feat: add dendrite and webserver that hosts well-known file for matrix

This commit is contained in:
SeanOMik 2024-07-03 16:17:07 -04:00
parent c07be6c8bf
commit d9c34fdf34
Signed by: SeanOMik
GPG Key ID: FEC9E2FC15235964
7 changed files with 301 additions and 1 deletions

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,88 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: dendrite
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
# pod:
# securityContext:
# runAsNonRoot: true
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: matrixdotorg/dendrite-monolith
tag: v0.13.7
service:
app:
controller: main
ports:
http:
port: 8008
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "matrix.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
- host: "${SECRET_NEW_DOMAIN}"
paths:
- path: /_matrix
service:
identifier: app
port: http
persistence:
config:
type: configMap
# mounts 'matrix_key.pem' and 'config.yaml'
name: dendrite-config
defaultMode: 0664
globalMounts:
- path: /etc/dendrite
searchindex:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/searchindex
globalMounts:
- path: /var/dendrite/searchindex
media-store:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/media
globalMounts:
- path: /var/dendrite/media_store
jetstream:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/jetstream
globalMounts:
- path: /var/dendrite/jetstream

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config.sops.yaml
- ./helm-release.yaml

View File

@ -7,3 +7,5 @@ resources:
- ./mealie
- ./huginn
- ./exim
- ./well-known-site
- ./dendrite

View File

@ -0,0 +1,71 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: well-known-site
namespace: default
data:
nginx.conf: ENC[AES256_GCM,data:axWUHKsftk7FO1GeoTB1BpViXfoSfprYOTjibwNAYhE9SK7Y+iOQqu1rIJ/iq50FN3t0kzxuvhPrtzcAHS27Esq5MtRxklnyxq/kTy6kMZmlUTe0UmGWGIgA9NQ1GgUzGCO7QgfP0MKaSC4rr066uQNtlneZnMh68Je1ERYIaiJHjf0FS2Ugv1LRrnSkDXv+sHjHzXE+2u64dfe3jLWPG18CFEa+eTFNFaueajBecyFuGjlreh8kwFTuZI7CR9J+rKlUoq8KUcc5qo5DswVhVtHJTh0J1UDH64myF5Po6odSgpCFfIaLsdcAnI9mn8TnagBYR7H/PdAXGx6m4Z/nJKXM9dEK4ChPgKFoGj2ZnWcPonHwxakiekLi+fSaUKEfuX/F2wYTFozOIrmOkxehslan8JLLah+6DwtxLyFa6nioSK1IQ46EY5stx2weO7t95UzHgI6SI7HA46nVYH2orBl7MLDy7xi4vQtuK+Fgl1P2IV2wWOWrv4Wwsp2ztRn2/n91LISOVgmvWeYIwx5WreLB8RSGad0Pt4FJXXa2iydERXGa6IcjR6etmjrysW0XTimBmQFIbHgL6zk2NiPwtY47uRfiLSt4z29mFK6b8RIQ8htnTJIhbv6kQdt3clmimVfu11YZuqgnkcr/zxDr+zR3jGpM41sg+1XyMX7fueNDuNxL3tA/kwmqaYX4oJKWodzzls1XusrL+lQkzQt2M29nf4vDsNmFGqIl0ZFnYaZ1QuvJrMs/1yWN+34Qh0vNMnRqHZVAx+DiGw2rDKUzJUSj/+lINyRozjDAbTSU/rObPWYnC/0zCmZLpFT6PdiXzTdHMRYLoFhPgSEy4HXjGdaCn7WWI/TcAZLKGHFfHrgMnc78PK+93iEoa/n9sBte4ZfSb90i8g+81I6Lq0qmC3R01jkaVePkVDw967H+egoa0fcb3zuxx91KKycvazWvwqntFpWIeH3m27WzPnkKHujn2UUKw/E1tSjyPWhc1Wzzkyc0oetU8u9I3NPKpw6moecvJGFwztodYYilAJalMPjDoClZwc7wRxObXiM+PH+jlRlsYrTts7H5AIz3PWrT+SsiWaSp5WuKXz9l48IPOQ0KijgqvWf90Weq9vbSedWO+ffmroyEpTwBRNqmqT5s7HHXqGKWWT7arIrBLNJcyXVA7Ame/7F7MOAVaRY0VAhtQTMDIOCCPz31C6bz8k0oq6n14EKDLTQxCzcXt+LGY/3yig56WK2CPjP8Mx97/sxBK/7kS76lqUTNdpFi2Rb81tRD6aB5GsURhzXWFSdPaATk+NmYGT7nGYqlF+uaXUdPRZJiHsZXvrGUcb8c0cOA3BUBpDOfFAr8DC8o22fOBK6h4GXA/sM36xepls8aFzz0XyKEQf9J7qsDLc6qs99mqUqGLoAH1JyZi5oz7FpP8FqBmtojOhCs4kMGU9C3TJ0ID+cfmURAbW+revNkpt3ovioN2ClAAztDRru9CtnGJ10fkw1YJr1KRTNy5zIoJDC7sBoenk53DZVbjI996D8sWaWIzl2g9g==,iv:qWsILqDVZTjH/tI/IW/gKKTsn2LVo9k4UtokBGnEFEw=,tag:mjBdSGPDQ4byxT8iaf3yjA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-07-03T20:16:25Z"
mac: ENC[AES256_GCM,data:FUx+4ZBrF9YwwAqhCCWnmec3VXUFT7wLx1weESsx4CGHvOPGoHE/ESJianpS+cYhCibbOn3gmP2axlPDNzXVwhXilSmGX6cz4BXsOeob2Z++cydbMtLAke5HZhCYJGZURKsFoG5c6zJNJAGASQxk9c6Xlg6CjOx6bjhEtqSUtic=,iv:LdOxS5SCWpEJT4l4OXsWZWWK5FIYo/bUzZtMiA1HhU8=,tag:lQ/Q8kP4xryW2wDXMEMKbg==,type:str]
pgp:
- created_at: "2024-07-03T20:16:25Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ//XR0dmHqYjhjliN1sPdB+L1rlK4xaJPuguf87pAFfmxSW
Yqs46j3sQe/h/qqUMi0dWhUo/Jk0r96Jmkjrq1Bu2iqvwpHnMo4s3LaVLNw59dwN
QfPIY75IOSJnIm4eWr63qewZkTl1uwg3SfBBYrMHfC++eUZFXMziMUBCITf0Wi1J
O44hOK7E3+aMHHvRbRcMi0h2J0gjiuPROhKfaRwYNxXtaUK3yuTYwp0sdNUdOsmU
L5DkDQY8FQZjAJDi0elB/xuPvJwUKZ3flvnajm1zWs6Gp12RiPmxc3jIzmuMd+zq
Z13PmogTj2xTIeVLya8L92cjIEGHFyWkbYGKeYuYoNfAUmw/6o8q4/TGDlHawC/B
2rqSCSAepz+4+LPreAVNUQdxgulFB40NXGwLX6CXpSl886I6S1nKgAzlmjAZWmn/
kmK2VRKVeCSVsu+vNuWlJYBxdxr6nQhPsDcuMAb2cbzc1bIwlJJEfWkYGM5sWxfG
VAXik+Ru/803gRX4OgCVLc7+wQj8CZogANzFHk6sYSDUeOSNsywo5zoLhFDeyzR5
WbmWNTnBzu6N85giDAupP+UWQexqnVAvlX7mIsJ504RsKNqlEgexMJ+Tr6rZ58Ye
kQXui+CwxLpbSSPV/ir0iA+Wsw1B/8bPs6snGlZ/LkHWXb3ViyO8zCG/hKtEUTSF
AgwDXjg0p2IN1X8BEADb6FuwnGRu1xMQguJAXRKkzxJIBJmN1+eWJQPrF7XzMzRr
0uiMAn/SBNkEv6ATExHX25uRy+F107GNZ5pNaKwgkC+hDRQmgfhvyELsel+S38lz
hXEC4/CcxNetc8zZifPPdR6cK1fJLUMfgKUu8RH/2TNfwMJW+51WYS63PiLGRphk
mNO98gQ5kUjuOslBCLcwmG3dc/xh/zK5/AECVQHNXOuoUuRgfO75UzJ2NuLbDS9X
8bzjNlSBPp6mPI60LZrveuT8kgFHPVgxxqSAAzQcwIVMjx8q5qGpOZUOZsppYeqh
ejRBwPbNOx8+jrlkzsfvkO1B7Z2lgSHf6lWhhU7LMvw3NEoY7mnXY8TBww38Y73E
uwaMSUdmxStzVEqkoGyhtydZHkNf4uN97oWuVS9TPg0AmvkpicfhwLGZ6eqZROjY
sRnacfV1lNtqFgUaV68yz0khZRBsagfNZK0sWSfeIG6Y0JMWaimdqQlBWOoYBNK+
+UKcXUNHzy6B5pyxHWBxm2LrrdTBrlftWoLO57UuMeu5YAOFizWO02GztCtNv1NR
4TF0rkdsCBSrbt0kukAb6yQH4IEjWtve0b6x6zY8iGjbyseUuYWVUfXtKSifkX3Z
566/VaRQv93Bm3Hs/WgOYdln85n4QD/uS91SLk+iMbqqy8eFQfPcK4ATQVeva9Ro
AQkCEDNDyCBStpQg7D0pYMZV6MNnEoWy4t/XX3dV/TRyhs5ndjLk5+nRIJsN+Nbk
0Ikb154Mm4FUEJ4fC/yrJTfE84noY9loMsuwNmcFjhoBmOhUBL2hKXbzegE7GqeS
tWvPLQzkrUc=
=4iOt
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-07-03T20:16:25Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//XVCMS5Ss1fw56d+Gfbskcc13P8/YVhH3Pmh/KVxb6MIY
52I/RcUBwQb14fhYJ6FjSLPYyjlU85y3d60sp57cmbVts8S9NI8jkc/m91n94VgI
HvLidGcG0hBSlsfknf7ra2hdRjpgdzo21uKN6u1XrtjFTip9xTadI8EcDZopSwpX
FxjZCdd8zN4cAMdsNp9y32+OVQIUV6IAMp+BrPZMgqBXDQJ/hjU/t+7PCZo6+4Q7
RSqIoGldKAG9g+fGQ9HYN5q6sHbSH7k/2kOIaqyelgSA7N9Csv90UYSjIx3TlC5O
jc3WIoIi6jSKic5uMxX0mlfQoLCsQ6i/FWZMqQeaDCyZP0nny+6JD1OqVuPUtFa8
SbfNnuj3vZTGd20um3ttdv03e3/eqblJvlG41FpLPPo7CK9mUyCa2cWNCjwrLPo/
GCBTnHGjDSqFtG2D8NYmTnOVe5irCj05OZjWH4WmFeWr49RzOgQhrQRvaFAwjnJT
eFvKWPgD/zHT2yOPvwFfIFoWkNGKiHsxwJ+YJ969QI8qO6yinzpLQpmlXB3v3ucJ
gep5SOnOeWDVywAb6NTUMDimRhL4iLh+tnpoRU4D2N16RkQ2BVGuSbYgGHf4KYnc
d6KHFKkNEywR4JMiffHWo7bMZYWluydRcM9/pTmuH29h3Fxa5dXGwtlvkztcAIbU
aAEJAhDEcsZXQZtkdptMq/UmflbJXVF/y3T8PaZHfGWQ2Lk1Tj/1zmKjMns8mc9d
+ItVxpfReHej8hUkvjPdEIWKykuiClPSam6T7ncNc+WNTs56nPs4e8gQ/ijHqywa
L6k5MEgvpQCs
=qyn/
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

View File

@ -0,0 +1,57 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: well-known-site
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
containers:
main:
image:
repository: nginxinc/nginx-unprivileged
tag: 1.27.0-alpine
service:
app:
controller: main
ports:
http:
port: 8080
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "${SECRET_NEW_DOMAIN}"
paths:
- path: /.well-known
service:
identifier: app
port: http
persistence:
config:
name: well-known-site
type: configMap
defaultMode: 0664
globalMounts:
- subPath: nginx.conf
path: /etc/nginx/nginx.conf

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config.sops.yaml
- ./helm-release.yaml