apiVersion: apps/v1 kind: StatefulSet metadata: name: homeserver-janky-solutions spec: selector: matchLabels: app: synapse instance: janky.solutions serviceName: homeserver-janky-solutions replicas: 1 template: metadata: labels: app: synapse instance: janky.solutions annotations: prometheus.io/scrape: "true" prometheus.io/port: "8000" prometheus.io/path: /_synapse/metrics spec: securityContext: fsGroup: 991 fsGroupChangePolicy: "OnRootMismatch" initContainers: - name: initialize-homeserver-secrets image: docker.io/library/python:3 command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: config mountPath: /config envFrom: - secretRef: name: synapse-janky-solutions - name: initialize-bridge-secrets image: docker.io/library/python:3 command: ["python", "/init/initialize-secrets.py", "facebook.yaml", "telegram.yaml", "signal.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: appservices mountPath: /config envFrom: - secretRef: name: synapse-janky-solutions - secretRef: name: bridge-facebook - secretRef: name: bridge-signal containers: - image: git.janky.solutions/jankysolutions/infra/synapse:latest name: synapse resources: {} volumeMounts: - name: data mountPath: /data - name: config mountPath: /config - name: secrets mountPath: /secrets - name: appservices mountPath: /appservices env: - name: SYNAPSE_SERVER_NAME value: matrix.janky.solutions - name: SYNAPSE_REPORT_STATS value: "no" - name: TZ value: America/Los_Angeles - name: PGUSER valueFrom: secretKeyRef: name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: username - name: PGPASSWORD valueFrom: secretKeyRef: name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: password ports: - name: http containerPort: 8008 - name: metrics containerPort: 8000 volumes: - name: config configMap: name: synapse-janky-solutions - name: appservices configMap: name: appservices-janky-solutions - name: init configMap: name: secrets-init - name: secrets secret: secretName: synapse-janky-solutions volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 20Gi --- apiVersion: v1 kind: Service metadata: name: homeserver-janky-solutions spec: ports: - name: http port: 8008 selector: app: synapse instance: janky.solutions --- apiVersion: apps/v1 kind: Deployment metadata: name: sliding-sync-janky-solutions spec: replicas: 1 selector: matchLabels: app: sliding-sync-janky-solutions template: metadata: labels: app: sliding-sync-janky-solutions annotations: prometheus.io/scrape: "true" prometheus.io/port: "8081" spec: containers: - name: sliding-sync image: ghcr.io/matrix-org/sliding-sync:v0.99.19 env: - name: SYNCV3_DB value: user=slidingsync dbname=syncv3 host=janky-solutions-homeserver-database - name: PGPASSWORD valueFrom: secretKeyRef: name: slidingsync.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: password - name: SYNCV3_SERVER value: https://matrix.janky.solutions - name: SYNCV3_PROM value: :8081 envFrom: - secretRef: name: sliding-sync-janky-solutions ports: - containerPort: 8008 name: http - containerPort: 8081 name: metrics resources: limits: cpu: 500m memory: 500Mi --- apiVersion: v1 kind: Service metadata: name: sliding-sync-janky-solutions spec: selector: app: sliding-sync-janky-solutions ports: - port: 8008 name: http --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: homeserver-janky-solutions spec: routes: - kind: Rule match: Host(`matrix.janky.solutions`) && PathPrefix(`/_synapse/client`) services: - kind: Service name: homeserver-janky-solutions port: 8008 - kind: Rule match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix`) services: - kind: Service name: homeserver-janky-solutions port: 8008 - kind: Rule match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`) services: - kind: Service name: sliding-sync-janky-solutions port: 8008 - kind: Rule match: Host(`matrix.janky.solutions`) && PathPrefix(`/client`) services: - kind: Service name: sliding-sync-janky-solutions port: 8008 - kind: Rule match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix/client/{version:.*}/{endpoint:(login|logout|refresh)}`) services: - kind: Service name: mas-janky-solutions port: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: name: mas-janky-solutions spec: selector: matchLabels: app: mas-janky-solutions template: metadata: labels: app: mas-janky-solutions spec: initContainers: - name: initialize-secrets image: docker.io/library/python:3 command: ["python", "/init/initialize-secrets.py", "config.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: config mountPath: /config envFrom: - secretRef: name: mas-janky-solutions containers: - name: mas-janky-solutions image: ghcr.io/element-hq/matrix-authentication-service:0.12 args: ["server", "-c", "/data/config.yaml"] env: - name: PGPASSWORD valueFrom: secretKeyRef: name: mas.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: password resources: limits: memory: "128Mi" cpu: "500m" ports: - name: http containerPort: 8080 - name: health containerPort: 8081 volumeMounts: - name: data mountPath: /data - name: debug image: library/debian:latest command: ["bash", "-c", "while true; do sleep 300; done"] resources: {} volumeMounts: - name: data mountPath: /data volumes: - name: config configMap: name: mas-janky-solutions - name: init configMap: name: secrets-init - name: data emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: mas-janky-solutions spec: selector: app: mas-janky-solutions ports: - port: 8080 name: http --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: mas-janky-solutions spec: rules: - host: matrix-auth.janky.solutions http: paths: - path: / pathType: Prefix backend: service: name: mas-janky-solutions port: name: http --- apiVersion: "acid.zalan.do/v1" kind: postgresql metadata: name: janky-solutions-homeserver-database spec: teamId: matrix volume: size: 50Gi numberOfInstances: 2 users: superuser: - superuser - createdb matrix: [] slidingsync: [] mas: [] databases: matrix: matrix syncv3: slidingsync mas: mas patroni: initdb: encoding: UTF8 locale: C # pg_hba: # - local all all trust # - hostssl all +zalandos 127.0.0.1/32 pam # - host all all 127.0.0.1/32 md5 # - hostssl all +zalandos ::1/128 pam # - host all all ::1/128 md5 # - local replication standby trust # - hostssl replication standby all md5 # - hostnossl all all all md5 # - hostssl all +zalandos all pam # - hostssl all all all md5 # - host all all all md5 resources: limits: cpu: "4" memory: 4Gi postgresql: version: "16"