diff --git a/README.md b/README.md index d0b923e..3efa2e9 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,36 @@ # K3s cluster -| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status | -|-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|--------------------------------| -| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration | -| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed | -| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed | -| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Managed by Longhorn | Configured | Not available | Completed | -| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration | -| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab | -| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration | -| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab | -| Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | 4AM K8s CronJob | Configured | Not available | Completed | -| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | Not configured | Not configured | Not configured | Awaiting configuration | -| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS | -| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration | -| Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration | -| Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | -| Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | -| Jackett | Torrent indexer | Private | Plato | - |
?
| Not configured | Not configured | Not configured | Awaiting configuration | -| Deluge | Torrent client | Private | Plato | - |
?
| - | Not configured | Not configured | Awaiting configuration | -| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | -| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | -| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | -| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | -| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | -| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial | +| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status | +|-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|-----------------------------------| +| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration | +| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed | +| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Pending configuration1 | +| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Pending configuration2 | +| Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Awaiting configuration | +| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab | +| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration | +| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab | +| Vaultwarden | Password manager | Public | Pythagoras-b | MariaDB | - | 4AM K8s CronJob | Configured | Not available | Completed | +| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Pending configuration3 | +| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS | +| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration | +| Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration | +| Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | +| Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | +| Jackett | Torrent indexer | Private | Plato | - |
?
| Not configured | Not configured | Not configured | Awaiting configuration | +| Deluge | Torrent client | Private | Plato | - |
?
| - | Not configured | Not configured | Awaiting configuration | +| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | +| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | +| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | +| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | +| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | +| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial | \* Configuration panel only available internally
** Current implementation only support SQLite, making manual backups a necessity +1 Missing automated configuration pipeline for environment variable injection +2 Missing configuration for NAS volume mounting (over network) +3 Missing Longhorn scheduling for saving media_store and secret management ## Backup management ### Databases diff --git a/monitoring/prometheus/config-map.yaml b/monitoring/prometheus/config-map.yaml index e009197..266792f 100644 --- a/monitoring/prometheus/config-map.yaml +++ b/monitoring/prometheus/config-map.yaml @@ -31,6 +31,11 @@ data: - "alertmanager.monitoring.svc:9093" scrape_configs: + - job_name: 'synapse' + scrape_interval: 15s + metrics_path: "/_synapse/metrics" + static_configs: + - targets: ["synapse-svc.synapse.svc.cluster.local:9000"] - job_name: 'node-exporter' kubernetes_sd_configs: - role: endpoints diff --git a/synapse/backup-pvc.yaml b/synapse/backup-pvc.yaml new file mode 100644 index 0000000..83af038 --- /dev/null +++ b/synapse/backup-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: synapse-backup-pvc + namespace: synapse +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: flat-storage-class diff --git a/synapse/configmap.yaml b/synapse/configmap.yaml new file mode 100644 index 0000000..2610c3d --- /dev/null +++ b/synapse/configmap.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: synapse-config + namespace: synapse +data: + homeserver.yaml: | + enable_metrics: true + report_stats: false + server_name: "matrix.beta.halia.dev" + pid_file: "/data/homeserver.pid" + media_store_path: /data/media_store + trusted_key_servers: + - server_name: "matrix.org" + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + resources: + - names: [client, federation] + compress: false + - port: 9009 + tls: false + type: metrics + bind_addresses: ["0.0.0.0"] + database: + name: psycopg2 + args: + user: synapse + password: aberation + host: localhost + port: 5432 + cp_min: 5 + cp_max: 10 + keepalives_idle: 10 + keepalives_interval: 10 + keepalives_count: 3 + enable_registration: false + log_config: /data/matrix.beta.halia.dev.log.config + registration_shared_secret: "REDACTED" + form_secret: "REDACTED" + macaroon_secret_key: "REDACTED" + signing_key_path: /data/matrix.beta.halia.dev.signing.key + matrix.beta.halia.dev.log.config: | + version: 1 + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.storage.SQL: + level: INFO + root: + level: INFO + handlersr: [console] + disable_existing_loggers: false + + diff --git a/synapse/cronjob.yaml b/synapse/cronjob.yaml new file mode 100644 index 0000000..1f8e802 --- /dev/null +++ b/synapse/cronjob.yaml @@ -0,0 +1,25 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backup-job + namespace: synapse +spec: + schedule: "0 4 * * *" # Every day at 4AM + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + containers: + - name: postgres-backup + image: postgres:14-alpine3.15 + command: ["sh", "-c", "PGPASSWORD=aberation /usr/local/bin/pg_dumpall -U synapse -h synapse-svc.synapse.svc.cluster.local > /backup/synapse/backup-$(date +'%H_%M-%d_%m_%Y').sql"] + volumeMounts: + - name: synapse-backup + mountPath: /backup/synapse + subPath: synapse + volumes: + - name: synapse-backup + persistentVolumeClaim: + claimName: synapse-backup-pvc + restartPolicy: OnFailure diff --git a/synapse/deployment.yaml b/synapse/deployment.yaml new file mode 100644 index 0000000..982ec0c --- /dev/null +++ b/synapse/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse + namespace: synapse +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + template: + metadata: + labels: + app: synapse + spec: + nodeName: slave-1 + securityContext: + fsGroup: 991 + containers: + - name: synapse + image: matrixdotorg/synapse:latest + ports: + - containerPort: 8008 + - containerPort: 9009 + volumeMounts: + - mountPath: "/data" + name: synapse-data-pv + - mountPath: "/data/homeserver.yaml" + name: synapse-config-volume + subPath: homeserver.yaml + - mountPath: "/data/matrix.beta.halia.dev.log.config" + name: synapse-config-volume + subPath: matrix.beta.halia.dev.log.config + - name: synapse-db + image: postgres:14-alpine3.15 + env: + - name: POSTGRES_DB + value: "synapse" + - name: POSTGRES_USER + value: "synapse" + - name: POSTGRES_PASSWORD + value: "aberation" + - name: POSTGRES_INITDB_ARGS + value: "--encoding=UTF8 --locale=C" + volumeMounts: + - mountPath: "/var/lib/postgresql/data" + name: synapse-db-pv + volumes: + - name: synapse-db-pv + hostPath: + path: "/mnt/synapse/db" + - name: synapse-data-pv + hostPath: + path: "/mnt/synapse/data" + - name: synapse-config-volume + configMap: + name: synapse-config diff --git a/synapse/ingress.yaml b/synapse/ingress.yaml new file mode 100644 index 0000000..d5baf94 --- /dev/null +++ b/synapse/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse-ingress + namespace: synapse + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + tls: + - secretName: synapse-beta-tls + hosts: + - matrix.beta.halia.dev + rules: + - host: matrix.beta.halia.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: synapse-svc + port: + number: 80 diff --git a/synapse/namespace.yaml b/synapse/namespace.yaml new file mode 100644 index 0000000..4ffb611 --- /dev/null +++ b/synapse/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: synapse diff --git a/synapse/service.yaml b/synapse/service.yaml new file mode 100644 index 0000000..1f0651d --- /dev/null +++ b/synapse/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: synapse-svc + namespace: synapse +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8008 + - name: metrics + port: 9000 + protocol: TCP + targetPort: 9009 + - name: db + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: synapse