forked from public/stack
Compare commits
10 Commits
fa1ac5a44a
...
9b012b72da
Author | SHA1 | Date |
---|---|---|
Danny Grove | 9b012b72da | |
Danny Grove | f5495de7c0 | |
Danny Grove | 759571e589 | |
Danny Grove | 19362e2706 | |
Danny Grove | f520054dd5 | |
Danny Grove | 8d6b5f5334 | |
Danny Grove | 90937430f4 | |
Danny Grove | 43bb6b8810 | |
Danny Grove | 701b304c9d | |
Danny Grove | 25f62adf16 |
|
@ -1,6 +1,6 @@
|
|||
[submodule "src/website"]
|
||||
path = src/website
|
||||
url = https://codeberg.org/distrust/website
|
||||
url = https://git.distrust.co/public/website
|
||||
[submodule "src/toolchain"]
|
||||
path = src/toolchain
|
||||
url = https://git.distrust.co/public/toolchain
|
||||
|
|
|
@ -16,13 +16,6 @@ resource "digitalocean_record" "billing" {
|
|||
value = "45.16.98.153"
|
||||
}
|
||||
|
||||
resource "digitalocean_record" "chat" {
|
||||
domain = digitalocean_domain.default.id
|
||||
type = "CNAME"
|
||||
name = "chat"
|
||||
value = "distrust.element.io."
|
||||
}
|
||||
|
||||
resource "digitalocean_record" "www" {
|
||||
domain = digitalocean_domain.default.id
|
||||
type = "CNAME"
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: matrix-appservice-slack
|
||||
type: Opaque
|
||||
stringData:
|
||||
config.yaml: ENC[AES256_GCM,data:wgpE6EZr1o7qvQdXhJgB3Uz47LFHFuN/b56qAgodf7GzNt5BAaPS7c0EiIZBcjZaZtg5BjGnohXsnyd2s/9Gww/ImZqAIk9nf7yTDYNoKeOx67r0dzTex6EE/ZjfTtKRdW6b+LZgehCT6TjutxnfY6HVFdT9MLsdSzAyWdD4e1q3imK6KGn4GMWx7xFqDMmjzUWzU/XC4dc7CxVfDZcNX5CZpCDUw7M8qz3OVf+afIRZPwy67eUG9MuueyLZpC+AD3OX4PFvsM7hlavIZWE3NL2yWloiMsqVA15IsfZkPvOjFSsOba7Xh8ko59HTIhaOBE4WCC4GI7QiWZU9/oh1497gq2ZKMc9jVbFMcz5psMWSwARIWobM+wHTRBSY7RmQqCyRkBqqL+gpKk0ZYgdOrtIQUOxlkRs3sNy+2tfpyvZxj+WxitUpsfMGQWhOzB7xzhTe6bsFLHFf3WCS3/JkbbVF7jAz8Ky+2l5WFwNGO8DR0oRWjwYiFNbY1id0JiL0x/zhLAhtAZoG9wXYkDcaOUZLPBf19uNCtPpxlcSoh8Z22M4gvZsgdRqGeaW8L2CRPmFpvlIkMslnPmW4a0ZSGKF/prPvTQ8Ize7osR0gP9kANgNaYrZjXu/mvbnzwkyN5Ak9HTh5UGEKZ5BdjUrZ1CDefZb5JCYqJvRKZEAdaNr2ARVUN+a0qSj9ng4r7v+vS6wbYJcp8PABTBdN1YPnJl0jHjSdY0gKiZ3ADceK8F2TH3nG6Qy398X9spkWJt3vDiWP9WTYL5FHdlB1U4J8oNV3UbdV9x4jy9nnabfpshcIIDrsPqzAVk5FIIOFeF7hon3HT4NIZGkr9X7ACpBb0JBnNqSxI+NpCXncTAcr8q7vvngxlBVkNxSePfhL5LV5Sflv4n91mprIdYzOwlX2kVdjlHfRzbQ5H1iGzIBy6FTXHpw8dXY5Xh7hTcFbX+6JQXC79eSRFj/N26fd7L9u27dxiB6bPmh3JZN5zqtL3Kqp9JR/OrtuBQkXxdNPxpfrii89oWtU+L/Io007V/QdLYMKweV6rx7S99PVyvQWJrSF3/+W03bj/YmX82sK1HL0JTPGncgcUDAa,iv:EyJlIF/A0hC4WsXexiUTK2SKG3gbqGcXE6QzxyNzI9E=,tag:y4c3sxCKqAd+qR6ECtc6nw==,type:str]
|
||||
slack.yaml: ENC[AES256_GCM,data:b+EN+PH5OgQIia7zyXWv4TFTBw9LhrTKtLCRerRpapyJuMGa2Thr0LrG61aH0ggGmd27sMlXd36KPSXVaE6Zzg3dhD5bzziOrAzMUaP2gNt4M3IcDwF4uWJDw9fdN/yi7OLBu81Z4/1oIsdQ9QGphLWYvJ4h1ygxA6ytXVZPsZtd5wcuOO7e08hIIB1IfdZQhu9eMtpFVeDGPDPW9byv/Fs/l0U3oQp2LylUQLO3bbYphC5aVj7vk3jpHelQnjLJq0e9xNbeMaWHnHAMb0803KOSNFEgONIyClNuvmChJ5Xaisz6dj7I46NFsGepi+y1QuWLzN++7CWAX/u1Pth+abMCPA/SQ3Ba8UYJHTdsEVmSGa+1WgOs9xIQcwjA61QStFqiK4GKaewG5XZ58WY5E2MvF4QUss0374crBafJb/yQnSiHMBwqY6I35/daeoUBVCGV2t8uEd4PL1iIl5P2AQ==,iv:mrWD3mrhZtHPMWd4qGZskxhMZbopWes3Nsd0/51so74=,tag:GgqmeTx146/qoAgNLMbCVw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-01-19T07:52:51Z"
|
||||
mac: ENC[AES256_GCM,data:eerncWbi85ZV3KYgLcRiSYVDF9WtlTfTS7XnMN3rlX8O4T2c8K76G1KIsL92U3pIFGCJOg1KUPrMajVGiWdXIsypT/J/BKkiijetk6z5javtc1JmuWC9V4VA0DqpHnL5+Nf7EHewxa8GWWe9bGtwOkkcWlujRfu2algCwUmtCUY=,iv:mWA0wJcJl/S5rbYJXIxuwouXsNg+pB/zmXvv0D7lA2o=,tag:+VzRB2Pixsv4jDcnlEnKLw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||
=3E6w
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||
=xXRR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||
=TXST
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||
=bF9b
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||
=n6cE
|
||||
-----END PGP MESSAGE-----
|
||||
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -0,0 +1,25 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEQTCCAqmgAwIBAgIUJnvJP3vy1FrGBmP3zN/Q6le9D5owDQYJKoZIhvcNAQEM
|
||||
BQAwOjE4MDYGA1UEAwwvZWI2ZjdjZmItNjBkNy00ZTg2LTlmN2UtYTliMmU5MDdk
|
||||
YWUyIFByb2plY3QgQ0EwHhcNMjMwNTEyMDMzMTA3WhcNMzMwNTA5MDMzMTA3WjA6
|
||||
MTgwNgYDVQQDDC9lYjZmN2NmYi02MGQ3LTRlODYtOWY3ZS1hOWIyZTkwN2RhZTIg
|
||||
UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAO41H/hV
|
||||
eJYfE+b0aMPj1vLhefmGkdjD5N3HD1StaL95bjiB7U73exQenoEZYTW3Ns7+BzHq
|
||||
ffFJwXC3sL8qVxqnNdJy3IkrwJxdmJrj5+KoVUrD8yNbujjQ5q+r0fMRwBwtJYkf
|
||||
78b/mCBP7GOllJim3nG4MMzL1sA/5JaOQEwZgmERmIVJi1RK1k8nGuFKbcr7YW6u
|
||||
vE8VQR77uQIUffokC6tDzhjxDz8eDzZ3lwsnGavCG31nW5Kc6+rg6Kpo097/ZkYf
|
||||
DThwFmGwmP4oT6h2+/LPqsb3OCvFWh5DLHXTa5xvczFwY134o55CW25JNebrTYxc
|
||||
ZnvlE1afgiuKsqGsGmvmnjgxKTNKOhMWKd1gXLmQ6Tt0WrLpIBlAVlh4pn0YtWDm
|
||||
Nz+YcOnQ20O4pZyOntc2TGFmbHqAp5HnmRmtDWWbUQoRRAIsvvUpIGRxWid124gV
|
||||
2h9UxbymVoieFpAjNv6d9Qu9+kKeJ/FOwSq6qatOuI4ILSjG6E1SMeimxQIDAQAB
|
||||
oz8wPTAdBgNVHQ4EFgQUpoMewYjVdrnCuCjW/57GlzlMtdQwDwYDVR0TBAgwBgEB
|
||||
/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBAKRENCIP7KTg2ULy
|
||||
DCuZAvPDzqRwAstmXP54DZOpeMT81c+m9Kq4urM1PMFvPOfiSSlE3wAA1+oX5wyv
|
||||
r4kKgSYqG4QRk4aUfk7NJUQ2yAEtNcwrTc4MSsoFJOJVWdW/E+KNWYKjepg1t2kV
|
||||
4hzZNqnIO05sxVp/Sx0tu5dhn8xPwNTVuDD5VjoC7VweSlq+E2vTNz10VBSHJ9Pm
|
||||
bBJ32kd0lXdYsmy9vGDLa2NrjeTESSBfk8umm2dIbIFxOShHSs/6jHwCGv5WvPpo
|
||||
HoPH69XBnXQuXf+gPltEaAtRwKVqdgMTFQe1gfeK2ddvlzPtGJ1mj+1rPGZApEuV
|
||||
Ax+5Klk+711dhJrRQsI0w1Zl/2CgpKToIVbBe5nLyH2Q7SstcdpfnNcs5+k3iXb/
|
||||
KMUIMP84ScQ+ojUefMntny2SqUFT/CD1IVpOsHFTbKc2ZHUllrDf1p4qopMdiwWj
|
||||
TlnDOh78B94f1O9by4ftQ/g8G5TaKgRsMxrDNy77tCpKy9vR4g==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,20 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: matrix-appservice-slack
|
||||
app.kubernetes.io/part-of: matrix
|
||||
app.kubernetes.io/component: bridge
|
||||
resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
configMapGenerator:
|
||||
- name: digital-ocean-ca
|
||||
files:
|
||||
- files/digital-ocean-ca.crt
|
||||
images:
|
||||
- name: matrixdotorg/matrix-appservice-slack
|
||||
newTag: release-2.1.2
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: slack-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
|
@ -0,0 +1,17 @@
|
|||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: appservice-slack
|
||||
spec:
|
||||
publishNotReadyAddresses: true
|
||||
ports:
|
||||
- name: appservice
|
||||
protocol: TCP
|
||||
port: 5858
|
||||
targetPort: 5858
|
||||
- name: rtm
|
||||
protocol: TCP
|
||||
port: 9898
|
||||
targetPort: 9898
|
||||
selector: {}
|
||||
type: ClusterIP
|
|
@ -0,0 +1,38 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: appservice-slack
|
||||
spec:
|
||||
serviceName: matrix-appservice-slack
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: appservice-slack
|
||||
image: matrixdotorg/matrix-appservice-slack
|
||||
env:
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: /config/digital-ocean-ca.crt
|
||||
ports:
|
||||
- name: appservice
|
||||
containerPort: 5858
|
||||
protocol: TCP
|
||||
- name: rtm
|
||||
containerPort: 9898
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: config-secrets
|
||||
mountPath: /config/config.yaml
|
||||
subPath: config.yaml
|
||||
- name: config-secrets
|
||||
mountPath: /config/slack-registration.yaml
|
||||
subPath: slack.yaml
|
||||
- name: digital-ocean-ca
|
||||
mountPath: /config/digital-ocean-ca.crt
|
||||
subPath: digital-ocean-ca.crt
|
||||
volumes:
|
||||
- name: config-secrets
|
||||
secret:
|
||||
secretName: matrix-appservice-slack
|
||||
- name: digital-ocean-ca
|
||||
configMap:
|
||||
name: digital-ocean-ca
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,13 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: slack
|
||||
app.kubernetes.io/part-of: matrix
|
||||
app.kubernetes.io/component: bridge
|
||||
resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: slack-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
|
@ -0,0 +1,13 @@
|
|||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: slack
|
||||
spec:
|
||||
publishNotReadyAddresses: true
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 29335
|
||||
targetPort: 29335
|
||||
selector: {}
|
||||
type: ClusterIP
|
|
@ -0,0 +1,40 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: slack-bridge
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: slack-mautrix
|
||||
image: dock.mau.dev/mautrix/slack
|
||||
command:
|
||||
- /usr/bin/mautrix-slack
|
||||
args:
|
||||
- -n
|
||||
- -c
|
||||
- /data/config.yaml
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 29335
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: config-secrets
|
||||
mountPath: /data/secrets.yaml
|
||||
subPath: config.yaml
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/mau/live
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 120
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/mau/ready
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
volumes:
|
||||
- name: config-secrets
|
||||
secret:
|
||||
secretName: slack-config
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,16 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: mautrix-telegram
|
||||
app.kubernetes.io/part-of: matrix
|
||||
app.kubernetes.io/component: bridge
|
||||
resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
images:
|
||||
- name: dock.mau.dev/mautrix/telegram
|
||||
newTag: v0.15.1@sha256:e328dcf5893a3ec782212d9bb008e4f81ac3cf4e3c7abc3a49cf6b277749b32d
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: telegram-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
|
@ -0,0 +1,13 @@
|
|||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: mautrix-telegram
|
||||
spec:
|
||||
publishNotReadyAddresses: true
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 29335
|
||||
targetPort: 29335
|
||||
selector: {}
|
||||
type: ClusterIP
|
|
@ -0,0 +1,42 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: mautrix-telegram-bridge
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: telegram-mautrix
|
||||
image: dock.mau.dev/mautrix/telegram
|
||||
command:
|
||||
- python3
|
||||
args:
|
||||
- -m
|
||||
- mautrix_telegram
|
||||
- -n
|
||||
- -c
|
||||
- /data/secrets.yaml
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 29335
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: config-secrets
|
||||
mountPath: /data/secrets.yaml
|
||||
subPath: config.yaml
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/mau/live
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 120
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/mau/ready
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
volumes:
|
||||
- name: config-secrets
|
||||
secret:
|
||||
secretName: mautrix-telegram
|
|
@ -0,0 +1,118 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: coturn
|
||||
type: Opaque
|
||||
stringData:
|
||||
turnserver.conf: ENC[AES256_GCM,data:suQA1LL8JiKemZo1LojR4WYSk5ex5DIv4wyOGjS6gZKGCViqR2uvIBT1DVI/LfIjYjuBDM7NqDOSP/kQxChJDrUksaOCU4Q5uc/eE9zlyP7A/c4Cb8evPQ1JApK2GTzFwz8J5x6S4aa+JpoAB5aTvijfcW131pmQOtz6uanEhuU1As9c9g57nbGGR2lLRx7rYVMqGC2fxg30JJewSjIYWsOJoz6+Y/callulnQKznil7cMYwjiMK/QoVgdsvmW4fjcm8PbBKdBZbh7nDQBcvtrr8lqyMBNl/XOTtU4Ael28YWzDtdbWH1jdJMnMieWxpa2D2XnWNqd0XdYxPwS3HnVHVXSgwOYUQutMyWNBA1wnIaC1sg8Z5lzqE38DzXfA=,iv:8wwzXOMCH4zadAtifiFAbwFEQ7O5CO2ogvCiuEDV8gU=,tag:D04paJjlkzeXmuyLvk4f8w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-01-16T07:13:58Z"
|
||||
mac: ENC[AES256_GCM,data:t8y4z+JQ2ua9KcykwoH2rHi1wsHC0Z1TkxkMZvUenQFxvwNTHC4NghwWGN2kcCDO9SjUb1J3BPobZd/EqSitQ7kTxyeBTa+qcylUIDvCmk9S1ZHVyJKhoQABbJX9raClYV3a3zrk5WNi4obXAHgXGpMdq1cVe53GR/X5z5ury7Q=,iv:x+WQ8t86EOrejNyv0grHSyd1bOpWcoZ/lqmFtFHHR0o=,tag:XuiuZUKe32MjNMg4nx9Kvg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||
=3E6w
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||
=xXRR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||
=TXST
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||
=bF9b
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||
=n6cE
|
||||
-----END PGP MESSAGE-----
|
||||
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -0,0 +1,69 @@
|
|||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: coturn
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: "coturn"
|
||||
image: coturn/coturn
|
||||
args: ["-c", "/config/turnserver.conf"]
|
||||
ports:
|
||||
- name: turn-3478
|
||||
containerPort: 3478
|
||||
protocol: UDP
|
||||
- name: turn-49152
|
||||
containerPort: 49152
|
||||
hostPort: 49152
|
||||
protocol: UDP
|
||||
- name: turn-49153
|
||||
containerPort: 49153
|
||||
hostPort: 49153
|
||||
protocol: UDP
|
||||
- name: turn-49154
|
||||
containerPort: 49154
|
||||
hostPort: 49154
|
||||
protocol: UDP
|
||||
- name: turn-49155
|
||||
containerPort: 49155
|
||||
hostPort: 49155
|
||||
protocol: UDP
|
||||
- name: turn-49156
|
||||
containerPort: 49156
|
||||
hostPort: 49156
|
||||
protocol: UDP
|
||||
- name: turn-49157
|
||||
containerPort: 49157
|
||||
hostPort: 49157
|
||||
protocol: UDP
|
||||
- name: turn-49158
|
||||
containerPort: 49158
|
||||
hostPort: 49158
|
||||
protocol: UDP
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config/turnserver.conf
|
||||
subPath: turnserver.conf
|
||||
readOnly: true
|
||||
- name: var-tmp
|
||||
mountPath: /var/tmp
|
||||
securityContext:
|
||||
capabilities:
|
||||
# https://github.com/coturn/coturn/issues/994
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: coturn
|
||||
- name: var-tmp
|
||||
emptyDir: {}
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: coturn
|
||||
app.kubernetes.io/part-of: matrix
|
||||
resources:
|
||||
- daemonset.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: coturn-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: coturn
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- targetPort: turn-3478
|
||||
name: turn-3478
|
||||
port: 3478
|
||||
protocol: UDP
|
||||
- targetPort: turn-49152
|
||||
name: turn-49152
|
||||
port: 49152
|
||||
protocol: UDP
|
||||
- targetPort: turn-49153
|
||||
name: turn-49153
|
||||
port: 49153
|
||||
protocol: UDP
|
||||
- targetPort: turn-49154
|
||||
name: turn-49154
|
||||
port: 49154
|
||||
protocol: UDP
|
||||
- targetPort: turn-49155
|
||||
name: turn-49155
|
||||
port: 49155
|
||||
protocol: UDP
|
||||
- targetPort: turn-49156
|
||||
name: turn-49156
|
||||
port: 49156
|
||||
protocol: UDP
|
||||
- targetPort: turn-49157
|
||||
name: turn-49157
|
||||
port: 49157
|
||||
protocol: UDP
|
||||
- targetPort: turn-49158
|
||||
name: turn-49158
|
||||
port: 49158
|
||||
protocol: UDP
|
|
@ -0,0 +1,61 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: element-web
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: element-web
|
||||
image: vectorim/element-web
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /app/config.json
|
||||
name: config
|
||||
subPath: config.json
|
||||
readOnly: true
|
||||
- mountPath: /etc/nginx/nginx.conf
|
||||
name: config
|
||||
subPath: nginx.conf
|
||||
readOnly: true
|
||||
- mountPath: /etc/nginx/conf.d/default.conf
|
||||
name: config
|
||||
subPath: default.conf
|
||||
readOnly: true
|
||||
- mountPath: /var/cache/nginx
|
||||
name: ephemeral
|
||||
subPath: cache
|
||||
- mountPath: /var/run/pid
|
||||
name: ephemeral
|
||||
subPath: pid
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: element-web-config
|
||||
- name: ephemeral
|
||||
emptyDir: {}
|
|
@ -0,0 +1,44 @@
|
|||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.distrust.co",
|
||||
"server_name": "distrust.co"
|
||||
}
|
||||
},
|
||||
"brand": "Distrust Chat",
|
||||
"branding": {
|
||||
"default_theme": "dark"
|
||||
},
|
||||
"showLabsSettings": true,
|
||||
"features": {
|
||||
"feature_new_spinner": true,
|
||||
"feature_pinning": true,
|
||||
"feature_custom_status": true,
|
||||
"feature_custom_tags": true,
|
||||
"feature_state_counters": true,
|
||||
"feature_many_integration_managers": true,
|
||||
"feature_mjolnir": true,
|
||||
"feature_dm_verification": true,
|
||||
"feature_bridge_state": true,
|
||||
"feature_presence_in_room_list": true,
|
||||
"feature_custom_themes": true,
|
||||
"feature_oidc_native_flow": true
|
||||
},
|
||||
"roomDirectory": {
|
||||
"servers": [
|
||||
"matrix.org",
|
||||
"distrust.co"
|
||||
]
|
||||
},
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar.vector.im/api",
|
||||
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar-staging.vector.im/api",
|
||||
"https://scalar-staging.riot.im/scalar/api"
|
||||
],
|
||||
"defaultCountryCode": "EN",
|
||||
"default_theme": "dark"
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
server {
|
||||
listen 8080;
|
||||
server_name localhost;
|
||||
|
||||
#charset koi8-r;
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/pid/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: element-web
|
||||
app.kubernetes.io/part-of: matrix
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
configMapGenerator:
|
||||
- name: element-web-config
|
||||
files:
|
||||
- files/config.json
|
||||
- files/nginx.conf
|
||||
- files/default.conf
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: element-web
|
||||
spec:
|
||||
ports:
|
||||
- name: default
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
|
@ -0,0 +1,121 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: matrix
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix
|
||||
app.kubernetes.io/part-of: matrix
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- matrix.distrust.co
|
||||
secretName: matrix-distrust-co-tls
|
||||
- hosts:
|
||||
- matrix-fed.distrust.co
|
||||
secretName: matrix-fed-distrust-co-tls
|
||||
rules:
|
||||
- host: matrix.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: synapse
|
||||
port:
|
||||
name: http
|
||||
- host: matrix-fed.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /_matrix/
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: synapse
|
||||
port:
|
||||
name: http
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: matrix-media-repo
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix
|
||||
app.kubernetes.io/part-of: matrix
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||||
# This combination of configurations allows for the media-repo to function
|
||||
# properly
|
||||
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
more_set_input_headers 'Host: distrust.co';
|
||||
more_set_input_headers 'X-Forwarded-Host: distrust.co';
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- matrix.distrust.co
|
||||
secretName: matrix-distrust-co-tls
|
||||
rules:
|
||||
- host: matrix.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /_matrix/media/
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: media-repo
|
||||
port:
|
||||
name: http
|
||||
- host: matrix-fed.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /_matrix/
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: synapse
|
||||
port:
|
||||
name: http
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: element-web
|
||||
labels:
|
||||
app.kubernetes.io/name: element-web
|
||||
app.kubernetes.io/part-of: matrix
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- chat.distrust.co
|
||||
secretName: element-distrust-co-tls
|
||||
rules:
|
||||
- host: chat.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: element-web
|
||||
port:
|
||||
name: http
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: matrix
|
||||
resources:
|
||||
- synapse
|
||||
- coturn
|
||||
- element
|
||||
- matrix-media-repo
|
||||
- bridges/matrix-appservice-slack
|
||||
- bridges/mautrix-telegram
|
||||
- ingress.yaml
|
||||
images:
|
||||
- name: matrixdotdog/synapse
|
||||
newTag: v1.98.0@sha256:8d962e48a1d88d2fb646c82b1babf4dd0ed765b21a4cf15600d77e90e46dc413
|
||||
- name: coturn/coturn
|
||||
newTag: 4.6.2@sha256:9a5d44d1aebf28f1a96de4595bbab3eadc1ebd6bda705ca040df907f353f9fb2
|
||||
- name: dock.mau.dev/mautrix/slack
|
||||
newTag: 4530ff397d08d93b673cd71da4c2a75d969ca0df-amd64@sha256:7db11f874c655dd8be77a75fb07bd6071cc0d7e92bc564e1397f5b2e0e1883c7
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,41 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: matrix-media-repo
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
# This does not currently work as there are some weird expectations on
|
||||
# run scripts as running as non-root
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: media-repo
|
||||
image: drgrove/matrix-media-repo
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /home/user/media/
|
||||
name: ephemeral
|
||||
- mountPath: /home/user/config/media-repo.yaml
|
||||
name: config
|
||||
subPath: config.yaml
|
||||
readOnly: true
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: false
|
||||
# Right now setting this to true is not possible
|
||||
readOnlyRootFilesystem: false
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: mmr-config
|
||||
- name: ephemeral
|
||||
emptyDir: {}
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: media-repo
|
||||
app.kubernetes.io/part-of: matrix
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
images:
|
||||
- name: turt2live/matrix-media-repo
|
||||
newTag: v1.3.3@sha256:59cf338753598af400919caf332c92dd0e8e6c6e6e5d18270e52552c7c1e3c4b
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: telegram-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: media-repo
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 8000
|
||||
targetPort: http
|
||||
- name: metrics
|
||||
protocol: TCP
|
||||
port: 9000
|
||||
targetPort: metrics
|
|
@ -0,0 +1,121 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: config
|
||||
type: Opaque
|
||||
stringData:
|
||||
homeserver.yaml: ENC[AES256_GCM,data:9O2YODDpJf6FzX6DojwGaIYkRs99K/GP+HCBCb4PO5fNJPmyEaN3DllpZjSn1WlgMIMi46gs7wfZJjoJRVz5wq+owwmZw+4lrAnYN8niNKcYoakuHn57WSzlrrqZDMY5i0VKZ1S+QATGll5Wl19AjHIuVEbJ5nQeeORVq+n7voG4/MX3PcZINjKdr4PnTwCx21TrPb9lRunH+oGhbHjMvx4yxNzqOvrvuFMSqkC/lDWrrSfCcn14qbLhq//OAk+c49IUkHTjJVbaK4mx1dbi7LA3rsZmb5cM9iFLPImWZnlpGM3SZasO91paiV8EaH+EkyA/4TpWODi+0KCiwVrLnOxEvmx6NweGOIaWgk04DgFomD468F1i0VVksk5/FwM8QvS8cIZ6Wqk/mAtbki5pnpvSZMrWXV4WSja+IcpoPYZjYdzttiHhxqoQ9Kkka3AqPEm1Nj6ggYtgjfE78dWVxN0jcKTXLV6C2T59jqpwyT9zmIpTJZ6AbZL6hafBprJenwD4mUO+pGzW1zs2nzDDr49nRSLtnRub5ecdYgZTPoInxxJYqbgZIjCYfwc7Y49JeSxklQXspCYZf+xmS0O4w8FzgwWYKCcajju4cRKHe46oN6QUftcmJILyt4LVSCuKzGsIKRnPazPKWqPUDjAs7j/i+jCha6gIctF5wvihfrCXHqD0gHa92kR/M581C6Ch2LFTupyUZtyZEbE+Y1oPlYyn2psBohVm/izl96QKuX7Ujco5Iahf7A55CTMuoBqXtvhpNwZVcmLf3SWiFTN2LfrkG2rXarvq+2TsgMcFeNia094Yk0gISR8UTu7uhhKuoPoFMN+3cCnXqiqMHoehbT9KyV7QuXG+M/jvGnUKPeTtp/Grmd4arvLpFp9UKAXbVkvFCFyTW+562qRnh0Int88ycr6FBdQl1HTN+mQfz4lNLxNomxu+0iDMaNP0+YTncSRragpjV267IUvWzzu5Dl1StD8YUZ2/J+66helA3IGBVlIqoeoAJyrP+GNuhwInTFVBlVxDyn8N/VqJuFw3B8c2W7BX6+68asZROeaTHDu2rYfxVWhGss7oKTxz4RdiK510tLh5OtI7M5f2b8gnhqwTbsiHM4UaCXGP4JdmIsyLcUEeg9K1jQx/LsYCBi9ZaegzbhIvgi3r12495Fzw5gWfZ5Xsf7gvQYR41A==,iv:QemGZaVH7IHvLdTjhr+R7FMyuJlGk9UsZMn5aILwwNg=,tag:N3dCm2v044ZrOgPjWSrjuw==,type:str]
|
||||
mautrix-slack-bridge.yaml: ""
|
||||
mautrix-telegram-bridge.yaml: ENC[AES256_GCM,data:l+PW2hMSJJ86E17ghwGCHyzs7cO4h3MmLXQOHbZU2V06WliHnwcJw4agn1VixNTW2aJGZzJOezgqg/ZZIM5kCcENTjP13Pyd7I637bdE2XQQT9/KnrCiVFViQSJ+FqKobGVYUWuQkZGB6y3Dw+xo31wVuCP6xUKg7bqj5VgMoDhOVi3C8ckWFnvUqgIxKSTgABN1kQYGreW1jpeAJ8BtmR1mXZ+O/Qq6qNlZlGG/0i8fRwiCzm18r2R+KEtsF0DFneVI3mHqvyeSv19gn2YgNIF6E7Y0lMQBfDAhz/T+dN0uUt23huBA94xVuNEkLA6OlTkOPmVm5Y3+1TDDc1JEyVSaMyODHUFU27NhIcS85b6ImcKjhoezYIxhYU5agGzi/C8ltpt97f2wj3ONna3YRr0p19H3AW3z4X4aPpY779RZ3Ix5f8+/qRd/aiD1hTwUbUk7tILs7Gc1aa/pzOwG4/usK1AYsiO0Eryazeix50s0VvhB9kMNIs5FE+9We8aVwxQubrc3biB9HvpuUgfcQt336udHqjmpzu/xAohc9KaqiSj4gOYxKorm6JO4Y0FoPTWS7Cadq0Wbs5aZOT8SAKZUYcAQZot6n7NFVudc5wZ22SPvTSSoHinipBwYHmoesRzQjX72ZFeHcHDBi5wnWI33EaxEcmryltKyeiesoX1Dl/E5F/mMLUxkCap/pJusum/SHi38iuiKBZ545bn6xOm8kwl8hHpxfNjaNAzZEZRmyAFCgiVYr2pdm935uv2ZVMOEoD75zcds/DGACUgD/VuNVfGLRP/ZT9yh6XCk6SM9RX5Ycv8=,iv:o1rRZEi7DXUo5VrgmKwZT8/+Lvfr1i4n2Xfi+Kn7bzM=,tag:ihE864vT1LNY47MfmLPDGw==,type:str]
|
||||
appservice-matrix-bridge.yaml: ENC[AES256_GCM,data:e4ceqgp7Mw7QeS6x+6csIRbD1O4Ifp3ruEEDle6GxqD703Emn7/58hHaydmNB/By2JnHvl/d1t5RYIUqwZp25NHjxemKjnS7iLMzCjmf4KhKzWHGnGDwegbEOK7eFKM0LThgcjWKZF9Lu3JSUvcJfmXTIqjLdUh/Min41Kg09IZW3bAMLlbVioV2JUNAdWpGYet9HTKTQVFx7/Dycn28HlFTf8Pn7WM2zH+dCOqtwb8IqJI9fnvCrLLmT1nn6dsG3wZfKUXFK2RVEeoL1wSRvpNRpt3sB2fURO4GNWs+6NkPqdeiQCPGV3GkcqRzCpDWkZ5vUSYiGaSZXEJoR3UBvtx7OM8QVbGQk2TsHXBOlnlrRJXiXjrEH5x2zxD+1vB2D3vqoVhONRuRas4UcnKoocTt+HZ5Vp4cDKLxZGNrQapaMGjVv8l+LFaUVHTr3e6Hi1/qFD2Mcg0AJpFUtSzD21vzpqM=,iv:U04ozvNRpnflofWhAM5TR9gfi82gqpGqa+YHxPdjHaQ=,tag:+q3hHKXlC1oFzFD0qZZi+Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-01-22T05:50:40Z"
|
||||
mac: ENC[AES256_GCM,data:RzkcL1XLj84Xxg7CpBwirNWi46+O+2e3BcSaZkoCOrh434rxRTTX8Ifz8COW4M8+kGhZc/OKAvCsJ3mNEjFEoztm9+L1reoHRyAKl5cYL6B9uFdZqi4Qw0SH2JjtsGrbxAhYE9F7bDHnjhuOBllWHf+QZErzC4FOLZPOWaKbDRE=,iv:pyGnS5Kb15kOo9aMlELH15C7XjNpHkPALuzd1Y4gsDA=,tag:3km2NDpwEtCXrmZrQTksWg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||
=3E6w
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||
=xXRR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||
=TXST
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||
=bF9b
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||
=n6cE
|
||||
-----END PGP MESSAGE-----
|
||||
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -0,0 +1,98 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: synapse
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: synapse
|
||||
args:
|
||||
- run
|
||||
- --config-path
|
||||
- /config/homeserver.yaml
|
||||
- --config-path
|
||||
- /config/secrets.yaml
|
||||
env:
|
||||
- name: SYNAPSE_CACHE_FACTOR
|
||||
value: "5.00"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8008
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9002
|
||||
protocol: TCP
|
||||
image: matrixdotorg/synapse
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/client/versions
|
||||
port: 8008
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 120
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/client/versions
|
||||
port: 8008
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
resources:
|
||||
# These are just some arbitrary values, will have to be tuned or removed per-deployment
|
||||
requests:
|
||||
memory: 1Gi
|
||||
cpu: 1000m
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 1
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: keys
|
||||
mountPath: /config/keys
|
||||
- name: config
|
||||
mountPath: /config/homeserver.yaml
|
||||
subPath: homeserver.yaml
|
||||
- name: config
|
||||
mountPath: /usr/local/lib/python3.11/site-packages/shared_secret_authenticator.py
|
||||
subPath: shared_secret_authenticator.py
|
||||
- name: log-config
|
||||
mountPath: /config/log.config
|
||||
subPath: log.config
|
||||
- name: config-secrets
|
||||
mountPath: /config/secrets.yaml
|
||||
subPath: homeserver.yaml
|
||||
- name: config-secrets
|
||||
mountPath: /bridges/mautrix-slack-bridge.yaml
|
||||
subPath: mautrix-slack-bridge.yaml
|
||||
- name: config-secrets
|
||||
mountPath: /bridges/mautrix-telegram-bridge.yaml
|
||||
subPath: mautrix-telegram-bridge.yaml
|
||||
- name: config-secrets
|
||||
mountPath: /bridges/appservice-matrix-bridge.yaml
|
||||
subPath: appservice-matrix-bridge.yaml
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
volumes:
|
||||
# Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: keys
|
||||
secret:
|
||||
secretName: signing-key
|
||||
- name: config-secrets
|
||||
secret:
|
||||
secretName: config
|
||||
- configMap:
|
||||
name: synapse
|
||||
name: config
|
||||
- configMap:
|
||||
name: synapse-log
|
||||
name: log-config
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: synapse-federation
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
|
@ -0,0 +1,83 @@
|
|||
# Configuration file for Synapse.
|
||||
#
|
||||
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
||||
# that *indentation is important*: all the elements of a list or dictionary
|
||||
# should have the same indentation.
|
||||
#
|
||||
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||
#
|
||||
# For more information on how to configure Synapse, including a complete accounting of
|
||||
# each option, go to docs/usage/configuration/config_documentation.md or
|
||||
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
||||
server_name: "distrust.co"
|
||||
pid_file: /data/homeserver.pid
|
||||
use_presense: true
|
||||
enable_search: true
|
||||
public_baseurl: "https://matrix.distrust.co"
|
||||
|
||||
# Homeserver blocking
|
||||
# Set to true to globally block access to the homeserver
|
||||
hs_disabled: false
|
||||
hs_disalbed_message: "Homeserver is not currently accessible"
|
||||
|
||||
# Federation
|
||||
allow_public_rooms_over_federation: true
|
||||
# federation_domain_whitelist: []
|
||||
federation_ip_range_blacklist:
|
||||
- '127.0.0.0/8'
|
||||
- '10.0.0.0/8'
|
||||
- '172.16.0.0/12'
|
||||
- '192.168.0.0/16'
|
||||
- '100.64.0.0/10'
|
||||
- '169.254.0.0/16'
|
||||
- '::1/128'
|
||||
- 'fe80::/64'
|
||||
- 'fc00::/7'
|
||||
|
||||
# Listeners
|
||||
listeners:
|
||||
- port: 8008
|
||||
tls: false
|
||||
type: http
|
||||
x_forwarded: true
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
- port: 9002
|
||||
type: metrics
|
||||
resources:
|
||||
- name: [metrics]
|
||||
compress: true
|
||||
|
||||
# Registration
|
||||
registration:
|
||||
enabled: false
|
||||
allowGuests: false
|
||||
autoJoinRooms: []
|
||||
|
||||
# This is handled by Cert Manager
|
||||
acme:
|
||||
enabled: false
|
||||
|
||||
# Bridges
|
||||
app_service_config_files:
|
||||
- /bridges/appservice-matrix-bridge.yaml
|
||||
- /bridges/mautrix-telegram-bridge.yaml
|
||||
# - /bridges/mautrix-slack-bridge.yaml
|
||||
|
||||
# Turn
|
||||
turn_user_lifetime: 1h
|
||||
turn_allow_guests: true
|
||||
|
||||
# Metrics/Telemetry
|
||||
enable_metrics: true
|
||||
report_stats: false
|
||||
|
||||
admin_email: "mailto:matrix@distrust.co"
|
||||
|
||||
log_config: "/config/log.config"
|
||||
media_store_path: /data/media_store
|
||||
signing_key_path: "/config/keys/signing.key"
|
||||
trusted_key_servers:
|
||||
- server_name: "matrix.org"
|
||||
# vim:ft=yaml
|
|
@ -0,0 +1,31 @@
|
|||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
|
||||
loggers:
|
||||
# This is just here so we can leave `loggers` in the config regardless of whether
|
||||
# we configure other loggers below (avoid empty yaml dict error).
|
||||
_placeholder:
|
||||
level: "INFO"
|
||||
|
||||
shared_secret_authenticator:
|
||||
level: INFO
|
||||
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
handlers: [console]
|
||||
|
||||
|
||||
disable_existing_loggers: false
|
|
@ -0,0 +1,123 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Shared Secret Authenticator module for Matrix Synapse
|
||||
# Copyright (C) 2018 Slavi Pantaleev
|
||||
#
|
||||
# https://devture.com/
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
#
|
||||
from typing import Awaitable, Callable, Optional, Tuple
|
||||
|
||||
import hashlib
|
||||
import hmac
|
||||
import logging
|
||||
|
||||
import synapse
|
||||
from synapse import module_api
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
class SharedSecretAuthProvider:
|
||||
def __init__(self, config: dict, api: module_api):
|
||||
for k in ('shared_secret',):
|
||||
if k not in config:
|
||||
raise KeyError('Required `{0}` configuration key not found'.format(k))
|
||||
|
||||
m_login_password_support_enabled = bool(config['m_login_password_support_enabled']) if 'm_login_password_support_enabled' in config else False
|
||||
com_devture_shared_secret_auth_support_enabled = bool(config['com_devture_shared_secret_auth_support_enabled']) if 'com_devture_shared_secret_auth_support_enabled' in config else True
|
||||
|
||||
self.api = api
|
||||
self.shared_secret = config['shared_secret']
|
||||
|
||||
auth_checkers: Optional[Dict[Tuple[str, Tuple], CHECK_AUTH_CALLBACK]] = {}
|
||||
if com_devture_shared_secret_auth_support_enabled:
|
||||
auth_checkers[("com.devture.shared_secret_auth", ("token",))] = self.check_com_devture_shared_secret_auth
|
||||
if m_login_password_support_enabled:
|
||||
auth_checkers[("m.login.password", ("password",))] = self.check_m_login_password
|
||||
|
||||
enabled_login_types = [k[0] for k in auth_checkers]
|
||||
|
||||
if len(enabled_login_types) == 0:
|
||||
raise RuntimeError('At least one login type must be enabled')
|
||||
|
||||
logger.info('Enabled login types: %s', enabled_login_types)
|
||||
|
||||
api.register_password_auth_provider_callbacks(
|
||||
auth_checkers=auth_checkers,
|
||||
)
|
||||
|
||||
async def check_com_devture_shared_secret_auth(
|
||||
self,
|
||||
username: str,
|
||||
login_type: str,
|
||||
login_dict: "synapse.module_api.JsonDict",
|
||||
) -> Optional[
|
||||
Tuple[
|
||||
str,
|
||||
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||
]
|
||||
]:
|
||||
if login_type != "com.devture.shared_secret_auth":
|
||||
return None
|
||||
return await self._log_in_username_with_token("com.devture.shared_secret_auth", username, login_dict.get("token"))
|
||||
|
||||
async def check_m_login_password(
|
||||
self,
|
||||
username: str,
|
||||
login_type: str,
|
||||
login_dict: "synapse.module_api.JsonDict",
|
||||
) -> Optional[
|
||||
Tuple[
|
||||
str,
|
||||
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||
]
|
||||
]:
|
||||
if login_type != "m.login.password":
|
||||
return None
|
||||
return await self._log_in_username_with_token("m.login.password", username, login_dict.get("password"))
|
||||
|
||||
async def _log_in_username_with_token(
|
||||
self,
|
||||
login_type: str,
|
||||
username: str,
|
||||
token: str,
|
||||
) -> Optional[
|
||||
Tuple[
|
||||
str,
|
||||
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||
]
|
||||
]:
|
||||
logger.info('Authenticating user `%s` with login type `%s`', username, login_type)
|
||||
|
||||
full_user_id = self.api.get_qualified_user_id(username)
|
||||
|
||||
# The password (token) is supposed to be an HMAC of the full user id, keyed with the shared secret.
|
||||
given_hmac = token.encode('utf-8')
|
||||
|
||||
h = hmac.new(self.shared_secret.encode('utf-8'), full_user_id.encode('utf-8'), hashlib.sha512)
|
||||
computed_hmac = h.hexdigest().encode('utf-8')
|
||||
|
||||
if not hmac.compare_digest(computed_hmac, given_hmac):
|
||||
logger.info('Bad hmac value for user: %s', full_user_id)
|
||||
return None
|
||||
|
||||
user_info = await self.api.get_userinfo_by_id(full_user_id)
|
||||
if user_info is None:
|
||||
logger.info('Refusing to authenticate missing user: %s', full_user_id)
|
||||
return None
|
||||
|
||||
logger.info('Authenticated user: %s', full_user_id)
|
||||
|
||||
return full_user_id, None
|
|
@ -0,0 +1,21 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/name: synapse
|
||||
app.kubernetes.io/part-of: matrix
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- federation-service.yaml
|
||||
- service.yaml
|
||||
configMapGenerator:
|
||||
- files:
|
||||
- files/homeserver.yaml
|
||||
- files/shared_secret_authenticator.py
|
||||
name: synapse
|
||||
- files:
|
||||
- files/log.config
|
||||
name: synapse-log
|
||||
generators:
|
||||
- secret-generator.yml
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: matrix
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: sydent-ksops-secrets
|
||||
files:
|
||||
- config-secrets.enc.yaml
|
||||
- secret-key.enc.yaml
|
|
@ -0,0 +1,118 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: signing-key
|
||||
type: Opaque
|
||||
stringData:
|
||||
signing.key: ENC[AES256_GCM,data:yrRjsuapmgDgBNNXGO9YyuZtkZaFPDg80SuJgdYWS3grCnN/hmkQ5x2icAf5i4f6TjAOreYxJYzRwQ==,iv:0ww6IrM9oY47ex1zYRULQx7TdATJ9odkk5k95yDo0ms=,tag:4/MjSSY2SltTuPtMtCRUtw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-01-22T05:45:47Z"
|
||||
mac: ENC[AES256_GCM,data:GitHfIeAeu4g0bf1obvjd0TS6j5AZ0qo00i4mwIL3MKtCVa3dLfGkx4dE9SD0NZqBMpHdZTWnns145uCXnJTVdyLAlz54AuG/bn7eO642SghLpUvhyhH+c+xxQF2c3UJiR7TBdjJBh0BUBSO/yOBB0ondzocW9T1hDg/ExBjeo8=,iv:77yhCNc2cJ7/uuXOEma5LEyU0YIJSQiw4IYLLASli04=,tag:41IvCCKLfQZUNHsv6DvMsA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||
=3E6w
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||
=xXRR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||
=TXST
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||
=bF9b
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||
- created_at: "2024-01-11T20:55:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||
=n6cE
|
||||
-----END PGP MESSAGE-----
|
||||
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -0,0 +1,16 @@
|
|||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: synapse
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 8008
|
||||
targetPort: 8008
|
||||
- name: https
|
||||
protocol: TCP
|
||||
port: 8448
|
||||
targetPort: 8448
|
||||
selector: {}
|
||||
type: ClusterIP
|
Loading…
Reference in New Issue