| local matrix = import "lib/matrix-ng.libsonnet"; |
| local irc = import "lib/appservice-irc.libsonnet"; |
| local telegram = import "lib/appservice-telegram.libsonnet"; |
| |
| matrix { |
| local app = self, |
| local cfg = app.cfg, |
| cfg+:: { |
| namespace: "matrix-0x3c", |
| webDomain: "matrix.0x3c.pl", |
| serverName: "0x3c.pl", |
| |
| images+: { |
| # We are using patched version for 0x3c now, to not break other configs |
| casProxy: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.5", |
| }, |
| |
| oidc+: { |
| enable: true, |
| config+: { |
| allow_existing_users: true, |
| issuer: "https://0x3c.pl", |
| discover: false, |
| authorization_endpoint: "https://0x3c.pl/oauth/authorize", |
| token_endpoint: "https://0x3c.pl/oauth/token", |
| userinfo_endpoint: "https://0x3c.pl/api/v1/accounts/verify_credentials", |
| client_id: "YCWg1Qor9YstKn_yAHB_NT3GFAGqbnDFzIwyI_fCUWI", |
| client_secret: (std.split(importstr "secrets/plain/cas-proxy-0x3c-0auth2-secret", "\n"))[0], |
| scope: "read:accounts", |
| user_profile_method: "userinfo_endpoint", |
| client_auth_method: "client_secret_post", |
| }, |
| }, |
| }, |
| |
| synapse+: { |
| config+: { |
| presence: { |
| enabled: false, |
| }, |
| |
| background_updates+: { |
| background_update_duration_ms: 2000, |
| sleep_duration_ms: 50, |
| }, |
| }, |
| }, |
| |
| riotConfig+:: { |
| "brand": "Element - %s" % [cfg.serverName], |
| "branding": { |
| "welcomeBackgroundUrl": "https://media.0x3c.pl/file/0x3c-mastodon/0x3c-pixelsort.png" |
| }, |
| }, |
| |
| postgres3+: { |
| cfg+:: { |
| storageSize: "200Gi", |
| image: "postgres:14.6", |
| pgupgrade+: { |
| enable: true, |
| from: "10", |
| }, |
| initdbArgs: "--encoding='SQL_ASCII' --lc-collate='C' --lc-ctype='C'", |
| resources: { |
| requests: { |
| cpu: 2, |
| memory: "4Gi", |
| }, |
| limits: { |
| cpu: 2, |
| memory: "4Gi", |
| }, |
| }, |
| opts+: { |
| max_connections: 200, |
| shared_buffers: "1024MB", |
| work_mem: "%dMB" % [ (4096 * 0.25) / self.max_connections ], |
| }, |
| }, |
| volumeClaim+: { |
| metadata+: { |
| name: "waw3-postgres-2", |
| }, |
| }, |
| bouncer:: {} |
| }, |
| |
| appservices: { |
| "telegram-prod": telegram.AppServiceTelegram("prod") { |
| cfg+: { |
| image: cfg.images.appserviceTelegram, |
| storageClassName: cfg.storageClassName, |
| metadata: app.metadata("appservice-telegram-prod"), |
| |
| config+: { |
| homeserver+: { |
| address: "https://%s" % [cfg.webDomain], |
| domain: cfg.serverName, |
| }, |
| appservice+: { |
| id: "telegram", |
| bot_avatar: "https://media.0x3c.pl/file/0x3c-mastodon/posejbot2.png", |
| }, |
| telegram+: { |
| # not7cd: it may be convinient to use same bot credentials for both appservices |
| api_id: (std.split(importstr "secrets/plain/appservice-telegram-0x3c-api-id", "\n"))[0], |
| api_hash: (std.split(importstr "secrets/plain/appservice-telegram-0x3c-api-hash", "\n"))[0], |
| bot_token: (std.split(importstr "secrets/plain/appservice-telegram-0x3c-token", "\n"))[0], |
| }, |
| bridge+: { |
| permissions+: { |
| "0x3c.pl": "puppeting", |
| "@not7cd:0x3c.pl": "admin", // propabbly |
| "@q3k:0x3c.pl": "admin", |
| }, |
| displayname_template: "{displayname}[T]", |
| displayname_preference: [ |
| "username", |
| "full name", |
| "phone number", |
| ], |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |