Piotr Dobrowolski | babcb80 | 2021-01-31 18:57:21 +0100 | [diff] [blame] | 1 | local matrix = import "lib/matrix-ng.libsonnet"; |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 2 | local irc = import "lib/appservice-irc.libsonnet"; |
| 3 | local telegram = import "lib/appservice-telegram.libsonnet"; |
Bartosz Stebel | 45394bf | 2023-03-01 21:17:25 +0100 | [diff] [blame] | 4 | local kube = import "../../kube/kube.libsonnet"; |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 5 | |
| 6 | matrix { |
| 7 | local app = self, |
| 8 | local cfg = app.cfg, |
| 9 | cfg+:: { |
| 10 | namespace: "matrix", |
| 11 | webDomain: "matrix.hackerspace.pl", |
| 12 | serverName: "hackerspace.pl", |
Piotr Dobrowolski | f549d43 | 2023-10-05 22:43:38 +0200 | [diff] [blame] | 13 | admins: ["@informatic:hackerspace.pl", "@q3k:hackerspace.pl"], |
Piotr Dobrowolski | babcb80 | 2021-01-31 18:57:21 +0100 | [diff] [blame] | 14 | oidc+: { |
Serge Bazanski | ace32c0 | 2020-11-03 22:04:06 +0100 | [diff] [blame] | 15 | enable: true, |
Piotr Dobrowolski | babcb80 | 2021-01-31 18:57:21 +0100 | [diff] [blame] | 16 | config+: { |
| 17 | allow_existing_users: true, |
| 18 | issuer: "https://sso.hackerspace.pl", |
| 19 | client_id: "matrix", |
| 20 | client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } }, |
| 21 | user_profile_method: "userinfo_endpoint", |
Piotr Dobrowolski | 5ff2ccf | 2022-04-27 03:39:36 +0200 | [diff] [blame] | 22 | userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo", |
Piotr Dobrowolski | babcb80 | 2021-01-31 18:57:21 +0100 | [diff] [blame] | 23 | client_auth_method: "client_secret_post", |
Piotr Dobrowolski | 5ff2ccf | 2022-04-27 03:39:36 +0200 | [diff] [blame] | 24 | scopes: ["profile:read"], |
Serge Bazanski | 8483d37 | 2020-11-10 22:07:30 +0100 | [diff] [blame] | 25 | }, |
Serge Bazanski | ace32c0 | 2020-11-03 22:04:06 +0100 | [diff] [blame] | 26 | }, |
Piotr Dobrowolski | 8b9c8f9 | 2021-09-15 21:27:42 +0200 | [diff] [blame] | 27 | mediaRepo+: { |
| 28 | enable: true, |
Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 29 | route: true, |
Piotr Dobrowolski | 8b9c8f9 | 2021-09-15 21:27:42 +0200 | [diff] [blame] | 30 | s3+: { |
| 31 | endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""), |
| 32 | accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey, |
| 33 | secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey, |
| 34 | bucketName: "media-repo-matrix", |
| 35 | region: "eu", |
| 36 | }, |
| 37 | db+: { |
| 38 | password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""), |
Serge Bazanski | f262868 | 2023-03-26 21:56:09 +0200 | [diff] [blame] | 39 | host: "bc01n05.hswaw.net", |
Piotr Dobrowolski | 8b9c8f9 | 2021-09-15 21:27:42 +0200 | [diff] [blame] | 40 | }, |
| 41 | }, |
Piotr Dobrowolski | 690ed45 | 2022-05-07 11:27:24 +0200 | [diff] [blame] | 42 | coturn+: { |
| 43 | enable: true, |
| 44 | config+: { |
| 45 | domain: "turn.hackerspace.pl", |
| 46 | loadBalancerIP: "185.236.240.59", |
| 47 | }, |
| 48 | }, |
Serge Bazanski | f262868 | 2023-03-26 21:56:09 +0200 | [diff] [blame] | 49 | |
| 50 | postgres+: { |
| 51 | enable: false, |
| 52 | host: "bc01n05.hswaw.net", |
| 53 | }, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 54 | }, |
| 55 | |
Piotr Dobrowolski | 95da3d5 | 2021-02-06 11:55:34 +0100 | [diff] [blame] | 56 | riot+: { |
| 57 | config+: { |
| 58 | showLabsSettings: true, |
| 59 | }, |
| 60 | }, |
| 61 | |
Piotr Dobrowolski | 2e191ea | 2021-09-14 19:59:37 +0200 | [diff] [blame] | 62 | synapse+: { |
Piotr Dobrowolski | 529e181 | 2021-02-13 19:44:37 +0100 | [diff] [blame] | 63 | cfg+: { |
Piotr Dobrowolski | 05f20b2 | 2023-03-28 23:53:25 +0200 | [diff] [blame] | 64 | appserviceWorker: false, |
Piotr Dobrowolski | 529e181 | 2021-02-13 19:44:37 +0100 | [diff] [blame] | 65 | federationWorker: false, |
| 66 | }, |
| 67 | |
| 68 | config+: { |
| 69 | federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"] |
| 70 | }, |
| 71 | |
Piotr Dobrowolski | 77af94d | 2021-09-16 22:17:58 +0200 | [diff] [blame] | 72 | genericWorker+: { |
| 73 | deployment+: { |
| 74 | spec+: { |
| 75 | replicas: 4, |
| 76 | }, |
| 77 | }, |
| 78 | }, |
| 79 | |
| 80 | // Synapse media worker has been replaced by matrix-media-repo deployment |
Piotr Dobrowolski | 2e191ea | 2021-09-14 19:59:37 +0200 | [diff] [blame] | 81 | mediaWorker+: { |
| 82 | deployment+: { |
| 83 | spec+: { |
Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 84 | replicas: 0, |
Piotr Dobrowolski | 2e191ea | 2021-09-14 19:59:37 +0200 | [diff] [blame] | 85 | }, |
| 86 | }, |
| 87 | }, |
Bartosz Stebel | 45394bf | 2023-03-01 21:17:25 +0100 | [diff] [blame] | 88 | // local changes |
| 89 | main+: { |
| 90 | deployment+: { |
| 91 | cfg+: { |
| 92 | resources+: { |
| 93 | limits+: { cpu: "2", memory: "8Gi" }, |
| 94 | requests+: { cpu: "2", memory: "8Gi" }, |
| 95 | }, |
| 96 | }, |
| 97 | }, |
| 98 | }, |
Piotr Dobrowolski | 2e191ea | 2021-09-14 19:59:37 +0200 | [diff] [blame] | 99 | }, |
| 100 | |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 101 | appservices: { |
| 102 | "irc-freenode": irc.AppServiceIrc("freenode") { |
| 103 | cfg+: { |
Serge Bazanski | ace32c0 | 2020-11-03 22:04:06 +0100 | [diff] [blame] | 104 | image: cfg.images.appserviceIRC, |
Serge Bazanski | 61f978a | 2021-01-22 16:26:07 +0100 | [diff] [blame] | 105 | storageClassName: "waw-hdd-redundant-3", |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 106 | metadata: app.metadata("appservice-irc-freenode"), |
| 107 | // TODO(q3k): add labels to blessed nodes |
| 108 | nodeSelector: { |
Piotr Dobrowolski | 356dd6d | 2021-01-31 18:09:49 +0100 | [diff] [blame] | 109 | "kubernetes.io/hostname": "bc01n02.hswaw.net", |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 110 | }, |
Serge Bazanski | e7f1447 | 2021-05-19 16:07:30 +0000 | [diff] [blame] | 111 | bootstrapJob: false, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 112 | config+: { |
| 113 | homeserver+: { |
| 114 | url: "https://%s" % [cfg.webDomain], |
| 115 | domain: "%s" % [cfg.serverName], |
| 116 | }, |
| 117 | ircService+: { |
Serge Bazanski | 6be8b2e | 2021-05-19 16:32:20 +0000 | [diff] [blame] | 118 | permissions: { |
| 119 | "@q3k:hackerspace.pl": "admin", |
| 120 | "@informatic:hackerspace.pl": "admin", |
| 121 | }, |
Serge Bazanski | b387f57 | 2021-05-24 13:53:18 +0200 | [diff] [blame] | 122 | ident: { |
| 123 | enabled: true, |
| 124 | port: 1113, |
| 125 | }, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 126 | servers+: { |
Serge Bazanski | 7711224 | 2021-05-26 19:42:47 +0000 | [diff] [blame] | 127 | local servers = self, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 128 | "irc.freenode.net"+: { |
Serge Bazanski | 1431d1d | 2021-06-06 12:50:37 +0000 | [diff] [blame] | 129 | mappings+: {}, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 130 | ircClients+: { |
| 131 | maxClients: 150, |
| 132 | }, |
| 133 | }, |
Serge Bazanski | 7711224 | 2021-05-26 19:42:47 +0000 | [diff] [blame] | 134 | "irc.libera.chat": servers["irc.freenode.net"] { |
Serge Bazanski | 1431d1d | 2021-06-06 12:50:37 +0000 | [diff] [blame] | 135 | mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet", |
Serge Bazanski | 7711224 | 2021-05-26 19:42:47 +0000 | [diff] [blame] | 136 | ircClients+: { |
Serge Bazanski | 1431d1d | 2021-06-06 12:50:37 +0000 | [diff] [blame] | 137 | maxClients: 150, |
Serge Bazanski | 7711224 | 2021-05-26 19:42:47 +0000 | [diff] [blame] | 138 | }, |
| 139 | name: "Libera Chat", |
| 140 | networkId: "libera", |
| 141 | dynamicChannels+: { |
| 142 | groupId: "+libera:hackerspace.pl", |
| 143 | aliasTemplate: "#libera_$CHANNEL", |
| 144 | }, |
| 145 | matrixClients+: { |
| 146 | userTemplate:"@libera_$NICK", |
| 147 | }, |
| 148 | }, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 149 | }, |
| 150 | }, |
| 151 | }, |
Piotr Dobrowolski | 37fbff7 | 2021-02-13 20:17:33 +0100 | [diff] [blame] | 152 | passwordEncryptionKeySecret: "appservice-irc-password-encryption-key", |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 153 | }, |
| 154 | }, |
| 155 | "telegram-prod": telegram.AppServiceTelegram("prod") { |
| 156 | cfg+: { |
Serge Bazanski | ace32c0 | 2020-11-03 22:04:06 +0100 | [diff] [blame] | 157 | image: cfg.images.appserviceTelegram, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 158 | storageClassName: cfg.storageClassName, |
| 159 | metadata: app.metadata("appservice-telegram-prod"), |
Serge Bazanski | e7f1447 | 2021-05-19 16:07:30 +0000 | [diff] [blame] | 160 | bootstrapJob: false, |
Serge Bazanski | 60076c7 | 2020-11-03 19:17:25 +0100 | [diff] [blame] | 161 | |
| 162 | config+: { |
| 163 | homeserver+: { |
| 164 | address: "https://%s" % [cfg.webDomain], |
| 165 | domain: cfg.serverName, |
| 166 | }, |
| 167 | appservice+: { |
| 168 | id: "telegram", |
| 169 | }, |
| 170 | telegram+: { |
| 171 | api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0], |
| 172 | api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0], |
| 173 | bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0], |
| 174 | }, |
| 175 | bridge+: { |
| 176 | permissions+: { |
| 177 | "hackerspace.pl": "puppeting", |
| 178 | "@q3k:hackerspace.pl": "admin", |
| 179 | }, |
| 180 | }, |
| 181 | }, |
| 182 | }, |
| 183 | }, |
| 184 | }, |
| 185 | } |