Merge branch 'helm'

2019-10-31 00:06:51 +02:00
parent 90e7a303ab c15508150a
commit 6fa44ce5e9
14 changed files with 425 additions and 9 deletions
@@ -1,17 +1,17 @@
-.idea/
+/.idea/

-.venv
-env/
+/.venv
+/env/
 pip-selfcheck.json
 *.pyc
 __pycache__
-build
-dist
-*.egg-info
-.eggs
+/build
+/dist
+/*.egg-info
+/.eggs

-config.yaml
-registration.yaml
+/config.yaml
+/registration.yaml
 *.log*
 *.db
 *.bak
@@ -0,0 +1,2 @@
+[*.{yaml,yml}]
+indent_size = 2
@@ -0,0 +1 @@
+charts/*
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,14 @@
+apiVersion: v1
+name: mautrix-telegram
+version: 0.1.0
+appVersion: "0.7.0"
+description: A Matrix-Telegram hybrid puppeting/relaybot bridge.
+keywords:
+  - matrix
+  - bridge
+  - telegram
+maintainers:
+  - name: Tulir Asokan
+    email: tulir@maunium.net
+sources:
+  - https://github.com/tulir/mautrix-telegram
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 6.5.0
+digest: sha256:85139e9d4207e49c11c5f84d7920d0135cffd3d427f3f3638d4e51258990de2a
+generated: "2019-10-23T22:11:37.005827507+03:00"
@@ -0,0 +1,5 @@
+dependencies:
+  - name: postgresql
+    version: 6.5.0
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    condition: postgresql.enabled
@@ -0,0 +1,21 @@
+Your registration file is below. Save it into a YAML file and give the path to that file to synapse:
+
+id: {{ .Values.appservice.id }}
+as_token: {{ .Values.appservice.asToken }}
+hs_token: {{ .Values.appservice.hsToken }}
+namespaces:
+    users:
+        - exclusive: true
+          regex: "@{{ .Values.bridge.username_template | replace "{userid}" ".+"}}:{{ .Values.homeserver.domain }}"
+          {{- if .Values.appservice.communityID }}
+          group_id: {{ .Values.appservice.communityID }}
+          {{- end }}
+    aliases:
+        - exclusive: true
+          regex: "@{{ .Values.bridge.alias_template | replace "{groupname}" ".+"}}:{{ .Values.homeserver.domain }}"
+          {{- if .Values.appservice.communityID }}
+          group_id: {{ .Values.appservice.communityID }}
+          {{- end }}
+url: {{ .Values.appservice.address }}
+sender_localpart: {{ .Values.appservice.botUsername }}
+rate_limited: false
@@ -0,0 +1,55 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mautrix-telegram.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mautrix-telegram.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mautrix-telegram.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "mautrix-telegram.labels" -}}
+app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
+helm.sh/chart: {{ include "mautrix-telegram.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mautrix-telegram.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "mautrix-telegram.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "mautrix-telegram.fullname" . }}
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app.kubernetes.io/name: {{ template "mautrix-telegram.name" . }}
+data:
+  config.yaml: |
+    homeserver:
+      address: {{ .Values.homeserver.address }}
+      domain: {{ .Values.homeserver.domain }}
+      verify_ssl: {{ .Values.homeserver.verifySSL }}
+
+    appservice:
+      address: http://{{ include "mautrix-telegram.fullname" . }}:{{ .Values.service.port }}
+
+      hostname: 0.0.0.0
+      port: {{ .Values.service.port }}
+      max_body_size: {{ .Values.appservice.maxBodySize }}
+
+      {{- if .Values.postgresql.enabled }}
+      database: "postgres://postgres:{{ .Values.postgresql.postgresqlPassword }}@{{ .Release.Name }}-postgresql/{{ .Values.postgresql.postgresqlDatabase }}"
+      {{- else }}
+      database: {{ .Values.appservice.database | quote }}
+      {{- end }}
+
+      public:
+        {{- toYaml .Values.appservice.public | nindent 8 }}
+
+      provisioning:
+        {{- toYaml .Values.appservice.provisioning | nindent 8 }}
+
+      id: {{ .Values.appservice.id }}
+      bot_username: {{ .Values.appservice.botUsername }}
+      bot_displayname: {{ .Values.appservice.botDisplayname }}
+      bot_avatar:  {{ .Values.appservice.botAvatar }}
+
+      community_id: {{ .Values.appservice.communityID }}
+
+      as_token: {{ .Values.appservice.asToken }}
+      hs_token: {{ .Values.appservice.hsToken }}
+
+    metrics:
+      {{- toYaml .Values.metrics | nindent 6 }}
+
+    bridge:
+      {{- toYaml .Values.bridge | nindent 6 }}
+
+    telegram:
+      {{- toYaml .Values.telegram | nindent 6 }}
+
+    logging:
+      {{- toYaml .Values.logging | nindent 6 }}
+  registration.yaml: ""
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mautrix-telegram.fullname" . }}
+  labels:
+    {{- include "mautrix-telegram.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    {{- if .Values.podAnnotations }}
+    annotations:
+      {{- toYaml .Values.podAnnotations | nindent 6 }}
+    {{- end }}
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ template "mautrix-telegram.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - mountPath: /data
+              name: config-volume
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /_matrix/mau/live
+              port: http
+            initialDelaySeconds: 60
+            periodSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /_matrix/mau/ready
+              port: http
+            initialDelaySeconds: 60
+            periodSeconds: 5
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ template "mautrix-telegram.fullname" . }}
+
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mautrix-telegram.fullname" . }}
+  labels:
+{{ include "mautrix-telegram.labels" . | indent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "mautrix-telegram.serviceAccountName" . }}
+  labels:
+{{ include "mautrix-telegram.labels" . | indent 4 }}
+{{- end -}}
@@ -0,0 +1,140 @@
+image:
+  repository: dock.mau.dev/tulir/mautrix-telegram
+  tag: latest
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+service:
+  type: ClusterIP
+  port: 29317
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# Postgres pod configs
+postgresql:
+  enabled: true
+  postgresqlDatabase: mxtg
+  persistence:
+    size: 2Gi
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 100m
+
+# Homeserver details
+homeserver:
+  # The address that this appservice can use to connect to the homeserver.
+  address: https://example.com
+  # The domain of the homeserver (for MXIDs, etc).
+  domain: example.com
+  # Whether or not to verify the SSL certificate of the homeserver.
+  # Only applies if address starts with https://
+  verifySSL: true
+
+# Application service host/registration related details
+# Changing these values requires regeneration of the registration.
+appservice:
+  # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+  # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+  maxBodySize: 1
+
+  # Public part of web server for out-of-Matrix interaction with the bridge.
+  # Used for things like login if the user wants to make sure the 2FA password isn't stored in
+  # the HS database.
+  public:
+    # Whether or not the public-facing endpoints should be enabled.
+    enabled: true
+    # The prefix to use in the public-facing endpoints.
+    prefix: /public
+    # The base URL where the public-facing endpoints are available. The prefix is not added
+    # implicitly.
+    external: https://example.com/public
+
+  # Provisioning API part of the web server for automated portal creation and fetching information.
+  # Used by things like Dimension (https://dimension.t2bot.io/).
+  provisioning:
+    # Whether or not the provisioning API should be enabled.
+    enabled: true
+    # The prefix to use in the provisioning API endpoints.
+    prefix: /_matrix/provision/v1
+    # The shared secret to authorize users of the API.
+    shared_secret: SET TO RANDOM STRING
+
+  id: telegram
+  botUsername: telegrambot
+  # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+  # to leave display name/avatar as-is.
+  botDisplayname: Telegram bridge bot
+  botAvatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
+
+  # Community ID for bridged users (changes registration file) and rooms.
+  # Must be created manually.
+  communityID: false
+
+  # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+  asToken: SET TO RANDOM STRING
+  hsToken: SET TO RANDOM STRING
+
+# The keys below can be used to override the configs in the base config:
+# https://github.com/tulir/mautrix-telegram/blob/master/example-config.yaml
+# Note that the "appservice" and "homeserver" sections are above and slightly different than the base.
+
+# Bridge config
+bridge:
+  # Localpart template of MXIDs for Telegram users.
+  # {userid} is replaced with the user ID of the Telegram user.
+  username_template: "telegram_{userid}"
+  # Localpart template of room aliases for Telegram portal rooms.
+  # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
+  alias_template: "telegram_{groupname}"
+
+  # Permissions for using the bridge.
+  # Permitted values:
+  #   relaybot - Only use the bridge via the relaybot, no access to commands.
+  #       user - Relaybot level + access to commands to create bridges.
+  #  puppeting - User level + logging in with a Telegram account.
+  #       full - Full access to use the bridge, i.e. previous levels + Matrix login.
+  #      admin - Full access to use the bridge and some extra administration commands.
+  # Permitted keys:
+  #        * - All Matrix users
+  #   domain - All users on that homeserver
+  #     mxid - Specific user
+  permissions:
+    "*": "relaybot"
+    "public.example.com": "user"
+    "example.com": "full"
+    "@admin:example.com": "admin"
+
+# Prometheus telemetry config.
+metrics:
+  enabled: false
+  listen_port: 8000
+
+# Telegram config
+telegram:
+  # Get your own API keys at https://my.telegram.org/apps
+  api_id: 12345
+  api_hash: tjyd5yge35lbodk1xwzw2jstp90k55qz
+  # (Optional) Create your own bot at https://t.me/BotFather
+  # bot_token: 123456789: