Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 2e191eae7be75838b493294b10caf8b55bddcf1e / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: fa5937e267eea328e92c9d369b7d1fef3b405aab [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
4
5matrix {
6 local app = self,
7 local cfg = app.cfg,
8 cfg+:: {
9 namespace: "matrix",
10 webDomain: "matrix.hackerspace.pl",
11 serverName: "hackerspace.pl",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]12 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]13 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]14 config+: {
15 allow_existing_users: true,
16 issuer: "https://sso.hackerspace.pl",
17 client_id: "matrix",
18 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
19 user_profile_method: "userinfo_endpoint",
20 client_auth_method: "client_secret_post",
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]21 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]22 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]23 },
24
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]25 riot+: {
26 config+: {
27 showLabsSettings: true,
28 },
29 },
30
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame^]31 // We really don't like restarting our media repository since it gets stuck
32 // on long fsck process of its 500G storage PVC.
33 // TODO(b/48) To be removed after migrating to matrix-media-repo/S3 storage
34 synapse+: {
35 mediaWorker+: {
36 deployment+: {
37 spec+: {
38 template+: {
39 spec+: {
40 containers_+: {
41 web+: {
42 image: "matrixdotorg/synapse:v1.35.1",
43 },
44 },
45 }
46 },
47 },
48 },
49 },
50 },
51
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]52 // Bump up storage to 200Gi from default 100Gi, use different name. The
53 // new name corresponds to a manually migrated and sized-up PVC that
54 // contains data from the original waw3-postgres PVC.
55 postgres3+: {
56 volumeClaim+: {
57 metadata+: {
58 name: "waw3-postgres-2",
59 },
60 spec+: {
61 resources+: {
62 requests+: {
63 storage: "200Gi",
64 },
65 },
66 },
67 },
68 },
69
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]70 appservices: {
71 "irc-freenode": irc.AppServiceIrc("freenode") {
72 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]73 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]74 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]75 metadata: app.metadata("appservice-irc-freenode"),
76 // TODO(q3k): add labels to blessed nodes
77 nodeSelector: {
Piotr Dobrowolski356dd6d2021-01-31 18:09:49 +0100[diff] [blame]78 "kubernetes.io/hostname": "bc01n02.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]79 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]80 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]81 config+: {
82 homeserver+: {
83 url: "https://%s" % [cfg.webDomain],
84 domain: "%s" % [cfg.serverName],
85 },
86 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]87 permissions: {
88 "@q3k:hackerspace.pl": "admin",
89 "@informatic:hackerspace.pl": "admin",
90 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]91 ident: {
92 enabled: true,
93 port: 1113,
94 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]95 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]96 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]97 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]98 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]99 ircClients+: {
100 maxClients: 150,
101 },
102 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]103 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]104 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]105 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]106 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]107 },
108 name: "Libera Chat",
109 networkId: "libera",
110 dynamicChannels+: {
111 groupId: "+libera:hackerspace.pl",
112 aliasTemplate: "#libera_$CHANNEL",
113 },
114 matrixClients+: {
115 userTemplate:"@libera_$NICK",
116 },
117 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]118 },
119 },
120 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]121 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]122 },
123 },
124 "telegram-prod": telegram.AppServiceTelegram("prod") {
125 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]126 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]127 storageClassName: cfg.storageClassName,
128 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]129 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]130
131 config+: {
132 homeserver+: {
133 address: "https://%s" % [cfg.webDomain],
134 domain: cfg.serverName,
135 },
136 appservice+: {
137 id: "telegram",
138 },
139 telegram+: {
140 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
141 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
142 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
143 },
144 bridge+: {
145 permissions+: {
146 "hackerspace.pl": "puppeting",
147 "@q3k:hackerspace.pl": "admin",
148 },
149 },
150 },
151 },
152 },
153 },
154}