Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 26a7f5bb56c4cf8c9c1b9ae34441a02f7dcc4ac0 / . / app / matrix / matrix.hackerspace.pl.jsonnet
blob: 931901a6ed2d295b8305c1e170966ab97ae3d05c [file] [log] [blame]
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]1local matrix = import "lib/matrix-ng.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]2local irc = import "lib/appservice-irc.libsonnet";
3local telegram = import "lib/appservice-telegram.libsonnet";
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]4local kube = import "../../kube/kube.libsonnet";
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]5
6matrix {
7 local app = self,
8 local cfg = app.cfg,
9 cfg+:: {
10 namespace: "matrix",
11 webDomain: "matrix.hackerspace.pl",
12 serverName: "hackerspace.pl",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]13 oidc+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]14 enable: true,
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]15 config+: {
16 allow_existing_users: true,
17 issuer: "https://sso.hackerspace.pl",
18 client_id: "matrix",
19 client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
20 user_profile_method: "userinfo_endpoint",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]21 userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
Piotr Dobrowolskibabcb802021-01-31 18:57:21 +0100[diff] [blame]22 client_auth_method: "client_secret_post",
Piotr Dobrowolski5ff2ccf2022-04-27 03:39:36 +0200[diff] [blame]23 scopes: ["profile:read"],
Serge Bazanski8483d372020-11-10 22:07:30 +0100[diff] [blame]24 },
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]25 },
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]26 mediaRepo+: {
27 enable: true,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]28 route: true,
Piotr Dobrowolski8b9c8f92021-09-15 21:27:42 +0200[diff] [blame]29 s3+: {
30 endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
31 accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
32 secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
33 bucketName: "media-repo-matrix",
34 region: "eu",
35 },
36 db+: {
37 password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
38 },
39 },
Piotr Dobrowolski690ed452022-05-07 11:27:24 +0200[diff] [blame]40 coturn+: {
41 enable: true,
42 config+: {
43 domain: "turn.hackerspace.pl",
44 loadBalancerIP: "185.236.240.59",
45 },
46 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]47 },
48
Piotr Dobrowolski95da3d52021-02-06 11:55:34 +0100[diff] [blame]49 riot+: {
50 config+: {
51 showLabsSettings: true,
52 },
53 },
54
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]55 synapse+: {
Piotr Dobrowolski529e1812021-02-13 19:44:37 +0100[diff] [blame]56 cfg+: {
57 appserviceWorker: true,
58 federationWorker: false,
59 },
60
61 config+: {
62 federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
63 },
64
Piotr Dobrowolski77af94d2021-09-16 22:17:58 +0200[diff] [blame]65 genericWorker+: {
66 deployment+: {
67 spec+: {
68 replicas: 4,
69 },
70 },
71 },
72
73 // Synapse media worker has been replaced by matrix-media-repo deployment
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]74 mediaWorker+: {
75 deployment+: {
76 spec+: {
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]77 replicas: 0,
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]78 },
79 },
80 },
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]81 // local changes
82 main+: {
83 deployment+: {
84 cfg+: {
85 resources+: {
86 limits+: { cpu: "2", memory: "8Gi" },
87 requests+: { cpu: "2", memory: "8Gi" },
88 },
89 },
90 },
91 },
Piotr Dobrowolski2e191ea2021-09-14 19:59:37 +0200[diff] [blame]92 },
93
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]94 // Bump up storage to 200Gi from default 100Gi, use different name. The
95 // new name corresponds to a manually migrated and sized-up PVC that
96 // contains data from the original waw3-postgres PVC.
97 postgres3+: {
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]98 local psql = self,
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]99 volumeClaim+: {
100 metadata+: {
101 name: "waw3-postgres-2",
102 },
103 spec+: {
104 resources+: {
105 requests+: {
106 storage: "200Gi",
107 },
108 },
109 },
110 },
Bartosz Stebel45394bf2023-03-01 21:17:25 +0100[diff] [blame]111 tempVC: kube.PersistentVolumeClaim(psql.makeName("tempvc")) {
112 metadata+: psql.metadata,
113 spec+: {
114 storageClassName: psql.cfg.storageClassName,
115 accessModes: [ "ReadWriteOnce" ],
116 resources: {
117 requests: {
118 storage: "200Gi",
119 },
120 },
121 },
122 },
123 deployment+: {
124 spec+: {
125 template+: {
126 spec+: {
127 volumes_+: {
128 temp: kube.PersistentVolumeClaimVolume(psql.tempVC),
129 },
130 containers_+: {
131 postgres+: {
132 volumeMounts_+: {
133 temp: { mountPath: "/mnt/tmp/" },
134 },
135 },
136 },
137 },
138 },
139 },
140 },
Serge Bazanskied421912021-06-30 12:16:01 +0000[diff] [blame]141 },
142
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]143 appservices: {
144 "irc-freenode": irc.AppServiceIrc("freenode") {
145 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]146 image: cfg.images.appserviceIRC,
Serge Bazanski61f978a2021-01-22 16:26:07 +0100[diff] [blame]147 storageClassName: "waw-hdd-redundant-3",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]148 metadata: app.metadata("appservice-irc-freenode"),
149 // TODO(q3k): add labels to blessed nodes
150 nodeSelector: {
Piotr Dobrowolski356dd6d2021-01-31 18:09:49 +0100[diff] [blame]151 "kubernetes.io/hostname": "bc01n02.hswaw.net",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]152 },
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]153 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]154 config+: {
155 homeserver+: {
156 url: "https://%s" % [cfg.webDomain],
157 domain: "%s" % [cfg.serverName],
158 },
159 ircService+: {
Serge Bazanski6be8b2e2021-05-19 16:32:20 +0000[diff] [blame]160 permissions: {
161 "@q3k:hackerspace.pl": "admin",
162 "@informatic:hackerspace.pl": "admin",
163 },
Serge Bazanskib387f572021-05-24 13:53:18 +0200[diff] [blame]164 ident: {
165 enabled: true,
166 port: 1113,
167 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]168 servers+: {
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]169 local servers = self,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]170 "irc.freenode.net"+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]171 mappings+: {},
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]172 ircClients+: {
173 maxClients: 150,
174 },
175 },
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]176 "irc.libera.chat": servers["irc.freenode.net"] {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]177 mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]178 ircClients+: {
Serge Bazanski1431d1d2021-06-06 12:50:37 +0000[diff] [blame]179 maxClients: 150,
Serge Bazanski77112242021-05-26 19:42:47 +0000[diff] [blame]180 },
181 name: "Libera Chat",
182 networkId: "libera",
183 dynamicChannels+: {
184 groupId: "+libera:hackerspace.pl",
185 aliasTemplate: "#libera_$CHANNEL",
186 },
187 matrixClients+: {
188 userTemplate:"@libera_$NICK",
189 },
190 },
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]191 },
192 },
193 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]194 passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]195 },
196 },
197 "telegram-prod": telegram.AppServiceTelegram("prod") {
198 cfg+: {
Serge Bazanskiace32c02020-11-03 22:04:06 +0100[diff] [blame]199 image: cfg.images.appserviceTelegram,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]200 storageClassName: cfg.storageClassName,
201 metadata: app.metadata("appservice-telegram-prod"),
Serge Bazanskie7f14472021-05-19 16:07:30 +0000[diff] [blame]202 bootstrapJob: false,
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]203
204 config+: {
205 homeserver+: {
206 address: "https://%s" % [cfg.webDomain],
207 domain: cfg.serverName,
208 },
209 appservice+: {
210 id: "telegram",
211 },
212 telegram+: {
213 api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
214 api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
215 bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
216 },
217 bridge+: {
218 permissions+: {
219 "hackerspace.pl": "puppeting",
220 "@q3k:hackerspace.pl": "admin",
221 },
222 },
223 },
224 },
225 },
226 },
227}