chaosdorf · evlli · Dec 5, 2019 · Dec 5, 2019 · Dec 5, 2019 · Dec 5, 2019
diff --git a/charts/matrix/.gitignore b/charts/matrix/.gitignore
@@ -0,0 +1,2 @@
+.idea/
+charts/
diff --git a/charts/matrix/.helmignore b/charts/matrix/.helmignore
@@ -0,0 +1,4 @@
+.git/
+.idea/
+.gitignore
+README.md
diff --git a/charts/matrix/Chart.lock b/charts/matrix/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 8.0.0
+digest: sha256:54b8dbbf92f98a307a15de995f41897aa3ea3f3252b6f594d058530755b3dfa8
+generated: "2020-03-30T22:24:34.251333366-07:00"
diff --git a/charts/matrix/Chart.yaml b/charts/matrix/Chart.yaml
@@ -0,0 +1,36 @@
+apiVersion: v2
+name: matrix
+description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes
+icon: "https://dacruz21.github.io/helm-charts/icons/matrix.svg"
+home: "https://github.com/dacruz21/matrix-chart"
+sources:
+  - "https://github.com/dacruz21/matrix-chart"
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 2.8.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.22.1
+
+maintainers:
+  - name: "David Cruz"
+    email: "[email protected]"
+    url: "https://github.com/dacruz21/"
+
+dependencies:
+  - name: postgresql
+    version: 8.0.0
+    repository: https://kubernetes-charts.storage.googleapis.com
+    condition: postgresql.enabled
diff --git a/charts/matrix/LICENSE b/charts/matrix/LICENSE
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2021 David Cruz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/charts/matrix/README.md b/charts/matrix/README.md
@@ -0,0 +1,68 @@
+# Matrix Chart
+
+A Helm chart for deploying a Matrix homeserver stack in Kubernetes.
+
+## Features
+
+- Latest version of Synapse
+- (Optional) Latest version of Riot Web
+- (Optional) Choice of lightweight Exim relay or external mail server for email notifications
+- (Optional) Coturn TURN server for VoIP calls
+- (Optional) PostgreSQL cluster via stable/postgresql chart
+- (Optional) [matrix-org/matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) IRC bridge
+- (Optional) [tulir/mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) WhatsApp bridge
+- (Optional) [Half-Shot/matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) Discord bridge
+- Fully configurable via values.yaml
+- Ingress definition for federated Synapse and Riot
+
+## Installation
+
+Some documentation is available in values.yaml, and a complete configuration guide is coming soon.
+
+Choose one of the two options below to install the chart.
+
+### Chart Repository (recommended)
+
+This chart is published to my Helm chart repository at https://dacruz21.github.io/helm-charts. To install this chart:
+
+1. Create an empty chart to hold your configuration
+
+    ```shell script
+    helm create mychart
+    cd mychart
+    ```
+
+1. Add this chart to your chart's dependencies by editing `Chart.yaml` and adding the following lines:
+
+    ```yaml
+    dependencies:
+      - name: matrix
+        version: 2.8.0
+        repository: https://dacruz21.github.io/helm-charts
+    ```
+
+1. Run `helm dependency update` to download the chart into the `charts/` directory.
+
+1. Configure the chart by editing `values.yaml`, adding a `matrix:` object, and adding any config overrides under this object.
+
+1. Deploy your customized chart with `helm install mychart .`
+
+### Git
+
+You can also clone this repo directly and override the values.yaml provided. To do so, run the following commands:
+
+```shell script
+git clone https://github.com/dacruz21/matrix-chart.git
+cd matrix-chart
+helm dependency update
+helm install matrix .
+```
+
+## Security
+Helm currently [does not officially support chart signatures created by GPG keys stored on smartcards](https://github.com/helm/helm/issues/2843#issuecomment-379532906). This may change in the future, in which case I will start packaging this chart with the standard `.prov` signatures, but until then signatures must be verified manually.
+
+GPG signatures are available within the chart repo and can be found by appending `.gpg` to the end of the package URL. For example, the signature for v2.8.0 is available at https://dacruz21.github.io/helm-charts/matrix-2.8.0.tgz.gpg.
+
+These GPG signatures are signed with the same PGP key that is used to sign commits in this Git repository. The key is available by searching for [email protected] on a public keyserver, or by downloading it from my website at https://typokign.com/key.gpg.
+
+If you find any security vulnerabilities in this Helm chart, please contact me by sending a PGP-encrypted email (encrypted to `F13C346C0DE56944`) to [email protected]. Vulnerabilities in upstream services should be reported to that service's developers.
diff --git a/charts/matrix/templates/NOTES.txt b/charts/matrix/templates/NOTES.txt
@@ -0,0 +1,58 @@
+{{- if .Release.IsInstall }}
+dacruz21/matrix-chart has been installed!
+
+Installed components:
+ - Synapse ({{ .Values.synapse.image.repository }})
+{{- if .Values.riot.enabled }}
+ - Element Web ({{ .Values.riot.image.repository }})
+{{- end }}
+{{- if .Values.postgresql.enabled }}
+ - PostgreSQL ({{ .Values.postgresql.image.repository }})
+{{- end }}
+{{- if .Values.coturn.enabled }}
+ - Coturn ({{ .Values.coturn.image.repository }})
+{{- end }}
+{{- if .Values.mail.relay.enabled }}
+ - Exim Relay ({{ .Values.mail.relay.image.repository }})
+{{- end }}
+{{- if .Values.bridges.irc.enabled }}
+ - IRC Bridge ({{ .Values.bridges.irc.image.repository }})
+{{- end }}
+{{- if .Values.bridges.whatsapp.enabled }}
+ - WhatsApp Bridge ({{ .Values.bridges.whatsapp.image.repository }})
+{{- end }}
+{{- if .Values.bridges.discord.enabled }}
+ - Discord Bridge ({{ .Values.bridges.discord.image.repository }})
+{{- end }}
+
+Thank you for installing dacruz21/matrix-chart! If you have any questions or run into any issues, please file a GitHub issue or join us at #matrix-chart:typokign.com.
+
+{{ if .Values.ingress.enabled }}
+Your Synapse homeserver should soon be available at https://{{ .Values.ingress.hosts.synapse }}
+{{- if .Values.riot.enabled }}
+Your Element Web instance should soon be available at https://{{ .Values.ingress.hosts.riot }}
+{{- end }}
+{{- end }}
+
+{{ if .Values.bridges.irc.enabled }}
+The IRC bridge has been enabled!
+
+You can now join IRC channels on any servers you have configured by joining #<alias_prefix><channel_name>:{{ .Values.matrix.serverName }}.
+For more information, check out the official documentation at https://github.com/matrix-org/matrix-appservice-irc
+{{- end }}
+
+{{ if .Values.bridges.whatsapp.enabled }}
+The WhatsApp bridge has been enabled!
+
+To get started, start a chat with the bridge bot (@{{ .Values.bridges.whatsapp.bot.username }}:{{ .Values.matrix.serverName }}).
+For more information, check out the official documentation at https://github.com/tulir/mautrix-whatsapp/wiki/Authentication
+{{- end }}
+
+{{ if .Values.bridges.discord.enabled }}
+The Discord bridge has been enabled!
+
+You'll need to follow the instructions at https://github.com/Half-Shot/matrix-appservice-discord#setting-up-discord to finish setting up the bridge
+
+When you've finished setting up the bridge, head to https://discord.com/oauth2/authorize?client_id={{ .Values.bridges.discord.auth.clientId }}&scope=bot&permissions=607251456 to invite the bridge bot to a Discord guild.
+{{- end }}
+{{- end }}
diff --git a/charts/matrix/templates/_helpers.tpl b/charts/matrix/templates/_helpers.tpl
@@ -0,0 +1,114 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "matrix.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "matrix.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "matrix.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "matrix.labels" -}}
+helm.sh/chart: {{ include "matrix.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/name: "matrix"
+{{- end -}}
+# TODO: Include labels from values
+{{/*
+Synapse specific labels
+*/}}
+{{- define "matrix.synapse.labels" -}}
+{{- range $key, $val := .Values.synapse.labels -}}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Element specific labels
+*/}}
+#TOOO: Change riot to element
+{{- define "matrix.element.labels" -}}
+{{- range $key, $val := .Values.riot.labels }}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Coturn specific labels
+*/}}
+{{- define "matrix.coturn.labels" -}}
+{{- range $key, $val := .Values.coturn.labels -}}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Mail relay specific labels
+*/}}
+{{- define "matrix.mail.labels" -}}
+{{- range $key, $val := .Values.mail.relay.labels -}}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition
+*/}}
+{{- define "matrix.hostname" -}}
+{{- if .Values.matrix.hostname }}
+{{- .Values.matrix.hostname -}}
+{{- else }}
+{{- .Values.ingress.hosts.synapse -}}
+{{- end }}
+{{- end }}
+
+{{/*
+Synapse hostname prepended with https:// to form a complete URL
+*/}}
+{{- define "matrix.baseUrl" -}}
+{{- if .Values.matrix.hostname }}
+{{- printf "https://%s" .Values.matrix.hostname -}}
+{{- else }}
+{{- printf "https://%s" .Values.ingress.hosts.synapse -}}
+{{- end }}
+{{- end }}
+
+{{/*
+Helper function to get a postgres connection string for the database, with all of the auth and SSL settings automatically applied
+*/}}
+{{- define "matrix.postgresUri" -}}
+{{- if .Values.postgresql.enabled -}}
+postgres://{{ .Values.postgresql.username }}:{{ .Values.postgresql.password }}@{{ include "matrix.fullname" . }}-postgresql/%s{{ if .Values.postgresql.ssl }}?ssl=true&sslmode={{ .Values.postgresql.sslMode}}{{ end }}
+{{- else -}}
+postgres://{{ .Values.postgresql.username }}:{{ .Values.postgresql.password }}@{{ .Values.postgresql.hostname }}:{{ .Values.postgresql.port }}/%s{{ if .Values.postgresql.ssl }}?ssl=true&sslmode={{ .Values.postgresql.sslMode }}{{ end }}
+{{- end }}
+{{- end }}
diff --git a/charts/matrix/templates/bridge-discord/_helpers.tpl b/charts/matrix/templates/bridge-discord/_helpers.tpl
@@ -0,0 +1,11 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Shared secret for the discord server
+*/}}
+{{- define "matrix.discord.as_token" -}}
+{{- randAlphaNum 64 -}}
+{{- end -}}
+
+{{- define "matrix.discord.hs_token" -}}
+{{- randAlphaNum 64 -}}
+{{- end -}}