alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity
Files
10cbe1bfd9a18b70086b774eaf082431ceabd4ad
infrastructure/clusters/cl01tl/helm/matrix-synapse/values.yaml
Renovate Bot 10cbe1bfd9
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.2603.0
2026-04-04 18:05:18 +00:00

486 lines
13 KiB
YAML
Raw Blame History

matrix-synapse:
image:
repository: ghcr.io/element-hq/synapse
tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true
signingkey:
job:
enabled: false
existingSecret: matrix-synapse-signingkey
existingSecretKey: signing.key
config:
reportStats: false
enableRegistration: true
registrationSharedSecret: default
trustedKeyServers: []
extraConfig:
enable_metrics: true
enable_registration_without_verification: true
password_config:
enabled: false
sso:
client_whitelist:
- https://chat.alexlebens.dev/
update_profile_information: true
experimental_features:
msc3202_device_masquerading: true
msc3202_transaction_extensions: true
msc2409_to_device_messages_enabled: true
app_service_config_files:
- /synapse/config/conf.d/hookshot-registration.yaml
- /synapse/config/conf.d/double-puppet-registration.yaml
- /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
- /synapse/config/conf.d/mautrix-discord-registration.yaml
synapse:
strategy:
type: Recreate
extraVolumes:
- name: matrix-synapse-config-secret
secret:
secretName: matrix-synapse-config-secret
- name: matrix-hookshot-config-secret
secret:
secretName: matrix-hookshot-config-secret
- name: mautrix-discord-config-secret
secret:
secretName: mautrix-discord-config-secret
- name: mautrix-whatsapp-config-secret
secret:
secretName: mautrix-whatsapp-config-secret
- name: double-puppet-registration-secret
secret:
secretName: double-puppet-registration-secret
extraVolumeMounts:
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/oidc.yaml
subPath: oidc.yaml
readOnly: true
- name: matrix-synapse-config-secret
mountPath: /synapse/config/conf.d/config.yaml
subPath: config.yaml
readOnly: true
- name: matrix-hookshot-config-secret
mountPath: /synapse/config/conf.d/hookshot-registration.yaml
subPath: hookshot-registration.yaml
readOnly: true
- name: mautrix-discord-config-secret
mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml
subPath: mautrix-discord-registration.yaml
readOnly: true
- name: mautrix-whatsapp-config-secret
mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
subPath: mautrix-whatsapp-registration.yaml
readOnly: true
- name: double-puppet-registration-secret
mountPath: /synapse/config/conf.d/double-puppet-registration.yaml
subPath: double-puppet-registration.yaml
readOnly: true
resources:
requests:
cpu: 10m
memory: 130Mi
workers:
default:
replicaCount: 0
generic_worker:
enabled: false
pusher:
enabled: false
appservice:
enabled: false
federation_sender:
enabled: false
media_repository:
enabled: false
user_dir:
enabled: false
wellknown:
enabled: true
server:
m.server: matrix.alexlebens.dev:443
client:
m.homeserver:
base_url: https://matrix.alexlebens.dev
image:
repository: ghcr.io/rtsp/docker-lighttpd
tag: 1.4.76@sha256:b4b58d217a35dbd6cade82927677de404a46fb3d2b1d5fcb42042b6a6f17b2fb
postgresql:
enabled: false
externalPostgresql:
host: matrix-synapse-postgresql-18-cluster-rw
port: 5432
username: app
database: app
existingSecret: matrix-synapse-postgresql-18-cluster-app
existingSecretPasswordKey: password
redis:
enabled: false
externalRedis:
host: matrix-synapse-valkey
port: 6379
existingSecret: matrix-synapse-valkey-secret
existingSecretPasswordKey: password
persistence:
enabled: true
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
volumePermissions:
enabled: true
uid: 666
gid: 666
image:
repository: alpine
tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
ingress:
enabled: false
gateway:
enabled: false
matrix-hookshot:
global:
nameOverride: matrix-hookshot
fullnameOverride: matrix-hookshot
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: halfshot/matrix-hookshot
tag: 7.3.2@sha256:44283e5131a1a5818bbbf6d9d1e07dccdc29ac5bb6002fcf159af6ac09cf8085
resources:
requests:
cpu: 5m
memory: 90Mi
service:
main:
controller: main
ports:
webhook:
port: 9000
targetPort: 9000
metrics:
port: 9001
targetPort: 9001
widgets:
port: 9002
targetPort: 9002
appservice:
port: 9993
targetPort: 9993
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: matrix-hookshot
app.kubernetes.io/instance: matrix-hookshot
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- targetPort: 9001
interval: 3m
scrapeTimeout: 1m
path: /metrics
persistence:
config:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
registration:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/registration.yml
readOnly: true
mountPropagation: None
subPath: registration.yml
passkey:
enabled: true
type: secret
name: matrix-hookshot-config-secret
advancedMounts:
main:
main:
- path: /data/passkey.pem
readOnly: true
mountPropagation: None
subPath: passkey.pem
data:
forceRename: matrix-hookshot
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
advancedMounts:
main:
main:
- path: /data
readOnly: false
mautrix-discord:
global:
nameOverride: mautrix-discord
fullnameOverride: mautrix-discord
controllers:
main:
type: statefulset
replicas: 1
strategy: RollingUpdate
# initContainers:
# init-copy-config:
# image:
# repository: busybox
# tag: 1.37.0
# resources:
# requests:
# cpu: 10m
# memory: 128Mi
# command:
# - /bin/sh
# - -ec
# - |
# echo ">> Coping files ..."
# ls /tmp
# cp -fv /tmp/config.yaml /data/config.yaml
# cp -fv /tmp/mautrix-discord-registration.yaml /data/registration.yaml
# echo ">> Files in data:"
# ls /data
containers:
main:
image:
repository: dock.mau.dev/mautrix/discord
tag: v0.7.6@sha256:e4946b0df6a2786c88ed490e0d2692e352f1b79b9ff0e821a33764bd8bd1fffd
resources:
requests:
cpu: 1m
memory: 40Mi
service:
main:
controller: main
ports:
http:
port: 29334
targetPort: 29334
persistence:
config:
enabled: true
type: secret
name: mautrix-discord-config-secret
advancedMounts:
main:
init-copy-config:
- path: /tmp/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml
registration:
enabled: true
type: secret
name: mautrix-discord-config-secret
advancedMounts:
main:
init-copy-config:
- path: /tmp/mautrix-discord-registration.yaml
readOnly: true
mountPropagation: None
subPath: mautrix-discord-registration.yaml
data:
forceRename: mautrix-discord
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
advancedMounts:
main:
init-copy-config:
- path: /data
readOnly: false
main:
- path: /data
readOnly: false
mautrix-whatsapp:
global:
nameOverride: mautrix-whatsapp
fullnameOverride: mautrix-whatsapp
controllers:
main:
type: statefulset
replicas: 1
strategy: RollingUpdate
# initContainers:
# init-copy-config:
# image:
# repository: busybox
# tag: 1.37.0
# resources:
# requests:
# cpu: 10m
# memory: 128Mi
# command:
# - /bin/sh
# - -ec
# - |
# echo ">> Coping files ..."
# ls /tmp
# cp -fv /tmp/config.yaml /data/config.yaml
# cp -fv /tmp/mautrix-whatsapp-registration.yaml /data/registration.yaml
# echo ">> Files in data:"
# ls /data
containers:
main:
image:
repository: dock.mau.dev/mautrix/whatsapp
tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
resources:
requests:
cpu: 1m
memory: 40Mi
service:
main:
controller: main
ports:
http:
port: 29318
targetPort: 29318
persistence:
config:
enabled: true
type: secret
name: mautrix-whatsapp-config-secret
advancedMounts:
main:
init-copy-config:
- path: /tmp/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml
registration:
enabled: true
type: secret
name: mautrix-whatsapp-config-secret
advancedMounts:
main:
init-copy-config:
- path: /tmp/mautrix-whatsapp-registration.yaml
readOnly: true
mountPropagation: None
subPath: mautrix-whatsapp-registration.yaml
data:
forceRename: mautrix-whatsapp
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
advancedMounts:
main:
init-copy-config:
- path: /data
readOnly: false
main:
- path: /data
readOnly: false
cloudflared-synapse:
name: synapse
cloudflared-hookshot:
name: hookshot
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 15 * * *"
backupName: garage-local
databases:
- name: mautrix-discord
ensure: present
owner: app
- name: mautrix-whatsapp
ensure: present
owner: app
valkey-matrix-synapse:
valkey:
auth:
enabled: true
usersExistingSecret: matrix-synapse-valkey-secret
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false
valkey-hookshot:
valkey:
nameOverride: valkey-hookshot
volsync-target-synapse:
pvcTarget: matrix-synapse
local:
enabled: true
schedule: 36 8 * * *
remote:
enabled: true
schedule: 36 9 * * *
external:
enabled: true
schedule: 36 10 * * *
volsync-target-hookshot:
pvcTarget: matrix-hookshot
local:
enabled: true
schedule: 38 8 * * *
remote:
enabled: true
schedule: 38 9 * * *
external:
enabled: true
schedule: 38 10 * * *
volsync-target-discord:
pvcTarget: mautrix-discord
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
schedule: 40 8 * * *
remote:
enabled: true
schedule: 40 9 * * *
external:
enabled: true
schedule: 40 10 * * *
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
schedule: 42 8 * * *
remote:
enabled: true
schedule: 42 9 * * *
external:
enabled: true
schedule: 42 10 * * *
Reference in New Issue View Git Blame Copy Permalink