diff --git a/README.md b/README.md
index d0b923e..3efa2e9 100644
--- a/README.md
+++ b/README.md
@@ -1,33 +1,36 @@
# K3s cluster
-| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status |
-|-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|--------------------------------|
-| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
-| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
-| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed |
-| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Managed by Longhorn | Configured | Not available | Completed |
-| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
-| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
-| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
-| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab |
-| Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | 4AM K8s CronJob | Configured | Not available | Completed |
-| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | Not configured | Not configured | Not configured | Awaiting configuration |
-| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS |
-| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
-| Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration |
-| Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
-| Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
-| Jackett | Torrent indexer | Private | Plato | - |
? | Not configured | Not configured | Not configured | Awaiting configuration |
-| Deluge | Torrent client | Private | Plato | - | ? | - | Not configured | Not configured | Awaiting configuration |
-| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
-| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
-| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
-| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
-| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
-| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial |
+| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status |
+|-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|-----------------------------------|
+| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
+| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
+| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Pending configuration1 |
+| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Pending configuration2 |
+| Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Awaiting configuration |
+| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
+| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
+| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab |
+| Vaultwarden | Password manager | Public | Pythagoras-b | MariaDB | - | 4AM K8s CronJob | Configured | Not available | Completed |
+| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Pending configuration3 |
+| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS |
+| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
+| Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration |
+| Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
+| Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
+| Jackett | Torrent indexer | Private | Plato | - | ? | Not configured | Not configured | Not configured | Awaiting configuration |
+| Deluge | Torrent client | Private | Plato | - | ? | - | Not configured | Not configured | Awaiting configuration |
+| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
+| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
+| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
+| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
+| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
+| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial |
\* Configuration panel only available internally
** Current implementation only support SQLite, making manual backups a necessity
+1 Missing automated configuration pipeline for environment variable injection
+2 Missing configuration for NAS volume mounting (over network)
+3 Missing Longhorn scheduling for saving media_store and secret management
## Backup management
### Databases
diff --git a/monitoring/prometheus/config-map.yaml b/monitoring/prometheus/config-map.yaml
index e009197..266792f 100644
--- a/monitoring/prometheus/config-map.yaml
+++ b/monitoring/prometheus/config-map.yaml
@@ -31,6 +31,11 @@ data:
- "alertmanager.monitoring.svc:9093"
scrape_configs:
+ - job_name: 'synapse'
+ scrape_interval: 15s
+ metrics_path: "/_synapse/metrics"
+ static_configs:
+ - targets: ["synapse-svc.synapse.svc.cluster.local:9000"]
- job_name: 'node-exporter'
kubernetes_sd_configs:
- role: endpoints
diff --git a/synapse/backup-pvc.yaml b/synapse/backup-pvc.yaml
new file mode 100644
index 0000000..83af038
--- /dev/null
+++ b/synapse/backup-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: synapse-backup-pvc
+ namespace: synapse
