diff --git a/README.md b/README.adoc similarity index 68% rename from README.md rename to README.adoc index bf954b6..1203432 100644 --- a/README.md +++ b/README.adoc @@ -1,29 +1,26 @@ ---- -title: "Helm-Charts" -weight: 1 -cascade: - - url: /:sections/:title/ -url: /:sections ---- += helm-charts -## Usage +== Usage Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. +Refer to Helm's https://helm.sh/docs[documentation] to get started. Once Helm has been set up correctly, fetch the charts as follows: -```bash +[source,bash] +---- helm pull oci://codeberg.org/wrenix/helm-charts/ -``` +---- You can install a chart release using the following command: -```bash +[source,bash] +---- helm install oci://codeberg.org/wrenix/helm-charts/ --values values.yaml -``` +---- To uninstall a chart release use `helm`'s delete command: -```bash +[source,bash] +---- helm uninstall -``` +---- diff --git a/README.adoc.gotmpl b/README.adoc.gotmpl new file mode 100644 index 0000000..05424bd --- /dev/null +++ b/README.adoc.gotmpl @@ -0,0 +1,87 @@ +{{ define "chart.header" }}= {{ .Name }} +{{ end }} +{{ define "chart.versionBadge" }} +image::https://img.shields.io/badge/Version-{{ .Version | replace "-" "--" }}-informational?style=flat-square[Version: {{ .Version }}]{{end}} +{{ define "chart.typeBadge" }} +image::https://img.shields.io/badge/Version-{{ .Type }}-informational?style=flat-square[Type: {{ .Type }}]{{end}} +{{ define "chart.appVersionBadge" }}{{- if (ne .AppVersion "") }} +image::https://img.shields.io/badge/AppVersion-{{ .AppVersion }}-informational?style=flat-square[AppVersion: {{ .AppVersion }}]{{ end }}{{end}} +{{ define "chart.maintainersHeader" }}== Maintainers{{ end }} +{{ define "chart.maintainersTable" }}.Maintainers +|=== +| Name | Email | Url + {{- range .Maintainers }} + +| {{ .Name }} +| {{ if .Email }}<{{ .Email }}>{{ end }} +| {{ if .Url }}<{{ .Url }}>{{ end }} + {{- end }} +|=== +{{ end }} +{{ define "chart.valuesHeader" }}== Values{{ end }} +{{ define "chart.valuesTable" -}} +{{- if .Sections.Sections -}} +{{- range .Sections.Sections }} +.Values {{.SectionName }} +{{ template "chart.valuesOneTable" .SectionItems }} +{{- end }}{{/* range sections*/}} +{{- if .Sections.DefaultSection.SectionItems -}} +.Values {{.Sections.DefaultSection.SectionName }} +{{ template "chart.valuesOneTable" .Sections.DefaultSection.SectionItems }} +{{- end }}{{/* end default section */}} +{{- else }}{{/* if no sections */}} +.Values +{{ template "chart.valuesOneTable" .Values }} +{{- end }} +{{ end }}{{/* end chart.valuesTable */}} +{{ define "chart.valuesOneTable" -}} +|=== +| Key | Type | Default | Description + {{- range . }} + +| {{ .Key }} +| {{ .Type }} +| {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} +| {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} + {{- end }} +|=== +{{ end }}{{/* end chart.valuesOneTable */}} + +{{- define "chart.prerequirements" -}}{{- end -}} + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.prerequirements" . }} + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install {{ template "chart.name" . }}-release oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall {{ template "chart.name" . }}-release +---- + +{{ template "chart.valuesSection" . }} + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/README.md.gotmpl b/README.md.gotmpl deleted file mode 100644 index ffed287..0000000 --- a/README.md.gotmpl +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: {{ .Name | quote }} -{{ if .Description }} -description: {{.Description | quote }} -{{ end }} ---- - -{{- define "chart.prerequirements" }} -{{- end }} - -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - - - -{{ template "chart.prerequirements" . }} - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/{{ .Name }} -``` - -You can install a chart release using the following command: - -```bash -helm install {{ .Name }}-release oci://codeberg.org/wrenix/helm-charts/{{ .Name }} --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall {{ .Name }}-release -``` - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-matrix/Chart.yaml b/alertmanager-matrix/Chart.yaml index 2195783..f2a3e46 100644 --- a/alertmanager-matrix/Chart.yaml +++ b/alertmanager-matrix/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: alertmanager-matrix description: Service for managing and receiving Alertmanager alerts on Matrix type: application -version: "0.1.11" +version: 0.1.8 # renovate: image=docker.io/silkeh/alertmanager_matrix -appVersion: "0.5.0" +appVersion: "0.4.3" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/alertmanager-matrix/README.adoc b/alertmanager-matrix/README.adoc index 55dd37b..91636ca 100644 --- a/alertmanager-matrix/README.adoc +++ b/alertmanager-matrix/README.adoc @@ -2,9 +2,9 @@ = alertmanager-matrix -image::https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square[Version: 0.1.11] +image::https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square[Version: 0.1.8] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square[AppVersion: 0.5.0] +image::https://img.shields.io/badge/AppVersion-0.4.3-informational?style=flat-square[AppVersion: 0.4.3] == Maintainers .Maintainers @@ -214,12 +214,12 @@ helm uninstall alertmanager-matrix-release | image.registry | string -| `"registry.gitlab.com"` +| `"docker.io"` | | image.repository | string -| `"wrenix/alertmanager_matrix"` +| `"silkeh/alertmanager_matrix"` | | image.tag diff --git a/alertmanager-matrix/README.md b/alertmanager-matrix/README.md deleted file mode 100644 index ddb4ed3..0000000 --- a/alertmanager-matrix/README.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: "alertmanager-matrix" - -description: "Service for managing and receiving Alertmanager alerts on Matrix" - ---- - -# alertmanager-matrix - -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) - -Service for managing and receiving Alertmanager alerts on Matrix - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix -``` - -You can install a chart release using the following command: - -```bash -helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall alertmanager-matrix-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| bot.alertmanager | string | `"http://localhost:9093"` | | -| bot.colors.alert | string | `"black"` | | -| bot.colors.critical | string | `"red"` | | -| bot.colors.error | string | `"red"` | | -| bot.colors.info | string | `"blue"` | | -| bot.colors.information | string | `"blue"` | | -| bot.colors.resolved | string | `"green"` | | -| bot.colors.silenced | string | `"gray"` | | -| bot.colors.warning | string | `"orange"` | | -| bot.icons.alert | string | `"🔔ī¸"` | | -| bot.icons.critical | string | `"🚨"` | | -| bot.icons.error | string | `"🚨"` | | -| bot.icons.info | string | `"ℹī¸"` | | -| bot.icons.information | string | `"ℹī¸"` | | -| bot.icons.resolved | string | `"✅"` | | -| bot.icons.silenced | string | `"🔕"` | | -| bot.icons.warning | string | `"⚠ī¸"` | | -| bot.matrix.homeserver | string | `"http://localhost:8008"` | | -| bot.matrix.rooms[0] | string | `"!not_existing:matrix.org"` | | -| bot.matrix.rooms[1] | string | `"!also_not_existing:matrix.org"` | | -| bot.matrix.token | string | `"SECRET_TOKEN"` | | -| bot.matrix.userID | string | `"bot"` | | -| bot.messageType | string | `"m.notice"` | | -| bot.showLabels | bool | `false` | | -| bot.template.html | string | `"{{ range .Alerts }}\n \n {{.StatusString|icon}}\n {{.StatusString|upper}}\n {{.AlertName}}:\n \n {{.Summary}}\n {{if ne .Fingerprint \"\"}}\n ({{.Fingerprint}})\n {{end}}\n {{if $.ShowLabels}}\n
\n Labels:\n {{.LabelString}}\n {{end}}\n
\n{{- end -}}\n"` | | -| bot.template.text | string | `"{{ range .Alerts }}\n {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n ({{.Fingerprint}})\n {{- end}}\n {{- if $.ShowLabels -}}\n , labels:\n {{- .LabelString}}\n {{- end }}\n{{ end -}}\n"` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"registry.gitlab.com"` | | -| image.repository | string | `"wrenix/alertmanager_matrix"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| logging.additionalFilters | list | `[]` | Add other filters to Flow | -| logging.dedot | string | `nil` | if an filter (here or global) for dedot is active - for disable set `null` | -| logging.enabled | bool | `false` | Deploy Flow for logging-operator | -| logging.globalOutputRefs | list | `["default"]` | Flows globalOutputRefs for use of ClusterOutputs | -| logging.localOutputRefs | list | `[]` | Flows localOutputRefs for use of Outputs | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `4051` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-matrix/values.yaml b/alertmanager-matrix/values.yaml index e2e14ab..e3cb5b1 100644 --- a/alertmanager-matrix/values.yaml +++ b/alertmanager-matrix/values.yaml @@ -5,8 +5,8 @@ replicaCount: 1 image: - registry: registry.gitlab.com - repository: wrenix/alertmanager_matrix + registry: docker.io + repository: silkeh/alertmanager_matrix pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. # latest with current: diff --git a/alertmanager-ntfy/Chart.yaml b/alertmanager-ntfy/Chart.yaml index 5b2e5e1..2a3dd8a 100644 --- a/alertmanager-ntfy/Chart.yaml +++ b/alertmanager-ntfy/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: alertmanager-ntfy description: Receiver for alertmanager to forward to ntfy.sh type: application -version: 0.1.5 -# renovate: image=codeberg.org/xenrox/ntfy-alertmanager -appVersion: "0.4.0" +version: 0.1.4 +# renovate: image=docker.io/xenrox/ntfy-alertmanager +appVersion: "0.3.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/alertmanager-ntfy/README.adoc b/alertmanager-ntfy/README.adoc new file mode 100644 index 0000000..8da8363 --- /dev/null +++ b/alertmanager-ntfy/README.adoc @@ -0,0 +1,301 @@ + + += alertmanager-ntfy + +image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square[AppVersion: 0.3.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall alertmanager-ntfy-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"docker.io"` +| + +| image.repository +| string +| `"xenrox/ntfy-alertmanager"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| ntfyAlertmanager.labels.entries[0].label +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.entries[0].priority +| int +| `5` +| + +| ntfyAlertmanager.labels.entries[0].tags[0] +| string +| `"rotating_light"` +| + +| ntfyAlertmanager.labels.entries[0].value +| string +| `"critical"` +| + +| ntfyAlertmanager.labels.entries[1].label +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.entries[1].priority +| int +| `1` +| + +| ntfyAlertmanager.labels.entries[1].value +| string +| `"info"` +| + +| ntfyAlertmanager.labels.entries[2].label +| string +| `"instance"` +| + +| ntfyAlertmanager.labels.entries[2].tags[0] +| string +| `"computer"` +| + +| ntfyAlertmanager.labels.entries[2].tags[1] +| string +| `"example"` +| + +| ntfyAlertmanager.labels.entries[2].value +| string +| `"example.com"` +| + +| ntfyAlertmanager.labels.order[0] +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.order[1] +| string +| `"instance"` +| + +| ntfyAlertmanager.logLevel +| string +| `"info"` +| + +| ntfyAlertmanager.ntfy.topic +| string +| `"https://ntfy.sh/alertmanager-alerts"` +| + +| ntfyAlertmanager.port +| int +| `80` +| + +| ntfyAlertmanager.resolved.tags[0] +| string +| `"resolved"` +| + +| ntfyAlertmanager.resolved.tags[1] +| string +| `"partying_face"` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `80` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/alertmanager-ntfy/README.md b/alertmanager-ntfy/README.md deleted file mode 100644 index d36a0f3..0000000 --- a/alertmanager-ntfy/README.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: "alertmanager-ntfy" - -description: "Receiver for alertmanager to forward to ntfy.sh" - ---- - -# alertmanager-ntfy - -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square) - -Receiver for alertmanager to forward to ntfy.sh - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy -``` - -You can install a chart release using the following command: - -```bash -helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall alertmanager-ntfy-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"codeberg.org"` | | -| image.repository | string | `"xenrox/ntfy-alertmanager"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| ntfyAlertmanager.labels.entries[0].label | string | `"severity"` | | -| ntfyAlertmanager.labels.entries[0].priority | int | `5` | | -| ntfyAlertmanager.labels.entries[0].tags[0] | string | `"rotating_light"` | | -| ntfyAlertmanager.labels.entries[0].value | string | `"critical"` | | -| ntfyAlertmanager.labels.entries[1].label | string | `"severity"` | | -| ntfyAlertmanager.labels.entries[1].priority | int | `1` | | -| ntfyAlertmanager.labels.entries[1].value | string | `"info"` | | -| ntfyAlertmanager.labels.entries[2].label | string | `"instance"` | | -| ntfyAlertmanager.labels.entries[2].tags[0] | string | `"computer"` | | -| ntfyAlertmanager.labels.entries[2].tags[1] | string | `"example"` | | -| ntfyAlertmanager.labels.entries[2].value | string | `"example.com"` | | -| ntfyAlertmanager.labels.order[0] | string | `"severity"` | | -| ntfyAlertmanager.labels.order[1] | string | `"instance"` | | -| ntfyAlertmanager.logLevel | string | `"info"` | | -| ntfyAlertmanager.ntfy.topic | string | `"https://ntfy.sh/alertmanager-alerts"` | | -| ntfyAlertmanager.port | int | `80` | | -| ntfyAlertmanager.resolved.tags[0] | string | `"resolved"` | | -| ntfyAlertmanager.resolved.tags[1] | string | `"partying_face"` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-ntfy/values.yaml b/alertmanager-ntfy/values.yaml index 405a4d0..870a7ce 100644 --- a/alertmanager-ntfy/values.yaml +++ b/alertmanager-ntfy/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: - registry: codeberg.org + registry: docker.io repository: xenrox/ntfy-alertmanager pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. diff --git a/authentik-application/Chart.yaml b/authentik-application/Chart.yaml index 8a96b3e..066ba97 100644 --- a/authentik-application/Chart.yaml +++ b/authentik-application/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: authentik-application description: "A Chart to deploy a secret for the authentik blueprint-sidecar." type: application -version: "0.4.5" +version: 0.4.1 maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/authentik-application/README.adoc b/authentik-application/README.adoc new file mode 100644 index 0000000..1d9dd75 --- /dev/null +++ b/authentik-application/README.adoc @@ -0,0 +1,274 @@ + + += authentik-application + +image::https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square[Version: 0.4.1] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +## Pre-Requirement +Usage of https://github.com/goauthentik/helm/pull/146 + +## or manual: +Install authentik with this `values.yaml`: +```yaml +serviceAccount: + create: true + +additionalContainers: + - name: sidecar-blueprints + image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" + env: + - name: "FOLDER" + value: "/blueprints/sidecar" + - name: "LABEL" + value: "goauthentik_blueprint" + - name: "LABEL_VALUE" + value: "1" + # - name: "NAMESPACE" + # value: "ALL" + - name: "RESOURCE" + value: "both" + - name: "UNIQUE_FILENAMES" + value: "true" + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumes: + - name: sidecar-blueprints + emptyDir: {} +``` + +And create an Role and bind them on to the ServiceAccount to read secrets: +```yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: authentik-blueprint-sidecar +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: authentik-blueprint-sidecar +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: authentik-blueprint-sidecar +subjects: + - kind: ServiceAccount + name: authentik +``` + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall authentik-application-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| blueprint.application.bindPolicyID +| string +| `nil` +| uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) + +| blueprint.application.description +| string +| `""` +| description of application + +| blueprint.application.group +| string +| `""` +| put this application in authentik in group + +| blueprint.application.icon +| string +| `""` +| icon of application (url) + +| blueprint.application.launchURL +| string +| `""` +| + +| blueprint.application.name +| string +| `""` +| application name in menu + +| blueprint.application.openInNewTab +| bool +| `false` +| open application in new tab + +| blueprint.application.policyEngineMode +| string +| `"any"` +| + +| blueprint.application.publisher +| string +| `""` +| publisher of application + +| blueprint.application.slug +| string +| `"app-name"` +| application slug + +| blueprint.authentik.domain +| string +| `"https://auth.wrenix.eu"` +| domain to authentik, used in generated url (like issuer) + +| blueprint.groups +| string +| `nil` +| authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid + +| blueprint.labels +| object +| `{"goauthentik_blueprint":"1"}` +| label of generated secret with blueprint + +| blueprint.provider.authorizationFlow +| string +| `"default-provider-authorization-implicit-consent"` +| + +| blueprint.provider.enabled +| bool +| `true` +| creat an provider for authentification (otherwise just a like in menu is created) + +| blueprint.provider.name +| string +| `""` +| + +| blueprint.provider.oidc.clientID +| string +| `nil` +| client id - generated if secret enabled + +| blueprint.provider.oidc.clientSecret +| string +| `nil` +| client secret - generated if secret enabled + +| blueprint.provider.oidc.clientType +| string +| `"confidential"` +| + +| blueprint.provider.oidc.redirectURL +| string +| `""` +| + +| blueprint.provider.oidc.scopes +| string +| `nil` +| Scope + +| blueprint.provider.oidc.signingKey +| string +| `""` +| Need for non-curve / RSA + +| blueprint.provider.proxy.cookieDomain +| string +| `""` +| + +| blueprint.provider.proxy.externalHost +| string +| `nil` +| + +| blueprint.provider.proxy.ingress.backend +| string +| `"authentik"` +| service backend to authentik + +| blueprint.provider.proxy.ingress.domain +| string +| `nil` +| domain of application (where outpost should be deployed) + +| blueprint.provider.proxy.ingress.enabled +| bool +| `false` +| deploy ingress on application domain for e.g. logout (WIP) + +| blueprint.provider.proxy.skipPathRegex +| string +| `""` +| + +| blueprint.provider.saml +| string +| `nil` +| + +| blueprint.provider.type +| string +| `"oidc"` +| type of application connection, current support: oidc, saml and proxy + +| secret.labels +| object +| `{}` +| label of secret to store generated secret + +| secret.name +| string +| `""` +| name of secret to store generated secret (like clientI) +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/authentik-application/README.md b/authentik-application/README.md deleted file mode 100644 index c91ec39..0000000 --- a/authentik-application/README.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: "authentik-application" - -description: "A Chart to deploy a secret for the authentik blueprint-sidecar." - ---- - -# authentik-application - -![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -A Chart to deploy a secret for the authentik blueprint-sidecar. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Pre-Requirement -Usage of https://github.com/goauthentik/helm/pull/146 - -## or manual: -Install authentik with this `values.yaml`: -```yaml -serviceAccount: - create: true - -additionalContainers: - - name: sidecar-blueprints - image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" - env: - - name: "FOLDER" - value: "/blueprints/sidecar" - - name: "LABEL" - value: "goauthentik_blueprint" - - name: "LABEL_VALUE" - value: "1" - # - name: "NAMESPACE" - # value: "ALL" - - name: "RESOURCE" - value: "both" - - name: "UNIQUE_FILENAMES" - value: "true" - volumeMounts: - - name: sidecar-blueprints - mountPath: /blueprints/sidecar - -volumeMounts: - - name: sidecar-blueprints - mountPath: /blueprints/sidecar - -volumes: - - name: sidecar-blueprints - emptyDir: {} -``` - -And create an Role and bind them on to the ServiceAccount to read secrets: -```yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: authentik-blueprint-sidecar -rules: - - apiGroups: [""] - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: authentik-blueprint-sidecar -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: authentik-blueprint-sidecar -subjects: - - kind: ServiceAccount - name: authentik -``` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application -``` - -You can install a chart release using the following command: - -```bash -helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall authentik-application-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) | -| blueprint.application.description | string | `""` | description of application | -| blueprint.application.group | string | `""` | put this application in authentik in group | -| blueprint.application.icon | string | `""` | icon of application (url) | -| blueprint.application.launchURL | string | `""` | | -| blueprint.application.name | string | `""` | application name in menu | -| blueprint.application.openInNewTab | bool | `false` | open application in new tab | -| blueprint.application.policyEngineMode | string | `"any"` | | -| blueprint.application.publisher | string | `""` | publisher of application | -| blueprint.application.slug | string | `"app-name"` | application slug | -| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) | -| blueprint.groups | string | `nil` | authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid | -| blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint | -| blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | | -| blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) | -| blueprint.provider.invalidationFlow | string | `"default-provider-invalidation-flow"` | | -| blueprint.provider.name | string | `""` | | -| blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled | -| blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled | -| blueprint.provider.oidc.clientType | string | `"confidential"` | | -| blueprint.provider.oidc.redirectURL | string | `""` | | -| blueprint.provider.oidc.scopes | string | `nil` | Scope | -| blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA | -| blueprint.provider.proxy.cookieDomain | string | `""` | | -| blueprint.provider.proxy.externalHost | string | `nil` | | -| blueprint.provider.proxy.ingress.annotations | list | `[]` | annotations to ingress for outpost | -| blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik | -| blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) | -| blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) | -| blueprint.provider.proxy.ingress.tls | list | `[]` | tls to ingress for outpost | -| blueprint.provider.proxy.skipPathRegex | string | `""` | | -| blueprint.provider.saml | string | `nil` | | -| blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy | -| secret.labels | object | `{}` | label of secret to store generated secret | -| secret.name | string | `""` | name of secret to store generated secret (like clientI) | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/authentik-application/files/provider/oidc.yaml.gotmpl b/authentik-application/files/provider/oidc.yaml.gotmpl index cc80565..6468f57 100644 --- a/authentik-application/files/provider/oidc.yaml.gotmpl +++ b/authentik-application/files/provider/oidc.yaml.gotmpl @@ -22,14 +22,11 @@ state: present attrs: authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]] - invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]] {{- with .Values.blueprint.provider.oidc }} client_type: {{ .clientType | quote }} client_id: {{ $clientID | quote }} client_secret: {{ $clientSecret | quote }} - redirect_uris: - - matching_mode: "strict" - url: {{ .redirectURL | quote }} + redirect_uris: {{ .redirectURL }} {{- with .tokenDuration }} access_token_validity: {{ . | quote }} {{- end }} diff --git a/authentik-application/templates/ingress.yaml b/authentik-application/templates/ingress.yaml index 0cdde0a..3a10ce9 100644 --- a/authentik-application/templates/ingress.yaml +++ b/authentik-application/templates/ingress.yaml @@ -6,10 +6,6 @@ metadata: name: {{ include "authentik-application.fullname" . }} labels: {{- include "authentik-application.labels" . | nindent 4 }} - {{- with .Values.blueprint.provider.proxy.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} spec: rules: - host: {{ .Values.blueprint.provider.proxy.ingress.domain | quote }} @@ -22,8 +18,4 @@ spec: name: {{ .Values.blueprint.provider.proxy.ingress.backend | quote }} port: name: http - {{- with .Values.blueprint.provider.proxy.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/authentik-application/values.yaml b/authentik-application/values.yaml index b3199e5..52fc7f6 100644 --- a/authentik-application/values.yaml +++ b/authentik-application/values.yaml @@ -16,7 +16,6 @@ blueprint: enabled: true name: "" authorizationFlow: "default-provider-authorization-implicit-consent" - invalidationFlow: "default-provider-invalidation-flow" # -- type of application connection, current support: oidc, saml and proxy type: "oidc" oidc: @@ -45,10 +44,6 @@ blueprint: domain: # -- service backend to authentik backend: authentik - # -- annotations to ingress for outpost - annotations: [] - # -- tls to ingress for outpost - tls: [] application: # -- application name in menu name: "" diff --git a/autopush/.gitignore b/autopush/.gitignore deleted file mode 100644 index 31014c3..0000000 --- a/autopush/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -charts/*.tgz -values_test.yaml diff --git a/autopush/.helmignore b/autopush/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/autopush/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/autopush/Chart.lock b/autopush/Chart.lock deleted file mode 100644 index 374ae78..0000000 --- a/autopush/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:393d6daa4bc8cdb66a7b6b34571a98e240890e994cb717e6bd2886dab67d196b -generated: "2025-01-15T22:10:56.598818643+01:00" diff --git a/autopush/Chart.yaml b/autopush/Chart.yaml deleted file mode 100644 index 727c3dc..0000000 --- a/autopush/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -name: autopush -description: A Helm chart for Kubernetes -icon: -type: application -version: 0.0.9 -# renovate: image=docker.io/mozilla-services/autopush-rs -appVersion: "1.72.2" -maintainers: - - name: WrenIX - url: https://wrenix.eu - -dependencies: - - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" - condition: redis.internal diff --git a/autopush/README.md b/autopush/README.md deleted file mode 100644 index 057e0e6..0000000 --- a/autopush/README.md +++ /dev/null @@ -1,186 +0,0 @@ ---- -title: "autopush" - -description: "A Helm chart for Kubernetes" - ---- - -# autopush - -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.72.2](https://img.shields.io/badge/AppVersion-1.72.2-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -= Beta - -WARNING -==== -We let it run in production, but it is not stable / complete. - -TODOs: - - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813 - - [ ] automatical create CRYPT_KEY (instatt of key) - - [ ] better ingress / host name support - - [ ] Improve monitoring with alerts and grafana dashboard - -==== - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/autopush -``` - -You can install a chart release using the following command: - -```bash -helm install autopush-release oci://codeberg.org/wrenix/helm-charts/autopush --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall autopush-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoconnect.affinity | object | `{}` | | -| autoconnect.image.pullPolicy | string | `"IfNotPresent"` | | -| autoconnect.image.registry | string | `"codeberg.org"` | | -| autoconnect.image.repository | string | `"wrenix/autopush/autoconnect"` | | -| autoconnect.image.tag | string | `"latest"` | | -| autoconnect.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| autoconnect.nodeSelector | object | `{}` | | -| autoconnect.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | -| autoconnect.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | -| autoconnect.podSecurityContext | object | `{}` | | -| autoconnect.readinessProbe.httpGet.path | string | `"/health"` | | -| autoconnect.readinessProbe.httpGet.port | string | `"http"` | | -| autoconnect.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| autoconnect.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| autoconnect.securityContext | object | `{}` | securityContext capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 | -| autoconnect.service.ports.http | int | `80` | | -| autoconnect.service.ports.router | int | `8081` | | -| autoconnect.service.type | string | `"ClusterIP"` | | -| autoconnect.tolerations | list | `[]` | | -| autoconnect.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| autoendpoint.affinity | object | `{}` | | -| autoendpoint.image.pullPolicy | string | `"IfNotPresent"` | | -| autoendpoint.image.registry | string | `"codeberg.org"` | | -| autoendpoint.image.repository | string | `"wrenix/autopush/autoendpoint"` | | -| autoendpoint.image.tag | string | `"latest"` | | -| autoendpoint.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| autoendpoint.nodeSelector | object | `{}` | | -| autoendpoint.podAnnotations | object | `{}` | | -| autoendpoint.podLabels | object | `{}` | | -| autoendpoint.podSecurityContext | object | `{}` | | -| autoendpoint.readinessProbe.httpGet.path | string | `"/health"` | | -| autoendpoint.readinessProbe.httpGet.port | string | `"http"` | | -| autoendpoint.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| autoendpoint.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| autoendpoint.securityContext | object | `{}` | | -| autoendpoint.service.port | int | `80` | | -| autoendpoint.service.type | string | `"ClusterIP"` | | -| autoendpoint.tolerations | list | `[]` | | -| autoendpoint.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| config.cryptoKey | string | `""` | run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py | -| config.logs.backtrace | bool | `false` | enable backtrace of autopush | -| config.logs.level | string | `"warn"` | set log level of autopush | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.host | string | `"chart-example.local"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | This is to override the chart name. | -| prometheus.enabled | bool | `true` | start statsd sidecar and configure | -| prometheus.image.pullPolicy | string | `"IfNotPresent"` | | -| prometheus.image.registry | string | `"docker.io"` | | -| prometheus.image.repository | string | `"prom/statsd-exporter"` | | -| prometheus.image.tag | string | `"v0.28.0"` | | -| prometheus.livenessProbe | object | `{"httpGet":{"path":"/","port":"metrics"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| prometheus.readinessProbe.httpGet.path | string | `"/"` | | -| prometheus.readinessProbe.httpGet.port | string | `"metrics"` | | -| prometheus.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.default.alertLabels | object | `{}` | | -| prometheus.rules.default.enabled | bool | `true` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.securityContext | object | `{}` | securityContext capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecret | string | `nil` | Or use existing secret with "redis-password" key instead of static password | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"autopush"` | XXX Change me! | -| redis.dbid | int | `0` | Database ID for non-default database | -| redis.external.existingSecretPasswordKey | string | `"redis-password"` | Password key to be retrieved from existing secret | -| redis.external.host | string | `"redis"` | | -| redis.external.port | int | `6379` | | -| redis.global.storageClass | string | `""` | | -| redis.internal | bool | `true` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.master.service.port | int | `6379` | | -| redis.replica.persistence.enabled | bool | `true` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| unifiedPush.affinity | object | `{}` | | -| unifiedPush.config.gateway.allowedHosts | list | `[]` | | -| unifiedPush.config.gateway.generic.enable | bool | `true` | | -| unifiedPush.config.gateway.matrix.enable | bool | `true` | | -| unifiedPush.config.uaid | string | `""` | | -| unifiedPush.config.verbose | bool | `false` | | -| unifiedPush.enabled | bool | `false` | | -| unifiedPush.image.pullPolicy | string | `"IfNotPresent"` | | -| unifiedPush.image.registry | string | `"docker.io"` | | -| unifiedPush.image.repository | string | `"unifiedpush/common-proxies"` | | -| unifiedPush.image.tag | string | `"v2.2.0"` | | -| unifiedPush.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| unifiedPush.nodeSelector | object | `{}` | | -| unifiedPush.podAnnotations | object | `{}` | | -| unifiedPush.podLabels | object | `{}` | | -| unifiedPush.podSecurityContext | object | `{}` | | -| unifiedPush.readinessProbe.httpGet.path | string | `"/health"` | | -| unifiedPush.readinessProbe.httpGet.port | string | `"http"` | | -| unifiedPush.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| unifiedPush.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| unifiedPush.securityContext | object | `{}` | | -| unifiedPush.service.port | int | `80` | | -| unifiedPush.service.type | string | `"ClusterIP"` | | -| unifiedPush.tolerations | list | `[]` | | -| unifiedPush.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| volumes | list | `[]` | Additional volumes on the output Deployment definition. - name: foo secret: secretName: mysecret optional: false | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/autopush/_docs.gotmpl b/autopush/_docs.gotmpl deleted file mode 100644 index fb13262..0000000 --- a/autopush/_docs.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ -{{ define "chart.prerequirements" -}} -= Beta - -WARNING -==== -We let it run in production, but it is not stable / complete. - -TODOs: - - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813 - - [ ] automatical create CRYPT_KEY (instatt of key) - - [ ] better ingress / host name support - - [ ] Improve monitoring with alerts and grafana dashboard - -==== -{{ end }} diff --git a/autopush/ci/ct-empty-values.yaml b/autopush/ci/ct-empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/autopush/ci/ct-monitor-values.yaml b/autopush/ci/ct-monitor-values.yaml deleted file mode 100644 index f589e9d..0000000 --- a/autopush/ci/ct-monitor-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -prometheus: - enabled: true - servicemonitor: - enabled: true - labels: - prometheus: default diff --git a/autopush/container/Containerfile b/autopush/container/Containerfile deleted file mode 100644 index 25167df..0000000 --- a/autopush/container/Containerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3.13-slim - -# Set the working directory -WORKDIR /app - -# Copy the requirements file -COPY requirements.txt . - -# Install any needed packages -RUN pip install -r requirements.txt - -# Copy the application code into the container -COPY setup.py setup.py - -CMD ["python", "setup.py"] diff --git a/autopush/container/requirements.txt b/autopush/container/requirements.txt deleted file mode 100644 index 0d38bc5..0000000 --- a/autopush/container/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -cryptography diff --git a/autopush/container/setup.py b/autopush/container/setup.py deleted file mode 100644 index 3cbdcd2..0000000 --- a/autopush/container/setup.py +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/env python3 -from cryptography.fernet import Fernet - -if __name__ == '__main__': - print(Fernet.generate_key().decode("UTF-8")) diff --git a/autopush/grafana_dashboards/overview.json b/autopush/grafana_dashboards/overview.json deleted file mode 100644 index f0c0390..0000000 --- a/autopush/grafana_dashboards/overview.json +++ /dev/null @@ -1,355 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 4, - "panels": [], - "title": "Push", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 9, - "x": 0, - "y": 1 - }, - "id": 1, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": true, - "values": [ - "percent" - ] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_notification_message_retrieved{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "legendFormat": "Retrieved: {{namespace}}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_notification_message_deleted{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "hide": false, - "instant": false, - "legendFormat": "Deleted: {{namespace}}", - "range": true, - "refId": "B" - } - ], - "title": "Notification Message", - "transparent": true, - "type": "piechart" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 10, - "y": 1 - }, - "id": 2, - "options": { - "legend": { - "displayMode": "list", - "placement": "right", - "showLegend": true, - "values": [ - "percent" - ] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_ua_notification_sent{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "hide": false, - "instant": false, - "legendFormat": "OS: {{namespace}}/{{os}}", - "range": true, - "refId": "A" - } - ], - "title": "UA Notify Send", - "transparent": true, - "type": "piechart" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 5, - "panels": [], - "title": "Endpoint", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 10 - }, - "id": 3, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autoendpoint_api_error_no_subscription{namespace=~\"$namespace\"}[$__range])) without(container,endpoint,instance,pod,service,job)", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "No Subscription API Error", - "transparent": true, - "type": "timeseries" - } - ], - "preload": false, - "refresh": "", - "schemaVersion": 40, - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "prometheus" - }, - "label": "datasource", - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "current": { - "text": [ - "chaos-autopush" - ], - "value": [ - "chaos-autopush" - ] - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(statsd_exporter_build_info,namespace)", - "includeAll": true, - "multi": true, - "name": "namespace", - "options": [], - "query": { - "qryType": 1, - "query": "label_values(statsd_exporter_build_info,namespace)", - "refId": "PrometheusVariableQueryEditor-VariableQuery" - }, - "refresh": 1, - "regex": "", - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "Autopush: Overview", - "version": 0, - "weekStart": "" -} diff --git a/autopush/templates/_helpers.tpl b/autopush/templates/_helpers.tpl deleted file mode 100644 index 237e348..0000000 --- a/autopush/templates/_helpers.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "autopush.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "autopush.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "autopush.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "autopush.labels" -}} -helm.sh/chart: {{ include "autopush.chart" . }} -{{ include "autopush.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "autopush.selectorLabels" -}} -app.kubernetes.io/name: {{ include "autopush.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "autopush.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "autopush.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Prometheus-sidecar -*/}} -{{- define "autopush.containerPrometheus" -}} -{{- with .Values.prometheus }} -{{- if .enabled }} -- name: statsd-exporter - securityContext: - {{- toYaml .securityContext | nindent 4 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: metrics - containerPort: 9102 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 4 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 4 }} - resources: - {{- toYaml .resources | nindent 4 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/autopush/templates/autoconnect/deployment.yaml b/autopush/templates/autoconnect/deployment.yaml deleted file mode 100644 index de027ec..0000000 --- a/autopush/templates/autoconnect/deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- with .Values.autoconnect }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-autoconnect - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: autoconnect - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: autoconnect - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: autoconnect - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "autopush.fullname" $ }}-env - env: - - name: "AUTOCONNECT__DB_DSN" - {{- if $.Values.redis.auth.enabled }} - value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)" - {{- else }} - value: "redis://$(REDIS_HOST)" - {{- end }} - - name: "AUTOCONNECT__CRYPTO_KEY" - valueFrom: - secretKeyRef: - name: {{ include "autopush.fullname" $ }}-env - key: "CRYPTO_KEY" - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: router - containerPort: {{ .service.ports.router }} - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- include "autopush.containerPrometheus" $ | nindent 8 }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/autoconnect/service.yaml b/autopush/templates/autoconnect/service.yaml deleted file mode 100644 index b94b1fc..0000000 --- a/autopush/templates/autoconnect/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-autoconnect - labels: - {{- include "autopush.labels" . | nindent 4 }} - app.kubernetes.io/metrics: "true" -spec: - type: {{ .Values.autoconnect.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: autoconnect - ports: - - port: {{ .Values.autoconnect.service.ports.http }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.autoconnect.service.ports.router }} - targetPort: router - protocol: TCP - name: router - {{- if .Values.prometheus.enabled }} - - port: 9100 - targetPort: metrics - protocol: TCP - name: metrics - {{- end }} diff --git a/autopush/templates/autoendpoint/deployment.yaml b/autopush/templates/autoendpoint/deployment.yaml deleted file mode 100644 index f738b48..0000000 --- a/autopush/templates/autoendpoint/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- with .Values.autoendpoint }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-autoendpoint - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: autoendpoint - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: autoendpoint - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: autoendpoint - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "autopush.fullname" $ }}-env - env: - - name: "AUTOEND__DB_DSN" - {{- if $.Values.redis.auth.enabled }} - value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)" - {{- else }} - value: "redis://$(REDIS_HOST)" - {{- end }} - - name: "AUTOEND__CRYPTO_KEYS" - valueFrom: - secretKeyRef: - name: {{ include "autopush.fullname" $ }}-env - key: "CRYPTO_KEY" - ports: - - name: http - containerPort: 8000 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- include "autopush.containerPrometheus" $ | nindent 8 }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/autoendpoint/service.yaml b/autopush/templates/autoendpoint/service.yaml deleted file mode 100644 index 94f3eac..0000000 --- a/autopush/templates/autoendpoint/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-autoendpoint - labels: - {{- include "autopush.labels" . | nindent 4 }} - app.kubernetes.io/metrics: "true" -spec: - type: {{ .Values.autoendpoint.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: autoendpoint - ports: - - port: {{ .Values.autoendpoint.service.port }} - targetPort: http - protocol: TCP - name: http - {{- if .Values.prometheus.enabled }} - - port: 9100 - targetPort: metrics - protocol: TCP - name: metrics - {{- end }} diff --git a/autopush/templates/configmap_grafana_dashboards.yaml b/autopush/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 0b8850c..0000000 --- a/autopush/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "autopush.fullname" . }}-grafana-dashboards - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/autopush/templates/ingress.yaml b/autopush/templates/ingress.yaml deleted file mode 100644 index a5e2dd4..0000000 --- a/autopush/templates/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - rules: - - host: {{ .Values.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-autoconnect - port: - name: http - - host: {{ printf "updates.%s" .Values.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-autoendpoint - port: - name: http - {{- with .Values.unifiedPush }} - {{- if .enabled }} - {{- if .config.gateway.generic.enable }} - - path: /generic/ - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-unifiedpush - port: - name: http - {{- end }} - {{- if .config.gateway.matrix.enable }} - - path: /_matrix/push/v1/notify - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-unifiedpush - port: - name: http - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/autopush/templates/prometheus-rules.yaml b/autopush/templates/prometheus-rules.yaml deleted file mode 100644 index c7d1b34..0000000 --- a/autopush/templates/prometheus-rules.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.prometheus.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - {{- if .Values.prometheus.rules.default.enabled }} - - name: {{ template "autopush.fullname" . }}-Endpoint - rules: - - alert: "autopush: No Subscription API Error" - expr: 'sum(increase(autoendpoint_api_error_no_subscription{}[1h])) without (container,endpoint,pod,instance) > 0' - for: 5m - labels: - severity: critical - {{- with .Values.prometheus.rules.default.alertLabels }} - {{- toYaml . | nindent 12 }} - {{- end }} - annotations: - {{` - summary: "autoendpoint: No Subscription API Error in {{ $labels.namespace }}/{{ $labels.job }} increate in the last hour" - `}} - {{/* - - name: {{ template "autopush.fullname" . }}-Push - rules: - */}} - {{- end }} - {{- with .Values.prometheus.rules.additionalRules }} - - name: {{ template "autopush.fullname" $ }}-Additional - rules: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/secret.yaml b/autopush/templates/secret.yaml deleted file mode 100644 index bb84a35..0000000 --- a/autopush/templates/secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "autopush.fullname" . }}-env - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" -type: Opaque -data: - {{/* GLOBAL */}} - RUST_BACKTRACE: {{ ternary "1" "0" .Values.config.logs.backtrace | b64enc }} - RUST_LOG: {{ .Values.config.logs.level | b64enc }} - {{- with .Values.redis }} - {{- if .auth.enabled }} - {{- with .auth.password }} - REDIS_HOST_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- end }} - {{- if .internal }} - REDIS_HOST: {{ printf "%s-redis-master:%.0f/%.0f" (include "autopush.fullname" $) .master.service.port .dbid | b64enc }} - {{- else }} - REDIS_HOST: {{ printf "%s:%s/$.0f" .external.host .external.port .dbid | b64enc }} - {{- end }} - {{- end }} - CRYPTO_KEY: {{ printf "[%s]" .Values.config.cryptoKey | b64enc }} - {{/* autoconnect */}} - {{- if .Values.ingress.tls }} - AUTOCONNECT__ENDPOINT_SCHEME: {{ "https" | b64enc }} - AUTOCONNECT__ENDPOINT_PORT: {{ "443" | b64enc }} - {{- else }} - AUTOCONNECT__ENDPOINT_SCHEME: {{ "http" | b64enc }} - AUTOCONNECT__ENDPOINT_PORT: {{ "80" | b64enc }} - {{- end }} - AUTOCONNECT__ENDPOINT_HOSTNAME: {{ printf "updates.%s" .Values.ingress.host | b64enc }} - AUTOCONNECT__ROUTER_HOSTNAME: {{ printf "%s-autoconnect" (include "autopush.fullname" .) | b64enc }} - AUTOCONNECT__ROUTER_PORT: {{ toYaml .Values.autoconnect.service.ports.router | b64enc }} - {{- if .Values.prometheus.enabled }} - AUTOCONNECT__STATSD_HOST: {{ "127.0.0.1" | b64enc}} - AUTOCONNECT__STATSD_PORT: {{ "9125" | b64enc }} - {{- end }} - {{/* autoendpoint */}} - AUTOEND__HOST: {{ "::" | b64enc }} - {{- if .Values.ingress.tls }} - AUTOEND__ENDPOINT_URL: {{ printf "https://updates.%s" .Values.ingress.host | b64enc }} - {{- else }} - AUTOEND__ENDPOINT_URL: {{ printf "http://updates.%s" .Values.ingress.host | b64enc }} - {{- end }} - {{- if .Values.prometheus.enabled }} - AUTOEND__STATSD_HOST: {{ "127.0.0.1" | b64enc }} - AUTOEND__STATSD_PORT: {{ "9125" | b64enc }} - {{- end }} diff --git a/autopush/templates/serviceaccount.yaml b/autopush/templates/serviceaccount.yaml deleted file mode 100644 index f341e97..0000000 --- a/autopush/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "autopush.serviceAccountName" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/autopush/templates/servicemonitor.yaml b/autopush/templates/servicemonitor.yaml deleted file mode 100644 index 44569c5..0000000 --- a/autopush/templates/servicemonitor.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "autopush.selectorLabels" . | nindent 6 }} - app.kubernetes.io/metrics: "true" - endpoints: - - port: metrics -{{- end }} diff --git a/autopush/templates/unifiedpush/deployment.yaml b/autopush/templates/unifiedpush/deployment.yaml deleted file mode 100644 index 62ddbd5..0000000 --- a/autopush/templates/unifiedpush/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- with .Values.unifiedPush }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-unifiedpush - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: unifiedpush - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: unifiedpush - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: common-proxies - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "UP_LISTEN" - value: ":8080" - {{- if .config.verbose }} - - name: "UP_VERBOSE" - value: "true" - {{- end }} - {{- with .config.uaid }} - - name: "UP_UAID" - value: {{ . | quote }} - {{- end }} - {{- if .config.gateway.generic.enable }} - - name: "UP_GATEWAY_GENERIC_ENABLE" - value: "true" - {{- end }} - {{- if .config.gateway.matrix.enable }} - - name: "UP_GATEWAY_MATRIX_ENABLE" - value: "true" - {{- end }} - {{- with .config.gateway.allowedHosts }} - - name: "UP_GATEWAY_ALLOWEDHOSTS" - value: {{ join "," . | quote }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/autopush/templates/unifiedpush/service.yaml b/autopush/templates/unifiedpush/service.yaml deleted file mode 100644 index 300a35c..0000000 --- a/autopush/templates/unifiedpush/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.unifiedPush.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-unifiedpush - labels: - app.kubernetes.io/metrics: "true" - {{- include "autopush.labels" . | nindent 4 }} -spec: - type: {{ .Values.unifiedPush.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: unifiedpush - ports: - - port: {{ .Values.unifiedPush.service.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/autopush/values.yaml b/autopush/values.yaml deleted file mode 100644 index e17ad54..0000000 --- a/autopush/values.yaml +++ /dev/null @@ -1,378 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -# -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# -- This is to override the chart name. -nameOverride: "" -fullnameOverride: "" - - -config: - logs: - # -- set log level of autopush - level: warn - # -- enable backtrace of autopush - backtrace: false - # -- run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py - cryptoKey: "" - -prometheus: - # -- start statsd sidecar and configure - enabled: true - - servicemonitor: - enabled: false - labels: {} - rules: - enabled: false - labels: {} - default: - enabled: true - alertLabels: {} - additionalRules: [] - - image: - registry: docker.io - repository: prom/statsd-exporter - pullPolicy: IfNotPresent - tag: v0.28.0 - - # -- securityContext - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - securityContext: {} - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: / - port: metrics - readinessProbe: - httpGet: - path: / - port: metrics - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -## This configuration is for the internal Redis that's deployed for use with -## workers/sharding, for an external Redis server you want to set enabled to -## false and configure the externalRedis block. -## -redis: - internal: true - # -- Database ID for non-default database - dbid: 0 - - auth: - enabled: true - # -- XXX Change me! - password: autopush - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - - # -- Or use existing secret with "redis-password" key instead of static password - existingSecret: - external: - host: redis - port: 6379 - - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: redis-password - - - architecture: standalone - global: - storageClass: "" - master: - persistence: - enabled: true - service: - port: 6379 - replica: - persistence: - enabled: true - -autoconnect: - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: codeberg.org - repository: wrenix/autopush/autoconnect - pullPolicy: IfNotPresent - tag: latest - # -- This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # -- This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - # -- securityContext - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - securityContext: {} - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - ports: - http: 80 - router: 8081 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -autoendpoint: - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: codeberg.org - repository: wrenix/autopush/autoendpoint - pullPolicy: IfNotPresent - tag: latest - - # This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -unifiedPush: - enabled: false - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: docker.io - repository: unifiedpush/common-proxies - pullPolicy: IfNotPresent - tag: "v2.2.0" - - config: - verbose: false - uaid: "" - gateway: - generic: - enable: true - matrix: - enable: true - allowedHosts: [] - - # This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - - -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - host: chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - -# -- Additional volumes on the output Deployment definition. -# - name: foo -# secret: -# secretName: mysecret -# optional: false -volumes: [] diff --git a/conduit/Chart.yaml b/conduit/Chart.yaml index f08ac21..be63ad8 100644 --- a/conduit/Chart.yaml +++ b/conduit/Chart.yaml @@ -3,9 +3,9 @@ name: conduit description: Conduit is a simple, fast and reliable chat server powered by Matrix. icon: https://conduit.rs/conduit.svg type: application -version: "1.0.2" -# renovate: image=docker.io/matrixconduit/matrix-conduit -appVersion: "0.9.0" +version: 0.3.1 +# renovate: image=registry.gitlab.com/famedly/conduit/matrix-conduit +appVersion: "0.7.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/conduit/README.adoc b/conduit/README.adoc new file mode 100644 index 0000000..6a29bf8 --- /dev/null +++ b/conduit/README.adoc @@ -0,0 +1,416 @@ + + += conduit + +image::https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square[Version: 0.3.1] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square[AppVersion: 0.7.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/conduit +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall conduit-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| conduit.allowEncryption +| bool +| `true` +| + +| conduit.allowFederation +| bool +| `true` +| + +| conduit.allowRegistration +| bool +| `false` +| + +| conduit.allowRoomCreation +| bool +| `true` +| + +| conduit.allowUnstableRoomVersions +| bool +| `true` +| + +| conduit.log +| string +| `nil` +| + +| conduit.maxConcurrentRequests +| string +| `nil` +| + +| conduit.maxRequestSize +| string +| `"20000000"` +| in bytes default 20 MB + +| conduit.registrationToken +| string +| `nil` +| + +| conduit.server_name +| string +| `"your.server.name"` +| + +| conduit.trustedServers[0] +| string +| `"matrix.org"` +| + +| conduit.wellKnownClient +| string +| `"your.server.name"` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"registry.gitlab.com"` +| + +| image.repository +| string +| `"famedly/conduit/matrix-conduit"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `6167` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| wellknown.affinity +| object +| `{}` +| + +| wellknown.client."m.homeserver".base_url +| string +| `"https://your.server.name/"` +| + +| wellknown.client."org.matrix.msc3575.proxy".url +| string +| `"https://your.server.name/"` +| + +| wellknown.containerPort +| int +| `80` +| + +| wellknown.enabled +| bool +| `true` +| + +| wellknown.env +| list +| `[]` +| + +| wellknown.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| wellknown.image.registry +| string +| `"docker.io"` +| + +| wellknown.image.repository +| string +| `"library/nginx"` +| + +| wellknown.image.tag +| string +| `"1.26"` +| + +| wellknown.nodeSelector +| object +| `{}` +| + +| wellknown.podAnnotations +| list +| `[]` +| + +| wellknown.podLabels +| object +| `{}` +| + +| wellknown.podSecurityContext +| object +| `{}` +| + +| wellknown.replicaCount +| int +| `1` +| + +| wellknown.resources +| object +| `{}` +| + +| wellknown.securityContext +| object +| `{}` +| + +| wellknown.server."m.server" +| string +| `"your.server.name:443"` +| + +| wellknown.service.annotations +| object +| `{}` +| + +| wellknown.service.port +| int +| `8080` +| + +| wellknown.service.type +| string +| `"ClusterIP"` +| + +| wellknown.tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/conduit/README.md b/conduit/README.md deleted file mode 100644 index 077d31e..0000000 --- a/conduit/README.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: "conduit" - -description: "Conduit is a simple, fast and reliable chat server powered by Matrix." - ---- - -# conduit - -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) - -Conduit is a simple, fast and reliable chat server powered by Matrix. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/conduit -``` - -You can install a chart release using the following command: - -```bash -helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall conduit-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| conduit.allowEncryption | bool | `true` | | -| conduit.allowFederation | bool | `true` | | -| conduit.allowRegistration | bool | `false` | | -| conduit.allowRoomCreation | bool | `true` | | -| conduit.allowUnstableRoomVersions | bool | `true` | | -| conduit.log | string | `nil` | | -| conduit.maxConcurrentRequests | string | `nil` | | -| conduit.maxRequestSize | string | `"20000000"` | in bytes default 20 MB | -| conduit.registrationToken | string | `nil` | | -| conduit.server_name | string | `"your.server.name"` | | -| conduit.trustedServers[0] | string | `"matrix.org"` | | -| conduit.wellKnown.client | string | `""` | client well-known configuration in conduit | -| conduit.wellKnown.server | string | `"https://your.server.name"` | server well-known configuration in conduit | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"matrixconduit/matrix-conduit"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `6167` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| wellknown.affinity | object | `{}` | | -| wellknown.client | object | `{"m.homeserver":{"base_url":"https://your.server.name/"},"org.matrix.msc3575.proxy":{"url":"https://your.server.name/"}}` | client entry in well-known | -| wellknown.containerPort | int | `80` | | -| wellknown.enabled | bool | `false` | | -| wellknown.env | list | `[]` | | -| wellknown.image.pullPolicy | string | `"IfNotPresent"` | | -| wellknown.image.registry | string | `"docker.io"` | | -| wellknown.image.repository | string | `"library/nginx"` | | -| wellknown.image.tag | string | `"1.27.3"` | | -| wellknown.nginxServerConf | string | `"server {\n listen {{ .containerPort }};\n server_name localhost;\n\n location /.well-known/matrix/server {\n return 200 {{ toJson .server | quote }};\n types { } default_type \"application/json; charset=utf-8\";\n }\n\n location /.well-known/matrix/client {\n return 200 {{ toJson .client | quote }};\n types { } default_type \"application/json; charset=utf-8\";\n add_header \"Access-Control-Allow-Origin\" *;\n }\n\n location / {\n # return 200 'Welcome to the your.server.name conduit server!';\n # types { } default_type \"text/plain; charset=utf-8\";\n return 404;\n }\n\n location /nginx_health {\n return 200 'OK';\n types { } default_type \"text/plain; charset=utf-8\";\n }\n}"` | nginx config | -| wellknown.nodeSelector | object | `{}` | | -| wellknown.podAnnotations | list | `[]` | | -| wellknown.podLabels | object | `{}` | | -| wellknown.podSecurityContext | object | `{}` | | -| wellknown.replicaCount | int | `1` | | -| wellknown.resources | object | `{}` | | -| wellknown.rewriteRoot | bool | `false` | if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server | -| wellknown.securityContext | object | `{}` | | -| wellknown.server | object | `{"m.server":"your.server.name:443"}` | server entry in well-known | -| wellknown.service.annotations | object | `{}` | | -| wellknown.service.port | int | `8080` | | -| wellknown.service.type | string | `"ClusterIP"` | | -| wellknown.tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/conduit/ci/empty-values.yaml b/conduit/ci/empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/conduit/ci/well-known-values.yaml b/conduit/ci/well-known-values.yaml deleted file mode 100644 index 0982dd2..0000000 --- a/conduit/ci/well-known-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -conduit: - server_name: test.wrenix.eu - wellKnown: - server: "overwritten-test:443" - client: "https://overwritten-test" - -wellknown: - enabled: true - -ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: test.wrenix.eu - paths: - - path: / - pathType: Prefix - tls: - - secretName: test - hosts: - - test.wrenix.eu diff --git a/conduit/templates/deployment.yaml b/conduit/templates/deployment.yaml index 8c10770..2145ec5 100644 --- a/conduit/templates/deployment.yaml +++ b/conduit/templates/deployment.yaml @@ -97,14 +97,10 @@ spec: - name: "CONDUIT_REGISTRATION_TOKEN" value: {{ . | quote }} {{- end }} - {{- with .Values.conduit.wellKnown.client }} + {{- with .Values.conduit.wellKnownClient }} - name: "CONDUIT_WELL_KNOWN_CLIENT" value: {{ . | quote }} {{- end }} - {{- with .Values.conduit.wellKnown.server }} - - name: "CONDUIT_WELL_KNOWN_SERVER" - value: {{ . | quote }} - {{- end }} volumeMounts: - name: "data" mountPath: "/var/lib/matrix-conduit" diff --git a/conduit/templates/ingress.yaml b/conduit/templates/ingress.yaml index 851dbf3..1962e8b 100644 --- a/conduit/templates/ingress.yaml +++ b/conduit/templates/ingress.yaml @@ -76,14 +76,5 @@ spec: name: {{ include "conduit.fullname" . }}-wellknown port: name: http - {{- if .Values.wellknown.rewriteRoot }} - - path: / - pathType: Exact - backend: - service: - name: {{ include "conduit.fullname" . }}-wellknown - port: - name: http - {{- end }} {{- end }} {{- end }} diff --git a/conduit/templates/wellknown/configmap.yaml b/conduit/templates/wellknown/configmap.yaml index d902f1e..868c59c 100644 --- a/conduit/templates/wellknown/configmap.yaml +++ b/conduit/templates/wellknown/configmap.yaml @@ -2,11 +2,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "conduit.fullname" . }}-nginx-wellknown + name: {{ include "conduit.fullname" . }}-wellknown labels: {{- include "conduit.labels" . | nindent 4 }} data: - {{- with .Values.wellknown}} - default.conf: {{ tpl .nginxServerConf . | toYaml | nindent 4 }} - {{- end }} -{{- end }} + server: {{ toJson .Values.wellknown.server | quote }} + client: {{ toJson .Values.wellknown.client | quote }} +{{- end }} \ No newline at end of file diff --git a/conduit/templates/wellknown/deployment.yaml b/conduit/templates/wellknown/deployment.yaml index 9ccd0c7..eded4fc 100644 --- a/conduit/templates/wellknown/deployment.yaml +++ b/conduit/templates/wellknown/deployment.yaml @@ -24,7 +24,6 @@ spec: {{- with .Values.wellknown.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} - type: wellknown spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -47,19 +46,17 @@ spec: protocol: TCP livenessProbe: httpGet: - path: /nginx_health + path: / port: http readinessProbe: httpGet: - path: /nginx_health + path: / port: http resources: {{- toYaml .Values.wellknown.resources | nindent 12 }} volumeMounts: - - name: "wellknown-nginx-conf" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: default.conf - readOnly: true + - name: "data" + mountPath: "/usr/share/nginx/html/.well-known/matrix/" {{- with .Values.wellknown.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -73,7 +70,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: "wellknown-nginx-conf" + - name: "data" configMap: - name: {{ include "conduit.fullname" . }}-nginx-wellknown + name: {{ include "conduit.fullname" . }}-wellknown {{- end }} diff --git a/conduit/values.yaml b/conduit/values.yaml index 9e45997..0df5ba0 100644 --- a/conduit/values.yaml +++ b/conduit/values.yaml @@ -5,8 +5,8 @@ replicaCount: 1 image: - registry: docker.io - repository: matrixconduit/matrix-conduit + registry: registry.gitlab.com + repository: famedly/conduit/matrix-conduit pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -40,19 +40,15 @@ conduit: # log: "warn,rocket=off,_=off,sled=off" log: registrationToken: - wellKnown: - # -- client well-known configuration in conduit - client: "" - # -- server well-known configuration in conduit - server: "https://your.server.name" + wellKnownClient: "your.server.name" wellknown: - enabled: false + enabled: true image: registry: docker.io repository: library/nginx pullPolicy: IfNotPresent - tag: "1.27.3" + tag: "1.26" replicaCount: 1 podLabels: {} @@ -71,48 +67,15 @@ wellknown: port: 8080 annotations: {} - # -- if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server - rewriteRoot: false - - # -- server entry in well-known + # TO EDIT: server: "m.server": "your.server.name:443" - # -- client entry in well-known client: "m.homeserver": "base_url": "https://your.server.name/" "org.matrix.msc3575.proxy": "url": "https://your.server.name/" - # -- nginx config - nginxServerConf: |- - server { - listen {{ .containerPort }}; - server_name localhost; - - location /.well-known/matrix/server { - return 200 {{ toJson .server | quote }}; - types { } default_type "application/json; charset=utf-8"; - } - - location /.well-known/matrix/client { - return 200 {{ toJson .client | quote }}; - types { } default_type "application/json; charset=utf-8"; - add_header "Access-Control-Allow-Origin" *; - } - - location / { - # return 200 'Welcome to the your.server.name conduit server!'; - # types { } default_type "text/plain; charset=utf-8"; - return 404; - } - - location /nginx_health { - return 200 'OK'; - types { } default_type "text/plain; charset=utf-8"; - } - } - podLabels: {} podAnnotations: {} diff --git a/docs/antora.yml b/docs/antora.yml new file mode 100644 index 0000000..1bbd506 --- /dev/null +++ b/docs/antora.yml @@ -0,0 +1,8 @@ +name: wrenix-helm +title: "WrenIX's Helm charts" +version: + main: latest + +nav: + - modules/ROOT/nav.adoc + - modules/charts/nav.adoc diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc new file mode 100644 index 0000000..5d67faa --- /dev/null +++ b/docs/modules/ROOT/nav.adoc @@ -0,0 +1 @@ +* xref:index.adoc[Home] diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc new file mode 120000 index 0000000..2cfd4f7 --- /dev/null +++ b/docs/modules/ROOT/pages/index.adoc @@ -0,0 +1 @@ +../../../../README.adoc \ No newline at end of file diff --git a/docs/modules/charts/generate.sh b/docs/modules/charts/generate.sh new file mode 100755 index 0000000..8be5646 --- /dev/null +++ b/docs/modules/charts/generate.sh @@ -0,0 +1,16 @@ +#!/bin/sh +ROOT_DIR="./docs/modules/charts/" + +rm "${ROOT_DIR}/pages/"*".adoc" + +echo "* charts" > "${ROOT_DIR}/nav.adoc" +for name in * ; do + if \ + [ ! -d $name ] || \ + [ ! -f $name/Chart.yaml ] \ + ; then + continue; + fi + ln -sf "../../../../${name}/README.adoc" "${ROOT_DIR}/pages/${name}.adoc"; + echo "** xref:${name}.adoc[${name}]" >> "${ROOT_DIR}/nav.adoc" +done diff --git a/docs/modules/charts/nav.adoc b/docs/modules/charts/nav.adoc new file mode 100644 index 0000000..d8ebf40 --- /dev/null +++ b/docs/modules/charts/nav.adoc @@ -0,0 +1,22 @@ +* charts +** xref:alertmanager-matrix.adoc[alertmanager-matrix] +** xref:alertmanager-ntfy.adoc[alertmanager-ntfy] +** xref:authentik-application.adoc[authentik-application] +** xref:conduit.adoc[conduit] +** xref:forgejo-runner.adoc[forgejo-runner] +** xref:gotosocial.adoc[gotosocial] +** xref:grampsweb.adoc[grampsweb] +** xref:headscale.adoc[headscale] +** xref:headscale-ui.adoc[headscale-ui] +** xref:home-assistant.adoc[home-assistant] +** xref:hydrogen-web.adoc[hydrogen-web] +** xref:jellyfin.adoc[jellyfin] +** xref:matrix-authentication-service.adoc[matrix-authentication-service] +** xref:matrix-sliding-sync.adoc[matrix-sliding-sync] +** xref:matrix-synapse.adoc[matrix-synapse] +** xref:mautrix-signal.adoc[mautrix-signal] +** xref:miniserve.adoc[miniserve] +** xref:monitoring.adoc[monitoring] +** xref:ntfy.adoc[ntfy] +** xref:postgresql.adoc[postgresql] +** xref:stalwart-mail.adoc[stalwart-mail] diff --git a/docs/modules/charts/pages/alertmanager-matrix.adoc b/docs/modules/charts/pages/alertmanager-matrix.adoc new file mode 120000 index 0000000..ff1eee6 --- /dev/null +++ b/docs/modules/charts/pages/alertmanager-matrix.adoc @@ -0,0 +1 @@ +../../../../alertmanager-matrix/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/alertmanager-ntfy.adoc b/docs/modules/charts/pages/alertmanager-ntfy.adoc new file mode 120000 index 0000000..e2a0a08 --- /dev/null +++ b/docs/modules/charts/pages/alertmanager-ntfy.adoc @@ -0,0 +1 @@ +../../../../alertmanager-ntfy/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/authentik-application.adoc b/docs/modules/charts/pages/authentik-application.adoc new file mode 120000 index 0000000..70e47ed --- /dev/null +++ b/docs/modules/charts/pages/authentik-application.adoc @@ -0,0 +1 @@ +../../../../authentik-application/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/conduit.adoc b/docs/modules/charts/pages/conduit.adoc new file mode 120000 index 0000000..6875802 --- /dev/null +++ b/docs/modules/charts/pages/conduit.adoc @@ -0,0 +1 @@ +../../../../conduit/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/forgejo-runner.adoc b/docs/modules/charts/pages/forgejo-runner.adoc new file mode 120000 index 0000000..0eb60e0 --- /dev/null +++ b/docs/modules/charts/pages/forgejo-runner.adoc @@ -0,0 +1 @@ +../../../../forgejo-runner/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/gotosocial.adoc b/docs/modules/charts/pages/gotosocial.adoc new file mode 120000 index 0000000..3bff7d2 --- /dev/null +++ b/docs/modules/charts/pages/gotosocial.adoc @@ -0,0 +1 @@ +../../../../gotosocial/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/grampsweb.adoc b/docs/modules/charts/pages/grampsweb.adoc new file mode 120000 index 0000000..a22b6d5 --- /dev/null +++ b/docs/modules/charts/pages/grampsweb.adoc @@ -0,0 +1 @@ +../../../../grampsweb/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/headscale-ui.adoc b/docs/modules/charts/pages/headscale-ui.adoc new file mode 120000 index 0000000..bcac646 --- /dev/null +++ b/docs/modules/charts/pages/headscale-ui.adoc @@ -0,0 +1 @@ +../../../../headscale-ui/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/headscale.adoc b/docs/modules/charts/pages/headscale.adoc new file mode 120000 index 0000000..ae41e9a --- /dev/null +++ b/docs/modules/charts/pages/headscale.adoc @@ -0,0 +1 @@ +../../../../headscale/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/home-assistant.adoc b/docs/modules/charts/pages/home-assistant.adoc new file mode 120000 index 0000000..d31bc71 --- /dev/null +++ b/docs/modules/charts/pages/home-assistant.adoc @@ -0,0 +1 @@ +../../../../home-assistant/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/hydrogen-web.adoc b/docs/modules/charts/pages/hydrogen-web.adoc new file mode 120000 index 0000000..bfe8227 --- /dev/null +++ b/docs/modules/charts/pages/hydrogen-web.adoc @@ -0,0 +1 @@ +../../../../hydrogen-web/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/jellyfin.adoc b/docs/modules/charts/pages/jellyfin.adoc new file mode 120000 index 0000000..90b210f --- /dev/null +++ b/docs/modules/charts/pages/jellyfin.adoc @@ -0,0 +1 @@ +../../../../jellyfin/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/matrix-authentication-service.adoc b/docs/modules/charts/pages/matrix-authentication-service.adoc new file mode 120000 index 0000000..7f372d3 --- /dev/null +++ b/docs/modules/charts/pages/matrix-authentication-service.adoc @@ -0,0 +1 @@ +../../../../matrix-authentication-service/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/matrix-sliding-sync.adoc b/docs/modules/charts/pages/matrix-sliding-sync.adoc new file mode 120000 index 0000000..abf59a4 --- /dev/null +++ b/docs/modules/charts/pages/matrix-sliding-sync.adoc @@ -0,0 +1 @@ +../../../../matrix-sliding-sync/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/matrix-synapse.adoc b/docs/modules/charts/pages/matrix-synapse.adoc new file mode 120000 index 0000000..88889a5 --- /dev/null +++ b/docs/modules/charts/pages/matrix-synapse.adoc @@ -0,0 +1 @@ +../../../../matrix-synapse/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/mautrix-signal.adoc b/docs/modules/charts/pages/mautrix-signal.adoc new file mode 120000 index 0000000..1376c24 --- /dev/null +++ b/docs/modules/charts/pages/mautrix-signal.adoc @@ -0,0 +1 @@ +../../../../mautrix-signal/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/miniserve.adoc b/docs/modules/charts/pages/miniserve.adoc new file mode 120000 index 0000000..c268382 --- /dev/null +++ b/docs/modules/charts/pages/miniserve.adoc @@ -0,0 +1 @@ +../../../../miniserve/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/monitoring.adoc b/docs/modules/charts/pages/monitoring.adoc new file mode 120000 index 0000000..5852e47 --- /dev/null +++ b/docs/modules/charts/pages/monitoring.adoc @@ -0,0 +1 @@ +../../../../monitoring/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/ntfy.adoc b/docs/modules/charts/pages/ntfy.adoc new file mode 120000 index 0000000..b037d84 --- /dev/null +++ b/docs/modules/charts/pages/ntfy.adoc @@ -0,0 +1 @@ +../../../../ntfy/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/postgresql.adoc b/docs/modules/charts/pages/postgresql.adoc new file mode 120000 index 0000000..05240d6 --- /dev/null +++ b/docs/modules/charts/pages/postgresql.adoc @@ -0,0 +1 @@ +../../../../postgresql/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/stalwart-mail.adoc b/docs/modules/charts/pages/stalwart-mail.adoc new file mode 120000 index 0000000..36173e1 --- /dev/null +++ b/docs/modules/charts/pages/stalwart-mail.adoc @@ -0,0 +1 @@ +../../../../stalwart-mail/README.adoc \ No newline at end of file diff --git a/element-call/Chart.yaml b/element-call/Chart.yaml deleted file mode 100644 index 9f27a48..0000000 --- a/element-call/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: element-call -description: Run Element-Call and his dependencies -type: application -version: "0.1.7" -# renovate: image=ghcr.io/element-hq/element-call -appVersion: "0.7.1" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/element-call/README.md b/element-call/README.md deleted file mode 100644 index 1c85841..0000000 --- a/element-call/README.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: "element-call" - -description: "Run Element-Call and his dependencies" - ---- - -# element-call - -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.1](https://img.shields.io/badge/AppVersion-0.7.1-informational?style=flat-square) - -Run Element-Call and his dependencies - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/element-call -``` - -You can install a chart release using the following command: - -```bash -helm install element-call-release oci://codeberg.org/wrenix/helm-charts/element-call --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall element-call-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| service.call.affinity | object | `{}` | | -| service.call.config | object | `{}` | | -| service.call.image.pullPolicy | string | `"IfNotPresent"` | | -| service.call.image.registry | string | `"ghcr.io"` | | -| service.call.image.repository | string | `"element-hq/element-call"` | | -| service.call.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| service.call.ingress.host | string | `nil` | | -| service.call.livenessProbe.httpGet.path | string | `"/"` | | -| service.call.livenessProbe.httpGet.port | string | `"http"` | | -| service.call.networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| service.call.networkPolicy.egress.extra | list | `[]` | egress rules | -| service.call.networkPolicy.enabled | bool | `false` | | -| service.call.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| service.call.nodeSelector | object | `{}` | | -| service.call.podAnnotations | object | `{}` | | -| service.call.podLabels | object | `{}` | | -| service.call.podSecurityContext | object | `{}` | | -| service.call.readinessProbe.httpGet.path | string | `"/"` | | -| service.call.readinessProbe.httpGet.port | string | `"http"` | | -| service.call.replicaCount | int | `1` | | -| service.call.resources | object | `{}` | | -| service.call.securityContext | object | `{}` | | -| service.call.serviceAccount.annotations | object | `{}` | | -| service.call.serviceAccount.automount | bool | `true` | | -| service.call.serviceAccount.create | bool | `true` | | -| service.call.serviceAccount.name | string | `""` | | -| service.call.tolerations | list | `[]` | | -| service.lkJWT.affinity | object | `{}` | | -| service.lkJWT.config.key | string | `"devkey"` | | -| service.lkJWT.config.secret | string | `"secret"` | | -| service.lkJWT.config.url | string | `""` | | -| service.lkJWT.enabled | bool | `true` | | -| service.lkJWT.image.pullPolicy | string | `"IfNotPresent"` | | -| service.lkJWT.image.registry | string | `"ghcr.io"` | | -| service.lkJWT.image.repository | string | `"element-hq/lk-jwt-service"` | | -| service.lkJWT.image.tag | string | `"sha-4a29504"` | | -| service.lkJWT.ingress.host | string | `nil` | | -| service.lkJWT.livenessProbe.httpGet.path | string | `"/healthz"` | | -| service.lkJWT.livenessProbe.httpGet.port | string | `"http"` | | -| service.lkJWT.networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| service.lkJWT.networkPolicy.egress.extra | list | `[]` | egress rules | -| service.lkJWT.networkPolicy.enabled | bool | `false` | | -| service.lkJWT.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| service.lkJWT.nodeSelector | object | `{}` | | -| service.lkJWT.podAnnotations | object | `{}` | | -| service.lkJWT.podLabels | object | `{}` | | -| service.lkJWT.podSecurityContext | object | `{}` | | -| service.lkJWT.readinessProbe.httpGet.path | string | `"/healthz"` | | -| service.lkJWT.readinessProbe.httpGet.port | string | `"http"` | | -| service.lkJWT.replicaCount | int | `1` | | -| service.lkJWT.resources | object | `{}` | | -| service.lkJWT.securityContext | object | `{}` | | -| service.lkJWT.serviceAccount.annotations | object | `{}` | | -| service.lkJWT.serviceAccount.automount | bool | `true` | | -| service.lkJWT.serviceAccount.create | bool | `true` | | -| service.lkJWT.serviceAccount.name | string | `""` | | -| service.lkJWT.tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/element-call/_docs.gotmpl b/element-call/_docs.gotmpl deleted file mode 100644 index 8b13789..0000000 --- a/element-call/_docs.gotmpl +++ /dev/null @@ -1 +0,0 @@ - diff --git a/element-call/templates/_helpers.tpl b/element-call/templates/_helpers.tpl deleted file mode 100644 index 063b922..0000000 --- a/element-call/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "element-call.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "element-call.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "element-call.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "element-call.labels" -}} -helm.sh/chart: {{ include "element-call.chart" . }} -{{ include "element-call.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "element-call.selectorLabels" -}} -app.kubernetes.io/name: {{ include "element-call.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "element-call.serviceAccountName" -}} -{{- $ := get . "root" }} -{{- $suffix := get . "suffix" }} -{{- with get . "ctx" }} -{{- if .serviceAccount.create }} -{{- if $suffix }} -{{- default (printf "%s-%s" (include "element-call.fullname" $) $suffix) .serviceAccount.name }} -{{- else }} -{{- default (include "element-call.fullname" $) .serviceAccount.name }} -{{- end }} -{{- else }} -{{- default "default" .serviceAccount.name }} -{{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/configmap.yaml b/element-call/templates/configmap.yaml deleted file mode 100644 index 4e7df01..0000000 --- a/element-call/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -data: - "config.json": | - {{- toJson .Values.service.call.config | nindent 4 }} diff --git a/element-call/templates/deployment.yaml b/element-call/templates/deployment.yaml deleted file mode 100644 index 695a1a4..0000000 --- a/element-call/templates/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- $fullName := include "element-call.fullname" . -}} -{{- with .Values.service.call }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $fullName }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - app.kubernetes.io/component: call -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ .replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: call - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "element-call.labels" $ | nindent 8 }} - app.kubernetes.io/component: call - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" .) }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: call - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - volumeMounts: - - mountPath: /app/config.json - name: config - subPath: config.json - volumes: - - name: config - configMap: - name: {{ $fullName }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }}{{/* end-with .service.call */}} diff --git a/element-call/templates/hpa.yaml b/element-call/templates/hpa.yaml deleted file mode 100644 index 573a25d..0000000 --- a/element-call/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "element-call.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/element-call/templates/ingress.yaml b/element-call/templates/ingress.yaml deleted file mode 100644 index cced22b..0000000 --- a/element-call/templates/ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "element-call.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "element-call.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - rules: - - host: {{ .Values.service.call.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - name: http - {{- if .Values.service.lkJWT.enabled }} - {{- if (eq .Values.service.lkJWT.ingress.host .Values.service.call.ingress.host)}} - - host: {{ .Values.service.lkJWT.ingress.host | quote }} - http: - paths: - {{- end }} - - path: /sfu/get - pathType: Exact - backend: - service: - name: {{ $fullName }}-lk-jwt - port: - name: http - {{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/deployment.yaml b/element-call/templates/lk-jwt/deployment.yaml deleted file mode 100644 index 037ef4f..0000000 --- a/element-call/templates/lk-jwt/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- $fullName := include "element-call.fullname" . -}} -{{- with .Values.service.lkJWT }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $fullName }}-lk-jwt - labels: - {{- include "element-call.labels" $ | nindent 4 }} - app.kubernetes.io/component: lk-jwt -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ .replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: lk-jwt - template: - metadata: - annotations: - secret-env-hash: {{ include (print $.Template.BasePath "/lk-jwt/secret.yaml") $ | sha256sum }} - {{- with .podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "element-call.labels" $ | nindent 8 }} - app.kubernetes.io/component: lk-jwt - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: lk-jwt - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "LK_JWT_PORT" - value: "8080" - - name: "LIVEKIT_URL" - value: {{ .config.url }} - envFrom: - - secretRef: - name: {{ $fullName }}-lk-jwt - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }}{{/* end-if .enabled */}} -{{- end }}{{/* end-with .Values.service.lkJWT */}} diff --git a/element-call/templates/lk-jwt/networkpolicy.yaml b/element-call/templates/lk-jwt/networkpolicy.yaml deleted file mode 100644 index b04dbb7..0000000 --- a/element-call/templates/lk-jwt/networkpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- with .Values.service.lkJWT.networkPolicy }} -{{- if and $.Values.service.lkJWT.enabled .enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "element-call.fullname" $ }}-lk-jwt - labels: - {{- include "element-call.labels" $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: lk-jwt - policyTypes: - - Ingress - {{- if .egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 8080 - protocol: TCP - from: - {{- toYaml .ingress.http | nindent 8 }} - {{- with .egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/secret.yaml b/element-call/templates/lk-jwt/secret.yaml deleted file mode 100644 index 771f342..0000000 --- a/element-call/templates/lk-jwt/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.service.lkJWT.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "element-call.fullname" . }}-lk-jwt - labels: - {{- include "element-call.labels" . | nindent 4 }} -data: - {{- with .Values.service.lkJWT.config }} - LIVEKIT_KEY: {{ .key | b64enc }} - LIVEKIT_SECRET: {{ .secret | b64enc }} - {{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/service.yaml b/element-call/templates/lk-jwt/service.yaml deleted file mode 100644 index 90f602a..0000000 --- a/element-call/templates/lk-jwt/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.service.lkJWT.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "element-call.fullname" . }}-lk-jwt - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - {{- include "element-call.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: lk-jwt -{{- end }} diff --git a/element-call/templates/lk-jwt/serviceaccount.yaml b/element-call/templates/lk-jwt/serviceaccount.yaml deleted file mode 100644 index 4ce35f4..0000000 --- a/element-call/templates/lk-jwt/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- with .Values.service.lkJWT }} -{{- if and .enabled .serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - {{- with .serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .serviceAccount.automount }} -{{- end }} -{{- end }} diff --git a/element-call/templates/networkpolicy.yaml b/element-call/templates/networkpolicy.yaml deleted file mode 100644 index 3aab727..0000000 --- a/element-call/templates/networkpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- with .Values.service.call.networkPolicy }} -{{- if .enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "element-call.fullname" $ }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: call - policyTypes: - - Ingress - {{- if .egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 8080 - protocol: TCP - from: - {{- toYaml .ingress.http | nindent 8 }} - {{- with .egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/service.yaml b/element-call/templates/service.yaml deleted file mode 100644 index cb76c9e..0000000 --- a/element-call/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - {{- include "element-call.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: call diff --git a/element-call/templates/serviceaccount.yaml b/element-call/templates/serviceaccount.yaml deleted file mode 100644 index 806d9f0..0000000 --- a/element-call/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- with .Values.service.call }} -{{- if .serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "") }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - {{- with .serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .serviceAccount.automount }} -{{- end }} -{{- end }} diff --git a/element-call/values.yaml b/element-call/values.yaml deleted file mode 100644 index a2ebc4c..0000000 --- a/element-call/values.yaml +++ /dev/null @@ -1,146 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -ingress: - enabled: false - className: "" - annotations: {} - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -service: - call: - replicaCount: 1 - image: - registry: ghcr.io - repository: element-hq/element-call - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: - config: {} - ingress: - host: - networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: {} - serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - - podAnnotations: {} - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} - - lkJWT: - enabled: true - replicaCount: 1 - image: - registry: ghcr.io - repository: element-hq/lk-jwt-service - pullPolicy: IfNotPresent - tag: sha-4a29504 - config: - url: "" - key: "devkey" - secret: "secret" - ingress: - host: - networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - livenessProbe: - httpGet: - path: /healthz - port: http - readinessProbe: - httpGet: - path: /healthz - port: http - resources: {} - serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - - podAnnotations: {} - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} diff --git a/forgejo-runner/Chart.yaml b/forgejo-runner/Chart.yaml index 56218fe..5dce106 100644 --- a/forgejo-runner/Chart.yaml +++ b/forgejo-runner/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: forgejo-runner description: Deploy runner for an forgejo instance (default codeberg.org) type: application -version: "0.4.10" +version: 0.2.0 # renovate: image=code.forgejo.org/forgejo/runner -appVersion: "6.1.0" +appVersion: "3.4.1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/forgejo-runner/README.adoc b/forgejo-runner/README.adoc new file mode 100644 index 0000000..80e91f7 --- /dev/null +++ b/forgejo-runner/README.adoc @@ -0,0 +1,403 @@ + + += forgejo-runner + +image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-3.4.1-informational?style=flat-square[AppVersion: 3.4.1] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Accessing docker socket inside job containers + +To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): + +[source,yaml] +---- +runner: + config: + create: true + existingSecret: "" + file: + log: + level: "info" + runner: + file: ".runner" + capacity: 1 + envs: + A_TEST_ENV_NAME_1: null + A_TEST_ENV_NAME_2: null + DOCKER_HOST: tcp://127.0.0.1:2376 + DOCKER_TLS_VERIFY: 1 + DOCKER_CERT_PATH: /certs/client + container: + network: host + enable_ipv6: false + privileged: false + options: -v /certs/client:/certs/client + valid_volumes: + - /certs/client + +---- + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/forgejo-runner +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install forgejo-runner-release oci://codeberg.org/wrenix/helm-charts/forgejo-runner --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall forgejo-runner-release +---- + +== Values + +.Values Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) +|=== +| Key | Type | Default | Description + +| runner.config.file.cache.dir +| string +| `""` +| The directory to store the cache data. If it's empty, the cache data will be stored in $HOME/.cache/actcache. + +| runner.config.file.cache.enabled +| bool +| `true` +| Enable cache server to use actions/cache. + +| runner.config.file.cache.external_server +| string +| `""` +| The external cache server URL. Valid only when enable is true. If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. The URL should generally end with "/". + +| runner.config.file.cache.host +| string +| `""` +| The host of the cache server. It's not for the address to listen, but the address to connect from job containers. So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + +| runner.config.file.cache.port +| int +| `0` +| The port of the cache server. 0 means to use a random available port. + +| runner.config.file.container.docker_host +| string +| `""` +| overrides the docker client host with the specified one. If it's empty, act_runner will find an available docker host automatically. If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + +| runner.config.file.container.enable_ipv6 +| bool +| `false` +| Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. Only takes effect if "network" is set to "". + +| runner.config.file.container.force_pull +| bool +| `false` +| Pull docker image(s) even if already present + +| runner.config.file.container.network +| string +| `""` +| Specifies the network to which the container will connect. Could be host, bridge or the name of a custom network. If it's empty, create a network automatically. + +| runner.config.file.container.options +| string +| `nil` +| And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + +| runner.config.file.container.privileged +| bool +| `false` +| And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + +| runner.config.file.container.valid_volumes +| list +| `[]` +| Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: valid_volumes: - data - /src/*.json If you want to allow any volume, please use the following configuration: valid_volumes: - '**' + +| runner.config.file.container.workdir_parent +| string +| `nil` +| The parent directory of a job's working directory. If it's empty, /workspace will be used. + +| runner.config.file.host.workdir_parent +| string +| `nil` +| The parent directory of a job's working directory. If it's empty, $HOME/.cache/act/ will be used. + +| runner.config.file.log.level +| string +| `"info"` +| The level of logging, can be trace, debug, info, warn, error, fatal + +| runner.config.file.runner.capacity +| int +| `1` +| Execute how many tasks concurrently at the same time. + +| runner.config.file.runner.env_file +| string +| `".env"` +| Extra environment variables to run jobs from a file. It will be ignored if it's empty or the file doesn't exist. + +| runner.config.file.runner.envs +| object +| `{"A_TEST_ENV_NAME_1":"a_test_env_value_1","A_TEST_ENV_NAME_2":"a_test_env_value_2"}` +| Extra environment variables to run jobs. + +| runner.config.file.runner.fetch_interval +| string +| `"2s"` +| The interval for fetching the job from the Forgejo instance. + +| runner.config.file.runner.fetch_timeout +| string +| `"5s"` +| The timeout for fetching the job from the Forgejo instance. + +| runner.config.file.runner.file +| string +| `".runner"` +| Runner config which contains id and token of this runner (autogenerate with create) + +| runner.config.file.runner.insecure +| bool +| `false` +| Whether skip verifying the TLS certificate of the Forgejo instance. + +| runner.config.file.runner.labels +| list +| `[]` +| The labels of a runner are used to determine which jobs the runner can run, and how to run them. Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] If it's empty when registering, it will ask for inputting labels. If it's empty when execute `deamon`, will use labels in `.runner` file. + +| runner.config.file.runner.timeout +| string +| `"3h"` +| The timeout for a job to be finished. Please note that the Forgejo instance also has a timeout (3h by default) for the job. So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. +|=== +.Values Other Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| dind.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| dind.image.registry +| string +| `"docker.io"` +| + +| dind.image.repository +| string +| `"library/docker"` +| + +| dind.image.tag +| string +| `"26.1.3-dind"` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"code.forgejo.org"` +| + +| image.repository +| string +| `"forgejo/runner"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| kubectl.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| kubectl.image.registry +| string +| `"docker.io"` +| + +| kubectl.image.repository +| string +| `"bitnami/kubectl"` +| + +| kubectl.image.tag +| string +| `"1.30.1"` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| runner.config.create +| bool +| `true` +| + +| runner.config.existingSecret +| string +| `""` +| use existingSecret instatt + +| runner.config.instance +| string +| `"https://codeberg.org"` +| + +| runner.config.name +| string +| `nil` +| + +| runner.config.token +| string +| `nil` +| + +| securityContext.privileged +| bool +| `true` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.automount +| bool +| `true` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/forgejo-runner/README.md b/forgejo-runner/README.md deleted file mode 100644 index 40b20f8..0000000 --- a/forgejo-runner/README.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: "forgejo-runner" - -description: "Deploy runner for an forgejo instance (default codeberg.org)" - ---- - -# forgejo-runner - -![Version: 0.4.10](https://img.shields.io/badge/Version-0.4.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.1.0](https://img.shields.io/badge/AppVersion-6.1.0-informational?style=flat-square) - -Deploy runner for an forgejo instance (default codeberg.org) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -{{< callout type="warning" >}} -Me, wrenix, switch to woodpecker and maybe does not test every change. -{{< /callout >}} - -## Accessing docker socket inside job containers - -To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): - -``` yaml {filename="values.yaml"} -runner: - config: - create: true - existingSecret: "" - file: - log: - level: "info" - runner: - file: ".runner" - capacity: 1 - envs: - A_TEST_ENV_NAME_1: null - A_TEST_ENV_NAME_2: null - DOCKER_HOST: tcp://127.0.0.1:2376 - DOCKER_TLS_VERIFY: 1 - DOCKER_CERT_PATH: /certs/client - container: - network: host - enable_ipv6: false - privileged: false - options: -v /certs/client:/certs/client - valid_volumes: - - /certs/client - -``` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/forgejo-runner -``` - -You can install a chart release using the following command: - -```bash -helm install forgejo-runner-release oci://codeberg.org/wrenix/helm-charts/forgejo-runner --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall forgejo-runner-release -``` - -## Values - -### Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| runner.config.file.cache.dir | string | `""` | The directory to store the cache data. If it's empty, the cache data will be stored in $HOME/.cache/actcache. | -| runner.config.file.cache.enabled | bool | `true` | Enable cache server to use actions/cache. | -| runner.config.file.cache.external_server | string | `""` | The external cache server URL. Valid only when enable is true. If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. The URL should generally end with "/". | -| runner.config.file.cache.host | string | `""` | The host of the cache server. It's not for the address to listen, but the address to connect from job containers. So 0.0.0.0 is a bad choice, leave it empty to detect automatically. | -| runner.config.file.cache.port | int | `0` | The port of the cache server. 0 means to use a random available port. | -| runner.config.file.container.docker_host | string | `"-"` | overrides the docker client host with the specified one. If "-", an available docker host will automatically be found. If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). Otherwise the specified docker host will be used and an error will be returned if it doesn't work. | -| runner.config.file.container.enable_ipv6 | bool | `false` | Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. Only takes effect if "network" is set to "". | -| runner.config.file.container.force_pull | bool | `false` | Pull docker image(s) even if already present | -| runner.config.file.container.network | string | `""` | Specifies the network to which the container will connect. Could be host, bridge or the name of a custom network. If it's empty, create a network automatically. | -| runner.config.file.container.options | string | `nil` | And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). | -| runner.config.file.container.privileged | bool | `false` | And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). | -| runner.config.file.container.valid_volumes | list | `[]` | Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: valid_volumes: - data - /src/*.json If you want to allow any volume, please use the following configuration: valid_volumes: - '**' | -| runner.config.file.container.workdir_parent | string | `nil` | The parent directory of a job's working directory. If it's empty, /workspace will be used. | -| runner.config.file.host.workdir_parent | string | `nil` | The parent directory of a job's working directory. If it's empty, $HOME/.cache/act/ will be used. | -| runner.config.file.log.job_level | string | `"info"` | The level of logging for jobs, can be trace, debug, info, earn, error, fatal | -| runner.config.file.log.level | string | `"info"` | The level of logging, can be trace, debug, info, warn, error, fatal | -| runner.config.file.runner.capacity | int | `1` | Execute how many tasks concurrently at the same time. | -| runner.config.file.runner.env_file | string | `".env"` | Extra environment variables to run jobs from a file. It will be ignored if it's empty or the file doesn't exist. | -| runner.config.file.runner.envs | object | `{"A_TEST_ENV_NAME_1":"a_test_env_value_1","A_TEST_ENV_NAME_2":"a_test_env_value_2"}` | Extra environment variables to run jobs. | -| runner.config.file.runner.fetch_interval | string | `"2s"` | The interval for fetching the job from the Forgejo instance. | -| runner.config.file.runner.fetch_timeout | string | `"5s"` | The timeout for fetching the job from the Forgejo instance. | -| runner.config.file.runner.file | string | `".runner"` | Runner config which contains id and token of this runner (autogenerate with create) | -| runner.config.file.runner.insecure | bool | `false` | Whether skip verifying the TLS certificate of the Forgejo instance. | -| runner.config.file.runner.labels | list | `[]` | The labels of a runner are used to determine which jobs the runner can run, and how to run them. Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] If it's empty when registering, it will ask for inputting labels. If it's empty when execute `deamon`, will use labels in `.runner` file. | -| runner.config.file.runner.timeout | string | `"3h"` | The timeout for a job to be finished. Please note that the Forgejo instance also has a timeout (3h by default) for the job. So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.behavior | object | `{}` | behavior of HPA Example: scaleDown: stabilizationWindowSeconds: 300 policies: - type: Pods value: 1 periodSeconds: 60 scaleUp: stabilizationWindowSeconds: 0 policies: - type: Pods value: 1 periodSeconds: 60 | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| dind.image.pullPolicy | string | `"IfNotPresent"` | | -| dind.image.registry | string | `"docker.io"` | | -| dind.image.repository | string | `"library/docker"` | | -| dind.image.tag | string | `"27.5.0-dind"` | | -| extraEnvVars | list | `[]` | Additional environment variables to be set on runner container Example: extraEnvVars: - name: FOO value: "bar" | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"code.forgejo.org"` | | -| image.repository | string | `"forgejo/runner"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| kubectl.image.pullPolicy | string | `"IfNotPresent"` | | -| kubectl.image.registry | string | `"docker.io"` | | -| kubectl.image.repository | string | `"bitnami/kubectl"` | | -| kubectl.image.tag | string | `"1.32.1"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| runner.config.create | bool | `true` | | -| runner.config.existingSecret | string | `""` | use existingSecret instatt | -| runner.config.instance | string | `"https://codeberg.org"` | | -| runner.config.name | string | `nil` | | -| runner.config.token | string | `nil` | | -| securityContext.privileged | bool | `true` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/forgejo-runner/_docs.gotmpl b/forgejo-runner/_docs.gotmpl index 42e2cf5..87225e0 100644 --- a/forgejo-runner/_docs.gotmpl +++ b/forgejo-runner/_docs.gotmpl @@ -1,16 +1,11 @@ {{ define "chart.prerequirements" -}} -{{` -{{< callout type="warning" >}} -Me, wrenix, switch to woodpecker and maybe does not test every change. -{{< /callout >}} -`}} -## Accessing docker socket inside job containers +== Accessing docker socket inside job containers To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): -``` yaml {filename="values.yaml"} +[source,yaml] +---- {{ .Files.Get "values-dind-bypass.yaml" }} -``` - +---- {{ end }} diff --git a/forgejo-runner/templates/deployment.yaml b/forgejo-runner/templates/deployment.yaml index f7a6a60..61166f4 100644 --- a/forgejo-runner/templates/deployment.yaml +++ b/forgejo-runner/templates/deployment.yaml @@ -66,9 +66,6 @@ spec: value: /certs/client - name: DOCKER_TLS_VERIFY value: "1" - {{- with .Values.extraEnvVars }} - {{- toYaml . | nindent 12 }} - {{- end }} volumeMounts: - name: runner-configfile mountPath: /etc/runner diff --git a/forgejo-runner/templates/hpa.yaml b/forgejo-runner/templates/hpa.yaml index 6779bfb..c221811 100644 --- a/forgejo-runner/templates/hpa.yaml +++ b/forgejo-runner/templates/hpa.yaml @@ -12,10 +12,6 @@ spec: name: {{ include "forgejo-runner.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} - {{- with .Values.autoscaling.behavior }} - behavior: - {{- toYaml . | nindent 4 }} - {{- end }} metrics: {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource diff --git a/forgejo-runner/templates/jobs.yaml b/forgejo-runner/templates/jobs.yaml index 923d55b..50ba4d0 100644 --- a/forgejo-runner/templates/jobs.yaml +++ b/forgejo-runner/templates/jobs.yaml @@ -56,13 +56,11 @@ subjects: --- apiVersion: v1 kind: Secret -type: Opaque metadata: name: {{ $secretName }} annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook-delete-policy": "hook-failed" - "helm.sh/hook": "pre-install" + helm.sh/resource-policy: keep +type: Opaque --- apiVersion: v1 kind: Secret diff --git a/forgejo-runner/values.yaml b/forgejo-runner/values.yaml index 215c73c..6e8cd1c 100644 --- a/forgejo-runner/values.yaml +++ b/forgejo-runner/values.yaml @@ -30,9 +30,6 @@ runner: # -- The level of logging, can be trace, debug, info, warn, error, fatal # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) level: "info" - # -- The level of logging for jobs, can be trace, debug, info, earn, error, fatal - # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) - job_level: info runner: # -- Runner config which contains id and token of this runner (autogenerate with create) # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) @@ -92,7 +89,7 @@ runner: # The URL should generally end with "/". # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) external_server: "" - + container: # -- Specifies the network to which the container will connect. # Could be host, bridge or the name of a custom network. @@ -125,11 +122,11 @@ runner: # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) valid_volumes: [] # -- overrides the docker client host with the specified one. - # If "-", an available docker host will automatically be found. - # If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). - # Otherwise the specified docker host will be used and an error will be returned if it doesn't work. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) - docker_host: "-" + docker_host: "" # -- Pull docker image(s) even if already present # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) force_pull: false @@ -144,13 +141,13 @@ dind: registry: docker.io repository: library/docker pullPolicy: IfNotPresent - tag: 27.5.0-dind + tag: 26.1.3-dind kubectl: image: registry: docker.io repository: bitnami/kubectl pullPolicy: IfNotPresent - tag: 1.32.1 + tag: 1.30.1 serviceAccount: # Specifies whether a service account should be created @@ -194,21 +191,6 @@ autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 - # -- behavior of HPA - # Example: - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 60 - # scaleUp: - # stabilizationWindowSeconds: 0 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 60 - behavior: {} targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 @@ -230,11 +212,3 @@ nodeSelector: {} tolerations: [] affinity: {} - -# -- Additional environment variables to be set on runner container -# Example: -# extraEnvVars: -# - name: FOO -# value: "bar" -# -extraEnvVars: [] diff --git a/gotosocial/Chart.yaml b/gotosocial/Chart.yaml index 455042a..7c63615 100644 --- a/gotosocial/Chart.yaml +++ b/gotosocial/Chart.yaml @@ -3,9 +3,9 @@ name: gotosocial description: With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to! icon: https://docs.gotosocial.org/en/latest/assets/sloth.png type: application -version: "0.2.7" +version: 0.1.8 # renovate: image=docker.io/superseriousbusiness/gotosocial -appVersion: "0.17.3" +appVersion: "0.15.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/gotosocial/README.adoc b/gotosocial/README.adoc index d1d3127..4d482c4 100644 --- a/gotosocial/README.adoc +++ b/gotosocial/README.adoc @@ -2,9 +2,9 @@ = gotosocial -image::https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square[Version: 0.2.7] +image::https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square[Version: 0.1.8] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.17.3-informational?style=flat-square[AppVersion: 0.17.3] +image::https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square[AppVersion: 0.15.0] == Maintainers .Maintainers @@ -167,51 +167,6 @@ helm uninstall gotosocial-release | `"localhost"` | -| gotosocial.instance.deliverToSharedInboxes -| bool -| `true` -| This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - -| gotosocial.instance.expose.peers -| bool -| `false` -| Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. - -| gotosocial.instance.expose.publicTimeline -| bool -| `false` -| This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - -| gotosocial.instance.expose.suspended -| bool -| `false` -| Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots - -| gotosocial.instance.expose.suspendedWeb -| bool -| `false` -| Allow unauthenticated users to view /about/suspended, showing the HTML rendered list of instances that this instance blocks/suspends. - -| gotosocial.instance.federation.mode -| string -| `"blocklist"` -| Federation mode to use for this instance. "blocklist" -- open federation by default. Only instances that are explicitly blocked will be denied (unless they are also explicitly allowed). "allowlist" -- closed federation by default. Only instances that are explicitly allowed will be able to interact with this instance. For more details on blocklist and allowlist modes, check the documentation at: https://docs.gotosocial.org/en/latest/admin/federation_modes Options: ["blocklist", "allowlist"] - -| gotosocial.instance.federation.spamFilter -| bool -| `false` -| Enable spam filtering heuristics for messages entering your instance via the federation API. Regardless of what you set here, basic checks for message relevancy will still be performed, but you can try enabling this setting if you are being spammed with unwanted messages from other instances, and want to more strictly filter out spam messages. THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to only enable this setting when the fediverse is in the midst of a spam wave, and you need to batten down the hatches to keep your instance usable. The decision of whether a message counts as spam or not is made based on the following heuristics, in order, where receiver = the account on your instance that received a message in their inbox, and requester = the account on a remote instance that sent the message. First, basic relevancy checks 1. Receiver follows requester. Return OK. 2. Statusable doesn't mention receiver. Return NotRelevant. If instance-federation-spam-filter = false, then return OK now. Otherwise check: 3. Receiver is locked and is followed by requester. Return OK. 4. Five or more people are mentioned. Return Spam. 5. Receiver follow (requests) a mentioned account. Return OK. 6. Statusable has a media attachment. Return Spam. 7. Statusable contains non-mention, non-hashtag links. Return Spam. Messages identified as spam will be dropped from your instance, and not inserted into the database, or into home timelines or notifications. - -| gotosocial.instance.injectMastodonVersion -| bool -| `false` -| This flag will inject a Mastodon version into the version field that is included in /api/v1/instance. This version is often used by Mastodon clients to do API feature detection. By injecting a Mastodon compatible version, it is possible to cajole those clients to behave correctly with GoToSocial. - -| gotosocial.instance.languages -| list -| `[]` -| BCP47 language tags to indicate preferred languages of users on this instance. If you provide these, you should provide these in order from most-preferred to least-preferred, but note that leaving out a language from this array doesn't mean it can't be used on this instance, it only means it won't be advertised as a preferred instance language. It is valid to provide no entries here; your instance will then have no particular preferred language. See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry Example: ["nl", "en-gb", "fr"] - | gotosocial.landingPageUser | string | `""` @@ -347,26 +302,6 @@ helm uninstall gotosocial-release | `true` | Use SSL for S3 connections. Only set this to 'false' when testing locally. -| gotosocial.tracing.enabled -| bool -| `false` -| Enable OpenTelemetry based tracing support. - -| gotosocial.tracing.endpoint -| string -| `""` -| Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. - -| gotosocial.tracing.insecureTransport -| bool -| `false` -| Disable TLS for the gRPC and HTTP transport protocols. - -| gotosocial.tracing.transport -| string -| `"grpc"` -| Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. - | gotosocial.tz | string | `"UTC"` @@ -545,7 +480,7 @@ helm uninstall gotosocial-release | serviceAccount.name | string | `""` -| The name of the service account to use. If not set and create is true, a name is generated using the fullname template +| If not set and create is true, a name is generated using the fullname template | tolerations | list diff --git a/gotosocial/README.md b/gotosocial/README.md deleted file mode 100644 index 51d55e1..0000000 --- a/gotosocial/README.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: "gotosocial" - -description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!" - ---- - -# gotosocial - -![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.17.3](https://img.shields.io/badge/AppVersion-0.17.3-informational?style=flat-square) - -With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to! - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/gotosocial -``` - -You can install a chart release using the following command: - -```bash -helm install gotosocial-release oci://codeberg.org/wrenix/helm-charts/gotosocial --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall gotosocial-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| gotosocial.accountDomain | string | `""` | | -| gotosocial.accounts.allowCustomCSS | bool | `false` | Allow accounts on this instance to set custom CSS for their profile pages and statuses. Enabling this setting will allow accounts to upload custom CSS via the /user settings page, which will then be rendered on the web view of the account's profile and statuses. For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', since setting it to true allows malicious accounts to make their profile pages misleading, unusable or even dangerous to visitors. In other words, you should only enable this setting if you trust the users on your instance not to produce harmful CSS. Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, it will only be shown on profiles and statuses on *this* instance. | -| gotosocial.accounts.approvalRequired | bool | `true` | Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? | -| gotosocial.accounts.customCSSLength | int | `10000` | If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. | -| gotosocial.accounts.reasonRequired | bool | `true` | Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? | -| gotosocial.accounts.registrationOpen | bool | `true` | Do we want people to be able to just submit sign up requests, or do we want invite only? | -| gotosocial.applicationName | string | `"gotosocial"` | | -| gotosocial.database.address | string | `""` | Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached. | -| gotosocial.database.database | string | `"gotosocial"` | Name of the database to use within the provided database type. | -| gotosocial.database.password | string | `""` | Password to use for the database connection | -| gotosocial.database.port | int | `5432` | Port for database connection. | -| gotosocial.database.tlsCACert | string | `""` | Path to a CA certificate on the host machine for db certificate validation. If this is left empty, just the host certificates will be used. If filled in, the certificate will be loaded and added to host certificates. | -| gotosocial.database.tlsMode | string | `"disabled"` | Disable, enable, or require SSL/TLS connection to the database. If "disable" then no TLS connection will be attempted. If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). If "require" then TLS will be required to make a connection, and a valid certificate must be presented. | -| gotosocial.database.type | string | `"sqlite"` | Database type. Options: ["postgres","sqlite"] | -| gotosocial.database.username | string | `""` | Username for the database connection. | -| gotosocial.host | string | `"localhost"` | | -| gotosocial.instance.deliverToSharedInboxes | bool | `true` | This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery | -| gotosocial.instance.expose.peers | bool | `false` | Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. | -| gotosocial.instance.expose.publicTimeline | bool | `false` | This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery | -| gotosocial.instance.expose.suspended | bool | `false` | Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots | -| gotosocial.instance.expose.suspendedWeb | bool | `false` | Allow unauthenticated users to view /about/suspended, showing the HTML rendered list of instances that this instance blocks/suspends. | -| gotosocial.instance.federation.mode | string | `"blocklist"` | Federation mode to use for this instance. "blocklist" -- open federation by default. Only instances that are explicitly blocked will be denied (unless they are also explicitly allowed). "allowlist" -- closed federation by default. Only instances that are explicitly allowed will be able to interact with this instance. For more details on blocklist and allowlist modes, check the documentation at: https://docs.gotosocial.org/en/latest/admin/federation_modes Options: ["blocklist", "allowlist"] | -| gotosocial.instance.federation.spamFilter | bool | `false` | Enable spam filtering heuristics for messages entering your instance via the federation API. Regardless of what you set here, basic checks for message relevancy will still be performed, but you can try enabling this setting if you are being spammed with unwanted messages from other instances, and want to more strictly filter out spam messages. THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to only enable this setting when the fediverse is in the midst of a spam wave, and you need to batten down the hatches to keep your instance usable. The decision of whether a message counts as spam or not is made based on the following heuristics, in order, where receiver = the account on your instance that received a message in their inbox, and requester = the account on a remote instance that sent the message. First, basic relevancy checks 1. Receiver follows requester. Return OK. 2. Statusable doesn't mention receiver. Return NotRelevant. If instance-federation-spam-filter = false, then return OK now. Otherwise check: 3. Receiver is locked and is followed by requester. Return OK. 4. Five or more people are mentioned. Return Spam. 5. Receiver follow (requests) a mentioned account. Return OK. 6. Statusable has a media attachment. Return Spam. 7. Statusable contains non-mention, non-hashtag links. Return Spam. Messages identified as spam will be dropped from your instance, and not inserted into the database, or into home timelines or notifications. | -| gotosocial.instance.injectMastodonVersion | bool | `false` | This flag will inject a Mastodon version into the version field that is included in /api/v1/instance. This version is often used by Mastodon clients to do API feature detection. By injecting a Mastodon compatible version, it is possible to cajole those clients to behave correctly with GoToSocial. | -| gotosocial.instance.languages | list | `[]` | BCP47 language tags to indicate preferred languages of users on this instance. If you provide these, you should provide these in order from most-preferred to least-preferred, but note that leaving out a language from this array doesn't mean it can't be used on this instance, it only means it won't be advertised as a preferred instance language. It is valid to provide no entries here; your instance will then have no particular preferred language. See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry Example: ["nl", "en-gb", "fr"] | -| gotosocial.landingPageUser | string | `""` | | -| gotosocial.metrics.auth.enabled | bool | `false` | | -| gotosocial.metrics.auth.password | string | `""` | | -| gotosocial.metrics.auth.username | string | `""` | | -| gotosocial.metrics.enabled | bool | `true` | | -| gotosocial.oidc.adminGroups | list | `["admins"]` | If the returned ID token contains a 'groups' claim that matches one of the groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance | -| gotosocial.oidc.clientID | string | `""` | The ID for this client as registered with the OIDC provider. | -| gotosocial.oidc.clientSecret | string | `""` | The secret for this client as registered with the OIDC provider. | -| gotosocial.oidc.enabled | bool | `false` | Enable authentication with external OIDC provider. If set to true, then the other OIDC options must be set as well. If this is set to false, then the standard internal oauth flow will be used, where users sign in to GtS with username/password. | -| gotosocial.oidc.idpName | string | `""` | Name of the oidc idp (identity provider). This will be shown to users when they log in. | -| gotosocial.oidc.issuer | string | `""` | The OIDC issuer URI. This is where GtS will redirect users to for login. Typically this will look like a standard web URL. | -| gotosocial.oidc.linkExisting | bool | `false` | Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases. | -| gotosocial.oidc.scopes | list | `["openid","email","profile","groups"]` | Scopes to request from the OIDC provider. The returned values will be used to populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. 'profile' is used to extract a username for the newly created user. 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. | -| gotosocial.oidc.skipVerification | bool | `false` | Skip the normal verification flow of tokens returned from the OIDC provider, ie., don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe! | -| gotosocial.smtp.discloseRecipients | bool | `false` | If true, when an email is sent that has multiple recipients, each recipient will be included in the To field, so that each recipient can see who else got the email, and they can 'reply all' to the other recipients if they want to. If false, email will be sent to Undisclosed Recipients, and each recipient will not be able to see who else received the email. It might be useful to change this setting to 'true' if you want to be able to discuss new moderation reports with other admins by 'replying-all' to the notification email. | -| gotosocial.smtp.from | string | `""` | 'From' address for sent emails. | -| gotosocial.smtp.host | string | `""` | The hostname of the smtp server you want to use. If this is not set, smtp will not be used to send emails, and you can ignore the other settings. | -| gotosocial.smtp.password | string | `""` | Password to use when authenticating with the smtp server. This should have been provided to you by your smtp host. | -| gotosocial.smtp.port | int | `0` | Port to use to connect to the smtp server. | -| gotosocial.smtp.username | string | `""` | Username to use when authenticating with the smtp server. This should have been provided to you by your smtp host. This is often, but not always, an email address. | -| gotosocial.storage.backend | string | `"local"` | Type of storage backend to use. Examples: ["local", "s3"] Default: "local" (storage on local disk) | -| gotosocial.storage.s3.accessKey | string | `""` | Access key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.bucket | string | `""` | Name of the storage bucket. If you have already encoded your bucket name in the storage-s3-endpoint, this value will be used as a directory containing your data. The bucket must exist prior to starting GoToSocial Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.endpoint | string | `""` | API endpoint of the S3 compatible service. Only required when running with the s3 storage backend. GoToSocial uses "DNS-style" when accessing buckets. If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address | -| gotosocial.storage.s3.proxy | bool | `false` | If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. | -| gotosocial.storage.s3.secretKey | string | `""` | Secret key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.useSSL | bool | `true` | Use SSL for S3 connections. Only set this to 'false' when testing locally. | -| gotosocial.tracing.enabled | bool | `false` | Enable OpenTelemetry based tracing support. | -| gotosocial.tracing.endpoint | string | `""` | Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. | -| gotosocial.tracing.insecureTransport | bool | `false` | Disable TLS for the gRPC and HTTP transport protocols. | -| gotosocial.tracing.transport | string | `"grpc"` | Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. | -| gotosocial.tz | string | `"UTC"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"superseriousbusiness/gotosocial"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | -| serviceAccount.create | bool | `false` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/gotosocial/templates/secret.yaml b/gotosocial/templates/secret.yaml index 070a6f6..e4d98f5 100644 --- a/gotosocial/templates/secret.yaml +++ b/gotosocial/templates/secret.yaml @@ -12,9 +12,7 @@ data: TZ: {{ .tz | b64enc }} GTS_APPLICATION_NAME: {{ .applicationName | b64enc }} - {{- with .landingPageUser }} - GTS_LANDING_PAGE_USER: {{ . | b64enc }} - {{- end }} + GTS_LANDING_PAGE_USER: {{ .landingPageUser | b64enc }} GTS_HOST: {{ .host | b64enc }} GTS_ACCOUNT_DOMAIN: {{ .accountDomain | b64enc }} @@ -44,24 +42,6 @@ data: {{- end }}{{/* end-with .database */}} {{- end }}{{/* end-else-if sqlite */}} - {{- with .instance }} - {{- with .languages }} - GTS_INSTANCE_LANGUAGES: {{ . | join "," | b64enc }} - {{- end }} - {{- with .federation }} - GTS_INSTANCE_FEDERATION_MODE: {{ .mode | b64enc }} - GTS_INSTANCE_FEDERATION_SPAM_FILTER: {{ toYaml .spamFilter | b64enc }} - {{- end }}{{/* end-with federation */}} - {{- with .expose }} - GTS_INSTANCE_EXPOSE_PEERS: {{ toYaml .peers | b64enc }} - GTS_INSTANCE_EXPOSE_SUSPENDED: {{ toYaml .suspended | b64enc }} - GTS_INSTANCE_EXPOSE_SUSPENDED_WEB: {{ toYaml .suspendedWeb | b64enc }} - GTS_INSTANCE_EXPOSE_PUBLIC_TIMELINE: {{ toYaml .publicTimeline | b64enc }} - {{- end }}{{/* end-with expose */}} - GTS_INSTANCE_DELIVER_TO_SHARED_INBOXES: {{ toYaml .deliverToSharedInboxes | b64enc }} - GTS_INSTANCE_INJECT_MASTODON_VERSION: {{ toYaml .injectMastodonVersion | b64enc }} - {{- end }}{{/* end-with instance */}} - {{- with .accounts }} GTS_ACCOUNTS_REGISTRATION_OPEN: {{ toYaml .registrationOpen | b64enc }} GTS_ACCOUNTS_APPROVAL_REQUIRED: {{ toYaml .approvalRequired | b64enc }} @@ -110,33 +90,13 @@ data: {{- end }}{{/* end-with oidc */}} {{- with .smtp }} - {{- with .host }} - GTS_SMTP_HOST: {{ . | b64enc }} - {{- end }} + GTS_SMTP_HOST: {{ .host | default "" | b64enc }} GTS_SMTP_PORT: {{ toYaml .port | b64enc }} - {{- with .username }} - GTS_SMTP_USERNAME: {{ . | b64enc }} - {{- end }} - {{- with .password }} - GTS_SMTP_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- with .from }} - GTS_SMTP_FROM: {{ . | b64enc }} - {{- end }} + GTS_SMTP_USERNAME: {{ .username | default "" | b64enc }} + GTS_SMTP_PASSWORD: {{ .password | default "" | b64enc }} + GTS_SMTP_FROM: {{ .from | default "" | b64enc }} GTS_SMTP_DISCLOSE_RECIPIENTS: {{ toYaml .discloseRecipients | b64enc }} {{- end }}{{/* end-with smtp */}} GTS_METRICS_ENABLED: {{ toYaml .metrics.enabled | b64enc }} - - # https://www.w3.org/TR/trace-context/#traceparent-header - GTS_REQUEST_ID_HEADER: {{ "Traceparent" | b64enc }} - {{- with .tracing }} - {{- if .enabled }} - GTS_TRACING_ENABLED: {{ "true" | b64enc}} - GTS_TRACING_TRANSPORT: {{ .transport | b64enc }} - GTS_TRACING_ENDPOINT: {{ .endpoint | b64enc }} - GTS_TRACING_INSECURE_TRANSPORT: {{ toYaml .insecureTransport | b64enc }} - {{- end }}{{/* end-if .tracing.enabled */}} - {{- end }}{{/* end-with .tracing */}} - {{- end }}{{/* end-with .gotosocial */}} diff --git a/gotosocial/values.yaml b/gotosocial/values.yaml index 11260c5..312ea2c 100644 --- a/gotosocial/values.yaml +++ b/gotosocial/values.yaml @@ -52,107 +52,6 @@ gotosocial: # If this is left empty, just the host certificates will be used. # If filled in, the certificate will be loaded and added to host certificates. tlsCACert: "" - - instance: - # -- BCP47 language tags to indicate preferred languages of users on this instance. - # - # If you provide these, you should provide these in order from most-preferred to least-preferred, - # but note that leaving out a language from this array doesn't mean it can't be used on this instance, - # it only means it won't be advertised as a preferred instance language. - # - # It is valid to provide no entries here; your instance will then have no particular preferred language. - # - # See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags - # See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry - # - # Example: ["nl", "en-gb", "fr"] - languages: [] - federation: - # -- Federation mode to use for this instance. - # - # "blocklist" -- open federation by default. Only instances that are explicitly - # blocked will be denied (unless they are also explicitly allowed). - # - # "allowlist" -- closed federation by default. Only instances that are explicitly - # allowed will be able to interact with this instance. - # - # For more details on blocklist and allowlist modes, check the documentation at: - # https://docs.gotosocial.org/en/latest/admin/federation_modes - # - # Options: ["blocklist", "allowlist"] - mode: "blocklist" - # -- Enable spam filtering heuristics for messages entering your instance - # via the federation API. Regardless of what you set here, basic checks - # for message relevancy will still be performed, but you can try enabling - # this setting if you are being spammed with unwanted messages from other - # instances, and want to more strictly filter out spam messages. - # - # THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE - # MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to - # only enable this setting when the fediverse is in the midst of a spam - # wave, and you need to batten down the hatches to keep your instance usable. - # - # The decision of whether a message counts as spam or not is made based on - # the following heuristics, in order, where receiver = the account on your - # instance that received a message in their inbox, and requester = the - # account on a remote instance that sent the message. - # - # First, basic relevancy checks - # - # 1. Receiver follows requester. Return OK. - # 2. Statusable doesn't mention receiver. Return NotRelevant. - # - # If instance-federation-spam-filter = false, then return OK now. - # Otherwise check: - # - # 3. Receiver is locked and is followed by requester. Return OK. - # 4. Five or more people are mentioned. Return Spam. - # 5. Receiver follow (requests) a mentioned account. Return OK. - # 6. Statusable has a media attachment. Return Spam. - # 7. Statusable contains non-mention, non-hashtag links. Return Spam. - # - # Messages identified as spam will be dropped from your instance, and not - # inserted into the database, or into home timelines or notifications. - spamFilter: false - expose: - # -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order - # to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated - # users (members of the instance) will still be able to query the endpoint. - peers: false - # -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order - # to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated - # users (members of the instance) will still be able to query the endpoint. - # - # WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. - # See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots - suspended: false - # -- Allow unauthenticated users to view /about/suspended, - # showing the HTML rendered list of instances that this instance blocks/suspends. - suspendedWeb: false - # -- This flag tweaks whether GoToSocial will deliver ActivityPub messages - # to the shared inbox of a recipient, if one is available, instead of delivering - # each message to each actor who should receive a message individually. - # - # Shared inbox delivery can significantly reduce network load when delivering - # to multiple recipients share an inbox (eg., on large Mastodon instances). - # - # See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - publicTimeline: false - # -- This flag tweaks whether GoToSocial will deliver ActivityPub messages - # to the shared inbox of a recipient, if one is available, instead of delivering - # each message to each actor who should receive a message individually. - # - # Shared inbox delivery can significantly reduce network load when delivering - # to multiple recipients share an inbox (eg., on large Mastodon instances). - # - # See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - deliverToSharedInboxes: true - # -- This flag will inject a Mastodon version into the version field that - # is included in /api/v1/instance. This version is often used by Mastodon clients - # to do API feature detection. By injecting a Mastodon compatible version, it is - # possible to cajole those clients to behave correctly with GoToSocial. - injectMastodonVersion: false - accounts: # -- Do we want people to be able to just submit sign up requests, or do we want invite only? registrationOpen: true @@ -275,15 +174,6 @@ gotosocial: enabled: false username: "" password: "" - tracing: - # -- Enable OpenTelemetry based tracing support. - enabled: false - # -- Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. - transport: grpc - # -- Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. - endpoint: "" - # -- Disable TLS for the gRPC and HTTP transport protocols. - insecureTransport: false prometheus: servicemonitor: @@ -298,7 +188,7 @@ serviceAccount: # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # -- If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} diff --git a/grampsweb/Chart.yaml b/grampsweb/Chart.yaml index 14b651e..96af01a 100644 --- a/grampsweb/Chart.yaml +++ b/grampsweb/Chart.yaml @@ -3,9 +3,9 @@ name: grampsweb description: A Helm chart for gramps web icon: https://raw.githubusercontent.com/gramps-project/Gramps.js/main/images/icon512.png type: application -version: "0.2.6" +version: 0.1.11 # renovate: image=ghcr.io/gramps-project/grampsweb -appVersion: "24.12.2" +appVersion: "24.5.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/speedtest-exporter/README.adoc b/grampsweb/README.adoc similarity index 57% rename from speedtest-exporter/README.adoc rename to grampsweb/README.adoc index 3c767c6..29365b3 100644 --- a/speedtest-exporter/README.adoc +++ b/grampsweb/README.adoc @@ -1,10 +1,10 @@ -= speedtest-exporter += grampsweb -image::https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square[Version: 0.2.1] +image::https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square[Version: 0.1.11] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-3.5.4-informational?style=flat-square[AppVersion: 3.5.4] +image::https://img.shields.io/badge/AppVersion-24.5.0-informational?style=flat-square[AppVersion: 24.5.0] == Maintainers .Maintainers @@ -24,21 +24,21 @@ Once Helm has been set up correctly, fetch the charts as follows: [source,bash] ---- -helm pull oci://codeberg.org/wrenix/helm-charts/speedtest-exporter +helm pull oci://codeberg.org/wrenix/helm-charts/grampsweb ---- You can install a chart release using the following command: [source,bash] ---- -helm install speedtest-exporter-release oci://codeberg.org/wrenix/helm-charts/speedtest-exporter --values values.yaml +helm install grampsweb-release oci://codeberg.org/wrenix/helm-charts/grampsweb --values values.yaml ---- To uninstall a chart release use `helm`'s delete command: [source,bash] ---- -helm uninstall speedtest-exporter-release +helm uninstall grampsweb-release ---- == Values @@ -72,49 +72,49 @@ helm uninstall speedtest-exporter-release | `80` | -| config.cacheFor -| int -| `0` -| cache result for seconds - -| config.server -| string -| `nil` -| speedtest-serverid - -| config.timeout -| int -| `90` -| timeout of speedtest - | fullnameOverride | string | `""` | -| global.image.pullPolicy +| gramps.baseURL | string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| grafana.dashboards.annotations -| object -| `{}` +| `"https://gramps.example.org"` | -| grafana.dashboards.enabled +| gramps.mail.from +| string +| `nil` +| "From" address for automated e-mails + +| gramps.mail.host +| string +| `nil` +| SMTP server host (e.g. for sending password reset e-mails) + +| gramps.mail.password +| string +| `nil` +| SMTP server password + +| gramps.mail.port +| int +| `465` +| SMTP server port. + +| gramps.mail.useTLS | bool -| `false` -| +| `true` +| Boolean, whether to use TLS for sending e-mails. Defaults to true. When using STARTTLS, set this to false and use a port different from 25. -| grafana.dashboards.labels.grafana_dashboard +| gramps.mail.username | string -| `"1"` +| `nil` +| SMTP server username + +| gramps.tree +| string +| `"Gramps Web"` | | image.pullPolicy @@ -129,7 +129,7 @@ helm uninstall speedtest-exporter-release | image.repository | string -| `"miguelndecarvalho/speedtest-exporter"` +| `"gramps-project/grampsweb"` | | image.tag @@ -177,46 +177,51 @@ helm uninstall speedtest-exporter-release | `[]` | -| livenessProbe.httpGet.path -| string -| `"/"` -| - -| livenessProbe.httpGet.port -| string -| `"http"` -| - | nameOverride | string | `""` | -| networkPolicy.egress.enabled -| bool -| `false` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller, prometheus) - | nodeSelector | object | `{}` | +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"5Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + | podAnnotations | object | `{}` @@ -232,36 +237,6 @@ helm uninstall speedtest-exporter-release | `{}` | -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.interval -| string -| `"1h"` -| interval - -| prometheus.servicemonitor.labels -| object -| `{}` -| - -| prometheus.servicemonitor.scrapeTimeout -| string -| `"2m"` -| scrape timeout - -| readinessProbe.httpGet.path -| string -| `"/"` -| - -| readinessProbe.httpGet.port -| string -| `"http"` -| - | replicaCount | int | `1` @@ -279,7 +254,7 @@ helm uninstall speedtest-exporter-release | service.port | int -| `80` +| `5000` | | service.type diff --git a/grampsweb/README.md b/grampsweb/README.md deleted file mode 100644 index 7d4b0d4..0000000 --- a/grampsweb/README.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: "grampsweb" - -description: "A Helm chart for gramps web" - ---- - -# grampsweb - -![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.12.2](https://img.shields.io/badge/AppVersion-24.12.2-informational?style=flat-square) - -A Helm chart for gramps web - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/grampsweb -``` - -You can install a chart release using the following command: - -```bash -helm install grampsweb-release oci://codeberg.org/wrenix/helm-charts/grampsweb --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall grampsweb-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| gramps.baseURL | string | `"https://gramps.example.org"` | Base URL where the API can be reached (e.g. https://mygramps.mydomain.com/). This is necessary e.g. to build correct passwort reset links | -| gramps.mail.from | string | `nil` | "From" address for automated e-mails | -| gramps.mail.host | string | `nil` | SMTP server host (e.g. for sending password reset e-mails) | -| gramps.mail.password | string | `nil` | SMTP server password | -| gramps.mail.port | int | `465` | SMTP server port. | -| gramps.mail.useTLS | bool | `true` | Boolean, whether to use TLS for sending e-mails. Defaults to true. When using STARTTLS, set this to false and use a port different from 25. | -| gramps.mail.username | string | `nil` | SMTP server username | -| gramps.mediaPrefixTree | bool | `false` | whether or not to use a separate subfolder for the media files of each tree. Defaults to False, but strongly recommend to use True in a multi-tree setup | -| gramps.tree | string | `"Gramps Web"` | To enable multi-tree support, the TREE config option must be set to a single asterisk `*` | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"gramps-project/grampsweb"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `5000` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/grampsweb/templates/deployment.yaml b/grampsweb/templates/deployment.yaml index f3e15ae..7c6592f 100644 --- a/grampsweb/templates/deployment.yaml +++ b/grampsweb/templates/deployment.yaml @@ -36,6 +36,13 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.gramps }} + env: + - name: "GRAMPSWEB_TREE" + value: "{{ .tree }}" + - name: "GRAMPSWEB_BASE_URL" + value: "{{ .baseURL }}" + {{- end }} envFrom: - secretRef: name: {{ include "grampsweb.fullname" . }} diff --git a/grampsweb/templates/networkpolicy.yaml b/grampsweb/templates/networkpolicy.yaml deleted file mode 100644 index cec8c65..0000000 --- a/grampsweb/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "grampsweb.fullname" . }} - labels: - {{- include "grampsweb.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "grampsweb.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/grampsweb/templates/secret.yaml b/grampsweb/templates/secret.yaml index 2baa59e..ab2b1b0 100644 --- a/grampsweb/templates/secret.yaml +++ b/grampsweb/templates/secret.yaml @@ -6,15 +6,6 @@ metadata: labels: {{- include "grampsweb.labels" . | nindent 4 }} data: - {{- with .Values.gramps.baseURL }} - GRAMPSWEB_BASE_URL: {{ . | b64enc }} - {{- end }} - {{- with .Values.gramps.tree }} - GRAMPSWEB_TREE: {{ . | b64enc }} - {{- end }} - {{- with .Values.gramps.mediaPrefixTree }} - GRAMPSWEB_MEDIA_PREFIX_TREE: {{ . | ternary "TRUE" "FALSE" | b64enc }} - {{- end }} {{- with .Values.gramps.mediaBaseDir }} GRAMPSWEB_MEDIA_BASE_DIR: {{ . | b64enc }} {{- end }} diff --git a/grampsweb/values.yaml b/grampsweb/values.yaml index 5427161..0fc804a 100644 --- a/grampsweb/values.yaml +++ b/grampsweb/values.yaml @@ -16,12 +16,8 @@ nameOverride: "" fullnameOverride: "" gramps: - # -- To enable multi-tree support, the TREE config option must be set to a single asterisk `*` tree: "Gramps Web" - # -- Base URL where the API can be reached (e.g. https://mygramps.mydomain.com/). This is necessary e.g. to build correct passwort reset links baseURL: "https://gramps.example.org" - # -- whether or not to use a separate subfolder for the media files of each tree. Defaults to False, but strongly recommend to use True in a multi-tree setup - mediaPrefixTree: false mail: # -- SMTP server host (e.g. for sending password reset e-mails) host: @@ -90,17 +86,6 @@ service: type: ClusterIP port: 5000 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/headscale-ui/Chart.yaml b/headscale-ui/Chart.yaml index 5c486cd..401120b 100644 --- a/headscale-ui/Chart.yaml +++ b/headscale-ui/Chart.yaml @@ -3,9 +3,9 @@ name: headscale-ui description: A simple Headscale web UI for small-scale deployments. icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png type: application -version: 0.2.2 +version: 0.1.4 # renovate: image=ghcr.io/gurucomputing/headscale-ui -appVersion: "2025.01.20" +appVersion: "2024.02.24-beta1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale-ui/README.adoc b/headscale-ui/README.adoc new file mode 100644 index 0000000..fbe79ca --- /dev/null +++ b/headscale-ui/README.adoc @@ -0,0 +1,221 @@ + + += headscale-ui + +image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-2024.02.24-beta1-informational?style=flat-square[AppVersion: 2024.02.24-beta1] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall headscale-ui-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"ghcr.io"` +| + +| image.repository +| string +| `"gurucomputing/headscale-ui"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `80` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale-ui/README.md b/headscale-ui/README.md deleted file mode 100644 index 6692895..0000000 --- a/headscale-ui/README.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: "headscale-ui" - -description: "A simple Headscale web UI for small-scale deployments." - ---- - -# headscale-ui - -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2025.01.20](https://img.shields.io/badge/AppVersion-2025.01.20-informational?style=flat-square) - -A simple Headscale web UI for small-scale deployments. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui -``` - -You can install a chart release using the following command: - -```bash -helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall headscale-ui-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"gurucomputing/headscale-ui"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.https | list | `[]` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port.http | int | `8080` | | -| service.port.https | int | `8443` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale-ui/templates/deployment.yaml b/headscale-ui/templates/deployment.yaml index bb2d38b..0833241 100644 --- a/headscale-ui/templates/deployment.yaml +++ b/headscale-ui/templates/deployment.yaml @@ -38,17 +38,9 @@ spec: image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} {{- end }} - env: - - name: "HTTP_PORT" - value: {{ .Values.service.port.http | quote }} - - name: "HTTPS_PORT" - value: {{ .Values.service.port.https | quote }} ports: - name: http - containerPort: {{ .Values.service.port.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.service.port.https }} + containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: diff --git a/headscale-ui/templates/ingress.yaml b/headscale-ui/templates/ingress.yaml index 3919fc1..885bcbf 100644 --- a/headscale-ui/templates/ingress.yaml +++ b/headscale-ui/templates/ingress.yaml @@ -1,6 +1,18 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "headscale-ui.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -11,8 +23,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -31,12 +43,19 @@ spec: paths: {{- range .paths }} - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: - name: http + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/headscale-ui/templates/networkpolicy.yaml b/headscale-ui/templates/networkpolicy.yaml deleted file mode 100644 index 0a01ab1..0000000 --- a/headscale-ui/templates/networkpolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "headscale-ui.fullname" . }} - labels: - {{- include "headscale-ui.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "headscale-ui.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.port.http }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.https }} - - ports: - - port: {{ $.Values.service.port.https }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/headscale-ui/templates/service.yaml b/headscale-ui/templates/service.yaml index 4e5818e..7a3c136 100644 --- a/headscale-ui/templates/service.yaml +++ b/headscale-ui/templates/service.yaml @@ -7,13 +7,9 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port.http }} + - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http - - port: {{ .Values.service.port.https }} - targetPort: https - protocol: TCP - name: https selector: {{- include "headscale-ui.selectorLabels" . | nindent 4 }} diff --git a/headscale-ui/values.yaml b/headscale-ui/values.yaml index 47015d1..88ad28c 100644 --- a/headscale-ui/values.yaml +++ b/headscale-ui/values.yaml @@ -43,21 +43,7 @@ securityContext: {} service: type: ClusterIP - port: - http: 8080 - https: 8443 - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - https: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] + port: 80 ingress: enabled: false diff --git a/headscale/Chart.yaml b/headscale/Chart.yaml index b461907..62af4b1 100644 --- a/headscale/Chart.yaml +++ b/headscale/Chart.yaml @@ -3,9 +3,9 @@ name: headscale description: An open source, self-hosted implementation of the Tailscale control server. icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg type: application -version: 1.0.0 -# renovate: image=ghcr.io/headscale/headscale -appVersion: "0.23.0" +version: 0.3.3 +# renovate: image=docker.io/headscale/headscale +appVersion: "0.22.3" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale/README.adoc b/headscale/README.adoc new file mode 100644 index 0000000..045126e --- /dev/null +++ b/headscale/README.adoc @@ -0,0 +1,456 @@ + + += headscale + +image::https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square[Version: 0.3.3] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.22.3-informational?style=flat-square[AppVersion: 0.22.3] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/headscale +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall headscale-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| headscale.certmanager.dnsNames[0] +| string +| `"example.com"` +| + +| headscale.certmanager.enabled +| bool +| `true` +| + +| headscale.certmanager.issuerRef.group +| string +| `"cert-manager.io"` +| + +| headscale.certmanager.issuerRef.kind +| string +| `"ClusterIssuer"` +| + +| headscale.certmanager.issuerRef.name +| string +| `"letsencrypt-prod"` +| + +| headscale.config.db_path +| string +| `"/var/lib/headscale/db.sqlite"` +| + +| headscale.config.db_type +| string +| `"sqlite3"` +| + +| headscale.config.derp.paths +| list +| `[]` +| + +| headscale.config.derp.server.enabled +| bool +| `true` +| + +| headscale.config.derp.server.region_code +| string +| `"headscale"` +| + +| headscale.config.derp.server.region_id +| int +| `999` +| + +| headscale.config.derp.server.region_name +| string +| `"Headscale Embedded DERP"` +| + +| headscale.config.derp.server.stun_listen_addr +| string +| `"0.0.0.0:3478"` +| + +| headscale.config.derp.update_frequency +| string +| `"24h"` +| + +| headscale.config.derp.urls +| list +| `[]` +| + +| headscale.config.disable_check_updates +| bool +| `true` +| + +| headscale.config.grpc_listen_addr +| string +| `":50443"` +| + +| headscale.config.listen_addr +| string +| `":8080"` +| + +| headscale.config.metrics_listen_addr +| string +| `":9090"` +| + +| headscale.config.noise.private_key_path +| string +| `"/etc/headscale/secrets/noise.key"` +| + +| headscale.config.private_key_path +| string +| `"/etc/headscale/secrets/wireguard.key"` +| + +| headscale.config.server_url +| string +| `"http://127.0.0.1:8080"` +| + +| headscale.config.tls_cert_path +| string +| `"/etc/headscale/certs/tls.crt"` +| + +| headscale.config.tls_key_path +| string +| `"/etc/headscale/certs/tls.key"` +| + +| headscale.keys.create +| bool +| `true` +| Create a new private key, if not exists + +| headscale.keys.existingSecret +| string +| `""` +| Use an existing secret + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"ghcr.io"` +| + +| image.repository +| string +| `"juanfont/headscale"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `false` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Create a PV on Node with given hostPath storageClass has to be manual + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| prometheus.rules.additionalRules +| list +| `[]` +| + +| prometheus.rules.defaults.enabled +| bool +| `true` +| + +| prometheus.rules.defaults.filter +| string +| `""` +| + +| prometheus.rules.defaults.lastUpdates.critical +| int +| `3600` +| + +| prometheus.rules.defaults.lastUpdates.info +| int +| `300` +| + +| prometheus.rules.defaults.lastUpdates.warning +| int +| `600` +| + +| prometheus.rules.enabled +| bool +| `false` +| + +| prometheus.rules.labels +| object +| `{}` +| + +| prometheus.servicemonitor.enabled +| bool +| `false` +| + +| prometheus.servicemonitor.labels +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.annotations +| string +| `nil` +| + +| service.derp.annotations +| string +| `nil` +| + +| service.derp.port +| int +| `3478` +| + +| service.derp.type +| string +| `"LoadBalancer"` +| + +| service.port.grpc +| int +| `50443` +| + +| service.port.http +| int +| `8080` +| + +| service.port.metrics +| int +| `9090` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale/README.md b/headscale/README.md deleted file mode 100644 index 3e80569..0000000 --- a/headscale/README.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: "headscale" - -description: "An open source, self-hosted implementation of the Tailscale control server." - ---- - -# headscale - -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.23.0](https://img.shields.io/badge/AppVersion-0.23.0-informational?style=flat-square) - -An open source, self-hosted implementation of the Tailscale control server. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/headscale -``` - -You can install a chart release using the following command: - -```bash -helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall headscale-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| headscale.certmanager.dnsNames[0] | string | `"example.com"` | | -| headscale.certmanager.enabled | bool | `true` | | -| headscale.certmanager.issuerRef.group | string | `"cert-manager.io"` | | -| headscale.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | | -| headscale.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | | -| headscale.config.database.postgres.host | string | `"localhost"` | | -| headscale.config.database.postgres.name | string | `"headscale"` | | -| headscale.config.database.postgres.pass | string | `"bar"` | | -| headscale.config.database.postgres.port | int | `5432` | | -| headscale.config.database.postgres.user | string | `"foo"` | | -| headscale.config.database.sqlite.path | string | `"/var/lib/headscale/db.sqlite"` | | -| headscale.config.database.type | string | `"sqlite"` | | -| headscale.config.derp.paths | list | `[]` | | -| headscale.config.derp.server.enabled | bool | `true` | | -| headscale.config.derp.server.private_key_path | string | `"/etc/headscale/secrets/derp.key"` | | -| headscale.config.derp.server.region_code | string | `"headscale"` | | -| headscale.config.derp.server.region_id | int | `999` | | -| headscale.config.derp.server.region_name | string | `"Headscale Embedded DERP"` | | -| headscale.config.derp.server.stun_listen_addr | string | `"0.0.0.0:3478"` | | -| headscale.config.derp.update_frequency | string | `"24h"` | | -| headscale.config.derp.urls | list | `[]` | | -| headscale.config.disable_check_updates | bool | `true` | | -| headscale.config.dns.base_domain | string | `"example.com"` | | -| headscale.config.grpc_listen_addr | string | `":50443"` | | -| headscale.config.listen_addr | string | `":8080"` | | -| headscale.config.metrics_listen_addr | string | `":9090"` | | -| headscale.config.noise.private_key_path | string | `"/etc/headscale/secrets/noise.key"` | | -| headscale.config.prefixes.allocation | string | `"sequential"` | | -| headscale.config.prefixes.v4 | string | `"100.64.0.0/10"` | | -| headscale.config.prefixes.v6 | string | `"fd7a:115c:a1e0::/48"` | | -| headscale.config.private_key_path | string | `"/etc/headscale/secrets/wireguard.key"` | | -| headscale.config.server_url | string | `"http://127.0.0.1:8080"` | | -| headscale.config.tls_cert_path | string | `"/etc/headscale/certs/tls.crt"` | | -| headscale.config.tls_key_path | string | `"/etc/headscale/certs/tls.key"` | | -| headscale.keys.create | bool | `true` | Create a new private key, if not exists | -| headscale.keys.existingSecret | string | `""` | Use an existing secret | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"juanfont/headscale"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.derp | list | `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]` | ingress for derp | -| networkPolicy.ingress.grpc | list | `[]` | ingress for grpc port | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.defaults.enabled | bool | `true` | | -| prometheus.rules.defaults.filter | string | `""` | | -| prometheus.rules.defaults.lastUpdates.critical | int | `3600` | | -| prometheus.rules.defaults.lastUpdates.info | int | `300` | | -| prometheus.rules.defaults.lastUpdates.warning | int | `600` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.annotations | string | `nil` | | -| service.derp.annotations | string | `nil` | | -| service.derp.port | int | `3478` | | -| service.derp.type | string | `"LoadBalancer"` | | -| service.port.grpc | int | `50443` | | -| service.port.http | int | `8080` | | -| service.port.metrics | int | `9090` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale/templates/deployment.yaml b/headscale/templates/deployment.yaml index be2b749..981420f 100644 --- a/headscale/templates/deployment.yaml +++ b/headscale/templates/deployment.yaml @@ -40,6 +40,7 @@ spec: {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: + - "headscale" - "serve" ports: - name: http @@ -109,8 +110,6 @@ spec: path: "wireguard.key" - key: "noise.key" path: "noise.key" - - key: "derp.key" - path: "derp.key" {{- if .Values.headscale.certmanager.enabled }} - name: certs secret: diff --git a/headscale/templates/jobs.yaml b/headscale/templates/jobs.yaml index f848d1c..92d46de 100644 --- a/headscale/templates/jobs.yaml +++ b/headscale/templates/jobs.yaml @@ -76,10 +76,34 @@ spec: spec: restartPolicy: "Never" serviceAccount: {{ $name }} - initContainers: + containers: + - name: upload-key + image: bitnami/kubectl + command: + - sh + - -c + - | + # check if key already exists + key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['wireguard.key']}" 2> /dev/null) + [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 + [ -n "$key" ] && echo "Key already created, exiting." && exit 0 + # wait for wireguard key + while [ ! -f /etc/headscale/secrets/wireguard.key ]; do + echo "Waiting for wireguard key.." + sleep 5; + done + # update secret + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(base64 /etc/headscale/secrets/wireguard.key | tr -d '\n')\"}}" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(base64 /etc/headscale/secrets/noise.key | tr -d '\n')\"}}" + [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 + echo "Signing key successfully created." + volumeMounts: + - mountPath: /etc/headscale/secrets + name: secrets + readOnly: true - name: generate-key {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}-debug" + image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: @@ -87,49 +111,16 @@ spec: - -c - | set -e - echo "generate private-keys" - headscale generate private-key --output json > /etc/headscale/secrets/wireguard.json - headscale generate private-key --output json > /etc/headscale/secrets/noise.json - headscale generate private-key --output json > /etc/headscale/secrets/derp.json - ls /etc/headscale/secrets/ + /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/wireguard.key + chown 1001:1001 /etc/headscale/secrets/wireguard.key + /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/noise.key + chown 1001:1001 /etc/headscale/secrets/noise.key volumeMounts: - name: config mountPath: "/etc/headscale" readOnly: true - mountPath: "/etc/headscale/secrets" name: secrets - containers: - - name: upload-key - image: bitnami/kubectl - command: - - sh - - -c - - | - # check if key already exists - key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data}" 2> /dev/null) - [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - if ! echo $key | jq -e 'has("wireguard.key")' 2> /dev/null ; then - echo "store wireguard.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/wireguard.json)\"}}" - fi - if ! echo $key | jq -e 'has("noise.key")' 2> /dev/null ; then - echo "store noise.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/noise.json)\"}}" - elif ! echo $key | jq -e '.["noise.key"] |@base64d | contains("privkey")' 2> /dev/null ; then - echo "patch noise.key" - newKey="privkey:$(echo $key | jq -r '.["noise.key"]|@base64d')" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(echo $newKey | base64 -w0)\"}}" - fi - if ! echo $key | jq -e 'has("derp.key")' 2> /dev/null ; then - echo "store derp.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"derp.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/derp.json)\"}}" - fi - [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 - echo "Signing key successfully created." - volumeMounts: - - mountPath: /etc/headscale/secrets - name: secrets - readOnly: true volumes: - name: config secret: diff --git a/headscale/templates/networkpolicy.yaml b/headscale/templates/networkpolicy.yaml deleted file mode 100644 index c908973..0000000 --- a/headscale/templates/networkpolicy.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "headscale.fullname" . }} - labels: - {{- include "headscale.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "headscale.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.port.http }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.metrics }} - - ports: - - port: {{ $.Values.service.port.metrics }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.grpc }} - - ports: - - port: {{ $.Values.service.port.grpc }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.derp }} - - ports: - - port: {{ $.Values.service.derp.port }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/headscale/templates/secret.yaml b/headscale/templates/secret.yaml index 467ea1f..649ccc8 100644 --- a/headscale/templates/secret.yaml +++ b/headscale/templates/secret.yaml @@ -4,7 +4,6 @@ kind: Secret metadata: name: {{ include "headscale.fullname" . }} annotations: - "helm.sh/hook": "pre-install,pre-upgrade" config-hash: {{ toYaml .Values.headscale.config | sha256sum | trunc 32 }} type: Opaque stringData: diff --git a/headscale/values.yaml b/headscale/values.yaml index d90e827..6de3d02 100644 --- a/headscale/values.yaml +++ b/headscale/values.yaml @@ -36,20 +36,21 @@ headscale: grpc_listen_addr: ":50443" server_url: http://127.0.0.1:8080 - disable_check_updates: true # SQLite config - database: - type: sqlite - sqlite: - # For production: - path: /var/lib/headscale/db.sqlite - postgres: - host: localhost - port: 5432 - name: headscale - user: foo - pass: bar + db_type: sqlite3 + + # For production: + db_path: /var/lib/headscale/db.sqlite + + # # Postgres config + # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. + # db_type: postgres + # db_host: localhost + # db_port: 5432 + # db_name: headscale + # db_user: foo + # db_pass: bar private_key_path: "/etc/headscale/secrets/wireguard.key" noise: private_key_path: "/etc/headscale/secrets/noise.key" @@ -58,10 +59,6 @@ headscale: ## Use already defined certificates: tls_cert_path: "/etc/headscale/certs/tls.crt" tls_key_path: "/etc/headscale/certs/tls.key" - prefixes: - v6: fd7a:115c:a1e0::/48 - v4: 100.64.0.0/10 - allocation: sequential derp: server: enabled: true @@ -69,14 +66,12 @@ headscale: region_code: "headscale" region_name: "Headscale Embedded DERP" stun_listen_addr: "0.0.0.0:3478" - private_key_path: "/etc/headscale/secrets/derp.key" urls: [] # - https://controlplane.tailscale.com/derpmap/default paths: [] # auto_update_enabled: true update_frequency: 24h - dns: - base_domain: example.com + disable_check_updates: true prometheus: servicemonitor: @@ -165,28 +160,6 @@ service: annotations: port: 3478 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - # -- ingress for metrics port (e.g. prometheus) - metrics: [] - # -- ingress for grpc port - grpc: [] - # -- ingress for derp - derp: - - ipBlock: - cidr: 0.0.0.0/0 - - ipBlock: - cidr: ::/0 - - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/home-assistant/Chart.yaml b/home-assistant/Chart.yaml index 62cdbed..8726eb4 100644 --- a/home-assistant/Chart.yaml +++ b/home-assistant/Chart.yaml @@ -1,11 +1,10 @@ apiVersion: v2 name: home-assistant description: Home Assistant with tooling to run on an k3s pi -icon: https://www.home-assistant.io/images/favicon-192x192.png type: application -version: 0.3.3 +version: 0.1.11 # renovate: image=ghcr.io/home-assistant/home-assistant -appVersion: "2025.1.3" +appVersion: "2024.5.5" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/home-assistant/README.adoc b/home-assistant/README.adoc new file mode 100644 index 0000000..25ba98c --- /dev/null +++ b/home-assistant/README.adoc @@ -0,0 +1,401 @@ + + += home-assistant + +image::https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square[Version: 0.1.11] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-2024.5.5-informational?style=flat-square[AppVersion: 2024.5.5] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/home-assistant +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install home-assistant-release oci://codeberg.org/wrenix/helm-charts/home-assistant --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall home-assistant-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"ghcr.io"` +| + +| image.repository +| string +| `"home-assistant/home-assistant"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| livenessProbe.httpGet.path +| string +| `"/"` +| + +| livenessProbe.httpGet.port +| string +| `"http"` +| + +| nameOverride +| string +| `""` +| + +| nats.enabled +| bool +| `true` +| + +| nats.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| nats.image.registry +| string +| `"docker.io"` +| + +| nats.image.repository +| string +| `"library/nats"` +| + +| nats.image.tag +| string +| `"2.10.16-scratch"` +| + +| nats.livenessProbe.tcpSocket.port +| string +| `"nats"` +| + +| nats.readinessProbe.tcpSocket.port +| string +| `"nats"` +| + +| nats.resources.limits.cpu +| string +| `"100m"` +| + +| nats.resources.limits.memory +| string +| `"128Mi"` +| + +| nats.resources.requests.cpu +| string +| `"100m"` +| + +| nats.resources.requests.memory +| string +| `"128Mi"` +| + +| nats.service.port.mqtt +| int +| `1883` +| + +| nats.service.port.nats +| int +| `4222` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `false` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| readinessProbe.httpGet.path +| string +| `"/"` +| + +| readinessProbe.httpGet.port +| string +| `"http"` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `80` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| Annotations to add to the service account + +| serviceAccount.create +| bool +| `true` +| Specifies whether a service account should be created + +| serviceAccount.name +| string +| `""` +| If not set and create is true, a name is generated using the fullname template + +| tolerations +| list +| `[]` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| + +| zigbee2mqtt.config.homeassistant +| bool +| `true` +| + +| zigbee2mqtt.config.serial.port +| string +| `"/dev/ttyACM0"` +| + +| zigbee2mqtt.device +| string +| `"/dev/ttyACM0"` +| + +| zigbee2mqtt.enabled +| bool +| `true` +| + +| zigbee2mqtt.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| zigbee2mqtt.image.registry +| string +| `"docker.io"` +| + +| zigbee2mqtt.image.repository +| string +| `"koenkk/zigbee2mqtt"` +| + +| zigbee2mqtt.image.tag +| string +| `"1.37.1"` +| + +| zigbee2mqtt.ingress.hosts +| list +| `[]` +| + +| zigbee2mqtt.securityContext.privileged +| bool +| `true` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/home-assistant/README.md b/home-assistant/README.md deleted file mode 100644 index 8532654..0000000 --- a/home-assistant/README.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: "home-assistant" - -description: "Home Assistant with tooling to run on an k3s pi" - ---- - -# home-assistant - -![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2025.1.3](https://img.shields.io/badge/AppVersion-2025.1.3-informational?style=flat-square) - -Home Assistant with tooling to run on an k3s pi - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/home-assistant -``` - -You can install a chart release using the following command: - -```bash -helm install home-assistant-release oci://codeberg.org/wrenix/helm-charts/home-assistant --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall home-assistant-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"home-assistant/home-assistant"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nats.enabled | bool | `true` | | -| nats.image.pullPolicy | string | `"IfNotPresent"` | | -| nats.image.registry | string | `"docker.io"` | | -| nats.image.repository | string | `"library/nats"` | | -| nats.image.tag | string | `"2.10.24-scratch"` | | -| nats.livenessProbe.tcpSocket.port | string | `"nats"` | | -| nats.readinessProbe.tcpSocket.port | string | `"nats"` | | -| nats.resources.limits.cpu | string | `"100m"` | | -| nats.resources.limits.memory | string | `"128Mi"` | | -| nats.resources.requests.cpu | string | `"100m"` | | -| nats.resources.requests.memory | string | `"128Mi"` | | -| nats.service.port.mqtt | int | `1883` | | -| nats.service.port.nats | int | `4222` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.podmonitor.bearerTokenSecret | object | `{}` | | -| prometheus.podmonitor.enabled | bool | `false` | | -| prometheus.podmonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | -| zigbee2mqtt.config.homeassistant.enabled | bool | `true` | | -| zigbee2mqtt.config.serial.port | string | `"/dev/ttyACM0"` | | -| zigbee2mqtt.device | string | `"/dev/ttyACM0"` | | -| zigbee2mqtt.enabled | bool | `true` | | -| zigbee2mqtt.image.pullPolicy | string | `"IfNotPresent"` | | -| zigbee2mqtt.image.registry | string | `"docker.io"` | | -| zigbee2mqtt.image.repository | string | `"koenkk/zigbee2mqtt"` | | -| zigbee2mqtt.image.tag | string | `"2.0.0"` | | -| zigbee2mqtt.ingress.hosts | list | `[]` | | -| zigbee2mqtt.securityContext.privileged | bool | `true` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/home-assistant/artifacthub-repo.yml b/home-assistant/artifacthub-repo.yml deleted file mode 100644 index c801df4..0000000 --- a/home-assistant/artifacthub-repo.yml +++ /dev/null @@ -1 +0,0 @@ -repositoryID: a2209d76-d5e9-4809-ac29-536b59035c65 diff --git a/home-assistant/templates/deployment.yaml b/home-assistant/templates/deployment.yaml index 7424548..d7a8c3d 100644 --- a/home-assistant/templates/deployment.yaml +++ b/home-assistant/templates/deployment.yaml @@ -11,7 +11,7 @@ spec: selector: matchLabels: {{- include "home-assistant.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: home-assistant + type: main template: metadata: {{- with .Values.podAnnotations }} @@ -20,7 +20,7 @@ spec: {{- end }} labels: {{- include "home-assistant.labels" . | nindent 8 }} - app.kubernetes.io/component: home-assistant + type: main {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/home-assistant/templates/podmonitor.yaml b/home-assistant/templates/podmonitor.yaml deleted file mode 100644 index 1ef9aa6..0000000 --- a/home-assistant/templates/podmonitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.prometheus.podmonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} - {{- with .Values.prometheus.podmonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "home-assistant.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: home-assistant - podMetricsEndpoints: - - port: http - path: "/api/prometheus" - bearerTokenSecret: - {{- toYaml .Values.prometheus.podmonitor.bearerTokenSecret | nindent 8 }} -{{- end }} diff --git a/home-assistant/templates/service.yaml b/home-assistant/templates/service.yaml index c7e68dd..116e90a 100644 --- a/home-assistant/templates/service.yaml +++ b/home-assistant/templates/service.yaml @@ -8,7 +8,7 @@ spec: type: {{ .Values.service.type }} selector: {{- include "home-assistant.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: home-assistant + type: main ports: - port: {{ .Values.service.port }} targetPort: http diff --git a/home-assistant/templates/zigbee2mqtt/configmap.yaml b/home-assistant/templates/zigbee2mqtt/configmap.yaml index 94705ab..3e09a29 100644 --- a/home-assistant/templates/zigbee2mqtt/configmap.yaml +++ b/home-assistant/templates/zigbee2mqtt/configmap.yaml @@ -10,9 +10,7 @@ data: ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' {{- with .Values.zigbee2mqtt.config }} {{- with .homeassistant }} - {{- with .enabled }} - ZIGBEE2MQTT_CONFIG_HOMEASSISTANT_ENABLED: {{ . | quote }} - {{- end }} + ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: {{ . | quote }} {{- end }} {{- range $key, $value := .serial}} ZIGBEE2MQTT_CONFIG_SERIAL_{{ $key | upper }}: {{ $value | quote }} diff --git a/home-assistant/values.yaml b/home-assistant/values.yaml index 8afd727..04e79c1 100644 --- a/home-assistant/values.yaml +++ b/home-assistant/values.yaml @@ -24,7 +24,7 @@ nats: registry: docker.io repository: library/nats pullPolicy: IfNotPresent - tag: "2.10.24-scratch" + tag: "2.10.16-scratch" service: port: nats: 4222 @@ -50,24 +50,17 @@ zigbee2mqtt: registry: docker.io repository: koenkk/zigbee2mqtt pullPolicy: IfNotPresent - tag: 2.0.0 + tag: 1.37.1 device: /dev/ttyACM0 securityContext: privileged: true ingress: hosts: [] config: - homeassistant: - enabled: true + homeassistant: true serial: port: /dev/ttyACM0 -prometheus: - podmonitor: - enabled: false - labels: {} - bearerTokenSecret: {} - persistence: enabled: false annotations: {} diff --git a/hydrogen-web/Chart.yaml b/hydrogen-web/Chart.yaml index b06ec87..e871ab7 100644 --- a/hydrogen-web/Chart.yaml +++ b/hydrogen-web/Chart.yaml @@ -3,9 +3,9 @@ name: hydrogen-web description: A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient) icon: https://raw.githubusercontent.com/element-hq/hydrogen-web/master/src/platform/web/assets/icon.svg type: application -version: "0.1.9" +version: 0.1.6 # renovate: image=ghcr.io/element-hq/hydrogen-web -appVersion: "0.5.1" +appVersion: "0.4.1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/hydrogen-web/README.adoc b/hydrogen-web/README.adoc index 21a65e4..a1f15c3 100644 --- a/hydrogen-web/README.adoc +++ b/hydrogen-web/README.adoc @@ -2,9 +2,9 @@ = hydrogen-web -image::https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square[Version: 0.1.9] +image::https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square[Version: 0.1.6] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.5.1-informational?style=flat-square[AppVersion: 0.5.1] +image::https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square[AppVersion: 0.4.1] == Maintainers .Maintainers diff --git a/hydrogen-web/README.md b/hydrogen-web/README.md deleted file mode 100644 index cc3ee37..0000000 --- a/hydrogen-web/README.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: "hydrogen-web" - -description: "A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient)" - ---- - -# hydrogen-web - -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.1](https://img.shields.io/badge/AppVersion-0.5.1-informational?style=flat-square) - -A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/hydrogen-web -``` - -You can install a chart release using the following command: - -```bash -helm install hydrogen-web-release oci://codeberg.org/wrenix/helm-charts/hydrogen-web --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall hydrogen-web-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| hydrogen.bugReportEndpointUrl" | string | `"https://element.io/bugreports/submit"` | | -| hydrogen.defaultHomeServer | string | `"matrix.org"` | | -| hydrogen.defaultTheme.dark | string | `"element-dark"` | | -| hydrogen.defaultTheme.light | string | `"element-light"` | | -| hydrogen.push.appId | string | `"io.element.hydrogen.web"` | | -| hydrogen.push.applicationServerKey | string | `"BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"` | | -| hydrogen.push.gatewayUrl | string | `"https://matrix.org"` | | -| hydrogen.themeManifests[0] | string | `"assets/theme-element.json"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/element-hq/hydrogen-web"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/jellyfin/Chart.yaml b/jellyfin/Chart.yaml index 1566162..ae1efc9 100644 --- a/jellyfin/Chart.yaml +++ b/jellyfin/Chart.yaml @@ -3,9 +3,9 @@ name: jellyfin description: The Free Software Media System icon: https://raw.githubusercontent.com/jellyfin/jellyfin-ux/master/branding/SVG/icon-transparent.svg type: application -version: "0.3.8" -# renovate: image=ghcr.io/jellyfin/jellyfin -appVersion: "10.10.4" +version: 0.1.6 +# renovate: image=docker.io/jellyfin/jellyfin +appVersion: "10.8.13-1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/jellyfin/README.adoc b/jellyfin/README.adoc new file mode 100644 index 0000000..746f467 --- /dev/null +++ b/jellyfin/README.adoc @@ -0,0 +1,251 @@ + + += jellyfin + +image::https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square[Version: 0.1.6] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-10.8.13-1-informational?style=flat-square[AppVersion: 10.8.13-1] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/jellyfin +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install jellyfin-release oci://codeberg.org/wrenix/helm-charts/jellyfin --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall jellyfin-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"docker.io/jellyfin/jellyfin"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.config.hostPath +| string +| `nil` +| + +| persistence.config.nfs.path +| string +| `"/"` +| + +| persistence.config.nfs.server +| string +| `nil` +| + +| persistence.config.pvc.enabled +| bool +| `false` +| + +| persistence.media.hostPath +| string +| `nil` +| + +| persistence.media.nfs.path +| string +| `"/"` +| + +| persistence.media.nfs.server +| string +| `nil` +| + +| persistence.media.pvc.enabled +| bool +| `false` +| + +| persistence.media.readOnly +| bool +| `true` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `8096` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/jellyfin/README.md b/jellyfin/README.md deleted file mode 100644 index e5aaf8d..0000000 --- a/jellyfin/README.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: "jellyfin" - -description: "The Free Software Media System" - ---- - -# jellyfin - -![Version: 0.3.8](https://img.shields.io/badge/Version-0.3.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 10.10.4](https://img.shields.io/badge/AppVersion-10.10.4-informational?style=flat-square) - -The Free Software Media System - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/jellyfin -``` - -You can install a chart release using the following command: - -```bash -helm install jellyfin-release oci://codeberg.org/wrenix/helm-charts/jellyfin --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall jellyfin-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.enabled | bool | `false` | | -| config.image | object | `{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"tomwright/dasel","tag":"2.8.1"}` | image to patch config | -| config.metrics | bool | `false` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"jellyfin/jellyfin"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller, prometheus) | -| nodeSelector | object | `{}` | | -| persistence.config.hostPath | string | `nil` | | -| persistence.config.nfs.path | string | `"/"` | | -| persistence.config.nfs.server | string | `nil` | | -| persistence.config.pvc.enabled | bool | `false` | | -| persistence.media.hostPath | string | `nil` | | -| persistence.media.nfs.path | string | `"/"` | | -| persistence.media.nfs.server | string | `nil` | | -| persistence.media.pvc.enabled | bool | `false` | | -| persistence.media.readOnly | bool | `true` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8096` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/jellyfin/files/config-patch.sh.gotmpl b/jellyfin/files/config-patch.sh.gotmpl deleted file mode 100644 index ceff831..0000000 --- a/jellyfin/files/config-patch.sh.gotmpl +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -dasel -f /config/config/system.xml put ServerConfiguration.EnableMetrics -t bool -v {{ .Values.config.metrics | quote}} diff --git a/jellyfin/grafana_dashboards/my.json b/jellyfin/grafana_dashboards/my.json deleted file mode 100644 index 307664d..0000000 --- a/jellyfin/grafana_dashboards/my.json +++ /dev/null @@ -1,585 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(dotnet_total_memory_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "Dotnet total memory", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(process_private_memory_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "hide": false, - "interval": "", - "legendFormat": "Process private memory", - "range": true, - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(process_working_set_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "hide": false, - "interval": "", - "legendFormat": "Process working set", - "range": true, - "refId": "C" - } - ], - "title": "Memory usage", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(rate(dotnet_exceptions_total{container=\"jellyfin\"}[$__rate_interval])) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "title": "Exceptions", - "type": "timeseries" - }, - { - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 11, - "title": "HTTP Requests", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 8, - "x": 0, - "y": 10 - }, - "id": 8, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(irate(http_requests_received_total{container=\"jellyfin\"}[$__rate_interval])) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "{{method}} {{controller}} {{action}} {{code}}", - "range": true, - "refId": "A" - } - ], - "title": "Requests per Seconds", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 7, - "x": 8, - "y": 10 - }, - "id": 9, - "options": { - "calculate": false, - "cellGap": 1, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false - } - }, - "pluginVersion": "11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(increase(http_request_duration_seconds_bucket{container=\"jellyfin\"}[$__rate_interval])) by(le)", - "format": "heatmap", - "interval": "", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Latency", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "log": 10, - "type": "log" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 9, - "x": 15, - "y": 10 - }, - "id": 10, - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "sortBy": "Name", - "sortDesc": false - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket{container=\"jellyfin\"}[$__rate_interval])) without(container,endpoint, instance, pod, code, exported_endpoint, method,action))", - "interval": "", - "legendFormat": "{{controller}}.", - "range": true, - "refId": "A" - } - ], - "title": "Latency", - "type": "timeseries" - } - ], - "refresh": "30s", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timeRangeUpdatedDuringEditOrView": false, - "timepicker": {}, - "timezone": "", - "title": "Jellyfin", - "uid": "zkWB8mtnk", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/jellyfin/templates/configmap.yaml b/jellyfin/templates/configmap.yaml deleted file mode 100644 index 7252259..0000000 --- a/jellyfin/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.config.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jellyfin.fullname" . }}-config - labels: - {{- include "jellyfin.labels" . | nindent 4 }} -data: - patch.sh: |- - {{ tpl (.Files.Get "files/config-patch.sh.gotmpl") . | nindent 4 }} -{{- end }} diff --git a/jellyfin/templates/configmap_grafana_dashboards.yaml b/jellyfin/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 1f5ae52..0000000 --- a/jellyfin/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jellyfin.fullname" $ }}-grafana-dashboards - labels: - {{- include "jellyfin.labels" $ | nindent 4 }} - {{- toYaml $.Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml $.Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/jellyfin/templates/deployment.yaml b/jellyfin/templates/deployment.yaml index cce06ba..f1585f0 100644 --- a/jellyfin/templates/deployment.yaml +++ b/jellyfin/templates/deployment.yaml @@ -32,32 +32,12 @@ spec: serviceAccountName: {{ include "jellyfin.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if .Values.config.enabled }} - initContainers: - - name: patch-config - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.config.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - command: - - "/bin/sh" - - "/scripts/init.sh" - volumeMounts: - - mountPath: /config - name: config - - mountPath: /scripts - name: configmap - {{- end }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.port }} @@ -70,12 +50,6 @@ spec: httpGet: path: / port: http - startupProbe: - httpGet: - path: / - port: http - failureThreshold: 60 - periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -116,15 +90,6 @@ spec: {{- end }} - name: cache emptyDir: {} - {{- if .Values.config.enabled }} - - name: configmap - configMap: - name: {{ include "jellyfin.fullname" . }}-config - defaultMode: 0755 - items: - - key: "patch.sh" - path: "init.sh" - {{- end }} - name: media {{- with .Values.persistence.media }} {{- if .nfs.server }} diff --git a/jellyfin/templates/networkpolicy.yaml b/jellyfin/templates/networkpolicy.yaml deleted file mode 100644 index ea76391..0000000 --- a/jellyfin/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jellyfin.fullname" . }} - labels: - {{- include "jellyfin.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "jellyfin.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/jellyfin/templates/servicemonitor.yaml b/jellyfin/templates/servicemonitor.yaml deleted file mode 100644 index f99ead8..0000000 --- a/jellyfin/templates/servicemonitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.config.metrics .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "jellyfin.fullname" . }} - labels: - {{- include "jellyfin.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "jellyfin.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics" -{{- end }} - diff --git a/jellyfin/templates/tests/test-connection.yaml b/jellyfin/templates/tests/test-connection.yaml new file mode 100644 index 0000000..98fb0ee --- /dev/null +++ b/jellyfin/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "jellyfin.fullname" . }}-test-connection" + labels: + {{- include "jellyfin.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "jellyfin.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/jellyfin/values.yaml b/jellyfin/values.yaml index d668303..a2e87ab 100644 --- a/jellyfin/values.yaml +++ b/jellyfin/values.yaml @@ -1,33 +1,19 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: +# Default values for jellyfin. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. replicaCount: 1 image: - registry: ghcr.io - repository: jellyfin/jellyfin + repository: docker.io/jellyfin/jellyfin pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. + # Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -config: - enabled: false - # -- image to patch config - image: - registry: ghcr.io - repository: tomwright/dasel - pullPolicy: IfNotPresent - tag: "2.8.1" - metrics: false - persistence: config: nfs: @@ -72,29 +58,6 @@ service: type: ClusterIP port: 8096 -prometheus: - servicemonitor: - enabled: false - labels: {} - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller, prometheus) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/matrix-authentication-service/Chart.yaml b/matrix-authentication-service/Chart.yaml index e9792db..69d3cb1 100644 --- a/matrix-authentication-service/Chart.yaml +++ b/matrix-authentication-service/Chart.yaml @@ -4,9 +4,9 @@ name: matrix-authentication-service description: OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861) icon: https://matrix.org/images/matrix-logo.svg type: application -version: "0.0.7" +version: 0.0.3 # renovate: image=ghcr.io/matrix-org/matrix-authentication-service -appVersion: "0.11.0" +appVersion: "0.9.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/matrix-authentication-service/README.adoc b/matrix-authentication-service/README.adoc index 263cb2b..f341bfd 100644 --- a/matrix-authentication-service/README.adoc +++ b/matrix-authentication-service/README.adoc @@ -2,9 +2,9 @@ = matrix-authentication-service -image::https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square[Version: 0.0.7] +image::https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square[Version: 0.0.3] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square[AppVersion: 0.11.0] +image::https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square[AppVersion: 0.9.0] == Maintainers .Maintainers @@ -612,14 +612,9 @@ helm uninstall matrix-authentication-service-release | `1000` | -| service.port.http +| service.port | int -| `8080` -| - -| service.port.metrics -| int -| `9100` +| `80` | | service.type diff --git a/matrix-authentication-service/README.md b/matrix-authentication-service/README.md deleted file mode 100644 index d29c6e3..0000000 --- a/matrix-authentication-service/README.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -title: "matrix-authentication-service" - -description: "OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)" - ---- - -# matrix-authentication-service - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square) - -OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-authentication-service-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.branding.imprint | string | `nil` | | -| config.branding.logo_uri | string | `nil` | | -| config.branding.policy_uri | string | `nil` | | -| config.branding.service_name | string | `nil` | | -| config.branding.tos_uri | string | `nil` | | -| config.clients | list | `[]` | | -| config.database.connect_timeout | int | `30` | | -| config.database.database | string | `"sliding_sync"` | | -| config.database.host | string | `"localhost"` | | -| config.database.idle_timeout | int | `600` | | -| config.database.max_connections | int | `10` | | -| config.database.max_lifetime | int | `1800` | | -| config.database.min_connections | int | `0` | | -| config.database.password | string | `"secret"` | | -| config.database.port | int | `5432` | | -| config.database.username | string | `"sliding_sync"` | | -| config.email.from | string | `"\"Authentication Service\" "` | | -| config.email.reply_to | string | `"\"Authentication Service\" "` | | -| config.email.transport | string | `"blackhole"` | | -| config.experimental.access_token_ttl | int | `300` | | -| config.experimental.compat_token_ttl | int | `300` | | -| config.http.issuer | string | `"http://[::]:8080/"` | | -| config.http.listeners[0].binds[0].address | string | `"[::]:8080"` | | -| config.http.listeners[0].name | string | `"http"` | | -| config.http.listeners[0].proxy_protocol | bool | `false` | | -| config.http.listeners[0].resources[0].name | string | `"discovery"` | | -| config.http.listeners[0].resources[1].name | string | `"human"` | | -| config.http.listeners[0].resources[2].name | string | `"oauth"` | | -| config.http.listeners[0].resources[3].name | string | `"compat"` | | -| config.http.listeners[0].resources[4].name | string | `"graphql"` | | -| config.http.listeners[0].resources[4].playground | bool | `true` | | -| config.http.listeners[0].resources[5].name | string | `"assets"` | | -| config.http.listeners[0].resources[5].path | string | `"/usr/local/share/mas-cli/assets/"` | | -| config.http.listeners[1].binds[0].address | string | `"[::]:8081"` | | -| config.http.listeners[1].name | string | `"internal"` | | -| config.http.listeners[1].resources[0].name | string | `"health"` | | -| config.http.listeners[2].binds[0].address | string | `"[::]:9100"` | | -| config.http.listeners[2].name | string | `"metrics"` | | -| config.http.listeners[2].resources[0].name | string | `"prometheus"` | | -| config.http.public_base | string | `"http://[::]:8080/"` | | -| config.http.trusted_proxies[0] | string | `"192.128.0.0/16"` | | -| config.http.trusted_proxies[1] | string | `"172.16.0.0/12"` | | -| config.http.trusted_proxies[2] | string | `"10.0.0.0/10"` | | -| config.http.trusted_proxies[3] | string | `"127.0.0.1/8"` | | -| config.http.trusted_proxies[4] | string | `"fd00::/8"` | | -| config.http.trusted_proxies[5] | string | `"::1/128"` | | -| config.matrix.endpoint | string | `"http://localhost:8008/"` | | -| config.matrix.homeserver | string | `"localhost:8008"` | | -| config.matrix.secret | string | `"kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G"` | | -| config.passwords.enabled | bool | `true` | | -| config.passwords.schemes[0].algorithm | string | `"argon2id"` | | -| config.passwords.schemes[0].version | int | `1` | | -| config.policy.authorization_grant_entrypoint | string | `"authorization_grant/violation"` | | -| config.policy.client_registration_entrypoint | string | `"client_registration/violation"` | | -| config.policy.data | string | `nil` | | -| config.policy.email_entrypoint | string | `"email/violation"` | | -| config.policy.password_entrypoint | string | `"password/violation"` | | -| config.policy.register_entrypoint | string | `"register/violation"` | | -| config.policy.wasm_module | string | `"/usr/local/share/mas-cli/policy.wasm"` | | -| config.secrets.encryption | string | `nil` | | -| config.secrets.keys | list | `[]` | | -| config.telemetry.metrics.exporter | string | `"prometheus"` | | -| config.telemetry.sentry.dsn | string | `nil` | | -| config.telemetry.tracing.exporter | string | `"none"` | | -| config.telemetry.tracing.propagators | list | `[]` | | -| config.templates.assets_manifest | string | `"/usr/local/share/mas-cli/manifest.json"` | | -| config.templates.path | string | `"/usr/local/share/mas-cli/templates/"` | | -| config.templates.translations_path | string | `"/usr/local/share/mas-cli/translations/"` | | -| config.upstream_oauth2.providers | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"matrix-org/matrix-authentication-service"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"auth.matrix.chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/l"` | | -| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | -| ingress.hosts[1].host | string | `"matrix.chart-example.local"` | | -| ingress.hosts[1].paths[0].path | string | `"/_matrix/client/v3/login"` | | -| ingress.hosts[1].paths[0].pathType | string | `"Exact"` | | -| ingress.hosts[1].paths[1].path | string | `"/_matrix/client/v3/logout"` | | -| ingress.hosts[1].paths[1].pathType | string | `"Exact"` | | -| ingress.hosts[1].paths[2].path | string | `"/_matrix/client/v3/refresh"` | | -| ingress.hosts[1].paths[2].pathType | string | `"Exact"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/health"` | | -| livenessProbe.httpGet.port | string | `"internal"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext.fsGroup | int | `1000` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/health"` | | -| readinessProbe.httpGet.port | string | `"internal"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext.capabilities.drop[0] | string | `"ALL"` | | -| securityContext.readOnlyRootFilesystem | bool | `true` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `1000` | | -| service.port.http | int | `8080` | | -| service.port.metrics | int | `9100` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-authentication-service/templates/NOTES.txt b/matrix-authentication-service/templates/NOTES.txt index c536676..eb6d3bb 100644 --- a/matrix-authentication-service/templates/NOTES.txt +++ b/matrix-authentication-service/templates/NOTES.txt @@ -13,7 +13,7 @@ NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "matrix-authentication-service.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "matrix-authentication-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port.http }} + echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "matrix-authentication-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") diff --git a/matrix-authentication-service/templates/deployment.yaml b/matrix-authentication-service/templates/deployment.yaml index 20e6035..7098849 100644 --- a/matrix-authentication-service/templates/deployment.yaml +++ b/matrix-authentication-service/templates/deployment.yaml @@ -93,16 +93,14 @@ spec: value: "/etc/mas-config.yaml" ports: - name: http - containerPort: {{ .Values.service.port.http }} + containerPort: 8080 protocol: TCP - name: internal containerPort: 8081 protocol: TCP - {{- with .Values.service.port.metrics }} - name: metrics - containerPort: {{ . }} + containerPort: 9100 protocol: TCP - {{- end }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/matrix-authentication-service/templates/ingress.yaml b/matrix-authentication-service/templates/ingress.yaml index fc4c84f..f8449a6 100644 --- a/matrix-authentication-service/templates/ingress.yaml +++ b/matrix-authentication-service/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "matrix-authentication-service.fullname" . -}} -{{- $svcPort := .Values.service.port.http -}} +{{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} diff --git a/matrix-authentication-service/templates/service.yaml b/matrix-authentication-service/templates/service.yaml index 5734b7e..fa006ca 100644 --- a/matrix-authentication-service/templates/service.yaml +++ b/matrix-authentication-service/templates/service.yaml @@ -11,9 +11,9 @@ spec: ports: - name: http protocol: TCP - port: {{ .Values.service.port.http }} + port: {{ .Values.service.port }} targetPort: http - {{- with .Values.service.port.metrics }} + {{- with .Values.config.metrics }} - name: metrics protocol: TCP port: {{ . }} diff --git a/matrix-authentication-service/templates/tests/test-connection.yaml b/matrix-authentication-service/templates/tests/test-connection.yaml index 593372a..97fdcb4 100644 --- a/matrix-authentication-service/templates/tests/test-connection.yaml +++ b/matrix-authentication-service/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "matrix-authentication-service.fullname" . }}:{{ .Values.service.port.http }}'] + args: ['{{ include "matrix-authentication-service.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/matrix-authentication-service/values.yaml b/matrix-authentication-service/values.yaml index 1924585..5e4a19c 100644 --- a/matrix-authentication-service/values.yaml +++ b/matrix-authentication-service/values.yaml @@ -146,9 +146,7 @@ securityContext: service: type: ClusterIP - port: - http: 8080 - metrics: 9100 + port: 80 ingress: enabled: false diff --git a/matrix-sliding-sync/Chart.yaml b/matrix-sliding-sync/Chart.yaml index 06c81bd..f9360e1 100644 --- a/matrix-sliding-sync/Chart.yaml +++ b/matrix-sliding-sync/Chart.yaml @@ -4,9 +4,9 @@ name: matrix-sliding-sync description: Proxy implementation of MSC3575's sync protocol. icon: https://matrix.org/images/matrix-logo.svg type: application -version: "0.2.2" +version: 0.1.2 # renovate: image=ghcr.io/matrix-org/sliding-sync -appVersion: "0.99.19" +appVersion: "0.99.18" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/matrix-sliding-sync/README.adoc b/matrix-sliding-sync/README.adoc index 37179ba..c72b179 100644 --- a/matrix-sliding-sync/README.adoc +++ b/matrix-sliding-sync/README.adoc @@ -2,9 +2,9 @@ = matrix-sliding-sync -image::https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square[Version: 0.2.2] +image::https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square[Version: 0.1.2] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.99.19-informational?style=flat-square[AppVersion: 0.99.19] +image::https://img.shields.io/badge/AppVersion-0.99.18-informational?style=flat-square[AppVersion: 0.99.18] == Maintainers .Maintainers @@ -87,21 +87,6 @@ helm uninstall matrix-sliding-sync-release | `9100` | -| config.opentelemetry.password -| string -| `nil` -| - -| config.opentelemetry.url -| string -| `nil` -| - -| config.opentelemetry.username -| string -| `nil` -| - | config.postgresql.database | string | `"sliding_sync"` @@ -157,21 +142,6 @@ helm uninstall matrix-sliding-sync-release | `nil` | if set it will overwrite all registry entries -| grafana.dashboards.annotations -| object -| `{}` -| - -| grafana.dashboards.enabled -| bool -| `false` -| - -| grafana.dashboards.labels.grafana_dashboard -| string -| `"1"` -| - | image.pullPolicy | string | `"IfNotPresent"` diff --git a/matrix-sliding-sync/README.md b/matrix-sliding-sync/README.md deleted file mode 100644 index 422c3f3..0000000 --- a/matrix-sliding-sync/README.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: "matrix-sliding-sync" - -description: "Proxy implementation of MSC3575's sync protocol." - ---- - -# matrix-sliding-sync - -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.99.19](https://img.shields.io/badge/AppVersion-0.99.19-informational?style=flat-square) - -Proxy implementation of MSC3575's sync protocol. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-sliding-sync-release oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-sliding-sync-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.homeserver | string | `"http://localhost:8008"` | | -| config.logLevel | string | `"INFO"` | | -| config.metrics | int | `9100` | | -| config.opentelemetry.password | string | `nil` | | -| config.opentelemetry.url | string | `nil` | | -| config.opentelemetry.username | string | `nil` | | -| config.postgresql.database | string | `"sliding_sync"` | | -| config.postgresql.host | string | `"localhost"` | | -| config.postgresql.maxConn | int | `0` | | -| config.postgresql.password | string | `"secret"` | | -| config.postgresql.port | int | `5432` | | -| config.postgresql.sslmode | string | `"disable"` | | -| config.postgresql.username | string | `"sliding_sync"` | | -| config.syncSecret | string | `nil` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"matrix-org/sliding-sync"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.tcpSocket.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext.fsGroup | int | `2000` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.tcpSocket.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext.capabilities.drop[0] | string | `"ALL"` | | -| securityContext.readOnlyRootFilesystem | bool | `true` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `1000` | | -| service.port | int | `8008` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-sliding-sync/grafana_dashboards/sliding-sync.json b/matrix-sliding-sync/grafana_dashboards/sliding-sync.json deleted file mode 100644 index 639f914..0000000 --- a/matrix-sliding-sync/grafana_dashboards/sliding-sync.json +++ /dev/null @@ -1,2120 +0,0 @@ -{ - "__inputs": [], - "__elements": {}, - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "10.4.1" - }, - { - "type": "panel", - "id": "heatmap", - "name": "Heatmap", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "timeseries", - "name": "Time series", - "version": "" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 1, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 14, - "panels": [], - "title": "Sliding Sync API", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Actively syncing clients i.e the connection hasn't expired yet. ", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "conns" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Expired Connections (full buffer)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "custom.lineStyle", - "value": { - "dash": [ - 0, - 10 - ], - "fill": "dot" - } - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - }, - { - "id": "custom.lineWidth", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Expired Connections (timed out)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 6, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "exemplar": false, - "expr": "sum(sliding_sync_api_num_active_conns)", - "fullMetaSearch": false, - "includeNullMetadata": true, - "instant": false, - "legendFormat": "Active Connections", - "range": true, - "refId": "A", - "useBackend": false - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "increase(sliding_sync_api_expiry_conn_buffer_full[5m])", - "fullMetaSearch": false, - "hide": false, - "includeNullMetadata": false, - "legendFormat": "Expired Connections (full buffer)", - "range": true, - "refId": "B", - "useBackend": false - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "increase(sliding_sync_api_expiry_conn_timed_out[5m])", - "fullMetaSearch": false, - "hide": false, - "includeNullMetadata": true, - "legendFormat": "Expired Connections (timed out)", - "range": true, - "refId": "C", - "useBackend": false - } - ], - "title": "# active sliding sync connections", - "transformations": [ - { - "id": "renameByRegex", - "options": { - "regex": "sliding-sync-api-(.*)", - "renamePattern": "$1" - } - } - ], - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "The number of devices blocked on an initial v2 sync. This number should never remain >0 for more than 15 minutes, unless there is a flood of new users to the system.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "conns" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 166, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "exemplar": false, - "expr": "sliding_sync_api_num_devices_pending_ensure_polling", - "fullMetaSearch": false, - "includeNullMetadata": true, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A", - "useBackend": false - } - ], - "title": "EnsurePolling calls outstanding", - "transformations": [ - { - "id": "renameByRegex", - "options": { - "regex": "sliding-sync-api-(.*)", - "renamePattern": "$1" - } - } - ], - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes time waiting for live updates. Excludes initial requests.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic", - "seriesBy": "max" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 0, - "pointSize": 4, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "99%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 35 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "95%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "50%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "25%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "75%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Request rate" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "unit", - "value": "hertz" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "90%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "super-light-orange", - "mode": "fixed" - } - } - ] - }, - { - "__systemRef": "hideSeriesFrom", - "matcher": { - "id": "byNames", - "options": { - "mode": "exclude", - "names": [ - "Request rate" - ], - "prefix": "All except:", - "readOnly": true - } - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": false, - "tooltip": false, - "viz": true - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 152, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.99, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "range": true, - "refId": "99" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.90, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "90%", - "range": true, - "refId": "90" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.75, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "75%", - "range": true, - "refId": "75" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.5, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "50%", - "range": true, - "refId": "50" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.25, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "25%", - "range": true, - "refId": "25" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(rate(sliding_sync_api_process_duration_secs_count{initial=\"0\"}[$window_size]))", - "hide": false, - "instant": false, - "legendFormat": "Request rate", - "range": true, - "refId": "A" - } - ], - "title": "API processing time quantiles", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 157, - "options": { - "calculate": false, - "cellGap": 1, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false - } - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "builder", - "expr": "sum(rate(sliding_sync_api_setup_duration_secs_bucket{}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Request setup times", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Requests take more that 50s. This is our best proxy for \"how many people's requests are wedged\". Should be a flat 0.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "line" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 17 - }, - "id": 159, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "sum(increase(sliding_sync_api_slow_requests[5m]))", - "fullMetaSearch": false, - "includeNullMetadata": true, - "legendFormat": "__auto", - "range": true, - "refId": "A", - "useBackend": false - } - ], - "title": "Slow requests", - "type": "timeseries" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this goes high, it may indicate poor DB performance when querying.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 17 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 10, - "legend": { - "show": true - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.4.1", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(increase(sliding_sync_api_process_duration_secs_bucket{initial=\"1\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process initial sliding sync requests", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes live streaming blocks. If this goes high, it may indicate poor DB performance when querying.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 25 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 15, - "legend": { - "show": true - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": { - "decimals": 3 - }, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "min": "0", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.4.1", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "interval": "", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process changes (ranges/filter/sorting/etc) in sliding sync requests", - "tooltip": { - "show": true, - "showHistogram": false - }, - "tooltipDecimals": 3, - "type": "heatmap", - "xAxis": { - "show": true - }, - "xBucketSize": "", - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "min": "0", - "show": true - }, - "yBucketBound": "auto" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 12, - "panels": [], - "title": "V2 Poller", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Number of /sync connections to upstream homeserver. Generally always goes up, unless users log out and invalidate the access_token being used.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "pollers", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 34 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sliding_sync_poller_num_pollers{}", - "instant": false, - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "# v2 pollers", - "type": "timeseries" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "The higher this is, the bigger the latency from sending events -> receiving events. Excludes initial /sync requests", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 34 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 8, - "legend": { - "show": false - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.3.3", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(increase(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process sync v2 responses", - "tooltip": { - "show": true, - "showHistogram": false - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this drops too low, this means pollers are blocked on something (DB conns, executor, etc)", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "area" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "red" - }, - { - "color": "green", - "value": 0.75 - } - ] - }, - "unit": "percentunit", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 42 - }, - "id": 165, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sliding_sync_poller_num_outstanding_sync_v2_reqs{}/sliding_sync_poller_num_pollers{}", - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "Ratio of pollers waiting for v2 response", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this number drops to 0, this indicates something is blocking all pollers from doing work. This number will scale with the number of pollers on the process.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 42 - }, - "id": 167, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "rate(sliding_sync_poller_total_num_polls{}[5m])", - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "Rate of poll loop iterations", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "NB: Proxy requests a timeline limit of 50.\n\nTODO: make it clear how many syncs were limited", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 50 - }, - "id": 16, - "options": { - "calculate": false, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "min": 0, - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto", - "value": "v2 syncs" - }, - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisLabel": "timeline events", - "axisPlacement": "left", - "max": "50", - "reverse": false - } - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_poller_timeline_size_bucket{limited=\"unlimited\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{limited}}", - "range": true, - "refId": "A" - } - ], - "title": "Timeline size of unlimited pollers", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Updates from v2 pollers sent to pubsub. Abnormal spikes could be from spam or lack of duplicate suppression in the proxy.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 50 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum by (payload_type) (rate(sliding_sync_poller_num_payloads{}[$window_size]))", - "legendFormat": "{{payload_type}}", - "range": true, - "refId": "A" - } - ], - "title": "Payload Rate", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes time waiting for v2 sync requests. Excludes initial polls.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic", - "seriesBy": "max" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 0, - "pointSize": 4, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "s", - "unitScale": true - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "99%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 35 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "95%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "50%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "25%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "75%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Poll rate" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "unit", - "value": "hertz" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "90%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "super-light-orange", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 59 - }, - "id": 153, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.99, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "range": true, - "refId": "99" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.90, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "90%", - "range": true, - "refId": "90" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.75, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "75%", - "range": true, - "refId": "75" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.5, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "50%", - "range": true, - "refId": "50" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.25, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "25%", - "range": true, - "refId": "25" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_poller_process_duration_secs_count{initial=\"0\"}[$window_size]))", - "hide": false, - "legendFormat": "Poll rate", - "range": true, - "refId": "A" - } - ], - "title": "Poller processing time quantiles", - "type": "timeseries" - } - ], - "refresh": "", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 100, - "auto_min": "30s", - "current": { - "selected": true, - "text": "auto", - "value": "$__auto_interval_window_size" - }, - "description": "Window to use for aggregating buckets/moving averages", - "hide": 0, - "label": "Window size", - "name": "window_size", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_window_size" - }, - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "2m", - "value": "2m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "2h", - "value": "2h" - } - ], - "query": "30s,1m,2m,5m,10m,15m,30m,1h,2h", - "queryValue": "", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "c433c715-0878-4d85-877c-465ce5b8cac4" - }, - "hide": 0, - "includeAll": false, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Sliding Sync", - "uid": "slidingsync", - "version": 27, - "weekStart": "" - } \ No newline at end of file diff --git a/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml b/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 46043ed..0000000 --- a/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }}-grafana-db - labels: - {{- include "matrix-sliding-sync.labels" $ | nindent 4 }} - {{- with .Values.grafana.dashboards.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.grafana.dashboards.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -data: - {{- ($.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/matrix-sliding-sync/templates/secrets.yaml b/matrix-sliding-sync/templates/secrets.yaml index 531e392..43b2e59 100644 --- a/matrix-sliding-sync/templates/secrets.yaml +++ b/matrix-sliding-sync/templates/secrets.yaml @@ -27,16 +27,5 @@ data: {{- with .Values.config.metrics }} SYNCV3_PROM: {{ printf ":%v" . | b64enc }} {{- end }} - {{- with .Values.config.opentelemetry }} - {{- with .url }} - SYNCV3_OTLP_URL: {{ . | b64enc }} - {{- end }} - {{- with .username }} - SYNCV3_OTLP_USERNAME: {{ . | b64enc }} - {{- end }} - {{- with .password }} - SYNCV3_OTLP_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- end }} SYNCV3_LOG_LEVEL: {{ .Values.config.logLevel | b64enc }} SYNCV3_MAX_DB_CONN: {{ toString .Values.config.postgresql.maxConn | b64enc }} diff --git a/matrix-sliding-sync/values.yaml b/matrix-sliding-sync/values.yaml index 0440fc2..ecb4e08 100644 --- a/matrix-sliding-sync/values.yaml +++ b/matrix-sliding-sync/values.yaml @@ -27,10 +27,6 @@ config: sslmode: disable maxConn: 0 metrics: 9100 - opentelemetry: - url: - username: - password: logLevel: INFO imagePullSecrets: [] @@ -53,13 +49,6 @@ prometheus: enabled: false labels: {} -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - podAnnotations: {} podLabels: {} diff --git a/matrix-synapse/Chart.lock b/matrix-synapse/Chart.lock index d7dc37a..f7edde6 100644 --- a/matrix-synapse/Chart.lock +++ b/matrix-synapse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql - repository: oci://docker.io/bitnamicharts - version: 16.4.3 + repository: https://charts.bitnami.com/bitnami + version: 15.1.2 - name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:dd37b0663f93a21ea0d23e5041b48efef3cef63a051f2942eb095d1b95e63d7d -generated: "2025-01-15T22:06:14.404148475+01:00" + repository: https://charts.bitnami.com/bitnami + version: 19.0.1 +digest: sha256:40b1817950d4e4acf6821c510445ddaafd92e9fbc36efe209f1654b4f019009d +generated: "2024-03-21T15:00:36.134445178+01:00" diff --git a/matrix-synapse/Chart.yaml b/matrix-synapse/Chart.yaml index bffccdb..e00466f 100644 --- a/matrix-synapse/Chart.yaml +++ b/matrix-synapse/Chart.yaml @@ -4,19 +4,19 @@ name: matrix-synapse description: Matrix reference homeserver icon: https://matrix.org/images/matrix-logo.svg type: application -version: "1.0.11" +version: 0.2.3 # renovate: image=ghcr.io/element-hq/synapse -appVersion: 1.122.0 +appVersion: 1.101.0 maintainers: - name: WrenIX url: https://wrenix.eu dependencies: - name: postgresql - version: "^16.3.1" - repository: "oci://docker.io/bitnamicharts" + version: ^15.0.0 + repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" + version: ^19.0.0 + repository: https://charts.bitnami.com/bitnami condition: redis.enabled diff --git a/matrix-synapse/README.adoc b/matrix-synapse/README.adoc new file mode 100644 index 0000000..b13b6f5 --- /dev/null +++ b/matrix-synapse/README.adoc @@ -0,0 +1,1171 @@ + + += matrix-synapse + +image::https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square[Version: 0.2.3] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-1.101.0-informational?style=flat-square[AppVersion: 1.101.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/matrix-synapse +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install matrix-synapse-release oci://codeberg.org/wrenix/helm-charts/matrix-synapse --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall matrix-synapse-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| config.bindAddresses +| list +| `["::"]` +| The bind addresses to use for the default listeners + +| config.extraListeners +| list +| `[]` +| + +| config.extraMainListenerTypes +| list +| `[]` +| + +| config.reportStats +| bool +| `false` +| + +| config.trustedKeyServers +| list +| `[{"server_name":"matrix.org"}]` +| A set of trusted servers to contact if another server doesn't respond to a signing key request. + +| config.useStructuredLogging +| bool +| `false` +| + +| externalPostgresql.database +| string +| `"synapse"` +| + +| externalPostgresql.extraArgs +| object +| `{}` +| Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config + +| externalPostgresql.options +| object +| `{}` +| set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale + +| externalPostgresql.port +| int +| `5432` +| + +| externalPostgresql.username +| string +| `"synapse"` +| + +| externalRedis.port +| int +| `6379` +| + +| extraConfig +| object +| `{}` +| + +| extraLoggers +| object +| `{}` +| + +| extraSecrets +| object +| `{}` +| + +| fullnameOverride +| string +| `nil` +| Override the full name of the installed chart. + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| grafana.dashboards.annotations +| object +| `{}` +| + +| grafana.dashboards.enabled +| bool +| `false` +| + +| grafana.dashboards.labels.grafana_dashboard +| string +| `"1"` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"ghcr.io"` +| + +| image.repository +| string +| `"element-hq/synapse"` +| + +| image.tag +| string +| `nil` +| Overrides the image tag whose default is the chart appVersion. + +| ingress.annotations +| object +| `{}` +| + +| ingress.csHosts +| list +| `[]` +| + +| ingress.csPaths +| list +| `[]` +| + +| ingress.enabled +| bool +| `true` +| + +| ingress.hosts +| list +| `[]` +| + +| ingress.includeServerName +| bool +| `true` +| + +| ingress.includeUnderscoreSynapse +| bool +| `true` +| + +| ingress.paths +| list +| `[]` +| + +| ingress.tls +| list +| `[]` +| + +| ingress.traefikPaths +| bool +| `false` +| + +| ingress.wkHosts +| list +| `[]` +| + +| nameOverride +| string +| `nil` +| Override part of the installed name, will still keep release name. + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"10Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| postgresql.auth.database +| string +| `"synapse"` +| + +| postgresql.auth.password +| string +| `"synapse"` +| + +| postgresql.auth.username +| string +| `"synapse"` +| + +| postgresql.enabled +| bool +| `true` +| + +| postgresql.extraArgs +| object +| `{}` +| Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config + +| postgresql.options +| object +| `{}` +| set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale + +| postgresql.primary.initdb.args +| string +| `"--lc-collate=C --lc-ctype=C"` +| + +| postgresql.primary.persistence.size +| string +| `"16Gi"` +| + +| prometheus.podmonitor.enabled +| bool +| `false` +| + +| prometheus.podmonitor.labels +| object +| `{}` +| + +| prometheus.rules.additionalRules +| list +| `[]` +| + +| prometheus.rules.defaults.enabled +| bool +| `true` +| + +| prometheus.rules.enabled +| bool +| `false` +| + +| prometheus.rules.labels +| object +| `{}` +| + +| publicServerName +| string +| `nil` +| The public Matrix server name, this will be used for any public URLs in config as well as for client API links in the ingress. + +| redis.architecture +| string +| `"standalone"` +| + +| redis.auth.enabled +| bool +| `true` +| + +| redis.auth.password +| string +| `"synapse"` +| + +| redis.enabled +| bool +| `true` +| + +| redis.master.kind +| string +| `"Deployment"` +| + +| redis.master.persistence.enabled +| bool +| `false` +| + +| redis.master.service.port +| int +| `6379` +| + +| serverName +| string +| `nil` +| The Matrix domain name, this is what will be used for the domain part in your MXIDs. + +| service.port +| int +| `8008` +| + +| service.targetPort +| string +| `"http"` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `false` +| + +| signingkey.job.annotations +| object +| `{}` +| + +| signingkey.job.enabled +| bool +| `true` +| + +| signingkey.job.publishImage.pullPolicy +| string +| `"IfNotPresent"` +| + +| signingkey.job.publishImage.registry +| string +| `"docker.io"` +| + +| signingkey.job.publishImage.repository +| string +| `"bitnami/kubectl"` +| + +| signingkey.job.publishImage.tag +| string +| `"latest"` +| + +| signingkey.resources +| object +| `{}` +| + +| synapse.affinity +| object +| `{}` +| + +| synapse.annotations +| object +| `{}` +| + +| synapse.extraCommands +| list +| `[]` +| + +| synapse.extraEnv +| list +| `[]` +| + +| synapse.extraVolumeMounts +| list +| `[]` +| + +| synapse.extraVolumes +| list +| `[]` +| + +| synapse.labels +| object +| `{}` +| + +| synapse.livenessProbe.httpGet.path +| string +| `"/health"` +| + +| synapse.livenessProbe.httpGet.port +| string +| `"http"` +| + +| synapse.nodeSelector +| object +| `{}` +| + +| synapse.podSecurityContext +| object +| `{}` +| + +| synapse.readinessProbe.httpGet.path +| string +| `"/health"` +| + +| synapse.readinessProbe.httpGet.port +| string +| `"http"` +| + +| synapse.resources +| object +| `{}` +| + +| synapse.securityContext +| object +| `{}` +| + +| synapse.startupProbe.failureThreshold +| int +| `12` +| + +| synapse.startupProbe.httpGet.path +| string +| `"/health"` +| + +| synapse.startupProbe.httpGet.port +| string +| `"http"` +| + +| synapse.strategy.type +| string +| `"RollingUpdate"` +| + +| synapse.tolerations +| list +| `[]` +| + +| volumePermissions.enabled +| bool +| `false` +| + +| volumePermissions.gid +| int +| `666` +| + +| volumePermissions.image.pullPolicy +| string +| `"Always"` +| + +| volumePermissions.image.registry +| string +| `"docker.io"` +| + +| volumePermissions.image.repository +| string +| `"library/alpine"` +| + +| volumePermissions.image.tag +| string +| `"3.20.0"` +| + +| volumePermissions.resources +| object +| `{}` +| + +| volumePermissions.uid +| int +| `666` +| + +| wellknown.affinity +| object +| `{}` +| + +| wellknown.client +| object +| `{}` +| Data to serve on .well-known/matrix/client. m.homeserver: base_url: https://matrix.example.com + +| wellknown.containerPort +| int +| `80` +| + +| wellknown.enabled +| bool +| `false` +| + +| wellknown.env +| list +| `[]` +| + +| wellknown.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| wellknown.image.registry +| string +| `"docker.io"` +| + +| wellknown.image.repository +| string +| `"library/nginx"` +| + +| wellknown.image.tag +| string +| `"1.26.0"` +| + +| wellknown.nodeSelector +| object +| `{}` +| + +| wellknown.podAnnotations +| list +| `[]` +| + +| wellknown.podLabels +| object +| `{}` +| + +| wellknown.podSecurityContext +| object +| `{}` +| + +| wellknown.replicaCount +| int +| `1` +| + +| wellknown.resources +| object +| `{}` +| + +| wellknown.securityContext +| object +| `{}` +| + +| wellknown.server +| object +| `{}` +| The host and port combo to serve on .well-known/matrix/server. m.server: matrix.example.com:443 + +| wellknown.service.annotations +| object +| `{}` +| + +| wellknown.service.port +| int +| `8080` +| + +| wellknown.service.type +| string +| `"ClusterIP"` +| + +| wellknown.tolerations +| list +| `[]` +| + +| workers.appservice.enabled +| bool +| `false` +| + +| workers.appservice.generic +| bool +| `true` +| + +| workers.appservice.name +| string +| `"appservices"` +| + +| workers.default.affinity +| object +| `{}` +| + +| workers.default.annotations +| object +| `{}` +| + +| workers.default.extraCommands +| list +| `[]` +| + +| workers.default.extraEnv +| list +| `[]` +| + +| workers.default.livenessProbe.httpGet.path +| string +| `"/health"` +| + +| workers.default.livenessProbe.httpGet.port +| string +| `"metrics"` +| + +| workers.default.nodeSelector +| object +| `{}` +| + +| workers.default.podSecurityContext +| object +| `{}` +| + +| workers.default.readinessProbe.httpGet.path +| string +| `"/health"` +| + +| workers.default.readinessProbe.httpGet.port +| string +| `"metrics"` +| + +| workers.default.replicaCount +| int +| `1` +| + +| workers.default.resources +| object +| `{}` +| + +| workers.default.securityContext +| object +| `{}` +| + +| workers.default.startupProbe.failureThreshold +| int +| `6` +| + +| workers.default.startupProbe.httpGet.path +| string +| `"/health"` +| + +| workers.default.startupProbe.httpGet.port +| string +| `"metrics"` +| + +| workers.default.strategy.type +| string +| `"RollingUpdate"` +| + +| workers.default.tolerations +| list +| `[]` +| + +| workers.default.volumeMounts +| list +| `[]` +| + +| workers.default.volumes +| list +| `[]` +| + +| workers.federation_sender.enabled +| bool +| `false` +| + +| workers.frontend_proxy.csPaths[0] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"` +| + +| workers.frontend_proxy.enabled +| bool +| `false` +| + +| workers.frontend_proxy.listeners[0] +| string +| `"client"` +| + +| workers.generic_worker.csPaths[0] +| string +| `"/_matrix/client/(api/v1|r0|v3)/events$"` +| + +| workers.generic_worker.csPaths[10] +| string +| `"/_matrix/client/(r0|v3|unstable)/account/3pid$"` +| + +| workers.generic_worker.csPaths[11] +| string +| `"/_matrix/client/(r0|v3|unstable)/account/whoami$"` +| + +| workers.generic_worker.csPaths[12] +| string +| `"/_matrix/client/(r0|v3|unstable)/devices$"` +| + +| workers.generic_worker.csPaths[13] +| string +| `"/_matrix/client/versions$"` +| + +| workers.generic_worker.csPaths[14] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"` +| + +| workers.generic_worker.csPaths[15] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"` +| + +| workers.generic_worker.csPaths[16] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"` +| + +| workers.generic_worker.csPaths[17] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/search$"` +| + +| workers.generic_worker.csPaths[18] +| string +| `"/_matrix/client/(r0|v3|unstable)/keys/query$"` +| + +| workers.generic_worker.csPaths[19] +| string +| `"/_matrix/client/(r0|v3|unstable)/keys/changes$"` +| + +| workers.generic_worker.csPaths[1] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"` +| + +| workers.generic_worker.csPaths[20] +| string +| `"/_matrix/client/(r0|v3|unstable)/keys/claim$"` +| + +| workers.generic_worker.csPaths[21] +| string +| `"/_matrix/client/(r0|v3|unstable)/room_keys/"` +| + +| workers.generic_worker.csPaths[22] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/login$"` +| + +| workers.generic_worker.csPaths[23] +| string +| `"/_matrix/client/(r0|v3|unstable)/register$"` +| + +| workers.generic_worker.csPaths[24] +| string +| `"/_matrix/client/v1/register/m.login.registration_token/validity$"` +| + +| workers.generic_worker.csPaths[25] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"` +| + +| workers.generic_worker.csPaths[26] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"` +| + +| workers.generic_worker.csPaths[27] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"` +| + +| workers.generic_worker.csPaths[28] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"` +| + +| workers.generic_worker.csPaths[29] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/join/"` +| + +| workers.generic_worker.csPaths[2] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"` +| + +| workers.generic_worker.csPaths[30] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/profile/"` +| + +| workers.generic_worker.csPaths[31] +| string +| `"/_matrix/client/(r0|v3|unstable)/user_directory/search"` +| + +| workers.generic_worker.csPaths[3] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"` +| + +| workers.generic_worker.csPaths[4] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/"` +| + +| workers.generic_worker.csPaths[5] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"` +| + +| workers.generic_worker.csPaths[6] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"` +| + +| workers.generic_worker.csPaths[7] +| string +| `"/_matrix/client/v1/rooms/.*/hierarchy$"` +| + +| workers.generic_worker.csPaths[8] +| string +| `"/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$"` +| + +| workers.generic_worker.csPaths[9] +| string +| `"/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"` +| + +| workers.generic_worker.enabled +| bool +| `false` +| + +| workers.generic_worker.generic +| bool +| `true` +| + +| workers.generic_worker.listeners[0] +| string +| `"client"` +| + +| workers.generic_worker.listeners[1] +| string +| `"federation"` +| + +| workers.generic_worker.paths[0] +| string +| `"/_matrix/federation/v1/event/"` +| + +| workers.generic_worker.paths[10] +| string +| `"/_matrix/federation/(v1|v2)/send_leave/"` +| + +| workers.generic_worker.paths[11] +| string +| `"/_matrix/federation/(v1|v2)/invite/"` +| + +| workers.generic_worker.paths[12] +| string +| `"/_matrix/federation/v1/event_auth/"` +| + +| workers.generic_worker.paths[13] +| string +| `"/_matrix/federation/v1/exchange_third_party_invite/"` +| + +| workers.generic_worker.paths[14] +| string +| `"/_matrix/federation/v1/user/devices/"` +| + +| workers.generic_worker.paths[15] +| string +| `"/_matrix/key/v2/query"` +| + +| workers.generic_worker.paths[16] +| string +| `"/_matrix/federation/v1/hierarchy/"` +| + +| workers.generic_worker.paths[17] +| string +| `"/_matrix/federation/v1/send/"` +| + +| workers.generic_worker.paths[1] +| string +| `"/_matrix/federation/v1/state/"` +| + +| workers.generic_worker.paths[2] +| string +| `"/_matrix/federation/v1/state_ids/"` +| + +| workers.generic_worker.paths[3] +| string +| `"/_matrix/federation/v1/backfill/"` +| + +| workers.generic_worker.paths[4] +| string +| `"/_matrix/federation/v1/get_missing_events/"` +| + +| workers.generic_worker.paths[5] +| string +| `"/_matrix/federation/v1/publicRooms"` +| + +| workers.generic_worker.paths[6] +| string +| `"/_matrix/federation/v1/query/"` +| + +| workers.generic_worker.paths[7] +| string +| `"/_matrix/federation/v1/make_join/"` +| + +| workers.generic_worker.paths[8] +| string +| `"/_matrix/federation/v1/make_leave/"` +| + +| workers.generic_worker.paths[9] +| string +| `"/_matrix/federation/(v1|v2)/send_join/"` +| + +| workers.media_repository.csPaths[0] +| string +| `"/_matrix/media/.*"` +| + +| workers.media_repository.csPaths[1] +| string +| `"/_synapse/admin/v1/purge_media_cache$"` +| + +| workers.media_repository.csPaths[2] +| string +| `"/_synapse/admin/v1/room/.*/media"` +| + +| workers.media_repository.csPaths[3] +| string +| `"/_synapse/admin/v1/user/.*/media"` +| + +| workers.media_repository.csPaths[4] +| string +| `"/_synapse/admin/v1/media/"` +| + +| workers.media_repository.csPaths[5] +| string +| `"/_synapse/admin/v1/quarantine_media/"` +| + +| workers.media_repository.csPaths[6] +| string +| `"/_synapse/admin/v1/users/.*/media$"` +| + +| workers.media_repository.enabled +| bool +| `false` +| + +| workers.media_repository.listeners[0] +| string +| `"media"` +| + +| workers.media_repository.paths[0] +| string +| `"/_matrix/media/.*"` +| + +| workers.pusher.enabled +| bool +| `false` +| + +| workers.user_dir.csPaths[0] +| string +| `"/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"` +| + +| workers.user_dir.enabled +| bool +| `false` +| + +| workers.user_dir.listeners[0] +| string +| `"client"` +| + +| workers.user_dir.name +| string +| `"userdir"` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/matrix-synapse/README.md b/matrix-synapse/README.md deleted file mode 100644 index fc5347e..0000000 --- a/matrix-synapse/README.md +++ /dev/null @@ -1,283 +0,0 @@ ---- -title: "matrix-synapse" - -description: "Matrix reference homeserver" - ---- - -# matrix-synapse - -![Version: 1.0.11](https://img.shields.io/badge/Version-1.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.122.0](https://img.shields.io/badge/AppVersion-1.122.0-informational?style=flat-square) - -Matrix reference homeserver - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-synapse -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-synapse-release oci://codeberg.org/wrenix/helm-charts/matrix-synapse --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-synapse-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.bindAddresses | list | `["::"]` | The bind addresses to use for the default listeners | -| config.extraListeners | list | `[]` | | -| config.extraMainListenerTypes | list | `[]` | | -| config.reportStats | bool | `false` | | -| config.trustedKeyServers | list | `[{"server_name":"matrix.org"}]` | A set of trusted servers to contact if another server doesn't respond to a signing key request. | -| config.useStructuredLogging | bool | `false` | | -| externalPostgresql.database | string | `"synapse"` | | -| externalPostgresql.extraArgs | object | `{}` | Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config | -| externalPostgresql.options | object | `{}` | set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale | -| externalPostgresql.port | int | `5432` | | -| externalPostgresql.username | string | `"synapse"` | | -| externalRedis.port | int | `6379` | | -| extraConfig | object | `{}` | | -| extraLoggers | object | `{}` | | -| extraSecrets | object | `{}` | | -| fullnameOverride | string | `nil` | Override the full name of the installed chart. | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"element-hq/synapse"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| ingress.annotations | object | `{}` | | -| ingress.csHosts | list | `[]` | | -| ingress.csPaths | list | `[]` | | -| ingress.enabled | bool | `true` | | -| ingress.hosts | list | `[]` | | -| ingress.includeServerName | bool | `true` | | -| ingress.includeUnderscoreSynapse | bool | `true` | | -| ingress.paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| ingress.traefikPaths | bool | `false` | | -| ingress.wkHosts | list | `[]` | | -| nameOverride | string | `nil` | Override part of the installed name, will still keep release name. | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| postgresql.auth.database | string | `"synapse"` | | -| postgresql.auth.password | string | `"synapse"` | | -| postgresql.auth.username | string | `"synapse"` | | -| postgresql.enabled | bool | `true` | | -| postgresql.extraArgs | object | `{}` | Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config | -| postgresql.options | object | `{}` | set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale | -| postgresql.primary.initdb.args | string | `"--lc-collate=C --lc-ctype=C"` | | -| postgresql.primary.persistence.size | string | `"16Gi"` | | -| prometheus.podmonitor.enabled | bool | `false` | | -| prometheus.podmonitor.labels | object | `{}` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.defaults.enabled | bool | `true` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| publicServerName | string | `nil` | The public Matrix server name, this will be used for any public URLs in config as well as for client API links in the ingress. | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `nil` | Or use existing secret with "redis-password" key instead of static password | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"synapse"` | XXX Change me! | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.master.service.port | int | `6379` | | -| redis.replica.persistence.enabled | bool | `true` | | -| serverName | string | `nil` | The Matrix domain name, this is what will be used for the domain part in your MXIDs. | -| service.port | int | `8008` | | -| service.targetPort | string | `"http"` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `false` | | -| signingkey.annotations | object | `{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` | Annotations to apply to the job and rbac for signing-key. | -| signingkey.job.enabled | bool | `true` | | -| signingkey.job.publishImage.pullPolicy | string | `"IfNotPresent"` | | -| signingkey.job.publishImage.registry | string | `"docker.io"` | | -| signingkey.job.publishImage.repository | string | `"bitnami/kubectl"` | | -| signingkey.job.publishImage.tag | string | `"latest"` | | -| signingkey.resources | object | `{}` | | -| synapse.affinity | object | `{}` | | -| synapse.annotations | object | `{}` | | -| synapse.extraCommands | list | `[]` | | -| synapse.extraEnv | list | `[]` | | -| synapse.extraVolumeMounts | list | `[]` | | -| synapse.extraVolumes | list | `[]` | | -| synapse.labels | object | `{}` | | -| synapse.livenessProbe.httpGet.path | string | `"/health"` | | -| synapse.livenessProbe.httpGet.port | string | `"http"` | | -| synapse.nodeSelector | object | `{}` | | -| synapse.podSecurityContext | object | `{}` | | -| synapse.readinessProbe.httpGet.path | string | `"/health"` | | -| synapse.readinessProbe.httpGet.port | string | `"http"` | | -| synapse.resources | object | `{}` | | -| synapse.securityContext | object | `{}` | | -| synapse.startupProbe.failureThreshold | int | `12` | | -| synapse.startupProbe.httpGet.path | string | `"/health"` | | -| synapse.startupProbe.httpGet.port | string | `"http"` | | -| synapse.strategy.type | string | `"RollingUpdate"` | | -| synapse.tolerations | list | `[]` | | -| volumePermissions.enabled | bool | `false` | | -| volumePermissions.gid | int | `666` | | -| volumePermissions.image.pullPolicy | string | `"Always"` | | -| volumePermissions.image.registry | string | `"docker.io"` | | -| volumePermissions.image.repository | string | `"library/alpine"` | | -| volumePermissions.image.tag | string | `"3.21.2"` | | -| volumePermissions.resources | object | `{}` | | -| volumePermissions.uid | int | `666` | | -| wellknown.affinity | object | `{}` | | -| wellknown.client | object | `{}` | Data to serve on .well-known/matrix/client. m.homeserver: base_url: https://matrix.example.com | -| wellknown.containerPort | int | `80` | | -| wellknown.element | object | `{}` | Data to serve on .well-known/element/element.json call: widget_url: https://call.element.io | -| wellknown.enabled | bool | `false` | | -| wellknown.env | list | `[]` | | -| wellknown.image.pullPolicy | string | `"IfNotPresent"` | | -| wellknown.image.registry | string | `"docker.io"` | | -| wellknown.image.repository | string | `"library/nginx"` | | -| wellknown.image.tag | string | `"1.27.3"` | | -| wellknown.nodeSelector | object | `{}` | | -| wellknown.podAnnotations | list | `[]` | | -| wellknown.podLabels | object | `{}` | | -| wellknown.podSecurityContext | object | `{}` | | -| wellknown.replicaCount | int | `1` | | -| wellknown.resources | object | `{}` | | -| wellknown.securityContext | object | `{}` | | -| wellknown.server | object | `{}` | The host and port combo to serve on .well-known/matrix/server. m.server: matrix.example.com:443 | -| wellknown.service.annotations | object | `{}` | | -| wellknown.service.port | int | `8080` | | -| wellknown.service.type | string | `"ClusterIP"` | | -| wellknown.tolerations | list | `[]` | | -| workers.appservice.enabled | bool | `false` | | -| workers.appservice.generic | bool | `true` | | -| workers.appservice.name | string | `"appservices"` | | -| workers.default.affinity | object | `{}` | | -| workers.default.annotations | object | `{}` | | -| workers.default.extraCommands | list | `[]` | | -| workers.default.extraEnv | list | `[]` | | -| workers.default.livenessProbe.httpGet.path | string | `"/health"` | | -| workers.default.livenessProbe.httpGet.port | string | `"metrics"` | | -| workers.default.nodeSelector | object | `{}` | | -| workers.default.podSecurityContext | object | `{}` | | -| workers.default.readinessProbe.httpGet.path | string | `"/health"` | | -| workers.default.readinessProbe.httpGet.port | string | `"metrics"` | | -| workers.default.replicaCount | int | `1` | | -| workers.default.resources | object | `{}` | | -| workers.default.securityContext | object | `{}` | | -| workers.default.startupProbe.failureThreshold | int | `6` | | -| workers.default.startupProbe.httpGet.path | string | `"/health"` | | -| workers.default.startupProbe.httpGet.port | string | `"metrics"` | | -| workers.default.strategy.type | string | `"RollingUpdate"` | | -| workers.default.tolerations | list | `[]` | | -| workers.default.volumeMounts | list | `[]` | | -| workers.default.volumes | list | `[]` | | -| workers.federation_sender.enabled | bool | `false` | | -| workers.frontend_proxy.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"` | | -| workers.frontend_proxy.enabled | bool | `false` | | -| workers.frontend_proxy.listeners[0] | string | `"client"` | | -| workers.generic_worker.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3)/events$"` | | -| workers.generic_worker.csPaths[10] | string | `"/_matrix/client/(r0|v3|unstable)/account/3pid$"` | | -| workers.generic_worker.csPaths[11] | string | `"/_matrix/client/(r0|v3|unstable)/account/whoami$"` | | -| workers.generic_worker.csPaths[12] | string | `"/_matrix/client/(r0|v3|unstable)/devices$"` | | -| workers.generic_worker.csPaths[13] | string | `"/_matrix/client/versions$"` | | -| workers.generic_worker.csPaths[14] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"` | | -| workers.generic_worker.csPaths[15] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"` | | -| workers.generic_worker.csPaths[16] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"` | | -| workers.generic_worker.csPaths[17] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/search$"` | | -| workers.generic_worker.csPaths[18] | string | `"/_matrix/client/(r0|v3|unstable)/keys/query$"` | | -| workers.generic_worker.csPaths[19] | string | `"/_matrix/client/(r0|v3|unstable)/keys/changes$"` | | -| workers.generic_worker.csPaths[1] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"` | | -| workers.generic_worker.csPaths[20] | string | `"/_matrix/client/(r0|v3|unstable)/keys/claim$"` | | -| workers.generic_worker.csPaths[21] | string | `"/_matrix/client/(r0|v3|unstable)/room_keys/"` | | -| workers.generic_worker.csPaths[22] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/login$"` | | -| workers.generic_worker.csPaths[23] | string | `"/_matrix/client/(r0|v3|unstable)/register$"` | | -| workers.generic_worker.csPaths[24] | string | `"/_matrix/client/v1/register/m.login.registration_token/validity$"` | | -| workers.generic_worker.csPaths[25] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"` | | -| workers.generic_worker.csPaths[26] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"` | | -| workers.generic_worker.csPaths[27] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"` | | -| workers.generic_worker.csPaths[28] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"` | | -| workers.generic_worker.csPaths[29] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/join/"` | | -| workers.generic_worker.csPaths[2] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"` | | -| workers.generic_worker.csPaths[30] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/profile/"` | | -| workers.generic_worker.csPaths[31] | string | `"/_matrix/client/(r0|v3|unstable)/user_directory/search"` | | -| workers.generic_worker.csPaths[3] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"` | | -| workers.generic_worker.csPaths[4] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/"` | | -| workers.generic_worker.csPaths[5] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"` | | -| workers.generic_worker.csPaths[6] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"` | | -| workers.generic_worker.csPaths[7] | string | `"/_matrix/client/v1/rooms/.*/hierarchy$"` | | -| workers.generic_worker.csPaths[8] | string | `"/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$"` | | -| workers.generic_worker.csPaths[9] | string | `"/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"` | | -| workers.generic_worker.enabled | bool | `false` | | -| workers.generic_worker.generic | bool | `true` | | -| workers.generic_worker.listeners[0] | string | `"client"` | | -| workers.generic_worker.listeners[1] | string | `"federation"` | | -| workers.generic_worker.paths[0] | string | `"/_matrix/federation/v1/event/"` | | -| workers.generic_worker.paths[10] | string | `"/_matrix/federation/(v1|v2)/send_leave/"` | | -| workers.generic_worker.paths[11] | string | `"/_matrix/federation/(v1|v2)/invite/"` | | -| workers.generic_worker.paths[12] | string | `"/_matrix/federation/v1/event_auth/"` | | -| workers.generic_worker.paths[13] | string | `"/_matrix/federation/v1/exchange_third_party_invite/"` | | -| workers.generic_worker.paths[14] | string | `"/_matrix/federation/v1/user/devices/"` | | -| workers.generic_worker.paths[15] | string | `"/_matrix/key/v2/query"` | | -| workers.generic_worker.paths[16] | string | `"/_matrix/federation/v1/hierarchy/"` | | -| workers.generic_worker.paths[17] | string | `"/_matrix/federation/v1/send/"` | | -| workers.generic_worker.paths[1] | string | `"/_matrix/federation/v1/state/"` | | -| workers.generic_worker.paths[2] | string | `"/_matrix/federation/v1/state_ids/"` | | -| workers.generic_worker.paths[3] | string | `"/_matrix/federation/v1/backfill/"` | | -| workers.generic_worker.paths[4] | string | `"/_matrix/federation/v1/get_missing_events/"` | | -| workers.generic_worker.paths[5] | string | `"/_matrix/federation/v1/publicRooms"` | | -| workers.generic_worker.paths[6] | string | `"/_matrix/federation/v1/query/"` | | -| workers.generic_worker.paths[7] | string | `"/_matrix/federation/v1/make_join/"` | | -| workers.generic_worker.paths[8] | string | `"/_matrix/federation/v1/make_leave/"` | | -| workers.generic_worker.paths[9] | string | `"/_matrix/federation/(v1|v2)/send_join/"` | | -| workers.media_repository.csPaths[0] | string | `"/_matrix/media/.*"` | | -| workers.media_repository.csPaths[1] | string | `"/_synapse/admin/v1/purge_media_cache$"` | | -| workers.media_repository.csPaths[2] | string | `"/_synapse/admin/v1/room/.*/media"` | | -| workers.media_repository.csPaths[3] | string | `"/_synapse/admin/v1/user/.*/media"` | | -| workers.media_repository.csPaths[4] | string | `"/_synapse/admin/v1/media/"` | | -| workers.media_repository.csPaths[5] | string | `"/_synapse/admin/v1/quarantine_media/"` | | -| workers.media_repository.csPaths[6] | string | `"/_synapse/admin/v1/users/.*/media$"` | | -| workers.media_repository.enabled | bool | `false` | | -| workers.media_repository.listeners[0] | string | `"media"` | | -| workers.media_repository.paths[0] | string | `"/_matrix/media/.*"` | | -| workers.pusher.enabled | bool | `false` | | -| workers.user_dir.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"` | | -| workers.user_dir.enabled | bool | `false` | | -| workers.user_dir.listeners[0] | string | `"client"` | | -| workers.user_dir.name | string | `"userdir"` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-synapse/files/well-known/nginx.conf b/matrix-synapse/files/well-known/nginx.conf deleted file mode 100644 index c31b073..0000000 --- a/matrix-synapse/files/well-known/nginx.conf +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name localhost; - - location / { - add_header Access-Control-Allow-Origin "*"; - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/matrix-synapse/templates/ingress.yaml b/matrix-synapse/templates/ingress.yaml index b23731f..8ec00ea 100644 --- a/matrix-synapse/templates/ingress.yaml +++ b/matrix-synapse/templates/ingress.yaml @@ -176,18 +176,6 @@ spec: serviceName: {{ $wkName }} servicePort: {{ $.Values.wellknown.service.port | default 80 }} {{- end }} - - path: /.well-known/element - backend: - {{- if $v1Ingress }} - service: - name: {{ $wkName }} - port: - number: {{ $.Values.wellknown.service.port | default 80 }} - pathType: Prefix - {{- else }} - serviceName: {{ $wkName }} - servicePort: {{ $.Values.wellknown.service.port | default 80 }} - {{- end }} {{- else }} - path: /.well-known/matrix backend: diff --git a/matrix-synapse/templates/signing-key/job.yaml b/matrix-synapse/templates/signing-key/job.yaml index c9a9979..6b8e7b6 100644 --- a/matrix-synapse/templates/signing-key/job.yaml +++ b/matrix-synapse/templates/signing-key/job.yaml @@ -14,9 +14,7 @@ metadata: {{- include "matrix-synapse.labels" . | nindent 4 }} app.kubernetes.io/component: signingkey-job annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook-delete-policy": "hook-failed" - "helm.sh/hook": "pre-install" + helm.sh/resource-policy: keep type: Opaque --- apiVersion: v1 @@ -26,10 +24,6 @@ metadata: labels: {{- include "matrix-synapse.labels" . | nindent 4 }} app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -38,10 +32,6 @@ metadata: labels: {{- include "matrix-synapse.labels" . | nindent 4 }} app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} rules: - apiGroups: - "" @@ -61,10 +51,6 @@ metadata: labels: {{- include "matrix-synapse.labels" . | nindent 4 }} app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -81,10 +67,10 @@ metadata: labels: {{- include "matrix-synapse.labels" . | nindent 4 }} app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} annotations: + {{- with .Values.signingkey.job.annotations }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: ttlSecondsAfterFinished: 0 template: diff --git a/matrix-synapse/templates/wellknown/configmap.yaml b/matrix-synapse/templates/wellknown/configmap.yaml index beb5158..b977b5a 100644 --- a/matrix-synapse/templates/wellknown/configmap.yaml +++ b/matrix-synapse/templates/wellknown/configmap.yaml @@ -20,7 +20,4 @@ data: {{- else }} {{- dict "m.homeserver" (dict "base_url" (printf "https://%s/" (.Values.publicServerName | default .Values.serverName))) | toJson | nindent 4 }} {{- end }} - element.json: |- - {{- toJson .Values.wellknown.element | nindent 4 }} - {{- (.Files.Glob "files/well-known/nginx.conf" ).AsConfig | nindent 2 }} {{- end -}}{{/* end-if .wellknown.enabled */}} diff --git a/matrix-synapse/templates/wellknown/deployment.yaml b/matrix-synapse/templates/wellknown/deployment.yaml index de2ef39..e4f62d2 100644 --- a/matrix-synapse/templates/wellknown/deployment.yaml +++ b/matrix-synapse/templates/wellknown/deployment.yaml @@ -55,17 +55,7 @@ spec: {{- toYaml .Values.wellknown.resources | nindent 12 }} volumeMounts: - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/matrix/client" - subPath: "client" - - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/matrix/server" - subPath: "server" - - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/element/element.json" - subPath: "element.json" - - name: "data" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: "nginx.conf" + mountPath: "/usr/share/nginx/html/.well-known/matrix/" {{- with .Values.wellknown.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/matrix-synapse/values.yaml b/matrix-synapse/values.yaml index 1343b15..e5fc575 100644 --- a/matrix-synapse/values.yaml +++ b/matrix-synapse/values.yaml @@ -36,10 +36,6 @@ publicServerName: ## The source of the signing key used by Synapse in federation. ## signingkey: - # -- Annotations to apply to the job and rbac for signing-key. - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" ## Enable a Kubernetes job to generate and store a signing key if one does not ## exist. ## If you have already run a Matrix server at some point on your domain then @@ -54,6 +50,10 @@ signingkey: job: enabled: true + ## Annotations to apply to the signing-key-job. + ## + annotations: {} + publishImage: registry: docker.io repository: bitnami/kubectl @@ -613,7 +613,7 @@ wellknown: image: registry: docker.io repository: library/nginx - tag: 1.27.3 + tag: 1.26.0 pullPolicy: IfNotPresent replicaCount: 1 @@ -641,10 +641,6 @@ wellknown: # m.homeserver: # base_url: https://matrix.example.com client: {} - # -- Data to serve on .well-known/element/element.json - # call: - # widget_url: https://call.element.io - element: {} ## This configuration is for setting up the internally provided Postgres server, ## if you instead want to use an existing server, then you may want to set @@ -721,27 +717,25 @@ redis: auth: enabled: true - # -- XXX Change me! + # XXX Change me! password: synapse - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - # -- Or use existing secret with "redis-password" key instead of static password - existingSecret: + ## Or use existing secret with "redis-password" key + ## instead of static password + ## + # existingSecret: redis-secret architecture: standalone - global: - storageClass: "" master: + kind: Deployment persistence: - enabled: true + ## Note that Synapse only uses redis as a synchronization utility, so no + ## data will ever need to be persisted. + ## + enabled: false service: port: 6379 - replica: - persistence: - enabled: true + ## An externally configured Redis server to use for workers/sharding. ## externalRedis: @@ -796,7 +790,7 @@ volumePermissions: image: registry: docker.io repository: library/alpine - tag: 3.21.2 + tag: 3.20.0 pullPolicy: Always ## Optionally specify an array of imagePullSecrets. diff --git a/mautrix-bridge/.helmignore b/mautrix-bridge/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/mautrix-bridge/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/mautrix-bridge/Chart.yaml b/mautrix-bridge/Chart.yaml deleted file mode 100644 index 8793e12..0000000 --- a/mautrix-bridge/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: mautrix-bridge -description: A Matrix puppeting bridge mautrix. -type: application -version: 0.0.16 -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/mautrix-bridge/README.md b/mautrix-bridge/README.md deleted file mode 100644 index e87da16..0000000 --- a/mautrix-bridge/README.md +++ /dev/null @@ -1,225 +0,0 @@ ---- -title: "mautrix-bridge" - -description: "A Matrix puppeting bridge mautrix." - ---- - -# mautrix-bridge - -![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -A Matrix puppeting bridge mautrix. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -For use of the bridge: -* **signal**, use the `./bridge-values/signal/values.yaml` -* **slack**, use the `./bridge-values/slack/values.yaml` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/mautrix-bridge -``` - -You can install a chart release using the following command: - -```bash -helm install mautrix-bridge-release oci://codeberg.org/wrenix/helm-charts/mautrix-bridge --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall mautrix-bridge-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.appservice.address | string | `"http://localhost:29328"` | The address that the homeserver can use to connect to this appservice. | -| config.appservice.as_token | string | `""` | | -| config.appservice.async_transactions | bool | `false` | Should incoming events be handled asynchronously? This may be necessary for large public instances with lots of messages going through. However, messages will not be guaranteed to be bridged in the same order they were sent in. | -| config.appservice.bot.avatar | string | `"mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp"` | | -| config.appservice.bot.displayname | string | `"Signal bridge bot"` | Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty to leave display name/avatar as-is. | -| config.appservice.bot.username | string | `"signalbot"` | Username of the appservice bot. | -| config.appservice.ephemeral_events | bool | `true` | Whether or not to receive ephemeral events via appservice transactions. Requires MSC2409 support (i.e. Synapse 1.22+). | -| config.appservice.hostname | string | `"0.0.0.0"` | The hostname and port where this appservice should listen. | -| config.appservice.hs_token | string | `""` | | -| config.appservice.id | string | `"signal"` | The unique ID of this appservice. | -| config.appservice.port | int | `29328` | | -| config.appservice.public_address | string | `nil` | | -| config.appservice.username_template | string | `"signal_{{.}}"` | Localpart template of MXIDs for Signal users. {{.}} is replaced with the internal ID of the Signal user. | -| config.backfill.enabled | bool | `false` | Whether to do backfilling at all. | -| config.backfill.max_catchup_messages | int | `500` | Maximum number of missed messages to backfill after bridge restarts. | -| config.backfill.max_initial_messages | int | `50` | Maximum number of messages to backfill in empty rooms. | -| config.backfill.queue.batch_delay | int | `20` | Delay between batches in seconds. | -| config.backfill.queue.batch_size | int | `100` | Number of messages to backfill in one batch. | -| config.backfill.queue.enabled | bool | `false` | Should the backfill queue be enabled? | -| config.backfill.queue.max_batches | int | `-1` | Maximum number of batches to backfill per portal. If set to -1, all available messages will be backfilled. | -| config.backfill.queue.max_batches_override | object | `{}` | Optional network-specific overrides for max batches. Interpretation of this field depends on the network connector. | -| config.backfill.threads.max_initial_messages | int | `50` | Maximum number of messages to backfill in a new thread. | -| config.backfill.unread_hours_threshold | int | `720` | If a backfilled chat is older than this number of hours, mark it as read even if it's unread on the remote network. | -| config.bridge.bridge_matrix_leave | bool | `false` | Should leaving Matrix rooms be bridged as leaving groups on the remote network? | -| config.bridge.cleanup_on_logout.bad_credentials.private | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.relayed | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.shared_has_users | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.shared_no_users | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.enabled | bool | `false` | Should cleanup on logout be enabled at all? | -| config.bridge.cleanup_on_logout.manual.private | string | `"nothing"` | Action for private portals which will never be shared with other Matrix users. | -| config.bridge.cleanup_on_logout.manual.relayed | string | `"nothing"` | Action for portals with a relay user configured. | -| config.bridge.cleanup_on_logout.manual.shared_has_users | string | `"nothing"` | Action for portals which have other logged-in Matrix users. | -| config.bridge.cleanup_on_logout.manual.shared_no_users | string | `"nothing"` | Action for portals which may be shared, but don't currently have any other Matrix users. | -| config.bridge.command_prefix | string | `"!bridge"` | The prefix for commands. Only required in non-management rooms. | -| config.bridge.mute_only_on_create | bool | `true` | Should room mute status only be synced when creating the portal? Like tags, mutes can't currently be synced back to the remote network. | -| config.bridge.permissions | object | `{"*":"relay","@admin:example.com":"admin","example.com":"user"}` | Permissions for using the bridge. Permitted values: relay - Talk through the relaybot (if enabled), no access otherwise commands - Access to use commands in the bridge, but not login. user - Access to use the bridge with puppeting. admin - Full access, user level with some additional administration tools. Permitted keys: * - All Matrix users domain - All users on that homeserver mxid - Specific user | -| config.bridge.personal_filtering_spaces | bool | `true` | Should the bridge create a space for each login containing the rooms that account is in? | -| config.bridge.private_chat_portal_meta | bool | `false` | Whether the bridge should set names and avatars explicitly for DM portals. This is only necessary when using clients that don't support MSC4171. | -| config.bridge.relay.admin_only | bool | `true` | Should only admins be allowed to set themselves as relay users? | -| config.bridge.relay.default_relays | list | `[]` | List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. | -| config.bridge.relay.displayname_format | string | `"{{ .DisambiguatedName }}"` | For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names. This has all the Sender variables available under message_formats (but without the .Sender prefix). Note that you need to manually remove the displayname from message_formats above. | -| config.bridge.relay.enabled | bool | `false` | Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any authenticated user into a relaybot for that chat. | -| config.bridge.relay.message_formats | object | `{"m.audio":"{{ .Sender.DisambiguatedName }} sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}","m.emote":"* {{ .Sender.DisambiguatedName }} {{ .Message }}","m.file":"{{ .Sender.DisambiguatedName }} sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}","m.image":"{{ .Sender.DisambiguatedName }} sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}","m.location":"{{ .Sender.DisambiguatedName }} sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}","m.notice":"{{ .Sender.DisambiguatedName }}: {{ .Message }}","m.text":"{{ .Sender.DisambiguatedName }}: {{ .Message }}","m.video":"{{ .Sender.DisambiguatedName }} sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}"}` | The formats to use when sending messages via the relaybot. Available variables: .Sender.UserID - The Matrix user ID of the sender. .Sender.Displayname - The display name of the sender (if set). .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room. .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set, plus the user ID in parentheses if the displayname is not unique. If the displayname is not set, this is just the user ID. .Message - The `formatted_body` field of the message. .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string. .FileName - The name of the file being sent. | -| config.bridge.tag_only_on_create | bool | `true` | Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority. Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone. | -| config.database.max_conn_idle_time | string | `nil` | Maximum connection idle time and lifetime before they're closed. Disabled if null. Parsed with https://pkg.go.dev/time#ParseDuration | -| config.database.max_conn_lifetime | string | `nil` | | -| config.database.max_idle_conns | int | `2` | | -| config.database.max_open_conns | int | `20` | Maximum number of connections. Mostly relevant for Postgres. | -| config.database.type | string | `"postgres"` | The database type. "sqlite3-fk-wal" and "postgres" are supported. | -| config.database.uri | string | `"postgres://user:password@host/database?sslmode=disable"` | The database URI. SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. https://github.com/mattn/go-sqlite3#connection-string Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql | -| config.direct_media.allow_proxy | bool | `true` | If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916 media download redirects if the requester supports it. Optionally, you can force redirects and not allow proxying at all by setting this to false. This option does nothing if the remote network does not support media downloads over HTTP. | -| config.direct_media.enabled | bool | `false` | Should custom mxc:// URIs be used instead of reuploading media? | -| config.direct_media.media_id_prefix | string | `nil` | Optionally specify a custom prefix for the media ID part of the MXC URI. | -| config.direct_media.server_key | string | `""` | Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. | -| config.direct_media.server_name | string | `"discord-media.example.com"` | The server name to use for the custom mxc:// URIs. This server name will effectively be a real Matrix server, it just won't implement anything other than media. You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge. | -| config.direct_media.well_known_response | string | `nil` | Optionally a custom .well-known response. This defaults to `server_name:443` | -| config.double_puppet.allow_discovery | bool | `false` | Whether to allow client API URL discovery for other servers. When using this option, users on other servers can use double puppeting even if their server URLs aren't explicitly added to the servers map above. | -| config.double_puppet.secrets | object | `{"example.com":"as_token:foobar"}` | Shared secrets for automatic double puppeting. See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. | -| config.double_puppet.servers | object | `{"example.com":"https://example.com"}` | Servers to always allow double puppeting from. This is only for other servers and should NOT contain the server the bridge is on. | -| config.encryption.allow | bool | `false` | Allow encryption, work in group chat rooms with e2ee enabled | -| config.encryption.allow_key_sharing | bool | `false` | Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. You must use a client that supports requesting keys from other users to use this feature. | -| config.encryption.appservice | bool | `false` | Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. | -| config.encryption.default | bool | `false` | Default to encryption, force-enable encryption in all portals the bridge creates This will cause the bridge bot to be in private chats for the encryption to work properly. | -| config.encryption.delete_keys | object | `{"delete_fully_used_on_decrypt":false,"delete_on_device_delete":false,"delete_outbound_on_ack":false,"delete_outdated_inbound":false,"delete_prev_on_new_session":false,"dont_store_outbound":false,"periodically_delete_expired":false,"ratchet_on_decrypt":false}` | Options for deleting megolm sessions from the bridge. | -| config.encryption.delete_keys.delete_fully_used_on_decrypt | bool | `false` | Delete fully used keys (index >= max_messages) after decrypting messages. | -| config.encryption.delete_keys.delete_on_device_delete | bool | `false` | Delete megolm sessions received from a device when the device is deleted. | -| config.encryption.delete_keys.delete_outbound_on_ack | bool | `false` | Beeper-specific: delete outbound sessions when hungryserv confirms that the user has uploaded the key to key backup. | -| config.encryption.delete_keys.delete_outdated_inbound | bool | `false` | Delete inbound megolm sessions that don't have the received_at field used for automatic ratcheting and expired session deletion. This is meant as a migration to delete old keys prior to the bridge update. | -| config.encryption.delete_keys.delete_prev_on_new_session | bool | `false` | Delete previous megolm sessions from same device when receiving a new one. | -| config.encryption.delete_keys.dont_store_outbound | bool | `false` | Don't store outbound sessions in the inbound table. | -| config.encryption.delete_keys.periodically_delete_expired | bool | `false` | Periodically delete megolm sessions when 2x max_age has passed since receiving the session. | -| config.encryption.delete_keys.ratchet_on_decrypt | bool | `false` | Ratchet megolm sessions forward after decrypting messages. | -| config.encryption.pickle_key | string | `nil` | | -| config.encryption.plaintext_mentions | string | `nil` | | -| config.encryption.require | bool | `false` | Require encryption, drop any unencrypted messages. | -| config.encryption.rotation.disable_device_change_key_rotation | bool | `false` | Disable rotating keys when a user's devices change? You should not enable this option unless you understand all the implications. | -| config.encryption.rotation.enable_custom | bool | `false` | Enable custom Megolm room key rotation settings. Note that these settings will only apply to rooms created after this option is set. | -| config.encryption.rotation.messages | int | `100` | The maximum number of messages that should be sent with a given a session before changing it. The Matrix spec recommends 100 as the default. | -| config.encryption.rotation.milliseconds | int | `604800000` | The maximum number of milliseconds a session should be used before changing it. The Matrix spec recommends 604800000 (a week) as the default. | -| config.encryption.verification_levels.receive | string | `"unverified"` | Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. | -| config.encryption.verification_levels.send | string | `"unverified"` | Minimum level that the bridge should accept for incoming Matrix messages. | -| config.encryption.verification_levels.share | string | `"cross-signed-tofu"` | Minimum level that the bridge should require for accepting key requests. | -| config.homeserver.address | string | `"https://matrix.example.com"` | The address that this appservice can use to connect to the homeserver. | -| config.homeserver.async_media | bool | `false` | Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | -| config.homeserver.domain | string | `"example.com"` | The domain of the homeserver (also known as server_name, used for MXIDs, etc). | -| config.homeserver.message_send_checkpoint_endpoint | string | `nil` | Endpoint for reporting per-message status. | -| config.homeserver.ping_interval_seconds | int | `0` | How often should the websocket be pinged? Pinging will be disabled if this is zero. | -| config.homeserver.public_address | string | `nil` | | -| config.homeserver.software | string | `"standard"` | What software is the homeserver running? Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. | -| config.homeserver.status_endpoint | string | `nil` | The URL to push real-time bridge status to. If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. The bridge will use the appservice as_token to authorize requests. | -| config.homeserver.websocket | bool | `false` | Should the bridge use a websocket for connecting to the homeserver? The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, mautrix-asmux (deprecated), and hungryserv (proprietary). | -| config.homeserver.websocket_proxy | string | `""` | | -| config.logging.min_level | string | `"warn"` | | -| config.logging.writers[0].format | string | `"json"` | | -| config.logging.writers[0].type | string | `"stdout"` | | -| config.management_room_text.additional_help | string | `""` | Optional extra text sent when joining a management room. | -| config.management_room_text.welcome | string | `"Hello, I'm a Signal bridge bot."` | Sent when joining a room. | -| config.management_room_text.welcome_connected | string | `"Use `help` for help."` | Sent when joining a management room and the user is already logged in. | -| config.management_room_text.welcome_unconnected | string | `"Use `help` for help or `login` to log in."` | Sent when joining a management room and the user is not logged in. | -| config.matrix.delivery_receipts | bool | `false` | Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? | -| config.matrix.federate_rooms | bool | `true` | Whether or not created rooms should have federation enabled. If false, created portal rooms will never be federated. | -| config.matrix.message_error_notices | bool | `true` | Whether the bridge should send error notices via m.notice events when a message fails to bridge. | -| config.matrix.message_status_events | bool | `false` | Whether the bridge should send the message status as a custom com.beeper.message_send_status event. | -| config.matrix.sync_direct_chat_list | bool | `false` | Should the bridge update the m.direct account data event when double puppeting is enabled. Note that updating the m.direct event is not atomic (except with mautrix-asmux) and is therefore prone to race conditions. | -| config.provisioning.debug_endpoints | bool | `false` | Enable debug API at /debug with provisioning authentication. | -| config.provisioning.prefix | string | `"/_matrix/provision"` | Prefix for the provisioning API paths. | -| config.provisioning.shared_secret | string | `"generate"` | Shared secret for authentication. If set to "generate", a random secret will be generated, or if set to "disable", the provisioning API will be disabled. | -| config.public_media.enabled | bool | `false` | Should public media be enabled at all? The public_address field under the appservice section MUST be set when enabling public media. | -| config.public_media.expiry | int | `0` | Number of seconds that public media URLs are valid for. If set to 0, URLs will never expire. | -| config.public_media.hash_length | int | `32` | Length of hash to use for public media URLs. Must be between 0 and 32. | -| config.public_media.signing_key | string | `"generate"` | A key for signing public media URLs. If set to "generate", a random key will be generated. | -| config.signal.device_name | string | `"mautrix-signal"` | Default device name that shows up in the Signal app. | -| config.signal.displayname_template | string | `"{{ printf \"%s (%s) %s\" (or .ProfileName .ContactName \"Unknown user\") (or .PhoneNumber \"Unknown number\" (or .AboutEmoji \"\")}}"` | Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. {{.ProfileName}} - The Signal profile name set by the user. {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. {{.PhoneNumber}} - The phone number of the user. {{.UUID}} - The UUID of the Signal user. {{.AboutEmoji}} - The emoji set by the user in their profile. | -| config.signal.location_format | string | `"https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s"` | | -| config.signal.note_to_self_avatar | string | `"mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL"` | | -| config.signal.number_in_topic | bool | `true` | Should the Signal user's phone number be included in the room topic in private chat portal rooms? | -| config.signal.sync_contacts_on_startup | bool | `true` | Should the bridge request the user's contact list from the phone on startup? | -| config.signal.use_contact_avatars | bool | `false` | Should avatars from the user's contact list be used? This is not safe on multi-user instances. | -| config.signal.use_outdated_profiles | bool | `false` | Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"dock.mau.dev"` | | -| image.repository | string | `""` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/_matrix/mau/live"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/_matrix/mau/ready"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| registration."de.sorunome.msc2409.push_ephemeral" | bool | `true` | | -| registration.namespaces.users[0].exclusive | bool | `true` | | -| registration.namespaces.users[0].regex | string | `"^@signalbot:example.org$"` | | -| registration.namespaces.users[1].exclusive | bool | `true` | | -| registration.namespaces.users[1].regex | string | `"^@signal_.*:example.org$"` | | -| registration.push_ephemeral | bool | `true` | | -| registration.rate_limited | bool | `false` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `false` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/mautrix-bridge/_docs.gotmpl b/mautrix-bridge/_docs.gotmpl deleted file mode 100644 index 867fd60..0000000 --- a/mautrix-bridge/_docs.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{ define "chart.prerequirements" -}} -For use of the bridge: -* **signal**, use the `./bridge-values/signal/values.yaml` -* **slack**, use the `./bridge-values/slack/values.yaml` -{{ end }} diff --git a/mautrix-bridge/bridge-values/signal/values.yaml b/mautrix-bridge/bridge-values/signal/values.yaml deleted file mode 100644 index 629a640..0000000 --- a/mautrix-bridge/bridge-values/signal/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -image: - repository: mautrix/signal - tag: "v0.7.5" - -config: - bridge: - command_prefix: '!signal' - database: - uri: postgres://user:password@host/maturix-signal?sslmode=disable - appservice: - id: signal - bot: - username: signalbot - displayname: Signal bridge bot - avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - username_template: signal_{{.}} - - management_room_text: - welcome: "Hello, I'm a Signal bridge bot." - - signal: - # -- Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. - # {{.ProfileName}} - The Signal profile name set by the user. - # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. - # {{.PhoneNumber}} - The phone number of the user. - # {{.UUID}} - The UUID of the Signal user. - # {{.AboutEmoji}} - The emoji set by the user in their profile. - displayname_template: '{{ printf "%s (%s) %s" (or .ProfileName .ContactName "Unknown user") (or .PhoneNumber "Unknown number" (or .AboutEmoji "")}}' - # -- Should avatars from the user's contact list be used? This is not safe on multi-user instances. - use_contact_avatars: false - # -- Should the bridge request the user's contact list from the phone on startup? - sync_contacts_on_startup: true - # -- Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. - use_outdated_profiles: false - # -- Should the Signal user's phone number be included in the room topic in private chat portal rooms? - number_in_topic: true - # -- Default device name that shows up in the Signal app. - device_name: mautrix-signal - # Avatar image for the Note to Self room. - note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL - # Format for generating URLs from location messages for sending to Signal. - # Google Maps: 'https://www.google.com/maps/place/%[1]s,%[2]s' - # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - location_format: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - -registration: - namespaces: - users: - - regex: ^@signalbot:example.org$ - exclusive: true - - regex: ^@signal_.*:example.org$ - exclusive: true diff --git a/mautrix-bridge/bridge-values/slack/values.yaml b/mautrix-bridge/bridge-values/slack/values.yaml deleted file mode 100644 index 2057b0f..0000000 --- a/mautrix-bridge/bridge-values/slack/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -image: - repository: mautrix/slack - tag: "v0.1.4" - -config: - bridge: - command_prefix: '!slack' - database: - uri: postgres://user:password@host/mautrix-slack?sslmode=disable - appservice: - id: slack - bot: - username: slackbot - displayname: "Slack bridge bot" - avatar: "mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem" - username_template: slack_{{.}} - - management_room_text: - welcome: "Hello, I'm a Slack bridge bot." - - slack: - displayname_template: '{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}' - channel_name_template: '{{if and .IsChannel (not .IsPrivate)}}#{{end}}{{.Name}}{{if .IsNoteToSelf}} (you){{end}}' - team_name_template: "{{ .Name }}" - custom_emoji_reactions: true - workspace_avatar_in_rooms: false - participant_sync_count: 5 - participant_sync_only_on_create: true - mute_channels_by_default: false - backfill: - conversation_count: -1 - -registration: - namespaces: - users: - - regex: ^@slackbot:example.org$ - exclusive: true - - regex: ^@slack_.*:example.org$ - exclusive: true diff --git a/mautrix-bridge/templates/service.yaml b/mautrix-bridge/templates/service.yaml deleted file mode 100644 index 541a761..0000000 --- a/mautrix-bridge/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.config .Values.config.appservice }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mautrix-bridge.fullname" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - publishNotReadyAddresses: true - selector: - {{- include "mautrix-bridge.selectorLabels" . | nindent 4 }} - ports: - - port: {{ .Values.config.appservice.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/mautrix-bridge/templates/serviceaccount.yaml b/mautrix-bridge/templates/serviceaccount.yaml deleted file mode 100644 index 9940f45..0000000 --- a/mautrix-bridge/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mautrix-bridge.serviceAccountName" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/mautrix-bridge/values.yaml b/mautrix-bridge/values.yaml deleted file mode 100644 index 76ff0e6..0000000 --- a/mautrix-bridge/values.yaml +++ /dev/null @@ -1,569 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: dock.mau.dev - repository: "" - tag: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -config: - # Bridge config - bridge: - # -- The prefix for commands. Only required in non-management rooms. - command_prefix: '!bridge' - # -- Should the bridge create a space for each login containing the rooms that account is in? - personal_filtering_spaces: true - # -- Whether the bridge should set names and avatars explicitly for DM portals. - # This is only necessary when using clients that don't support MSC4171. - private_chat_portal_meta: false - - # -- Should leaving Matrix rooms be bridged as leaving groups on the remote network? - bridge_matrix_leave: false - # -- Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority. - # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone. - tag_only_on_create: true - # -- Should room mute status only be synced when creating the portal? - # Like tags, mutes can't currently be synced back to the remote network. - mute_only_on_create: true - - # What should be done to portal rooms when a user logs out or is logged out? - # Permitted values: - # nothing - Do nothing, let the user stay in the portals - # kick - Remove the user from the portal rooms, but don't delete them - # unbridge - Remove all ghosts in the room and disassociate it from the remote chat - # delete - Remove all ghosts and users from the room (i.e. delete it) - cleanup_on_logout: - # -- Should cleanup on logout be enabled at all? - enabled: false - # Settings for manual logouts (explicitly initiated by the Matrix user) - manual: - # -- Action for private portals which will never be shared with other Matrix users. - private: nothing - # -- Action for portals with a relay user configured. - relayed: nothing - # -- Action for portals which may be shared, but don't currently have any other Matrix users. - shared_no_users: nothing - # -- Action for portals which have other logged-in Matrix users. - shared_has_users: nothing - # Settings for credentials being invalidated (initiated by the remote network, possibly through user action). - # Keys have the same meanings as in the manual section. - bad_credentials: - private: nothing - relayed: nothing - shared_no_users: nothing - shared_has_users: nothing - - # Settings for relay mode - relay: - # -- Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any - # authenticated user into a relaybot for that chat. - enabled: false - # -- Should only admins be allowed to set themselves as relay users? - admin_only: true - # -- List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. - default_relays: [] - # -- The formats to use when sending messages via the relaybot. - # Available variables: - # .Sender.UserID - The Matrix user ID of the sender. - # .Sender.Displayname - The display name of the sender (if set). - # .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room. - # .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set, - # plus the user ID in parentheses if the displayname is not unique. - # If the displayname is not set, this is just the user ID. - # .Message - The `formatted_body` field of the message. - # .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string. - # .FileName - The name of the file being sent. - message_formats: - m.text: "{{ .Sender.DisambiguatedName }}: {{ .Message }}" - m.notice: "{{ .Sender.DisambiguatedName }}: {{ .Message }}" - m.emote: "* {{ .Sender.DisambiguatedName }} {{ .Message }}" - m.file: "{{ .Sender.DisambiguatedName }} sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.image: "{{ .Sender.DisambiguatedName }} sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.audio: "{{ .Sender.DisambiguatedName }} sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.video: "{{ .Sender.DisambiguatedName }} sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.location: "{{ .Sender.DisambiguatedName }} sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}" - # -- For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names. - # This has all the Sender variables available under message_formats (but without the .Sender prefix). - # Note that you need to manually remove the displayname from message_formats above. - displayname_format: "{{ .DisambiguatedName }}" - - # -- Permissions for using the bridge. - # Permitted values: - # relay - Talk through the relaybot (if enabled), no access otherwise - # commands - Access to use commands in the bridge, but not login. - # user - Access to use the bridge with puppeting. - # admin - Full access, user level with some additional administration tools. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "*": relay - "example.com": user - "@admin:example.com": admin - - - # Database config. - database: - # -- The database type. "sqlite3-fk-wal" and "postgres" are supported. - type: postgres - # -- The database URI. - # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. - # https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable - # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://user:password@host/database?sslmode=disable - # -- Maximum number of connections. Mostly relevant for Postgres. - max_open_conns: 20 - max_idle_conns: 2 - # -- Maximum connection idle time and lifetime before they're closed. Disabled if null. - # Parsed with https://pkg.go.dev/time#ParseDuration - max_conn_idle_time: null - max_conn_lifetime: null - - # Homeserver details. - homeserver: - # -- The address that this appservice can use to connect to the homeserver. - address: https://matrix.example.com - # -- The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: example.com - # -- Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false - public_address: - - # -- What software is the homeserver running? - # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. - software: standard - # -- The URL to push real-time bridge status to. - # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. - # The bridge will use the appservice as_token to authorize requests. - status_endpoint: null - # -- Endpoint for reporting per-message status. - message_send_checkpoint_endpoint: null - - # -- Should the bridge use a websocket for connecting to the homeserver? - # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, - # mautrix-asmux (deprecated), and hungryserv (proprietary). - websocket: false - websocket_proxy: "" - # -- How often should the websocket be pinged? Pinging will be disabled if this is zero. - ping_interval_seconds: 0 - - - # Application service host/registration related details. - # Changing these values requires regeneration of the registration. - appservice: - # -- The address that the homeserver can use to connect to this appservice. - address: http://localhost:29328 - public_address: - # -- The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29328 - - # -- The unique ID of this appservice. - id: signal - # Appservice bot details. - bot: - # -- Username of the appservice bot. - username: signalbot - # -- Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: Signal bridge bot - avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - - as_token: "" - hs_token: "" - - # -- Whether or not to receive ephemeral events via appservice transactions. - # Requires MSC2409 support (i.e. Synapse 1.22+). - ephemeral_events: true - # -- Should incoming events be handled asynchronously? - # This may be necessary for large public instances with lots of messages going through. - # However, messages will not be guaranteed to be bridged in the same order they were sent in. - async_transactions: false - - # -- Localpart template of MXIDs for Signal users. - # {{.}} is replaced with the internal ID of the Signal user. - username_template: signal_{{.