281b3795ff0c638e0d23230afa08e6766e14428967437e6dbc79c65a + checksum/config: dd867cbb882daaa24b433564e5063ecb025704d60f6cfbaad99d07e1a44e5c25 checksum/secrets: 77c25644da166bfcea38f650cda8968f95f472cde7bd328de2f211ded12b73d0 labels: app.kubernetes.io/name: matrix-synapse @@ -124,6 +124,10 @@ spec: name: matrix-hookshot-config-secret readOnly: true subPath: hookshot-registration.yaml + - mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml + name: mautrix-whatsapp-config-secret + readOnly: true + subPath: mautrix-whatsapp-registration.yaml - mountPath: /synapse/config/conf.d/double-puppet-registration.yaml name: double-puppet-registration-secret readOnly: true @@ -158,6 +162,9 @@ spec: - name: matrix-hookshot-config-secret secret: secretName: matrix-hookshot-config-secret + - name: mautrix-whatsapp-config-secret + secret: + secretName: mautrix-whatsapp-config-secret - name: double-puppet-registration-secret secret: secretName: double-puppet-registration-secret diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-config-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-config-secret.yaml new file mode 100644 index 000000000..666800a60 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-config-secret.yaml @@ -0,0 +1,28 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: mautrix-whatsapp-config-secret + namespace: matrix-synapse + labels: + app.kubernetes.io/name: mautrix-whatsapp-config-secret + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/part-of: matrix-synapse +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/mautrix-whatsapp + metadataPolicy: None + property: config + - secretKey: mautrix-whatsapp-registration.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/mautrix-whatsapp + metadataPolicy: None + property: registration diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-data-backup-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-data-backup-secret.yaml new file mode 100644 index 000000000..489fa31fa --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-whatsapp-data-backup-secret.yaml @@ -0,0 +1,54 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: mautrix-whatsapp-data-backup-secret + namespace: matrix-synapse + labels: + app.kubernetes.io/name: matrix-synapse + app.kubernetes.io/instance: matrix-synapse +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/matrix-synapse/mautrix-whatsapp-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-whatsapp.yaml b/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-whatsapp.yaml new file mode 100644 index 000000000..90534d801 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-whatsapp.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mautrix-whatsapp + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-whatsapp + helm.sh/chart: mautrix-whatsapp-4.5.0 + annotations: + helm.sh/resource-policy: keep + namespace: matrix-synapse +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "500Mi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-whatsapp.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-whatsapp.yaml new file mode 100644 index 000000000..2dbb64380 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-whatsapp.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: mautrix-whatsapp + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/service: mautrix-whatsapp + helm.sh/chart: mautrix-whatsapp-4.5.0 + namespace: matrix-synapse +spec: + type: ClusterIP + ports: + - port: 29318 + targetPort: 29318 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: mautrix-whatsapp diff --git a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-whatsapp.yaml b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-whatsapp.yaml new file mode 100644 index 000000000..c8fc86e0c --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-whatsapp.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mautrix-whatsapp + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-whatsapp + helm.sh/chart: mautrix-whatsapp-4.5.0 + namespace: matrix-synapse +spec: + revisionHistoryLimit: 3 + replicas: 1 + podManagementPolicy: OrderedReady + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: mautrix-whatsapp + app.kubernetes.io/instance: matrix-synapse + serviceName: mautrix-whatsapp + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: mautrix-whatsapp + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - image: dock.mau.dev/mautrix/whatsapp:v0.2511.0 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + - mountPath: /data/config.yaml + mountPropagation: None + name: config + readOnly: true + subPath: config.yaml + - mountPath: /data + name: data + volumes: + - name: config + secret: + secretName: mautrix-whatsapp-config-secret + - name: data + persistentVolumeClaim: + claimName: mautrix-whatsapp