apiVersion: apps/v1 kind: StatefulSet metadata: name: homeserver-janky-solutions spec: selector: matchLabels: app: synapse instance: janky.solutions serviceName: homeserver-janky-solutions replicas: 1 template: metadata: labels: app: synapse instance: janky.solutions annotations: prometheus.io/scrape: "true" prometheus.io/port: "8000" prometheus.io/path: /_synapse/metrics spec: securityContext: fsGroup: 991 fsGroupChangePolicy: "OnRootMismatch" initContainers: - name: initialize-homeserver-secrets image: library/python command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: config mountPath: /config envFrom: - secretRef: name: synapse-janky-solutions - name: initialize-bridge-secrets image: library/python command: ["python", "/init/initialize-secrets.py", "facebook.yaml", "telegram.yaml", "signal.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: appservices mountPath: /config envFrom: - secretRef: name: synapse-janky-solutions containers: - image: git.janky.solutions/jankysolutions/infra/synapse:latest name: synapse resources: {} volumeMounts: - name: data mountPath: /data - name: config mountPath: /config - name: secrets mountPath: /secrets - name: appservices mountPath: /appservices env: - name: SYNAPSE_SERVER_NAME value: matrix.janky.solutions - name: SYNAPSE_REPORT_STATS value: "no" - name: TZ value: America/Los_Angeles - name: PGUSER valueFrom: secretKeyRef: name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: username - name: PGPASSWORD valueFrom: secretKeyRef: name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do key: password ports: - name: http containerPort: 8008 - name: metrics containerPort: 8000 volumes: - name: config configMap: name: synapse-janky-solutions - name: appservices configMap: name: appservices-janky-solutions - name: init configMap: name: secrets-init - name: secrets secret: secretName: synapse-janky-solutions volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 20Gi --- apiVersion: v1 kind: Service metadata: name: homeserver-janky-solutions spec: ports: - name: http port: 8008 selector: app: synapse instance: janky.solutions --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: homeserver-janky-solutions annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: matrix.janky.solutions http: paths: - path: / pathType: Prefix backend: service: name: homeserver-janky-solutions port: name: http --- apiVersion: "acid.zalan.do/v1" kind: postgresql metadata: name: janky-solutions-homeserver-database spec: teamId: matrix volume: size: 10Gi numberOfInstances: 2 users: superuser: - superuser - createdb matrix: [] databases: matrix: matrix patroni: initdb: encoding: UTF8 locale: C pg_hba: - local all all trust - hostssl all +zalandos 127.0.0.1/32 pam - host all all 127.0.0.1/32 md5 - hostssl all +zalandos ::1/128 pam - host all all ::1/128 md5 - local replication standby trust - hostssl replication standby all md5 - hostnossl all all all reject - hostssl all +zalandos all pam - hostssl all all all md5 - host all all all md5 resources: limits: cpu: "4" memory: 4Gi postgresql: version: "16" --- apiVersion: v1 kind: Service metadata: name: janky-solutions-homeserver-database-nodeport namespace: matrix spec: type: NodePort ports: - name: postgresql port: 5432 nodePort: 30003 selector: k8s.home.finn.io: janky-solutions-homeserver-database spilo-role: master