Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 5ff2ccf5dfded755ec90e5b84bcaf38eb82bb49b / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: 14a0366855da2e91f57df1891543796fe564bb0d [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
4
5matrix {
6 local app = self,
7 local cfg = app.cfg,
8 cfg+:: {
9 namespace: "matrix",
10 webDomain: "matrix.hackerspace.pl",
11 serverName: "hackerspace.pl",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]12 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]13 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]14 config+: {
15 allow_existing_users: true,
16 issuer: "https://sso.hackerspace.pl",
17 client_id: "matrix",
18 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
19 user_profile_method: "userinfo_endpoint",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame^]20 userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]21 client_auth_method: "client_secret_post",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame^]22 scopes: ["profile:read"],
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]23 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]24 },
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]25 mediaRepo+: {
26 enable: true,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]27 route: true,
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]28 s3+: {
29 endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
30 accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
31 secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
32 bucketName: "media-repo-matrix",
33 region: "eu",
34 },
35 db+: {
36 password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
37 },
38 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]39 },
40
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]41 riot+: {
42 config+: {
43 showLabsSettings: true,
44 },
45 },
46
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]47 synapse+: {
Piotr Dobrowolski529e1812021-02-13 19:44:37 +0100[diff] [blame]48 cfg+: {
49 appserviceWorker: true,
50 federationWorker: false,
51 },
52
53 config+: {
54 federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
55 },
56
Piotr Dobrowolski77af94d2021-09-16 22:17:58 +0200[diff] [blame]57 genericWorker+: {
58 deployment+: {
59 spec+: {
60 replicas: 4,
61 },
62 },
63 },
64
65 // Synapse media worker has been replaced by matrix-media-repo deployment
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]66 mediaWorker+: {
67 deployment+: {
68 spec+: {
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]69 replicas: 0,
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]70 },
71 },
72 },
73 },
74
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]75 // Bump up storage to 200Gi from default 100Gi, use different name. The
76 // new name corresponds to a manually migrated and sized-up PVC that
77 // contains data from the original waw3-postgres PVC.
78 postgres3+: {
79 volumeClaim+: {
80 metadata+: {
81 name: "waw3-postgres-2",
82 },
83 spec+: {
84 resources+: {
85 requests+: {
86 storage: "200Gi",
87 },
88 },
89 },
90 },
91 },
92
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]93 appservices: {
94 "irc-freenode": irc.AppServiceIrc("freenode") {
95 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]96 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]97 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]98 metadata: app.metadata("appservice-irc-freenode"),
99 // TODO(q3k): add labels to blessed nodes
100 nodeSelector: {
Piotr Dobrowolski356dd6d2021-01-31 18:09:49 +0100[diff] [blame]101 "kubernetes.io/hostname": "bc01n02.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]102 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]103 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]104 config+: {
105 homeserver+: {
106 url: "https://%s" % [cfg.webDomain],
107 domain: "%s" % [cfg.serverName],
108 },
109 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]110 permissions: {
111 "@q3k:hackerspace.pl": "admin",
112 "@informatic:hackerspace.pl": "admin",
113 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]114 ident: {
115 enabled: true,
116 port: 1113,
117 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]118 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]119 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]120 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]121 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]122 ircClients+: {
123 maxClients: 150,
124 },
125 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]126 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]127 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]128 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]129 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]130 },
131 name: "Libera Chat",
132 networkId: "libera",
133 dynamicChannels+: {
134 groupId: "+libera:hackerspace.pl",
135 aliasTemplate: "#libera_$CHANNEL",
136 },
137 matrixClients+: {
138 userTemplate:"@libera_$NICK",
139 },
140 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]141 },
142 },
143 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]144 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]145 },
146 },
147 "telegram-prod": telegram.AppServiceTelegram("prod") {
148 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]149 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]150 storageClassName: cfg.storageClassName,
151 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]152 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]153
154 config+: {
155 homeserver+: {
156 address: "https://%s" % [cfg.webDomain],
157 domain: cfg.serverName,
158 },
159 appservice+: {
160 id: "telegram",
161 },
162 telegram+: {
163 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
164 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
165 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
166 },
167 bridge+: {
168 permissions+: {
169 "hackerspace.pl": "puppeting",
170 "@q3k:hackerspace.pl": "admin",
171 },
172 },
173 },
174 },
175 },
176 },
177}