forked from hswaw/hscloud
Serge Bazanski
9ae11fdabb
Change-Id: I9edbdedc6c2ec7aea30ee7fc5ad83deddb569b00 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1695 Reviewed-by: informatic <informatic@hackerspace.pl>
185 lines
6.6 KiB
Text
185 lines
6.6 KiB
Text
local matrix = import "lib/matrix-ng.libsonnet";
|
|
local irc = import "lib/appservice-irc.libsonnet";
|
|
local telegram = import "lib/appservice-telegram.libsonnet";
|
|
local kube = import "../../kube/kube.libsonnet";
|
|
|
|
matrix {
|
|
local app = self,
|
|
local cfg = app.cfg,
|
|
cfg+:: {
|
|
namespace: "matrix",
|
|
webDomain: "matrix.hackerspace.pl",
|
|
serverName: "hackerspace.pl",
|
|
admins: ["@informatic:hackerspace.pl", "@q3k:hackerspace.pl"],
|
|
oidc+: {
|
|
enable: true,
|
|
config+: {
|
|
allow_existing_users: true,
|
|
issuer: "https://sso.hackerspace.pl",
|
|
client_id: "matrix",
|
|
client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
|
|
user_profile_method: "userinfo_endpoint",
|
|
userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
|
|
client_auth_method: "client_secret_post",
|
|
scopes: ["profile:read"],
|
|
},
|
|
},
|
|
mediaRepo+: {
|
|
enable: true,
|
|
route: true,
|
|
s3+: {
|
|
endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
|
|
accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
|
|
secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
|
|
bucketName: "media-repo-matrix",
|
|
region: "eu",
|
|
},
|
|
db+: {
|
|
password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
|
|
host: "bc01n05.hswaw.net",
|
|
},
|
|
},
|
|
coturn+: {
|
|
enable: true,
|
|
config+: {
|
|
domain: "turn.hackerspace.pl",
|
|
loadBalancerIP: "185.236.240.59",
|
|
},
|
|
},
|
|
|
|
postgres+: {
|
|
enable: false,
|
|
host: "bc01n05.hswaw.net",
|
|
},
|
|
},
|
|
|
|
riot+: {
|
|
config+: {
|
|
showLabsSettings: true,
|
|
},
|
|
},
|
|
|
|
synapse+: {
|
|
cfg+: {
|
|
appserviceWorker: false,
|
|
federationWorker: false,
|
|
},
|
|
|
|
config+: {
|
|
federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
|
|
},
|
|
|
|
genericWorker+: {
|
|
deployment+: {
|
|
spec+: {
|
|
replicas: 4,
|
|
},
|
|
},
|
|
},
|
|
|
|
// Synapse media worker has been replaced by matrix-media-repo deployment
|
|
mediaWorker+: {
|
|
deployment+: {
|
|
spec+: {
|
|
replicas: 0,
|
|
},
|
|
},
|
|
},
|
|
// local changes
|
|
main+: {
|
|
deployment+: {
|
|
cfg+: {
|
|
resources+: {
|
|
limits+: { cpu: "2", memory: "8Gi" },
|
|
requests+: { cpu: "2", memory: "8Gi" },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
appservices: {
|
|
"irc-freenode": irc.AppServiceIrc("freenode") {
|
|
cfg+: {
|
|
image: cfg.images.appserviceIRC,
|
|
storageClassName: "waw-hdd-redundant-3",
|
|
metadata: app.metadata("appservice-irc-freenode"),
|
|
// TODO(q3k): add labels to blessed nodes
|
|
nodeSelector: {
|
|
"kubernetes.io/hostname": "dcr01s24.hswaw.net",
|
|
},
|
|
bootstrapJob: false,
|
|
config+: {
|
|
homeserver+: {
|
|
url: "https://%s" % [cfg.webDomain],
|
|
domain: "%s" % [cfg.serverName],
|
|
},
|
|
ircService+: {
|
|
permissions: {
|
|
"@q3k:hackerspace.pl": "admin",
|
|
"@informatic:hackerspace.pl": "admin",
|
|
},
|
|
ident: {
|
|
enabled: true,
|
|
port: 1113,
|
|
},
|
|
servers+: {
|
|
local servers = self,
|
|
"irc.freenode.net"+: {
|
|
mappings+: {},
|
|
ircClients+: {
|
|
maxClients: 150,
|
|
},
|
|
},
|
|
"irc.libera.chat": servers["irc.freenode.net"] {
|
|
mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
|
|
ircClients+: {
|
|
maxClients: 150,
|
|
},
|
|
name: "Libera Chat",
|
|
networkId: "libera",
|
|
dynamicChannels+: {
|
|
groupId: "+libera:hackerspace.pl",
|
|
aliasTemplate: "#libera_$CHANNEL",
|
|
},
|
|
matrixClients+: {
|
|
userTemplate:"@libera_$NICK",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
|
|
},
|
|
},
|
|
"telegram-prod": telegram.AppServiceTelegram("prod") {
|
|
cfg+: {
|
|
image: cfg.images.appserviceTelegram,
|
|
storageClassName: cfg.storageClassName,
|
|
metadata: app.metadata("appservice-telegram-prod"),
|
|
bootstrapJob: false,
|
|
|
|
config+: {
|
|
homeserver+: {
|
|
address: "https://%s" % [cfg.webDomain],
|
|
domain: cfg.serverName,
|
|
},
|
|
appservice+: {
|
|
id: "telegram",
|
|
},
|
|
telegram+: {
|
|
api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
|
|
api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
|
|
bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
|
|
},
|
|
bridge+: {
|
|
permissions+: {
|
|
"hackerspace.pl": "puppeting",
|
|
"@q3k:hackerspace.pl": "admin",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|