Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / ffbb47c2b30406420aab9966a10cc7d2fbb9cdf4 / . / app / matrix / prod.jsonnet
blob: e392bfb3b664c3ac98834cefb6d6e331718ae9c3 [file] [log] [blame]
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]1# matrix.hackerspace.pl, a matrix/synapse instance
2# This needs a secret provisioned, create with:
3# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
4
5local kube = import "../../kube/kube.libsonnet";
6local postgres = import "../../kube/postgres.libsonnet";
7
8{
9 local app = self,
10 local cfg = app.cfg,
11 cfg:: {
12 namespace: "matrix",
13 image: "matrixdotorg/synapse:v0.99.3.2",
14 riotImage: "bubuntux/riot-web:v1.1.0",
15 domain: "matrix.hackerspace.pl",
16 serverName: "hackerspace.pl",
17 storageClassName: "waw-hdd-redundant-1",
18 },
19
20 metadata(component):: {
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]21 namespace: cfg.namespace,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]22 labels: {
23 "app.kubernetes.io/name": "matrix",
24 "app.kubernetes.io/managed-by": "kubecfg",
25 "app.kubernetes.io/component": component,
26 },
27 },
28
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]29 namespace: kube.Namespace(cfg.namespace),
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]30
31 postgres: postgres {
32 cfg+: {
33 namespace: cfg.namespace,
34 appName: "synapse",
35 database: "synapse",
36 username: "synapse",
37 password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
38 },
39 },
40
41 dataVolume: kube.PersistentVolumeClaim("synapse-data") {
42 metadata+: app.metadata("synapse-data"),
43 spec+: {
44 storageClassName: cfg.storageClassName,
45 accessModes: [ "ReadWriteOnce" ],
46 resources: {
47 requests: {
48 storage: "50Gi",
49 },
50 },
51 },
52 },
Piotr Dobrowolskiffbb47c2019-05-16 12:18:39 +0200[diff] [blame^]53
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]54 deployment: kube.Deployment("synapse") {
55 metadata+: app.metadata("synapse"),
56 spec+: {
57 replicas: 1,
58 template+: {
59 spec+: {
60 volumes_: {
61 data: kube.PersistentVolumeClaimVolume(app.dataVolume),
62 },
63 containers_: {
64 web: kube.Container("synapse") {
65 image: cfg.image,
66 ports_: {
67 http: { containerPort: 8008 },
68 },
69 env_: {
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]70 SYNAPSE_SERVER_NAME: cfg.serverName,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]71 SYNAPSE_REPORT_STATS: "no",
72 SYNAPSE_NO_TLS: "1",
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]73 SYNAPSE_ALLOW_GUEST: "yes",
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]74
75 POSTGRES_HOST: "postgres",
76 POSTGRES_USER: app.postgres.cfg.username,
77 POSTGRES_PORT: "5432",
78 POSTGRES_DB: app.postgres.cfg.database,
79 POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
80 },
81 volumeMounts_: {
82 data: { mountPath: "/data" },
83 },
84 },
85 },
86 },
87 },
88 },
89 },
90
Piotr Dobrowolskiffbb47c2019-05-16 12:18:39 +0200[diff] [blame^]91 svc: kube.Service("synapse") {
92 metadata+: app.metadata("synapse"),
93 target_pod:: app.deployment.spec.template,
94 },
95
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]96 riotConfig: kube.ConfigMap("riot-web-config") {
97 metadata+: app.metadata("riot-web-config"),
98 data: {
99 "config.json": std.manifestJsonEx({
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]100 "default_hs_url": "https://%s" % [cfg.domain],
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]101 "disable_custom_urls": false,
102 "disable_guests": false,
103 "disable_login_language_selector": false,
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]104 "disable_3pid_login": true,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]105 "brand": "Riot",
106 "integrations_ui_url": "https://scalar.vector.im/",
107 "integrations_rest_url": "https://scalar.vector.im/api",
108 "integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]109
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]110 "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
111 "features": {
112 "feature_groups": "labs",
113 "feature_pinning": "labs",
114 "feature_reactions": "labs"
115 },
116 "default_federate": true,
117 "default_theme": "light",
118 "roomDirectory": {
119 "servers": [
Piotr Dobrowolski4b4231d2019-05-15 11:41:21 +0200[diff] [blame]120 "hackerspace.pl"
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]121 ]
122 },
123 "welcomeUserId": "@riot-bot:matrix.org",
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]124 "enable_presence_by_hs_url": {
125 "https://matrix.org": false
126 }
127 }, ""),
128 },
129 },
130
131 riotDeployment: kube.Deployment("riot-web") {
132 metadata+: app.metadata("riot-web"),
133 spec+: {
134 replicas: 1,
135 template+: {
136 spec+: {
137 volumes_: {
138 config: kube.ConfigMapVolume(app.riotConfig),
139 },
140 containers_: {
141 web: kube.Container("synapse") {
142 image: cfg.riotImage,
143 ports_: {
144 http: { containerPort: 80 },
145 },
146 volumeMounts_: {
147 config: {
148 mountPath: "/etc/riot-web/config.json",
149 subPath: "config.json",
150 },
151 },
152 },
153 },
154 },
155 },
156 },
157 },
158
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]159 riotSvc: kube.Service("riot-web") {
160 metadata+: app.metadata("riot-web"),
161 target_pod:: app.riotDeployment.spec.template,
Piotr Dobrowolskia2226912019-05-14 18:49:29 +0200[diff] [blame]162 },
163
164 ingress: kube.Ingress("synapse") {
165 metadata+: app.metadata("synapse") {
166 annotations+: {
167 "kubernetes.io/tls-acme": "true",
168 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
169 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
170 },
171 },
172 spec+: {
173 tls: [
174 {
175 hosts: [cfg.domain],
176 secretName: "synapse-tls",
177 },
178 ],
179 rules: [
180 {
181 host: cfg.domain,
182 http: {
183 paths: [
184 { path: "/", backend: app.riotSvc.name_port },
185 { path: "/_matrix", backend: app.svc.name_port },
186 ]
187 },
188 }
189 ],
190 },
191 },
192}