matrix-synapse: image: repository: ghcr.io/element-hq/synapse tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d serverName: alexlebens.dev publicServerName: matrix.alexlebens.dev argoCD: true signingkey: job: enabled: false existingSecret: matrix-synapse-signingkey existingSecretKey: signing.key config: reportStats: false enableRegistration: true registrationSharedSecret: default trustedKeyServers: [] extraConfig: enable_metrics: true enable_registration_without_verification: true password_config: enabled: false sso: client_whitelist: - https://chat.alexlebens.dev/ update_profile_information: true experimental_features: msc3202_device_masquerading: true msc3202_transaction_extensions: true msc2409_to_device_messages_enabled: true app_service_config_files: - /synapse/config/conf.d/hookshot-registration.yaml - /synapse/config/conf.d/double-puppet-registration.yaml - /synapse/config/conf.d/mautrix-whatsapp-registration.yaml - /synapse/config/conf.d/mautrix-discord-registration.yaml synapse: strategy: type: Recreate extraVolumes: - name: matrix-synapse-config-secret secret: secretName: matrix-synapse-config-secret - name: matrix-hookshot-config-secret secret: secretName: matrix-hookshot-config-secret - name: mautrix-discord-config-secret secret: secretName: mautrix-discord-config-secret - name: mautrix-whatsapp-config-secret secret: secretName: mautrix-whatsapp-config-secret - name: double-puppet-registration-secret secret: secretName: double-puppet-registration-secret extraVolumeMounts: - name: matrix-synapse-config-secret mountPath: /synapse/config/conf.d/oidc.yaml subPath: oidc.yaml readOnly: true - name: matrix-synapse-config-secret mountPath: /synapse/config/conf.d/config.yaml subPath: config.yaml readOnly: true - name: matrix-hookshot-config-secret mountPath: /synapse/config/conf.d/hookshot-registration.yaml subPath: hookshot-registration.yaml readOnly: true - name: mautrix-discord-config-secret mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml subPath: mautrix-discord-registration.yaml readOnly: true - name: mautrix-whatsapp-config-secret mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml subPath: mautrix-whatsapp-registration.yaml readOnly: true - name: double-puppet-registration-secret mountPath: /synapse/config/conf.d/double-puppet-registration.yaml subPath: double-puppet-registration.yaml readOnly: true resources: requests: cpu: 10m memory: 130Mi workers: default: replicaCount: 0 generic_worker: enabled: false pusher: enabled: false appservice: enabled: false federation_sender: enabled: false media_repository: enabled: false user_dir: enabled: false wellknown: enabled: true server: m.server: matrix.alexlebens.dev:443 client: m.homeserver: base_url: https://matrix.alexlebens.dev image: repository: ghcr.io/rtsp/docker-lighttpd tag: 1.4.76@sha256:b4b58d217a35dbd6cade82927677de404a46fb3d2b1d5fcb42042b6a6f17b2fb postgresql: enabled: false externalPostgresql: host: matrix-synapse-postgresql-18-cluster-rw port: 5432 username: app database: app existingSecret: matrix-synapse-postgresql-18-cluster-app existingSecretPasswordKey: password redis: enabled: false externalRedis: host: matrix-synapse-valkey port: 6379 existingSecret: matrix-synapse-valkey-secret existingSecretPasswordKey: password persistence: enabled: true storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi volumePermissions: enabled: true uid: 666 gid: 666 image: repository: alpine tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 ingress: enabled: false gateway: enabled: false matrix-hookshot: global: nameOverride: matrix-hookshot fullnameOverride: matrix-hookshot controllers: main: type: deployment replicas: 1 strategy: Recreate containers: main: image: repository: halfshot/matrix-hookshot tag: 7.3.2@sha256:44283e5131a1a5818bbbf6d9d1e07dccdc29ac5bb6002fcf159af6ac09cf8085 resources: requests: cpu: 5m memory: 90Mi service: main: controller: main ports: webhook: port: 9000 targetPort: 9000 metrics: port: 9001 targetPort: 9001 widgets: port: 9002 targetPort: 9002 appservice: port: 9993 targetPort: 9993 serviceMonitor: main: selector: matchLabels: app.kubernetes.io/name: matrix-hookshot app.kubernetes.io/instance: matrix-hookshot serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - targetPort: 9001 interval: 3m scrapeTimeout: 1m path: /metrics persistence: config: enabled: true type: secret name: matrix-hookshot-config-secret advancedMounts: main: main: - path: /data/config.yml readOnly: true mountPropagation: None subPath: config.yml registration: enabled: true type: secret name: matrix-hookshot-config-secret advancedMounts: main: main: - path: /data/registration.yml readOnly: true mountPropagation: None subPath: registration.yml passkey: enabled: true type: secret name: matrix-hookshot-config-secret advancedMounts: main: main: - path: /data/passkey.pem readOnly: true mountPropagation: None subPath: passkey.pem data: forceRename: matrix-hookshot storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi advancedMounts: main: main: - path: /data readOnly: false mautrix-discord: global: nameOverride: mautrix-discord fullnameOverride: mautrix-discord controllers: main: type: statefulset replicas: 1 strategy: RollingUpdate # initContainers: # init-copy-config: # image: # repository: busybox # tag: 1.37.0 # resources: # requests: # cpu: 10m # memory: 128Mi # command: # - /bin/sh # - -ec # - | # echo ">> Coping files ..." # ls /tmp # cp -fv /tmp/config.yaml /data/config.yaml # cp -fv /tmp/mautrix-discord-registration.yaml /data/registration.yaml # echo ">> Files in data:" # ls /data containers: main: image: repository: dock.mau.dev/mautrix/discord tag: v0.7.6@sha256:e4946b0df6a2786c88ed490e0d2692e352f1b79b9ff0e821a33764bd8bd1fffd resources: requests: cpu: 1m memory: 40Mi service: main: controller: main ports: http: port: 29334 targetPort: 29334 persistence: config: enabled: true type: secret name: mautrix-discord-config-secret advancedMounts: main: init-copy-config: - path: /tmp/config.yaml readOnly: true mountPropagation: None subPath: config.yaml registration: enabled: true type: secret name: mautrix-discord-config-secret advancedMounts: main: init-copy-config: - path: /tmp/mautrix-discord-registration.yaml readOnly: true mountPropagation: None subPath: mautrix-discord-registration.yaml data: forceRename: mautrix-discord storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi advancedMounts: main: init-copy-config: - path: /data readOnly: false main: - path: /data readOnly: false mautrix-whatsapp: global: nameOverride: mautrix-whatsapp fullnameOverride: mautrix-whatsapp controllers: main: type: statefulset replicas: 1 strategy: RollingUpdate # initContainers: # init-copy-config: # image: # repository: busybox # tag: 1.37.0 # resources: # requests: # cpu: 10m # memory: 128Mi # command: # - /bin/sh # - -ec # - | # echo ">> Coping files ..." # ls /tmp # cp -fv /tmp/config.yaml /data/config.yaml # cp -fv /tmp/mautrix-whatsapp-registration.yaml /data/registration.yaml # echo ">> Files in data:" # ls /data containers: main: image: repository: dock.mau.dev/mautrix/whatsapp tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236 resources: requests: cpu: 1m memory: 40Mi service: main: controller: main ports: http: port: 29318 targetPort: 29318 persistence: config: enabled: true type: secret name: mautrix-whatsapp-config-secret advancedMounts: main: init-copy-config: - path: /tmp/config.yaml readOnly: true mountPropagation: None subPath: config.yaml registration: enabled: true type: secret name: mautrix-whatsapp-config-secret advancedMounts: main: init-copy-config: - path: /tmp/mautrix-whatsapp-registration.yaml readOnly: true mountPropagation: None subPath: mautrix-whatsapp-registration.yaml data: forceRename: mautrix-whatsapp storageClass: ceph-block accessMode: ReadWriteOnce size: 500Mi advancedMounts: main: init-copy-config: - path: /data readOnly: false main: - path: /data readOnly: false cloudflared-synapse: name: synapse cloudflared-hookshot: name: hookshot postgres-18-cluster: mode: recovery recovery: method: objectStore objectStore: index: 1 backup: objectStore: - name: garage-local index: 1 destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 15 * * *" backupName: garage-local databases: - name: mautrix-discord ensure: present owner: app - name: mautrix-whatsapp ensure: present owner: app valkey-matrix-synapse: valkey: auth: enabled: true usersExistingSecret: matrix-synapse-valkey-secret aclUsers: default: permissions: "~* &* +@all" # No option to configure metrics when auth is enabled # https://github.com/valkey-io/valkey-helm/issues/135 metrics: enabled: false valkey-hookshot: valkey: nameOverride: valkey-hookshot volsync-target-synapse: pvcTarget: matrix-synapse local: enabled: true schedule: 36 8 * * * remote: enabled: true schedule: 36 9 * * * external: enabled: true schedule: 36 10 * * * volsync-target-hookshot: pvcTarget: matrix-hookshot local: enabled: true schedule: 38 8 * * * remote: enabled: true schedule: 38 9 * * * external: enabled: true schedule: 38 10 * * * volsync-target-discord: pvcTarget: mautrix-discord moverSecurityContext: runAsUser: 1337 runAsGroup: 1337 local: enabled: true schedule: 40 8 * * * remote: enabled: true schedule: 40 9 * * * external: enabled: true schedule: 40 10 * * * volsync-target-whatsapp: pvcTarget: mautrix-whatsapp moverSecurityContext: runAsUser: 1337 runAsGroup: 1337 local: enabled: true schedule: 42 8 * * * remote: enabled: true schedule: 42 9 * * * external: enabled: true schedule: 42 10 * * *