From 15996418898226dc53b91ad765ef6ef34cb22d90 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Mon, 14 Oct 2024 12:09:07 +0200 Subject: [PATCH] feat(mycloud-matrix): add bridge support for slack --- base-values/mycloud-matrix-slack.yaml | 18 ++ mycloud-matrix/README.adoc | 161 +++++++++++++++++- mycloud-matrix/templates/bridge/slack.yaml | 133 +++++++++++++++ .../templates/server/doublepuppet.yaml | 2 +- mycloud-matrix/templates/server/synapse.yaml | 28 ++- mycloud-matrix/values.yaml | 10 ++ 6 files changed, 337 insertions(+), 15 deletions(-) create mode 100644 base-values/mycloud-matrix-slack.yaml create mode 100644 mycloud-matrix/templates/bridge/slack.yaml diff --git a/base-values/mycloud-matrix-slack.yaml b/base-values/mycloud-matrix-slack.yaml new file mode 100644 index 0000000..949147b --- /dev/null +++ b/base-values/mycloud-matrix-slack.yaml @@ -0,0 +1,18 @@ +## +# commons are from mycloud-core +## + +components: + mycloud-services: + # patch mycloud-core to get another database + values: + databases: + matrix-bridge-slack: + type: postgresql + + mycloud-matrix: + # patch mycloud-core to get another database + values: + bridge: + slack: + enabled: true diff --git a/mycloud-matrix/README.adoc b/mycloud-matrix/README.adoc index 6db8f40..c8bdca2 100644 --- a/mycloud-matrix/README.adoc +++ b/mycloud-matrix/README.adoc @@ -225,6 +225,46 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `false` | +| bridge.slack.admins +| list +| `[]` +| + +| bridge.slack.enabled +| bool +| `false` +| + +| commons.networkpolicies.enabled +| bool +| `false` +| + +| commons.networkpolicies.from.ingress +| list +| `[]` +| + +| commons.networkpolicies.from.metrics +| list +| `[]` +| + +| commons.networkpolicies.to.dns +| list +| `[]` +| + +| commons.networkpolicies.to.matrix +| list +| `[]` +| + +| commons.networkpolicies.to.smtp +| list +| `[]` +| + | databases.authenticationService.host | string | `"mycloud-services-postgresql"` @@ -265,6 +305,26 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `"matrix-bridge-signal"` | +| databases.bridge.slack.host +| string +| `"mycloud-services-postgresql"` +| default is from mycloud-services + +| databases.bridge.slack.name +| string +| `"matrix-bridge-slack"` +| + +| databases.bridge.slack.password +| string +| `nil` +| generated by .commons.masterPassword (equal to mycloud-services) + +| databases.bridge.slack.username +| string +| `"matrix-bridge-slack"` +| + | databases.server.host | string | `"mycloud-services-postgresql"` @@ -306,8 +366,8 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | | ingress.authenticationService.annotations -| string -| `nil` +| object +| `{}` | | ingress.authenticationService.host @@ -316,8 +376,23 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | default: auth.matrix.(.commons.ingress.domain) | ingress.element.annotations -| string -| `nil` +| object +| `{}` +| + +| ingress.element.config.features.feature_location_share_live +| bool +| `true` +| + +| ingress.element.config.features.feature_new_room_decoration_ui +| bool +| `true` +| + +| ingress.element.config.features.feature_notifications +| bool +| `true` | | ingress.element.enabled @@ -330,9 +405,44 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | default: element.(.commons.ingress.domain) -| ingress.hydrogen.annotations +| ingress.elementCall.annotations +| object +| `{}` +| + +| ingress.elementCall.enabled +| bool +| `false` +| deploy element-call + +| ingress.elementCall.host | string | `nil` +| default: call.(.commons.ingress.domain) + +| ingress.elementCall.livekitJWT.host +| string +| `nil` +| default: call.(.commons.ingress.domain) + +| ingress.elementCall.livekitJWT.livekit.host +| string +| `nil` +| default: .ingress.livekit.host + +| ingress.elementCall.livekitJWT.livekit.key +| string +| `nil` +| default: .livekit.key + +| ingress.elementCall.livekitJWT.livekit.secret +| string +| `nil` +| default: .livekit.secret + +| ingress.hydrogen.annotations +| object +| `{}` | | ingress.hydrogen.enabled @@ -345,9 +455,24 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | default: hydrogen.(.commons.ingress.domain) -| ingress.server.annotations +| ingress.livekit.annotations +| object +| `{}` +| + +| ingress.livekit.enabled +| bool +| `false` +| + +| ingress.livekit.host | string | `nil` +| default: sfu.call.(.commons.ingress.domain) + +| ingress.server.annotations +| object +| `{}` | | ingress.server.host @@ -355,9 +480,14 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | default: matrix.(.commons.ingress.domain) -| ingress.slidingSync.annotations +| ingress.server.wellknown.client."m.tile_server".map_style_url | string -| `nil` +| `"https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"` +| + +| ingress.slidingSync.annotations +| object +| `{}` | | ingress.slidingSync.host @@ -375,6 +505,21 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `0` | +| livekit.enabled +| bool +| `false` +| deploy livekit for usage with element-call + +| livekit.key +| string +| `"dev"` +| key for api (kind of username) + +| livekit.secret +| string +| `nil` +| secret for api a kind of password (default: generated by .commons.masterPassword) + | persistence.size | string | `"16Gi"` diff --git a/mycloud-matrix/templates/bridge/slack.yaml b/mycloud-matrix/templates/bridge/slack.yaml new file mode 100644 index 0000000..31b410f --- /dev/null +++ b/mycloud-matrix/templates/bridge/slack.yaml @@ -0,0 +1,133 @@ +{{- if .Values.bridge.slack.enabled }} +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: "{{ .Release.Name }}-mautrix-slack" +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: "wrenix-helm-charts" + namespace: "flux-system" + chart: "./mautrix-signal" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + valuesFrom: + - kind: Secret + name: "{{ .Release.Name }}-mautrix-slack-mautrix-signal" + valuesKey: as_token + targetPath: config.appservice.as_token + optional: true + - kind: Secret + name: "{{ .Release.Name }}-mautrix-slack-mautrix-signal" + valuesKey: hs_token + targetPath: config.appservice.hs_token + optional: true + - kind: Secret + name: "{{ .Release.Name }}-doublepuppet" + valuesKey: as_token_code + targetPath: config.double_puppet.secrets.{{ include "mycloud-matrix.domain" . | replace "." "\\." }} + values: + image: + repository: "mautrix/slack" + tag: "v0.1.1" + config: + database: + type: postgres + {{- $username := .Values.databases.bridge.slack.username }} + {{- $password := .Values.databases.bridge.slack.password | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix-bridge-slack" "database_password" | b64enc) }} + {{- $host := .Values.databases.bridge.slack.host }} + {{- $database := .Values.databases.bridge.slack.name }} + uri: {{ printf "postgres://%s:%s@%s/%s?sslmode=disable" $username $password $host $database | quote }} + homeserver: + address: https://{{ include "mycloud-matrix.host.server" . }} + domain: {{ include "mycloud-matrix.domain" . }} + appservice: + address: http://{{ .Release.Name }}-mautrix-slack-mautrix-signal:29328 + id: slack + {{` + username_template: "slack_{{.}}" + `}} + bot: + avatar: "mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem" + username: slackbot + displayname: "Slack bridge bot" + bridge: + personal_filtering_spaces: true + command_prefix: "!slack" + relay: + enabled: true + permissions: + "example.com": null + "@admin:example.com": null + {{ include "mycloud-matrix.domain" . | quote}}: user + {{- range $user := .Values.bridge.slack.admins }} + {{ $user | quote }}: admin + {{- end }} + management_room_text: + welcome: "Hello, I’m a Slack bridge bot." + matrix: + sync_direct_chat_list: true + double_puppet: + servers: + example.com: null + {{ include "mycloud-matrix.domain" . }}: https://{{ include "mycloud-matrix.host.server" . }} + secrets: + example.com: null + {{- if not .Values.server.authenticationService.enabled }} + encryption: + allow: true + default: true + require: true + delete_keys: + periodically_delete_expired: true + {{- end }} + signal: null + {{` + slack: + displayname_template: '{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}' + channel_name_template: '{{if and .IsChannel (not .IsPrivate)}}#{{end}}{{.Name}}{{if .IsNoteToSelf}} (you){{end}}' + team_name_template: "{{ .Name }}" + custom_emoji_reactions: true + workspace_avatar_in_rooms: false + participant_sync_count: 5 + participant_sync_only_on_create: true + mute_channels_by_default: false + backfill: + conversation_count: -1 + `}} + + registration: + namespaces: + users: + - regex: {{ printf "^@slackbot:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }} + exclusive: true + - regex: {{ printf "^@slack_.*:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }} + exclusive: true + + persistence: + enabled: true + size: {{ .Values.persistence.size }} + {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }} + storageClass: {{ . }} + {{- end }} + {{- if .Values.commons.persistence.hostPath.enabled }} + hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/bridge/slack" + {{- end }} + + prometheus: + servicemonitor: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + labels: + {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} +{{- end }}{{/* end-if .bridge.slack.enabled */}} diff --git a/mycloud-matrix/templates/server/doublepuppet.yaml b/mycloud-matrix/templates/server/doublepuppet.yaml index 82a8dac..72d76b5 100644 --- a/mycloud-matrix/templates/server/doublepuppet.yaml +++ b/mycloud-matrix/templates/server/doublepuppet.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.bridge.signal.enabled }} +{{- if or .Values.bridge.signal.enabled .Values.bridge.slack.enabled }} --- {{ $secretName := printf "%s-doublepuppet" .Release.Name }} {{- $asToken := "" }} diff --git a/mycloud-matrix/templates/server/synapse.yaml b/mycloud-matrix/templates/server/synapse.yaml index 92c5737..650d6dc 100644 --- a/mycloud-matrix/templates/server/synapse.yaml +++ b/mycloud-matrix/templates/server/synapse.yaml @@ -46,12 +46,15 @@ spec: enable_search: false dynamic_thumbnails: true {{- with .Values.bridge }} - {{- if or .signal.enabled }} + {{- if or .signal.enabled .slack.enabled }} app_service_config_files: - "/etc/appservices/doublepuppet.yaml" {{- if .signal.enabled }} - "/etc/appservices/bridge-signal.yaml" - {{- end }}{{/* end-if .signale.enabled */}} + {{- end }}{{/* end-if .signal.enabled */}} + {{- if .slack.enabled }} + - "/etc/appservices/bridge-slack.yaml" + {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} extraSecrets: @@ -143,7 +146,7 @@ spec: memory: "4Gi" extraVolumeMounts: {{- with .Values.bridge }} - {{- if or .signal.enabled }} + {{- if or .signal.enabled .slack.enabled }} - name: doublepuppet mountPath: "/etc/appservices/doublepuppet.yaml" subPath: "doublepuppet.yaml" @@ -151,12 +154,17 @@ spec: - name: bridge-signal mountPath: "/etc/appservices/bridge-signal.yaml" subPath: "bridge-signal.yaml" - {{- end }}{{/* end-if .signale.enabled */}} + {{- end }}{{/* end-if .signal.enabled */}} + {{- if .slack.enabled }} + - name: bridge-slack + mountPath: "/etc/appservices/bridge-slack.yaml" + subPath: "bridge-slack.yaml" + {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} extraVolumes: {{- with .Values.bridge }} - {{- if or .signal.enabled }} + {{- if or .signal.enabled .slack.enabled }} - name: doublepuppet secret: secretName: "{{ $.Release.Name }}-doublepuppet" @@ -170,7 +178,15 @@ spec: items: - key: "registration.yaml" path: "bridge-signal.yaml" - {{- end }}{{/* end-if .signale.enabled */}} + {{- end }}{{/* end-if .signal.enabled */}} + {{- if .slack.enabled }} + - name: bridge-slack + secret: + secretName: "{{ $.Release.Name }}-mautrix-slack-mautrix-signal" + items: + - key: "registration.yaml" + path: "bridge-slack.yaml" + {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} diff --git a/mycloud-matrix/values.yaml b/mycloud-matrix/values.yaml index bf5f179..662f1af 100644 --- a/mycloud-matrix/values.yaml +++ b/mycloud-matrix/values.yaml @@ -164,6 +164,9 @@ bridge: signal: enabled: false admins: [] + slack: + enabled: false + admins: [] livekit: # -- deploy livekit for usage with element-call @@ -257,6 +260,13 @@ databases: username: matrix-bridge-signal # -- generated by .commons.masterPassword (equal to mycloud-services) password: + slack: + # -- default is from mycloud-services + host: mycloud-services-postgresql + name: matrix-bridge-slack + username: matrix-bridge-slack + # -- generated by .commons.masterPassword (equal to mycloud-services) + password: persistence: storageClass: