flux-charts/mycloud-matrix/templates/bridge/signal.yaml

{{- if .Values.bridge.signal.enabled }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: "{{ .Release.Name }}-mautrix-signal"
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./mautrix-signal"
      reconcileStrategy: "Revision"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  valuesFrom:
    - kind: Secret
      name: "{{ .Release.Name }}-mautrix-signal"
      valuesKey: as_token
      targetPath: config.appservice.as_token
      optional: true
    - kind: Secret
      name: "{{ .Release.Name }}-mautrix-signal"
      valuesKey: hs_token
      targetPath: config.appservice.hs_token
      optional: true
    - kind: Secret
      name: "{{ .Release.Name }}-doublepuppet"
      valuesKey: as_token_code
      targetPath: config.bridge.login_shared_secret_map.{{ include "mycloud-matrix.domain" . | replace "." "\\." }}
  values:
    config:
      homeserver:
        address: https://{{ include "mycloud-matrix.host.server" . }}
        domain: {{ include "mycloud-matrix.domain" . }}
      appservice:
        address: http://{{ .Release.Name }}-mautrix-signal:29328
        database:
          type: postgres
          {{- $username := .Values.databases.bridge.signal.username  }}
          {{- $password := .Values.databases.bridge.signal.password | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix-bridge-signal" "database_password" | b64enc) }}
          {{- $host := .Values.databases.bridge.signal.host }}
          {{- $database := .Values.databases.bridge.signal.name }}
          uri: {{ printf "postgres://%s:%s@%s/%s?sslmode=disable" $username $password $host $database | quote }}
      bridge:
        personal_filtering_spaces: true
        sync_direct_chat_list: true
        double_puppet_server_map:
          example.com: null
          {{ include "mycloud-matrix.domain" . }}: https://{{ include "mycloud-matrix.host.server" . }}
        login_shared_secret_map:
          example.com: null
        {{- if not .Values.server.authenticationService.enabled }}
        encryption:
          allow: true
          default: true
          require: true
          delete_keys:
            periodically_delete_expired: true
        {{- end }}
        permissions:
          "example.com": null
          "@admin:example.com": null
          {{ include "mycloud-matrix.domain" . | quote}}: user
          {{- range $user := .Values.bridge.signal.admins }}
          {{ $user | quote }}: admin
          {{- end }}
        relay:
          enabled: true

    registration:
      namespaces:
        users:
          - regex: {{ printf "^@signalbot:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }}
            exclusive: true
          - regex: {{ printf "^@signal_.*:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }}
            exclusive: true

    persistence:
      enabled: true
      size: {{ .Values.persistence.size }}
      {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
      storageClass: {{ . }}
      {{- end }}
      {{- if .Values.commons.persistence.hostPath.enabled }}
      hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/bridge/signal"
      {{- end }}

    prometheus:
      servicemonitor:
        enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
        labels:
          {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
{{- end }}{{/* end-if .bridge.signal.enabled */}}