Compare commits
28 Commits
1b6e5156f4
...
800af4d364
Author | SHA1 | Date |
---|---|---|
Ryan Heywood | 800af4d364 | |
Ryan Heywood | 0ca85e65f8 | |
Danny Grove | 7899f443e9 | |
Danny Grove | a8ce7cc03c | |
Danny Grove | 9d5e1f074f | |
Danny Grove | b2e1530b33 | |
Danny Grove | 59c36f47b3 | |
Danny Grove | 11840a0947 | |
Danny Grove | 10119fd557 | |
Danny Grove | c3d9a55497 | |
Danny Grove | 860ee7772b | |
Danny Grove | dda0c1f77c | |
Danny Grove | 6d149d96e5 | |
Danny Grove | b3882daf31 | |
Danny Grove | 342a85081d | |
Danny Grove | 4d463021b5 | |
Danny Grove | 9b012b72da | |
Danny Grove | f5495de7c0 | |
Danny Grove | 759571e589 | |
Danny Grove | 19362e2706 | |
Danny Grove | f520054dd5 | |
Danny Grove | 8d6b5f5334 | |
Danny Grove | 90937430f4 | |
Danny Grove | 43bb6b8810 | |
Danny Grove | 701b304c9d | |
Danny Grove | 25f62adf16 | |
Danny Grove | fa1ac5a44a | |
Danny Grove | e82185c247 |
|
@ -1,6 +1,6 @@
|
||||||
[submodule "src/website"]
|
[submodule "src/website"]
|
||||||
path = src/website
|
path = src/website
|
||||||
url = https://codeberg.org/distrust/website
|
url = https://git.distrust.co/public/website
|
||||||
[submodule "src/toolchain"]
|
[submodule "src/toolchain"]
|
||||||
path = src/toolchain
|
path = src/toolchain
|
||||||
url = https://git.distrust.co/public/toolchain
|
url = https://git.distrust.co/public/toolchain
|
||||||
|
|
34
Makefile
34
Makefile
|
@ -7,7 +7,7 @@ ENVIRONMENT := production
|
||||||
REGION := sfo3
|
REGION := sfo3
|
||||||
ROOT_DIR := $(shell pwd)
|
ROOT_DIR := $(shell pwd)
|
||||||
# TODO: automatically determine
|
# TODO: automatically determine
|
||||||
TERRAFORM := $(ROOT_DIR)/out/terraform.linux-x86_64
|
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
|
||||||
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
|
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
|
||||||
KEYS := \
|
KEYS := \
|
||||||
6B61ECD76088748C70590D55E90A401336C8AAA9 \
|
6B61ECD76088748C70590D55E90A401336C8AAA9 \
|
||||||
|
@ -15,13 +15,13 @@ KEYS := \
|
||||||
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \
|
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \
|
||||||
F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
|
||||||
|
EXTRA_ARGS :=
|
||||||
|
|
||||||
.DEFAULT_GOAL :=
|
.DEFAULT_GOAL :=
|
||||||
.PHONY: default
|
.PHONY: default
|
||||||
default: \
|
default: \
|
||||||
toolchain \
|
toolchain \
|
||||||
tools \
|
tools \
|
||||||
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
|
|
||||||
$(CACHE_DIR)/website/.well-known/openpgpkey \
|
|
||||||
apply
|
apply
|
||||||
|
|
||||||
.PHONY:
|
.PHONY:
|
||||||
|
@ -76,6 +76,13 @@ infra/backend/.terraform: \
|
||||||
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
env -C infra/backend $(TERRAFORM) init -upgrade \
|
env -C infra/backend $(TERRAFORM) init -upgrade \
|
||||||
'
|
'
|
||||||
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
|
env -C infra/backend $(TERRAFORM) refresh \
|
||||||
|
-var environment=$(ENVIRONMENT) \
|
||||||
|
-var namespace=$(ENVIRONMENT) \
|
||||||
|
-var region=$(REGION) \
|
||||||
|
-state $(ENVIRONMENT).tfstate \
|
||||||
|
'
|
||||||
|
|
||||||
infra/main/.terraform: | \
|
infra/main/.terraform: | \
|
||||||
$(TERRAFORM) \
|
$(TERRAFORM) \
|
||||||
|
@ -85,6 +92,13 @@ infra/main/.terraform: | \
|
||||||
env -C infra/main $(TERRAFORM) init -upgrade \
|
env -C infra/main $(TERRAFORM) init -upgrade \
|
||||||
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
|
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
|
||||||
'
|
'
|
||||||
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
|
env -C infra/main $(TERRAFORM) refresh \
|
||||||
|
-var environment=$(ENVIRONMENT) \
|
||||||
|
-var namespace=$(ENVIRONMENT) \
|
||||||
|
-var region=$(REGION) \
|
||||||
|
-state $(ENVIRONMENT).tfstate \
|
||||||
|
'
|
||||||
|
|
||||||
infra/backend/$(ENVIRONMENT).tfstate: \
|
infra/backend/$(ENVIRONMENT).tfstate: \
|
||||||
$(TERRAFORM) \
|
$(TERRAFORM) \
|
||||||
|
@ -96,7 +110,7 @@ infra/backend/$(ENVIRONMENT).tfstate: \
|
||||||
-var environment=$(ENVIRONMENT) \
|
-var environment=$(ENVIRONMENT) \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
-var namespace=$(ENVIRONMENT) \
|
||||||
-var region=$(REGION) \
|
-var region=$(REGION) \
|
||||||
-state ../../$@ \
|
-state $@ \
|
||||||
'
|
'
|
||||||
|
|
||||||
config/$(ENVIRONMENT).tfbackend: | \
|
config/$(ENVIRONMENT).tfbackend: | \
|
||||||
|
@ -107,9 +121,17 @@ config/$(ENVIRONMENT).tfbackend: | \
|
||||||
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
env -C infra/backend \
|
env -C infra/backend \
|
||||||
$(TERRAFORM) \
|
$(TERRAFORM) \
|
||||||
output -state ../../$< \
|
output -state $(ENVIRONMENT).tfstate \
|
||||||
> $@ \
|
> $@ \
|
||||||
'
|
'
|
||||||
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
|
env -C infra/backend \
|
||||||
|
$(TERRAFORM) refresh \
|
||||||
|
-var environment=$(ENVIRONMENT) \
|
||||||
|
-var namespace=$(ENVIRONMENT) \
|
||||||
|
-var region=$(REGION) \
|
||||||
|
-state $(ENVIRONMENT).tfstate \
|
||||||
|
'
|
||||||
|
|
||||||
.PHONY:
|
.PHONY:
|
||||||
apply: \
|
apply: \
|
||||||
|
@ -126,7 +148,7 @@ apply: \
|
||||||
-var environment=$(ENVIRONMENT) \
|
-var environment=$(ENVIRONMENT) \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
-var namespace=$(ENVIRONMENT) \
|
||||||
-var region=$(REGION) \
|
-var region=$(REGION) \
|
||||||
'
|
$(EXTRA_ARGS) '
|
||||||
$(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig)
|
$(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig)
|
||||||
$(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig)
|
$(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig)
|
||||||
$(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml)
|
$(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml)
|
||||||
|
|
|
@ -22,7 +22,7 @@ SOPS_REF=b6d3c9700d88e0c9348f3ec7cd2f10ce4a4b3ee1
|
||||||
BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2
|
BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2
|
||||||
BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314
|
BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314
|
||||||
TOFU_REPO=https://github.com/opentofu/opentofu
|
TOFU_REPO=https://github.com/opentofu/opentofu
|
||||||
TOFU_REF=f9d8b3ca2c0926f66757241baf81af523be73726
|
TOFU_REF=5d05dba18b6e276a6262a4722fe90c13350c5428
|
||||||
KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops
|
KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops
|
||||||
KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170
|
KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170
|
||||||
KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize
|
KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize
|
||||||
|
|
|
@ -16,13 +16,6 @@ resource "digitalocean_record" "billing" {
|
||||||
value = "45.16.98.153"
|
value = "45.16.98.153"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_record" "chat" {
|
|
||||||
domain = digitalocean_domain.default.id
|
|
||||||
type = "CNAME"
|
|
||||||
name = "chat"
|
|
||||||
value = "distrust.element.io."
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "digitalocean_record" "www" {
|
resource "digitalocean_record" "www" {
|
||||||
domain = digitalocean_domain.default.id
|
domain = digitalocean_domain.default.id
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
|
|
|
@ -10,21 +10,18 @@ resource "random_id" "suffix" {
|
||||||
byte_length = 8
|
byte_length = 8
|
||||||
}
|
}
|
||||||
|
|
||||||
data "digitalocean_region" "provided" {
|
|
||||||
slug = var.region
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "digitalocean_custom_image" "talos" {
|
resource "digitalocean_custom_image" "talos" {
|
||||||
name = "talos"
|
name = "talos"
|
||||||
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
||||||
# this gets reset by DigitalOcean otherwise
|
# this gets reset by DigitalOcean otherwise
|
||||||
distribution = "Unknown OS"
|
distribution = "Unknown OS"
|
||||||
regions = [data.digitalocean_region.provided.slug]
|
regions = [var.region]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_vpc" "main" {
|
resource "digitalocean_vpc" "main" {
|
||||||
name = "talos"
|
name = "talos"
|
||||||
region = data.digitalocean_region.provided.slug
|
region = var.region
|
||||||
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
||||||
ip_range = "192.168.0.0/16"
|
ip_range = "192.168.0.0/16"
|
||||||
}
|
}
|
||||||
|
@ -45,7 +42,7 @@ module "digitalocean_talos_cluster" {
|
||||||
size = "s-2vcpu-4gb",
|
size = "s-2vcpu-4gb",
|
||||||
}]
|
}]
|
||||||
vpc_id = digitalocean_vpc.main.id
|
vpc_id = digitalocean_vpc.main.id
|
||||||
digitalocean_region = data.digitalocean_region.provided.slug
|
digitalocean_region = var.region
|
||||||
}
|
}
|
||||||
|
|
||||||
module "digitalocean_database_cluster" {
|
module "digitalocean_database_cluster" {
|
||||||
|
@ -63,10 +60,54 @@ module "digitalocean_database_cluster" {
|
||||||
}, {
|
}, {
|
||||||
name = "forgejo",
|
name = "forgejo",
|
||||||
create_default_superuser = true,
|
create_default_superuser = true,
|
||||||
|
}, {
|
||||||
|
# We're creating this database, but then need to delete and recreate manually with LOCALE=C. Otherwise synapse won't work
|
||||||
|
# CREATE DATABASE synapse WITH template=template0 owner=doadmin locale="C" encoding=UTF8;
|
||||||
|
# GRANT ALL ON DATABASE synapse TO synapse;
|
||||||
|
name = "synapse",
|
||||||
|
create_default_superuser = true,
|
||||||
|
}, {
|
||||||
|
name = "telegram",
|
||||||
|
create_default_superuser = true,
|
||||||
|
}, {
|
||||||
|
name = "mautrix_slack",
|
||||||
|
create_default_superuser = true,
|
||||||
|
}, {
|
||||||
|
name = "matrix_slack_appservice",
|
||||||
|
create_default_superuser = true,
|
||||||
|
}, {
|
||||||
|
name = "media_repo",
|
||||||
|
create_default_superuser = true,
|
||||||
}]
|
}]
|
||||||
|
|
||||||
vpc_id = digitalocean_vpc.main.id
|
vpc_id = digitalocean_vpc.main.id
|
||||||
digitalocean_region = data.digitalocean_region.provided.slug
|
digitalocean_region = var.region
|
||||||
|
}
|
||||||
|
|
||||||
|
# Crater App requires MySQL currently, when it adds PG support we should migrate
|
||||||
|
#
|
||||||
|
module "digitalocean_mysql_database_cluster" {
|
||||||
|
source = "../../terraform_modules/digitalocean_database_cluster"
|
||||||
|
|
||||||
|
cluster_name = "distrust-mysql"
|
||||||
|
db_engine = "mysql"
|
||||||
|
dbcli_name = "mariadb"
|
||||||
|
db_version = "8"
|
||||||
|
size = "db-s-1vcpu-1gb"
|
||||||
|
node_count = 1
|
||||||
|
|
||||||
|
databases = [{
|
||||||
|
name = "crater",
|
||||||
|
create_default_superuser = true,
|
||||||
|
}]
|
||||||
|
|
||||||
|
vpc_id = digitalocean_vpc.main.id
|
||||||
|
digitalocean_region = var.region
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "digitalocean_spaces_bucket" "matrix_media_repo" {
|
||||||
|
name = "${var.namespace}-${var.environment}-distrust-media-repo"
|
||||||
|
region = var.region
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
|
@ -80,10 +121,11 @@ locals {
|
||||||
])
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# `jq .database_users.value.forgejo | sops --encrypt`
|
# `jq .database_users.value.forgejo | sops --encrypt`
|
||||||
output "database_users" {
|
output "database_users" {
|
||||||
value = {
|
value = {
|
||||||
for db_user in module.digitalocean_database_cluster.database_users:
|
for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
|
||||||
db_user.name => {
|
db_user.name => {
|
||||||
apiVersion = "v1",
|
apiVersion = "v1",
|
||||||
kind = "Secret",
|
kind = "Secret",
|
||||||
|
@ -111,6 +153,11 @@ output "database" {
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "mysql_database" {
|
||||||
|
value = module.digitalocean_mysql_database_cluster.database_cluster
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
output "vpc_id" {
|
output "vpc_id" {
|
||||||
value = digitalocean_vpc.main.id
|
value = digitalocean_vpc.main.id
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,12 +2,13 @@ terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
digitalocean = {
|
digitalocean = {
|
||||||
source = "digitalocean/digitalocean"
|
source = "digitalocean/digitalocean"
|
||||||
version = "2.28.1"
|
version = "2.36.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
backend "s3" {
|
backend "s3" {
|
||||||
skip_requesting_account_id = true
|
skip_requesting_account_id = true
|
||||||
skip_credentials_validation = true
|
skip_credentials_validation = true
|
||||||
|
skip_region_validation = true
|
||||||
skip_get_ec2_platforms = true
|
skip_get_ec2_platforms = true
|
||||||
skip_metadata_api_check = true
|
skip_metadata_api_check = true
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,117 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: env
|
||||||
|
stringData:
|
||||||
|
env: ENC[AES256_GCM,data:eOLjpVzWl5bamDBmg3an2DrYKJcyMve/RkHha5PvsPFInQLJHlPm0qHP8AucafntFbTg2tV5umcnlJ2+aqNv5h1UF7QGN1oKhe8VTHHxKG4fZWD+m+j+UfpD6eA8dmEf//npgiJsBAx6qRBDWN4SxkryNAP9WsiiN9+VMsJdWe5ItQYQLU+uPNjDHMjYnw1p/JcIxilFFMn6GSV4Kc62ilE6oU5cUKk96xm/JzIX/T4GZ9q3LzCdJtaXsNic/9i6EDDIxNsLYzn0A+T1hp+jZ4k4HICx6ATPA85k1NhH0cH/r4aOv9BYed1375wkWWp4v3qzC8paHATZ5pyPeUrpJqd/uPAE8IYO3sDTimWBKU7X/O0lfTO4tiNVQFDF8cXq8tRJlZWogs67iSSepjb04e7a+OFW9f++E4eeXrbSsVw+YW43Rtbhjw0qlVBM4nBFCchiZk8etTIFkfVvbirvdcLCOCtzjtYO8rVNdj6tzwBFrpFrbvCxgEMLB6P6FwM5epMfiiOLF9DT+ljFeafBEXvy+kU5afYkf1Sh9HNvvs9ifOILyFXjMXb9jAKvNPqd0rZPOQhyvBIwRlhbsWfPO4owa/mFpNmU9mYOwHSFrVZ+V5bDAzXTQ9LKS25/NonBil0c+99peN09U5CwL1gNOtRIaFP3VlRR3/FhUwyKlgeq/Ah0s6jYN7LcNyTj0PKIMjdLotO5XHssQW+Z34s0EDDdkH1t+IODbtE39oVeErfatj+i3kFNSL+E6iVbe3KiWLIWm1xDf0pP5PD/N0OVi6abj/2OD5ClylDzO2q7dRKn3aHlRAZWXeQGMq9hxJm6VCP9HspQs+pGjDiMOs/cYib6LWkoeVN3IDV9rQ9XHeHKAXOQYVQ58auuYAIJ9qbLG0+YQvHoHiFtuK3ucXMbq17oQ/NjZEX/e77ZZCYTfxuxhW9Zwa1abojIwrfKSyhoh91HHvgYmOh8hU+gCthWDNaPJ8XIAaGy+M9V7F2TK4V2vPy6xLp/XmzPUchO78/ZcW71jPDoR7pV5I3vab+c27EWlPw4mv4U+emnVZ1L7VM7+EkpsXuncNaKPCaFz1LDl4sbaAJSS2UK2ZfBBbM/EcGT2Ymm8jOjBwHwDi2VqN/CHMf6qG3P9R3XN/jNU5ShR97D52mSE3zy25wJHcv4Z8iSu98KEC9rNvJviPjncftWkycGjWFXx7mLwsKo6VyfUn/OXuk=,iv:HXTsRJEHxceO1HIA4CaR9CYt3oO18+cdeTAiBk4w0zo=,tag:e44hqgGLC9ugivxaxr+0Gw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-04-01T03:47:06Z"
|
||||||
|
mac: ENC[AES256_GCM,data:mrjkTQF+cKuNzbaAaflQCTMT+H7D0dKL6keVLs1ig6ok4Z6JCKxe9+1Fa3q2OIpgq0bhHZqPPe5e2ztQSAzFC9z6c7YCHGh6kPZ8fQ7F0l2dATqNSeaRMsjsMdo7vOOQjNqj0SkeU5c4PSQpQHz9Rg7CtMupQ60iLbsm8GGM1tU=,iv:uhzyxgDSdJ/jw0qZyOddxP3JZ3S4okuWhZdJE22nDEI=,tag:EYe9MYxL8QDPe9Rf53OM+Q==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:56:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAvQd7qO44LNyywY03qCXI18cx6nj9mo36ehJyq6wuYhWa
|
||||||
|
n95jXEsmRbGt2l8cAJrH9sZB3uE5DCfeZMzEiZ9heaAyxzC34BxSGP+4PBdRqp6B
|
||||||
|
jv7Ej6F9lV70bQYvDDry5ihWRmADEVrnDrs2+pXsMQiui9dZSGB676d2PIdliV6y
|
||||||
|
StqbyudjWZS6fLv2xy25yxJBfzb27rLh1d2yo/9AEm873bFVn7bXQxwOoud8s8KU
|
||||||
|
MLsQxE05zDQrzm+RpDU0mYk3X4ByyL0/J0dyipjHErOLhOCk2MZ4xTVW8U+Jefuu
|
||||||
|
htLAzftc9NGwWHdSVXqfwSWUq/UklzurPdDcA1riEqE4XmE74cdgP0vqHYeGPykh
|
||||||
|
M67Xcr1WLDk7i/n4EISqnp5qwItfJIxWlEpKNANEMveYggHXUz3wTk7qHwjpIDwG
|
||||||
|
7mMfKlL221M1elk1lY60bx//tr2ZqIlN9IXCjOUZOlxlqvYcmie09YbR6tRZAbag
|
||||||
|
KZcq4s5y5HlVQ10ZUe7eY8qjXMlLVm7N+TJRnfgJrr2+7GTy/wCcx5nwsVBeYm8h
|
||||||
|
GrHT3PS0CVRA19ynlEqF1jXfqlRMjX0szPIUGb6/7HLiw514otq3KuZmHYAq2TZ2
|
||||||
|
HMKncOptoUyfpG252v6NJYQC7yF76tdd5YuykeD40ZOBUULtvUEOZyZVdsaAU9zS
|
||||||
|
UQHygqf8d16qbh2rWK69Kqmc8DbZHCH/f1IDwekPOsNltQhdgn3lOP7gNSEwI7yV
|
||||||
|
/qk+5kVHg+Yk0l1K34v5aiWEGrI1SKd1m+nvVW7VcEtufw==
|
||||||
|
=SjUY
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:56:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ/+OHoip407wu+pF9bWolOK+dViuRhA/X9JUVyQfJer9HM2
|
||||||
|
thZUChYerdnUBn674pVUkjS5szch19pdZLeK5/YqUXyWoW1qHUgYgzHHq6JvxXXf
|
||||||
|
PIC7Q+jCfsmDBGcSJefK9rA5u7S+7rULBZvbMbL7gpCG8cG0aXJBoNLzZ/vva16V
|
||||||
|
x/3Mn6taKjZX0ACeoQ4ma4HS6kB3Nz280S8PKIQeMuUQQfXNWMAlR2ebleovvmvh
|
||||||
|
pJtN0T5dMLEImexLFSgfPoU1OQmfrnQR/mWP0W3LtGn2o8EE5LordJSgMuwd5eqv
|
||||||
|
v+XOHoj5E5O88SO2mIwWY0Oh+6P5pf6PJDL8XLLq+0nm2HZrK1Ip8WvYar9xi/12
|
||||||
|
HClde7vk1ESWw9Kdiop6rSj7C7M3dD+95ufG6F3c1XJQkp3H+AlK7aTK3/rx6Dml
|
||||||
|
FekNVioLC0LjiMZ1ZeVBOtIYoXXyrYE8nQF9E6kkW/o6dajMDo9F0Ck5LWLiES/E
|
||||||
|
34bHkP3p+lwOOj0l8PONG/MaP5j2S8v7LjfuMBxcuoo1RhplLJQLUYGvkywmqDK2
|
||||||
|
2t5vqIkpGAxBN6WNgZt0OwcBlPC3PP3JHQ+kIn9Sk3MAR5plCAhkywTHFwoDBe1e
|
||||||
|
FnlmDyVjgOdtzZl3aNjz7uOiDtpecwPmsxah8ox7H5wOOagAabDhweFXh0IxKKXS
|
||||||
|
UQH4zAt2MLHWqAAGjFPFiYxb/ugU1R5Qjv6NKw8bWGFOrbexMiA2bCGOGmstxd7G
|
||||||
|
SU0tn54SBi+wOEDmJGnaZS89ZzGEoRm6LRJ5EJz+a03tTg==
|
||||||
|
=KOLu
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:56:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAArZ/F2Sh0LIACUnzLO45O0GsesOm4QS/vVEcZ0BDms/fi
|
||||||
|
Xe4mmJbYTvRIgWfoXpbt79UreBamMFCSpXBPJnx/d2F0s1RHxKvbq7LwNL/qpH3/
|
||||||
|
pUJuAbToVTqLyS329YfJVtGtfYRsL0nIyt28wNjz4XudoTfoaaegk+1SSpedT7gW
|
||||||
|
Wq4ipL3m226yXyTv6DTu61o389TV3H2OR18hawjF6lDfDSCYtNexRCxV3aSqkDU5
|
||||||
|
Ik9n9OkWrIgJ0ZM4DJ7U/Ltx9ju89oWCmjBfw6IPSkQGSBMNbTolVHdrFbtsygK4
|
||||||
|
FnHRJn75Q7RkrobkrusqypFqu+D9QK2tijOhahFxfdU/S/zWuzfPiKv4m+iwRo5Q
|
||||||
|
UeJ43uea8DtnfLCIHISh80mqXwhEpulEb73l7y80EdtHuRURlqer4KPmVtV2Q620
|
||||||
|
OyLHugmLaqJUXzC6sPyrWBO2tPMqD7JRA34fx5gOVRvyd6KdTc/Pn64/nbqWFcIM
|
||||||
|
94VIOdJUGoyDtxLVPu7nttlVddqn0obUmSuSvs1ouTntMkScRS6hNTptxS3BbQZ+
|
||||||
|
FDG/mLgArkrEk/2m/+OuxH4teRqDVcwgbKzkZWgZ0RH6k4v2BJSKnTT1S5TOjJg5
|
||||||
|
H/RcnMtQeZq0G67fz8uwo3Hqm6FAGBuaWkhtDknNtLEXHaOGE8IIM9L2CeLftq7S
|
||||||
|
UQGxv6DQZ7PpMjo4LRCyCHNj9ddykRneojKG5cjQxMhTMH2PmamfpB+c2dUSvqin
|
||||||
|
Ius8vdBiHGuvEwcdJQ3m7cYhkLZWuRgIqGpIrGJX5dvTIw==
|
||||||
|
=Hi+j
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:56:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ//fyZa4Tzetgnur+02xwrfyxuU3Pvh2+NqSwFQCpo+reWo
|
||||||
|
bO59a5McV5rWnzL59r9XK/SGwBN87JiDFaTvpc2VJnGAxkz6vw5fuXQI7opybVp/
|
||||||
|
exqsqtR6lFLaznAi53oeIgBXIg2svOLr5tD6y9eh6eB4rGrbVf8T2N7TlrSal1RT
|
||||||
|
qoRjtLLZtNXWPMyIGUTjTr4HIUoYvScwQkBhG54R78PXtkW3QfmYJVqXlzTsbKrM
|
||||||
|
uAdC+Fd7k2ko39s64PPG6QsFFBg81UAz8SvQPfe6b8sv5IaVDBBk8IJ1tORX5/26
|
||||||
|
BbXOQLjyqdxHR9/KDeS/wj1e9rpRH3BgHybft0T9vBZyyBZY1dPAisRKXThs/Khb
|
||||||
|
QZUrEd9tNQqGhJrBEKGQuoY39G6mVOywvi4Amubg4L4VbETOD1CM8MMQFlhWmXDP
|
||||||
|
k6UYMY4vUt9O9/R8SljZBejO6Y2+smCzC4lDq5W3sBu5P+JnnHCnM0wgRoS1aCpR
|
||||||
|
tsBIKE1f+rlG+kb6eTGcCCR64H+TK9hT49MtbkFeKUO7rlZkbxqKgYdN/Q1HzCEW
|
||||||
|
YCYsxzJQo4mqTRQ4PYRvo+9Oo9gGtWY48H09qTGR737qayxA3VpdHepABBHC9nm5
|
||||||
|
BogU/3lTH9PzjESZkEckE1sx7QHUs39FiovXDgvsMRt6+wo6Y5L+dKoXU4MszAzS
|
||||||
|
UQE0UZL7h7N+QvTbujVrarB6A6vVlwjV0gbQJDRXmPw2awJjBvsjGNfLQ0mruwqb
|
||||||
|
RLB5G2SvQHiILN/ByD3NxhonQ90mPSjmVBfbdsOp6H4woQ==
|
||||||
|
=J+qg
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:56:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+AQ//USOIJ5cPWOQgcqjauvvccC22wxU7Rp/Bx86ajZFpL6M3
|
||||||
|
ns8g3TC4ga8OO2XYjLTHNXPAzPvEE5lskpO+bkDbqRPkkkGeauqupQTtDIMg25kF
|
||||||
|
ouBPcvCirWvBJ3uiHHKw1hvTMXAIwcdvIyvxP4zK7sWU8OScDw9nNS8uhOLH9wds
|
||||||
|
J+Y0qWPuxAJrJF8cgLORxjk5BFh5IdOrmijm72+qEHER6qgYgXoVVbGtIixUTcfv
|
||||||
|
H9TqxHPkeqgMH2QVGEGKGRueoUVWc0FXtVLNRKlZ5VYX+nZUBDdhVjiiG6DBkWtu
|
||||||
|
BayAhjRFh/oGs4Q+WyozKy/mv1hJvxsRjpyK78wYw0yQVuwfd/X73y2EkQQNquCk
|
||||||
|
SyzU+C+5+faJpf9HPq2nv1zrUJid1zSv01IE70OsRFAgKXI9thQlx3VIbLTU6RkZ
|
||||||
|
Bw6BsWoQmanUR3DUzWvL+lhzYLKhVQ9Gf9rPOK0B1XTvntTGgq1zOYQn/FmlhJjc
|
||||||
|
SJoXgNU+i9F52CGIJ0fTZaw+8+aJ6oL9SLETl4T9Gj/XCpuDUGJAMP++V7YLWsEf
|
||||||
|
5tqwHDngm5UJNmqy5vzVbQAIVyLCK868S4xNFRUFwQMCZCHQeW4MhVM5XFE0d0ab
|
||||||
|
A5MSm8X7HmYgvg+WvXzawyEX3OyAnw1RZ+n+b6w2NN8YLP1kRLjirDS3PbsLybTS
|
||||||
|
UQHc1/GvEhu+7CSv118mKOyJwOQ6u1KAblmg2yzyhxN6ZvuwNJ9zvSnovSALJHWQ
|
||||||
|
HSwUH1xcOoL1xQTwJ/+Ha/n1q9i2MqD4uLSP29yYGgdq1A==
|
||||||
|
=cXXw
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,23 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: invoiceshelf
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- host: billing.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: invoiceshelf
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- billing.distrust.co
|
||||||
|
secretName: invoiceshelf-tls
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/part-of: invoiceshelf
|
||||||
|
resources:
|
||||||
|
- statefulset.yaml
|
||||||
|
- service.yaml
|
||||||
|
- ingress.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
images:
|
||||||
|
- name: invoiceshelf/invoiceshelf
|
||||||
|
newTag: 1.1.0@sha256:50787e404725ad4f47462eaf38832d97c627a5d139d51a84f31a9bd90caffb3f
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: invoiceshelf
|
||||||
|
files:
|
||||||
|
- ./env.enc.yaml
|
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: invoiceshelf
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: invoiceshelf
|
||||||
|
app.kubernetes.io/part-of: invoiceshelf
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: invoiceshelf
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 80
|
||||||
|
targetPort: 80
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: invoiceshelf
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: invoiceshelf
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: invoiceshelf
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: invoiceshelf
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: invoiceshelf
|
||||||
|
image: invoiceshelf/invoiceshelf
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 80
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
startupProbe:
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 5
|
||||||
|
failureThreshold: 10
|
||||||
|
httpGet:
|
||||||
|
path: /api/v1/app/version
|
||||||
|
port: http
|
||||||
|
livenessProbe:
|
||||||
|
periodSeconds: 5
|
||||||
|
httpGet:
|
||||||
|
path: /api/v1/app/version
|
||||||
|
port: http
|
||||||
|
readinessProbe:
|
||||||
|
periodSeconds: 5
|
||||||
|
httpGet:
|
||||||
|
path: /api/v1/app/version
|
||||||
|
port: http
|
||||||
|
volumeMounts:
|
||||||
|
- name: invoiceshelf-data
|
||||||
|
mountPath: /data
|
||||||
|
subPath: data
|
||||||
|
- name: dot-env
|
||||||
|
mountPath: /conf/.env
|
||||||
|
subPath: env
|
||||||
|
volumes:
|
||||||
|
- name: dot-env
|
||||||
|
secret:
|
||||||
|
secretName: env
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: invoiceshelf-data
|
||||||
|
spec:
|
||||||
|
accessModes: ["ReadWriteOnce"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
|
@ -0,0 +1,119 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: matrix-appservice-slack
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
config.yaml: ENC[AES256_GCM,data:r4qTOla/LsGtMojbqC0px9vVeDN/308lx19WR1FcHOh/FenPOmhiVN6yqEHiL6NppHm+SfrSdAa58ghF6GVdbv51/Z6K435MPpoAXbcmw2JceZbHZJ2k0u4aY01nWYMKUU+oKcowdzL4bmkA4jkX4XcDVEsA9VlZPAYmSN4O0s4uLl2pJ1K5i0qng2KaCYKAwk5OTK4w//+lK7UhmVC2TBlGZ8MUyuHsvk0zUkWfdXeFtmtVN48LwS3gdjY2ynHDTYl4cmXtErfbqLkdjWLGcTS1LCaIhOSFYTQm04tAWc9TCKB3xYvpx9hSUKN/KrreK7zh6zr2NTYaRMiXPlUT8PC7VdwEkpZPq9fYkeMBBSlRiYUUO2q19Y2rtidWZ3UeKr2MPJA2a9A7l/JGpYeLk7Bg/623xfp2rvqysFbjVQHsR2FUrnhdV/DK6vafRrjPbdKOWjaorc3UdZ6LeS191zwTKUsZHQuW35LXrg+Xhiovle5FetgqVSeMtdAigLQ7rtUzmilZk8clDstibLzmGkKeBsFZKFDkNlMxQmHarA2bH5RcBazugokztEUgRBGVL4XAjStlyYez0EqAXdC7FmxRctx/8fS6n7gLv2eLOxFswNbjpZRDG8ctPGQIF2xPIkV3Ahf9UH1A2Q5pVRCvd49yLflCBE+MFyVjz2FvpkFg915TN3K0j4OKuIW8E5D3whO8e+ofJiZGSgw7+NYZfJi/d1SPMkCyJG5M9wtTJLtLWMDxmvhJlkGO5Hxu/f06EygMKvF1P8DjkpvbFDjClKS/WjmN4IrccYUgrL+kL7XsQZ1EfvFPu/ioKGV9OuHQfOJNqMNPQdGwjg830GSjn2GeyArYSsQ1mJ1QOCPPdlzNpwYf8WRCELAt8LnTWEuKuNpfesvp5pN8DaAa2qagiHMwRKXcwuutgfL3j9gD1wmu3hzbWEilWXXykh75JjM8bPTYkQQWQVJSwjfv9fnlxwxg8bueaVydOyI6TOLfowsDEJR1zy7L5d6uUMwJlrtjHms6N3SYJ4mrgogCrOkH4qX+MMAnkUfVAbxmPvX3u9bxIqbOSoUuzjQto/LJnpPwY6MblEEpkLVo42n2Vaaq2ihMtzXLeq4qd+g7PIQf47RNWtP78+T8csxzlPG7s+c8UPZCoKoVw9EFBXS7SBE=,iv:xNXCfyNWCbWgeDL0oEkPFSxtPxH9SNcUb6nfGo2bRaU=,tag:uy9IUhzGgKgrAI0Fu+hR1g==,type:str]
|
||||||
|
slack.yaml: ENC[AES256_GCM,data:68WCMYcGwY70UwSNdEPeWPWZCJ1+BFO+KJni+oW+1VAnkGgwM7DAw06bWUIlYmwbPMotJqghU8pZicQu2CWaDKxSyvNvTYIyUBSgaUgyhgkAt5iP1fJzM7AA64OLZiJkP3WvfMvQqZpj5q6VMVtci+kETP/C2n2D9SR6g0GqOvSVDOQ14BcEdQZhX/GIqYVy6O1WwER/MMcrzF0gS8Xljhgh1QEwbHN3V6SaDRRt9H3PtxINovs6+N7WBTN6X19npNCvo+vBWc04BqRQOnTbvKDodeI8CSNoZVCCXnGmRdDYmQTX3l8B1ax7pVcq8qgQbT/g10CzIQ4D5/xooXWyPBJO8G3DvWSBS1q6eq/h6Ff5/dof0dpM90r1Snte+rBygioNXNDxZxHiftGHDdHutI2xFsy2d6jpAgSWI9SE+FPrOZO+VVg3oGf1CJ9szcAir9Y3SafwzyNBwvCL9XbRWOb5YR3v9JRbLlyFdPSuBFQciYnxxhPK7xdLr+ggC4YBg5NH51TvPFFrlRBhkHc21GgMpQWW/ambmIPoN8N1ibaIAAywALHVvKcVhVRjSgStRubqkPOw902V1S9YhVl5vb6QtxaI3jZLLtq1uCJwEJ350kY7xIPDvS17J0/HzZBivm8=,iv:BsODzIfvxPxLpZSomElorgtvdn8ejcYIMHE8Ze4VC1k=,tag:xpSnNsE06QEoNAtnCN2vNg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-03-12T00:01:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:VSdnKuVIv4VBy4MpIuruPVgDqMFLM33VwfWHrQ2V9rWJkqEvWlgrZDZG92qGdBthmcmfhpClCZeAmEI//U5/ejb+rilj1OOkfFqYIHG+JGzEXyKVnWZeHEcWzEGuYDG78n8XgFuCMiexScHOhLcRSiGRN++jzXTAGMp8U2z7feE=,iv:aw7cTJfRq9Z2tJlPFQhE0HYoLweds8b4ybCTofEcMFo=,tag:lgWspTjb1IX8jR1Hq95WCg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||||
|
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||||
|
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||||
|
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||||
|
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||||
|
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||||
|
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||||
|
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||||
|
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||||
|
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||||
|
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||||
|
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||||
|
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||||
|
=3E6w
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||||
|
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||||
|
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||||
|
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||||
|
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||||
|
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||||
|
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||||
|
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||||
|
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||||
|
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||||
|
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||||
|
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||||
|
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||||
|
=xXRR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||||
|
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||||
|
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||||
|
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||||
|
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||||
|
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||||
|
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||||
|
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||||
|
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||||
|
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||||
|
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||||
|
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||||
|
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||||
|
=TXST
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||||
|
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||||
|
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||||
|
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||||
|
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||||
|
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||||
|
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||||
|
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||||
|
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||||
|
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||||
|
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||||
|
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||||
|
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||||
|
=bF9b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||||
|
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||||
|
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||||
|
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||||
|
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||||
|
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||||
|
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||||
|
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||||
|
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||||
|
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||||
|
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||||
|
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||||
|
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||||
|
=n6cE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,25 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEQTCCAqmgAwIBAgIUJnvJP3vy1FrGBmP3zN/Q6le9D5owDQYJKoZIhvcNAQEM
|
||||||
|
BQAwOjE4MDYGA1UEAwwvZWI2ZjdjZmItNjBkNy00ZTg2LTlmN2UtYTliMmU5MDdk
|
||||||
|
YWUyIFByb2plY3QgQ0EwHhcNMjMwNTEyMDMzMTA3WhcNMzMwNTA5MDMzMTA3WjA6
|
||||||
|
MTgwNgYDVQQDDC9lYjZmN2NmYi02MGQ3LTRlODYtOWY3ZS1hOWIyZTkwN2RhZTIg
|
||||||
|
UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAO41H/hV
|
||||||
|
eJYfE+b0aMPj1vLhefmGkdjD5N3HD1StaL95bjiB7U73exQenoEZYTW3Ns7+BzHq
|
||||||
|
ffFJwXC3sL8qVxqnNdJy3IkrwJxdmJrj5+KoVUrD8yNbujjQ5q+r0fMRwBwtJYkf
|
||||||
|
78b/mCBP7GOllJim3nG4MMzL1sA/5JaOQEwZgmERmIVJi1RK1k8nGuFKbcr7YW6u
|
||||||
|
vE8VQR77uQIUffokC6tDzhjxDz8eDzZ3lwsnGavCG31nW5Kc6+rg6Kpo097/ZkYf
|
||||||
|
DThwFmGwmP4oT6h2+/LPqsb3OCvFWh5DLHXTa5xvczFwY134o55CW25JNebrTYxc
|
||||||
|
ZnvlE1afgiuKsqGsGmvmnjgxKTNKOhMWKd1gXLmQ6Tt0WrLpIBlAVlh4pn0YtWDm
|
||||||
|
Nz+YcOnQ20O4pZyOntc2TGFmbHqAp5HnmRmtDWWbUQoRRAIsvvUpIGRxWid124gV
|
||||||
|
2h9UxbymVoieFpAjNv6d9Qu9+kKeJ/FOwSq6qatOuI4ILSjG6E1SMeimxQIDAQAB
|
||||||
|
oz8wPTAdBgNVHQ4EFgQUpoMewYjVdrnCuCjW/57GlzlMtdQwDwYDVR0TBAgwBgEB
|
||||||
|
/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBAKRENCIP7KTg2ULy
|
||||||
|
DCuZAvPDzqRwAstmXP54DZOpeMT81c+m9Kq4urM1PMFvPOfiSSlE3wAA1+oX5wyv
|
||||||
|
r4kKgSYqG4QRk4aUfk7NJUQ2yAEtNcwrTc4MSsoFJOJVWdW/E+KNWYKjepg1t2kV
|
||||||
|
4hzZNqnIO05sxVp/Sx0tu5dhn8xPwNTVuDD5VjoC7VweSlq+E2vTNz10VBSHJ9Pm
|
||||||
|
bBJ32kd0lXdYsmy9vGDLa2NrjeTESSBfk8umm2dIbIFxOShHSs/6jHwCGv5WvPpo
|
||||||
|
HoPH69XBnXQuXf+gPltEaAtRwKVqdgMTFQe1gfeK2ddvlzPtGJ1mj+1rPGZApEuV
|
||||||
|
Ax+5Klk+711dhJrRQsI0w1Zl/2CgpKToIVbBe5nLyH2Q7SstcdpfnNcs5+k3iXb/
|
||||||
|
KMUIMP84ScQ+ojUefMntny2SqUFT/CD1IVpOsHFTbKc2ZHUllrDf1p4qopMdiwWj
|
||||||
|
TlnDOh78B94f1O9by4ftQ/g8G5TaKgRsMxrDNy77tCpKy9vR4g==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: matrix-appservice-slack
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
app.kubernetes.io/component: bridge
|
||||||
|
resources:
|
||||||
|
- statefulset.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: digital-ocean-ca
|
||||||
|
files:
|
||||||
|
- files/digital-ocean-ca.crt
|
||||||
|
images:
|
||||||
|
- name: matrixdotorg/matrix-appservice-slack
|
||||||
|
newTag: release-2.1.2
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: slack-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,17 @@
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: appservice-slack
|
||||||
|
spec:
|
||||||
|
publishNotReadyAddresses: true
|
||||||
|
ports:
|
||||||
|
- name: appservice
|
||||||
|
protocol: TCP
|
||||||
|
port: 5858
|
||||||
|
targetPort: 5858
|
||||||
|
- name: rtm
|
||||||
|
protocol: TCP
|
||||||
|
port: 9898
|
||||||
|
targetPort: 9898
|
||||||
|
selector: {}
|
||||||
|
type: ClusterIP
|
|
@ -0,0 +1,38 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: appservice-slack
|
||||||
|
spec:
|
||||||
|
serviceName: matrix-appservice-slack
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: appservice-slack
|
||||||
|
image: matrixdotorg/matrix-appservice-slack
|
||||||
|
env:
|
||||||
|
- name: NODE_EXTRA_CA_CERTS
|
||||||
|
value: /config/digital-ocean-ca.crt
|
||||||
|
ports:
|
||||||
|
- name: appservice
|
||||||
|
containerPort: 5858
|
||||||
|
protocol: TCP
|
||||||
|
- name: rtm
|
||||||
|
containerPort: 9898
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /config/config.yaml
|
||||||
|
subPath: config.yaml
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /config/slack-registration.yaml
|
||||||
|
subPath: slack.yaml
|
||||||
|
- name: digital-ocean-ca
|
||||||
|
mountPath: /config/digital-ocean-ca.crt
|
||||||
|
subPath: digital-ocean-ca.crt
|
||||||
|
volumes:
|
||||||
|
- name: config-secrets
|
||||||
|
secret:
|
||||||
|
secretName: matrix-appservice-slack
|
||||||
|
- name: digital-ocean-ca
|
||||||
|
configMap:
|
||||||
|
name: digital-ocean-ca
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: slack
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
app.kubernetes.io/component: bridge
|
||||||
|
resources:
|
||||||
|
- statefulset.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: slack-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,13 @@
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: mautrix-slack
|
||||||
|
spec:
|
||||||
|
publishNotReadyAddresses: true
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 29335
|
||||||
|
targetPort: 29335
|
||||||
|
selector: {}
|
||||||
|
type: ClusterIP
|
|
@ -0,0 +1,41 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: mautrix-slack-bridge
|
||||||
|
spec:
|
||||||
|
serviceName: mautrix-slack
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: slack-mautrix
|
||||||
|
image: dock.mau.dev/mautrix/slack
|
||||||
|
command:
|
||||||
|
- /usr/bin/mautrix-slack
|
||||||
|
args:
|
||||||
|
- -n
|
||||||
|
- -c
|
||||||
|
- /data/config.yaml
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 29335
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /data/config.yaml
|
||||||
|
subPath: config.yaml
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/mau/live
|
||||||
|
port: http
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 120
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/mau/ready
|
||||||
|
port: http
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
volumes:
|
||||||
|
- name: config-secrets
|
||||||
|
secret:
|
||||||
|
secretName: mautrix-slack-config
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: mautrix-telegram
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
app.kubernetes.io/component: bridge
|
||||||
|
resources:
|
||||||
|
- statefulset.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
images:
|
||||||
|
- name: dock.mau.dev/mautrix/telegram
|
||||||
|
newTag: v0.15.1@sha256:e328dcf5893a3ec782212d9bb008e4f81ac3cf4e3c7abc3a49cf6b277749b32d
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: telegram-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,13 @@
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: mautrix-telegram
|
||||||
|
spec:
|
||||||
|
publishNotReadyAddresses: true
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 29335
|
||||||
|
targetPort: 29335
|
||||||
|
selector: {}
|
||||||
|
type: ClusterIP
|
|
@ -0,0 +1,42 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: mautrix-telegram-bridge
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: telegram-mautrix
|
||||||
|
image: dock.mau.dev/mautrix/telegram
|
||||||
|
command:
|
||||||
|
- python3
|
||||||
|
args:
|
||||||
|
- -m
|
||||||
|
- mautrix_telegram
|
||||||
|
- -n
|
||||||
|
- -c
|
||||||
|
- /data/secrets.yaml
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 29335
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /data/secrets.yaml
|
||||||
|
subPath: config.yaml
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/mau/live
|
||||||
|
port: http
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 120
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/mau/ready
|
||||||
|
port: http
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
volumes:
|
||||||
|
- name: config-secrets
|
||||||
|
secret:
|
||||||
|
secretName: mautrix-telegram
|
|
@ -0,0 +1,118 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
turnserver.conf: ENC[AES256_GCM,data:suQA1LL8JiKemZo1LojR4WYSk5ex5DIv4wyOGjS6gZKGCViqR2uvIBT1DVI/LfIjYjuBDM7NqDOSP/kQxChJDrUksaOCU4Q5uc/eE9zlyP7A/c4Cb8evPQ1JApK2GTzFwz8J5x6S4aa+JpoAB5aTvijfcW131pmQOtz6uanEhuU1As9c9g57nbGGR2lLRx7rYVMqGC2fxg30JJewSjIYWsOJoz6+Y/callulnQKznil7cMYwjiMK/QoVgdsvmW4fjcm8PbBKdBZbh7nDQBcvtrr8lqyMBNl/XOTtU4Ael28YWzDtdbWH1jdJMnMieWxpa2D2XnWNqd0XdYxPwS3HnVHVXSgwOYUQutMyWNBA1wnIaC1sg8Z5lzqE38DzXfA=,iv:8wwzXOMCH4zadAtifiFAbwFEQ7O5CO2ogvCiuEDV8gU=,tag:D04paJjlkzeXmuyLvk4f8w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-01-16T07:13:58Z"
|
||||||
|
mac: ENC[AES256_GCM,data:t8y4z+JQ2ua9KcykwoH2rHi1wsHC0Z1TkxkMZvUenQFxvwNTHC4NghwWGN2kcCDO9SjUb1J3BPobZd/EqSitQ7kTxyeBTa+qcylUIDvCmk9S1ZHVyJKhoQABbJX9raClYV3a3zrk5WNi4obXAHgXGpMdq1cVe53GR/X5z5ury7Q=,iv:x+WQ8t86EOrejNyv0grHSyd1bOpWcoZ/lqmFtFHHR0o=,tag:XuiuZUKe32MjNMg4nx9Kvg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||||
|
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||||
|
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||||
|
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||||
|
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||||
|
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||||
|
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||||
|
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||||
|
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||||
|
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||||
|
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||||
|
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||||
|
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||||
|
=3E6w
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||||
|
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||||
|
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||||
|
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||||
|
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||||
|
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||||
|
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||||
|
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||||
|
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||||
|
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||||
|
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||||
|
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||||
|
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||||
|
=xXRR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||||
|
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||||
|
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||||
|
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||||
|
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||||
|
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||||
|
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||||
|
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||||
|
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||||
|
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||||
|
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||||
|
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||||
|
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||||
|
=TXST
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||||
|
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||||
|
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||||
|
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||||
|
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||||
|
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||||
|
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||||
|
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||||
|
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||||
|
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||||
|
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||||
|
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||||
|
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||||
|
=bF9b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||||
|
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||||
|
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||||
|
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||||
|
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||||
|
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||||
|
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||||
|
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||||
|
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||||
|
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||||
|
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||||
|
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||||
|
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||||
|
=n6cE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,69 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
containers:
|
||||||
|
- name: "coturn"
|
||||||
|
image: coturn/coturn
|
||||||
|
args: ["-c", "/config/turnserver.conf"]
|
||||||
|
ports:
|
||||||
|
- name: turn-3478
|
||||||
|
containerPort: 3478
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49152
|
||||||
|
containerPort: 49152
|
||||||
|
hostPort: 49152
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49153
|
||||||
|
containerPort: 49153
|
||||||
|
hostPort: 49153
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49154
|
||||||
|
containerPort: 49154
|
||||||
|
hostPort: 49154
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49155
|
||||||
|
containerPort: 49155
|
||||||
|
hostPort: 49155
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49156
|
||||||
|
containerPort: 49156
|
||||||
|
hostPort: 49156
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49157
|
||||||
|
containerPort: 49157
|
||||||
|
hostPort: 49157
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49158
|
||||||
|
containerPort: 49158
|
||||||
|
hostPort: 49158
|
||||||
|
protocol: UDP
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config/turnserver.conf
|
||||||
|
subPath: turnserver.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: var-tmp
|
||||||
|
mountPath: /var/tmp
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
# https://github.com/coturn/coturn/issues/994
|
||||||
|
add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
secretName: coturn
|
||||||
|
- name: var-tmp
|
||||||
|
emptyDir: {}
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: coturn
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
resources:
|
||||||
|
- daemonset.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: coturn-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- targetPort: turn-3478
|
||||||
|
name: turn-3478
|
||||||
|
port: 3478
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49152
|
||||||
|
name: turn-49152
|
||||||
|
port: 49152
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49153
|
||||||
|
name: turn-49153
|
||||||
|
port: 49153
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49154
|
||||||
|
name: turn-49154
|
||||||
|
port: 49154
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49155
|
||||||
|
name: turn-49155
|
||||||
|
port: 49155
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49156
|
||||||
|
name: turn-49156
|
||||||
|
port: 49156
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49157
|
||||||
|
name: turn-49157
|
||||||
|
port: 49157
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49158
|
||||||
|
name: turn-49158
|
||||||
|
port: 49158
|
||||||
|
protocol: UDP
|
|
@ -0,0 +1,61 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: element-web
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
containers:
|
||||||
|
- name: element-web
|
||||||
|
image: vectorim/element-web
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8080
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /app/config.json
|
||||||
|
name: config
|
||||||
|
subPath: config.json
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /etc/nginx/nginx.conf
|
||||||
|
name: config
|
||||||
|
subPath: nginx.conf
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /etc/nginx/conf.d/default.conf
|
||||||
|
name: config
|
||||||
|
subPath: default.conf
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /var/cache/nginx
|
||||||
|
name: ephemeral
|
||||||
|
subPath: cache
|
||||||
|
- mountPath: /var/run/pid
|
||||||
|
name: ephemeral
|
||||||
|
subPath: pid
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
startupProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: element-web-config
|
||||||
|
- name: ephemeral
|
||||||
|
emptyDir: {}
|
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": "https://matrix.distrust.co",
|
||||||
|
"server_name": "distrust.co"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"brand": "Distrust Chat",
|
||||||
|
"branding": {
|
||||||
|
"default_theme": "dark"
|
||||||
|
},
|
||||||
|
"showLabsSettings": true,
|
||||||
|
"features": {
|
||||||
|
"feature_new_spinner": true,
|
||||||
|
"feature_pinning": true,
|
||||||
|
"feature_custom_status": true,
|
||||||
|
"feature_custom_tags": true,
|
||||||
|
"feature_state_counters": true,
|
||||||
|
"feature_many_integration_managers": true,
|
||||||
|
"feature_mjolnir": true,
|
||||||
|
"feature_dm_verification": true,
|
||||||
|
"feature_bridge_state": true,
|
||||||
|
"feature_presence_in_room_list": true,
|
||||||
|
"feature_custom_themes": true,
|
||||||
|
"feature_oidc_native_flow": true
|
||||||
|
},
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": [
|
||||||
|
"matrix.org",
|
||||||
|
"distrust.co"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"integrations_ui_url": "https://scalar.vector.im/",
|
||||||
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||||
|
"integrations_widgets_urls": [
|
||||||
|
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar.vector.im/api",
|
||||||
|
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||||
|
"https://scalar-staging.vector.im/api",
|
||||||
|
"https://scalar-staging.riot.im/scalar/api"
|
||||||
|
],
|
||||||
|
"defaultCountryCode": "EN",
|
||||||
|
"default_theme": "dark"
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
listen 8080;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
#charset koi8-r;
|
||||||
|
#access_log /var/log/nginx/host.access.log main;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
#error_page 404 /404.html;
|
||||||
|
|
||||||
|
# redirect server error pages to the static page /50x.html
|
||||||
|
#
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# proxy_pass http://127.0.0.1;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# root html;
|
||||||
|
# fastcgi_pass 127.0.0.1:9000;
|
||||||
|
# fastcgi_index index.php;
|
||||||
|
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||||
|
# include fastcgi_params;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# deny access to .htaccess files, if Apache's document root
|
||||||
|
# concurs with nginx's one
|
||||||
|
#
|
||||||
|
#location ~ /\.ht {
|
||||||
|
# deny all;
|
||||||
|
#}
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
worker_processes auto;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/pid/nginx.pid;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: element-web
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
resources:
|
||||||
|
- deployment.yaml
|
||||||
|
- service.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: element-web-config
|
||||||
|
files:
|
||||||
|
- files/config.json
|
||||||
|
- files/nginx.conf
|
||||||
|
- files/default.conf
|
||||||
|
images:
|
||||||
|
- name: vectorim/element-web
|
||||||
|
newTag: v1.11.67@sha256:5dcccfdebc05852e835de3fbb36d34cd34de2776724f0c8c50167d5da382e8ae
|
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: element-web
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: default
|
||||||
|
protocol: TCP
|
||||||
|
port: 80
|
||||||
|
targetPort: http
|
|
@ -0,0 +1,152 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: matrix
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- matrix.distrust.co
|
||||||
|
secretName: matrix-distrust-co-tls
|
||||||
|
- hosts:
|
||||||
|
- matrix-fed.distrust.co
|
||||||
|
secretName: matrix-fed-distrust-co-tls
|
||||||
|
rules:
|
||||||
|
- host: matrix.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: synapse
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: matrix-fed.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /_matrix/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: synapse
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: matrix-media-repo
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: 110m
|
||||||
|
# This combination of configurations allows for the media-repo to function
|
||||||
|
# properly
|
||||||
|
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
more_set_input_headers 'Host: distrust.co';
|
||||||
|
more_set_input_headers 'X-Forwarded-Host: distrust.co';
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- matrix.distrust.co
|
||||||
|
secretName: matrix-distrust-co-tls
|
||||||
|
rules:
|
||||||
|
- host: matrix.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /_matrix/media/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: media-repo
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
- host: matrix-fed.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /_matrix/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: synapse
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: element-web
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: element-web
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- chat.distrust.co
|
||||||
|
secretName: element-distrust-co-tls
|
||||||
|
rules:
|
||||||
|
- host: chat.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: element-web
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: appservice-slack
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: appservice-slack
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- slack-bridge.matrix.distrust.co
|
||||||
|
secretName: slack-bridge-matrix-distrust-co-tls
|
||||||
|
rules:
|
||||||
|
- host: slack-bridge.matrix.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: appservice-slack
|
||||||
|
port:
|
||||||
|
name: rtm
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: matrix
|
||||||
|
resources:
|
||||||
|
- synapse
|
||||||
|
- coturn
|
||||||
|
- element
|
||||||
|
- matrix-media-repo
|
||||||
|
- bridges/matrix-appservice-slack
|
||||||
|
- bridges/mautrix-telegram
|
||||||
|
- ingress.yaml
|
||||||
|
images:
|
||||||
|
- name: matrixdotdog/synapse
|
||||||
|
newTag: v1.98.0@sha256:8d962e48a1d88d2fb646c82b1babf4dd0ed765b21a4cf15600d77e90e46dc413
|
||||||
|
- name: coturn/coturn
|
||||||
|
newTag: 4.6.2@sha256:9a5d44d1aebf28f1a96de4595bbab3eadc1ebd6bda705ca040df907f353f9fb2
|
||||||
|
- name: dock.mau.dev/mautrix/slack
|
||||||
|
newTag: 4530ff397d08d93b673cd71da4c2a75d969ca0df-amd64@sha256:7db11f874c655dd8be77a75fb07bd6071cc0d7e92bc564e1397f5b2e0e1883c7
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,41 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: matrix-media-repo
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
# This does not currently work as there are some weird expectations on
|
||||||
|
# run scripts as running as non-root
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
containers:
|
||||||
|
- name: media-repo
|
||||||
|
image: drgrove/matrix-media-repo
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8000
|
||||||
|
protocol: TCP
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9000
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /home/user/media/
|
||||||
|
name: ephemeral
|
||||||
|
- mountPath: /home/user/config/media-repo.yaml
|
||||||
|
name: config
|
||||||
|
subPath: config.yaml
|
||||||
|
readOnly: true
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
# Right now setting this to true is not possible
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
secretName: mmr-config
|
||||||
|
- name: ephemeral
|
||||||
|
emptyDir: {}
|
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: media-repo
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
resources:
|
||||||
|
- deployment.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
images:
|
||||||
|
- name: turt2live/matrix-media-repo
|
||||||
|
newTag: v1.3.3@sha256:59cf338753598af400919caf332c92dd0e8e6c6e6e5d18270e52552c7c1e3c4b
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: telegram-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: media-repo
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 8000
|
||||||
|
targetPort: http
|
||||||
|
- name: metrics
|
||||||
|
protocol: TCP
|
||||||
|
port: 9000
|
||||||
|
targetPort: metrics
|
|
@ -0,0 +1,122 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: config
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
homeserver.yaml: ENC[AES256_GCM,data:9O2YODDpJf6FzX6DojwGaIYkRs99K/GP+HCBCb4PO5fNJPmyEaN3DllpZjSn1WlgMIMi46gs7wfZJjoJRVz5wq+owwmZw+4lrAnYN8niNKcYoakuHn57WSzlrrqZDMY5i0VKZ1S+QATGll5Wl19AjHIuVEbJ5nQeeORVq+n7voG4/MX3PcZINjKdr4PnTwCx21TrPb9lRunH+oGhbHjMvx4yxNzqOvrvuFMSqkC/lDWrrSfCcn14qbLhq//OAk+c49IUkHTjJVbaK4mx1dbi7LA3rsZmb5cM9iFLPImWZnlpGM3SZasO91paiV8EaH+EkyA/4TpWODi+0KCiwVrLnOxEvmx6NweGOIaWgk04DgFomD468F1i0VVksk5/FwM8QvS8cIZ6Wqk/mAtbki5pnpvSZMrWXV4WSja+IcpoPYZjYdzttiHhxqoQ9Kkka3AqPEm1Nj6ggYtgjfE78dWVxN0jcKTXLV6C2T59jqpwyT9zmIpTJZ6AbZL6hafBprJenwD4mUO+pGzW1zs2nzDDr49nRSLtnRub5ecdYgZTPoInxxJYqbgZIjCYfwc7Y49JeSxklQXspCYZf+xmS0O4w8FzgwWYKCcajju4cRKHe46oN6QUftcmJILyt4LVSCuKzGsIKRnPazPKWqPUDjAs7j/i+jCha6gIctF5wvihfrCXHqD0gHa92kR/M581C6Ch2LFTupyUZtyZEbE+Y1oPlYyn2psBohVm/izl96QKuX7Ujco5Iahf7A55CTMuoBqXtvhpNwZVcmLf3SWiFTN2LfrkG2rXarvq+2TsgMcFeNia094Yk0gISR8UTu7uhhKuoPoFMN+3cCnXqiqMHoehbT9KyV7QuXG+M/jvGnUKPeTtp/Grmd4arvLpFp9UKAXbVkvFCFyTW+562qRnh0Int88ycr6FBdQl1HTN+mQfz4lNLxNomxu+0iDMaNP0+YTncSRragpjV267IUvWzzu5Dl1StD8YUZ2/J+66helA3IGBVlIqoeoAJyrP+GNuhwInTFVBlVxDyn8N/VqJuFw3B8c2W7BX6+68asZROeaTHDu2rYfxVWhGss7oKTxz4RdiK510tLh5OtI7M5f2b8gnhqwTbsiHM4UaCXGP4JdmIsyLcUEeg9K1jQx/LsYCBi9ZaegzbhIvgi3r12495Fzw5gWfZ5Xsf7gvQYR41A==,iv:QemGZaVH7IHvLdTjhr+R7FMyuJlGk9UsZMn5aILwwNg=,tag:N3dCm2v044ZrOgPjWSrjuw==,type:str]
|
||||||
|
mautrix-slack-bridge.yaml: ENC[AES256_GCM,data:7prhlEl/Ftf2CJWX67OF36fU386C5aGtrG45ofQCepBlI1Chi9ntswRd4VmiOnEt3vepgy4WFPRrAGu+1ycvILgCztK/2hFhEEmnf6vOlNkddXhkyuB9AgOTeCZ/ieTFXw0kErmaAvFwCkdp/SZIh+rqOTGk/3QoPqv7+1mLTxyuUOGeKlizs+4AfzFqpommfQNC2ZPpbOCtih/OZty+nbleyYnwBCyiIEOSI/to8m2aAIlg69fIT6cOwj4xiglO5dovXtr3Qe0VqkxBPOzD+1T5cFl2Q6zW0pFI320lP9MDwif92l8tTUEh12io6QtI5vQj7sNOoJ1FtnJwToL1V/vjESjl5MN1+LpZVicX4V2fUevJbms+7HUJFz4hETv1x/9tNmGSm5blZBz3qtUBJM/mRyBhnznjok0E9EXbGI6ox9O8scsvmXSYnkZHgFTXerqY/DmWmfFenWJLopNy7x1YNXUyb9z90//shUK5/Knau/YcCAKkDmzg6RObgHjkdCx/lfVePIkdKqrwS52lL5+CCgIKDVQm7Ds58E/0b+84N/6FWCwy5YV1+1R0SEywgVQ1WzjxJnR/Yg80tKQVqAzroFO5RWhffQEAyp3YQSURVQiZw4L89UXrfSvDvXu85olcGq1rXWGrDHgZSo7NKCbEQ29q8LsDgw==,iv:GyV3W2Rl+0T3pwrV1/Qv3OV4gYb8btnHMu340brhEcw=,tag:xRywHK6w5TfUdZTfS9XYhw==,type:str]
|
||||||
|
mautrix-telegram-bridge.yaml: ENC[AES256_GCM,data:WI3qnnmTi6/k0BdVOLFndk9nQPlBXMwvB+JAg68Q8o6eUjaFGQ3UzitmexxmX5JK70G6ZdCmqsfsut2M2eGGxYH4FrwP8nMIz/vtD1IeXciu7IFmNOptNC5NZI41C7UP+OO21SFPeu+tWblu8qa3+OrJOQaL+GLLnRDDk21w6HTR2vvRieTy4c8NSC2XYhoiplZ7Z1FIRKTO75jjQN/L8bGVM3a0nNCmi8cGt+LPtyJBv7Espr3l1kUhiLMUxVK2zeP5HRgXWxB9UeUdqdJa8Yfz8QPHQmroOTMsmXLnocM8LVPOleSWLrYfKvML22g1oTesR5LxazdIc5BRL3upPwz7AO6nOcOKNZVuyVUUmrg2wNscKs6r5LDBJzsNxte4OEtzygpVAjHyiAqYU61atycVzYgfziY7cy0dUmkhikyBfmO5mVFP2YkEINtPkX7tJW4E5s2vqRP8L0PB3rwqBPQPHr3llsUQf1rKLjEThwEcWc1OBgDaZJiRxUd/P5m2lMvdh+hW6y8gDNURtY5uwSh7k7DNJ8n6MSzX8ZnhBAsuwg9tXU0YwgR+uT14D3xsGfUJDYTKpsr5ejY4adbQjOMzgbhadz8iKbZdr8cWVPotBIR76SaGgRXqITWl5ygf1N0PVkgzrkTxdLmIv+7ttqndblkjyW/2W5NvY3iU+skC+GZpgLNDEmGGkmITpBIfxEEYBLNQZynD+NaA9hiATr+TVzAcp760FSOqbFLeDMx3YOpbcNQ77FdPq6qcCPxfe1nstzlQixjf4cEpdfuQWkFZIrlV4EBYh/WNH0VP,iv:7PhPWul/rDWEJB5ecn0myPMwbC6akihS0xZEvyeEB9s=,tag:TMAusZ7EneDQgLsthzaL8w==,type:str]
|
||||||
|
doublepuppet.yaml: ENC[AES256_GCM,data:bA8r1TZECeDxIuUxkBcM0MOFdplcB5wus7KEir7LfPWFA06aUCz5o2BU/YKSzf5NlEtwQLlCiaDdONPPfLMvjHxaXBfyd2YCIoqeP7GCCqRnfZE4zaY2QajrUkBZQV9DAvf23Mt9Zw6ByLUHWIGvB95WOGHXxKeyDo0jnUgDWu+Osm+UIkbYKEOBw/rF3NOAUBQxxh9AlxwU/IUMV3++dhbGaTF46RN7FF/XLUJ4d3zt/f9r/UUrPwksiyUFyDRjRuV0ABn0aLneeJhcL2H4MeFnkjuRie9t292ief1UGbbqZnSMSuh//V7UrxKJw3o/asVRQQkxJOVQfAa6TUcBq/kxhuYXDBg1mAFD8/RGmA6pjJGH5+q9Cqaqmj6PgLRU+HS2iZnkkz6FRK6GmSAXu1vcwB0GC6NkLXU75B8j+3b8DV+rM6boKzQgAVNT+McCm0Zg2DdtMvQ//Qqetg8AXOvHXSJZ/zU7HsM42fm8Zk49uF6abKY=,iv:227zkv9T+yoycJNumdo0rV44ngXlM5hYu/1kRBj93r0=,tag:yQq2Aiw2sB4kmp/CeJ0G3g==,type:str]
|
||||||
|
appservice-matrix-bridge.yaml: ENC[AES256_GCM,data:D7v8HJ1UbN/LI0OQ/VZnMqELIE7C2WiaxNYEGZJg6e0zV7sZ+xV16nQkrfmVEHbIfEsdf/LlmEZmf5JTrqfVi4LPAL9zFYwvJAOKTLmjqKWJSUS+qLqzBgoHwuwvn2qWnZjCDDuqQ8h+L8hDcLoI+GOW805icJxrg3ZX8zrVFldoG23YV9WhPQwnTbpi5LRDGMWWDTxxOFt6/ZgLyRTRAs8D601VEAI7ulyMPsIPZzKOx1aBIWb5VzmP+BKcWj8yYTR6UhFg0ac9a7Kb/U8u/soBRnBLmSEFnL6pVrv2utsyS4SdZNaSZN/PZtgxctdvPFYo/fGH+iFeYWZ11izyaTUngSgOvGTwvdEkn98wd2hwKnM0HvOOm28VX76/2wTiqU0e301AD5ouUKvvTFqJqqowQJp5DD5DX4BZ0jS6n9+QsH8MfeSP89ZgKIhNvHQ8KAnm1yJu5nEvaOt7NVkEL9CVFtrymDqRCCS3/FMVYBtq4bjJsrQ6yXqIzSPH,iv:Kv4eGx1vFgs+sV6iwBZD/nR0h2GzLKqjNJmgsRldNrY=,tag:QGmJZUhn23c1pez9+MCrfg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-03-31T21:34:41Z"
|
||||||
|
mac: ENC[AES256_GCM,data:RZ0jexcJq46ByhdZsG/Ab1ONc0cie8UAY7e5pw4+3IZmh1Zgg41vz1+sbitIUVC1tFjND7Jo0Ess+agS7/b45JZU0rta9rKp7WhCOtAVhBO+BDXmRKMtWynd/TSxoBdUtHG+AlGAoPRmz/4HjUMDoeO0CFoa/jR5Ajfv/xrSa2o=,iv:W/XuQZ8Ju6pv3E/b+0ugDsg9J/FXw0ixfFwLNlmLgxQ=,tag:W+xjNY+AJdZb+dxUrvLosQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||||
|
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||||
|
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||||
|
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||||
|
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||||
|
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||||
|
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||||
|
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||||
|
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||||
|
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||||
|
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||||
|
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||||
|
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||||
|
=3E6w
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||||
|
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||||
|
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||||
|
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||||
|
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||||
|
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||||
|
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||||
|
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||||
|
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||||
|
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||||
|
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||||
|
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||||
|
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||||
|
=xXRR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||||
|
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||||
|
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||||
|
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||||
|
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||||
|
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||||
|
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||||
|
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||||
|
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||||
|
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||||
|
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||||
|
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||||
|
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||||
|
=TXST
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||||
|
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||||
|
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||||
|
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||||
|
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||||
|
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||||
|
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||||
|
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||||
|
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||||
|
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||||
|
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||||
|
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||||
|
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||||
|
=bF9b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||||
|
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||||
|
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||||
|
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||||
|
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||||
|
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||||
|
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||||
|
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||||
|
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||||
|
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||||
|
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||||
|
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||||
|
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||||
|
=n6cE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,101 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: synapse
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: synapse
|
||||||
|
args:
|
||||||
|
- run
|
||||||
|
- --config-path
|
||||||
|
- /config/homeserver.yaml
|
||||||
|
- --config-path
|
||||||
|
- /config/secrets.yaml
|
||||||
|
env:
|
||||||
|
- name: SYNAPSE_CACHE_FACTOR
|
||||||
|
value: "5.00"
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8008
|
||||||
|
protocol: TCP
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9002
|
||||||
|
protocol: TCP
|
||||||
|
image: matrixdotorg/synapse
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/client/versions
|
||||||
|
port: 8008
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 120
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /_matrix/client/versions
|
||||||
|
port: 8008
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
resources:
|
||||||
|
# These are just some arbitrary values, will have to be tuned or removed per-deployment
|
||||||
|
requests:
|
||||||
|
memory: 1Gi
|
||||||
|
cpu: 1000m
|
||||||
|
limits:
|
||||||
|
memory: 1Gi
|
||||||
|
cpu: 1
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /data
|
||||||
|
- name: keys
|
||||||
|
mountPath: /config/keys
|
||||||
|
- name: config
|
||||||
|
mountPath: /config/homeserver.yaml
|
||||||
|
subPath: homeserver.yaml
|
||||||
|
- name: config
|
||||||
|
mountPath: /usr/local/lib/python3.11/site-packages/shared_secret_authenticator.py
|
||||||
|
subPath: shared_secret_authenticator.py
|
||||||
|
- name: log-config
|
||||||
|
mountPath: /config/log.config
|
||||||
|
subPath: log.config
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /config/secrets.yaml
|
||||||
|
subPath: homeserver.yaml
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /bridges/mautrix-slack-bridge.yaml
|
||||||
|
subPath: mautrix-slack-bridge.yaml
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /bridges/mautrix-telegram-bridge.yaml
|
||||||
|
subPath: mautrix-telegram-bridge.yaml
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /bridges/appservice-matrix-bridge.yaml
|
||||||
|
subPath: appservice-matrix-bridge.yaml
|
||||||
|
- name: config-secrets
|
||||||
|
mountPath: /bridges/doublepuppet.yaml
|
||||||
|
subPath: doublepuppet.yaml
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
restartPolicy: Always
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
volumes:
|
||||||
|
# Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo
|
||||||
|
- name: data
|
||||||
|
emptyDir: {}
|
||||||
|
- name: tmp
|
||||||
|
emptyDir: {}
|
||||||
|
- name: keys
|
||||||
|
secret:
|
||||||
|
secretName: signing-key
|
||||||
|
- name: config-secrets
|
||||||
|
secret:
|
||||||
|
secretName: config
|
||||||
|
- configMap:
|
||||||
|
name: synapse
|
||||||
|
name: config
|
||||||
|
- configMap:
|
||||||
|
name: synapse-log
|
||||||
|
name: log-config
|
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: synapse-federation
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
|
@ -0,0 +1,98 @@
|
||||||
|
# Configuration file for Synapse.
|
||||||
|
#
|
||||||
|
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
||||||
|
# that *indentation is important*: all the elements of a list or dictionary
|
||||||
|
# should have the same indentation.
|
||||||
|
#
|
||||||
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
||||||
|
#
|
||||||
|
# For more information on how to configure Synapse, including a complete accounting of
|
||||||
|
# each option, go to docs/usage/configuration/config_documentation.md or
|
||||||
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
||||||
|
server_name: "distrust.co"
|
||||||
|
pid_file: /data/homeserver.pid
|
||||||
|
use_presense: true
|
||||||
|
enable_search: true
|
||||||
|
public_baseurl: "https://matrix.distrust.co"
|
||||||
|
|
||||||
|
# Homeserver blocking
|
||||||
|
# Set to true to globally block access to the homeserver
|
||||||
|
hs_disabled: false
|
||||||
|
hs_disalbed_message: "Homeserver is not currently accessible"
|
||||||
|
|
||||||
|
# Federation
|
||||||
|
allow_public_rooms_over_federation: true
|
||||||
|
# federation_domain_whitelist: []
|
||||||
|
federation_ip_range_blacklist:
|
||||||
|
- '127.0.0.0/8'
|
||||||
|
- '10.0.0.0/8'
|
||||||
|
- '172.16.0.0/12'
|
||||||
|
- '192.168.0.0/16'
|
||||||
|
- '100.64.0.0/10'
|
||||||
|
- '169.254.0.0/16'
|
||||||
|
- '::1/128'
|
||||||
|
- 'fe80::/64'
|
||||||
|
- 'fc00::/7'
|
||||||
|
|
||||||
|
# Listeners
|
||||||
|
listeners:
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
type: http
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [client, federation]
|
||||||
|
compress: false
|
||||||
|
- port: 9002
|
||||||
|
type: metrics
|
||||||
|
resources:
|
||||||
|
- name: [metrics]
|
||||||
|
compress: true
|
||||||
|
|
||||||
|
# Rate Limit
|
||||||
|
rc_invites:
|
||||||
|
per_room:
|
||||||
|
burst_count: 200
|
||||||
|
per_user:
|
||||||
|
burst_count: 200
|
||||||
|
rc_joins:
|
||||||
|
local:
|
||||||
|
burst_count: 200
|
||||||
|
remote:
|
||||||
|
burst_count: 200
|
||||||
|
rc_joins_per_user:
|
||||||
|
burst_count: 200
|
||||||
|
|
||||||
|
# Registration
|
||||||
|
registration:
|
||||||
|
enabled: false
|
||||||
|
allowGuests: false
|
||||||
|
autoJoinRooms: []
|
||||||
|
|
||||||
|
# This is handled by Cert Manager
|
||||||
|
acme:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Bridges
|
||||||
|
app_service_config_files:
|
||||||
|
- /bridges/appservice-matrix-bridge.yaml
|
||||||
|
- /bridges/mautrix-telegram-bridge.yaml
|
||||||
|
- /bridges/mautrix-slack-bridge.yaml
|
||||||
|
- /bridges/doublepuppet.yaml
|
||||||
|
|
||||||
|
# Turn
|
||||||
|
turn_user_lifetime: 1h
|
||||||
|
turn_allow_guests: true
|
||||||
|
|
||||||
|
# Metrics/Telemetry
|
||||||
|
enable_metrics: true
|
||||||
|
report_stats: false
|
||||||
|
|
||||||
|
admin_email: "mailto:matrix@distrust.co"
|
||||||
|
|
||||||
|
log_config: "/config/log.config"
|
||||||
|
media_store_path: /data/media_store
|
||||||
|
signing_key_path: "/config/keys/signing.key"
|
||||||
|
trusted_key_servers:
|
||||||
|
- server_name: "matrix.org"
|
||||||
|
# vim:ft=yaml
|
|
@ -0,0 +1,31 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
# This is just here so we can leave `loggers` in the config regardless of whether
|
||||||
|
# we configure other loggers below (avoid empty yaml dict error).
|
||||||
|
_placeholder:
|
||||||
|
level: "INFO"
|
||||||
|
|
||||||
|
shared_secret_authenticator:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers: [console]
|
||||||
|
|
||||||
|
|
||||||
|
disable_existing_loggers: false
|
|
@ -0,0 +1,123 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# Shared Secret Authenticator module for Matrix Synapse
|
||||||
|
# Copyright (C) 2018 Slavi Pantaleev
|
||||||
|
#
|
||||||
|
# https://devture.com/
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
from typing import Awaitable, Callable, Optional, Tuple
|
||||||
|
|
||||||
|
import hashlib
|
||||||
|
import hmac
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import synapse
|
||||||
|
from synapse import module_api
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
class SharedSecretAuthProvider:
|
||||||
|
def __init__(self, config: dict, api: module_api):
|
||||||
|
for k in ('shared_secret',):
|
||||||
|
if k not in config:
|
||||||
|
raise KeyError('Required `{0}` configuration key not found'.format(k))
|
||||||
|
|
||||||
|
m_login_password_support_enabled = bool(config['m_login_password_support_enabled']) if 'm_login_password_support_enabled' in config else False
|
||||||
|
com_devture_shared_secret_auth_support_enabled = bool(config['com_devture_shared_secret_auth_support_enabled']) if 'com_devture_shared_secret_auth_support_enabled' in config else True
|
||||||
|
|
||||||
|
self.api = api
|
||||||
|
self.shared_secret = config['shared_secret']
|
||||||
|
|
||||||
|
auth_checkers: Optional[Dict[Tuple[str, Tuple], CHECK_AUTH_CALLBACK]] = {}
|
||||||
|
if com_devture_shared_secret_auth_support_enabled:
|
||||||
|
auth_checkers[("com.devture.shared_secret_auth", ("token",))] = self.check_com_devture_shared_secret_auth
|
||||||
|
if m_login_password_support_enabled:
|
||||||
|
auth_checkers[("m.login.password", ("password",))] = self.check_m_login_password
|
||||||
|
|
||||||
|
enabled_login_types = [k[0] for k in auth_checkers]
|
||||||
|
|
||||||
|
if len(enabled_login_types) == 0:
|
||||||
|
raise RuntimeError('At least one login type must be enabled')
|
||||||
|
|
||||||
|
logger.info('Enabled login types: %s', enabled_login_types)
|
||||||
|
|
||||||
|
api.register_password_auth_provider_callbacks(
|
||||||
|
auth_checkers=auth_checkers,
|
||||||
|
)
|
||||||
|
|
||||||
|
async def check_com_devture_shared_secret_auth(
|
||||||
|
self,
|
||||||
|
username: str,
|
||||||
|
login_type: str,
|
||||||
|
login_dict: "synapse.module_api.JsonDict",
|
||||||
|
) -> Optional[
|
||||||
|
Tuple[
|
||||||
|
str,
|
||||||
|
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||||
|
]
|
||||||
|
]:
|
||||||
|
if login_type != "com.devture.shared_secret_auth":
|
||||||
|
return None
|
||||||
|
return await self._log_in_username_with_token("com.devture.shared_secret_auth", username, login_dict.get("token"))
|
||||||
|
|
||||||
|
async def check_m_login_password(
|
||||||
|
self,
|
||||||
|
username: str,
|
||||||
|
login_type: str,
|
||||||
|
login_dict: "synapse.module_api.JsonDict",
|
||||||
|
) -> Optional[
|
||||||
|
Tuple[
|
||||||
|
str,
|
||||||
|
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||||
|
]
|
||||||
|
]:
|
||||||
|
if login_type != "m.login.password":
|
||||||
|
return None
|
||||||
|
return await self._log_in_username_with_token("m.login.password", username, login_dict.get("password"))
|
||||||
|
|
||||||
|
async def _log_in_username_with_token(
|
||||||
|
self,
|
||||||
|
login_type: str,
|
||||||
|
username: str,
|
||||||
|
token: str,
|
||||||
|
) -> Optional[
|
||||||
|
Tuple[
|
||||||
|
str,
|
||||||
|
Optional[Callable[["synapse.module_api.LoginResponse"], Awaitable[None]]],
|
||||||
|
]
|
||||||
|
]:
|
||||||
|
logger.info('Authenticating user `%s` with login type `%s`', username, login_type)
|
||||||
|
|
||||||
|
full_user_id = self.api.get_qualified_user_id(username)
|
||||||
|
|
||||||
|
# The password (token) is supposed to be an HMAC of the full user id, keyed with the shared secret.
|
||||||
|
given_hmac = token.encode('utf-8')
|
||||||
|
|
||||||
|
h = hmac.new(self.shared_secret.encode('utf-8'), full_user_id.encode('utf-8'), hashlib.sha512)
|
||||||
|
computed_hmac = h.hexdigest().encode('utf-8')
|
||||||
|
|
||||||
|
if not hmac.compare_digest(computed_hmac, given_hmac):
|
||||||
|
logger.info('Bad hmac value for user: %s', full_user_id)
|
||||||
|
return None
|
||||||
|
|
||||||
|
user_info = await self.api.get_userinfo_by_id(full_user_id)
|
||||||
|
if user_info is None:
|
||||||
|
logger.info('Refusing to authenticate missing user: %s', full_user_id)
|
||||||
|
return None
|
||||||
|
|
||||||
|
logger.info('Authenticated user: %s', full_user_id)
|
||||||
|
|
||||||
|
return full_user_id, None
|
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: synapse
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
resources:
|
||||||
|
- deployment.yaml
|
||||||
|
- federation-service.yaml
|
||||||
|
- service.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- files:
|
||||||
|
- files/homeserver.yaml
|
||||||
|
- files/shared_secret_authenticator.py
|
||||||
|
name: synapse
|
||||||
|
- files:
|
||||||
|
- files/log.config
|
||||||
|
name: synapse-log
|
||||||
|
generators:
|
||||||
|
- secret-generator.yml
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: matrix
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: sydent-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
||||||
|
- secret-key.enc.yaml
|
|
@ -0,0 +1,118 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: signing-key
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
signing.key: ENC[AES256_GCM,data:yrRjsuapmgDgBNNXGO9YyuZtkZaFPDg80SuJgdYWS3grCnN/hmkQ5x2icAf5i4f6TjAOreYxJYzRwQ==,iv:0ww6IrM9oY47ex1zYRULQx7TdATJ9odkk5k95yDo0ms=,tag:4/MjSSY2SltTuPtMtCRUtw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-01-22T05:45:47Z"
|
||||||
|
mac: ENC[AES256_GCM,data:GitHfIeAeu4g0bf1obvjd0TS6j5AZ0qo00i4mwIL3MKtCVa3dLfGkx4dE9SD0NZqBMpHdZTWnns145uCXnJTVdyLAlz54AuG/bn7eO642SghLpUvhyhH+c+xxQF2c3UJiR7TBdjJBh0BUBSO/yOBB0ondzocW9T1hDg/ExBjeo8=,iv:77yhCNc2cJ7/uuXOEma5LEyU0YIJSQiw4IYLLASli04=,tag:41IvCCKLfQZUNHsv6DvMsA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||||
|
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||||
|
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||||
|
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||||
|
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||||
|
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||||
|
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||||
|
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||||
|
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||||
|
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||||
|
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||||
|
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||||
|
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||||
|
=3E6w
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||||
|
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||||
|
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||||
|
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||||
|
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||||
|
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||||
|
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||||
|
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||||
|
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||||
|
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||||
|
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||||
|
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||||
|
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||||
|
=xXRR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||||
|
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||||
|
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||||
|
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||||
|
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||||
|
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||||
|
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||||
|
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||||
|
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||||
|
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||||
|
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||||
|
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||||
|
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||||
|
=TXST
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||||
|
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||||
|
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||||
|
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||||
|
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||||
|
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||||
|
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||||
|
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||||
|
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||||
|
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||||
|
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||||
|
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||||
|
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||||
|
=bF9b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||||
|
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||||
|
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||||
|
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||||
|
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||||
|
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||||
|
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||||
|
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||||
|
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||||
|
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||||
|
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||||
|
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||||
|
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||||
|
=n6cE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,16 @@
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: synapse
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 8008
|
||||||
|
targetPort: 8008
|
||||||
|
- name: https
|
||||||
|
protocol: TCP
|
||||||
|
port: 8448
|
||||||
|
targetPort: 8448
|
||||||
|
selector: {}
|
||||||
|
type: ClusterIP
|
|
@ -1 +1 @@
|
||||||
Subproject commit 23fc267a9dfdda30ba4287f8234879961722bafb
|
Subproject commit a2315fdbc8cd0e4a654d1aa4623a53d5292b3574
|
|
@ -39,23 +39,34 @@ resource "digitalocean_database_user" "default_users" {
|
||||||
name = each.key
|
name = each.key
|
||||||
|
|
||||||
provisioner "local-exec" {
|
provisioner "local-exec" {
|
||||||
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key};"
|
command = var.dbcli_name == "psql" ? "GRANT ALL ON DATABASE ${each.key} TO ${each.key};" : "GRANT ALL PRIVILEGES ON ${each.key} TO '${each.key}'@'%';"
|
||||||
interpreter = [
|
interpreter = var.dbcli_name == "psql" ? [
|
||||||
"psql",
|
"${var.dbcli_name}",
|
||||||
"-v", "ON_ERROR_STOP=1",
|
|
||||||
"${local.base_connection_string}/${each.key}",
|
"${local.base_connection_string}/${each.key}",
|
||||||
"-c"
|
"-c"
|
||||||
|
] : [
|
||||||
|
"${var.dbcli_name}",
|
||||||
|
"-u",
|
||||||
|
"${digitalocean_database_cluster.main.user}",
|
||||||
|
"-p",
|
||||||
|
"-h",
|
||||||
|
"${digitalocean_database_cluster.main.host}",
|
||||||
|
"-P",
|
||||||
|
"25060",
|
||||||
|
"-D",
|
||||||
|
"${each.key}",
|
||||||
|
"-e"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "local-exec" {
|
provisioner "local-exec" {
|
||||||
command = "GRANT ALL ON SCHEMA public TO ${each.key}"
|
command = var.dbcli_name == "psql" ? "GRANT ALL ON SCHEMA public TO ${each.key}" : "true"
|
||||||
interpreter = [
|
interpreter = var.dbcli_name == "psql" ? [
|
||||||
"psql",
|
"${var.dbcli_name}",
|
||||||
"-v", "ON_ERROR_STOP=1",
|
"-v", "ON_ERROR_STOP=1",
|
||||||
"${local.base_connection_string}/${each.key}",
|
"${local.base_connection_string}/${each.key}",
|
||||||
"-c"
|
"-c"
|
||||||
]
|
] : ["true"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Note: provisioners depend on databases existing
|
# Note: provisioners depend on databases existing
|
||||||
|
|
|
@ -33,3 +33,8 @@ variable "vpc_id" {
|
||||||
type = string
|
type = string
|
||||||
nullable = true
|
nullable = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "dbcli_name" {
|
||||||
|
type = string
|
||||||
|
default = "psql"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue