Merge branch 'helm'

2019-10-31 00:06:51 +02:00
parent 90e7a303ab c15508150a
commit 6fa44ce5e9
14 changed files with 425 additions and 9 deletions
@@ -1,17 +1,17 @@
-.idea/
+/.idea/
-.venv
+/.venv
-env/
+/env/
 pip-selfcheck.json
 *.pyc
 __pycache__
-build
+/build
-dist
+/dist
-*.egg-info
+/*.egg-info
-.eggs
+/.eggs
-config.yaml
+/config.yaml
-registration.yaml
+/registration.yaml
 *.log*
 *.db
 *.bak
@@ -0,0 +1,2 @@
 [*.{yaml,yml}]
 indent_size = 2
@@ -0,0 +1 @@
 charts/*
@@ -0,0 +1,22 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
@@ -0,0 +1,14 @@
 apiVersion: v1
 name: mautrix-telegram
 version: 0.1.0
 appVersion: "0.7.0"
 description: A Matrix-Telegram hybrid puppeting/relaybot bridge.
 keywords:
  - matrix
  - bridge
  - telegram
 maintainers:
  - name: Tulir Asokan
    email: tulir@maunium.net
 sources:
  - https://github.com/tulir/mautrix-telegram
@@ -0,0 +1,6 @@
 dependencies:
 - name: postgresql
  repository: https://kubernetes-charts.storage.googleapis.com/
  version: 6.5.0
 digest: sha256:85139e9d4207e49c11c5f84d7920d0135cffd3d427f3f3638d4e51258990de2a
 generated: "2019-10-23T22:11:37.005827507+03:00"
@@ -0,0 +1,5 @@
 dependencies:
  - name: postgresql
    version: 6.5.0
    repository: https://kubernetes-charts.storage.googleapis.com/
    condition: postgresql.enabled
@@ -0,0 +1,21 @@
 Your registration file is below. Save it into a YAML file and give the path to that file to synapse:
 id: {{ .Values.appservice.id }}
 as_token: {{ .Values.appservice.asToken }}
 hs_token: {{ .Values.appservice.hsToken }}
 namespaces:
    users:
        - exclusive: true
          regex: "@{{ .Values.bridge.username_template | replace "{userid}" ".+"}}:{{ .Values.homeserver.domain }}"
          {{- if .Values.appservice.communityID }}
          group_id: {{ .Values.appservice.communityID }}
          {{- end }}
    aliases:
        - exclusive: true
          regex: "@{{ .Values.bridge.alias_template | replace "{groupname}" ".+"}}:{{ .Values.homeserver.domain }}"
          {{- if .Values.appservice.communityID }}
          group_id: {{ .Values.appservice.communityID }}
          {{- end }}
 url: {{ .Values.appservice.address }}
 sender_localpart: {{ .Values.appservice.botUsername }}
 rate_limited: false
@@ -0,0 +1,55 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "mautrix-telegram.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "mautrix-telegram.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "mautrix-telegram.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "mautrix-telegram.labels" -}}
 app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
 helm.sh/chart: {{ include "mautrix-telegram.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "mautrix-telegram.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "mautrix-telegram.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
@@ -0,0 +1,57 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "mautrix-telegram.fullname" . }}
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    app.kubernetes.io/name: {{ template "mautrix-telegram.name" . }}
 data:
  config.yaml: |
    homeserver:
      address: {{ .Values.homeserver.address }}
      domain: {{ .Values.homeserver.domain }}
      verify_ssl: {{ .Values.homeserver.verifySSL }}
    appservice:
      address: http://{{ include "mautrix-telegram.fullname" . }}:{{ .Values.service.port }}
      hostname: 0.0.0.0
      port: {{ .Values.service.port }}
      max_body_size: {{ .Values.appservice.maxBodySize }}
      {{- if .Values.postgresql.enabled }}
      database: "postgres://postgres:{{ .Values.postgresql.postgresqlPassword }}@{{ .Release.Name }}-postgresql/{{ .Values.postgresql.postgresqlDatabase }}"
      {{- else }}
      database: {{ .Values.appservice.database | quote }}
      {{- end }}
      public:
        {{- toYaml .Values.appservice.public | nindent 8 }}
      provisioning:
        {{- toYaml .Values.appservice.provisioning | nindent 8 }}
      id: {{ .Values.appservice.id }}
      bot_username: {{ .Values.appservice.botUsername }}
      bot_displayname: {{ .Values.appservice.botDisplayname }}
      bot_avatar:  {{ .Values.appservice.botAvatar }}
      community_id: {{ .Values.appservice.communityID }}
      as_token: {{ .Values.appservice.asToken }}
      hs_token: {{ .Values.appservice.hsToken }}
    metrics:
      {{- toYaml .Values.metrics | nindent 6 }}
    bridge:
      {{- toYaml .Values.bridge | nindent 6 }}
    telegram:
      {{- toYaml .Values.telegram | nindent 6 }}
    logging:
      {{- toYaml .Values.logging | nindent 6 }}
  registration.yaml: ""
@@ -0,0 +1,69 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "mautrix-telegram.fullname" . }}
  labels:
    {{- include "mautrix-telegram.labels" . | nindent 4 }}
 spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    {{- if .Values.podAnnotations }}
    annotations:
      {{- toYaml .Values.podAnnotations | nindent 6 }}
    {{- end }}
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      serviceAccountName: {{ template "mautrix-telegram.serviceAccountName" . }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          volumeMounts:
            - mountPath: /data
              name: config-volume
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /_matrix/mau/live
              port: http
            initialDelaySeconds: 60
            periodSeconds: 5
          readinessProbe:
            httpGet:
              path: /_matrix/mau/ready
              port: http
            initialDelaySeconds: 60
            periodSeconds: 5
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
        - name: config-volume
          configMap:
            name: {{ template "mautrix-telegram.fullname" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "mautrix-telegram.fullname" . }}
  labels:
 {{ include "mautrix-telegram.labels" . | indent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
@@ -0,0 +1,8 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "mautrix-telegram.serviceAccountName" . }}
  labels:
 {{ include "mautrix-telegram.labels" . | indent 4 }}
 {{- end -}}
@@ -0,0 +1,140 @@
 image:
  repository: dock.mau.dev/tulir/mautrix-telegram
  tag: latest
  pullPolicy: IfNotPresent
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 service:
  type: ClusterIP
  port: 29317
 resources: {}
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
 # Postgres pod configs
 postgresql:
  enabled: true
  postgresqlDatabase: mxtg
  persistence:
    size: 2Gi
  resources:
    requests:
      memory: 256Mi
      cpu: 100m
 # Homeserver details
 homeserver:
  # The address that this appservice can use to connect to the homeserver.
  address: https://example.com
  # The domain of the homeserver (for MXIDs, etc).
  domain: example.com
  # Whether or not to verify the SSL certificate of the homeserver.
  # Only applies if address starts with https://
  verifySSL: true
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
 appservice:
  # The maximum body size of appservice API requests (from the homeserver) in mebibytes
  # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
  maxBodySize: 1
  # Public part of web server for out-of-Matrix interaction with the bridge.
  # Used for things like login if the user wants to make sure the 2FA password isn't stored in
  # the HS database.
  public:
    # Whether or not the public-facing endpoints should be enabled.
    enabled: true
    # The prefix to use in the public-facing endpoints.
    prefix: /public
    # The base URL where the public-facing endpoints are available. The prefix is not added
    # implicitly.
    external: https://example.com/public
  # Provisioning API part of the web server for automated portal creation and fetching information.
  # Used by things like Dimension (https://dimension.t2bot.io/).
  provisioning:
    # Whether or not the provisioning API should be enabled.
    enabled: true
    # The prefix to use in the provisioning API endpoints.
    prefix: /_matrix/provision/v1
    # The shared secret to authorize users of the API.
    shared_secret: SET TO RANDOM STRING
  id: telegram
  botUsername: telegrambot
  # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
  # to leave display name/avatar as-is.
  botDisplayname: Telegram bridge bot
  botAvatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
  # Community ID for bridged users (changes registration file) and rooms.
  # Must be created manually.
  communityID: false
  # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
  asToken: SET TO RANDOM STRING
  hsToken: SET TO RANDOM STRING
 # The keys below can be used to override the configs in the base config:
 # https://github.com/tulir/mautrix-telegram/blob/master/example-config.yaml
 # Note that the "appservice" and "homeserver" sections are above and slightly different than the base.
 # Bridge config
 bridge:
  # Localpart template of MXIDs for Telegram users.
  # {userid} is replaced with the user ID of the Telegram user.
  username_template: "telegram_{userid}"
  # Localpart template of room aliases for Telegram portal rooms.
  # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
  alias_template: "telegram_{groupname}"
  # Permissions for using the bridge.
  # Permitted values:
  #   relaybot - Only use the bridge via the relaybot, no access to commands.
  #       user - Relaybot level + access to commands to create bridges.
  #  puppeting - User level + logging in with a Telegram account.
  #       full - Full access to use the bridge, i.e. previous levels + Matrix login.
  #      admin - Full access to use the bridge and some extra administration commands.
  # Permitted keys:
  #        * - All Matrix users
  #   domain - All users on that homeserver
  #     mxid - Specific user
  permissions:
    "*": "relaybot"
    "public.example.com": "user"
    "example.com": "full"
    "@admin:example.com": "admin"
 # Prometheus telemetry config.
 metrics:
  enabled: false
  listen_port: 8000
 # Telegram config
 telegram:
  # Get your own API keys at https://my.telegram.org/apps
  api_id: 12345
  api_hash: tjyd5yge35lbodk1xwzw2jstp90k55qz
  # (Optional) Create your own bot at https://t.me/BotFather
  # bot_token: 123456789: