wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(mycloud-matrix): init

Browse source
This commit is contained in:
WrenIX 2024-02-12 13:53:50 +01:00
parent cf9dd3a6b4
commit 72c4567e60
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
13 changed files with 785 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
base-values/mycloud-matrix.yaml Normal file
View file

@ -0,0 +1,18 @@
##
# commons are from mycloud-core
##
components:
mycloud-services:
# patch mycloud-core to get another database
values:
databases:
matrix-synapse:
type: postgresql
additionalParams: "LC_COLLATE='C' LC_CTYPE='C' ENCODING=UTF8 TEMPLATE=template0"
mycloud-matrix:
enabled: true
namespace:
# current namespace
name:

1
docs/modules/components/nav.adoc
View file

@ -8,5 +8,6 @@
** xref:mycloud-authentik.adoc[mycloud-authentik] ** xref:mycloud-authentik.adoc[mycloud-authentik]
** xref:mycloud-collabora.adoc[mycloud-collabora] ** xref:mycloud-collabora.adoc[mycloud-collabora]
** xref:mycloud-gotosocial.adoc[mycloud-gotosocial] ** xref:mycloud-gotosocial.adoc[mycloud-gotosocial]
** xref:mycloud-matrix.adoc[mycloud-matrix]
** xref:mycloud-nextcloud.adoc[mycloud-nextcloud] ** xref:mycloud-nextcloud.adoc[mycloud-nextcloud]
** xref:mycloud-services.adoc[mycloud-services] ** xref:mycloud-services.adoc[mycloud-services]

1
docs/modules/components/pages/mycloud-matrix.adoc Symbolic link
View file

@ -0,0 +1 @@
../../../../mycloud-matrix/README.adoc

1
docs/modules/mycloud/pages/partial-list-components.adoc
View file

@ -2,5 +2,6 @@
* xref:components:mycloud-authentik.adoc[mycloud-authentik] * xref:components:mycloud-authentik.adoc[mycloud-authentik]
* xref:components:mycloud-collabora.adoc[mycloud-collabora] * xref:components:mycloud-collabora.adoc[mycloud-collabora]
* xref:components:mycloud-gotosocial.adoc[mycloud-gotosocial] * xref:components:mycloud-gotosocial.adoc[mycloud-gotosocial]
* xref:components:mycloud-matrix.adoc[mycloud-matrix]
* xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] * xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud]
* xref:components:mycloud-services.adoc[mycloud-services] * xref:components:mycloud-services.adoc[mycloud-services]

23
mycloud-matrix/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
mycloud-matrix/Chart.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v2
name: mycloud-matrix
description: myCloud component to setup matrix
type: application
maintainers:
- name: WrenIX
url: https://wrenix.eu
version: 0.1.0

255
mycloud-matrix/README.adoc Normal file
View file

@ -0,0 +1,255 @@
= mycloud-matrix
image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
== Values
.Values
|===
| Key | Type | Default | Description
| commons.auth.host
| string
| `nil`
| default auth.(.Values.commons.ingress.domain)
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`
|
| commons.helm.release.test
| object
| `{}`
|
| commons.helm.release.upgrade
| object
| `{}`
|
| commons.ingress.annotations."cert-manager.io/cluster-issuer"
| string
| `"letsencrypt-prod"`
|
| commons.ingress.domain
| string
| `"wrenix.eu"`
|
| commons.ingress.tls.enabled
| bool
| `true`
| tls on every ingress
| commons.ingress.tls.override
| string
| `nil`
| use own definition of tls (e.g. for own or wildcard certificate)
| commons.mail.from
| string
| `nil`
|
| commons.mail.host
| string
| `nil`
|
| commons.mail.password
| string
| `nil`
|
| commons.mail.use_ssl
| bool
| `false`
|
| commons.mail.use_tls
| bool
| `false`
|
| commons.mail.username
| string
| `nil`
|
| commons.masterPassword
| string
| `"CHANGEME"`
|
| commons.persistence.hostPath.enabled
| bool
| `false`
|
| commons.persistence.hostPath.prefix
| string
| `"/var/lib/mycloud"`
|
| commons.persistence.storageClass
| string
| `nil`
|
| commons.prometheus.monitor.labels
| object
| `{}`
|
| commons.prometheus.rules.labels
| object
| `{}`
|
| commons.theme.favicon
| string
| `"/static/dist/assets/icons/icon.png"`
|
| commons.theme.logo
| string
| `"/static/dist/assets/icons/icon_left_brand.svg"`
|
| commons.theme.title
| string
| `"myCloud"`
|
| databases.server.host
| string
| `"mycloud-services-postgresql"`
| default is from mysql-services
| databases.server.name
| string
| `"matrix-synapse"`
|
| databases.server.password
| string
| `nil`
| generated by .commons.masterPassword (equal to mycloud-services)
| databases.server.username
| string
| `"matrix-synapse"`
|
| ingress.element.annotations
| string
| `nil`
|
| ingress.element.enabled
| bool
| `true`
|
| ingress.element.host
| string
| `nil`
| default: element.(.commons.ingress.domain)
| ingress.hydrogen.annotations
| string
| `nil`
|
| ingress.hydrogen.enabled
| bool
| `false`
|
| ingress.hydrogen.host
| string
| `nil`
| default: hydrogen.(.commons.ingress.domain)
| ingress.server.annotations
| string
| `nil`
|
| ingress.server.host
| string
| `nil`
| default: matrix.(.commons.ingress.domain)
| init.namespace
| string
| `"bases"`
|
| init.version
| int
| `0`
|
| persistence.size
| string
| `"16Gi"`
|
| persistence.storageClass
| string
| `nil`
|
| server.auth.clientID
| string
| `nil`
| generated by .commons.masterPassword
| server.auth.clientSecret
| string
| `nil`
| generated by .commons.masterPassword
| server.host
| string
| `nil`
| default: (commons.ingress.domain)
| server.mail.from
| string
| `nil`
| generade by .commons.mail.from
| server.mail.host
| string
| `nil`
| default .commons.mail.host
| server.software
| string
| `"synapse"`
|
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

57
mycloud-matrix/templates/authentik-application.yaml Normal file
View file

@ -0,0 +1,57 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: {{ .Release.Name }}-auth
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./authentik-application"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $serverHost := .Values.ingress.server.host | default (printf "matrix.%s" .Values.commons.ingress.domain) }}
{{- $clientHost := .Values.server.auth.webClient | default (printf "element.%s" .Values.commons.ingress.domain) }}
blueprint:
authentik:
domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
provider:
type: "oidc"
name: "Matrix"
oidc:
clientType: "confidential"
redirectURL: "https://{{ $serverHost }}/_synapse/client/oidc/callback"
clientID: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }}
clientSecret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }}
signingKey: "authentik Self-signed Certificate"
scopes:
- name: "authentik default OAuth Mapping: OpenID 'openid'"
- name: "authentik default OAuth Mapping: OpenID 'email'"
- name: "authentik default OAuth Mapping: OpenID 'profile'"
groups:
- slug: "mycloud - users"
bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"
application:
policyEngineMode: "any"
openInNewTab: true
publisher: "WrenIX's myCloud"
slug: "mycloud-matrix"
group: "Chat"
name: "Matrix"
launchURL: "https://{{ $clientHost }}/"
icon: "https://{{ $clientHost }}/themes/element/img/logos/element-logo.svg"
description: "Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers."

64
mycloud-matrix/templates/clients/element.yaml Normal file
View file

@ -0,0 +1,64 @@
{{- if .Values.ingress.element.enabled }}
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: "{{ .Release.Name }}-element-web"
spec:
url: https://ananace.gitlab.io/charts
interval: 10m
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: "{{ .Release.Name }}-element-web"
spec:
chart:
spec:
sourceRef:
kind: HelmRepository
name: "{{ .Release.Name }}-element-web"
chart: "element-web"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $serverDomain := .Values.server.host | default .Values.commons.ingress.domain }}
{{- $serverHost := .Values.ingress.server.host | default (printf "matrix.%s" .Values.commons.ingress.domain) }}
{{- $host := .Values.ingress.element.host | default (printf "element.%s" .Values.commons.ingress.domain) }}
image:
repository: docker.io/vectorim/element-web
defaultServer:
url: https://{{ $serverHost }}
name: {{ $serverDomain }}
config:
sso_redirect_options:
on_welcome_page: true
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- {{ $host | quote }}
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-matrix-element-cert"
hosts:
- "{{ $host }}"
{{- end }}
{{- end }}
{{- end }}

54
mycloud-matrix/templates/clients/hydrogen.yaml Normal file
View file

@ -0,0 +1,54 @@
{{- if .Values.ingress.hydrogen.enabled }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: "{{ .Release.Name }}-hydrogen-web"
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./hydrogen-web"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $serverHost := .Values.ingress.server.host | default (printf "matrix.%s" .Values.commons.ingress.domain) }}
{{- $host := .Values.ingress.hydrogen.host | default (printf "hydrogen.%s" .Values.commons.ingress.domain) }}
hydrogen:
defaultHomeServer: {{ $serverHost }}
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- host: {{ $host | quote }}
paths:
- path: /
pathType: ImplementationSpecific
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-matrix-element-cert"
hosts:
- "{{ $host }}"
{{- end }}
{{- end }}
{{- end }}

14
mycloud-matrix/templates/configmap_init_crd.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- if and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor")
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}

187
mycloud-matrix/templates/server/synapse.yaml Normal file
View file

@ -0,0 +1,187 @@
{{- if (eq .Values.server.software "synapse") }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: "{{ .Release.Name }}-synapse"
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./matrix-synapse"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $domain := .Values.server.host | default .Values.commons.ingress.domain }}
{{- $host := .Values.ingress.server.host | default (printf "matrix.%s" .Values.commons.ingress.domain) }}
serverName: {{ $domain }}
publicServerName: {{ $host }}
config:
enableRegistration: false
useStructuredLogging: true
extraConfig:
use_presence: false
enable_search: false
dynamic_thumbnails: true
extraSecrets:
email:
smtp_host: {{ .Values.server.mail.host | default .Values.commons.mail.host | quote }}
smtp_port: 587
{{- if .Values.commons.mail.use_tls }}
require_transport_security: true
{{- end }}
smtp_user: {{ .Values.commons.mail.username | quote }}
smtp_pass: {{ .Values.commons.mail.password | quote }}
app_name: "{{ .Values.commons.theme.title }}-matrix"
# TODO
# notif_from: {{ .Values.server.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "matrix" .Values.commons.mail.from) | quote }}
notif_from: {{ .Values.server.mail.from | default .Values.commons.mail.from | quote }}
oidc_providers:
- idp_id: mycloud
idp_name: {{ .Values.commons.theme.title | quote }}
discover: true
issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-matrix/"
client_id: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }}
client_secret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }}
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
{{`
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name|capitalize }}"
`}}
{{- if .Values.server.scaling }}
workers:
generic_worker:
enabled: true
federation_reader:
enabled: true
synchrotron:
enabled: true
pusher:
enabled: true
appservice:
enabled: true
federation_sender:
enabled: true
media_repository:
enabled: true
user_dir:
enabled: true
frontend_proxy:
enabled: true
csPaths:
- "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"
- "/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status"
{{- end }}
synapse:
livenessProbe:
timeoutSeconds: 2
periodSeconds: 15
readinessProbe:
timeoutSeconds: 2
periodSeconds: 15
startupProbe:
timeoutSeconds: 2
periodSeconds: 15
resources:
requests:
cpu: 1
memory: "256Mi"
limits:
memory: "4Gi"
wellknown:
enabled: true
resources:
requests:
cpu: 0.1
memory: "64Mi"
limits:
memory: "256Mi"
signingkey:
resources:
requests:
cpu: 0.1
memory: "64Mi"
limits:
memory: "256Mi"
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- "{{ .Values.commons.ingress.domain }}"
- "{{ $host }}"
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-metrix-server-cert"
hosts:
- "{{ .Values.commons.ingress.domain }}"
- "{{ $host }}"
{{- end }}
{{- end }}
persistence:
enabled: true
size: {{ .Values.persistence.size }}
{{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
storageClass: {{ . }}
{{- end }}
{{- if .Values.commons.persistence.hostPath.enabled }}
hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/synapse"
{{- end }}
postgresql:
enabled: false
externalPostgresql:
host: {{ .Values.databases.server.host | quote }}
username: {{ .Values.databases.server.username | quote }}
password: {{ .Values.databases.server.password | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix-synapse" "database_password") | quote }}
database: {{ .Values.databases.server.name | quote }}
prometheus:
podmonitor:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
rules:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
labels:
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
grafana:
dashboards:
enabled: true
labels:
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
annotations:
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}
{{- end }}{{/* end-if .software == synapse */}}

101
mycloud-matrix/values.yaml Normal file
View file

@ -0,0 +1,101 @@
init:
version: 0
namespace: "bases"
commons:
masterPassword: "CHANGEME"
auth:
# -- default auth.(.Values.commons.ingress.domain)
host:
theme:
title: myCloud
logo: /static/dist/assets/icons/icon_left_brand.svg
favicon: /static/dist/assets/icons/icon.png
mail:
host:
username:
password:
from:
use_tls: false
use_ssl: false
persistence:
storageClass:
hostPath:
enabled: false
prefix: "/var/lib/mycloud"
helm:
release:
install: {}
test: {}
upgrade: {}
driftDetection: {}
ingress:
domain: "wrenix.eu"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
tls:
# -- tls on every ingress
enabled: true
# -- use own definition of tls (e.g. for own or wildcard certificate)
override:
prometheus:
monitor:
labels: {}
rules:
labels: {}
server:
# -- default: (commons.ingress.domain)
host:
software: "synapse"
scaling: false
auth:
# -- generated by .commons.masterPassword
clientID:
# -- generated by .commons.masterPassword
clientSecret:
# -- default: element.(.commons.ingress.domain)
webClient:
mail:
# -- generade by .commons.mail.from
from:
# -- default .commons.mail.host
host:
ingress:
server:
# -- default: matrix.(.commons.ingress.domain)
host:
annotations:
element:
enabled: true
# -- default: element.(.commons.ingress.domain)
host:
annotations:
hydrogen:
enabled: false
# -- default: hydrogen.(.commons.ingress.domain)
host:
annotations:
databases:
server:
# -- default is from mysql-services
host: mycloud-services-postgresql
name: matrix-synapse
username: matrix-synapse
# -- generated by .commons.masterPassword (equal to mycloud-services)
password:
persistence:
storageClass:
size: 16Gi