191 lines
6.2 KiB
YAML
191 lines
6.2 KiB
YAML
{{- if (eq .Values.server.software "synapse") }}
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-synapse"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: "wrenix-helm-charts"
|
|
namespace: "flux-system"
|
|
chart: "./matrix-synapse"
|
|
reconcileStrategy: "Revision"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
{{- $domain := .Values.server.host | default .Values.commons.ingress.domain }}
|
|
{{- $host := .Values.ingress.server.host | default (printf "matrix.%s" .Values.commons.ingress.domain) }}
|
|
serverName: {{ $domain }}
|
|
publicServerName: {{ $host }}
|
|
config:
|
|
enableRegistration: false
|
|
useStructuredLogging: true
|
|
extraConfig:
|
|
use_presence: false
|
|
enable_search: false
|
|
dynamic_thumbnails: true
|
|
extraSecrets:
|
|
email:
|
|
smtp_host: {{ .Values.server.mail.host | default .Values.commons.mail.host | quote }}
|
|
smtp_port: 587
|
|
{{- if .Values.commons.mail.use_tls }}
|
|
require_transport_security: true
|
|
{{- end }}
|
|
smtp_user: {{ .Values.commons.mail.username | quote }}
|
|
smtp_pass: {{ .Values.commons.mail.password | quote }}
|
|
app_name: "{{ .Values.commons.theme.title }}-matrix"
|
|
# TODO
|
|
# notif_from: {{ .Values.server.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "matrix" .Values.commons.mail.from) | quote }}
|
|
notif_from: {{ .Values.server.mail.from | default .Values.commons.mail.from | quote }}
|
|
oidc_providers:
|
|
- idp_id: mycloud
|
|
idp_name: {{ .Values.commons.theme.title | quote }}
|
|
discover: true
|
|
issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-matrix/"
|
|
client_id: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }}
|
|
client_secret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }}
|
|
scopes:
|
|
- "openid"
|
|
- "profile"
|
|
- "email"
|
|
user_mapping_provider:
|
|
config:
|
|
{{`
|
|
localpart_template: "{{ user.preferred_username }}"
|
|
display_name_template: "{{ user.name|capitalize }}"
|
|
`}}
|
|
|
|
{{- if .Values.server.scaling }}
|
|
workers:
|
|
generic_worker:
|
|
enabled: true
|
|
federation_reader:
|
|
enabled: true
|
|
synchrotron:
|
|
enabled: true
|
|
pusher:
|
|
enabled: true
|
|
appservice:
|
|
enabled: true
|
|
federation_sender:
|
|
enabled: true
|
|
media_repository:
|
|
enabled: true
|
|
user_dir:
|
|
enabled: true
|
|
frontend_proxy:
|
|
enabled: true
|
|
csPaths:
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"
|
|
- "/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status"
|
|
{{- end }}
|
|
|
|
synapse:
|
|
livenessProbe:
|
|
timeoutSeconds: 2
|
|
periodSeconds: 15
|
|
readinessProbe:
|
|
timeoutSeconds: 2
|
|
periodSeconds: 15
|
|
startupProbe:
|
|
timeoutSeconds: 2
|
|
periodSeconds: 15
|
|
resources:
|
|
requests:
|
|
cpu: 1
|
|
memory: "256Mi"
|
|
limits:
|
|
memory: "4Gi"
|
|
|
|
wellknown:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 0.1
|
|
memory: "64Mi"
|
|
limits:
|
|
memory: "256Mi"
|
|
|
|
signingkey:
|
|
resources:
|
|
requests:
|
|
cpu: 0.1
|
|
memory: "64Mi"
|
|
limits:
|
|
memory: "256Mi"
|
|
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
includeServerName: false
|
|
hosts:
|
|
- "{{ $host }}"
|
|
csHosts:
|
|
- "{{ $host }}"
|
|
wkHosts:
|
|
- "{{ .Values.commons.ingress.domain }}"
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-metrix-server-cert"
|
|
hosts:
|
|
- "{{ .Values.commons.ingress.domain }}"
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
persistence:
|
|
enabled: true
|
|
size: {{ .Values.persistence.size }}
|
|
{{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
|
|
storageClass: {{ . }}
|
|
{{- end }}
|
|
{{- if .Values.commons.persistence.hostPath.enabled }}
|
|
hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/synapse"
|
|
{{- end }}
|
|
|
|
postgresql:
|
|
enabled: false
|
|
externalPostgresql:
|
|
host: {{ .Values.databases.server.host | quote }}
|
|
username: {{ .Values.databases.server.username | quote }}
|
|
password: {{ .Values.databases.server.password | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix-synapse" "database_password" | b64enc) | quote }}
|
|
database: {{ .Values.databases.server.name | quote }}
|
|
|
|
prometheus:
|
|
podmonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
grafana:
|
|
dashboards:
|
|
enabled: true
|
|
labels:
|
|
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
|
|
annotations:
|
|
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}
|
|
{{- end }}{{/* end-if .software == synapse */}}
|