Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 8b9c8f9a03595ef6cbf74284d3f937e8458ad3c7 / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: fe6fce44734509079f1f533546c9b2ada16e34d1 [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
4
5matrix {
6 local app = self,
7 local cfg = app.cfg,
8 cfg+:: {
9 namespace: "matrix",
10 webDomain: "matrix.hackerspace.pl",
11 serverName: "hackerspace.pl",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]12 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]13 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]14 config+: {
15 allow_existing_users: true,
16 issuer: "https://sso.hackerspace.pl",
17 client_id: "matrix",
18 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
19 user_profile_method: "userinfo_endpoint",
20 client_auth_method: "client_secret_post",
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]21 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]22 },
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame^]23 mediaRepo+: {
24 enable: true,
25 route: false,
26 s3+: {
27 endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
28 accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
29 secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
30 bucketName: "media-repo-matrix",
31 region: "eu",
32 },
33 db+: {
34 password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
35 },
36 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]37 },
38
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]39 riot+: {
40 config+: {
41 showLabsSettings: true,
42 },
43 },
44
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]45 // We really don't like restarting our media repository since it gets stuck
46 // on long fsck process of its 500G storage PVC.
47 // TODO(b/48) To be removed after migrating to matrix-media-repo/S3 storage
48 synapse+: {
49 mediaWorker+: {
50 deployment+: {
51 spec+: {
52 template+: {
53 spec+: {
54 containers_+: {
55 web+: {
56 image: "matrixdotorg/synapse:v1.35.1",
57 },
58 },
59 }
60 },
61 },
62 },
63 },
64 },
65
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]66 // Bump up storage to 200Gi from default 100Gi, use different name. The
67 // new name corresponds to a manually migrated and sized-up PVC that
68 // contains data from the original waw3-postgres PVC.
69 postgres3+: {
70 volumeClaim+: {
71 metadata+: {
72 name: "waw3-postgres-2",
73 },
74 spec+: {
75 resources+: {
76 requests+: {
77 storage: "200Gi",
78 },
79 },
80 },
81 },
82 },
83
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]84 appservices: {
85 "irc-freenode": irc.AppServiceIrc("freenode") {
86 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]87 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]88 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]89 metadata: app.metadata("appservice-irc-freenode"),
90 // TODO(q3k): add labels to blessed nodes
91 nodeSelector: {
Piotr Dobrowolski356dd6d2021-01-31 18:09:49 +0100[diff] [blame]92 "kubernetes.io/hostname": "bc01n02.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]93 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]94 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]95 config+: {
96 homeserver+: {
97 url: "https://%s" % [cfg.webDomain],
98 domain: "%s" % [cfg.serverName],
99 },
100 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]101 permissions: {
102 "@q3k:hackerspace.pl": "admin",
103 "@informatic:hackerspace.pl": "admin",
104 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]105 ident: {
106 enabled: true,
107 port: 1113,
108 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]109 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]110 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]111 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]112 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]113 ircClients+: {
114 maxClients: 150,
115 },
116 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]117 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]118 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]119 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]120 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]121 },
122 name: "Libera Chat",
123 networkId: "libera",
124 dynamicChannels+: {
125 groupId: "+libera:hackerspace.pl",
126 aliasTemplate: "#libera_$CHANNEL",
127 },
128 matrixClients+: {
129 userTemplate:"@libera_$NICK",
130 },
131 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]132 },
133 },
134 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]135 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]136 },
137 },
138 "telegram-prod": telegram.AppServiceTelegram("prod") {
139 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]140 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]141 storageClassName: cfg.storageClassName,
142 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]143 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]144
145 config+: {
146 homeserver+: {
147 address: "https://%s" % [cfg.webDomain],
148 domain: cfg.serverName,
149 },
150 appservice+: {
151 id: "telegram",
152 },
153 telegram+: {
154 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
155 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
156 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
157 },
158 bridge+: {
159 permissions+: {
160 "hackerspace.pl": "puppeting",
161 "@q3k:hackerspace.pl": "admin",
162 },
163 },
164 },
165 },
166 },
167 },
168}