Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 690ed45f66f3a79a73ee48dbd176e1f51b77b315 / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: 4199e0e43927331ffddd6e45986ef96e0b45dad2 [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
4
5matrix {
6 local app = self,
7 local cfg = app.cfg,
8 cfg+:: {
9 namespace: "matrix",
10 webDomain: "matrix.hackerspace.pl",
11 serverName: "hackerspace.pl",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]12 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]13 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]14 config+: {
15 allow_existing_users: true,
16 issuer: "https://sso.hackerspace.pl",
17 client_id: "matrix",
18 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
19 user_profile_method: "userinfo_endpoint",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]20 userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]21 client_auth_method: "client_secret_post",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]22 scopes: ["profile:read"],
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]23 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]24 },
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]25 mediaRepo+: {
26 enable: true,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]27 route: true,
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]28 s3+: {
29 endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
30 accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
31 secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
32 bucketName: "media-repo-matrix",
33 region: "eu",
34 },
35 db+: {
36 password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
37 },
38 },
Piotr Dobrowolski690ed452022-05-07 11:27:24 +0200[diff] [blame^]39 coturn+: {
40 enable: true,
41 config+: {
42 domain: "turn.hackerspace.pl",
43 loadBalancerIP: "185.236.240.59",
44 },
45 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]46 },
47
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]48 riot+: {
49 config+: {
50 showLabsSettings: true,
51 },
52 },
53
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]54 synapse+: {
Piotr Dobrowolski529e1812021-02-13 19:44:37 +0100[diff] [blame]55 cfg+: {
56 appserviceWorker: true,
57 federationWorker: false,
58 },
59
60 config+: {
61 federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
62 },
63
Piotr Dobrowolski77af94d2021-09-16 22:17:58 +0200[diff] [blame]64 genericWorker+: {
65 deployment+: {
66 spec+: {
67 replicas: 4,
68 },
69 },
70 },
71
72 // Synapse media worker has been replaced by matrix-media-repo deployment
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]73 mediaWorker+: {
74 deployment+: {
75 spec+: {
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]76 replicas: 0,
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]77 },
78 },
79 },
80 },
81
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]82 // Bump up storage to 200Gi from default 100Gi, use different name. The
83 // new name corresponds to a manually migrated and sized-up PVC that
84 // contains data from the original waw3-postgres PVC.
85 postgres3+: {
86 volumeClaim+: {
87 metadata+: {
88 name: "waw3-postgres-2",
89 },
90 spec+: {
91 resources+: {
92 requests+: {
93 storage: "200Gi",
94 },
95 },
96 },
97 },
98 },
99
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]100 appservices: {
101 "irc-freenode": irc.AppServiceIrc("freenode") {
102 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]103 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]104 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]105 metadata: app.metadata("appservice-irc-freenode"),
106 // TODO(q3k): add labels to blessed nodes
107 nodeSelector: {
Piotr Dobrowolski356dd6d2021-01-31 18:09:49 +0100[diff] [blame]108 "kubernetes.io/hostname": "bc01n02.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]109 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]110 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]111 config+: {
112 homeserver+: {
113 url: "https://%s" % [cfg.webDomain],
114 domain: "%s" % [cfg.serverName],
115 },
116 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]117 permissions: {
118 "@q3k:hackerspace.pl": "admin",
119 "@informatic:hackerspace.pl": "admin",
120 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]121 ident: {
122 enabled: true,
123 port: 1113,
124 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]125 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]126 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]127 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]128 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]129 ircClients+: {
130 maxClients: 150,
131 },
132 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]133 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]134 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]135 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]136 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]137 },
138 name: "Libera Chat",
139 networkId: "libera",
140 dynamicChannels+: {
141 groupId: "+libera:hackerspace.pl",
142 aliasTemplate: "#libera_$CHANNEL",
143 },
144 matrixClients+: {
145 userTemplate:"@libera_$NICK",
146 },
147 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]148 },
149 },
150 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]151 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]152 },
153 },
154 "telegram-prod": telegram.AppServiceTelegram("prod") {
155 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]156 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]157 storageClassName: cfg.storageClassName,
158 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]159 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]160
161 config+: {
162 homeserver+: {
163 address: "https://%s" % [cfg.webDomain],
164 domain: cfg.serverName,
165 },
166 appservice+: {
167 id: "telegram",
168 },
169 telegram+: {
170 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
171 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
172 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
173 },
174 bridge+: {
175 permissions+: {
176 "hackerspace.pl": "puppeting",
177 "@q3k:hackerspace.pl": "admin",
178 },
179 },
180 },
181 },
182 },
183 },
184}