wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions
flux-charts/mycloud-matrix/templates/server/synapse.yaml

270 lines
9.3 KiB
YAML
Raw Blame History

{{- if (eq .Values.server.software "synapse") }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: "{{ .Release.Name }}-synapse"
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./matrix-synapse"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
{{- if .Values.server.authenticationService.enabled }}
valuesFrom:
{{ $secretName := printf "%s-authentication-service-secrets" .Release.Name }}
- kind: Secret
name: {{ $secretName }}
valuesKey: client_secret
targetPath: "extraSecrets.experimental_features.msc3861.client_secret"
- kind: Secret
name: {{ $secretName }}
valuesKey: admin_token
targetPath: "extraSecrets.experimental_features.msc3861.admin_token"
{{- end }}
values:
serverName: {{ include "mycloud-matrix.domain" . | quote }}
publicServerName: {{ include "mycloud-matrix.host.server" . | quote }}
config:
enableRegistration: false
useStructuredLogging: true
logLevel: INFO
extraConfig:
use_presence: false
enable_search: false
dynamic_thumbnails: true
{{- with .Values.bridge }}
{{- if or .signal.enabled }}
app_service_config_files:
- "/etc/appservices/doublepuppet.yaml"
{{- if .signal.enabled }}
- "/etc/appservices/bridge-signal.yaml"
{{- end }}{{/* end-if .signale.enabled */}}
{{- end }}{{/* end-if .*.enabled */}}
{{- end }}{{/* end-with .bridge*/}}
extraSecrets:
email:
smtp_host: {{ .Values.server.mail.host | default .Values.commons.mail.host | quote }}
smtp_port: 587
{{- if .Values.commons.mail.use_tls }}
require_transport_security: true
{{- end }}
smtp_user: {{ .Values.commons.mail.username | quote }}
smtp_pass: {{ .Values.commons.mail.password | quote }}
app_name: "{{ .Values.commons.theme.title }}-matrix"
# TODO
# notif_from: {{ .Values.server.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "matrix" .Values.commons.mail.from) | quote }}
notif_from: {{ .Values.server.mail.from | default .Values.commons.mail.from | quote }}
{{- if .Values.server.authenticationService.enabled }}
experimental_features:
msc3861:
enabled: true
issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/"
client_id: 0000000000000000000SYNAPSE
client_auth_method: client_secret_basic
account_management_url: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/account/"
{{- else }}
oidc_providers:
- idp_id: mycloud
idp_name: {{ .Values.commons.theme.title | quote }}
discover: true
issuer: "https://{{ include "mycloud-matrix.domain.auth" . }}/application/o/mycloud-matrix/"
client_id: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }}
client_secret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }}
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
{{`
localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name|capitalize }}"
`}}
{{- end }}
extraLoggers:
synapse.storage.SQL:
level: WARNING
{{- if .Values.server.scaling }}
workers:
generic_worker:
enabled: true
federation_reader:
enabled: true
synchrotron:
enabled: true
pusher:
enabled: true
appservice:
enabled: true
federation_sender:
enabled: true
media_repository:
enabled: true
user_dir:
enabled: true
frontend_proxy:
enabled: true
csPaths:
- "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"
- "/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status"
{{- end }}
synapse:
livenessProbe:
timeoutSeconds: 2
periodSeconds: 15
readinessProbe:
timeoutSeconds: 2
periodSeconds: 15
startupProbe:
timeoutSeconds: 2
periodSeconds: 15
resources:
requests:
cpu: 1
memory: "256Mi"
limits:
memory: "4Gi"
extraVolumeMounts:
{{- with .Values.bridge }}
{{- if or .signal.enabled }}
- name: doublepuppet
mountPath: "/etc/appservices/doublepuppet.yaml"
subPath: "doublepuppet.yaml"
{{- if .signal.enabled }}
- name: bridge-signal
mountPath: "/etc/appservices/bridge-signal.yaml"
subPath: "bridge-signal.yaml"
{{- end }}{{/* end-if .signale.enabled */}}
{{- end }}{{/* end-if .*.enabled */}}
{{- end }}{{/* end-with .bridge*/}}
extraVolumes:
{{- with .Values.bridge }}
{{- if or .signal.enabled }}
- name: doublepuppet
secret:
secretName: "{{ $.Release.Name }}-doublepuppet"
items:
- key: "registration.yaml"
path: "doublepuppet.yaml"
{{- if .signal.enabled }}
- name: bridge-signal
secret:
secretName: "{{ $.Release.Name }}-mautrix-signal"
items:
- key: "registration.yaml"
path: "bridge-signal.yaml"
{{- end }}{{/* end-if .signale.enabled */}}
{{- end }}{{/* end-if .*.enabled */}}
{{- end }}{{/* end-with .bridge*/}}
wellknown:
enabled: true
client:
"m.homeserver":
base_url: "https://{{ include "mycloud-matrix.host.server" . }}/"
{{- if .Values.server.slidingSync.enabled }}
"org.matrix.msc3575.proxy":
url: "https://{{ include "mycloud-matrix.host.slidingSync" . }}"
{{- end }}
{{- if .Values.server.authenticationService.enabled }}
"org.matrix.msc2965.authentication":
issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/"
account: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/account/"
{{- end }}
resources:
requests:
cpu: 0.1
memory: "64Mi"
limits:
memory: "256Mi"
signingkey:
resources:
requests:
cpu: 0.1
memory: "64Mi"
limits:
memory: "256Mi"
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.server.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
includeServerName: false
hosts:
- {{ include "mycloud-matrix.host.server" . | quote }}
csHosts:
- {{ include "mycloud-matrix.host.server" . | quote }}
wkHosts:
- {{ include "mycloud-matrix.domain" . | quote }}
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-matrix-server-cert"
hosts:
- {{ include "mycloud-matrix.domain" . | quote }}
- {{ include "mycloud-matrix.host.server" . | quote }}
{{- end }}
{{- end }}
persistence:
enabled: true
size: {{ .Values.persistence.size }}
{{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
storageClass: {{ . }}
{{- end }}
{{- if .Values.commons.persistence.hostPath.enabled }}
hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/synapse"
{{- end }}
postgresql:
enabled: false
externalPostgresql:
{{- with .Values.databases.server }}
host: {{ .host | quote }}
username: {{ .username | quote }}
password: {{ .password | default (derivePassword 1 "long" $.Values.commons.masterPassword "matrix-synapse" "database_password" | b64enc) | quote }}
database: {{ .name | quote }}
{{- end }}
prometheus:
podmonitor:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
rules:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
labels:
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
grafana:
dashboards:
enabled: true
labels:
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
annotations:
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}
{{- end }}{{/* end-if .software == synapse */}}
Reference in a new issue View git blame Copy permalink