feat(synapse): Add basic Matrix configuration

Added different manifests for deployment, routing, backups and configuration around Synapse server for Matrix.
This commit is contained in:
Tanguy Herbron 2022-09-24 01:03:07 +02:00
parent 802eef042e
commit 20f32fd24b
9 changed files with 237 additions and 25 deletions

View File

@ -1,33 +1,36 @@
# K3s cluster # K3s cluster
| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status | | Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Status |
|-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|--------------------------------| |-------------------------|--------------------------------------|---------------|--------------|------------|----------------------|----------------------|------------------|------------------------|-----------------------------------|
| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration | | therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed | | Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed | | Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Pending configuration<sup>1</sup> |
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Managed by Longhorn | Configured | Not available | Completed | | Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Pending configuration<sup>2</sup> |
| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration | | Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Awaiting configuration |
| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab | | Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration | | Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab | | Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to VuePress and Gitlab |
| Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | 4AM K8s CronJob | Configured | Not available | Completed | | Vaultwarden | Password manager | Public | Pythagoras-b | MariaDB | - | 4AM K8s CronJob | Configured | Not available | Completed |
| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | Not configured | Not configured | Not configured | Awaiting configuration | | Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Pending configuration<sup>3</sup> |
| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS | | PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | Research migration into OCIS |
| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration | | Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
| Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration | | Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Not configured | Awaiting configuration |
| Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | | Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
| Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration | | Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | Not configured | Not configured | Not configured | Awaiting configuration |
| Jackett | Torrent indexer | Private | Plato | - | <center> ? </center> | Not configured | Not configured | Not configured | Awaiting configuration | | Jackett | Torrent indexer | Private | Plato | - | <center> ? </center> | Not configured | Not configured | Not configured | Awaiting configuration |
| Deluge | Torrent client | Private | Plato | - | <center> ? </center> | - | Not configured | Not configured | Awaiting configuration | | Deluge | Torrent client | Private | Plato | - | <center> ? </center> | - | Not configured | Not configured | Awaiting configuration |
| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | | Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | | Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration | | Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | Awaiting configuration |
| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | | Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial | | Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Partial |
| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial | | Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Partial |
\* Configuration panel only available internally<br> \* Configuration panel only available internally<br>
** Current implementation only support SQLite, making manual backups a necessity ** Current implementation only support SQLite, making manual backups a necessity
<sup>1</sup> Missing automated configuration pipeline for environment variable injection
<sup>2</sup> Missing configuration for NAS volume mounting (over network)
<sup>3</sup> Missing Longhorn scheduling for saving media_store and secret management
## Backup management ## Backup management
### Databases ### Databases

View File

@ -31,6 +31,11 @@ data:
- "alertmanager.monitoring.svc:9093" - "alertmanager.monitoring.svc:9093"
scrape_configs: scrape_configs:
- job_name: 'synapse'
scrape_interval: 15s
metrics_path: "/_synapse/metrics"
static_configs:
- targets: ["synapse-svc.synapse.svc.cluster.local:9000"]
- job_name: 'node-exporter' - job_name: 'node-exporter'
kubernetes_sd_configs: kubernetes_sd_configs:
- role: endpoints - role: endpoints

12
synapse/backup-pvc.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: synapse-backup-pvc
namespace: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: flat-storage-class

62
synapse/configmap.yaml Normal file
View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: synapse-config
namespace: synapse
data:
homeserver.yaml: |
enable_metrics: true
report_stats: false
server_name: "matrix.beta.halia.dev"
pid_file: "/data/homeserver.pid"
media_store_path: /data/media_store
trusted_key_servers:
- server_name: "matrix.org"
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
- port: 9009
tls: false
type: metrics
bind_addresses: ["0.0.0.0"]
database:
name: psycopg2
args:
user: synapse
password: aberation
host: localhost
port: 5432
cp_min: 5
cp_max: 10
keepalives_idle: 10
keepalives_interval: 10
keepalives_count: 3
enable_registration: false
log_config: /data/matrix.beta.halia.dev.log.config
registration_shared_secret: "REDACTED"
form_secret: "REDACTED"
macaroon_secret_key: "REDACTED"
signing_key_path: /data/matrix.beta.halia.dev.signing.key
matrix.beta.halia.dev.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
level: INFO
root:
level: INFO
handlersr: [console]
disable_existing_loggers: false

25
synapse/cronjob.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup-job
namespace: synapse
spec:
schedule: "0 4 * * *" # Every day at 4AM
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: postgres-backup
image: postgres:14-alpine3.15
command: ["sh", "-c", "PGPASSWORD=aberation /usr/local/bin/pg_dumpall -U synapse -h synapse-svc.synapse.svc.cluster.local > /backup/synapse/backup-$(date +'%H_%M-%d_%m_%Y').sql"]
volumeMounts:
- name: synapse-backup
mountPath: /backup/synapse
subPath: synapse
volumes:
- name: synapse-backup
persistentVolumeClaim:
claimName: synapse-backup-pvc
restartPolicy: OnFailure

57
synapse/deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: synapse
namespace: synapse
spec:
replicas: 1
selector:
matchLabels:
app: synapse
template:
metadata:
labels:
app: synapse
spec:
nodeName: slave-1
securityContext:
fsGroup: 991
containers:
- name: synapse
image: matrixdotorg/synapse:latest
ports:
- containerPort: 8008
- containerPort: 9009
volumeMounts:
- mountPath: "/data"
name: synapse-data-pv
- mountPath: "/data/homeserver.yaml"
name: synapse-config-volume
subPath: homeserver.yaml
- mountPath: "/data/matrix.beta.halia.dev.log.config"
name: synapse-config-volume
subPath: matrix.beta.halia.dev.log.config
- name: synapse-db
image: postgres:14-alpine3.15
env:
- name: POSTGRES_DB
value: "synapse"
- name: POSTGRES_USER
value: "synapse"
- name: POSTGRES_PASSWORD
value: "aberation"
- name: POSTGRES_INITDB_ARGS
value: "--encoding=UTF8 --locale=C"
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: synapse-db-pv
volumes:
- name: synapse-db-pv
hostPath:
path: "/mnt/synapse/db"
- name: synapse-data-pv
hostPath:
path: "/mnt/synapse/data"
- name: synapse-config-volume
configMap:
name: synapse-config

23
synapse/ingress.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: synapse-ingress
namespace: synapse
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
tls:
- secretName: synapse-beta-tls
hosts:
- matrix.beta.halia.dev
rules:
- host: matrix.beta.halia.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: synapse-svc
port:
number: 80

4
synapse/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: synapse

21
synapse/service.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: synapse-svc
namespace: synapse
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8008
- name: metrics
port: 9000
protocol: TCP
targetPort: 9009
- name: db
port: 5432
protocol: TCP
targetPort: 5432
selector:
app: synapse