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 5Gi
+ storageClassName: flat-storage-class
diff --git a/synapse/configmap.yaml b/synapse/configmap.yaml
new file mode 100644
index 0000000..2610c3d
--- /dev/null
+++ b/synapse/configmap.yaml
@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: synapse-config
+ namespace: synapse
+data:
+ homeserver.yaml: |
+ enable_metrics: true
+ report_stats: false
+ server_name: "matrix.beta.halia.dev"
+ pid_file: "/data/homeserver.pid"
+ media_store_path: /data/media_store
+ trusted_key_servers:
+ - server_name: "matrix.org"
+ listeners:
+ - port: 8008
+ tls: false
+ type: http
+ x_forwarded: true
+ resources:
+ - names: [client, federation]
+ compress: false
+ - port: 9009
+ tls: false
+ type: metrics
+ bind_addresses: ["0.0.0.0"]
+ database:
+ name: psycopg2
+ args:
+ user: synapse
+ password: aberation
+ host: localhost
+ port: 5432
+ cp_min: 5
+ cp_max: 10
+ keepalives_idle: 10
+ keepalives_interval: 10
+ keepalives_count: 3
+ enable_registration: false
+ log_config: /data/matrix.beta.halia.dev.log.config
+ registration_shared_secret: "REDACTED"
+ form_secret: "REDACTED"
+ macaroon_secret_key: "REDACTED"
+ signing_key_path: /data/matrix.beta.halia.dev.signing.key
+ matrix.beta.halia.dev.log.config: |
+ version: 1
+ formatters:
+ precise:
+ format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+ handlers:
+ console:
+ class: logging.StreamHandler
+ formatter: precise
+ loggers:
+ synapse.storage.SQL:
+ level: INFO
+ root:
+ level: INFO
+ handlersr: [console]
+ disable_existing_loggers: false
+
+
diff --git a/synapse/cronjob.yaml b/synapse/cronjob.yaml
new file mode 100644
index 0000000..1f8e802
--- /dev/null
+++ b/synapse/cronjob.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: backup-job
+ namespace: synapse
+spec:
+ schedule: "0 4 * * *" # Every day at 4AM
+ concurrencyPolicy: Forbid
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ containers:
+ - name: postgres-backup
+ image: postgres:14-alpine3.15
+ command: ["sh", "-c", "PGPASSWORD=aberation /usr/local/bin/pg_dumpall -U synapse -h synapse-svc.synapse.svc.cluster.local > /backup/synapse/backup-$(date +'%H_%M-%d_%m_%Y').sql"]
+ volumeMounts:
+ - name: synapse-backup
+ mountPath: /backup/synapse
+ subPath: synapse
+ volumes:
+ - name: synapse-backup
+ persistentVolumeClaim:
+ claimName: synapse-backup-pvc
+ restartPolicy: OnFailure
diff --git a/synapse/deployment.yaml b/synapse/deployment.yaml
new file mode 100644
index 0000000..982ec0c
--- /dev/null
+++ b/synapse/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: synapse
+ namespace: synapse
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: synapse
+ template:
+ metadata:
+ labels:
+ app: synapse
+ spec:
+ nodeName: slave-1
+ securityContext:
+ fsGroup: 991
+ containers:
+ - name: synapse
+ image: matrixdotorg/synapse:latest
+ ports:
+ - containerPort: 8008
+ - containerPort: 9009
+ volumeMounts:
+ - mountPath: "/data"
+ name: synapse-data-pv
+ - mountPath: "/data/homeserver.yaml"
+ name: synapse-config-volume
+ subPath: homeserver.yaml
+ - mountPath: "/data/matrix.beta.halia.dev.log.config"
+ name: synapse-config-volume
+ subPath: matrix.beta.halia.dev.log.config
+ - name: synapse-db
+ image: postgres:14-alpine3.15
+ env:
+ - name: POSTGRES_DB
+ value: "synapse"
+ - name: POSTGRES_USER
+ value: "synapse"
+ - name: POSTGRES_PASSWORD
+ value: "aberation"
+ - name: POSTGRES_INITDB_ARGS
+ value: "--encoding=UTF8 --locale=C"
+ volumeMounts:
+ - mountPath: "/var/lib/postgresql/data"
+ name: synapse-db-pv
+ volumes:
+ - name: synapse-db-pv
+ hostPath:
+ path: "/mnt/synapse/db"
+ - name: synapse-data-pv
+ hostPath:
+ path: "/mnt/synapse/data"
+ - name: synapse-config-volume
+ configMap:
+ name: synapse-config
diff --git a/synapse/ingress.yaml b/synapse/ingress.yaml
new file mode 100644
index 0000000..d5baf94
--- /dev/null
+++ b/synapse/ingress.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: synapse-ingress
+ namespace: synapse
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+spec:
+ tls:
+ - secretName: synapse-beta-tls
+ hosts:
+ - matrix.beta.halia.dev
+ rules:
+ - host: matrix.beta.halia.dev
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: synapse-svc
+ port:
+ number: 80
diff --git a/synapse/namespace.yaml b/synapse/namespace.yaml
new file mode 100644
index 0000000..4ffb611
--- /dev/null
+++ b/synapse/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: synapse
diff --git a/synapse/service.yaml b/synapse/service.yaml
new file mode 100644
index 0000000..1f0651d
--- /dev/null
+++ b/synapse/service.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: synapse-svc
+ namespace: synapse
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8008
+ - name: metrics
+ port: 9000
+ protocol: TCP
+ targetPort: 9009
+ - name: db
+ port: 5432
+ protocol: TCP
+ targetPort: 5432
+ selector:
+ app: synapse