Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: e3d401ad46b004360241ec05a7d2298974bfec75 [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]4local kube = import "../../kube/kube.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]5
6matrix {
7 local app = self,
8 local cfg = app.cfg,
9 cfg+:: {
10 namespace: "matrix",
11 webDomain: "matrix.hackerspace.pl",
12 serverName: "hackerspace.pl",
Piotr Dobrowolskif549d432023-10-05 22:43:38 +0200[diff] [blame]13 admins: ["@informatic:hackerspace.pl", "@q3k:hackerspace.pl"],
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]14 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]15 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]16 config+: {
17 allow_existing_users: true,
18 issuer: "https://sso.hackerspace.pl",
19 client_id: "matrix",
20 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
21 user_profile_method: "userinfo_endpoint",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]22 userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]23 client_auth_method: "client_secret_post",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]24 scopes: ["profile:read"],
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]25 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]26 },
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]27 mediaRepo+: {
28 enable: true,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]29 route: true,
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]30 s3+: {
31 endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
32 accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
33 secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
34 bucketName: "media-repo-matrix",
35 region: "eu",
36 },
37 db+: {
38 password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
Serge Bazanskif2628682023-03-26 21:56:09 +0200[diff] [blame]39 host: "bc01n05.hswaw.net",
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]40 },
41 },
Piotr Dobrowolski690ed452022-05-07 11:27:24 +0200[diff] [blame]42 coturn+: {
43 enable: true,
44 config+: {
45 domain: "turn.hackerspace.pl",
46 loadBalancerIP: "185.236.240.59",
47 },
48 },
Serge Bazanskif2628682023-03-26 21:56:09 +0200[diff] [blame]49
50 postgres+: {
51 enable: false,
52 host: "bc01n05.hswaw.net",
53 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]54 },
55
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]56 riot+: {
57 config+: {
58 showLabsSettings: true,
59 },
60 },
61
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]62 synapse+: {
Piotr Dobrowolski529e1812021-02-13 19:44:37 +0100[diff] [blame]63 cfg+: {
Piotr Dobrowolski05f20b22023-03-28 23:53:25 +0200[diff] [blame]64 appserviceWorker: false,
Piotr Dobrowolski529e1812021-02-13 19:44:37 +0100[diff] [blame]65 federationWorker: false,
66 },
67
68 config+: {
69 federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
70 },
71
Piotr Dobrowolski77af94d2021-09-16 22:17:58 +0200[diff] [blame]72 genericWorker+: {
73 deployment+: {
74 spec+: {
75 replicas: 4,
76 },
77 },
78 },
79
80 // Synapse media worker has been replaced by matrix-media-repo deployment
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]81 mediaWorker+: {
82 deployment+: {
83 spec+: {
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]84 replicas: 0,
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]85 },
86 },
87 },
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]88 // local changes
89 main+: {
90 deployment+: {
91 cfg+: {
92 resources+: {
93 limits+: { cpu: "2", memory: "8Gi" },
94 requests+: { cpu: "2", memory: "8Gi" },
95 },
96 },
97 },
98 },
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]99 },
100
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]101 appservices: {
102 "irc-freenode": irc.AppServiceIrc("freenode") {
103 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]104 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]105 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]106 metadata: app.metadata("appservice-irc-freenode"),
107 // TODO(q3k): add labels to blessed nodes
108 nodeSelector: {
Serge Bazanski9ae11fd2023-10-09 20:27:02 +0000[diff] [blame]109 "kubernetes.io/hostname": "dcr01s24.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]110 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]111 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]112 config+: {
113 homeserver+: {
114 url: "https://%s" % [cfg.webDomain],
115 domain: "%s" % [cfg.serverName],
116 },
117 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]118 permissions: {
119 "@q3k:hackerspace.pl": "admin",
120 "@informatic:hackerspace.pl": "admin",
121 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]122 ident: {
123 enabled: true,
124 port: 1113,
125 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]126 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]127 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]128 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]129 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]130 ircClients+: {
131 maxClients: 150,
132 },
133 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]134 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]135 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]136 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]137 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]138 },
139 name: "Libera Chat",
140 networkId: "libera",
141 dynamicChannels+: {
142 groupId: "+libera:hackerspace.pl",
143 aliasTemplate: "#libera_$CHANNEL",
144 },
145 matrixClients+: {
146 userTemplate:"@libera_$NICK",
147 },
148 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]149 },
150 },
151 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]152 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]153 },
154 },
155 "telegram-prod": telegram.AppServiceTelegram("prod") {
156 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]157 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]158 storageClassName: cfg.storageClassName,
159 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]160 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]161
162 config+: {
163 homeserver+: {
164 address: "https://%s" % [cfg.webDomain],
165 domain: cfg.serverName,
166 },
167 appservice+: {
168 id: "telegram",
169 },
170 telegram+: {
171 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
172 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
173 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
174 },
175 bridge+: {
176 permissions+: {
177 "hackerspace.pl": "puppeting",
178 "@q3k:hackerspace.pl": "admin",
179 },
180 },
181 },
182 },
183 },
184 },
185}