infra/k8s/matrix/janky.solutions-homeserver.yaml
2024-09-07 21:56:18 -07:00

349 lines
9.3 KiB
YAML

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: homeserver-janky-solutions
spec:
selector:
matchLabels:
app: synapse
instance: janky.solutions
serviceName: homeserver-janky-solutions
replicas: 1
template:
metadata:
labels:
app: synapse
instance: janky.solutions
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8000"
prometheus.io/path: /_synapse/metrics
spec:
securityContext:
fsGroup: 991
fsGroupChangePolicy: "OnRootMismatch"
initContainers:
- name: initialize-homeserver-secrets
image: docker.io/library/python:3
command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"]
volumeMounts:
- name: init
mountPath: /init
- name: data
mountPath: /data
- name: config
mountPath: /config
envFrom:
- secretRef:
name: synapse-janky-solutions
- name: initialize-bridge-secrets
image: docker.io/library/python:3
command: ["python", "/init/initialize-secrets.py", "facebook.yaml", "telegram.yaml", "signal.yaml"]
volumeMounts:
- name: init
mountPath: /init
- name: data
mountPath: /data
- name: appservices
mountPath: /config
envFrom:
- secretRef:
name: synapse-janky-solutions
containers:
- image: git.janky.solutions/jankysolutions/infra/synapse:latest
name: synapse
resources: {}
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
- name: secrets
mountPath: /secrets
- name: appservices
mountPath: /appservices
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.janky.solutions
- name: SYNAPSE_REPORT_STATS
value: "no"
- name: TZ
value: America/Los_Angeles
- name: PGUSER
valueFrom:
secretKeyRef:
name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: matrix.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do
key: password
ports:
- name: http
containerPort: 8008
- name: metrics
containerPort: 8000
volumes:
- name: config
configMap:
name: synapse-janky-solutions
- name: appservices
configMap:
name: appservices-janky-solutions
- name: init
configMap:
name: secrets-init
- name: secrets
secret:
secretName: synapse-janky-solutions
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: homeserver-janky-solutions
spec:
ports:
- name: http
port: 8008
selector:
app: synapse
instance: janky.solutions
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sliding-sync-janky-solutions
spec:
replicas: 1
selector:
matchLabels:
app: sliding-sync-janky-solutions
template:
metadata:
labels:
app: sliding-sync-janky-solutions
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8081"
spec:
containers:
- name: sliding-sync
image: ghcr.io/matrix-org/sliding-sync:v0.99.19
env:
- name: SYNCV3_DB
value: user=slidingsync dbname=syncv3 host=janky-solutions-homeserver-database
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: slidingsync.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do
key: password
- name: SYNCV3_SERVER
value: https://matrix.janky.solutions
- name: SYNCV3_PROM
value: :8081
envFrom:
- secretRef:
name: sliding-sync-janky-solutions
ports:
- containerPort: 8008
name: http
- containerPort: 8081
name: metrics
resources:
limits:
cpu: 500m
memory: 500Mi
---
apiVersion: v1
kind: Service
metadata:
name: sliding-sync-janky-solutions
spec:
selector:
app: sliding-sync-janky-solutions
ports:
- port: 8008
name: http
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: homeserver-janky-solutions
spec:
routes:
- kind: Rule
match: Host(`matrix.janky.solutions`) && PathPrefix(`/_synapse/client`)
services:
- kind: Service
name: homeserver-janky-solutions
port: 8008
- kind: Rule
match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix`)
services:
- kind: Service
name: homeserver-janky-solutions
port: 8008
- kind: Rule
match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`)
services:
- kind: Service
name: sliding-sync-janky-solutions
port: 8008
- kind: Rule
match: Host(`matrix.janky.solutions`) && PathPrefix(`/client`)
services:
- kind: Service
name: sliding-sync-janky-solutions
port: 8008
- kind: Rule
match: Host(`matrix.janky.solutions`) && PathPrefix(`/_matrix/client/{version:.*}/{endpoint:(login|logout|refresh)}`)
services:
- kind: Service
name: mas-janky-solutions
port: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mas-janky-solutions
spec:
selector:
matchLabels:
app: mas-janky-solutions
template:
metadata:
labels:
app: mas-janky-solutions
spec:
initContainers:
- name: initialize-secrets
image: docker.io/library/python:3
command: ["python", "/init/initialize-secrets.py", "config.yaml"]
volumeMounts:
- name: init
mountPath: /init
- name: data
mountPath: /data
- name: config
mountPath: /config
envFrom:
- secretRef:
name: mas-janky-solutions
containers:
- name: mas-janky-solutions
image: ghcr.io/matrix-org/matrix-authentication-service:0.10
args: ["server", "-c", "/data/config.yaml"]
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: mas.janky-solutions-homeserver-database.credentials.postgresql.acid.zalan.do
key: password
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- name: http
containerPort: 8080
- name: health
containerPort: 8081
volumeMounts:
- name: data
mountPath: /data
- name: debug
image: library/debian:latest
command: ["bash", "-c", "while true; do sleep 300; done"]
resources: {}
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: config
configMap:
name: mas-janky-solutions
- name: init
configMap:
name: secrets-init
- name: data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: mas-janky-solutions
spec:
selector:
app: mas-janky-solutions
ports:
- port: 8080
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mas-janky-solutions
spec:
rules:
- host: matrix-auth.janky.solutions
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mas-janky-solutions
port:
name: http
---
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: janky-solutions-homeserver-database
spec:
teamId: matrix
volume:
size: 50Gi
numberOfInstances: 2
users:
superuser:
- superuser
- createdb
matrix: []
slidingsync: []
mas: []
databases:
matrix: matrix
syncv3: slidingsync
mas: mas
patroni:
initdb:
encoding: UTF8
locale: C
# pg_hba:
# - local all all trust
# - hostssl all +zalandos 127.0.0.1/32 pam
# - host all all 127.0.0.1/32 md5
# - hostssl all +zalandos ::1/128 pam
# - host all all ::1/128 md5
# - local replication standby trust
# - hostssl replication standby all md5
# - hostnossl all all all md5
# - hostssl all +zalandos all pam
# - hostssl all all all md5
# - host all all all md5
resources:
limits:
cpu: "4"
memory: 4Gi
postgresql:
version: "16"