feat(bridges): Add signal and messenger (meta)
This commit is contained in:
parent
24995c3a05
commit
5312a0eb0a
6
manifests/bridges/kustomization.yaml
Normal file
6
manifests/bridges/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ./signal
|
||||
- ./messenger
|
14
manifests/bridges/messenger/create_db.sh
Normal file
14
manifests/bridges/messenger/create_db.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Checking if $MESSENGER_DB database exists..."
|
||||
|
||||
if psql -lqt | cut -d \| -f 1 | grep -qw $MESSENGER_DB; then
|
||||
echo "Database exists, skipping creation"
|
||||
else
|
||||
echo "Database does not exist, creating..."
|
||||
createdb $MESSENGER_DB
|
||||
createuser $MESSENGER_USER
|
||||
psql -c "ALTER USER $MESSENGER_USER WITH ENCRYPTED PASSWORD '$MESSENGER_PASSWORD';"
|
||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE $MESSENGER_DB TO $MESSENGER_USER;"
|
||||
psql -c "ALTER DATABASE $MESSENGER_DB OWNER TO $MESSENGER_USER;"
|
||||
fi
|
46
manifests/bridges/messenger/job.yaml
Normal file
46
manifests/bridges/messenger/job.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: messenger-db-init
|
||||
namespace: synapse
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: messenger-db-init
|
||||
image: postgres:15.10
|
||||
command: ["/bin/bash", "/data/create_db.sh"]
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: synapse-db-rw.synapse.svc.cluster.local
|
||||
- name: PGUSER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: synapse-db-superuser
|
||||
key: username
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: synapse-db-superuser
|
||||
key: password
|
||||
- name: messenger_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mautrix-messenger-db
|
||||
key: username
|
||||
- name: messenger_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mautrix-messenger-db
|
||||
key: password
|
||||
- name: messenger_DB
|
||||
value: messenger
|
||||
volumeMounts:
|
||||
- name: create-db
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: create-db
|
||||
configMap:
|
||||
name: messenger-db-creation
|
||||
restartPolicy: Never
|
||||
backoffLimit: 4
|
19
manifests/bridges/messenger/kustomization.yaml
Normal file
19
manifests/bridges/messenger/kustomization.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: synapse
|
||||
|
||||
resources:
|
||||
- service.yaml
|
||||
- statefulset.yaml
|
||||
- secrets.yaml
|
||||
- job.yaml
|
||||
|
||||
generatorOptions:
|
||||
labels:
|
||||
app: messenger
|
||||
|
||||
configMapGenerator:
|
||||
- name: messenger-db-creation
|
||||
behavior: create
|
||||
files:
|
||||
- create_db.sh
|
24
manifests/bridges/messenger/secrets.yaml
Normal file
24
manifests/bridges/messenger/secrets.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: synapse-messenger-secrets
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.halis.io/athens-school/k3s-secrets
|
||||
targetRevision: prod-migration
|
||||
path: synapse/bridges/messenger
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=false
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- PruneLast=true
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: synapse
|
16
manifests/bridges/messenger/service.yaml
Normal file
16
manifests/bridges/messenger/service.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: messenger
|
||||
namespace: synapse
|
||||
labels:
|
||||
app.kubernetes.io/name: messenger
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 29319
|
||||
protocol: TCP
|
||||
targetPort: 29319
|
||||
selector:
|
||||
app: messenger
|
||||
publishNotReadyAddresses: true
|
36
manifests/bridges/messenger/statefulset.yaml
Normal file
36
manifests/bridges/messenger/statefulset.yaml
Normal file
@ -0,0 +1,36 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: messenger
|
||||
namespace: synapse
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: messenger
|
||||
serviceName: messenger
|
||||
replicas: 1
|
||||
minReadySeconds: 10
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: messenger
|
||||
spec:
|
||||
terminationGracePeriodSeconds: 10
|
||||
containers:
|
||||
- name: messenger
|
||||
image: dock.mau.dev/mautrix/meta:v0.4.2
|
||||
command: [
|
||||
"/usr/bin/mautrix-meta",
|
||||
"--config", "/data/config.yaml",
|
||||
"--no-update",
|
||||
]
|
||||
ports:
|
||||
- containerPort: 29328
|
||||
volumeMounts:
|
||||
- mountPath: "/data/config.yaml"
|
||||
name: messenger-config-file
|
||||
subPath: config.yaml
|
||||
volumes:
|
||||
- name: messenger-config-file
|
||||
secret:
|
||||
secretName: messenger-secret-config
|
14
manifests/bridges/signal/create_db.sh
Normal file
14
manifests/bridges/signal/create_db.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Checking if $SIGNAL_DB database exists..."
