Add minimal/WIP matrix-synapse setup logic

2021-07-31 16:17:15 +02:00 · 2021-07-31 16:17:15 +02:00 · a131fe805d
commit a131fe805d
parent c9b64f4faf
2 changed files with 97 additions and 0 deletions
--- a/apps/fnux-playground/README.md
+++ b/apps/fnux-playground/README.md
@ -0,0 +1,44 @@
+# Fnux's playground
+
+Tests made by Timothée for ungleich.
+
+## OpenLDAP
+
+Simple chart based on [Osixia's OpenLDAP
+image](https://github.com/osixia/docker-openldap).
+
+```
+helm install ldap1 ./openldap
+```
+
+## Matrix Synapse
+
+Matrix Homeserver setup based on [Ananace's Helm
+charts](https://github.com/osixia/docker-openldap). I exchanged a few mails
+with him, he's nice!
+
+Note: we need to wire up some network policy to firewall the various components.
+Note: there's some configuration and secret management to work on!
+Note: there's a missing bit for IPv6 support (https://gitlab.com/ananace/charts/-/merge_requests/15)
+
+```
+helm repo add ananace-charts https://ananace.gitlab.io/charts
+helm repo update
+
+helm install matrix ananace-charts/matrix-synapse --set serverName=matrix.fnux-playground.svc.c1.k8s.ooo --set wellknown.enabled=true -f matrix.fnux-playground.yaml
+```
+
+## Ingress
+
+Ingress is used by the matrix-synapse chart to distribute requests across
+synapse workers. We could do it ourselve (just generate a NGINX container from
+synapse's config) but there's already ingress logic around, which do this for
+us...
+
+```
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+
+helm install ingress-nginx ingress-nginx/ingress-nginx
+```
+
--- a/apps/fnux-playground/matrix.fnux-playground.yaml
+++ b/apps/fnux-playground/matrix.fnux-playground.yaml
@ -0,0 +1,53 @@
+# TODO: set redis & PGSQL password, investigate workers.
+
+# Synapse configuration.
+config:
+  logLevel: INFO
+
+# Synapse persistence.
+persistence:
+  enabled: true
+  storageClass: "rook-cephfs"
+  accessMode: ReadWriteMany
+  size: 10Gi
+
+# PGSQL persistence.
+postgresql:
+  enabled: true
+  persistence:
+    storageClass: "rook-cephfs"
+    size: 16Gi
+
+# First/initial startup is slow! The synapse pod get killed before the database
+# is fully initialied if we don't explicitely wait.
+synapse:
+  livenessProbe:
+    httpGet:
+      path: /health
+      port: http
+    initialDelaySeconds: 180
+  readinessProbe:
+    httpGet:
+      path: /health
+      port: http
+    initialDelaySeconds: 180
+
+# Serve /.well-known URIs, making federation possible without adding
+# SRV-records to DNS.
+wellknown:
+  enabled: true
+
+  # Lighttpd does not bind to v6 by default - which doesn't play well in a
+  # v6-only cluster!
+  useIpv6: true
+
+  # Data served on .well-known/matrix/server.
+  # See https://matrix.org/docs/spec/server_server/latest#get-well-known-matrix-server
+  server:
+    m.server: "matrix.fnux-playground.svc.c1.k8s.oo:443"
+
+  # Data served on .well-known/matrix/client.
+  # See https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
+  client:
+    m.homeserver:
+      base_url: "https://matrix.ungleich.ch"