}} - - matrix: - # -- Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? - delivery_receipts: false - # -- Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: false - # -- Whether the bridge should send error notices via m.notice events when a message fails to bridge. - message_error_notices: true - # -- Should the bridge update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # -- Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - - # Settings for provisioning API - provisioning: - # -- Prefix for the provisioning API paths. - prefix: /_matrix/provision - # -- Shared secret for authentication. If set to "generate", a random secret will be generated, - # or if set to "disable", the provisioning API will be disabled. - shared_secret: generate - # -- Enable debug API at /debug with provisioning authentication. - debug_endpoints: false - - # Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks). - # These settings control whether the bridge will provide such public media access. - public_media: - # -- Should public media be enabled at all? - # The public_address field under the appservice section MUST be set when enabling public media. - enabled: false - # -- A key for signing public media URLs. - # If set to "generate", a random key will be generated. - signing_key: generate - # -- Number of seconds that public media URLs are valid for. - # If set to 0, URLs will never expire. - expiry: 0 - # -- Length of hash to use for public media URLs. Must be between 0 and 32. - hash_length: 32 - - # Settings for converting remote media to custom mxc:// URIs instead of reuploading. - # More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html - direct_media: - # -- Should custom mxc:// URIs be used instead of reuploading media? - enabled: false - # -- The server name to use for the custom mxc:// URIs. - # This server name will effectively be a real Matrix server, it just won't implement anything other than media. - # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge. - server_name: discord-media.example.com - # -- Optionally a custom .well-known response. This defaults to `server_name:443` - well_known_response: - # -- Optionally specify a custom prefix for the media ID part of the MXC URI. - media_id_prefix: - # -- If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916 - # media download redirects if the requester supports it. Optionally, you can force redirects - # and not allow proxying at all by setting this to false. - # This option does nothing if the remote network does not support media downloads over HTTP. - allow_proxy: true - # -- Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. - # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. - server_key: "" - - # Settings for backfilling messages. - # Note that the exact way settings are applied depends on the network connector. - # See https://docs.mau.fi/bridges/general/backfill.html for more details. - backfill: - # -- Whether to do backfilling at all. - enabled: false - # -- Maximum number of messages to backfill in empty rooms. - max_initial_messages: 50 - # -- Maximum number of missed messages to backfill after bridge restarts. - max_catchup_messages: 500 - # -- If a backfilled chat is older than this number of hours, - # mark it as read even if it's unread on the remote network. - unread_hours_threshold: 720 - # Settings for backfilling threads within other backfills. - threads: - # -- Maximum number of messages to backfill in a new thread. - max_initial_messages: 50 - # Settings for the backwards backfill queue. This only applies when connecting to - # Beeper as standard Matrix servers don't support inserting messages into history. - queue: - # -- Should the backfill queue be enabled? - enabled: false - # -- Number of messages to backfill in one batch. - batch_size: 100 - # -- Delay between batches in seconds. - batch_delay: 20 - # -- Maximum number of batches to backfill per portal. - # If set to -1, all available messages will be backfilled. - max_batches: -1 - # -- Optional network-specific overrides for max batches. - # Interpretation of this field depends on the network connector. - max_batches_override: {} - - - # Settings for enabling double puppeting - double_puppet: - # -- Servers to always allow double puppeting from. - # This is only for other servers and should NOT contain the server the bridge is on. - servers: - example.com: https://example.com - # -- Whether to allow client API URL discovery for other servers. When using this option, - # users on other servers can use double puppeting even if their server URLs aren't - # explicitly added to the servers map above. - allow_discovery: false - # -- Shared secrets for automatic double puppeting. - # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. - secrets: - example.com: as_token:foobar - - # End-to-bridge encryption support options. - # - # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. - encryption: - # -- Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # -- Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # -- Require encryption, drop any unencrypted messages. - require: false - # -- Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. - appservice: false - plaintext_mentions: - pickle_key: - # -- Options for deleting megolm sessions from the bridge. - delete_keys: - # -- Beeper-specific: delete outbound sessions when hungryserv confirms - # that the user has uploaded the key to key backup. - delete_outbound_on_ack: false - # -- Don't store outbound sessions in the inbound table. - dont_store_outbound: false - # -- Ratchet megolm sessions forward after decrypting messages. - ratchet_on_decrypt: false - # -- Delete fully used keys (index >= max_messages) after decrypting messages. - delete_fully_used_on_decrypt: false - # -- Delete previous megolm sessions from same device when receiving a new one. - delete_prev_on_new_session: false - # -- Delete megolm sessions received from a device when the device is deleted. - delete_on_device_delete: false - # -- Periodically delete megolm sessions when 2x max_age has passed since receiving the session. - periodically_delete_expired: false - # -- Delete inbound megolm sessions that don't have the received_at field used for - # automatic ratcheting and expired session deletion. This is meant as a migration - # to delete old keys prior to the bridge update. - delete_outdated_inbound: false - # What level of device verification should be required from users? - # - # Valid levels: - # unverified - Send keys to all device in the room. - # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. - # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). - # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. - # Note that creating user signatures from the bridge bot is not currently possible. - # verified - Require manual per-device verification - # (currently only possible by modifying the `trust` column in the `crypto_device` database table). - verification_levels: - # -- Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. - receive: unverified - # -- Minimum level that the bridge should accept for incoming Matrix messages. - send: unverified - # -- Minimum level that the bridge should require for accepting key requests. - share: cross-signed-tofu - # -- Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow_key_sharing: false - # Options for Megolm room key rotation. These options allow you to - # configure the m.room.encryption event content. See: - # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for - # more information about that event. - rotation: - # -- Enable custom Megolm room key rotation settings. Note that these - # settings will only apply to rooms created after this option is - # set. - enable_custom: false - # -- The maximum number of milliseconds a session should be used - # before changing it. The Matrix spec recommends 604800000 (a week) - # as the default. - milliseconds: 604800000 - # -- The maximum number of messages that should be sent with a given a - # session before changing it. The Matrix spec recommends 100 as the - # default. - messages: 100 - - # -- Disable rotating keys when a user's devices change? - # You should not enable this option unless you understand all the implications. - disable_device_change_key_rotation: false - - - # Logging config. See https://github.com/tulir/zeroconfig for details. - logging: - min_level: warn - writers: - - type: stdout - format: json - - # Messages sent upon joining a management room. - # Markdown is supported. The defaults are listed below. - management_room_text: - # -- Sent when joining a room. - welcome: "Hello, I'm a Signal bridge bot." - # -- Sent when joining a management room and the user is already logged in. - welcome_connected: "Use `help` for help." - # -- Sent when joining a management room and the user is not logged in. - welcome_unconnected: "Use `help` for help or `login` to log in." - # -- Optional extra text sent when joining a management room. - additional_help: "" - - signal: - # -- Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. - # {{.ProfileName}} - The Signal profile name set by the user. - # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. - # {{.PhoneNumber}} - The phone number of the user. - # {{.UUID}} - The UUID of the Signal user. - # {{.AboutEmoji}} - The emoji set by the user in their profile. - displayname_template: '{{ printf "%s (%s) %s" (or .ProfileName .ContactName "Unknown user") (or .PhoneNumber "Unknown number" (or .AboutEmoji "")}}' - # -- Should avatars from the user's contact list be used? This is not safe on multi-user instances. - use_contact_avatars: false - # -- Should the bridge request the user's contact list from the phone on startup? - sync_contacts_on_startup: true - # -- Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. - use_outdated_profiles: false - # -- Should the Signal user's phone number be included in the room topic in private chat portal rooms? - number_in_topic: true - # -- Default device name that shows up in the Signal app. - device_name: mautrix-signal - # Avatar image for the Note to Self room. - note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL - # Format for generating URLs from location messages for sending to Signal. - # Google Maps: 'https://www.google.com/maps/place/%[1]s,%[2]s' - # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - location_format: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - -registration: - # token from config.appservice.id - # id: - # taken from config.appservice.address - # url: - # taken from config.appservice.as_token default: self-generate - # as_token: - # taken from config.appservice.hs_token default: self-generate - # hs_token: - # take from config.appservice.bot.username - # sender_localpart: signalbot - rate_limited: false - namespaces: - users: - - regex: ^@signalbot:example.org$ - exclusive: true - - regex: ^@signal_.*:example.org$ - exclusive: true - de.sorunome.msc2409.push_ephemeral: true - push_ephemeral: true - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Automatically mount a ServiceAccount's API credentials? - automount: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - path: /_matrix/mau/live - port: http -readinessProbe: - httpGet: - path: /_matrix/mau/ready - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -persistence: - # -- Enable persistence using Persistent Volume Claims - # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - # -- accessMode - accessMode: ReadWriteOnce - # -- size - size: 10Gi diff --git a/element-call/.helmignore b/mautrix-signal/.helmignore similarity index 100% rename from element-call/.helmignore rename to mautrix-signal/.helmignore diff --git a/mautrix-signal/Chart.yaml b/mautrix-signal/Chart.yaml new file mode 100644 index 0000000..8b2f721 --- /dev/null +++ b/mautrix-signal/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: mautrix-signal +description: A Matrix-Signal puppeting bridge. +type: application +version: 0.0.4 +# renovate: image=dock.mau.dev/mautrix/signal +appVersion: "0.6.1" +maintainers: + - name: WrenIX + url: https://wrenix.eu diff --git a/mautrix-signal/README.adoc b/mautrix-signal/README.adoc new file mode 100644 index 0000000..ba5f229 --- /dev/null +++ b/mautrix-signal/README.adoc @@ -0,0 +1,765 @@ + + += mautrix-signal + +image::https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square[Version: 0.0.4] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.6.1-informational?style=flat-square[AppVersion: 0.6.1] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + += Alpha + +WARNING +==== +We stop working on this Helm-Chart. +There are still many breaking change like: + +* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] + +We hope that stalward mail-server becomes more stable. + +==== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/mautrix-signal +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install mautrix-signal-release oci://codeberg.org/wrenix/helm-charts/mautrix-signal --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall mautrix-signal-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| config.appservice.address +| string +| `"http://localhost:29328"` +| The address that the homeserver can use to connect to this appservice. + +| config.appservice.async_transactions +| bool +| `false` +| Should incoming events be handled asynchronously? This may be necessary for large public instances with lots of messages going through. However, messages will not be guaranteed to be bridged in the same order they were sent in. + +| config.appservice.bot.avatar +| string +| `"mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp"` +| + +| config.appservice.bot.displayname +| string +| `"Signal bridge bot"` +| Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty to leave display name/avatar as-is. + +| config.appservice.bot.username +| string +| `"signalbot"` +| Username of the appservice bot. + +| config.appservice.database.max_conn_idle_time +| string +| `nil` +| Maximum connection idle time and lifetime before they're closed. Disabled if null. Parsed with https://pkg.go.dev/time#ParseDuration + +| config.appservice.database.max_conn_lifetime +| string +| `nil` +| + +| config.appservice.database.max_idle_conns +| int +| `2` +| + +| config.appservice.database.max_open_conns +| int +| `20` +| Maximum number of connections. Mostly relevant for Postgres. + +| config.appservice.database.type +| string +| `"postgres"` +| The database type. "sqlite3-fk-wal" and "postgres" are supported. + +| config.appservice.database.uri +| string +| `"postgres://user:password@host/database?sslmode=disable"` +| The database URI. SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. https://github.com/mattn/go-sqlite3#connection-string Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + +| config.appservice.ephemeral_events +| bool +| `true` +| Whether or not to receive ephemeral events via appservice transactions. Requires MSC2409 support (i.e. Synapse 1.22+). + +| config.appservice.hostname +| string +| `"0.0.0.0"` +| The hostname and port where this appservice should listen. + +| config.appservice.id +| string +| `"signal"` +| The unique ID of this appservice. + +| config.appservice.port +| int +| `29328` +| + +| config.bridge +| object +| `{"bridge_notices":true,"caption_in_message":false,"command_prefix":"!signal","delivery_receipts":false,"displayname_template":"{{or .ProfileName .PhoneNumber \"Unknown user\"}}","double_puppet_allow_discovery":false,"double_puppet_server_map":{"example.com":"https://example.com"},"encryption":{"allow":false,"allow_key_sharing":false,"appservice":false,"default":false,"delete_keys":{"delete_fully_used_on_decrypt":false,"delete_on_device_delete":false,"delete_outbound_on_ack":false,"delete_outdated_inbound":false,"delete_prev_on_new_session":false,"dont_store_outbound":false,"periodically_delete_expired":false,"ratchet_on_decrypt":false},"require":false,"rotation":{"disable_device_change_key_rotation":false,"enable_custom":false,"messages":100,"milliseconds":604800000},"verification_levels":{"receive":"unverified","send":"unverified","share":"cross-signed-tofu"}},"federate_rooms":true,"login_shared_secret_map":{"example.com":"foobar"},"management_room_text":{"additional_help":"","welcome":"Hello, I'm a Signal bridge bot.","welcome_connected":"Use `help` for help.","welcome_unconnected":"Use `help` for help or `login` to log in."},"message_error_notices":true,"message_handling_timeout":{"deadline":"120s","error_after":null},"message_status_events":false,"note_to_self_avatar":"mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL","number_in_topic":true,"permissions":{"*":"relay","@admin:example.com":"admin","example.com":"user"},"personal_filtering_spaces":false,"portal_message_buffer":128,"private_chat_portal_meta":"default","provisioning":{"debug_endpoints":false,"prefix":"/_matrix/provision","shared_secret":"generate"},"public_portals":false,"relay":{"admin_only":true,"enabled":false,"message_formats":{"m.audio":"{{ .Sender.Displayname }} sent an audio file","m.emote":"* {{ .Sender.Displayname }} {{ .Message }}","m.file":"{{ .Sender.Displayname }} sent a file","m.image":"{{ .Sender.Displayname }} sent an image","m.location":"{{ .Sender.Displayname }} sent a location","m.notice":"{{ .Sender.Displayname }}: {{ .Message }}","m.text":"{{ .Sender.Displayname }}: {{ .Message }}","m.video":"{{ .Sender.Displayname }} sent a video"}},"resend_bridge_info":false,"sync_direct_chat_list":false,"use_contact_avatars":false,"username_template":"signal_{{.}}"}` +| Bridge config + +| config.bridge.bridge_notices +| bool +| `true` +| Should Matrix m.notice-type messages be bridged? + +| config.bridge.caption_in_message +| bool +| `false` +| Send captions in the same message as images. This will send data compatible with both MSC2530. This is currently not supported in most clients. + +| config.bridge.command_prefix +| string +| `"!signal"` +| The prefix for commands. Only required in non-management rooms. + +| config.bridge.delivery_receipts +| bool +| `false` +| Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? + +| config.bridge.displayname_template +| string +| `"{{or .ProfileName .PhoneNumber \"Unknown user\"}}"` +| Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. {{.ProfileName}} - The Signal profile name set by the user. {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. {{.PhoneNumber}} - The phone number of the user. {{.UUID}} - The UUID of the Signal user. {{.AboutEmoji}} - The emoji set by the user in their profile. + +| config.bridge.double_puppet_allow_discovery +| bool +| `false` +| Allow using double puppeting from any server with a valid client .well-known file. + +| config.bridge.double_puppet_server_map +| object +| `{"example.com":"https://example.com"}` +| Servers to always allow double puppeting from + +| config.bridge.encryption.allow +| bool +| `false` +| Allow encryption, work in group chat rooms with e2ee enabled + +| config.bridge.encryption.allow_key_sharing +| bool +| `false` +| Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. You must use a client that supports requesting keys from other users to use this feature. + +| config.bridge.encryption.appservice +| bool +| `false` +| Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + +| config.bridge.encryption.default +| bool +| `false` +| Default to encryption, force-enable encryption in all portals the bridge creates This will cause the bridge bot to be in private chats for the encryption to work properly. + +| config.bridge.encryption.delete_keys +| object +| `{"delete_fully_used_on_decrypt":false,"delete_on_device_delete":false,"delete_outbound_on_ack":false,"delete_outdated_inbound":false,"delete_prev_on_new_session":false,"dont_store_outbound":false,"periodically_delete_expired":false,"ratchet_on_decrypt":false}` +| Options for deleting megolm sessions from the bridge. + +| config.bridge.encryption.delete_keys.delete_fully_used_on_decrypt +| bool +| `false` +| Delete fully used keys (index >= max_messages) after decrypting messages. + +| config.bridge.encryption.delete_keys.delete_on_device_delete +| bool +| `false` +| Delete megolm sessions received from a device when the device is deleted. + +| config.bridge.encryption.delete_keys.delete_outbound_on_ack +| bool +| `false` +| Beeper-specific: delete outbound sessions when hungryserv confirms that the user has uploaded the key to key backup. + +| config.bridge.encryption.delete_keys.delete_outdated_inbound +| bool +| `false` +| Delete inbound megolm sessions that don't have the received_at field used for automatic ratcheting and expired session deletion. This is meant as a migration to delete old keys prior to the bridge update. + +| config.bridge.encryption.delete_keys.delete_prev_on_new_session +| bool +| `false` +| Delete previous megolm sessions from same device when receiving a new one. + +| config.bridge.encryption.delete_keys.dont_store_outbound +| bool +| `false` +| Don't store outbound sessions in the inbound table. + +| config.bridge.encryption.delete_keys.periodically_delete_expired +| bool +| `false` +| Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + +| config.bridge.encryption.delete_keys.ratchet_on_decrypt +| bool +| `false` +| Ratchet megolm sessions forward after decrypting messages. + +| config.bridge.encryption.require +| bool +| `false` +| Require encryption, drop any unencrypted messages. + +| config.bridge.encryption.rotation.disable_device_change_key_rotation +| bool +| `false` +| Disable rotating keys when a user's devices change? You should not enable this option unless you understand all the implications. + +| config.bridge.encryption.rotation.enable_custom +| bool +| `false` +| Enable custom Megolm room key rotation settings. Note that these settings will only apply to rooms created after this option is set. + +| config.bridge.encryption.rotation.messages +| int +| `100` +| The maximum number of messages that should be sent with a given a session before changing it. The Matrix spec recommends 100 as the default. + +| config.bridge.encryption.rotation.milliseconds +| int +| `604800000` +| The maximum number of milliseconds a session should be used before changing it. The Matrix spec recommends 604800000 (a week) as the default. + +| config.bridge.encryption.verification_levels.receive +| string +| `"unverified"` +| Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. + +| config.bridge.encryption.verification_levels.send +| string +| `"unverified"` +| Minimum level that the bridge should accept for incoming Matrix messages. + +| config.bridge.encryption.verification_levels.share +| string +| `"cross-signed-tofu"` +| Minimum level that the bridge should require for accepting key requests. + +| config.bridge.federate_rooms +| bool +| `true` +| Whether or not created rooms should have federation enabled. If false, created portal rooms will never be federated. + +| config.bridge.login_shared_secret_map +| object +| `{"example.com":"foobar"}` +| Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth If set, double puppeting will be enabled automatically for local users instead of users having to find an access token and run `login-matrix` manually. + +| config.bridge.management_room_text.additional_help +| string +| `""` +| Optional extra text sent when joining a management room. + +| config.bridge.management_room_text.welcome +| string +| `"Hello, I'm a Signal bridge bot."` +| Sent when joining a room. + +| config.bridge.management_room_text.welcome_connected +| string +| `"Use `help` for help."` +| Sent when joining a management room and the user is already logged in. + +| config.bridge.management_room_text.welcome_unconnected +| string +| `"Use `help` for help or `login` to log in."` +| Sent when joining a management room and the user is not logged in. + +| config.bridge.message_error_notices +| bool +| `true` +| Whether the bridge should send error notices via m.notice events when a message fails to bridge. + +| config.bridge.message_handling_timeout +| object +| `{"deadline":"120s","error_after":null}` +| Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration Null means there's no enforced timeout. + +| config.bridge.message_handling_timeout.deadline +| string +| `"120s"` +| Drop messages after this timeout. They may still go through if the message got sent to the servers. This is counted from the time the bridge starts handling the message. + +| config.bridge.message_handling_timeout.error_after +| string +| `nil` +| Send an error message after this timeout, but keep waiting for the response until the deadline. This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. If the message is older than this when it reaches the bridge, the message won't be handled at all. + +| config.bridge.message_status_events +| bool +| `false` +| Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + +| config.bridge.note_to_self_avatar +| string +| `"mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL"` +| Avatar image for the Note to Self room. + +| config.bridge.number_in_topic +| bool +| `true` +| Should the Signal user's phone number be included in the room topic in private chat portal rooms? + +| config.bridge.personal_filtering_spaces +| bool +| `false` +| Should the bridge create a space for each logged-in user and add bridged rooms to it? Users who logged in before turning this on should run `!signal sync-space` to create and fill the space for the first time. + +| config.bridge.private_chat_portal_meta +| string +| `"default"` +| Whether to explicitly set the avatar and room name for private chat portal rooms. If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. If set to `always`, all DM rooms will have explicit names and avatars set. If set to `never`, DM rooms will never have names and avatars set. + +| config.bridge.provisioning.debug_endpoints +| bool +| `false` +| Enable debug API at /debug with provisioning authentication. + +| config.bridge.provisioning.prefix +| string +| `"/_matrix/provision"` +| Prefix for the provisioning API paths. + +| config.bridge.provisioning.shared_secret +| string +| `"generate"` +| Shared secret for authentication. If set to "generate", a random secret will be generated, or if set to "disable", the provisioning API will be disabled. + +| config.bridge.public_portals +| bool +| `false` +| Whether or not to make portals of groups that don't need approval of an admin to join by invite link publicly joinable on Matrix. + +| config.bridge.relay.admin_only +| bool +| `true` +| Should only admins be allowed to set themselves as relay users? + +| config.bridge.relay.enabled +| bool +| `false` +| Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any authenticated user into a relaybot for that chat. + +| config.bridge.relay.message_formats +| object +| `{"m.audio":"{{ .Sender.Displayname }} sent an audio file","m.emote":"* {{ .Sender.Displayname }} {{ .Message }}","m.file":"{{ .Sender.Displayname }} sent a file","m.image":"{{ .Sender.Displayname }} sent an image","m.location":"{{ .Sender.Displayname }} sent a location","m.notice":"{{ .Sender.Displayname }}: {{ .Message }}","m.text":"{{ .Sender.Displayname }}: {{ .Message }}","m.video":"{{ .Sender.Displayname }} sent a video"}` +| The formats to use when sending messages to Signal via the relaybot. + +| config.bridge.resend_bridge_info +| bool +| `false` +| Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. This field will automatically be changed back to false after it, except if the config file is not writable. + +| config.bridge.sync_direct_chat_list +| bool +| `false` +| Should the bridge update the m.direct account data event when double puppeting is enabled. Note that updating the m.direct event is not atomic (except with mautrix-asmux) and is therefore prone to race conditions. + +| config.bridge.use_contact_avatars +| bool +| `false` +| Should avatars from the user's contact list be used? This is not safe on multi-user instances. + +| config.bridge.username_template +| string +| `"signal_{{.}}"` +| Localpart template of MXIDs for Signal users. {{.}} is replaced with the internal ID of the Signal user. + +| config.homeserver.address +| string +| `"https://matrix.example.com"` +| The address that this appservice can use to connect to the homeserver. + +| config.homeserver.async_media +| bool +| `false` +| Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + +| config.homeserver.domain +| string +| `"example.com"` +| The domain of the homeserver (also known as server_name, used for MXIDs, etc). + +| config.homeserver.message_send_checkpoint_endpoint +| string +| `nil` +| Endpoint for reporting per-message status. + +| config.homeserver.ping_interval_seconds +| int +| `0` +| How often should the websocket be pinged? Pinging will be disabled if this is zero. + +| config.homeserver.software +| string +| `"standard"` +| What software is the homeserver running? Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + +| config.homeserver.status_endpoint +| string +| `nil` +| The URL to push real-time bridge status to. If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. The bridge will use the appservice as_token to authorize requests. + +| config.homeserver.websocket +| bool +| `false` +| Should the bridge use a websocket for connecting to the homeserver? The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, mautrix-asmux (deprecated), and hungryserv (proprietary). + +| config.logging.min_level +| string +| `"warn"` +| + +| config.logging.writers[0].format +| string +| `"json"` +| + +| config.logging.writers[0].type +| string +| `"stdout"` +| + +| config.metrics.enabled +| bool +| `true` +| Enable prometheus metrics? + +| config.metrics.listen +| string +| `"0.0.0.0:8000"` +| IP and port where the metrics listener should be. The path is always /metrics + +| config.signal.device_name +| string +| `"mautrix-signal"` +| Default device name that shows up in the Signal app. + +| fullnameOverride +| string +| `""` +| + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"dock.mau.dev"` +| + +| image.repository +| string +| `"mautrix/signal"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| livenessProbe.httpGet.path +| string +| `"/_matrix/mau/live"` +| + +| livenessProbe.httpGet.port +| string +| `"http"` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| accessMode + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"10Gi"` +| size + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| prometheus.servicemonitor.enabled +| bool +| `false` +| + +| prometheus.servicemonitor.labels +| object +| `{}` +| + +| readinessProbe.httpGet.path +| string +| `"/_matrix/mau/ready"` +| + +| readinessProbe.httpGet.port +| string +| `"http"` +| + +| registration."de.sorunome.msc2409.push_ephemeral" +| bool +| `true` +| + +| registration.namespaces.users[0].exclusive +| bool +| `true` +| + +| registration.namespaces.users[0].regex +| string +| `"^@signalbot:example.org$"` +| + +| registration.namespaces.users[1].exclusive +| bool +| `true` +| + +| registration.namespaces.users[1].regex +| string +| `"^@signal_.*:example.org$"` +| + +| registration.push_ephemeral +| bool +| `true` +| + +| registration.rate_limited +| bool +| `false` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.automount +| bool +| `false` +| + +| serviceAccount.create +| bool +| `false` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/mautrix-signal/_docs.gotmpl b/mautrix-signal/_docs.gotmpl new file mode 100644 index 0000000..61d69af --- /dev/null +++ b/mautrix-signal/_docs.gotmpl @@ -0,0 +1,14 @@ +{{ define "chart.prerequirements" -}} += Alpha + +WARNING +==== +We stop working on this Helm-Chart. +There are still many breaking change like: + +* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] + +We hope that stalward mail-server becomes more stable. + +==== +{{ end }} diff --git a/mautrix-bridge/templates/NOTES.txt b/mautrix-signal/templates/NOTES.txt similarity index 86% rename from mautrix-bridge/templates/NOTES.txt rename to mautrix-signal/templates/NOTES.txt index 3041f61..d1e86ce 100644 --- a/mautrix-bridge/templates/NOTES.txt +++ b/mautrix-signal/templates/NOTES.txt @@ -6,16 +6,16 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mautrix-bridge.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mautrix-signal.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mautrix-bridge.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mautrix-bridge.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mautrix-signal.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mautrix-signal.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mautrix-bridge.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mautrix-signal.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/mautrix-bridge/templates/_helpers.tpl b/mautrix-signal/templates/_helpers.tpl similarity index 74% rename from mautrix-bridge/templates/_helpers.tpl rename to mautrix-signal/templates/_helpers.tpl index e4f9350..4d2b93f 100644 --- a/mautrix-bridge/templates/_helpers.tpl +++ b/mautrix-signal/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "mautrix-bridge.name" -}} +{{- define "mautrix-signal.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "mautrix-bridge.fullname" -}} +{{- define "mautrix-signal.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "mautrix-bridge.chart" -}} +{{- define "mautrix-signal.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "mautrix-bridge.labels" -}} -helm.sh/chart: {{ include "mautrix-bridge.chart" . }} -{{ include "mautrix-bridge.selectorLabels" . }} +{{- define "mautrix-signal.labels" -}} +helm.sh/chart: {{ include "mautrix-signal.chart" . }} +{{ include "mautrix-signal.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "mautrix-bridge.selectorLabels" -}} -app.kubernetes.io/name: {{ include "mautrix-bridge.name" . }} +{{- define "mautrix-signal.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mautrix-signal.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "mautrix-bridge.serviceAccountName" -}} +{{- define "mautrix-signal.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "mautrix-bridge.fullname" .) .Values.serviceAccount.name }} +{{- default (include "mautrix-signal.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/mautrix-bridge/templates/deployment.yaml b/mautrix-signal/templates/deployment.yaml similarity index 81% rename from mautrix-bridge/templates/deployment.yaml rename to mautrix-signal/templates/deployment.yaml index 0d798c2..31f6add 100644 --- a/mautrix-bridge/templates/deployment.yaml +++ b/mautrix-signal/templates/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mautrix-bridge.fullname" . }} + name: {{ include "mautrix-signal.fullname" . }} labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - {{- include "mautrix-bridge.selectorLabels" . | nindent 6 }} + {{- include "mautrix-signal.selectorLabels" . | nindent 6 }} template: metadata: annotations: @@ -19,7 +19,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "mautrix-bridge.labels" . | nindent 8 }} + {{- include "mautrix-signal.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -28,7 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "mautrix-bridge.serviceAccountName" . }} + serviceAccountName: {{ include "mautrix-signal.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -36,13 +36,18 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" + image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} {{- end }} ports: - name: http containerPort: {{ .Values.config.appservice.port }} protocol: TCP + {{- if .Values.config.metrics.enabled }} + - name: metrics + containerPort: {{ regexSplit ":" .Values.config.metrics.listen -1 | last }} + protocol: TCP + {{- end }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: @@ -64,7 +69,7 @@ spec: volumes: - name: config secret: - secretName: {{ include "mautrix-bridge.fullname" . }} + secretName: {{ include "mautrix-signal.fullname" . }} items: - key: config.yaml path: config.yaml @@ -78,7 +83,7 @@ spec: path: {{ .Values.persistence.hostPath | quote }} {{- else }}{{/* else .persistence.hostPath */}} persistentVolumeClaim: - claimName: {{ coalesce .Values.persistence.existingClaim (include "mautrix-bridge.fullname" .) }} + claimName: {{ coalesce .Values.persistence.existingClaim (include "mautrix-signal.fullname" .) }} {{- end }}{{/* end-else .persistence.hostPath */}} {{- else }}{{/* else .persistence.enabled */}} emptyDir: {} diff --git a/mautrix-bridge/templates/hpa.yaml b/mautrix-signal/templates/hpa.yaml similarity index 84% rename from mautrix-bridge/templates/hpa.yaml rename to mautrix-signal/templates/hpa.yaml index 9eeec5b..79085d1 100644 --- a/mautrix-bridge/templates/hpa.yaml +++ b/mautrix-signal/templates/hpa.yaml @@ -2,14 +2,14 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "mautrix-bridge.fullname" . }} + name: {{ include "mautrix-signal.fullname" . }} labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "mautrix-bridge.fullname" . }} + name: {{ include "mautrix-signal.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/mautrix-bridge/templates/ingress.yaml b/mautrix-signal/templates/ingress.yaml similarity index 94% rename from mautrix-bridge/templates/ingress.yaml rename to mautrix-signal/templates/ingress.yaml index 3ebc28e..3f43dfe 100644 --- a/mautrix-bridge/templates/ingress.yaml +++ b/mautrix-signal/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "mautrix-bridge.fullname" . -}} +{{- $fullName := include "mautrix-signal.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -17,7 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/mautrix-bridge/templates/pvc.yaml b/mautrix-signal/templates/pvc.yaml similarity index 84% rename from mautrix-bridge/templates/pvc.yaml rename to mautrix-signal/templates/pvc.yaml index 52ddf3d..ebf1997 100644 --- a/mautrix-bridge/templates/pvc.yaml +++ b/mautrix-signal/templates/pvc.yaml @@ -8,9 +8,9 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ template "mautrix-bridge.fullname" $ }} + name: {{ template "mautrix-signal.fullname" $ }} labels: - {{- include "mautrix-bridge.labels" $ | nindent 4 }} + {{- include "mautrix-signal.labels" $ | nindent 4 }} {{- with .annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/mautrix-bridge/templates/secrets.yaml b/mautrix-signal/templates/secrets.yaml similarity index 92% rename from mautrix-bridge/templates/secrets.yaml rename to mautrix-signal/templates/secrets.yaml index f024ead..e802f45 100644 --- a/mautrix-bridge/templates/secrets.yaml +++ b/mautrix-signal/templates/secrets.yaml @@ -1,5 +1,5 @@ --- -{{ $secretName := include "mautrix-bridge.fullname" . }} +{{ $secretName := include "mautrix-signal.fullname" . }} {{- $asToken := get .Values.config.appservice "as_token" }} {{- $hsToken := get .Values.config.appservice "hs_token" }} {{- $senderLocalpart := false }} @@ -20,7 +20,7 @@ kind: Secret metadata: name: {{ $secretName }} labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} type: Opaque data: as_token: {{ $asToken | b64enc }} diff --git a/mautrix-signal/templates/service.yaml b/mautrix-signal/templates/service.yaml new file mode 100644 index 0000000..d5bfdd1 --- /dev/null +++ b/mautrix-signal/templates/service.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.config .Values.config.appservice }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mautrix-signal.fullname" . }} + labels: + {{- include "mautrix-signal.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + publishNotReadyAddresses: true + selector: + {{- include "mautrix-signal.selectorLabels" . | nindent 4 }} + ports: + - port: {{ .Values.config.appservice.port }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.config.metrics.enabled }} + - port: {{ regexSplit ":" .Values.config.metrics.listen -1 | last }} + targetPort: metrics + protocol: TCP + name: metrics + {{- end }} +{{- end }} diff --git a/pretix/templates/serviceaccount.yaml b/mautrix-signal/templates/serviceaccount.yaml similarity index 70% rename from pretix/templates/serviceaccount.yaml rename to mautrix-signal/templates/serviceaccount.yaml index 108fb1b..147935d 100644 --- a/pretix/templates/serviceaccount.yaml +++ b/mautrix-signal/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "pretix.serviceAccountName" . }} + name: {{ include "mautrix-signal.serviceAccountName" . }} labels: - {{- include "pretix.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/mautrix-signal/templates/servicemonitor.yaml b/mautrix-signal/templates/servicemonitor.yaml new file mode 100644 index 0000000..c60d257 --- /dev/null +++ b/mautrix-signal/templates/servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.servicemonitor.enabled ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mautrix-signal.fullname" . }} + labels: + {{- include "mautrix-signal.labels" . | nindent 4 }} + {{- with .Values.prometheus.servicemonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "mautrix-signal.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + path: /metrics +{{- end }} diff --git a/mautrix-bridge/templates/tests/test-connection.yaml b/mautrix-signal/templates/tests/test-connection.yaml similarity index 53% rename from mautrix-bridge/templates/tests/test-connection.yaml rename to mautrix-signal/templates/tests/test-connection.yaml index ae40be7..c82b1bd 100644 --- a/mautrix-bridge/templates/tests/test-connection.yaml +++ b/mautrix-signal/templates/tests/test-connection.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "mautrix-bridge.fullname" . }}-test-connection" + name: "{{ include "mautrix-signal.fullname" . }}-test-connection" labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} + {{- include "mautrix-signal.labels" . | nindent 4 }} annotations: "helm.sh/hook": test spec: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "mautrix-bridge.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "mautrix-signal.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/mautrix-signal/values.yaml b/mautrix-signal/values.yaml new file mode 100644 index 0000000..a3c57eb --- /dev/null +++ b/mautrix-signal/values.yaml @@ -0,0 +1,463 @@ +global: + image: + # -- if set it will overwrite all registry entries + registry: + # -- if set it will overwrite all pullPolicy + pullPolicy: + +replicaCount: 1 + +image: + registry: dock.mau.dev + repository: mautrix/signal + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +config: + # Homeserver details. + homeserver: + # -- The address that this appservice can use to connect to the homeserver. + address: https://matrix.example.com + # -- The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: example.com + + # -- What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # -- The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # -- Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # -- Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # -- Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # -- How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + + # Application service host/registration related details. + # Changing these values requires regeneration of the registration. + appservice: + # -- The address that the homeserver can use to connect to this appservice. + address: http://localhost:29328 + + # -- The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29328 + + # Database config. + database: + # -- The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # -- The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: postgres://user:password@host/database?sslmode=disable + # -- Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # -- Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # -- The unique ID of this appservice. + id: signal + # Appservice bot details. + bot: + # -- Username of the appservice bot. + username: signalbot + # -- Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Signal bridge bot + avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp + + # -- Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # -- Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Prometheus config. + metrics: + # -- Enable prometheus metrics? + enabled: true + # -- IP and port where the metrics listener should be. The path is always /metrics + listen: 0.0.0.0:8000 + + signal: + # -- Default device name that shows up in the Signal app. + device_name: mautrix-signal + + # -- Bridge config + bridge: + # -- Localpart template of MXIDs for Signal users. + # {{.}} is replaced with the internal ID of the Signal user. + username_template: signal_{{.}} + # -- Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # {{.ProfileName}} - The Signal profile name set by the user. + # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. + # {{.PhoneNumber}} - The phone number of the user. + # {{.UUID}} - The UUID of the Signal user. + # {{.AboutEmoji}} - The emoji set by the user in their profile. + displayname_template: '{{or .ProfileName .PhoneNumber "Unknown user"}}' + # -- Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # -- Should avatars from the user's contact list be used? This is not safe on multi-user instances. + use_contact_avatars: false + # -- Should the Signal user's phone number be included in the room topic in private chat portal rooms? + number_in_topic: true + # -- Avatar image for the Note to Self room. + note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL + + portal_message_buffer: 128 + + # -- Should the bridge create a space for each logged-in user and add bridged rooms to it? + # Users who logged in before turning this on should run `!signal sync-space` to create and fill the space for the first time. + personal_filtering_spaces: false + # -- Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # -- Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? + delivery_receipts: false + # -- Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # -- Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # -- Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # -- Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # -- Whether or not to make portals of groups that don't need approval of an admin to join by invite + # link publicly joinable on Matrix. + public_portals: false + # -- Send captions in the same message as images. This will send data compatible with both MSC2530. + # This is currently not supported in most clients. + caption_in_message: false + # -- Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # -- Servers to always allow double puppeting from + double_puppet_server_map: + example.com: https://example.com + # -- Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # -- Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: + example.com: foobar + + # -- Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration + # Null means there's no enforced timeout. + message_handling_timeout: + # -- Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: null + # -- Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 120s + + # -- The prefix for commands. Only required in non-management rooms. + command_prefix: '!signal' + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # -- Sent when joining a room. + welcome: "Hello, I'm a Signal bridge bot." + # -- Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # -- Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # -- Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # -- Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # -- Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # -- Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # -- Require encryption, drop any unencrypted messages. + require: false + # -- Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # -- Options for deleting megolm sessions from the bridge. + delete_keys: + # -- Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # -- Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # -- Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # -- Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # -- Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # -- Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # -- Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # -- Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # -- Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. + receive: unverified + # -- Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # -- Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # -- Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # -- The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # -- The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # -- Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # -- Prefix for the provisioning API paths. + prefix: /_matrix/provision + # -- Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + # -- Enable debug API at /debug with provisioning authentication. + debug_endpoints: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Signal account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "*": relay + "example.com": user + "@admin:example.com": admin + + # Settings for relay mode + relay: + # -- Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # -- Should only admins be allowed to set themselves as relay users? + admin_only: true + # -- The formats to use when sending messages to Signal via the relaybot. + message_formats: + m.text: "{{ .Sender.Displayname }}: {{ .Message }}" + m.notice: "{{ .Sender.Displayname }}: {{ .Message }}" + m.emote: "* {{ .Sender.Displayname }} {{ .Message }}" + m.file: "{{ .Sender.Displayname }} sent a file" + m.image: "{{ .Sender.Displayname }} sent an image" + m.audio: "{{ .Sender.Displayname }} sent an audio file" + m.video: "{{ .Sender.Displayname }} sent a video" + m.location: "{{ .Sender.Displayname }} sent a location" + + # Logging config. See https://github.com/tulir/zeroconfig for details. + logging: + min_level: warn + writers: + - type: stdout + format: json + +registration: + # token from config.appservice.id + # id: + # taken from config.appservice.address + # url: + # taken from config.appservice.as_token default: self-generate + # as_token: + # taken from config.appservice.hs_token default: self-generate + # hs_token: + # take from config.appservice.bot.username + # sender_localpart: signalbot + rate_limited: false + namespaces: + users: + - regex: ^@signalbot:example.org$ + exclusive: true + - regex: ^@signal_.*:example.org$ + exclusive: true + de.sorunome.msc2409.push_ephemeral: true + push_ephemeral: true + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /_matrix/mau/live + port: http +readinessProbe: + httpGet: + path: /_matrix/mau/ready + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + # -- Enable persistence using Persistent Volume Claims + # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + enabled: true + annotations: {} + # -- Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + storageClass: + + # -- A manually managed Persistent Volume and Claim + # Requires persistence.enabled: true + # If defined, PVC must be created manually before volume will be bound + existingClaim: + + # -- Do not create an PVC, direct use hostPath in Pod + hostPath: + # -- accessMode + accessMode: ReadWriteOnce + # -- size + size: 10Gi + +prometheus: + servicemonitor: + enabled: false + labels: {} diff --git a/miniserve/Chart.yaml b/miniserve/Chart.yaml index fd683b0..f59675e 100644 --- a/miniserve/Chart.yaml +++ b/miniserve/Chart.yaml @@ -3,9 +3,9 @@ name: miniserve description: A Helm chart for Kubernetes icon: https://raw.githubusercontent.com/svenstaro/miniserve/master/data/logo.svg type: application -version: "0.4.3" +version: 0.3.7 # renovate: image=docker.io/svenstaro/miniserve -appVersion: "0.28.0" +appVersion: "0.27.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/miniserve/README.adoc b/miniserve/README.adoc index c0f3d20..12b3675 100644 --- a/miniserve/README.adoc +++ b/miniserve/README.adoc @@ -2,9 +2,9 @@ = miniserve -image::https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square[Version: 0.4.3] +image::https://img.shields.io/badge/Version-0.3.7-informational?style=flat-square[Version: 0.3.7] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square[AppVersion: 0.28.0] +image::https://img.shields.io/badge/AppVersion-0.27.0-informational?style=flat-square[AppVersion: 0.27.0] == Maintainers .Maintainers @@ -277,26 +277,6 @@ helm uninstall miniserve-release | `""` | -| networkPolicy.egress.enabled -| bool -| `true` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller) - | nodeSelector | object | `{}` diff --git a/miniserve/README.md b/miniserve/README.md deleted file mode 100644 index dc33a2b..0000000 --- a/miniserve/README.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: "miniserve" - -description: "A Helm chart for Kubernetes" - ---- - -# miniserve - -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.28.0](https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/miniserve -``` - -You can install a chart release using the following command: - -```bash -helm install miniserve-release oci://codeberg.org/wrenix/helm-charts/miniserve --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall miniserve-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| data.args | list | `[]` | used for commandline flags | -| data.auth | string | `""` | Set authentication. Currently supported formats: username:password, username:sha256:hash, username:sha512:hash (e.g. joe:123, joe:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3) | -| data.colorScheme | string | `"squirrel"` | Default color scheme | -| data.colorSchemeDark | string | `"archlinux"` | Default color scheme | -| data.dirsFirst | bool | `true` | List directories first | -| data.enable.tar | bool | `false` | Enable uncompressed tar archive generation | -| data.enable.tarGZ | bool | `false` | Enable gz-compressed tar archive generation | -| data.enable.zip | bool | `false` | Enable zip archive generation WARNING: Zipping large directories can result in out-of-memory exception because zip generation is done in memory and cannot be sent on the fly | -| data.hidden | bool | `false` | Show hidden files | -| data.hideThemeSelector | bool | `false` | Hide theme selector | -| data.hideVersionFooter | bool | `true` | Hide version footer | -| data.index | string | `"index.html"` | Normally, when miniserve serves a directory, it creates a listing for that directory. However, if a directory contains this file, miniserve will serve that file instead. | -| data.noSymlinks | bool | `false` | Hide symlinks in listing and prevent them from being followed | -| data.path | string | `"/data"` | Which path to serve | -| data.prettyURLs | bool | `false` | Activate Pretty URLs mode | -| data.qrcode | bool | `false` | Enable QR code display | -| data.readme | bool | `false` | Enable README.md rendering in directories | -| data.routePrefix | string | `""` | Use a specific route prefix | -| data.showSymlinkInfo | bool | `false` | Visualize symlinks in directory listing | -| data.showWGETFooter | bool | `true` | If enabled, display a wget command to recursively download the current directory | -| data.spa | bool | `false` | Activate SPA (Single Page Application) mode | -| data.title | string | `""` | Shown instead of host in page title and heading | -| data.upload.allowedDir | string | `""` | Enable file uploading (and optionally specify for which directory) | -| data.upload.mediaType | string | `""` | Specify uploadable media types: possible values image, audio, video | -| data.upload.mkdir | bool | `false` | Enable creating directories | -| data.upload.overwriteFiles | bool | `false` | Enable overriding existing files during file upload | -| data.upload.rawMediaType | string | `""` | Directly specify the uploadable media type expression | -| data.verbose | bool | `false` | Be verbose, includes emitting access logs | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/svenstaro/miniserve"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources.limits.memory | string | `"256Mi"` | | -| resources.requests.cpu | string | `"80m"` | | -| resources.requests.memory | string | `"128Mi"` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/miniserve/templates/networkpolicy.yaml b/miniserve/templates/networkpolicy.yaml deleted file mode 100644 index 2df2ebf..0000000 --- a/miniserve/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "miniserve.fullname" . }} - labels: - {{- include "miniserve.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "miniserve.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/miniserve/values.yaml b/miniserve/values.yaml index 9ae54d7..f2ff6e6 100644 --- a/miniserve/values.yaml +++ b/miniserve/values.yaml @@ -126,17 +126,6 @@ service: type: ClusterIP port: 8080 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/monitoring/Chart.yaml b/monitoring/Chart.yaml index f6afb12..b9a7c26 100644 --- a/monitoring/Chart.yaml +++ b/monitoring/Chart.yaml @@ -3,7 +3,7 @@ name: monitoring description: Deploy helper for probes and scrapeconfig of prometheus-operator icon: https://prometheus.io/assets/favicons/android-chrome-192x192.png type: application -version: "0.2.1" +version: 0.2.0 maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/monitoring/README.adoc b/monitoring/README.adoc index 3ccba34..8747c51 100644 --- a/monitoring/README.adoc +++ b/monitoring/README.adoc @@ -2,7 +2,7 @@ = monitoring -image::https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square[Version: 0.2.1] +image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] == Maintainers diff --git a/monitoring/README.md b/monitoring/README.md deleted file mode 100644 index 5378712..0000000 --- a/monitoring/README.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: "monitoring" - -description: "Deploy helper for probes and scrapeconfig of prometheus-operator" - ---- - -# monitoring - -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Deploy helper for probes and scrapeconfig of prometheus-operator - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/monitoring -``` - -You can install a chart release using the following command: - -```bash -helm install monitoring-release oci://codeberg.org/wrenix/helm-charts/monitoring --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall monitoring-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| prober | list | `[{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}]` | prober for each the following probes are created (multiside probes) | -| prober[0] | object | `{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}` | name of prober | -| prober[0].ipv4 | bool | `true` | use this prober for ipv4 probes (default: true) | -| prober[0].ipv6 | bool | `true` | use this prober for ipv6 probes (default: true) | -| prober[0].spec | object | `{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}` | spec of prober (like url, path, scheme ...) | -| probes[0] | object | `{"groups":{"framasoft":["framasoft.org","degooglisons-internet.org","framapiaf.org","framatube.org"]},"ipv4":true,"ipv6":true,"module":"http_2xx","name":"http"}` | probe module (suffix with _ipv4 and ipv6 if enabled) | -| probes[0].groups | object | `{"framasoft":["framasoft.org","degooglisons-internet.org","framapiaf.org","framatube.org"]}` | groups with targets | -| probes[0].ipv4 | bool | `true` | setup one for ipv4 (see module and his suffix - default: true) | -| probes[0].ipv6 | bool | `true` | setup one for ipv6 (see module and his suffix - default: true) | -| probes[0].name | string | `"http"` | name of probe | -| probes[1].groups | object | `{"digitalcourage":["digitalcourage.de","nuudel.digitalcourage.de","digitalcourage.social"]}` | groups with targets | -| probes[1].ipv4 | bool | `true` | setup one for ipv4 (see module and his suffix - default: true) | -| probes[1].ipv6 | bool | `false` | setup one for ipv6 (see module and his suffix - default: true) | -| probes[1].module | string | `"http_2xx"` | | -| probes[1].name | string | `"http-ipv4"` | name of probe | -| prometheus.probe.labels | object | `{"prometheus":"default"}` | labels on Probe | -| prometheus.scrape.labels | object | `{"prometheus":"default"}` | labels on ScrapeConfig | -| scrapes[0] | object | `{"groups":{"de":["ber.de.local:9100","fra.de.local:9100","ham.de.local:9100"],"ie":["dub.ie.local:9100","ork.ie.local:9100"]},"name":"nodes"}` | name of scrape | -| scrapes[0].groups | object | `{"de":["ber.de.local:9100","fra.de.local:9100","ham.de.local:9100"],"ie":["dub.ie.local:9100","ork.ie.local:9100"]}` | groups with targets | -| scrapes[1].auth.password | string | `nil` | basic auth password | -| scrapes[1].auth.token | string | `nil` | bearer token | -| scrapes[1].auth.username | string | `nil` | basic auth username | -| scrapes[1].groups | object | `{"de":["fra.de.s3.local:9000","ham.de.s3.local:9000"],"ie":["dub.ie.s3.local:9000"]}` | groups with targets | -| scrapes[1].metricsPath | string | `"/minio/v2/metrics/node"` | metric path on scrape | -| scrapes[1].name | string | `"minio"` | | -| scrapes[1].scheme | string | `"http"` | schema on scrape | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/ntfy/Chart.yaml b/ntfy/Chart.yaml index 43d3f8c..2277758 100644 --- a/ntfy/Chart.yaml +++ b/ntfy/Chart.yaml @@ -3,7 +3,7 @@ name: ntfy description: A Helm chart for Kubernetes icon: https://github.com/binwiederhier/ntfy/raw/main/web/public/static/images/pwa-512x512.png type: application -version: "0.4.9" +version: 0.1.11 # renovate: image=docker.io/binwiederhier/ntfy appVersion: "2.11.0" maintainers: diff --git a/ntfy/README.adoc b/ntfy/README.adoc new file mode 100644 index 0000000..a68811c --- /dev/null +++ b/ntfy/README.adoc @@ -0,0 +1,526 @@ + + += ntfy + +image::https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square[Version: 0.1.11] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-2.11.0-informational?style=flat-square[AppVersion: 2.11.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/ntfy +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install ntfy-release oci://codeberg.org/wrenix/helm-charts/ntfy --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall ntfy-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| grafana.dashboards.annotations +| object +| `{}` +| + +| grafana.dashboards.enabled +| bool +| `false` +| + +| grafana.dashboards.labels.grafana_dashboard +| string +| `"1"` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"binwiederhier/ntfy"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| ntfy.attachment.cacheDir +| string +| `nil` +| + +| ntfy.attachment.expireDuration +| string +| `"3h"` +| + +| ntfy.attachment.sizeLimit.file +| string +| `"15M"` +| + +| ntfy.attachment.sizeLimit.total +| string +| `"5G"` +| + +| ntfy.auth.defaultAccess +| string +| `"read-write"` +| + +| ntfy.auth.file +| string +| `nil` +| + +| ntfy.auth.startupQueries +| string +| `nil` +| + +| ntfy.baseURL +| string +| `"https://ntfy.example.org"` +| + +| ntfy.behindProxy +| bool +| `true` +| + +| ntfy.cache.batch.size +| int +| `0` +| + +| ntfy.cache.batch.timeout +| string +| `"0s"` +| + +| ntfy.cache.duration +| string +| `"12h"` +| + +| ntfy.cache.file +| string +| `nil` +| + +| ntfy.cache.startupQueries +| string +| `nil` +| + +| ntfy.enableLogin +| bool +| `false` +| + +| ntfy.enableReservations +| bool +| `false` +| + +| ntfy.enableSignup +| bool +| `false` +| + +| ntfy.firebaseKeyFile +| string +| `nil` +| + +| ntfy.globalTopicLimit +| int +| `15000` +| + +| ntfy.keepaliveInterval +| string +| `"45s"` +| + +| ntfy.listen.certFile +| string +| `nil` +| + +| ntfy.listen.http +| string +| `":80"` +| + +| ntfy.listen.https +| string +| `nil` +| + +| ntfy.listen.keyFile +| string +| `nil` +| + +| ntfy.listen.unix +| string +| `nil` +| + +| ntfy.listen.unixMode +| string +| `nil` +| + +| ntfy.managerInterval +| string +| `"1m"` +| + +| ntfy.metrics.enable +| bool +| `true` +| + +| ntfy.metrics.port +| int +| `9000` +| + +| ntfy.smtp.sender.addr +| string +| `nil` +| + +| ntfy.smtp.sender.from +| string +| `nil` +| + +| ntfy.smtp.sender.pass +| string +| `nil` +| + +| ntfy.smtp.sender.user +| string +| `nil` +| + +| ntfy.smtp.server.addrPrefix +| string +| `nil` +| + +| ntfy.smtp.server.domain +| string +| `nil` +| + +| ntfy.upstreamBaseURL +| string +| `"https://ntfy.sh"` +| + +| ntfy.visitor.attachment.dailyBandwidthLimit +| string +| `"500M"` +| + +| ntfy.visitor.attachment.totalSizeLimit +| string +| `"100M"` +| + +| ntfy.visitor.email.limitBurst +| int +| `16` +| + +| ntfy.visitor.email.limitReplenish +| string +| `"1h"` +| + +| ntfy.visitor.request.limitBurst +| int +| `60` +| + +| ntfy.visitor.request.limitExemptHosts +| string +| `""` +| + +| ntfy.visitor.request.limitReplenish +| string +| `"5s"` +| + +| ntfy.visitor.subscriberRateLimiting +| bool +| `false` +| + +| ntfy.visitor.subscriptionLimit +| int +| `30` +| + +| ntfy.webRoot +| string +| `"app"` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `false` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Create a PV on Node with given hostPath storageClass has to be manual + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| prometheus.rules.additionalRules +| list +| `[]` +| + +| prometheus.rules.enabled +| bool +| `false` +| + +| prometheus.rules.labels +| object +| `{}` +| + +| prometheus.servicemonitor.enabled +| bool +| `false` +| + +| prometheus.servicemonitor.labels +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.http.port +| int +| `80` +| + +| service.http.type +| string +| `"ClusterIP"` +| + +| service.smtp.enabled +| bool +| `false` +| + +| service.smtp.port +| int +| `25` +| + +| service.smtp.type +| string +| `"LoadBalancer"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/ntfy/README.md b/ntfy/README.md deleted file mode 100644 index e325dda..0000000 --- a/ntfy/README.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: "ntfy" - -description: "A Helm chart for Kubernetes" - ---- - -# ntfy - -![Version: 0.4.9](https://img.shields.io/badge/Version-0.4.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.11.0](https://img.shields.io/badge/AppVersion-2.11.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/ntfy -``` - -You can install a chart release using the following command: - -```bash -helm install ntfy-release oci://codeberg.org/wrenix/helm-charts/ntfy --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall ntfy-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| env | list | `[]` | set env in container for usage Environment variables | -| envFrom | list | `[]` | set envFrom in container for usage of ConfigMaps or Secrets as a bunch of Environment variables | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"binwiederhier/ntfy"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| kubectl.image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"bitnami/kubectl","tag":"1.32.1"}` | image needed for setup (store generated VAPID / WebPush keys) | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) | -| networkPolicy.ingress.smtp | list | `[]` | ingress for smtp | -| nodeSelector | object | `{}` | | -| ntfy.attachment.cacheDir | string | `nil` | | -| ntfy.attachment.expireDuration | string | `"3h"` | | -| ntfy.attachment.sizeLimit.file | string | `"15M"` | | -| ntfy.attachment.sizeLimit.total | string | `"5G"` | | -| ntfy.auth.defaultAccess | string | `"read-write"` | | -| ntfy.auth.file | string | `nil` | | -| ntfy.auth.startupQueries | string | `nil` | | -| ntfy.baseURL | string | `"https://ntfy.example.org"` | | -| ntfy.behindProxy | bool | `true` | | -| ntfy.cache.batch.size | int | `0` | | -| ntfy.cache.batch.timeout | string | `"0s"` | | -| ntfy.cache.duration | string | `"12h"` | | -| ntfy.cache.file | string | `nil` | | -| ntfy.cache.startupQueries | string | `nil` | | -| ntfy.enableLogin | bool | `false` | | -| ntfy.enableReservations | bool | `false` | | -| ntfy.enableSignup | bool | `false` | | -| ntfy.firebaseKeyFile | string | `nil` | | -| ntfy.globalTopicLimit | int | `15000` | | -| ntfy.keepaliveInterval | string | `"45s"` | | -| ntfy.listen.certFile | string | `nil` | | -| ntfy.listen.http | string | `":80"` | | -| ntfy.listen.https | string | `nil` | | -| ntfy.listen.keyFile | string | `nil` | | -| ntfy.listen.unix | string | `nil` | | -| ntfy.listen.unixMode | string | `nil` | | -| ntfy.managerInterval | string | `"1m"` | | -| ntfy.metrics.enable | bool | `true` | | -| ntfy.metrics.port | int | `9000` | | -| ntfy.smtp.sender.addr | string | `nil` | | -| ntfy.smtp.sender.from | string | `nil` | | -| ntfy.smtp.sender.pass | string | `nil` | | -| ntfy.smtp.sender.user | string | `nil` | | -| ntfy.smtp.server.addrPrefix | string | `nil` | | -| ntfy.smtp.server.domain | string | `nil` | | -| ntfy.upstreamBaseURL | string | `"https://ntfy.sh"` | | -| ntfy.visitor.attachment.dailyBandwidthLimit | string | `"500M"` | | -| ntfy.visitor.attachment.totalSizeLimit | string | `"100M"` | | -| ntfy.visitor.email.limitBurst | int | `16` | | -| ntfy.visitor.email.limitReplenish | string | `"1h"` | | -| ntfy.visitor.request.limitBurst | int | `60` | | -| ntfy.visitor.request.limitExemptHosts | string | `""` | | -| ntfy.visitor.request.limitReplenish | string | `"5s"` | | -| ntfy.visitor.subscriberRateLimiting | bool | `false` | | -| ntfy.visitor.subscriptionLimit | int | `30` | | -| ntfy.webPush.emailAddress | string | `""` | | -| ntfy.webPush.file | string | `"/data/webpush.db"` | | -| ntfy.webPush.keys.create | bool | `false` | | -| ntfy.webPush.keys.private | string | `nil` | | -| ntfy.webPush.keys.public | string | `nil` | | -| ntfy.webRoot | string | `"app"` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | set securityContext on pod level | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | set securityContext on container level | -| service.http.port | int | `80` | | -| service.http.type | string | `"ClusterIP"` | | -| service.smtp.enabled | bool | `false` | | -| service.smtp.port | int | `25` | | -| service.smtp.type | string | `"LoadBalancer"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| updateStrategy.type | string | `"Recreate"` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/ntfy/grafana_dashboards/ntfy-1679170350783.json b/ntfy/grafana_dashboards/ntfy-1679170350783.json index 1a1470e..72a68bc 100644 --- a/ntfy/grafana_dashboards/ntfy-1679170350783.json +++ b/ntfy/grafana_dashboards/ntfy-1679170350783.json @@ -1,4 +1,31 @@ { + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.4.3" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { @@ -24,6 +51,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, + "id": null, "links": [], "liveNow": false, "panels": [ @@ -75,7 +103,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -83,11 +110,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -139,7 +164,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -147,11 +171,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -203,7 +225,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -211,11 +232,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -272,7 +291,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -280,11 +298,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -337,7 +353,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -345,11 +360,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -402,7 +415,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -410,11 +422,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -453,13 +463,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -468,7 +476,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -560,13 +567,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -575,7 +580,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -691,13 +695,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -706,7 +708,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -786,13 +787,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -801,7 +800,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -882,13 +880,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -897,7 +893,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -977,13 +972,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -992,7 +985,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1060,6 +1052,7 @@ } ], "title": "Attachments: Total cache size", + "transformations": [], "type": "timeseries" }, { @@ -1073,13 +1066,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1088,7 +1079,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1180,13 +1170,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1195,7 +1183,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1275,13 +1262,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1290,7 +1275,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1382,13 +1366,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1397,7 +1379,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1489,13 +1470,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1504,7 +1483,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1596,13 +1574,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1611,7 +1587,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1705,13 +1680,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1720,7 +1693,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1800,13 +1772,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1815,7 +1785,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1888,7 +1857,8 @@ ], "refresh": "1m", "revision": 1, - "schemaVersion": 39, + "schemaVersion": 38, + "style": "dark", "tags": [], "templating": { "list": [ @@ -1896,7 +1866,7 @@ "current": { "selected": false, "text": "Prometheus", - "value": "prometheus" + "value": "Prometheus" }, "hide": 0, "includeAll": false, @@ -1920,6 +1890,6 @@ "timezone": "", "title": "ntfy", "uid": "TO6HgexVz", - "version": 1, + "version": 2, "weekStart": "" -} +} \ No newline at end of file diff --git a/ntfy/templates/configmap.yaml b/ntfy/templates/configmap.yaml index 87c9066..e7bd7d5 100644 --- a/ntfy/templates/configmap.yaml +++ b/ntfy/templates/configmap.yaml @@ -83,16 +83,6 @@ data: {{- end }} {{- end }} - # web-push - {{- with .Values.ntfy.webPush }} - {{- with .file }} - NTFY_WEB_PUSH_FILE: {{ . | quote }} - {{- end }} - {{- with .emailAddress }} - NTFY_WEB_PUSH_EMAIL_ADDRESS: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.ntfy.keepaliveInterval }} NTFY_KEEPALIVE_INTERVAL: {{ . | quote }} {{- end }} @@ -141,4 +131,4 @@ data: NTFY_ENABLE_LOGIN: {{ .Values.ntfy.enableLogin | quote }} NTFY_ENABLE_RESERVATIONS: {{ .Values.ntfy.enableReservations | quote }} NTFY_ENABLE_METRICS: {{ .Values.ntfy.metrics.enable | quote }} - NTFY_METRICS_LISTEN_HTTP: ":{{ .Values.ntfy.metrics.port }}" + NTFY_METRICS_LISTEN_HTTP: ":{{ .Values.ntfy.metrics.port }}" \ No newline at end of file diff --git a/ntfy/templates/deployment.yaml b/ntfy/templates/deployment.yaml index 3e16e91..8550abe 100644 --- a/ntfy/templates/deployment.yaml +++ b/ntfy/templates/deployment.yaml @@ -11,10 +11,6 @@ spec: selector: matchLabels: {{- include "ntfy.selectorLabels" . | nindent 6 }} - strategy: - {{- with .Values.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} template: metadata: annotations: @@ -42,18 +38,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: [ "serve" ] - {{- with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} envFrom: - configMapRef: name: {{ include "ntfy.fullname" . }}-env - - secretRef: - name: {{ include "ntfy.fullname" . }}-env - {{- with .Values.envFrom }} - {{- toYaml . | nindent 12 }} - {{- end }} ports: - name: http containerPort: {{ .Values.service.http.port }} @@ -63,11 +50,9 @@ spec: containerPort: {{ .Values.ntfy.metrics.port }} protocol: TCP {{- end }} - {{- if .Values.service.smtp.enabled }} - name: smtp containerPort: {{ .Values.service.smtp.port }} protocol: TCP - {{- end }} livenessProbe: httpGet: path: /v1/health diff --git a/ntfy/templates/networkpolicy.yaml b/ntfy/templates/networkpolicy.yaml deleted file mode 100644 index a6c1a75..0000000 --- a/ntfy/templates/networkpolicy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "ntfy.fullname" . }} - labels: - {{- include "ntfy.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "ntfy.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.http.port }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if and .Values.ntfy.metrics.enable .Values.networkPolicy.ingress.metrics }} - - ports: - - port: {{ .Values.ntfy.metrics.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.metrics | nindent 8 }} - {{- end }} - {{- if and .Values.service.smtp.enabled .Values.networkPolicy.ingress.smtp }} - - ports: - - port: {{ .Values.service.smtp.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.smtp | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/ntfy/templates/secret.yaml b/ntfy/templates/secret.yaml deleted file mode 100644 index 32cb8a7..0000000 --- a/ntfy/templates/secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -{{- $fullname := include "ntfy.fullname" . }} -{{- $secretName := printf "%s-env" $fullname }} -{{- $public := .Values.ntfy.webPush.keys.public }} -{{- $private := .Values.ntfy.webPush.keys.private }} - -{{- with (lookup "v1" "Secret" .Release.Namespace $secretName)}} -{{- with get . "data" }} -{{- $public = $public | default (get . "NTFY_WEB_PUSH_PUBLIC_KEY" | b64dec) }} -{{- $private = $private | default (get . "NTFY_WEB_PUSH_PRIVATE_KEY" | b64dec) }} -{{- end }} -{{- end }} - - -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - annotations: - helm.sh/resource-policy: keep - confighash: {{ .Values.ntfy | toYaml | sha256sum | trunc 32 }} - labels: - {{- include "ntfy.labels" . | nindent 4 }} -data: - - # web-push - {{- with $public }} - NTFY_WEB_PUSH_PUBLIC_KEY: {{ . | b64enc }} - {{- end }} - {{- with $private }} - NTFY_WEB_PUSH_PRIVATE_KEY: {{ . | b64enc }} - {{- end }} diff --git a/ntfy/templates/setup/job.yaml b/ntfy/templates/setup/job.yaml deleted file mode 100644 index 2050ec8..0000000 --- a/ntfy/templates/setup/job.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -spec: - template: - metadata: - labels: - {{- include "ntfy.labels" . | nindent 8 }} - app.kubernetes.io/component: setup-job - spec: - restartPolicy: "Never" - serviceAccount: {{ $fullname }}-setup - containers: - - name: upload-config - image: "{{ .Values.kubectl.image.registry }}/{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" - command: - - sh - - -c - - | - # check if key already exists - key=$(kubectl get secret {{ $fullname }}-env -o jsonpath="{.data['NTFY_WEB_PUSH_PRIVATE_KEY']}" 2> /dev/null) - [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - [ -n "$key" ] && echo "Config already created, exiting." && exit 0 - # wait for config - while [ ! -f /data/output ]; do - echo "Waiting for config.." - sleep 5; - done - # update secret - public=$(grep -Po 'web-push-public-key: \K[^$]*' /data/output) - private=$(grep -Po 'web-push-private-key: \K[^$]*' /data/output) - kubectl patch secret {{ $fullname }}-env -p '{"data":{"NTFY_WEB_PUSH_PRIVATE_KEY":"'$(echo -n "$private" | base64 -w 0)'","NTFY_WEB_PUSH_PUBLIC_KEY":"'$(echo -n "$public" | base64 -w 0)'"}}' - [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 - echo "VAPID/WebPush successfully setup with public-key: ${public}" - volumeMounts: - - mountPath: /data/ - name: data - readOnly: true - - name: generate-config - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" - command: - - sh - - -c - - ntfy webpush keys 2> /data/output - volumeMounts: - - mountPath: /data/ - name: data - volumes: - - name: data - emptyDir: {} - parallelism: 1 - completions: 1 - backoffLimit: 1 -{{- end }} diff --git a/ntfy/templates/setup/role.yaml b/ntfy/templates/setup/role.yaml deleted file mode 100644 index 23d93da..0000000 --- a/ntfy/templates/setup/role.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -rules: - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ $fullname }}-env - verbs: - - get - - update - - patch -{{- end }} diff --git a/ntfy/templates/setup/rolebinding.yaml b/ntfy/templates/setup/rolebinding.yaml deleted file mode 100644 index 64eab0f..0000000 --- a/ntfy/templates/setup/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $fullname }}-setup -subjects: - - kind: ServiceAccount - name: {{ $fullname }}-setup - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/ntfy/templates/setup/serviceaccount.yaml b/ntfy/templates/setup/serviceaccount.yaml deleted file mode 100644 index 1b5d727..0000000 --- a/ntfy/templates/setup/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ntfy.fullname" . }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -{{- end }} diff --git a/ntfy/values.yaml b/ntfy/values.yaml index 4206140..67badd8 100644 --- a/ntfy/values.yaml +++ b/ntfy/values.yaml @@ -10,21 +10,10 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" -kubectl: - # -- image needed for setup (store generated VAPID / WebPush keys) - image: - registry: docker.io - repository: bitnami/kubectl - pullPolicy: IfNotPresent - tag: 1.32.1 - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -updateStrategy: - type: Recreate - ntfy: baseURL: "https://ntfy.example.org" listen: @@ -74,13 +63,6 @@ ntfy: server: domain: null addrPrefix: null - webPush: - keys: - create: false - public: - private: - file: "/data/webpush.db" - emailAddress: "" globalTopicLimit: 15000 visitor: subscriptionLimit: 30 @@ -159,16 +141,9 @@ serviceAccount: podLabels: {} podAnnotations: {} -# -- set env in container for usage Environment variables -env: [] -# -- set envFrom in container for usage of ConfigMaps or Secrets as a bunch of Environment variables -envFrom: [] - -# -- set securityContext on pod level podSecurityContext: {} # fsGroup: 2000 -# -- set securityContext on container level securityContext: {} # capabilities: # drop: @@ -187,21 +162,6 @@ service: type: LoadBalancer port: 25 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - # -- ingress for metrics port (e.g. prometheus) - metrics: [] - # -- ingress for smtp - smtp: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml index 904d0b0..fa769ef 100644 --- a/postgresql/Chart.yaml +++ b/postgresql/Chart.yaml @@ -4,9 +4,9 @@ name: "postgresql" description: "A Helm chart for running PostgreSQL (Postgres) database" icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg type: "application" -version: "0.2.3" +version: "0.1.9" # renovate: image=docker.io/library/postgres -appVersion: "17.2-alpine" +appVersion: "16.3-alpine" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/postgresql/README.adoc b/postgresql/README.adoc new file mode 100644 index 0000000..4ab1eb1 --- /dev/null +++ b/postgresql/README.adoc @@ -0,0 +1,226 @@ + + += postgresql + +image::https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square[Version: 0.1.9] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-16.3-alpine-informational?style=flat-square[AppVersion: 16.3-alpine] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/postgresql +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install postgresql-release oci://codeberg.org/wrenix/helm-charts/postgresql --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall postgresql-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"docker.io"` +| + +| image.repository +| string +| `"library/postgres"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| job.annotations +| object +| `{"helm.sh/hook":"post-install,post-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` +| Annotations (usefull to delete job by helm afterwards) + +| job.databases +| object +| `{}` +| Bootstrap databases into postgresql server. When databases already exists, they will stay untouched. databases: "name_of_database": owner: "existing_user_which_will_get_grant" additionalParams: "" # Optional + +| job.enabled +| bool +| `true` +| Enable database bootstrapping. + +| job.retries +| int +| `60` +| Amount of retries while waiting for postgresql server is available. + +| job.users +| object +| `{}` +| Bootstrap users into postgresql server. When users already exists, they will stay untouched. users: username: RandomPassword0#" + +| job.wait +| int +| `5` +| Time to wait in each wait in each iteration until postgresql server is available. + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| postgres.password +| string +| `"SUPERSTRONGPW"` +| Database password. + +| postgres.user +| string +| `"postgres"` +| Database user. + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `5432` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `false` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/postgresql/README.md b/postgresql/README.md deleted file mode 100644 index 7c7f5ac..0000000 --- a/postgresql/README.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: "postgresql" - -description: "A Helm chart for running PostgreSQL (Postgres) database" - ---- - -# postgresql - -![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 17.2-alpine](https://img.shields.io/badge/AppVersion-17.2--alpine-informational?style=flat-square) - -A Helm chart for running PostgreSQL (Postgres) database - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/postgresql -``` - -You can install a chart release using the following command: - -```bash -helm install postgresql-release oci://codeberg.org/wrenix/helm-charts/postgresql --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall postgresql-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoupgrade.enabled | bool | `true` | | -| autoupgrade.image.pullPolicy | string | `"IfNotPresent"` | | -| autoupgrade.image.registry | string | `"docker.io"` | | -| autoupgrade.image.repository | string | `"pgautoupgrade/pgautoupgrade"` | | -| autoupgrade.image.tag | string | `"17-alpine"` | | -| autoupgrade.securityContext | object | `{}` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"library/postgres"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| job.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` | Annotations (usefull to delete job by helm afterwards) | -| job.databases | object | `{}` | Bootstrap databases into postgresql server. When databases already exists, they will stay untouched. databases: "name_of_database": owner: "existing_user_which_will_get_grant" additionalParams: "" # Optional | -| job.enabled | bool | `true` | Enable database bootstrapping. | -| job.retries | int | `60` | Amount of retries while waiting for postgresql server is available. | -| job.users | object | `{}` | Bootstrap users into postgresql server. When users already exists, they will stay untouched. users: username: RandomPassword0#" | -| job.wait | int | `5` | Time to wait in each wait in each iteration until postgresql server is available. | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgres.password | string | `"SUPERSTRONGPW"` | Database password. | -| postgres.user | string | `"postgres"` | Database user. | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `5432` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 5c2f284..389d628 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -29,32 +29,12 @@ spec: serviceAccountName: {{ include "postgresql.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- with .Values.autoupgrade }} - {{- if .enabled }} - initContainers: - - name: upgrade - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "PGAUTO_ONESHOT" - value: "yes" - volumeMounts: - - name: "data" - mountPath: "/var/lib/postgresql/data" - {{- end }}{{/* end-if autoupgrade.enabled */}} - {{- end }}{{/* end-with autoupgrade */}} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: "POSTGRES_PASSWORD" value: {{ .Values.postgres.password | quote }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml index 139fc70..df2c333 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -1,9 +1,6 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: +# Default values for postgresql. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. image: registry: docker.io @@ -118,19 +115,3 @@ job: # owner: "existing_user_which_will_get_grant" # additionalParams: "" # Optional databases: {} - -autoupgrade: - enabled: true - image: - registry: docker.io - repository: pgautoupgrade/pgautoupgrade - pullPolicy: IfNotPresent - tag: "17-alpine" - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 diff --git a/pretix/.gitignore b/pretix/.gitignore deleted file mode 100644 index 948259a..0000000 --- a/pretix/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/*.tgz diff --git a/pretix/.helmignore b/pretix/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/pretix/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/pretix/Chart.lock b/pretix/Chart.lock deleted file mode 100644 index d8fae94..0000000 --- a/pretix/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: oci://docker.io/bitnamicharts - version: 16.4.3 -- name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:dd37b0663f93a21ea0d23e5041b48efef3cef63a051f2942eb095d1b95e63d7d -generated: "2025-01-15T22:10:16.363478706+01:00" diff --git a/pretix/Chart.yaml b/pretix/Chart.yaml deleted file mode 100644 index 05e3379..0000000 --- a/pretix/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: pretix -description: Reinventing ticket presales, one ticket at a time. -type: application -version: 0.1.4 -# renovate: image=docker.io/pretix/standalone -appVersion: "2024.11.0" -keywords: - - event-tickets -maintainers: - - name: WrenIX - url: https://wrenix.eu -sources: - - https://github.com/pretix/pretix - - https://codeberg.org/wrenix/helm-charts/src/branch/main/pretix - - https://hub.docker.com/r/pretix/standalone -dependencies: - - name: postgresql - version: "^16.3.1" - repository: "oci://docker.io/bitnamicharts" - condition: postgresql.enabled - - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" - condition: redis.enabled diff --git a/pretix/README.md b/pretix/README.md deleted file mode 100644 index 97bfc7e..0000000 --- a/pretix/README.md +++ /dev/null @@ -1,292 +0,0 @@ ---- -title: "pretix" - -description: "Reinventing ticket presales, one ticket at a time." - ---- - -# pretix - -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) - -Reinventing ticket presales, one ticket at a time. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Source Code - -* -* -* - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/pretix -``` - -You can install a chart release using the following command: - -```bash -helm install pretix-release oci://codeberg.org/wrenix/helm-charts/pretix --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall pretix-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| cronSchedule | string | `"*/30 * * * *"` | | -| env.PRETIX_CELERY_BACKEND | string | `"redis://:changeme@pretix-redis-master/1"` | | -| env.PRETIX_CELERY_BROKER | string | `"redis://:changeme@pretix-redis-master/2"` | | -| env.PRETIX_DATABASE_BACKEND | string | `"postgresql"` | | -| env.PRETIX_DATABASE_HOST | string | `"pretix-postgresql"` | | -| env.PRETIX_DATABASE_NAME | string | `"pretix"` | | -| env.PRETIX_DATABASE_PASSWORD | string | `"pretix"` | | -| env.PRETIX_DATABASE_USER | string | `"pretix"` | | -| env.PRETIX_MAIL_FROM | string | `"test@example.com"` | | -| env.PRETIX_MAIL_HOST | string | `nil` | | -| env.PRETIX_MAIL_PASSWORD | string | `nil` | | -| env.PRETIX_MAIL_PORT | int | `587` | | -| env.PRETIX_MAIL_TLS | bool | `true` | | -| env.PRETIX_MAIL_USER | string | `nil` | | -| env.PRETIX_METRICS_ENABLED | bool | `false` | | -| env.PRETIX_METRICS_PASSPHRASE | string | `"pretix"` | | -| env.PRETIX_METRICS_USER | string | `"pretix"` | | -| env.PRETIX_PRETIX_CURRENCY | string | `"EUR"` | | -| env.PRETIX_PRETIX_DATADIR | string | `"/data"` | | -| env.PRETIX_PRETIX_INSTANCE_NAME | string | `"Pretix Helm"` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_FOR | bool | `true` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO | bool | `true` | | -| env.PRETIX_PRETIX_URL | string | `"http://localhost"` | | -| env.PRETIX_REDIS_LOCATION | string | `"redis://:changeme@pretix-redis-master/0"` | | -| env.PRETIX_REDIS_SESSIONS | bool | `true` | | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"pretix/standalone"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| livenessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| livenessProbe.httpGet.path | string | `"/healthcheck/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgresql.auth.database | string | `"pretix"` | | -| postgresql.auth.password | string | `"pretix"` | | -| postgresql.auth.postgresPassword | string | `"supersecureadminpassword"` | | -| postgresql.auth.username | string | `"pretix"` | | -| postgresql.enabled | bool | `true` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | broken, Host need to be localhost on request (instatt of ip) needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 | -| prometheus.servicemonitor.interval | string | `nil` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `nil` | scrape timeout | -| readinessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| readinessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| readinessProbe.httpGet.path | string | `"/healthcheck/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"changeme"` | | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.replica.persistence.enabled | bool | `true` | | -| replicas.taskworker | int | `1` | | -| replicas.web | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -# pretix - -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) - -Reinventing ticket presales, one ticket at a time. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Source Code - -* -* -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| cronSchedule | string | `"*/30 * * * *"` | | -| env.PRETIX_CELERY_BACKEND | string | `"redis://:changeme@pretix-redis-master/1"` | | -| env.PRETIX_CELERY_BROKER | string | `"redis://:changeme@pretix-redis-master/2"` | | -| env.PRETIX_DATABASE_BACKEND | string | `"postgresql"` | | -| env.PRETIX_DATABASE_HOST | string | `"pretix-postgresql"` | | -| env.PRETIX_DATABASE_NAME | string | `"pretix"` | | -| env.PRETIX_DATABASE_PASSWORD | string | `"pretix"` | | -| env.PRETIX_DATABASE_USER | string | `"pretix"` | | -| env.PRETIX_MAIL_FROM | string | `"test@example.com"` | | -| env.PRETIX_MAIL_HOST | string | `nil` | | -| env.PRETIX_MAIL_PASSWORD | string | `nil` | | -| env.PRETIX_MAIL_PORT | int | `587` | | -| env.PRETIX_MAIL_TLS | bool | `true` | | -| env.PRETIX_MAIL_USER | string | `nil` | | -| env.PRETIX_METRICS_ENABLED | bool | `false` | | -| env.PRETIX_METRICS_PASSPHRASE | string | `"pretix"` | | -| env.PRETIX_METRICS_USER | string | `"pretix"` | | -| env.PRETIX_PRETIX_CURRENCY | string | `"EUR"` | | -| env.PRETIX_PRETIX_DATADIR | string | `"/data"` | | -| env.PRETIX_PRETIX_INSTANCE_NAME | string | `"Pretix Helm"` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_FOR | bool | `true` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO | bool | `true` | | -| env.PRETIX_PRETIX_URL | string | `"http://localhost"` | | -| env.PRETIX_REDIS_LOCATION | string | `"redis://:changeme@pretix-redis-master/0"` | | -| env.PRETIX_REDIS_SESSIONS | bool | `true` | | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"pretix/standalone"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| livenessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| livenessProbe.httpGet.path | string | `"/healthcheck/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgresql.auth.database | string | `"pretix"` | | -| postgresql.auth.password | string | `"pretix"` | | -| postgresql.auth.postgresPassword | string | `"supersecureadminpassword"` | | -| postgresql.auth.username | string | `"pretix"` | | -| postgresql.enabled | bool | `true` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | broken, Host need to be localhost on request (instatt of ip) needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 | -| prometheus.servicemonitor.interval | string | `nil` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `nil` | scrape timeout | -| readinessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| readinessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| readinessProbe.httpGet.path | string | `"/healthcheck/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"changeme"` | | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.replica.persistence.enabled | bool | `true` | | -| replicas.taskworker | int | `1` | | -| replicas.web | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/pretix/ci/all-values.yaml b/pretix/ci/all-values.yaml deleted file mode 100644 index a79e60c..0000000 --- a/pretix/ci/all-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -env: - a: a - -persistence: - enabled: true - -ingress: - enabled: true - annotations: - a: a diff --git a/pretix/ci/empty-values.yaml b/pretix/ci/empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/pretix/templates/NOTES.txt b/pretix/templates/NOTES.txt deleted file mode 100644 index 2215ad7..0000000 --- a/pretix/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pretix.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pretix.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pretix.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pretix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/pretix/templates/_helpers.tpl b/pretix/templates/_helpers.tpl deleted file mode 100644 index f482705..0000000 --- a/pretix/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "pretix.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pretix.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pretix.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "pretix.labels" -}} -helm.sh/chart: {{ include "pretix.chart" . }} -{{ include "pretix.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pretix.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pretix.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pretix.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pretix.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/pretix/templates/configmap_grafana_dashboards.yaml b/pretix/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index d9ff230..0000000 --- a/pretix/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pretix.fullname" . }}-grafana-dashboards - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/pretix/templates/cronjob.yaml b/pretix/templates/cronjob.yaml deleted file mode 100644 index 8ddfe27..0000000 --- a/pretix/templates/cronjob.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} -spec: - schedule: {{ .Values.cronSchedule | quote }} - jobTemplate: - spec: - template: - metadata: - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 12 }} - {{- end }} - labels: - {{- include "pretix.labels" . | nindent 12 }} - app.kubernetes.io/component: cronjob - {{- with .Values.podLabels }} - {{- toYaml . | nindent 12 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 12 }} - restartPolicy: OnFailure - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 16 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "pretix.fullname" . }} - env: - # Migrations are handled by helm hooks in pretix-migrate.yaml - - name: AUTOMIGRATE - value: "skip" - command: [ "pretix" ] - args: [ "cron" ] - resources: - {{- toYaml .Values.resources | nindent 16 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 16 }} - {{- end }} - volumes: - - name: pretix-data - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 12 }} - {{- end }} diff --git a/pretix/templates/deployment.yaml b/pretix/templates/deployment.yaml deleted file mode 100644 index 20dc63d..0000000 --- a/pretix/templates/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- range $component := list "web" "taskworker" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "pretix.fullname" $ }}-{{ $component }} - labels: - {{- include "pretix.labels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ get $.Values.replicas $component }} - {{- end }} - selector: - matchLabels: - {{- include "pretix.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: {{ $component }} - template: - metadata: - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} - {{- with $.Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "pretix.labels" $ | nindent 8 }} - app.kubernetes.io/component: {{ $component }} - {{- with $.Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" $ }} - securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ $.Chart.Name }} - securityContext: - {{- toYaml $.Values.securityContext | nindent 12 }} - {{- with $.Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - env: - # Migrations are handled by helm hooks in pretix-migrate.yaml - - name: AUTOMIGRATE - value: "skip" - envFrom: - - secretRef: - name: {{ include "pretix.fullname" $ }} - command: [ "pretix" ] - args: [ {{ $component | quote }} ] - {{- if (eq $component "web") }} - ports: - - name: http - containerPort: {{ $.Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml $.Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml $.Values.readinessProbe | nindent 12 }} - {{- end }} - resources: - {{- toYaml $.Values.resources | nindent 12 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with $.Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: pretix-data - {{- if $.Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ $.Values.persistence.hostPath | quote }} - {{- else if $.Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with $.Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" $ }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with $.Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/pretix/templates/hpa.yaml b/pretix/templates/hpa.yaml deleted file mode 100644 index 6ad556c..0000000 --- a/pretix/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "pretix.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/pretix/templates/ingress.yaml b/pretix/templates/ingress.yaml deleted file mode 100644 index 7ab4d99..0000000 --- a/pretix/templates/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- with .pathType }} - pathType: {{ . }} - {{- end }} - backend: - service: - name: {{ include "pretix.fullname" $ }}-web - port: - name: http - {{- end }} - {{- end }} -{{- end }} diff --git a/pretix/templates/job-migrate.yaml b/pretix/templates/job-migrate.yaml deleted file mode 100644 index aabb446..0000000 --- a/pretix/templates/job-migrate.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "pretix.fullname" . }}-migrate - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded -spec: - template: - metadata: - annotations: - checksum/secret: {{ toYaml .Values.env | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "pretix.labels" . | nindent 8 }} - app.kubernetes.io/component: cronjob - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - restartPolicy: OnFailure - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "pretix.fullname" . }} - command: [ "pretix" ] - args: [ "migrate" ] - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: pretix-data - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/pretix/templates/prometheus-rules.yaml b/pretix/templates/prometheus-rules.yaml deleted file mode 100644 index b229eb7..0000000 --- a/pretix/templates/prometheus-rules.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.prometheus.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ template "pretix.fullname" . }}-Additional - rules: - - alert: "pretix: error in task" - expr: rate(pretix_task_runs_total{status!="success"}[1h])!=0 - for: 5m - labels: - severity: critical - annotations: - {{` - summary: "pretix task of {{ $labels.instance }} has an error on {{ $labels.task_name }} in the last hour" - `}} - {{- with .Values.prometheus.rules.additionalRules }} - - name: {{ template "pretix.fullname" $ }}-Additional - rules: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/pretix/templates/pvc.yaml b/pretix/templates/pvc.yaml deleted file mode 100644 index 3f694e5..0000000 --- a/pretix/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and - .Values.persistence.enabled - (not .Values.persistence.hostPath) - (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.persistence.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- with .Values.persistence.storageClass }} - {{- if (eq "-" .) }} - storageClassName: "" - {{- else }} - storageClassName: {{ . | quote }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/pretix/templates/secrets.yaml b/pretix/templates/secrets.yaml deleted file mode 100644 index 6c377e0..0000000 --- a/pretix/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} -data: - {{- range $name, $value := .Values.env }} - {{ $name }}: {{ toYaml $value | b64enc }} - {{- end }} diff --git a/pretix/templates/service.yaml b/pretix/templates/service.yaml deleted file mode 100644 index 2dff661..0000000 --- a/pretix/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $component := list "web" "taskworker" }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "pretix.fullname" $ }}-{{ $component }} - labels: - {{- include "pretix.labels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} -spec: - type: {{ $.Values.service.type }} - selector: - {{- include "pretix.selectorLabels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} - ports: - - port: {{ $.Values.service.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/pretix/templates/servicemonitor.yaml b/pretix/templates/servicemonitor.yaml deleted file mode 100644 index 9c167fd..0000000 --- a/pretix/templates/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "pretix.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: web - endpoints: - - port: http - path: "/metrics" - enableHttp2: false - basicAuth: - username: - name: {{ include "pretix.fullname" . }} - key: PRETIX_METRICS_USER - password: - name: {{ include "pretix.fullname" . }} - key: PRETIX_METRICS_PASSPHRASE - {{- with .Values.prometheus.servicemonitor }} - {{- with .interval }} - interval: {{ . }} - {{- end }} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- end }} -{{- end }} - diff --git a/pretix/templates/tests/test-connection.yaml b/pretix/templates/tests/test-connection.yaml deleted file mode 100644 index 904e9ba..0000000 --- a/pretix/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "pretix.fullname" . }}-test-connection" - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "pretix.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/pretix/values.yaml b/pretix/values.yaml deleted file mode 100644 index f839a79..0000000 --- a/pretix/values.yaml +++ /dev/null @@ -1,237 +0,0 @@ -# Default values for pretix. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ -replicas: - web: 1 - taskworker: 1 - -# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ -image: - registry: docker.io - repository: pretix/standalone - # This sets the pull policy for images. - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -cronSchedule: "*/30 * * * *" - -env: - PRETIX_PRETIX_INSTANCE_NAME: Pretix Helm - PRETIX_PRETIX_URL: http://localhost - PRETIX_PRETIX_CURRENCY: EUR - PRETIX_PRETIX_DATADIR: /data - PRETIX_PRETIX_TRUST_X_FORWARDED_FOR: true - PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO: true - PRETIX_MAIL_FROM: test@example.com - PRETIX_MAIL_HOST: - PRETIX_MAIL_USER: - PRETIX_MAIL_PASSWORD: - PRETIX_MAIL_PORT: 587 - PRETIX_MAIL_TLS: true - PRETIX_DATABASE_BACKEND: postgresql - PRETIX_DATABASE_NAME: pretix - PRETIX_DATABASE_USER: pretix - PRETIX_DATABASE_PASSWORD: pretix - PRETIX_DATABASE_HOST: pretix-postgresql - PRETIX_REDIS_LOCATION: redis://:changeme@pretix-redis-master/0 - PRETIX_REDIS_SESSIONS: true - PRETIX_CELERY_BACKEND: redis://:changeme@pretix-redis-master/1 - PRETIX_CELERY_BROKER: redis://:changeme@pretix-redis-master/2 - PRETIX_METRICS_ENABLED: false - PRETIX_METRICS_USER: pretix - PRETIX_METRICS_PASSPHRASE: pretix - -# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# This is to override the chart name. -nameOverride: "" -fullnameOverride: "" - -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# This is for setting Kubernetes Annotations to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} - -# This is for setting Kubernetes Labels to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - # - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - accessMode: ReadWriteOnce - size: 5Gi - -# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ -service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - -prometheus: - servicemonitor: - # -- broken, Host need to be localhost on request (instatt of ip) - # needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 - enabled: false - labels: {} - # -- interval - interval: - # -- scrape timeout - scrapeTimeout: - rules: - enabled: false - labels: {} - # current no default alertrules are provided - additionalRules: [] - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -livenessProbe: - httpGet: - path: /healthcheck/ - port: http - httpHeaders: - - name: "host" - value: localhost -readinessProbe: - httpGet: - path: /healthcheck/ - port: http - httpHeaders: - - name: "host" - value: localhost - -# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - - -postgresql: - enabled: true - auth: - database: pretix - username: pretix - password: pretix - postgresPassword: supersecureadminpassword - -redis: - enabled: true - architecture: standalone - auth: - enabled: true - password: 'changeme' - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - global: - storageClass: "" - master: - persistence: - enabled: true - replica: - persistence: - enabled: true diff --git a/publish.sh b/publish.sh index d0596e5..b42943b 100755 --- a/publish.sh +++ b/publish.sh @@ -1,18 +1,19 @@ #/bin/sh -HELM_REPO=${HELM_REPO:-codeberg.org/wrenix/helm-charts} -HELM_REPO_URL="oci://${HELM_REPO}" +HELM_REPO=${HELM_REPO:-oci://codeberg.org/wrenix/helm-charts} COMMIT_SCOPE=${2:-fix} COMMIT_MESSAGE=${1:-"update appVersion"} +helm-docs -t ./README.adoc.gotmpl -t _docs.gotmpl -o README.adoc + +./docs/modules/charts/generate.sh ct lint # || exit 1 for p in * ; do if \ [ ! -d $p ] || \ - [ $p == docs ] || \ [ ! -f $p/Chart.yaml ] \ ; then continue @@ -41,8 +42,7 @@ for p in * ; do if [ "$tag" == "$lastTag" ]; then echo "changed helmchart should create new pkg - diff line count has:" echo $(git diff "${lastTag}" -- "${p}" | wc -l); - echo - continue; + exit 1 fi else echo "nothing todo" @@ -50,33 +50,13 @@ for p in * ; do continue; fi fi - - set -e - echo "update docs" - helm-docs -t ./README.md.gotmpl -t _docs.gotmpl -o README.md -g "${p}" - rm -f "${p}/README.adoc" - echo - - echo "package and push helm-chart" helm package "${p}" - helm push "${p}-${v}.tgz" "${HELM_REPO_URL}"; - oras tag "${HELM_REPO}/${p}:${v}" "${v%\.[0-9]*}" "${v%\.[0-9]*\.[0-9]*}" "latest" - echo + helm push "${p}-${v}.tgz" "${HELM_REPO}"; - echo "update artifacthub.io" - set +e - oras push "${HELM_REPO}/${p}:artifacthub.io" \ - --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \ - "${p}/artifacthub-repo.yml":application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml - echo - - echo "push to git" - git add "${p}/" + git add "${p}/" "docs/modules/charts/nav.adoc" "docs/modules/charts/pages/${p}.adoc" git commit -m "${COMMIT_SCOPE}(${p}): ${COMMIT_MESSAGE}" - set -e git tag "${tag}" --no-sign; git push --tags origin main; - set +e echo done diff --git a/speedtest-exporter/.helmignore b/speedtest-exporter/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/speedtest-exporter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/speedtest-exporter/Chart.yaml b/speedtest-exporter/Chart.yaml deleted file mode 100644 index 6f0c203..0000000 --- a/speedtest-exporter/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: speedtest-exporter -description: -icon: https://b.cdnst.net/images/favicons/favicon-180.png -type: application -version: "0.2.1" -# renovate: image=ghcr.io/miguelndecarvalho/speedtest-exporter -appVersion: "3.5.4" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/speedtest-exporter/README.md b/speedtest-exporter/README.md deleted file mode 100644 index 0c88a0f..0000000 --- a/speedtest-exporter/README.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: "speedtest-exporter" - ---- - -# speedtest-exporter - -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.5.4](https://img.shields.io/badge/AppVersion-3.5.4-informational?style=flat-square) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/speedtest-exporter -``` - -You can install a chart release using the following command: - -```bash -helm install speedtest-exporter-release oci://codeberg.org/wrenix/helm-charts/speedtest-exporter --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall speedtest-exporter-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.cacheFor | int | `0` | cache result for seconds | -| config.server | string | `nil` | speedtest-serverid | -| config.timeout | int | `90` | timeout of speedtest | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"miguelndecarvalho/speedtest-exporter"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller, prometheus) | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.interval | string | `"1h"` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `"2m"` | scrape timeout | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/speedtest-exporter/_docs.gotmpl b/speedtest-exporter/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json b/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json deleted file mode 100644 index b74dbb8..0000000 --- a/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json +++ /dev/null @@ -1,843 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "Dashboard for Speedtest Exporter https://github.com/MiguelNdeCarvalho/speedtest-exporter", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 13665, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 1, - "text": "DOWN" - }, - "1": { - "index": 0, - "text": "UP" - } - }, - "type": "value" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "yellow", - "value": null - }, - { - "color": "red", - "value": 0 - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 0, - "y": 0 - }, - "id": null, - "options": { - "colorMode": "background", - "graphMode": "area", - "justifyMode": "center", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "value", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(speedtest_up{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Status of the Speedtest-Exporter", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "ServerID of the last test done", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 15, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "value", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(speedtest_server_id{job=~\"$job\"})", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "ServerID (Last test done)", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 8, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "refId": "A" - } - ], - "title": "Gauges", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binbps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 4 - }, - "id": 10, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_download_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Download Speed", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binbps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 4 - }, - "id": 12, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_upload_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Upload Speed", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "ms" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 4 - }, - "id": 13, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "avg(speedtest_ping_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Ping", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "ms" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 4 - }, - "id": 11, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "avg(speedtest_jitter_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Jitter", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 6, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "refId": "A" - } - ], - "title": "Graphics", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 50, - "gradientMode": "opacity", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "binbps" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Upload: .*/" - }, - "properties": [ - { - "id": "custom.transform", - "value": "negative-Y" - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 2, - "options": { - "legend": { - "calcs": [ - "mean", - "max", - "logmin" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_download_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "Download: {{ instance }}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(speedtest_upload_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "hide": false, - "instant": false, - "legendFormat": "Upload: {{ instance }}", - "range": true, - "refId": "B" - } - ], - "title": "Traffic Speed", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "Time", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "opacity", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "ms" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Jitter (ms)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 4, - "options": { - "legend": { - "calcs": [ - "mean", - "max", - "logmin" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "avg(speedtest_ping_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "Ping (ms)", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "avg(speedtest_jitter_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "Jitter (ms)", - "refId": "B" - } - ], - "title": "Ping and Jitter (ms)", - "type": "timeseries" - } - ], - "refresh": "5m", - "schemaVersion": 39, - "tags": [ - "network" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(speedtest_up, job)", - "hide": 0, - "includeAll": true, - "label": "Job", - "multi": true, - "name": "job", - "options": [], - "query": { - "query": "label_values(speedtest_up, job)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-2d", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Speedtest-Exporter Dashboard", - "uid": "-fs18ztMz", - "version": 1, - "weekStart": "" -} diff --git a/speedtest-exporter/templates/NOTES.txt b/speedtest-exporter/templates/NOTES.txt deleted file mode 100644 index d840f1a..0000000 --- a/speedtest-exporter/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "speedtest-exporter.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "speedtest-exporter.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "speedtest-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "speedtest-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/speedtest-exporter/templates/_helpers.tpl b/speedtest-exporter/templates/_helpers.tpl deleted file mode 100644 index 6b2c229..0000000 --- a/speedtest-exporter/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "speedtest-exporter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "speedtest-exporter.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "speedtest-exporter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "speedtest-exporter.labels" -}} -helm.sh/chart: {{ include "speedtest-exporter.chart" . }} -{{ include "speedtest-exporter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "speedtest-exporter.selectorLabels" -}} -app.kubernetes.io/name: {{ include "speedtest-exporter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "speedtest-exporter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "speedtest-exporter.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/configmap_grafana_dashboards.yaml b/speedtest-exporter/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 830812d..0000000 --- a/speedtest-exporter/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "speedtest-exporter.fullname" $ }}-grafana-dashboards - labels: - {{- include "speedtest-exporter.labels" $ | nindent 4 }} - {{- toYaml $.Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml $.Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/speedtest-exporter/templates/deployment.yaml b/speedtest-exporter/templates/deployment.yaml deleted file mode 100644 index 6ec8bba..0000000 --- a/speedtest-exporter/templates/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "speedtest-exporter.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - {{- with .Values.config.server }} - - name: "SPEEDTEST_SERVER" - value: {{ . | quote }} - {{- end }} - {{- with .Values.config.cacheFor }} - - name: "SPEEDTEST_CACHE_FOR" - value: {{ . | quote }} - {{- end }} - {{- with .Values.config.timeout }} - - name: "SPEEDTEST_TIMEOUT" - value: {{ . | quote }} - {{- end }} - ports: - - name: http - containerPort: 9798 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/speedtest-exporter/templates/hpa.yaml b/speedtest-exporter/templates/hpa.yaml deleted file mode 100644 index a1c4a6d..0000000 --- a/speedtest-exporter/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "speedtest-exporter.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/ingress.yaml b/speedtest-exporter/templates/ingress.yaml deleted file mode 100644 index e5fc79a..0000000 --- a/speedtest-exporter/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "speedtest-exporter.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/networkpolicy.yaml b/speedtest-exporter/templates/networkpolicy.yaml deleted file mode 100644 index cb011b3..0000000 --- a/speedtest-exporter/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 9798 - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/service.yaml b/speedtest-exporter/templates/service.yaml deleted file mode 100644 index ac6246a..0000000 --- a/speedtest-exporter/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "speedtest-exporter.selectorLabels" . | nindent 4 }} diff --git a/speedtest-exporter/templates/serviceaccount.yaml b/speedtest-exporter/templates/serviceaccount.yaml deleted file mode 100644 index 9d0600f..0000000 --- a/speedtest-exporter/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "speedtest-exporter.serviceAccountName" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/speedtest-exporter/templates/servicemonitor.yaml b/speedtest-exporter/templates/servicemonitor.yaml deleted file mode 100644 index b5fe422..0000000 --- a/speedtest-exporter/templates/servicemonitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics" - {{- with .Values.prometheus.servicemonitor }} - {{- with .interval }} - interval: {{ . }} - {{- end }} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/tests/test-connection.yaml b/speedtest-exporter/templates/tests/test-connection.yaml deleted file mode 100644 index 2c6125f..0000000 --- a/speedtest-exporter/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "speedtest-exporter.fullname" . }}-test-connection" - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "speedtest-exporter.