Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 4b4231d900bbf89a5d18415d526796e1ad0666f3 / . / app / matrix / prod.jsonnet
blob: 08b3c601344bf9cd58bf0dc11e4531baf5e17b1b [file] [log] [blame]
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]1# matrix.hackerspace.pl, a matrix/synapse instance
2# This needs a secret provisioned, create with:
3# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
4
5local kube = import "../../kube/kube.libsonnet";
6local postgres = import "../../kube/postgres.libsonnet";
7
8{
9 local app = self,
10 local cfg = app.cfg,
11 cfg:: {
12 namespace: "matrix",
13 image: "matrixdotorg/synapse:v0.99.3.2",
14 riotImage: "bubuntux/riot-web:v1.1.0",
15 domain: "matrix.hackerspace.pl",
16 serverName: "hackerspace.pl",
17 storageClassName: "waw-hdd-redundant-1",
18 },
19
20 metadata(component):: {
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]21 namespace: cfg.namespace,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]22 labels: {
23 "app.kubernetes.io/name": "matrix",
24 "app.kubernetes.io/managed-by": "kubecfg",
25 "app.kubernetes.io/component": component,
26 },
27 },
28
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]29 namespace: kube.Namespace(cfg.namespace),
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]30
31 postgres: postgres {
32 cfg+: {
33 namespace: cfg.namespace,
34 appName: "synapse",
35 database: "synapse",
36 username: "synapse",
37 password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
38 },
39 },
40
41 dataVolume: kube.PersistentVolumeClaim("synapse-data") {
42 metadata+: app.metadata("synapse-data"),
43 spec+: {
44 storageClassName: cfg.storageClassName,
45 accessModes: [ "ReadWriteOnce" ],
46 resources: {
47 requests: {
48 storage: "50Gi",
49 },
50 },
51 },
52 },
53 deployment: kube.Deployment("synapse") {
54 metadata+: app.metadata("synapse"),
55 spec+: {
56 replicas: 1,
57 template+: {
58 spec+: {
59 volumes_: {
60 data: kube.PersistentVolumeClaimVolume(app.dataVolume),
61 },
62 containers_: {
63 web: kube.Container("synapse") {
64 image: cfg.image,
65 ports_: {
66 http: { containerPort: 8008 },
67 },
68 env_: {
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]69 SYNAPSE_SERVER_NAME: cfg.serverName,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]70 SYNAPSE_REPORT_STATS: "no",
71 SYNAPSE_NO_TLS: "1",
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]72 SYNAPSE_ALLOW_GUEST: "yes",
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]73
74 POSTGRES_HOST: "postgres",
75 POSTGRES_USER: app.postgres.cfg.username,
76 POSTGRES_PORT: "5432",
77 POSTGRES_DB: app.postgres.cfg.database,
78 POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
79 },
80 volumeMounts_: {
81 data: { mountPath: "/data" },
82 },
83 },
84 },
85 },
86 },
87 },
88 },
89
90 riotConfig: kube.ConfigMap("riot-web-config") {
91 metadata+: app.metadata("riot-web-config"),
92 data: {
93 "config.json": std.manifestJsonEx({
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]94 "default_hs_url": "https://%s" % [cfg.domain],
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]95 "disable_custom_urls": false,
96 "disable_guests": false,
97 "disable_login_language_selector": false,
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]98 "disable_3pid_login": true,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]99 "brand": "Riot",
100 "integrations_ui_url": "https://scalar.vector.im/",
101 "integrations_rest_url": "https://scalar.vector.im/api",
102 "integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]103
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]104 "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
105 "features": {
106 "feature_groups": "labs",
107 "feature_pinning": "labs",
108 "feature_reactions": "labs"
109 },
110 "default_federate": true,
111 "default_theme": "light",
112 "roomDirectory": {
113 "servers": [
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame^]114 "hackerspace.pl"
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]115 ]
116 },
117 "welcomeUserId": "@riot-bot:matrix.org",
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]118 "enable_presence_by_hs_url": {
119 "https://matrix.org": false
120 }
121 }, ""),
122 },
123 },
124
125 riotDeployment: kube.Deployment("riot-web") {
126 metadata+: app.metadata("riot-web"),
127 spec+: {
128 replicas: 1,
129 template+: {
130 spec+: {
131 volumes_: {
132 config: kube.ConfigMapVolume(app.riotConfig),
133 },
134 containers_: {
135 web: kube.Container("synapse") {
136 image: cfg.riotImage,
137 ports_: {
138 http: { containerPort: 80 },
139 },
140 volumeMounts_: {
141 config: {
142 mountPath: "/etc/riot-web/config.json",
143 subPath: "config.json",
144 },
145 },
146 },
147 },
148 },
149 },
150 },
151 },
152
153 svc: kube.Service("synapse") {
154 metadata+: app.metadata("synapse"),
155 target_pod:: app.deployment.spec.template,
156 spec+: {
157 ports: [
158 { name: "http", port: 8008, protocol: "TCP" },
159 ],
160 type: "ClusterIP",
161 },
162 },
163
164 riotSvc: kube.Service("riot-web") {
165 metadata+: app.metadata("riot-web"),
166 target_pod:: app.riotDeployment.spec.template,
167 spec+: {
168 ports: [
169 { name: "http", port: 80, protocol: "TCP" },
170 ],
171 type: "ClusterIP",
172 },
173 },
174
175 ingress: kube.Ingress("synapse") {
176 metadata+: app.metadata("synapse") {
177 annotations+: {
178 "kubernetes.io/tls-acme": "true",
179 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
180 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
181 },
182 },
183 spec+: {
184 tls: [
185 {
186 hosts: [cfg.domain],
187 secretName: "synapse-tls",
188 },
189 ],
190 rules: [
191 {
192 host: cfg.domain,
193 http: {
194 paths: [
195 { path: "/", backend: app.riotSvc.name_port },
196 { path: "/_matrix", backend: app.svc.name_port },
197 ]
198 },
199 }
200 ],
201 },
202 },
203}