diff --git a/apps/fnux-playground/README.md b/apps/fnux-playground/README.md new file mode 100644 index 0000000..7c8d134 --- /dev/null +++ b/apps/fnux-playground/README.md @@ -0,0 +1,44 @@ +# Fnux's playground + +Tests made by Timothée for ungleich. + +## OpenLDAP + +Simple chart based on [Osixia's OpenLDAP +image](https://github.com/osixia/docker-openldap). + +``` +helm install ldap1 ./openldap +``` + +## Matrix Synapse + +Matrix Homeserver setup based on [Ananace's Helm +charts](https://github.com/osixia/docker-openldap). I exchanged a few mails +with him, he's nice! + +Note: we need to wire up some network policy to firewall the various components. +Note: there's some configuration and secret management to work on! +Note: there's a missing bit for IPv6 support (https://gitlab.com/ananace/charts/-/merge_requests/15) + +``` +helm repo add ananace-charts https://ananace.gitlab.io/charts +helm repo update + +helm install matrix ananace-charts/matrix-synapse --set serverName=matrix.fnux-playground.svc.c1.k8s.ooo --set wellknown.enabled=true -f matrix.fnux-playground.yaml +``` + +## Ingress + +Ingress is used by the matrix-synapse chart to distribute requests across +synapse workers. We could do it ourselve (just generate a NGINX container from +synapse's config) but there's already ingress logic around, which do this for +us... + +``` +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update + +helm install ingress-nginx ingress-nginx/ingress-nginx +``` + diff --git a/apps/fnux-playground/matrix.fnux-playground.yaml b/apps/fnux-playground/matrix.fnux-playground.yaml new file mode 100644 index 0000000..e9d8d80 --- /dev/null +++ b/apps/fnux-playground/matrix.fnux-playground.yaml @@ -0,0 +1,53 @@ +# TODO: set redis & PGSQL password, investigate workers. + +# Synapse configuration. +config: + logLevel: INFO + +# Synapse persistence. +persistence: + enabled: true + storageClass: "rook-cephfs" + accessMode: ReadWriteMany + size: 10Gi + +# PGSQL persistence. +postgresql: + enabled: true + persistence: + storageClass: "rook-cephfs" + size: 16Gi + +# First/initial startup is slow! The synapse pod get killed before the database +# is fully initialied if we don't explicitely wait. +synapse: + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 180 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 180 + +# Serve /.well-known URIs, making federation possible without adding +# SRV-records to DNS. +wellknown: + enabled: true + + # Lighttpd does not bind to v6 by default - which doesn't play well in a + # v6-only cluster! + useIpv6: true + + # Data served on .well-known/matrix/server. + # See https://matrix.org/docs/spec/server_server/latest#get-well-known-matrix-server + server: + m.server: "matrix.fnux-playground.svc.c1.k8s.oo:443" + + # Data served on .well-known/matrix/client. + # See https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client + client: + m.homeserver: + base_url: "https://matrix.ungleich.ch"