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/speedtest-exporter/values.yaml b/speedtest-exporter/values.yaml deleted file mode 100644 index e85daa6..0000000 --- a/speedtest-exporter/values.yaml +++ /dev/null @@ -1,146 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: ghcr.io - repository: miguelndecarvalho/speedtest-exporter - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -config: - # -- speedtest-serverid - server: - # -- cache result for seconds - cacheFor: 0 - # -- timeout of speedtest - timeout: 90 - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -prometheus: - servicemonitor: - enabled: false - labels: {} - # -- interval - interval: 1h - # -- scrape timeout - scrapeTimeout: 2m - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller, prometheus) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - path: / - port: http -readinessProbe: - httpGet: - path: / - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/stalwart-mail/Chart.yaml b/stalwart-mail/Chart.yaml index 88b95e4..79820e4 100644 --- a/stalwart-mail/Chart.yaml +++ b/stalwart-mail/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 name: stalwart-mail description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) -icon: https://stalw.art/img/apple-touch-icon.png +icon: https://stalw.art/home/apple-touch-icon.png type: application -version: 0.0.23 +version: 0.0.4 # renovate: image=docker.io/stalwartlabs/mail-server -appVersion: "0.11.3" +appVersion: "0.6.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/stalwart-mail/README.adoc b/stalwart-mail/README.adoc new file mode 100644 index 0000000..876b2bf --- /dev/null +++ b/stalwart-mail/README.adoc @@ -0,0 +1,1140 @@ + + += stalwart-mail + +image::https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square[Version: 0.0.4] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square[AppVersion: 0.6.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + += Alpha + +WARNING +==== +We stop working on this Helm-Chart. +There are still many breaking change like: + +* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] + +We hope that stalward mail-server becomes more stable. + +==== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mail +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall stalwart-mail-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| certificate.certmanager.dnsNames[0] +| string +| `"chart-example.local"` +| + +| certificate.certmanager.enabled +| bool +| `true` +| + +| certificate.certmanager.issuerRef.group +| string +| `"cert-manager.io"` +| + +| certificate.certmanager.issuerRef.kind +| string +| `"ClusterIssuer"` +| + +| certificate.certmanager.issuerRef.name +| string +| `"letsencrypt-prod"` +| + +| certificate.secretName +| string +| `nil` +| not needed if certmanager is used + +| config.acme.letsencrypt +| object +| `{"cache":"/opt/stalwart-mail/etc/acme","contact":["postmaster@%{DEFAULT_DOMAIN}%"],"directory":"https://acme-v02.api.letsencrypt.org/directory","port":443,"renew-before":"30d"}` +| acme with name letsencrypt (from: common/tls.toml) + +| config.acme.letsencrypt.cache +| string +| `"/opt/stalwart-mail/etc/acme"` +| acme cache (from: common/tls.toml) + +| config.acme.letsencrypt.contact +| list +| `["postmaster@%{DEFAULT_DOMAIN}%"]` +| acme contact (from: common/tls.toml) + +| config.acme.letsencrypt.directory +| string +| `"https://acme-v02.api.letsencrypt.org/directory"` +| acme directory (from: common/tls.toml) + +| config.acme.letsencrypt.port +| int +| `443` +| acme port (from: common/tls.toml) + +| config.acme.letsencrypt.renew-before +| string +| `"30d"` +| acme renew-before (from: common/tls.toml) + +| config.certificate.default +| object +| `{"cert":"file:///opt/stalwart-mail/etc/certs/tls.crt","private-key":"file:///opt/stalwart-mail/etc/certs/tls.key"}` +| certificate with name default (from: common/tls.toml) + +| config.certificate.default.cert +| string +| `"file:///opt/stalwart-mail/etc/certs/tls.crt"` +| certificate cert (from: common/tls.toml) + +| config.certificate.default.private-key +| string +| `"file:///opt/stalwart-mail/etc/certs/tls.key"` +| certificate private-key (from: common/tls.toml) + +| config.directory.memory +| object +| `{"disable":false,"options":{"catch-all":true,"subaddressing":true},"principals":[{"description":"Superuser","mail":["postmaster@%{DEFAULT_DOMAIN}%"],"name":"admin","secret":"changeme","type":"admin"}],"type":"memory"}` +| directory - with name memory (from: directory/internal.yaml) + +| config.directory.memory.disable +| bool +| `false` +| overwrite me, if not wanted + +| config.global.shared-map.capacity +| int +| `10` +| global shared-map capacity (from: common/server.toml) + +| config.global.shared-map.shard +| int +| `32` +| global shared-map shard (from: common/server.toml) + +| config.global.thread-pool +| string +| `nil` +| global thead-pool (from: common/server.toml) + +| config.global.tracing +| object +| `{"level":"info","method":"stdout"}` +| global tracing (from: common/tracing.toml) + +| config.imap.auth.allow-plain-text +| bool +| `false` +| imap auth allow-plain-text (from: imap/settings.toml) + +| config.imap.auth.max-failures +| int +| `3` +| imap auth max-failures(from: imap/settings.toml) + +| config.imap.folders.name.shared +| string +| `"Shared Folders"` +| imap folders name shared (from: imap/settings.toml) + +| config.imap.protocol.uidplus +| bool +| `false` +| imap protocol uidplus (from: imap/settings.toml) + +| config.imap.rate-limit.concurrent +| int +| `6` +| imap rate-limit concurrent (from: imap/settings.toml) + +| config.imap.rate-limit.requests +| string +| `"2000/1m"` +| imap rate-limit requests (from: imap/settings.toml) + +| config.imap.request.max-size +| int +| `52428800` +| imap request max-size (from: imap/settings.toml) + +| config.imap.timeout.anonymous +| string +| `"1m"` +| imap timeout anonymous (from: imap/settings.toml) + +| config.imap.timeout.authenticated +| string +| `"30m"` +| imap timeout authenticated (from: imap/settings.toml) + +| config.imap.timeout.idle +| string +| `"30m"` +| imap timeout idle (from: imap/settings.toml) + +| config.jmap.directory +| string +| `"%{DEFAULT_DIRECTORY}%"` +| jmap-directory (from: jmap/auth.yaml) + +| config.jmap.email +| object +| `{"max-attachment-size":50000000,"max-size":75000000,"parse":{"max-items":10}}` +| jmap-email + +| config.jmap.event-source +| object +| `{"throttle":"1s"}` +| jmap-event-source + +| config.jmap.mailbox +| object +| `{"max-depth":10,"max-name-length":255}` +| jmap-mailbox + +| config.jmap.principal +| object +| `{"allow-lookups":true}` +| jmap-principal + +| config.jmap.protocol +| object +| `{"changes":{"max-results":5000},"get":{"max-objects":500},"query":{"max-results":5000},"request":{"max-calls":16,"max-concurrent":4,"max-size":10000000},"set":{"max-objects":500},"upload":{"max-concurrent":4,"max-size":50000000,"quota":{"files":1000,"size":50000000},"ttl":"1h"}}` +| jmap-protocol (from: jmap/protocol.yaml) + +| config.jmap.push +| object +| `{"attempts":{"interval":"1m","max":3},"max-total":100,"retry":{"interval":"1s"},"throttle":"1ms","timeout":{"request":"10s","verify":"1s"}}` +| jmap-push (from: jmap/push.yaml) + +| config.jmap.rate-limit +| object +| `{"account":"1000/1m","anonymous":"100/1m","authentication":"10/1m","cache":{"size":1024},"use-forwarded":true}` +| jmap-rate-limit (from: jmap/ratelimit.yaml) + +| config.jmap.session +| object +| `{"cache":{"size":100,"ttl":"1h"},"purge":{"frequency":"0 3 *"}}` +| jmap-session (from: jmap/auth.yaml) + +| config.jmap.web-sockets +| object +| `{"heartbeat":"1m","throttle":"1s","timeout":"10m"}` +| jmap-web-sockets (from: jmap/websocket.yaml) + +| config.macros +| object +| `{"default_directory":"memory","default_domain":"__DOMAIN__","default_store":"sqlite","host":"__HOST__"}` +| macros (from: config.toml) + +| config.oauth.auth +| object +| `{"max-attempts":3}` +| oauth - auth + +| config.oauth.cache +| object +| `{"size":128}` +| oauth - cache + +| config.oauth.expiry +| object +| `{"auth-code":"10m","refresh-token":"30d","refresh-token-renew":"4d","token":"1h","user-code":"30m"}` +| oauth - expiry + +| config.oauth.key +| string +| `"__OAUTH_KEY__"` +| oauth - key + +| config.queue.hash +| int +| `64` +| queue-hash + +| config.queue.outbound +| object +| `{"ip-strategy":"ipv4_then_ipv6","limits":{"multihomed":2,"mx":7},"next-hop":[{"if":"is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain)","then":"'local'"},{"else":false}],"timeouts":{"connect":"3m","data":"10m","ehlo":"3m","greeting":"3m","mail-from":"3m","mta-sts":"2m","rcpt-to":"3m","tls":"2m"},"tls":{"allow-invalid-certs":false,"dane":"optional","mta-sts":"optional","starttls":"require"}}` +| queue-outbound + +| config.queue.path +| string +| `"/data/queue"` +| queue-path + +| config.queue.quota[0].key +| string +| `nil` +| + +| config.queue.quota[0].match +| string +| `nil` +| + +| config.queue.quota[0].messages +| int +| `100000` +| + +| config.queue.quota[0].size +| int +| `10737418240` +| + +| config.queue.schedule +| object +| `{"expire":"5d","notify":"[1d, 3d]","retry":"[2m, 5m, 10m, 15m, 30m, 1h, 2h]"}` +| queue-schedule + +| config.queue.throttle[0].concurrency +| int +| `5` +| + +| config.queue.throttle[0].key[0] +| string +| `"rcpt_domain"` +| + +| config.queue.throttle[0].rate +| string +| `nil` +| + +| config.report.analysis +| object +| `{"addresses":["dmarc@*","abuse@*","postmaster@*"],"forward":true}` +| report-analysis + +| config.report.dkim +| object +| `{"from-address":"'noreply-dkim@%{DEFAULT_DOMAIN}%'","from-name":"'Report Subsystem'","send":"[1, 1d]","sign":"['rsa']","subject":"'DKIM Authentication Failure Report'"}` +| report-dkim + +| config.report.dmarc +| object +| `{"aggregate":{"from-address":"'noreply-dmarc@%{DEFAULT_DOMAIN}%'","from-name":"'DMARC Report'","max-size":26214400,"org-name":"'%{DEFAULT_DOMAIN}%'","send":"daily","sign":"['rsa']"},"from-address":"'noreply-dmarc@%{DEFAULT_DOMAIN}%'","from-name":"'Report Subsystem'","send":"[1, 1d]","sign":"['rsa']","subject":"'DMARC Authentication Failure Report'"}` +| report-dmarc + +| config.report.dmarc.aggregate.max-size +| int +| `26214400` +| default: 25 mb + +| config.report.dsn +| object +| `{"from-address":"'MAILER-DAEMON@%{DEFAULT_DOMAIN}%'","from-name":"'Mail Delivery Subsystem'","sign":"['rsa']"}` +| report-dsn + +| config.report.hash +| int +| `64` +| report-hash + +| config.report.path +| string +| `"/data/reports"` +| report-path + +| config.report.spf +| object +| `{"from-address":"'noreply-spf@%{DEFAULT_DOMAIN}%'","from-name":"'Report Subsystem'","send":"[1, 1d]","sign":"['rsa']","subject":"'SPF Authentication Failure Report'"}` +| report-spf + +| config.report.tls +| object +| `{"aggregate":{"from-address":"'noreply-tls@%{DEFAULT_DOMAIN}%'","from-name":"'TLS Report'","max-size":26214400,"org-name":"'%{DEFAULT_DOMAIN}%'","send":"daily","sign":"['rsa']"}}` +| report-tls + +| config.report.tls.aggregate.max-size +| int +| `26214400` +| default: 25 mb + +| config.resolver.attempts +| int +| `2` +| resolver-attempts + +| config.resolver.cache +| object +| `{"ipv4":1024,"ipv6":1024,"mta-sts":1024,"mx":1024,"ptr":1024,"tlsa":1024,"txt":2048}` +| resolver-cache + +| config.resolver.concurrency +| int +| `2` +| resolver-concurrency + +| config.resolver.preserve-intermediates +| bool +| `true` +| resolver-preserve-intermediates + +| config.resolver.public-suffix +| list +| `["https://publicsuffix.org/list/public_suffix_list.dat","file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz"]` +| resolver-public-suffix + +| config.resolver.timeout +| string +| `"5s"` +| resolver-timeout + +| config.resolver.try-tcp-on-error +| bool +| `true` +| resolver-try-tcp-on-error + +| config.resolver.type +| string +| `"system"` +| resolver-type + +| config.server.hostname +| string +| `"%{HOST}%"` +| server hostname (from: common/server.toml) + +| config.server.listener +| object +| `{"http":{"bind":["[::]:80"],"protocol":"jmap","url":"https://%{HOST}%"},"imap":{"bind":["[::]:143"],"protocol":"imap"},"imaps":{"bind":["[::]:993"],"protocol":"imap","tls":{"implicit":true}},"sieve":{"bind":["[::]:4190"],"protocol":"managesieve","tls":{"implicit":true}},"smtp":{"bind":["[::]:25"],"protocol":"smtp"},"smtp-submission":{"bind":["[::]:587"],"protocol":"smtp"},"smtps":{"bind":["[::]:465"],"protocol":"smtp","tls":{"implicit":true}}}` +| server listener + +| config.server.listener.http +| object +| `{"bind":["[::]:80"],"protocol":"jmap","url":"https://%{HOST}%"}` +| jmap/listener.yaml + +| config.server.listener.imap +| object +| `{"bind":["[::]:143"],"protocol":"imap"}` +| server listener with name imap (from: imap/listener.toml) + +| config.server.listener.imaps +| object +| `{"bind":["[::]:993"],"protocol":"imap","tls":{"implicit":true}}` +| server listener with name imaps (from: imap/listener.toml) + +| config.server.listener.sieve +| object +| `{"bind":["[::]:4190"],"protocol":"managesieve","tls":{"implicit":true}}` +| server listener with name sieve (from: imap/listener.toml) + +| config.server.run-as.group +| string +| `"stalwart-mail"` +| server run-as group (from: common/server.toml) + +| config.server.run-as.user +| string +| `"stalwart-mail"` +| server run-as user (from: common/server.toml) + +| config.server.security.blocked-networks +| object +| `{}` +| server security blocked-networks (from: common/server.toml) + +| config.server.security.fail2ban +| string +| `"100/1d"` +| server security fail2ban (from: common/server.toml) + +| config.server.socket.backlog +| int +| `1024` +| server socket backlog (from: common/server.toml) + +| config.server.socket.linger +| int +| `1` +| server socket linger (from: common/server.toml) + +| config.server.socket.nodelay +| bool +| `true` +| server socket nodelay (from: common/server.toml) + +| config.server.socket.recv-buffer-size +| int +| `65535` +| server socket recv-buffer-size (from: common/server.toml) + +| config.server.socket.reuse-addr +| bool +| `true` +| server socket reuse-addr (from: common/server.toml) + +| config.server.socket.reuse-port +| bool +| `false` +| server socket reuse-port (from: common/server.toml) + +| config.server.socket.send-buffer-size +| int +| `65535` +| server socket send-buffer-size (from: common/server.toml) + +| config.server.socket.tos +| int +| `1` +| server socket tos (from: common/server.toml) + +| config.server.socket.ttl +| int +| `3600` +| server socket ttl (from: common/server.toml) + +| config.server.tls.acme +| string +| `nil` +| server tls acme (from: common/tls.toml) example: "letsencrypt" + +| config.server.tls.certificate +| string +| `"default"` +| server tls certificate (from: common/tls.toml) + +| config.server.tls.ciphers +| string +| `nil` +| server tls #ciphers (from: common/tls.toml) example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] + +| config.server.tls.enable +| bool +| `true` +| server tls enable (from: common/tls.toml) + +| config.server.tls.ignore-client-order +| bool +| `true` +| server tls ignore-client-order (from: common/tls.toml) + +| config.server.tls.implicit +| bool +| `false` +| server tls implicit (from: common/tls.toml) + +| config.server.tls.protocols +| string +| `nil` +| server tls protocols (from: common/tls.toml) example: ["TLSv1.2", "TLSv1.3"] + +| config.server.tls.sni +| string +| `nil` +| server tls sni (from: common/tls.toml) example: [{subject: "", certificate: ""}] + +| config.server.tls.timeout +| string +| `"1m"` +| server tls timeout (from: common/tls.toml) + +| config.sieve.trusted.from-addr +| string +| `"no-reply@%{DEFAULT_DOMAIN}%"` +| sieve trusted from-addr (from: common/sieve.toml) + +| config.sieve.trusted.from-name +| string +| `"Automated Message"` +| sieve trusted from-name (from: common/sieve.toml) + +| config.sieve.trusted.hostname +| string +| `"%{HOST}%"` +| sieve trusted hostname (from: common/sieve.toml) + +| config.sieve.trusted.limits.cpu +| int +| `1048576` +| sieve trusted limits cpu (from: common/sieve.toml) + +| config.sieve.trusted.limits.duplicate-expiry +| string +| `"7d"` +| sieve trusted limits duplicate-expiry (from: common/sieve.toml) + +| config.sieve.trusted.limits.nested-includes +| int +| `5` +| sieve trusted limits nested-includes (from: common/sieve.toml) + +| config.sieve.trusted.limits.out-messages +| int +| `5` +| sieve trusted limits out-messages (from: common/sieve.toml) + +| config.sieve.trusted.limits.received-headers +| int +| `50` +| sieve trusted limits received-headers (from: common/sieve.toml) + +| config.sieve.trusted.limits.redirects +| int +| `3` +| sieve trusted limits redirects (from: common/sieve.toml) + +| config.sieve.trusted.no-capability-check +| bool +| `true` +| sieve trusted no-capability-check (from: common/sieve.toml) + +| config.sieve.trusted.return-path +| string +| `""` +| sieve trusted return-path (from: common/sieve.toml) + +| config.sieve.trusted.scripts.connect +| string +| `nil` +| sieve trusted scripts connect (from: common/sieve.toml) + +| config.sieve.trusted.scripts.ehlo +| string +| `nil` +| sieve trusted scripts ehlo (from: common/sieve.toml) + +| config.sieve.trusted.scripts.mail +| string +| `nil` +| sieve trusted scripts mail (from: common/sieve.toml) + +| config.sieve.trusted.sign +| list +| `["rsa"]` +| sieve trusted sign (from: common/sieve.toml) + +| config.sieve.untrusted.default-expiry.duplicate +| string +| `"7d"` +| sieve untrusted default-expiry duplicate (from: common/sieve.toml) + +| config.sieve.untrusted.default-expiry.vacation +| string +| `"30d"` +| sieve untrusted default-expiry vacation (from: common/sieve.toml) + +| config.sieve.untrusted.disable-capabilities +| list +| `[]` +| sieve untrusted disable-capabilities (from: common/sieve.toml) + +| config.sieve.untrusted.limits.cpu +| int +| `5000` +| sieve untrusted limit cpu (from: common/sieve.toml) + +| config.sieve.untrusted.limits.header-size +| int +| `1024` +| sieve untrusted limit header-size (from: common/sieve.toml) + +| config.sieve.untrusted.limits.includes +| int +| `3` +| sieve untrusted limit includes (from: common/sieve.toml) + +| config.sieve.untrusted.limits.local-variables +| int +| `128` +| sieve untrusted limit local-variables (from: common/sieve.toml) + +| config.sieve.untrusted.limits.match-variables +| int +| `30` +| sieve untrusted limit match-variables (from: common/sieve.toml) + +| config.sieve.untrusted.limits.max-scripts +| int +| `256` +| sieve untrusted limit max-scripts (from: common/sieve.toml) + +| config.sieve.untrusted.limits.name-length +| int +| `512` +| sieve untrusted limit name-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-blocks +| int +| `15` +| sieve untrusted limit nested-blocks (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-foreverypart +| int +| `3` +| sieve untrusted limit nested-foreverypart (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-includes +| int +| `3` +| sieve untrusted limit nested-includes (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-tests +| int +| `15` +| sieve untrusted limit nested-tests (from: common/sieve.toml) + +| config.sieve.untrusted.limits.outgoing-messages +| int +| `3` +| sieve untrusted limit outgoing-messages (from: common/sieve.toml) + +| config.sieve.untrusted.limits.received-headers +| int +| `10` +| sieve untrusted limit received-headers (from: common/sieve.toml) + +| config.sieve.untrusted.limits.redirects +| int +| `1` +| sieve untrusted limit redirects (from: common/sieve.toml) + +| config.sieve.untrusted.limits.script-size +| int +| `102400` +| sieve untrusted limit script-size (from: common/sieve.toml) + +| config.sieve.untrusted.limits.string-length +| int +| `4096` +| sieve untrusted limit string-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.variable-name-length +| int +| `32` +| sieve untrusted limit variable-name-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.variable-size +| int +| `4096` +| sieve untrusted limit variable-size (from: common/sieve.toml) + +| config.sieve.untrusted.notification-uris +| list +| `["mailto"]` +| sieve untrusted notification-uris (from: common/sieve.toml) + +| config.sieve.untrusted.protected-headers +| list +| `["Original-Subject","Original-From","Received","Auto-Submitted"]` +| sieve untrusted protected-headers (from: common/sieve.toml) + +| config.sieve.untrusted.vacation.default-subject +| string +| `"Automated reply"` +| sieve untrusted vacation default-subject (from: common/sieve.toml) + +| config.sieve.untrusted.vacation.subject-prefix +| string +| `"Auto: "` +| sieve untrusted vacation subject-prefix (from: common/sieve.toml) + +| config.signature.rsa +| object +| `{"algorithm":"rsa-sha256","canonicalization":"relaxed/relaxed","domain":"%{DEFAULT_DOMAIN}%","headers":["From","To","Date","Subject","Message-ID"],"private-key":"file://opt/stalwart-mail/etc/dkim/private.key","report":true,"selector":"stalwart","set-body-length":false}` +| signature-rsa + +| config.storage.blob +| string +| `"%{DEFAULT_STORE}%"` +| storage blob (from: common/store.toml) + +| config.storage.cluster.node-id +| string +| `nil` +| storage - cluster - node-id (from: common/store.toml) + +| config.storage.data +| string +| `"%{DEFAULT_STORE}%"` +| storage data (from: common/store.toml) + +| config.storage.directory +| string +| `"%{DEFAULT_DIRECTORY}%"` +| storage directory (from: common/store.toml) + +| config.storage.encryption.append +| bool +| `false` +| storage encryption append (from: common/store.toml) + +| config.storage.encryption.enable +| bool +| `true` +| storage encryption enable (from: common/store.toml) + +| config.storage.fts +| string +| `"%{DEFAULT_STORE}%"` +| storage fts (from: common/store.toml) BROKEN / TODO see: https://github.com/stalwartlabs/mail-server/issues/211 + +| config.storage.fts-table-duplicated-workaround.default-language +| string +| `"en"` +| storage - fts - default-language (from: common/store.toml) + +| config.storage.lookup +| string +| `"%{DEFAULT_STORE}%"` +| storage lookup (from: common/store.toml) + +| config.storage.spam.header +| string +| `"X-Spam-Status: Yes"` +| storage spam header (from: common/store.toml) + +| config.store.fs +| object +| `{"depth":2,"disable":false,"path":"/data/blobs","purge":{"frequency":"0 3 *"},"type":"fs"}` +| store - with name fs + +| config.store.fs.disable +| bool +| `false` +| overwrite me, if not wanted + +| config.store.sqlite +| object +| `{"disable":false,"path":"/data/index.sqlite3","purge":{"frequency":"0 3 *"},"query":{"domains":"SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1","emails":"SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC","expand":"SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50","members":"SELECT member_of FROM group_members WHERE name = ?","name":"SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true","recipients":"SELECT name FROM emails WHERE address = ?","verify":"SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5"},"type":"sqlite"}` +| store - with name sqlite + +| config.store.sqlite.disable +| bool +| `false` +| overwrite me, if not wanted + +| fullnameOverride +| string +| `""` +| + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"docker.io"` +| + +| image.repository +| string +| `"stalwartlabs/mail-server"` +| + +| image.tag +| string +| `""` +| Overrides the image tag whose default is the chart appVersion. + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| accessMode + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"10Gi"` +| size + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.annotations +| object +| `{}` +| + +| service.ipFamilies[0] +| string +| `"IPv4"` +| + +| service.ipFamilyPolicy +| string +| `"SingleStack"` +| other option is RequireDualStack + +| service.ports.http +| int +| `80` +| + +| service.ports.imap +| int +| `143` +| + +| service.ports.imaps +| int +| `993` +| + +| service.ports.sieve +| int +| `4190` +| + +| service.ports.smtp +| int +| `25` +| + +| service.ports.smtp-submission +| int +| `587` +| + +| service.ports.smtps +| int +| `465` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.automount +| bool +| `true` +| + +| serviceAccount.create +| bool +| `false` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| traefik.enabled +| bool +| `false` +| + +| traefik.ports.http +| string +| `"websecure"` +| + +| traefik.ports.imaps +| string +| `"imaps"` +| + +| traefik.ports.smtps +| string +| `"smtps"` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/stalwart-mail/README.md b/stalwart-mail/README.md deleted file mode 100644 index 14abf7d..0000000 --- a/stalwart-mail/README.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: "stalwart-mail" - -description: "Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)" - ---- - -# stalwart-mail - -![Version: 0.0.23](https://img.shields.io/badge/Version-0.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.3](https://img.shields.io/badge/AppVersion-0.11.3-informational?style=flat-square) - -Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -= Alpha - -WARNING -==== -We stop working on this Helm-Chart. -There are still many breaking change like: - -* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] - -We hope that stalward mail-server becomes more stable. - -==== - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mail -``` - -You can install a chart release using the following command: - -```bash -helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall stalwart-mail-release -``` - -## Values - -### DKIM - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.auth.dkim.sign | list | `[{"if":"listener != 'smtp'","then":"['rsa', 'ed25519']"},{"else":false}]` | auth rule for signing with dkim | -| config.auth.dkim.verify | string | `"relaxed"` | verify of dkim signature (relaxed, strict, disable) | - -### Authentification - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.authentication.fallback-admin.secret | string | `"%{env:FALLBACK_ADMIN_SECRET}%"` | password for fallback authentfication (use env for store in secrets of kubernetes) | -| config.authentication.fallback-admin.user | string | `"admin"` | username for fallback authentfication | -| secrets.env.FALLBACK_ADMIN_SECRET | string | `"supersecret"` | password for fallback authentfication (env) | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| certificate.certmanager.dnsNames[0] | string | `"chart-example.local"` | | -| certificate.certmanager.enabled | bool | `true` | | -| certificate.certmanager.issuerRef.group | string | `"cert-manager.io"` | | -| certificate.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | | -| certificate.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | | -| certificate.secretName | string | `nil` | not needed if certmanager is used | -| config.directory.internal.store | string | `"rocksdb"` | | -| config.directory.internal.type | string | `"internal"` | | -| config.metrics.prometheus.auth.secret | string | `"%{env:METRICS_SECRET}%"` | | -| config.metrics.prometheus.auth.username | string | `"%{env:METRICS_USERNAME}%"` | | -| config.metrics.prometheus.enable | bool | `true` | | -| config.server.allowed-ip."10.42.0.1/16" | string | `""` | | -| config.server.listener.http.bind[0] | string | `"[::]:80"` | | -| config.server.listener.http.protocol | string | `"http"` | | -| config.server.listener.https.bind[0] | string | `"[::]:443"` | | -| config.server.listener.https.protocol | string | `"http"` | | -| config.server.listener.https.tls.implicit | bool | `true` | | -| config.server.listener.imap.bind[0] | string | `"[::]:143"` | | -| config.server.listener.imap.protocol | string | `"imap"` | | -| config.server.listener.imaptls.bind[0] | string | `"[::]:993"` | | -| config.server.listener.imaptls.protocol | string | `"imap"` | | -| config.server.listener.imaptls.tls.implicit | bool | `true` | | -| config.server.listener.pop3.bind[0] | string | `"[::]:110"` | | -| config.server.listener.pop3.protocol | string | `"pop3"` | | -| config.server.listener.pop3s.bind[0] | string | `"[::]:995"` | | -| config.server.listener.pop3s.protocol | string | `"pop3"` | | -| config.server.listener.pop3s.tls.implicit | bool | `true` | | -| config.server.listener.sieve.bind[0] | string | `"[::]:4190"` | | -| config.server.listener.sieve.protocol | string | `"managesieve"` | | -| config.server.listener.smtp.bind[0] | string | `"[::]:25"` | | -| config.server.listener.smtp.protocol | string | `"smtp"` | | -| config.server.listener.submission.bind[0] | string | `"[::]:587"` | | -| config.server.listener.submission.protocol | string | `"smtp"` | | -| config.server.listener.submissions.bind[0] | string | `"[::]:465"` | | -| config.server.listener.submissions.protocol | string | `"smtp"` | | -| config.server.listener.submissions.tls.implicit | bool | `true` | | -| config.storage.blob | string | `"rocksdb"` | | -| config.storage.data | string | `"rocksdb"` | | -| config.storage.directory | string | `"internal"` | | -| config.storage.fts | string | `"rocksdb"` | | -| config.storage.lookup | string | `"rocksdb"` | | -| config.store.rocksdb.compression | string | `"lz4"` | | -| config.store.rocksdb.path | string | `"/data"` | | -| config.store.rocksdb.type | string | `"rocksdb"` | | -| config.tracer.otel.enable | bool | `false` | | -| config.tracer.otel.endpoint | string | `"https://127.0.0.1/otel"` | | -| config.tracer.otel.headers | list | `[]` | headers for usage with http (e.g. 'Authorization: ') | -| config.tracer.otel.level | string | `"info"` | | -| config.tracer.otel.transport | string | `"grpc"` | grpc or http | -| config.tracer.otel.type | string | `"open-telemetry"` | | -| config.tracer.stdout.ansi | bool | `false` | | -| config.tracer.stdout.enable | bool | `true` | | -| config.tracer.stdout.level | string | `"info"` | | -| config.tracer.stdout.type | string | `"stdout"` | | -| env | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"stalwartlabs/mail-server"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/healthz/live"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/healthz/ready"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| secrets.env.METRICS_SECRET | string | `"scrape_metrics_password"` | | -| secrets.env.METRICS_USERNAME | string | `"scrape_metrics_user"` | | -| securityContext | object | `{}` | | -| service.annotations | object | `{}` | | -| service.ipFamilies[0] | string | `"IPv4"` | | -| service.ipFamilyPolicy | string | `"SingleStack"` | other option is RequireDualStack | -| service.ports.http | int | `80` | | -| service.ports.https | int | `443` | | -| service.ports.imap | int | `143` | | -| service.ports.imaptls | int | `993` | | -| service.ports.pop3 | int | `110` | | -| service.ports.pop3s | int | `995` | | -| service.ports.sieve | int | `4190` | | -| service.ports.smtp | int | `25` | | -| service.ports.submission | int | `587` | | -| service.ports.submissions | int | `465` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| traefik.enabled | bool | `false` | | -| traefik.ports.https.entrypoint | string | `"websecure"` | | -| traefik.ports.https.match | string | `nil` | | -| traefik.ports.https.passthroughTLS | bool | `true` | | -| traefik.ports.https.proxyProtocol | bool | `true` | | -| traefik.ports.imaptls.entrypoint | string | `"imaps"` | | -| traefik.ports.imaptls.match | string | `nil` | | -| traefik.ports.imaptls.passthroughTLS | bool | `true` | | -| traefik.ports.imaptls.proxyProtocol | bool | `true` | | -| traefik.ports.pop3s.entrypoint | string | `"pop3s"` | | -| traefik.ports.pop3s.match | string | `nil` | | -| traefik.ports.pop3s.passthroughTLS | bool | `true` | | -| traefik.ports.pop3s.proxyProtocol | bool | `true` | | -| traefik.ports.sieve.entrypoint | string | `"sieve"` | | -| traefik.ports.sieve.match | string | `nil` | | -| traefik.ports.sieve.passthroughTLS | bool | `true` | | -| traefik.ports.sieve.proxyProtocol | bool | `true` | | -| traefik.ports.smtp.entrypoint | string | `"smtp"` | | -| traefik.ports.smtp.match | string | `nil` | | -| traefik.ports.smtp.proxyProtocol | bool | `true` | | -| traefik.ports.submissions.entrypoint | string | `"smtps"` | | -| traefik.ports.submissions.match | string | `nil` | | -| traefik.ports.submissions.passthroughTLS | bool | `true` | | -| traefik.ports.submissions.proxyProtocol | bool | `true` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/stalwart-mail/ci/ct-empty-values.yaml b/stalwart-mail/ci/ct-empty-values.yaml deleted file mode 100644 index 8b13789..0000000 --- a/stalwart-mail/ci/ct-empty-values.yaml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/stalwart-mail/ci/ct-traefik-values.yaml b/stalwart-mail/ci/ct-traefik-values.yaml deleted file mode 100644 index 4a5b430..0000000 --- a/stalwart-mail/ci/ct-traefik-values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -config: - lookup: - default: - hostname: mail.example.org - - server: - listener: - smtp: - proxy: - trusted-networks: ["10.0.0.0/8"] - submission: - submissions: - proxy: - trusted-networks: ["10.0.0.0/8"] - - imap: - imaptls: - proxy: - trusted-networks: ["10.0.0.0/8"] - - pop3: - pop3s: - proxy: - trusted-networks: ["10.0.0.0/8"] - - sieve: - proxy: - trusted-networks: ["10.0.0.0/8"] - - # without proxy and tls for ingress (well-known) - http: - protocol: "http" - bind: ["[::]:8080"] - - https: - url: "https://mail.example.org" - proxy: - trusted-networks: ["10.0.0.0/8"] - -service: - ports: - submission: - imap: - pop3: - http: 8080 - -traefik: - enabled: true - host: mail.example.org - ports: - submission: - imap: - pop3: - # not exists - blub: - -ingress: - enabled: true - hosts: - - host: "example.org" - paths: - - path: /.well-known/jmap - pathType: Prefix - - path: /.well-known/mta-sts.txt - pathType: Exact - - path: /.well-known/mail-v1.xml - pathType: Exact - - path: /.well-known/autoconfig - pathType: Prefix - - path: /autodiscover - pathType: Prefix diff --git a/stalwart-mail/templates/configmap.yaml b/stalwart-mail/templates/configmap.yaml deleted file mode 100644 index ae34beb..0000000 --- a/stalwart-mail/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -data: - "config.toml": | - {{- toToml .Values.config | replace ".0\n" "\n" | nindent 4 }} diff --git a/stalwart-mail/templates/deployment.yaml b/stalwart-mail/templates/deployment.yaml index a6c92b1..c7f63df 100644 --- a/stalwart-mail/templates/deployment.yaml +++ b/stalwart-mail/templates/deployment.yaml @@ -14,8 +14,7 @@ spec: template: metadata: annotations: - config-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - secret-env-hash: {{ include (print $.Template.BasePath "/secrets-env.yaml") . | sha256sum }} + confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -36,35 +35,16 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} + {{- with .Values.image}} image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} {{- end }} - {{- with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "stalwart-mail.fullname" . }}-env ports: {{- range $name, $port := .Values.service.ports }} - name: {{ $name }} containerPort: {{ $port }} protocol: TCP {{- end }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.startupProbe }} - startupProbe: - {{- toYaml . | nindent 12 }} - {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -82,7 +62,9 @@ spec: - name: config mountPath: "/opt/stalwart-mail/etc/config.toml" subPath: "config.toml" - readOnly: true + - name: config + mountPath: "/opt/stalwart-mail/etc/dkim/private.key" + subPath: "dkim.key" {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate mountPath: "/opt/stalwart-mail/etc/certs" @@ -92,8 +74,8 @@ spec: {{- end }} volumes: - name: "config" - configMap: - name: {{ include "stalwart-mail.fullname" . }} + secret: + secretName: {{ include "stalwart-mail.fullname" . }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate secret: diff --git a/stalwart-mail/templates/secrets-env.yaml b/stalwart-mail/templates/secrets-env.yaml deleted file mode 100644 index 14a9584..0000000 --- a/stalwart-mail/templates/secrets-env.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stalwart-mail.fullname" . }}-env - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -data: - {{- range $key, $value := .Values.secrets.env }} - {{ $key }}: {{ $value | b64enc }} - {{- end }} diff --git a/stalwart-mail/templates/secrets.yaml b/stalwart-mail/templates/secrets.yaml new file mode 100644 index 0000000..74efdf2 --- /dev/null +++ b/stalwart-mail/templates/secrets.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "stalwart-mail.fullname" . }} + labels: + {{- include "stalwart-mail.labels" . | nindent 4 }} + annotations: + confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} +data: + "config.toml": {{ regexReplaceAll + "trusted-networks = \\[(.*)\\]" + ( + toToml .Values.config + | replace ".0\n" "\n" + | replace "fts-table-duplicated-workaround" "fts" + ) + "trusted-networks = {${1}}" + | b64enc }} + "dkim.key": {{ genPrivateKey "rsa" | b64enc }} diff --git a/stalwart-mail/templates/servicemonitor.yaml b/stalwart-mail/templates/servicemonitor.yaml deleted file mode 100644 index ef8058f..0000000 --- a/stalwart-mail/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.config.metrics.prometheus.enable .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "stalwart-mail.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics/prometheus" - basicAuth: - username: - name: {{ include "stalwart-mail.fullname" . }}-env - key: METRICS_USERNAME - password: - name: {{ include "stalwart-mail.fullname" . }}-env - key: METRICS_SECRET -{{- end }} diff --git a/stalwart-mail/templates/traefik.yaml b/stalwart-mail/templates/traefik.yaml index ff32b51..c6be692 100644 --- a/stalwart-mail/templates/traefik.yaml +++ b/stalwart-mail/templates/traefik.yaml @@ -1,6 +1,5 @@ {{- if .Values.traefik.enabled }} -{{- range $port,$config := .Values.traefik.ports }} -{{- if $config }} +{{- range $port,$entryport := .Values.traefik.ports }} --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP @@ -8,20 +7,15 @@ metadata: name: {{ include "stalwart-mail.fullname" $ }}-{{ $port }} spec: entryPoints: - - {{ required (printf "traefik.ports.%s.entrypoint is required" $port) $config.entrypoint }} + - {{ $entryport }} routes: - - match: {{ $config.match | default (printf "HostSNI(`%s`)" $.Values.traefik.host) | quote }} + - match: HostSNI(`{{ $.Values.config.macros.host }}`) services: - name: {{ include "stalwart-mail.fullname" $ }} - port: {{ $port }} - {{- if $config.proxyProtocol }} + port: {{ $port}} proxyProtocol: version: 2 - {{- end }} - {{- if $config.passthroughTLS }} tls: passthrough: true - {{- end }} -{{- end }}{{/* if config exists*/}} -{{- end }}{{/* end-range */}} +{{- end }} {{- end }}{{/* end-if .enabled */}} diff --git a/stalwart-mail/values.yaml b/stalwart-mail/values.yaml index 29efe2e..bf9a103 100644 --- a/stalwart-mail/values.yaml +++ b/stalwart-mail/values.yaml @@ -21,118 +21,713 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" + +## +# Configuration of stalwart mail-server +# defaults taken from: https://github.com/stalwartlabs/mail-server/tree/6aeadb9cda301ec5f210d8e8390515e6292592fa/resources/config +# +# files import completed: +# - config.toml +# - common/*.toml +# - imap/*.toml +# +## config: + + + ## + # macros + ## + + # -- macros (from: config.toml) + macros: + host: "__HOST__" + default_domain: "__DOMAIN__" + default_directory: "memory" + default_store: "sqlite" + + + ## + # global + ## + + global: + shared-map: + # -- global shared-map capacity (from: common/server.toml) + capacity: 10 + # -- global shared-map shard (from: common/server.toml) + shard: 32 + + # -- global thead-pool (from: common/server.toml) + thread-pool: + + # -- global tracing (from: common/tracing.toml) + tracing: + method: "stdout" + level: "info" + + + ## + # server + ## + server: + # -- server hostname (from: common/server.toml) + hostname: "%{HOST}%" + + security: + # -- server security blocked-networks (from: common/server.toml) + blocked-networks: {} + # -- server security fail2ban (from: common/server.toml) + fail2ban: "100/1d" + + run-as: + # -- server run-as user (from: common/server.toml) + user: "stalwart-mail" + # -- server run-as group (from: common/server.toml) + group: "stalwart-mail" + + socket: + # -- server socket nodelay (from: common/server.toml) + nodelay: true + # -- server socket reuse-addr (from: common/server.toml) + reuse-addr: true + # -- server socket reuse-port (from: common/server.toml) + reuse-port: false + # -- server socket backlog (from: common/server.toml) + backlog: 1024 + # -- server socket ttl (from: common/server.toml) + ttl: 3600 + # -- server socket send-buffer-size (from: common/server.toml) + send-buffer-size: 65535 + # -- server socket recv-buffer-size (from: common/server.toml) + recv-buffer-size: 65535 + # -- server socket linger (from: common/server.toml) + linger: 1 + # -- server socket tos (from: common/server.toml) + tos: 1 + + tls: + # -- server tls enable (from: common/tls.toml) + enable: true + # -- server tls implicit (from: common/tls.toml) + implicit: false + # -- server tls timeout (from: common/tls.toml) + timeout: "1m" + # -- server tls certificate (from: common/tls.toml) + certificate: "default" + # -- server tls acme (from: common/tls.toml) + # example: "letsencrypt" + acme: + # -- server tls sni (from: common/tls.toml) + # example: [{subject: "", certificate: ""}] + sni: + # -- server tls protocols (from: common/tls.toml) + # example: ["TLSv1.2", "TLSv1.3"] + protocols: + # -- server tls #ciphers (from: common/tls.toml) + # example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256", + # "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + # "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + # "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] + ciphers: + # -- server tls ignore-client-order (from: common/tls.toml) + ignore-client-order: true + + # -- server listener listener: smtp: + protocol: "smtp" bind: ["[::]:25"] + smtp-submission: protocol: "smtp" - submission: bind: ["[::]:587"] + smtps: protocol: "smtp" - submissions: bind: ["[::]:465"] - protocol: "smtp" tls: implicit: true + + # -- server listener with name imap (from: imap/listener.toml) imap: bind: ["[::]:143"] protocol: "imap" - imaptls: + + # -- server listener with name imaps (from: imap/listener.toml) + imaps: bind: ["[::]:993"] protocol: "imap" tls: implicit: true - pop3: - bind: ["[::]:110"] - protocol: "pop3" - pop3s: - bind: ["[::]:995"] - protocol: "pop3" - tls: - implicit: true + + # -- server listener with name sieve (from: imap/listener.toml) sieve: bind: ["[::]:4190"] protocol: "managesieve" - http: - protocol: "http" - bind: ["[::]:80"] - https: - protocol: "http" - bind: ["[::]:443"] tls: implicit: true - allowed-ip: - "10.42.0.1/16": "" + + # -- jmap/listener.yaml + http: + protocol: "jmap" + bind: ["[::]:80"] + url: "https://%{HOST}%" + + + ## + # sieve + ## + + sieve: + untrusted: + # -- sieve untrusted disable-capabilities (from: common/sieve.toml) + disable-capabilities: [] + # -- sieve untrusted notification-uris (from: common/sieve.toml) + notification-uris: ["mailto"] + # -- sieve untrusted protected-headers (from: common/sieve.toml) + protected-headers: ["Original-Subject", "Original-From", "Received", "Auto-Submitted"] + + limits: + # -- sieve untrusted limit name-length (from: common/sieve.toml) + name-length: 512 + # -- sieve untrusted limit max-scripts (from: common/sieve.toml) + max-scripts: 256 + # -- sieve untrusted limit script-size (from: common/sieve.toml) + script-size: 102400 + # -- sieve untrusted limit string-length (from: common/sieve.toml) + string-length: 4096 + # -- sieve untrusted limit variable-name-length (from: common/sieve.toml) + variable-name-length: 32 + # -- sieve untrusted limit variable-size (from: common/sieve.toml) + variable-size: 4096 + # -- sieve untrusted limit nested-blocks (from: common/sieve.toml) + nested-blocks: 15 + # -- sieve untrusted limit nested-tests (from: common/sieve.toml) + nested-tests: 15 + # -- sieve untrusted limit nested-foreverypart (from: common/sieve.toml) + nested-foreverypart: 3 + # -- sieve untrusted limit match-variables (from: common/sieve.toml) + match-variables: 30 + # -- sieve untrusted limit local-variables (from: common/sieve.toml) + local-variables: 128 + # -- sieve untrusted limit header-size (from: common/sieve.toml) + header-size: 1024 + # -- sieve untrusted limit includes (from: common/sieve.toml) + includes: 3 + # -- sieve untrusted limit nested-includes (from: common/sieve.toml) + nested-includes: 3 + # -- sieve untrusted limit cpu (from: common/sieve.toml) + cpu: 5000 + # -- sieve untrusted limit redirects (from: common/sieve.toml) + redirects: 1 + # -- sieve untrusted limit received-headers (from: common/sieve.toml) + received-headers: 10 + # -- sieve untrusted limit outgoing-messages (from: common/sieve.toml) + outgoing-messages: 3 + + vacation: + # -- sieve untrusted vacation default-subject (from: common/sieve.toml) + default-subject: "Automated reply" + # -- sieve untrusted vacation subject-prefix (from: common/sieve.toml) + subject-prefix: "Auto: " + + default-expiry: + # -- sieve untrusted default-expiry vacation (from: common/sieve.toml) + vacation: "30d" + # -- sieve untrusted default-expiry duplicate (from: common/sieve.toml) + duplicate: "7d" + + trusted: + # -- sieve trusted from-name (from: common/sieve.toml) + from-name: "Automated Message" + # -- sieve trusted from-addr (from: common/sieve.toml) + from-addr: "no-reply@%{DEFAULT_DOMAIN}%" + # -- sieve trusted return-path (from: common/sieve.toml) + return-path: "" + # -- sieve trusted hostname (from: common/sieve.toml) + hostname: "%{HOST}%" + # -- sieve trusted no-capability-check (from: common/sieve.toml) + no-capability-check: true + # -- sieve trusted sign (from: common/sieve.toml) + sign: ["rsa"] + + limits: + # -- sieve trusted limits redirects (from: common/sieve.toml) + redirects: 3 + # -- sieve trusted limits out-messages (from: common/sieve.toml) + out-messages: 5 + # -- sieve trusted limits received-headers (from: common/sieve.toml) + received-headers: 50 + # -- sieve trusted limits cpu (from: common/sieve.toml) + cpu: 1048576 + # -- sieve trusted limits nested-includes (from: common/sieve.toml) + nested-includes: 5 + # -- sieve trusted limits duplicate-expiry (from: common/sieve.toml) + duplicate-expiry: "7d" + + scripts: + # -- sieve trusted scripts connect (from: common/sieve.toml) + connect: + # -- sieve trusted scripts ehlo (from: common/sieve.toml) + ehlo: + # -- sieve trusted scripts mail (from: common/sieve.toml) + mail: + + ## + # storage + ## storage: - data: "rocksdb" - fts: "rocksdb" - blob: "rocksdb" - lookup: "rocksdb" - directory: "internal" + # -- storage data (from: common/store.toml) + data: "%{DEFAULT_STORE}%" + # -- storage fts (from: common/store.toml) + # BROKEN / TODO + # see: https://github.com/stalwartlabs/mail-server/issues/211 + fts: "%{DEFAULT_STORE}%" + # -- storage blob (from: common/store.toml) + blob: "%{DEFAULT_STORE}%" + # -- storage lookup (from: common/store.toml) + lookup: "%{DEFAULT_STORE}%" + # -- storage directory (from: common/store.toml) + directory: "%{DEFAULT_DIRECTORY}%" + encryption: + # -- storage encryption enable (from: common/store.toml) + enable: true + # -- storage encryption append (from: common/store.toml) + append: false + spam: + # -- storage spam header (from: common/store.toml) + header: "X-Spam-Status: Yes" + # BROKEN / TODO + # should be fts: + # see: https://github.com/stalwartlabs/mail-server/issues/211 + fts-table-duplicated-workaround: + # -- storage - fts - default-language (from: common/store.toml) + default-language: "en" + cluster: + # -- storage - cluster - node-id (from: common/store.toml) + node-id: - store: - rocksdb: - type: rocksdb - path: "/data" - compression: "lz4" + + ## + # ACME + ## + + acme: + # -- acme with name letsencrypt (from: common/tls.toml) + letsencrypt: + # -- acme directory (from: common/tls.toml) + directory: "https://acme-v02.api.letsencrypt.org/directory" + # -- acme contact (from: common/tls.toml) + contact: ["postmaster@%{DEFAULT_DOMAIN}%"] + # -- acme cache (from: common/tls.toml) + cache: "/opt/stalwart-mail/etc/acme" + # -- acme port (from: common/tls.toml) + port: 443 + # -- acme renew-before (from: common/tls.toml) + renew-before: "30d" + + ## + # certificate + ## + + certificate: + # -- certificate with name default (from: common/tls.toml) + default: + # -- certificate cert (from: common/tls.toml) + cert: "file:///opt/stalwart-mail/etc/certs/tls.crt" + # -- certificate private-key (from: common/tls.toml) + private-key: "file:///opt/stalwart-mail/etc/certs/tls.key" + + + ## + # directory + ## directory: - internal: - type: "internal" - store: "rocksdb" - tracer: - otel: - enable: false - type: "open-telemetry" - level: "info" - # -- grpc or http - transport: "grpc" - endpoint: "https://127.0.0.1/otel" - # -- headers for usage with http (e.g. 'Authorization: ') - headers: [] - stdout: - enable: true - type: "stdout" - level: "info" - ansi: false + # -- directory - with name memory (from: directory/internal.yaml) + memory: + type: memory + # -- overwrite me, if not wanted + disable: false + options: + catch-all: true + subaddressing: true + principals: + - type: "admin" + description: "Superuser" + name: "admin" + secret: "changeme" + mail: + - "postmaster@%{DEFAULT_DOMAIN}%" - auth: - dkim: - # -- auth rule for signing with dkim - # @section -- DKIM - sign: - - if: "listener != 'smtp'" - then: "['rsa', 'ed25519']" + + ## + # store + ## + + store: + + # -- store - with name sqlite + sqlite: + type: "sqlite" + # -- overwrite me, if not wanted + disable: false + path: "/data/index.sqlite3" + purge: + frequency: "0 3 *" + query: + name: "SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true" + members: "SELECT member_of FROM group_members WHERE name = ?" + recipients: "SELECT name FROM emails WHERE address = ?" + emails: "SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC" + verify: "SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5" + expand: "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50" + domains: "SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1" + + # -- store - with name fs + fs: + type: "fs" + # -- overwrite me, if not wanted + disable: false + path: "/data/blobs" + depth: 2 + purge: + frequency: "0 3 *" + + + ## + # OAuth + ## + + oauth: + + # -- oauth - key + key: "__OAUTH_KEY__" + + # -- oauth - auth + auth: + max-attempts: 3 + + # -- oauth - expiry + expiry: + user-code: "30m" + auth-code: "10m" + token: "1h" + refresh-token: "30d" + refresh-token-renew: "4d" + + # -- oauth - cache + cache: + size: 128 + + + ## + # SMTP configuration (smtp/*.yaml) + ## + + + ## + # query (from: smtp/queue.yaml) + ## + + queue: + # -- queue-path + path: "/data/queue" + # -- queue-hash + hash: 64 + + # -- queue-schedule + schedule: + retry: "[2m, 5m, 10m, 15m, 30m, 1h, 2h]" + notify: "[1d, 3d]" + expire: "5d" + + # -- queue-outbound + outbound: + # hostname: "%{HOST}%" + next-hop: + - if: "is_local_domain('%{DEFAULT_DIRECTORY}%', rcpt_domain)" + then: "'local'" - else: false - # -- verify of dkim signature (relaxed, strict, disable) - # @section -- DKIM - verify: "relaxed" + ip-strategy: "ipv4_then_ipv6" + tls: + dane: "optional" + mta-sts: "optional" + starttls: "require" + allow-invalid-certs: false + limits: + mx: 7 + multihomed: 2 + timeouts: + connect: "3m" + greeting: "3m" + tls: "2m" + ehlo: "3m" + mail-from: "3m" + rcpt-to: "3m" + data: "10m" + mta-sts: "2m" + quota: + - match: + # match: "sender_domain = 'foobar.org'" + # key: ["rcpt"] + key: + messages: 100000 + # 10gb + size: 10737418240 + throttle: + - key: ["rcpt_domain"] + # rate: "100/1h" + rate: + concurrency: 5 - authentication: - fallback-admin: - # -- username for fallback authentfication - # @section -- Authentification - user: "admin" - # -- password for fallback authentfication (use env for store in secrets of kubernetes) - # @section -- Authentification - secret: "%{env:FALLBACK_ADMIN_SECRET}%" - metrics: - prometheus: - enable: true - auth: - username: "%{env:METRICS_USERNAME}%" - secret: "%{env:METRICS_SECRET}%" -secrets: - env: - # -- password for fallback authentfication (env) - # @section -- Authentification - FALLBACK_ADMIN_SECRET: supersecret - METRICS_USERNAME: "scrape_metrics_user" - METRICS_SECRET: "scrape_metrics_password" + ## + # Report (from: smtp/report.yaml) + ## + + report: + # -- report-path + path: "/data/reports" + # -- report-hash + hash: 64 + # submitter: "%{HOST}%" + + # -- report-analysis + analysis: + addresses: ["dmarc@*", "abuse@*", "postmaster@*"] + forward: true + # store: "/data/incoming" + + # -- report-dsn + dsn: + from-name: "'Mail Delivery Subsystem'" + from-address: "'MAILER-DAEMON@%{DEFAULT_DOMAIN}%'" + sign: "['rsa']" + + # -- report-dkim + dkim: + from-name: "'Report Subsystem'" + from-address: "'noreply-dkim@%{DEFAULT_DOMAIN}%'" + subject: "'DKIM Authentication Failure Report'" + sign: "['rsa']" + send: "[1, 1d]" + + # -- report-spf + spf: + from-name: "'Report Subsystem'" + from-address: "'noreply-spf@%{DEFAULT_DOMAIN}%'" + subject: "'SPF Authentication Failure Report'" + sign: "['rsa']" + send: "[1, 1d]" + + # -- report-dmarc + dmarc: + from-name: "'Report Subsystem'" + from-address: "'noreply-dmarc@%{DEFAULT_DOMAIN}%'" + subject: "'DMARC Authentication Failure Report'" + sign: "['rsa']" + send: "[1, 1d]" + aggregate: + from-name: "'DMARC Report'" + from-address: "'noreply-dmarc@%{DEFAULT_DOMAIN}%'" + org-name: "'%{DEFAULT_DOMAIN}%'" + # contact-info: "" + send: "daily" + # -- default: 25 mb + max-size: 26214400 + sign: "['rsa']" + + # -- report-tls + tls: + aggregate: + from-name: "'TLS Report'" + from-address: "'noreply-tls@%{DEFAULT_DOMAIN}%'" + org-name: "'%{DEFAULT_DOMAIN}%'" + # contact-info: "" + send: "daily" + # -- default: 25 mb + max-size: 26214400 + sign: "['rsa']" + + + ## + # resolver (from: smtp/resolver.yaml) + ## + + resolver: + # -- resolver-type + type: "system" + # -- resolver-preserve-intermediates + preserve-intermediates: true + # -- resolver-concurrency + concurrency: 2 + # -- resolver-timeout + timeout: "5s" + # -- resolver-attempts + attempts: 2 + # -- resolver-try-tcp-on-error + try-tcp-on-error: true + # -- resolver-public-suffix + public-suffix: + - "https://publicsuffix.org/list/public_suffix_list.dat" + - "file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz" + + # -- resolver-cache + cache: + txt: 2048 + mx: 1024 + ipv4: 1024 + ipv6: 1024 + ptr: 1024 + tlsa: 1024 + mta-sts: 1024 + + + ## + # signature (from: smtp/signature.yaml) + ## + + signature: + # -- signature-rsa + rsa: + # public-key: "file://opt/stalwart-mail/etc/dkim/%{DEFAULT_DOMAIN}%.cert" + private-key: "file://opt/stalwart-mail/etc/dkim/private.key" + domain: "%{DEFAULT_DOMAIN}%" + selector: "stalwart" + headers: ["From", "To", "Date", "Subject", "Message-ID"] + algorithm: "rsa-sha256" + canonicalization: "relaxed/relaxed" + # expire: "10d" + # third-party: "" + # third-party-algo: "" + # auid: "" + set-body-length: false + report: true + + + ## + # IMAP + ## + + imap: + request: + # -- imap request max-size (from: imap/settings.toml) + max-size: 52428800 + auth: + # -- imap auth max-failures(from: imap/settings.toml) + max-failures: 3 + # -- imap auth allow-plain-text (from: imap/settings.toml) + allow-plain-text: false + folders: + name: + # -- imap folders name shared (from: imap/settings.toml) + shared: "Shared Folders" + timeout: + # -- imap timeout authenticated (from: imap/settings.toml) + authenticated: "30m" + # -- imap timeout anonymous (from: imap/settings.toml) + anonymous: "1m" + # -- imap timeout idle (from: imap/settings.toml) + idle: "30m" + rate-limit: + # -- imap rate-limit requests (from: imap/settings.toml) + requests: "2000/1m" + # -- imap rate-limit concurrent (from: imap/settings.toml) + concurrent: 6 + protocol: + # -- imap protocol uidplus (from: imap/settings.toml) + uidplus: false + + + ## + # JMAP + ## + + jmap: + # -- jmap-directory (from: jmap/auth.yaml) + directory: "%{DEFAULT_DIRECTORY}%" + # -- jmap-session (from: jmap/auth.yaml) + session: + cache: + ttl: "1h" + size: 100 + purge: + frequency: "0 3 *" + + # -- jmap-protocol (from: jmap/protocol.yaml) + protocol: + get: + max-objects: 500 + set: + max-objects: 500 + request: + max-concurrent: 4 + max-size: 10000000 + max-calls: 16 + query: + max-results: 5000 + upload: + max-size: 50000000 + max-concurrent: 4 + ttl: "1h" + quota: + files: 1000 + size: 50000000 + changes: + max-results: 5000 + + # -- jmap-mailbox + mailbox: + max-depth: 10 + max-name-length: 255 + + # -- jmap-email + email: + max-attachment-size: 50000000 + max-size: 75000000 + + parse: + max-items: 10 + + # -- jmap-principal + principal: + allow-lookups: true + + # -- jmap-push (from: jmap/push.yaml) + push: + max-total: 100 + throttle: "1ms" + attempts: + interval: "1m" + max: 3 + retry: + interval: "1s" + timeout: + request: "10s" + verify: "1s" + + # -- jmap-event-source + event-source: + throttle: "1s" + + # -- jmap-rate-limit (from: jmap/ratelimit.yaml) + rate-limit: + account: "1000/1m" + authentication: "10/1m" + anonymous: "100/1m" + use-forwarded: true + cache: + size: 1024 + + # -- jmap-web-sockets (from: jmap/websocket.yaml) + web-sockets: + throttle: "1s" + timeout: "10m" + heartbeat: "1m" serviceAccount: # Specifies whether a service account should be created @@ -148,8 +743,6 @@ serviceAccount: podAnnotations: {} podLabels: {} -env: [] - podSecurityContext: {} # fsGroup: 2000 @@ -169,24 +762,12 @@ service: annotations: {} ports: smtp: 25 - submission: 587 - submissions: 465 + smtp-submission: 587 + smtps: 465 imap: 143 - imaptls: 993 - pop3: 110 - pop3s: 995 + imaps: 993 sieve: 4190 http: 80 - https: 443 - -livenessProbe: - httpGet: - path: /healthz/live - port: http -readinessProbe: - httpGet: - path: /healthz/ready - port: http ingress: enabled: false @@ -207,35 +788,9 @@ ingress: traefik: enabled: false ports: - smtp: - match: - entrypoint: smtp - proxyProtocol: true - submissions: - match: - entrypoint: smtps - proxyProtocol: true - passthroughTLS: true - imaptls: - match: - entrypoint: imaps - proxyProtocol: true - passthroughTLS: true - pop3s: - match: - entrypoint: pop3s - proxyProtocol: true - passthroughTLS: true - sieve: - match: - entrypoint: sieve - proxyProtocol: true - passthroughTLS: true - https: - match: - entrypoint: websecure - proxyProtocol: true - passthroughTLS: true + http: websecure + imaps: imaps + smtps: smtps certificate: # -- not needed if certmanager is used @@ -249,11 +804,6 @@ certificate: dnsNames: - "chart-example.local" -prometheus: - servicemonitor: - enabled: false - labels: {} - resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little