|
||||
|
||||
if psql -lqt | cut -d \| -f 1 | grep -qw $SIGNAL_DB; then
|
||||
echo "Database exists, skipping creation"
|
||||
else
|
||||
echo "Database does not exist, creating..."
|
||||
createdb $SIGNAL_DB
|
||||
createuser $SIGNAL_USER
|
||||
psql -c "ALTER USER $SIGNAL_USER WITH ENCRYPTED PASSWORD '$SIGNAL_PASSWORD';"
|
||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE $SIGNAL_DB TO $SIGNAL_USER;"
|
||||
psql -c "ALTER DATABASE $SIGNAL_DB OWNER TO $SIGNAL_USER;"
|
||||
fi
|
46
manifests/bridges/signal/job.yaml
Normal file
46
manifests/bridges/signal/job.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: signal-db-init
|
||||
namespace: synapse
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: signal-db-init
|
||||
image: postgres:15.10
|
||||
command: ["/bin/bash", "/data/create_db.sh"]
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: synapse-db-rw.synapse.svc.cluster.local
|
||||
- name: PGUSER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: synapse-db-superuser
|
||||
key: username
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: synapse-db-superuser
|
||||
key: password
|
||||
- name: SIGNAL_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mautrix-signal-db
|
||||
key: username
|
||||
- name: SIGNAL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mautrix-signal-db
|
||||
key: password
|
||||
- name: SIGNAL_DB
|
||||
value: signal
|
||||
volumeMounts:
|
||||
- name: create-db
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: create-db
|
||||
configMap:
|
||||
name: signal-db-creation
|
||||
restartPolicy: Never
|
||||
backoffLimit: 4
|
19
manifests/bridges/signal/kustomization.yaml
Normal file
19
manifests/bridges/signal/kustomization.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: synapse
|
||||
|
||||
resources:
|
||||
- service.yaml
|
||||
- statefulset.yaml
|
||||
- secrets.yaml
|
||||
- job.yaml
|
||||
|
||||
generatorOptions:
|
||||
labels:
|
||||
app: signal
|
||||
|
||||
configMapGenerator:
|
||||
- name: signal-db-creation
|
||||
behavior: create
|
||||
files:
|
||||
- create_db.sh
|
24
manifests/bridges/signal/secrets.yaml
Normal file
24
manifests/bridges/signal/secrets.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: synapse-signal-secrets
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.halis.io/athens-school/k3s-secrets
|
||||
targetRevision: prod-migration
|
||||
path: synapse/bridges/signal
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=false
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- PruneLast=true
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: synapse
|
16
manifests/bridges/signal/service.yaml
Normal file
16
manifests/bridges/signal/service.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: signal
|
||||
namespace: synapse
|
||||
labels:
|
||||
app.kubernetes.io/name: signal
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 29328
|
||||
protocol: TCP
|
||||
targetPort: 29328
|
||||
selector:
|
||||
app: signal
|
||||
publishNotReadyAddresses: true
|
36
manifests/bridges/signal/statefulset.yaml
Normal file
36
manifests/bridges/signal/statefulset.yaml
Normal file
@ -0,0 +1,36 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: signal
|
||||
namespace: synapse
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: signal
|
||||
serviceName: signal
|
||||
replicas: 1
|
||||
minReadySeconds: 10
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: signal
|
||||
spec:
|
||||
terminationGracePeriodSeconds: 10
|
||||
containers:
|
||||
- name: signal
|
||||
image: dock.mau.dev/mautrix/signal:v0.7.3
|
||||
command: [
|
||||
"/usr/bin/mautrix-signal",
|
||||
"--config", "/data/config.yaml",
|
||||
"--no-update",
|
||||
]
|
||||
ports:
|
||||
- containerPort: 29328
|
||||
volumeMounts:
|
||||
- mountPath: "/data/config.yaml"
|
||||
name: signal-config-file
|
||||
subPath: config.yaml
|
||||
volumes:
|
||||
- name: signal-config-file
|
||||
secret:
|
||||
secretName: signal-secret-config
|
@ -4,7 +4,7 @@ metadata:
|
||||
name: synapse-config
|
||||
namespace: synapse
|
||||
data:
|
||||
matrix.beta.halia.dev.log.config: |
|
||||
matrix.halis.io.log.config: |
|
||||
version: 1
|
||||
formatters:
|
||||
precise:
|
||||
|
10
manifests/database-backup.yaml
Normal file
10
manifests/database-backup.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: synapse-db-backup
|
||||
namespace: synapse
|
||||
spec:
|
||||
schedule: "0 0 0 * * *"
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: synapse-db
|
@ -9,7 +9,7 @@ spec:
|
||||
|
||||
storage:
|
||||
size: 5Gi
|
||||
storageClass: redundant-storage-class
|
||||
storageClass: local-path
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
@ -22,6 +22,24 @@ spec:
|
||||
pg_hba:
|
||||
- host all all all md5
|
||||
|
||||
backup:
|
||||
barmanObjectStore:
|
||||
destinationPath: "s3://halis/cloudnativepg"
|
||||
endpointURL: https://s3.halia.dev
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: s3-secret
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: s3-secret
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
region:
|
||||
name: s3-secret
|
||||
key: AWS_REGION
|
||||
wal:
|
||||
compression: gzip
|
||||
maxParallel: 8
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
|
@ -4,7 +4,7 @@ metadata:
|
||||
name: synapse
|
||||
namespace: synapse
|
||||
spec:
|
||||
replicas: 2
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: synapse
|
||||
@ -13,18 +13,11 @@ spec:
|
||||
labels:
|
||||
app: synapse
|
||||
spec:
|
||||
topologySpreadConstraints:
|
||||
- maxSkrew: 1
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: synapse
|
||||
securityContext:
|
||||
fsGroup: 991
|
||||
containers:
|
||||
- name: synapse
|
||||
image: matrixdotorg/synapse:latest
|
||||
image: ghcr.io/element-hq/synapse:v1.119.0
|
||||
ports:
|
||||
- containerPort: 8008
|
||||
- containerPort: 9009
|
||||
@ -34,9 +27,15 @@ spec:
|
||||
- mountPath: "/data/homeserver.yaml"
|
||||
name: synapse-config-file
|
||||
subPath: homeserver.yaml
|
||||
- mountPath: "/data/matrix.beta.halia.dev.log.config"
|
||||
- mountPath: "/data/matrix.halis.io.log.config"
|
||||
name: synapse-log-config-file
|
||||
subPath: matrix.beta.halia.dev.log.config
|
||||
subPath: matrix.halis.io.log.config
|
||||
- mountPath: "/data/double-puppeting.yaml"
|
||||
name: synapse-secret-doublepuppeting
|
||||
subPath: double-puppeting.yaml
|
||||
- mountPath: "/data/signal.yaml"
|
||||
name: signal-secret-registration
|
||||
subPath: signal.yaml
|
||||
volumes:
|
||||
- name: synapse-data
|
||||
persistentVolumeClaim:
|
||||
@ -47,3 +46,9 @@ spec:
|
||||
- name: synapse-log-config-file
|
||||
configMap:
|
||||
name: synapse-config
|
||||
- name: synapse-secret-doublepuppeting
|
||||
secret:
|
||||
secretName: synapse-secret-doublepuppeting
|
||||
- name: signal-secret-registration
|
||||
secret:
|
||||
secretName: signal-secret-registration
|
||||
|
@ -1,23 +1,26 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: synapse-ingress
|
||||
namespace: synapse
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "traefik"
|
||||
name: synapse-ingress
|
||||
namespace: synapse
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
kubernetes.io/ingress.class: nginx-external
|
||||
acme.cert-manager.io/http01-edit-in-place: "true"
|
||||
spec:
|
||||
tls:
|
||||
- secretName: synapse-beta-tls
|
||||
hosts:
|
||||
- matrix.beta.halia.dev
|
||||
rules:
|
||||
- host: matrix.beta.halia.dev
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: synapse-svc
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- matrix.halis.io
|
||||
secretName: matrix-halis-io-tls
|
||||
ingressClassName: nginx-external
|
||||
rules:
|
||||
- host: matrix.halis.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: synapse-svc
|
||||
port:
|
||||
number: 80
|
||||
|
@ -5,9 +5,11 @@ resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- database.yaml
|
||||
- database-backup.yaml
|
||||
- service.yaml
|
||||
- servicemonitor.yaml
|
||||
- ingress.yaml
|
||||
- configmap.yaml
|
||||
- secrets.yaml
|
||||
- deployment.yaml
|
||||
|
||||
- ./bridges
|
||||
|
@ -3,10 +3,13 @@ kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: synapse-pvc
|
||||
namespace: synapse
|
||||
labels:
|
||||
recurring-job.longhorn.io/source: enabled
|
||||
recurring-job-group.longhorn.io/standard-pvc: enabled
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: redundant-storage-class
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: redundant-storage-class
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
|
24
manifests/secrets.yaml
Normal file
24
manifests/secrets.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: synapse-secrets
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.halis.io/athens-school/k3s-secrets
|
||||
targetRevision: prod-migration
|
||||
path: synapse
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=false
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- PruneLast=true
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: synapse
|
Loading…
Reference in New Issue
Block a user