From fd4ff5493def856df7435ea2a54f87ceb07276e3 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 13 Dec 2025 19:30:11 +0000 Subject: [PATCH] Automated Manifest Update (#2488) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2488 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../ConfigMap-matrix-synapse.yaml | 2 +- ...l-18-cluster-mautrix-discord-database.yaml | 14 +++ .../Deployment-matrix-synapse.yaml | 9 +- ...lSecret-mautrix-discord-config-secret.yaml | 27 ++++++ ...et-mautrix-discord-data-backup-secret.yaml | 54 +++++++++++ ...PersistentVolumeClaim-mautrix-discord.yaml | 19 ++++ ...ce-mautrix-discord-data-backup-source.yaml | 28 ++++++ ...e-mautrix-whatsapp-data-backup-source.yaml | 28 ++++++ .../Service-mautrix-discord.yaml | 22 +++++ .../StatefulSet-mautrix-discord.yaml | 89 +++++++++++++++++++ 10 files changed, 290 insertions(+), 2 deletions(-) create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-discord-database.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-config-secret.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-data-backup-secret.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-discord.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-discord-data-backup-source.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-data-backup-source.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-discord.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-discord.yaml diff --git a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml index 13fd37345..5c7b810c6 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse.yaml @@ -30,4 +30,4 @@ data: root: level: INFO handlers: [console] - homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"alexlebens.dev\"\npublic_baseurl: \"https://matrix.alexlebens.dev\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n main:\n host: matrix-synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n x_forwarded: true\n\n resources:\n - names: \n - client\n - federation\n compress: false\n\n - port: 9090\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: true\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n []\n\n## Workers ##\n\n## Extra config ##\n\napp_service_config_files:\n- /synapse/config/conf.d/hookshot-registration.yaml\n- /synapse/config/conf.d/double-puppet-registration.yaml\n- /synapse/config/conf.d/mautrix-whatsapp-registration.yaml\nenable_metrics: true\nenable_registration_without_verification: true\nexperimental_features:\n msc2409_to_device_messages_enabled: true\n msc3202_device_masquerading: true\n msc3202_transaction_extensions: true\npassword_config:\n enabled: false\nsso:\n client_whitelist:\n - https://chat.alexlebens.dev/\n update_profile_information: true\n" + homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"alexlebens.dev\"\npublic_baseurl: \"https://matrix.alexlebens.dev\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n main:\n host: matrix-synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n x_forwarded: true\n\n resources:\n - names: \n - client\n - federation\n compress: false\n\n - port: 9090\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: true\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n []\n\n## Workers ##\n\n## Extra config ##\n\napp_service_config_files:\n- /synapse/config/conf.d/hookshot-registration.yaml\n- /synapse/config/conf.d/double-puppet-registration.yaml\n- /synapse/config/conf.d/mautrix-whatsapp-registration.yaml\n- /synapse/config/conf.d/mautrix-discord-registration.yaml\nenable_metrics: true\nenable_registration_without_verification: true\nexperimental_features:\n msc2409_to_device_messages_enabled: true\n msc3202_device_masquerading: true\n msc3202_transaction_extensions: true\npassword_config:\n enabled: false\nsso:\n client_whitelist:\n - https://chat.alexlebens.dev/\n update_profile_information: true\n" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-discord-database.yaml b/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-discord-database.yaml new file mode 100644 index 000000000..a7dd2cde5 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Database-matrix-synapse-postgresql-18-cluster-mautrix-discord-database.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: matrix-synapse-postgresql-18-cluster-mautrix-discord-database + namespace: matrix-synapse + labels: + app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-mautrix-discord-database + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/part-of: matrix-synapse +spec: + cluster: + name: matrix-synapse-postgresql-18-cluster + name: mautrix-discord + owner: app diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml index 7e2e9f30b..4458a37b4 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse.yaml @@ -21,7 +21,7 @@ spec: template: metadata: annotations: - checksum/config: dd867cbb882daaa24b433564e5063ecb025704d60f6cfbaad99d07e1a44e5c25 + checksum/config: 99cc47bdaaa9abc66fa53ed857425c9b00984629e702ba1b8fb3619fdd4d7e6d checksum/secrets: 77c25644da166bfcea38f650cda8968f95f472cde7bd328de2f211ded12b73d0 labels: app.kubernetes.io/name: matrix-synapse @@ -124,6 +124,10 @@ spec: name: matrix-hookshot-config-secret readOnly: true subPath: hookshot-registration.yaml + - mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml + name: mautrix-discord-config-secret + readOnly: true + subPath: mautrix-discord-registration.yaml - mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml name: mautrix-whatsapp-config-secret readOnly: true @@ -162,6 +166,9 @@ spec: - name: matrix-hookshot-config-secret secret: secretName: matrix-hookshot-config-secret + - name: mautrix-discord-config-secret + secret: + secretName: mautrix-discord-config-secret - name: mautrix-whatsapp-config-secret secret: secretName: mautrix-whatsapp-config-secret diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-config-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-config-secret.yaml new file mode 100644 index 000000000..7e2e5fbe5 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-config-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: mautrix-discord-config-secret + namespace: matrix-synapse + labels: + app.kubernetes.io/name: matrix-synapse + app.kubernetes.io/instance: matrix-synapse +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/mautrix-discord + metadataPolicy: None + property: config + - secretKey: mautrix-discord-registration.yaml + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/matrix-synapse/mautrix-discord + metadataPolicy: None + property: registration diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-data-backup-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-data-backup-secret.yaml new file mode 100644 index 000000000..405911b7f --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-mautrix-discord-data-backup-secret.yaml @@ -0,0 +1,54 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: mautrix-discord-data-backup-secret + namespace: matrix-synapse + labels: + app.kubernetes.io/name: matrix-synapse + app.kubernetes.io/instance: matrix-synapse +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/matrix-synapse/mautrix-discord-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: S3_BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/volsync/restic/config + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: access_key + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: secret_key diff --git a/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-discord.yaml b/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-discord.yaml new file mode 100644 index 000000000..ee75c99f4 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/PersistentVolumeClaim-mautrix-discord.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mautrix-discord + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-discord + helm.sh/chart: mautrix-discord-4.5.0 + annotations: + helm.sh/resource-policy: keep + namespace: matrix-synapse +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "500Mi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-discord-data-backup-source.yaml b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-discord-data-backup-source.yaml new file mode 100644 index 000000000..764983dee --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-discord-data-backup-source.yaml @@ -0,0 +1,28 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: mautrix-discord-data-backup-source + namespace: matrix-synapse + labels: + app.kubernetes.io/name: mautrix-discord-data-backup-source + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/part-of: matrix-synapse +spec: + sourcePVC: mautrix-discord + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: mautrix-discord-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1337 + runAsGroup: 1337 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-data-backup-source.yaml b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-data-backup-source.yaml new file mode 100644 index 000000000..ba23abf1f --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ReplicationSource-mautrix-whatsapp-data-backup-source.yaml @@ -0,0 +1,28 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: mautrix-whatsapp-data-backup-source + namespace: matrix-synapse + labels: + app.kubernetes.io/name: mautrix-whatsapp-data-backup-source + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/part-of: matrix-synapse +spec: + sourcePVC: mautrix-whatsapp + trigger: + schedule: 0 4 * * * + restic: + pruneIntervalDays: 7 + repository: mautrix-whatsapp-data-backup-secret + retain: + hourly: 1 + daily: 3 + weekly: 2 + monthly: 2 + yearly: 4 + moverSecurityContext: + runAsUser: 1337 + runAsGroup: 1337 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-discord.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-discord.yaml new file mode 100644 index 000000000..3cad332f8 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-mautrix-discord.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: mautrix-discord + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-discord + app.kubernetes.io/service: mautrix-discord + helm.sh/chart: mautrix-discord-4.5.0 + namespace: matrix-synapse +spec: + type: ClusterIP + ports: + - port: 29334 + targetPort: 29334 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: mautrix-discord diff --git a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-discord.yaml b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-discord.yaml new file mode 100644 index 000000000..aafcb3029 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-mautrix-discord.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mautrix-discord + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mautrix-discord + helm.sh/chart: mautrix-discord-4.5.0 + namespace: matrix-synapse +spec: + revisionHistoryLimit: 3 + replicas: 1 + podManagementPolicy: OrderedReady + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: mautrix-discord + app.kubernetes.io/instance: matrix-synapse + serviceName: mautrix-discord + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: mautrix-discord + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + initContainers: + - command: + - /bin/sh + - -ec + - | + echo ">> Coping files ..." + ls /tmp + cp -fv /tmp/config.yaml /data/config.yaml + cp -fv /tmp/mautrix-discord-registration.yaml /data/registration.yaml + echo ">> Files in data:" + ls /data + image: busybox:1.37.0 + imagePullPolicy: IfNotPresent + name: init-copy-config + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /tmp/config.yaml + mountPropagation: None + name: config + readOnly: true + subPath: config.yaml + - mountPath: /data + name: data + - mountPath: /tmp/mautrix-discord-registration.yaml + mountPropagation: None + name: registration + readOnly: true + subPath: mautrix-discord-registration.yaml + containers: + - image: dock.mau.dev/mautrix/discord:v0.7.5 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /data + name: data + volumes: + - name: config + secret: + secretName: mautrix-discord-config-secret + - name: data + persistentVolumeClaim: + claimName: mautrix-discord + - name: registration + secret: + secretName: mautrix-discord-config-secret