| local matrix = import "lib/matrix-ng.libsonnet"; |
| local irc = import "lib/appservice-irc.libsonnet"; |
| local telegram = import "lib/appservice-telegram.libsonnet"; |
| |
| matrix { |
| local app = self, |
| local cfg = app.cfg, |
| cfg+:: { |
| namespace: "matrix", |
| webDomain: "matrix.hackerspace.pl", |
| serverName: "hackerspace.pl", |
| oidc+: { |
| enable: true, |
| config+: { |
| allow_existing_users: true, |
| issuer: "https://sso.hackerspace.pl", |
| client_id: "matrix", |
| client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } }, |
| user_profile_method: "userinfo_endpoint", |
| userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo", |
| client_auth_method: "client_secret_post", |
| scopes: ["profile:read"], |
| }, |
| }, |
| mediaRepo+: { |
| enable: true, |
| route: true, |
| s3+: { |
| endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""), |
| accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey, |
| secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey, |
| bucketName: "media-repo-matrix", |
| region: "eu", |
| }, |
| db+: { |
| password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""), |
| }, |
| }, |
| }, |
| |
| riot+: { |
| config+: { |
| showLabsSettings: true, |
| }, |
| }, |
| |
| synapse+: { |
| cfg+: { |
| appserviceWorker: true, |
| federationWorker: false, |
| }, |
| |
| config+: { |
| federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"] |
| }, |
| |
| genericWorker+: { |
| deployment+: { |
| spec+: { |
| replicas: 4, |
| }, |
| }, |
| }, |
| |
| // Synapse media worker has been replaced by matrix-media-repo deployment |
| mediaWorker+: { |
| deployment+: { |
| spec+: { |
| replicas: 0, |
| }, |
| }, |
| }, |
| }, |
| |
| // Bump up storage to 200Gi from default 100Gi, use different name. The |
| // new name corresponds to a manually migrated and sized-up PVC that |
| // contains data from the original waw3-postgres PVC. |
| postgres3+: { |
| volumeClaim+: { |
| metadata+: { |
| name: "waw3-postgres-2", |
| }, |
| spec+: { |
| resources+: { |
| requests+: { |
| storage: "200Gi", |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| appservices: { |
| "irc-freenode": irc.AppServiceIrc("freenode") { |
| cfg+: { |
| image: cfg.images.appserviceIRC, |
| storageClassName: "waw-hdd-redundant-3", |
| metadata: app.metadata("appservice-irc-freenode"), |
| // TODO(q3k): add labels to blessed nodes |
| nodeSelector: { |
| "kubernetes.io/hostname": "bc01n02.hswaw.net", |
| }, |
| bootstrapJob: false, |
| config+: { |
| homeserver+: { |
| url: "https://%s" % [cfg.webDomain], |
| domain: "%s" % [cfg.serverName], |
| }, |
| ircService+: { |
| permissions: { |
| "@q3k:hackerspace.pl": "admin", |
| "@informatic:hackerspace.pl": "admin", |
| }, |
| ident: { |
| enabled: true, |
| port: 1113, |
| }, |
| servers+: { |
| local servers = self, |
| "irc.freenode.net"+: { |
| mappings+: {}, |
| ircClients+: { |
| maxClients: 150, |
| }, |
| }, |
| "irc.libera.chat": servers["irc.freenode.net"] { |
| mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet", |
| ircClients+: { |
| maxClients: 150, |
| }, |
| name: "Libera Chat", |
| networkId: "libera", |
| dynamicChannels+: { |
| groupId: "+libera:hackerspace.pl", |
| aliasTemplate: "#libera_$CHANNEL", |
| }, |
| matrixClients+: { |
| userTemplate:"@libera_$NICK", |
| }, |
| }, |
| }, |
| }, |
| }, |
| passwordEncryptionKeySecret: "appservice-irc-password-encryption-key", |
| }, |
| }, |
| "telegram-prod": telegram.AppServiceTelegram("prod") { |
| cfg+: { |
| image: cfg.images.appserviceTelegram, |
| storageClassName: cfg.storageClassName, |
| metadata: app.metadata("appservice-telegram-prod"), |
| bootstrapJob: false, |
| |
| config+: { |
| homeserver+: { |
| address: "https://%s" % [cfg.webDomain], |
| domain: cfg.serverName, |
| }, |
| appservice+: { |
| id: "telegram", |
| }, |
| telegram+: { |
| api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0], |
| api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0], |
| bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0], |
| }, |
| bridge+: { |
| permissions+: { |
| "hackerspace.pl": "puppeting", |
| "@q3k:hackerspace.pl": "admin", |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |