From 68101b17362b709cf758726c680ce6dc5e618ba5 Mon Sep 17 00:00:00 2001 From: dharmendra kariya <22043860+dharmendrakariya@users.noreply.github.com> Date: Thu, 3 Dec 2020 16:08:19 +0530 Subject: [PATCH 1/5] Update _homeserver.yaml --- templates/synapse/_homeserver.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/synapse/_homeserver.yaml b/templates/synapse/_homeserver.yaml index 876337ec..aba52e7f 100644 --- a/templates/synapse/_homeserver.yaml +++ b/templates/synapse/_homeserver.yaml @@ -1221,7 +1221,7 @@ report_stats: {{ .Values.matrix.telemetry }} # A list of application service config files to use # -{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled }} +{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled .Values.bridges.slack.enabled }} app_service_config_files: {{- end }} {{- if .Values.bridges.whatsapp.enabled }} @@ -1233,6 +1233,9 @@ app_service_config_files: {{- if .Values.bridges.irc.enabled }} - "/bridges/irc.yaml" {{- end }} +{{- if .Values.bridges.slack.enabled }} + - "/bridges/slack.yaml" +{{- end }} # Uncomment to enable tracking of application service IP addresses. Implicitly # enables MAU tracking for application service users. From 3b16f47b51775559e9e40fcec24dcdb8103eb95d Mon Sep 17 00:00:00 2001 From: Dharmendra Date: Thu, 3 Dec 2020 16:27:24 +0530 Subject: [PATCH 2/5] adding slack-bridge --- -- | 9 + README.md | 68 ------ media | 0 templates/NOTES.txt | 4 +- templates/_helpers.tpl | 4 +- templates/bridge-irc/deployment.yaml | 3 + templates/bridge-slack/_config.yaml | 234 +++++++++++++++++++++ templates/bridge-slack/_helpers.tpl | 15 ++ templates/bridge-slack/configmap.yaml | 24 +++ templates/bridge-slack/data-pvc.yaml | 14 ++ templates/bridge-slack/deployment.yaml | 113 ++++++++++ templates/bridge-slack/network-policy.yaml | 22 ++ templates/bridge-slack/service.yaml | 18 ++ templates/bridges-pvc.yaml | 2 +- templates/synapse/_homeserver.yaml | 5 +- values.yaml | 38 +++- 16 files changed, 490 insertions(+), 83 deletions(-) create mode 100644 -- delete mode 100644 README.md create mode 100644 media create mode 100644 templates/bridge-slack/_config.yaml create mode 100644 templates/bridge-slack/_helpers.tpl create mode 100644 templates/bridge-slack/configmap.yaml create mode 100644 templates/bridge-slack/data-pvc.yaml create mode 100644 templates/bridge-slack/deployment.yaml create mode 100644 templates/bridge-slack/network-policy.yaml create mode 100644 templates/bridge-slack/service.yaml diff --git a/-- b/-- new file mode 100644 index 00000000..75585634 --- /dev/null +++ b/-- @@ -0,0 +1,9 @@ +id: 1957ad3ec43c599dbc503bebfef3c1710f036816246f9c6100fb78edb91fefe1 +hs_token: 30ca309a2c27929717c0c8234854049d8c0e9d1dfa9faea5e9aaae750f003e71 +as_token: 421c6e954f9fcfbce44fc191d7c2f0917ac7c590b938142507c6587de559cb8e +url: 'http://localhost:8090' +sender_localpart: slackbot +namespaces: + users: + - exclusive: true + regex: '@slack_.*:example.com' diff --git a/README.md b/README.md deleted file mode 100644 index 61f1a294..00000000 --- a/README.md +++ /dev/null @@ -1,68 +0,0 @@ -# Matrix Chart - -A Helm chart for deploying a Matrix homeserver stack in Kubernetes. - -## Features - -- Latest version of Synapse -- (Optional) Latest version of Riot Web -- (Optional) Choice of lightweight Exim relay or external mail server for email notifications -- (Optional) Coturn TURN server for VoIP calls -- (Optional) PostgreSQL cluster via stable/postgresql chart -- (Optional) [matrix-org/matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) IRC bridge -- (Optional) [tulir/mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) WhatsApp bridge -- (Optional) [Half-Shot/matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) Discord bridge -- Fully configurable via values.yaml -- Ingress definition for federated Synapse and Riot - -## Installation - -Some documentation is available in values.yaml, and a complete configuration guide is coming soon. - -Choose one of the two options below to install the chart. - -### Chart Repository (recommended) - -This chart is published to my Helm chart repository at https://dacruz21.github.io/helm-charts. To install this chart: - -1. Create an empty chart to hold your configuration - - ```shell script - helm create mychart - cd mychart - ``` - -1. Add this chart to your chart's dependencies by editing `Chart.yaml` and adding the following lines: - - ```yaml - dependencies: - - name: matrix - version: 2.8.0 - repository: https://dacruz21.github.io/helm-charts - ``` - -1. Run `helm dependency update` to download the chart into the `charts/` directory. - -1. Configure the chart by editing `values.yaml`, adding a `matrix:` object, and adding any config overrides under this object. - -1. Deploy your customized chart with `helm install mychart .` - -### Git - -You can also clone this repo directly and override the values.yaml provided. To do so, run the following commands: - -```shell script -git clone https://github.com/dacruz21/matrix-chart.git -cd matrix-chart -helm dependency update -helm install matrix . -``` - -## Security -Helm currently [does not officially support chart signatures created by GPG keys stored on smartcards](https://github.com/helm/helm/issues/2843#issuecomment-379532906). This may change in the future, in which case I will start packaging this chart with the standard `.prov` signatures, but until then signatures must be verified manually. - -GPG signatures are available within the chart repo and can be found by appending `.gpg` to the end of the package URL. For example, the signature for v2.8.0 is available at https://dacruz21.github.io/helm-charts/matrix-2.8.0.tgz.gpg. - -These GPG signatures are signed with the same PGP key that is used to sign commits in this Git repository. The key is available by searching for david@typokign.com on a public keyserver, or by downloading it from my website at https://typokign.com/key.gpg. - -If you find any security vulnerabilities in this Helm chart, please contact me by sending a PGP-encrypted email (encrypted to `F13C346C0DE56944`) to david@typokign.com. Vulnerabilities in upstream services should be reported to that service's developers. diff --git a/media b/media new file mode 100644 index 00000000..e69de29b diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 8d7c939f..3187ff05 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -28,9 +28,9 @@ Installed components: Thank you for installing dacruz21/matrix-chart! If you have any questions or run into any issues, please file a GitHub issue or join us at #matrix-chart:typokign.com. {{ if .Values.ingress.enabled }} -Your Synapse homeserver should soon be available at https://{{ .Values.ingress.hosts.synapse }} +Your Synapse homeserver should soon be available at http://{{ .Values.ingress.hosts.synapse }} {{- if .Values.riot.enabled }} -Your Element Web instance should soon be available at https://{{ .Values.ingress.hosts.riot }} +Your Element Web instance should soon be available at http://{{ .Values.ingress.hosts.riot }} {{- end }} {{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 67c126bb..7bf78ebe 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -96,9 +96,9 @@ Synapse hostname prepended with https:// to form a complete URL */}} {{- define "matrix.baseUrl" -}} {{- if .Values.matrix.hostname }} -{{- printf "https://%s" .Values.matrix.hostname -}} +{{- printf "http://%s" .Values.matrix.hostname -}} {{- else }} -{{- printf "https://%s" .Values.ingress.hosts.synapse -}} +{{- printf "http://%s" .Values.ingress.hosts.synapse -}} {{- end }} {{- end }} diff --git a/templates/bridge-irc/deployment.yaml b/templates/bridge-irc/deployment.yaml index 98dc72e0..da3f0693 100644 --- a/templates/bridge-irc/deployment.yaml +++ b/templates/bridge-irc/deployment.yaml @@ -74,6 +74,9 @@ spec: containers: - name: "bridge-irc" image: "{{ .Values.bridges.irc.image.repository }}:{{ .Values.bridges.irc.image.tag }}" + command: + - "npm" + args: [ "start", "-c", "/data/config.yaml", "-f", "/data/appservice-registration-irc.yaml" ] imagePullPolicy: {{ .Values.bridges.irc.image.pullPolicy }} {{- if not .Values.bridges.irc.databaseSslVerify }} env: diff --git a/templates/bridge-slack/_config.yaml b/templates/bridge-slack/_config.yaml new file mode 100644 index 00000000..4b9aa44b --- /dev/null +++ b/templates/bridge-slack/_config.yaml @@ -0,0 +1,234 @@ +{{- define "matrix.slack.config" }} +homeserver: + # The domain name of your homeserver + # + server_name: "{{ .Values.matrix.serverName }}" + + # The URL for connecting to your homeserver + # + url: "{{ include "matrix.baseUrl" . }}" + + # The public facing url for media on your homeserver. + # This is usually the public url of your homeserver. + # Optional. Defaults to the value of `url`. + # + #media_url: "http://my.server.here" + + # Optional. The maximum size of a uploaded file to Matrix in bytes. No limit by default + # + #max_upload_size: 104857600 + + # Optional. Used to specify the port of the appservice in the config, rather than the command line. + # If this is defined, it will **override** the port given in the process arguments. + # + #appservice_port: 5858 + +# The prefix to give Slack users on the Matrix server +# +username_prefix: "slack_" + +# Settings for database connection +# Optional. Defaults engine to "nedb". +# +db: + # Which database engine to use. + # Recommended: "postgres" + # Deprecated: "nedb" + # + engine: "postgres" + + # A postgres connection string (unused if using nedb) + # + connectionString: connectionString: {{ printf (include "matrix.postgresUri" .) .Values.bridges.slack.database | quote }} + +# Optional. Use a matrix room to issue link and unlink commands to the bridge +# +matrix_admin_room: {{ .Values.bridges.slack.matrix_admin_room | quote }} + +# Optional. TLS files to be used when handling Slack requests +#tls: + #key_file: /path/to/tls.key + #crt_file: /path/to/tls.crt + +# Real Time Messaging API (RTM) +# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise. +# +rtm: + # Use the RTM API to listen for requests, which does not require + # the bridge to listen on the hook port. + # You should leave this enabled, unless you plan to use the + # bridge exclusively for webhooks. + # + enable: true + + # Logging level specific to RTM traffic. + # + logging: "silent" + +# Port for incoming Slack requests from webhooks and event API messages +# Optional if using RTM API, required otherwise. +# +slack_hook_port: 9898 + +# Prefix of incoming requests to strip. This is NOT the bind host. +# Unlike most of the other urls, this one cannot use localhost, +# as this one must be publicly visible to the Slack API. +# Optional if using RTM API, required otherwise. +# +#inbound_uri_prefix: "https://my.server.here:9898/" + +# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves. +# +#oauth2: + #client_id: "" + #client_secret: "" + + # A prefix similar to inbound_uri_prefix for oauth2 requests. inbound_uri_prefix will be used if this is not set + # Optional + # + #redirect_prefix: "https://my.server.here:9898/mycustomoauthendpoint" + +# Optional +logging: + console: "info" # One of "debug", "info", "warning", "error", "silent" + + # Files that the bridge may log into. The key is the minimum level to report. + # + files: + "./debug.log": "info" + "./error.log": "error" + +# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus +# +enable_metrics: true + +# Optional. Sync team users and channels +# +team_sync: + # Entry for a single team + # T0123ABCDEF: + # channels: + # enabled: true + # # Allow or deny private channels from being synced. Defaults to true. + # # + # allow_private: true + # + # # Optional. blacklist for channel ids. Trumps the whitelist. + # # + # #blacklist: ['CVCCPEY9X', 'C0108F9K37X'] + # + # # Optional. whitelist for channel ids. + # # + # #whitelist: [] + # + # # Prefix for room aliases in Matrix + # # + # #alias_prefix: "slack_" + # + # # Should sync *all* team users to Matrix + # # + # users: + # enabled: true + # Defaults for all other teams + all: + channels: + enabled: false + #whitelist: [] + #blacklist: [] + #alias_prefix: "slack_" + users: + enabled: false + +# Optional. +# +provisioning: + enabled: true + + # Should the bridge deny users bridging channels to private rooms. + # + require_public_room: true + + # Should the bridge allow users to bridge private channels. + # + allow_private_channels: true + limits: + room_count: 20 + team_count: 1 + + # Allow deny list for which Slack channels may be bridged. + # If allow is defined, all other channels are blocked by default + # If deny is defined, all other channels are allowed by default + # If both are defined, allow takes precedence. + # + # channel_adl: + # allow: + # #- "CCZ41UJV7" + # #- "#open.*" + # deny: + # #- "CRBCPA771" + # #- "#secret.*" + +# Optional. Allows Matrix users to optionally authenticate their Slack accounts. +# When a Matrix user posts, the bridge will post using their Slack account. +# +puppeting: + # Should the bridge allow users to puppet their accounts + # + enabled: false + + # Should the bridge send users a onboarding message when + # they join a Slack channel for the first time. + # + onboard_users: false + + # Settings regarding who can send direct messages. + # If allow is defined, all other users are blocked by default + # If deny is defined, all other users are allowed by default + # If both are defined, allow takes precedence. + # + direct_messages: + allow: + # Which Slack users may DM Matrix users. + # + slack: + #- "U0156TG3W48" + + # Which Matrix users may DM Slack users. + # + matrix: + #- "@badactor:badhost" + #- "@.*:badhost" + + deny: + # Which Slack users may NOT DM Matrix users. + # + slack: + #- "U0156TG3W48" + + # Which Matrix users may NOT DM Slack users. + # + matrix: + #- "@badactor:badhost" + #- "@.*:badhost" + +# Optional. Set the bot's profile on startup +bot_profile: + # Optional. Set the displayname. + # + displayname: "Slack Bridge" + + # Optional. Set the avatar. + # + avatar_url: "mxc://half-shot.uk/ea64c71ee946ca2f61379abefe2c7d977d276fbb" + +# Optional. Enable encryption in DMs and private rooms. +encryption: + # Should encryption be enabled + # + enabled: false + + # The URL where the bridge can access pantalaimon + # + pantalaimon_url: "http://localhost:8004" + +{{- end }} diff --git a/templates/bridge-slack/_helpers.tpl b/templates/bridge-slack/_helpers.tpl new file mode 100644 index 00000000..6f9d3c0b --- /dev/null +++ b/templates/bridge-slack/_helpers.tpl @@ -0,0 +1,15 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Shared secret for the slack server +*/}} +{{- define "matrix.slack.as_token" -}} +{{- randAlphaNum 64 -}} +{{- end }} + +{{- define "matrix.slack.hs_token" -}} +{{- randAlphaNum 64 -}} +{{- end }} + +{{- define "matrix.slack.passkey" -}} +{{- genPrivateKey "rsa" -}} +{{- end -}} \ No newline at end of file diff --git a/templates/bridge-slack/configmap.yaml b/templates/bridge-slack/configmap.yaml new file mode 100644 index 00000000..ed526179 --- /dev/null +++ b/templates/bridge-slack/configmap.yaml @@ -0,0 +1,24 @@ +{{- if .Values.bridges.slack.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "matrix.fullname" . }}-slack-config + labels: + {{ include "matrix.labels" . | nindent 4}} +data: + config.yaml: | + {{ include "matrix.slack.config" . | nindent 4 }} + registration.yaml: | + id: appservice-slack + as_token: "{{ include "matrix.slack.as_token" . }}" + hs_token: "{{ include "matrix.slack.hs_token" . }}" + namespaces: + users: + - exclusive: true + regex: '@slack_.*:{{ include "matrix.fullname" . }}' + aliases: + - exclusive: true + regex: '#slack_.*:{{ include "matrix.fullname" . }}' + url: "http://{{ include "matrix.fullname" . }}-bridge-slack:{{ .Values.bridges.slack.service.port }}" + sender_localpart: slackbot +{{- end }} diff --git a/templates/bridge-slack/data-pvc.yaml b/templates/bridge-slack/data-pvc.yaml new file mode 100644 index 00000000..7b40e24b --- /dev/null +++ b/templates/bridge-slack/data-pvc.yaml @@ -0,0 +1,14 @@ +{{- if .Values.bridges.slack.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "matrix.fullname" . }}-slack-data + labels: + {{ include "matrix.labels" . | nindent 4}} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.bridges.slack.data.capacity }} +{{- end }} diff --git a/templates/bridge-slack/deployment.yaml b/templates/bridge-slack/deployment.yaml new file mode 100644 index 00000000..5ee490b3 --- /dev/null +++ b/templates/bridge-slack/deployment.yaml @@ -0,0 +1,113 @@ +{{- if .Values.bridges.slack.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "matrix.fullname" . }}-bridge-slack + labels: + {{ include "matrix.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.bridges.slack.replicaCount }} + strategy: + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: {{ include "matrix.name" . }}-bridge-slack + app.kubernetes.io/instance: {{ .Release.Name }} + matrix-chart/allow-synapse-access: allow + template: + metadata: + annotations: + # re-roll deployment on config change + checksum/slack-config: {{ include (print $.Template.BasePath "/bridge-slack/configmap.yaml") . | sha256sum }} + labels: + app.kubernetes.io/name: {{ include "matrix.name" . }}-bridge-slack + app.kubernetes.io/instance: {{ .Release.Name }} + matrix-chart/allow-synapse-access: allow + spec: + {{- if .Values.bridges.affinity }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "matrix.name" . }}-synapse + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + initContainers: + - name: "load-config" + image: "{{ .Values.bridges.slack.image.repository }}:{{ .Values.bridges.slack.image.tag }}" + imagePullPolicy: {{ .Values.bridges.slack.image.pullPolicy }} + command: ["sh"] + args: ["-c", "cp /load/registration.yaml /data/appservice-registration-slack.yaml; cp /load/config.yaml /data/config.yaml; cp /load/registration.yaml /bridges/slack.yaml"] + volumeMounts: + - name: data + mountPath: /data + - name: bridges + mountPath: /bridges + - name: config + mountPath: /load + readOnly: true + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + containers: + - name: "bridge-slack" + image: "{{ .Values.bridges.slack.image.repository }}:{{ .Values.bridges.slack.image.tag }}" + command: + - "npm" + args: [ "start", "-r", "-c", "/data/config.yaml", "-u", "http://matrix-bridge-slack:8090", "-f", "/data/appservice-registration-slack.yaml" ] + imagePullPolicy: {{ .Values.bridges.slack.image.pullPolicy }} + {{- if not .Values.bridges.slack.databaseSslVerify }} + env: + - name: NODE_TLS_REJECT_UNAUTHORIZED + value: "0" + {{- end }} + ports: + - name: bridge + containerPort: 8090 + protocol: TCP + volumeMounts: + - name: data + mountPath: /data + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + {{- with .Values.bridges.slack.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ include "matrix.fullname" . }}-slack-data" + - name: config + configMap: + name: "{{ include "matrix.fullname" . }}-slack-config" + - name: bridges + persistentVolumeClaim: + claimName: "{{ include "matrix.fullname" . }}-bridges" + {{- end }} diff --git a/templates/bridge-slack/network-policy.yaml b/templates/bridge-slack/network-policy.yaml new file mode 100644 index 00000000..3055ec9d --- /dev/null +++ b/templates/bridge-slack/network-policy.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.networkPolicies.enabled .Values.bridges.slack.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "matrix.fullname" . }}-bridge-slack + labels: + {{ include "matrix.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "matrix.fullname" . }}-bridge-slack + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "matrix.name" . }}-synapse + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + - port: bridge + protocol: TCP +{{- end }} diff --git a/templates/bridge-slack/service.yaml b/templates/bridge-slack/service.yaml new file mode 100644 index 00000000..d4704b44 --- /dev/null +++ b/templates/bridge-slack/service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.bridges.slack.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "matrix.fullname" . }}-bridge-slack + labels: + {{ include "matrix.labels" . | nindent 4 }} +spec: + type: {{ .Values.bridges.slack.service.type }} + ports: + - port: {{ .Values.bridges.slack.service.port }} + targetPort: bridge + protocol: TCP + name: bridge + selector: + app.kubernetes.io/name: {{ include "matrix.name" . }}-bridge-slack + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/templates/bridges-pvc.yaml b/templates/bridges-pvc.yaml index e3a490a2..353d66a8 100644 --- a/templates/bridges-pvc.yaml +++ b/templates/bridges-pvc.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled }} +{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled .Values.bridges.slack.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/templates/synapse/_homeserver.yaml b/templates/synapse/_homeserver.yaml index 876337ec..ca0c4f8b 100644 --- a/templates/synapse/_homeserver.yaml +++ b/templates/synapse/_homeserver.yaml @@ -1221,9 +1221,12 @@ report_stats: {{ .Values.matrix.telemetry }} # A list of application service config files to use # -{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled }} +{{- if or .Values.bridges.whatsapp.enabled .Values.bridges.discord.enabled .Values.bridges.irc.enabled .Values.bridges.slack.enabled }} app_service_config_files: {{- end }} +{{- if .Values.bridges.slack.enabled }} + - "/bridges/slack.yaml" +{{- end }} {{- if .Values.bridges.whatsapp.enabled }} - "/bridges/whatsapp.yaml" {{- end }} diff --git a/values.yaml b/values.yaml index db2f79cf..762abaae 100644 --- a/values.yaml +++ b/values.yaml @@ -1,7 +1,7 @@ # Runtime configuration for Synapse and settings related to the Matrix protocol matrix: # Manual overrides for homeserver.yaml, the main configuration file for Synapse - # If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents. + # If Override is set, the entirety of homeserver.yaml will be replaced with the contents. # If homeserverExtra is set, the contents will be appended to the end of the default configuration. # It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense # of the requirements and default configuration options to use other services in this chart. @@ -74,7 +74,7 @@ matrix: # User registration settings registration: # Allow new users to register an account - enabled: false + enabled: true # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -234,9 +234,9 @@ ingress: federation: true tls: [] hosts: - synapse: matrix.chart-example.local - riot: element.chart-example.local - federation: matrix-fed.chart-example.local + synapse: matrix.chart-example.localhost + riot: element.chart-example.localhost + federation: matrix-fed.chart-example.localhost annotations: # This annotation is required for the Nginx ingress provider. You can remove it if you use a different ingress provider nginx.ingress.kubernetes.io/configuration-snippet: | @@ -293,9 +293,10 @@ synapse: timeoutSeconds: 5 periodSeconds: 10 startup: + initialDelaySeconds: 9 timeoutSeconds: 5 periodSeconds: 5 - failureThreshold: 6 + failureThreshold: 10 liveness: timeoutSeconds: 5 periodSeconds: 10 @@ -486,6 +487,25 @@ mail: requireTransportSecurity: true bridges: + + slack: + # Set to true to enable the slack bridge + enabled: false #if tru, give matrix as a release name bcoz see deployment file + matrix_admin_room: !lcTxjUsyLWagPwcfUP:example.com + image: + repository: "matrixdotorg/matrix-appservice-slack" + tag: "release-1.6.0-rc1" + pullPolicy: IfNotPresent + replicaCount: 1 + resources: {} + service: + type: ClusterIP + port: 8090 + + data: + # Size of the data PVC to allocate + capacity: 1Mi + irc: # Set to true to enable the IRC bridge enabled: false @@ -584,7 +604,7 @@ bridges: enabled: false # Management room for the relay bot where status notifications are posted - management: "!foo:example.com" + management: "!lcTxjUsyLWagPwcfUP:example.com" # Users to invite to the management room automatically invites: [] @@ -673,7 +693,7 @@ bridges: # Recommended to leave this disabled to allow bridges to be scheduled on separate nodes. # Set this to true to reduce latency between the homeserver and bridges, or if your cloud provider does not allow # the ReadWriteMany access mode (see below) - affinity: false + affinity: true volume: # Capacity of the shared volume for storing bridge/appservice registration files # Note: 1Mi should be enough but some cloud providers may set a minimum PVC size of 1Gi, adjust as necessary @@ -683,7 +703,7 @@ bridges: # Access mode of the shared volume. ReadWriteMany is recommended to allow bridges to be scheduled on separate nodes. # Some cloud providers may not allow the ReadWriteMany access mode. In that case, change this to ReadWriteOnce -AND- # set bridges.affinity (above) to true - accessMode: ReadWriteMany + accessMode: ReadWriteOnce imagePullSecrets: [] nameOverride: "" From ab73b25b1934f48bf2c415fb6673d9eaf722ee14 Mon Sep 17 00:00:00 2001 From: Dharmendra Date: Thu, 3 Dec 2020 16:39:35 +0530 Subject: [PATCH 3/5] adding slack-bridge --- -- | 9 --------- media | 0 2 files changed, 9 deletions(-) delete mode 100644 -- delete mode 100644 media diff --git a/-- b/-- deleted file mode 100644 index 75585634..00000000 --- a/-- +++ /dev/null @@ -1,9 +0,0 @@ -id: 1957ad3ec43c599dbc503bebfef3c1710f036816246f9c6100fb78edb91fefe1 -hs_token: 30ca309a2c27929717c0c8234854049d8c0e9d1dfa9faea5e9aaae750f003e71 -as_token: 421c6e954f9fcfbce44fc191d7c2f0917ac7c590b938142507c6587de559cb8e -url: 'http://localhost:8090' -sender_localpart: slackbot -namespaces: - users: - - exclusive: true - regex: '@slack_.*:example.com' diff --git a/media b/media deleted file mode 100644 index e69de29b..00000000 From d117bd60ad8f3911e9387dce2de80e73266703bc Mon Sep 17 00:00:00 2001 From: dharmendra kariya <22043860+dharmendrakariya@users.noreply.github.com> Date: Thu, 3 Dec 2020 16:43:25 +0530 Subject: [PATCH 4/5] Update values.yaml --- values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values.yaml b/values.yaml index 762abaae..79f1485b 100644 --- a/values.yaml +++ b/values.yaml @@ -490,8 +490,8 @@ bridges: slack: # Set to true to enable the slack bridge - enabled: false #if tru, give matrix as a release name bcoz see deployment file - matrix_admin_room: !lcTxjUsyLWagPwcfUP:example.com + enabled: false + matrix_admin_room: !xxxroomIDxxx:example.com #your room id image: repository: "matrixdotorg/matrix-appservice-slack" tag: "release-1.6.0-rc1" From ba2a28175309266fed69ca054cf9fa5f786fb3dc Mon Sep 17 00:00:00 2001 From: dharmendra kariya <22043860+dharmendrakariya@users.noreply.github.com> Date: Thu, 3 Dec 2020 16:45:49 +0530 Subject: [PATCH 5/5] Update values.yaml --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 79f1485b..74e61cd3 100644 --- a/values.yaml +++ b/values.yaml @@ -604,7 +604,7 @@ bridges: enabled: false # Management room for the relay bot where status notifications are posted - management: "!lcTxjUsyLWagPwcfUP:example.com" + management: "!xxxyourroomIDxxx:example.com" # Users to invite to the management room automatically invites: []