Add Velero and all remaining Matrix resources

Add Velero
Add Velero annotations
2025-12-03 01:36:59 -06:00 · 2025-12-03 01:36:46 -06:00 · 2025-12-03 01:36:29 -06:00 · 2025-12-03 01:35:58 -06:00 · 2025-12-03 01:35:41 -06:00 · 2025-12-03 01:34:27 -06:00
9 changed files with 227 additions and 66 deletions
--- a/src/main/k8s/services/matrix/home_server/service.cljs
+++ b/src/main/k8s/services/matrix/home_server/service.cljs
@@ -2,23 +2,28 @@

 (def config
  {:stack [:vault:prepare [:k8s :pvc :deployment :service :httproute]]
-   :image-port    6167
   :app-namespace "matrix"
   :app-name      "tuwunel"
   
+   
   :k8s:pvc-opts
-   {"conduwuit-db" {:storageClass "hcloud-volumes"
-                    :accessModes ["ReadWriteOnce"]
-                    :storage "20Gi"}}
+   {:metadata {:name "conduwuit-db"
+               :namespace "matrix"}
+    :spec {:storageClassName "hcloud-volumes"
+           :accessModes ["ReadWriteOnce"]
+           :resources {:requests {:storage "50Gi"}}}}

   :k8s:deployment-opts
   {:spec
-    {:template
-     {:spec
+    {:strategy {:type "Recreate"}
+     :template
+     {:metadata {:annotations {"backup.velero.io/backup-volumes" "db"}}
+      :spec
      {:containers
       [{:name 'app-name
         :image '(str repo "/tuwunel:latest")
         :envFrom [{:secretRef {:name '(str app-name "-secrets")}}]
+         :ports [{:containerPort 'port}]
         :volumeMounts [{:name "db" :mountPath "/var/lib/conduwuit"}
                        #_{:name "discord-reg"
                         :mountPath "/etc/conduwuit/discord-registration.yaml"
@@ -34,12 +39,12 @@

   :k8s:httproute-opts
   {:spec
-    {:hostnames ['homeserver]
+    {:hostnames ['host]
     :rules [{:matches [{:path {:type "PathPrefix" :value "/_matrix/media"}}]
-              :backendRefs [{:name "mmr" :port 8000}]}
+              :backendRefs [{:name "matrix-media-repo" :port 80}]}

             {:matches [{:path {:type "PathPrefix" :value "/_matrix/client/v1/media"}}]
-              :backendRefs [{:name "mmr" :port 8000}]}
+              :backendRefs [{:name "matrix-media-repo" :port 80}]}

             {:matches [{:path {:type "PathPrefix" :value "/.well-known/matrix"}}]
              :backendRefs [{:name "matrix-well-known" :port 80}]}
--- a/src/main/k8s/services/matrix/home_server/well_known/service.cljs
+++ b/src/main/k8s/services/matrix/home_server/well_known/service.cljs
@@ -17,10 +17,11 @@
    {:template
     {:spec
      {:containers
-       [{:name "nginx"
-         :image "nginx:alpine"
+       [{:name 'app-name
+         :ports [{:containerPort 80}]
+         :image '(str repo "/nginx:alpine")
         :volumeMounts [{:name "config" :mountPath "/usr/share/nginx/html/.well-known/matrix"}]}]
       :volumes [{:name "config" :configMap {:name "well-known-json"}}]}}}}

   :k8s:service-opts
-   {:spec {:ports [{:port 80 :targetPort 80}]}}})
+   {:spec {:ports [{:name 'app-name :port 80 :targetPort 80}]}}})
--- a/src/main/k8s/services/matrix/mautrix_discord/database/service.cljs
+++ b/src/main/k8s/services/matrix/mautrix_discord/database/service.cljs
@@ -1,38 +1,37 @@
 (ns k8s.services.matrix.mautrix-discord.database.service)

 (def config
-  {:stack [:vault:prepare :k8s:pvc :k8s:config-map :k8s:deployment :k8s:service]
+  {:stack [:vault:prepare :k8s:pvc :k8s:deployment :k8s:service]
   :app-namespace "matrix"
-   :app-name      "mautrix-discord"
-   :image-port    29334
-
-   :k8s:config-map-opts
-   {:metadata {:name "discord-bridge-config"}
-    :data {"config.yaml"       "YAML-HERE" ;;TODO
-           "registration.yaml" "YAML-HERE"}}
+   :app-name      "mautrix-discord-db"

   :k8s:pvc-opts
-   {"discord-bridge-data" {:storageClass "juicefs-sc"
-                           :accessModes ["ReadWriteMany"]
-                           :storage "1Gi"}}
+   {:metadata {:name "mautrix-discord-pg-data"
+               :namespace "matrix"}
+    :spec {:storageClassName "hcloud-volumes"
+           :accessModes ["ReadWriteOnce"]
+           :resources {:requests {:storage "10Gi"}}}}

   :k8s:deployment-opts
   {:spec
    {:template
-     {:spec
+     {:metadata
+      {:annotations
+       {"backup.velero.io/backup-volumes" "db"}}
+      :spec 
      {:containers
       [{:name 'app-name
-         :image "dock.mau.dev/mautrix/discord:latest"
-         :args ["/usr/bin/mautrix-discord" "-c" "/data/config.yaml" "-r" "/data/registration.yaml"]
-
-         :volumeMounts [{:name "data"   :mountPath "/data"}
-                        {:name "config" :mountPath "/data/config.yaml" :subPath "config.yaml"}
-                        {:name "config" :mountPath "/data/registration.yaml" :subPath "registration.yaml"}]}]
+         :image "postgres:14-alpine"
+         :ports [{:containerPort 5432}]
+         :env [{:name "PGDATA" :value "/var/lib/postgresql/data/pgdata"}
+               {:name "POSTGRES_USER" :value 'username}
+               {:name "POSTGRES_PASSWORD" :value 'password}
+               {:name "POSTGRES_DB" :value 'db-name}]
+         :volumeMounts [{:name "db" :mountPath "/var/lib/postgresql/data"}]}]

       :volumes
-       [{:name "data" :persistentVolumeClaim {:claimName "discord-bridge-data"}}
-        {:name "config" :configMap {:name "discord-bridge-config"}}]}}}}
+       [{:name "db" :persistentVolumeClaim {:claimName "mautrix-discord-pg-data"}}]}}}}

   :k8s:service-opts
   {:spec {:selector {:app 'app-name}
-           :ports [{:port 29334 :targetPort 29334}]}}})
+           :ports [{:name 'app-name :port 5432 :targetPort 5432}]}}})
--- a/src/main/k8s/services/matrix/mautrix_discord/service.cljs
+++ b/src/main/k8s/services/matrix/mautrix_discord/service.cljs
@@ -1,10 +1,78 @@
-;;     - ./personal/matrix/discord/data:/data
-
 (ns k8s.services.matrix.mautrix-discord.service)

 (def config
-  {:stack [:vault-secrets :docker-image :deployment :service :ingress]
-   :image-port     80
+  {:stack [:vault:prepare :k8s:pvc :k8s:config-map :k8s:deployment :k8s:service]
   :app-namespace "matrix"
   :app-name      "mautrix-discord"
-   :deployment-opts {:spec {:template {:spec {:containers [{:name 'app-name :image '(str repo "/" "discord" ":4927a73ce7411f3970803d35c22f0c8c96dc2d7e-amd64")}]}}}}})
+
+   :k8s:config-map-opts
+   {:metadata {:name "discord-bridge-config"}
+    :data {"config.yaml"       '(stringify
+                                 {:homeserver {:address (str "https://" homeserver)
+                                               :domain homeserver}
+                                  :appservice {:port port
+                                               :address (str "http://mautrix-discord:" port)
+                                               :hostname "0.0.0.0"
+                                               :database {:type "postgres"
+                                                          :uri db-login-url
+                                                          :max_open_conns 20
+                                                          :max_idle_cons 2}
+                                               :id "discord"
+                                               :as_token as-token
+                                               :hs_token hs-token
+                                               :ephemeral_events true
+                                               :bot {:username "discordbot"
+                                                     :displayname "Discord bridge bot"}}
+                                  :bridge {:permissions (parse permissions)
+                                           ;;:login_shared_secret_map (parse login-shared-secret-map)
+                                           ;;:double_puppet_server_map (parse double-puppet-server-map)
+                                           :use_discord_cdn_upload true
+                                           :command_prefix "!discord"
+                                           :encryption {:allow false
+                                                        :default false}}})
+           "registration.yaml" '(stringify {:id "discord"
+                                            :url (str "http://mautrix-discord:" port)
+                                            :as_token as-token
+                                            :hs_token hs-token
+                                            :sender_localpart sender-localpart
+                                            :rate_limited false
+                                            :namespaces {:users [{:regex user1-regex
+                                                                  :exclusive true}
+                                                                 {:regex user2-regex
+                                                                  :exclusive true}]}
+                                            :de.sorunome.msc2409.push_ephemeral true
+                                            :push_ephemeral true})}}
+
+   
+   :k8s:pvc-opts
+   {:metadata {:name "discord-bridge-data"
+               :namespace "matrix"}
+    :spec {:storageClassName "juicefs-sc"
+           :accessModes ["ReadWriteMany"]
+           :resources {:requests {:storage "1Gi"}}}}
+   :k8s:deployment-opts
+   {:spec
+    {:template
+     {:spec
+      {:initContainers
+       [{:name "config-loader"
+         :image "busybox:latest"
+         :command ["sh" "-c" "cp -f /config_source/* /data/"]
+         :volumeMounts [{:name "data" :mountPath "/data"}
+                        {:name "config" :mountPath "/config_source"}]}]
+       :containers
+       [{:name 'app-name
+         :image '(str repo "/discord:latest")
+         :args ["/usr/bin/mautrix-discord" "-c" "/data/config.yaml" "-r" "/data/registration.yaml"]
+         :ports [{:containerPort 'port}]
+         :volumeMounts [{:name "data"   :mountPath "/data"}
+                        #_{:name "config" :mountPath "/data/config.yaml" :subPath "config.yaml"}
+                        #_{:name "config" :mountPath "/data/registration.yaml" :subPath "registration.yaml"}]}]
+
+       :volumes
+       [{:name "data" :persistentVolumeClaim {:claimName "discord-bridge-data"}}
+        {:name "config" :configMap {:name "discord-bridge-config"}}]}}}}
+
+   :k8s:service-opts
+   {:spec {:selector {:app 'app-name}
+           :ports [{:name 'app-name :port 'port :targetPort 'port}]}}})
--- a/src/main/k8s/services/matrix/mmr/database/service.cljs
+++ b/src/main/k8s/services/matrix/mmr/database/service.cljs
@@ -4,22 +4,29 @@
  {:stack [:vault:prepare :k8s:pvc :k8s:deployment :k8s:service]
   :app-namespace "matrix"
   :app-name      "mmr-db"
-
+   
   :k8s:pvc-opts
-   {"mmr-pg-data" {:storageClass "hcloud-volumes"
-                   :accessModes ["ReadWriteOnce"]
-                   :storage "10Gi"}}
+   {:metadata {:name "mmr-pg-data"
+               :namespace "matrix"}
+    :spec {:storageClassName "hcloud-volumes"
+           :accessModes ["ReadWriteOnce"]
+           :resources {:requests {:storage "10Gi"}}}}

   :k8s:deployment-opts
   {:spec
    {:template
-     {:spec
+     {:metadata
+      {:annotations
+       {"backup.velero.io/backup-volumes" "db"}}
+      :spec
      {:containers
       [{:name 'app-name
         :image "postgres:14-alpine"
-         :env [{:name "POSTGRES_USER" :value "mmr"}
-               {:name "POSTGRES_PASSWORD" :value "mmr_password"}
-               {:name "POSTGRES_DB" :value "media_repo"}]
+         :ports [{:containerPort 5432}]
+         :env [{:name "PGDATA" :value "/var/lib/postgresql/data/pgdata"}
+               {:name "POSTGRES_USER" :value 'username}
+               {:name "POSTGRES_PASSWORD" :value 'password}
+               {:name "POSTGRES_DB" :value 'db-name}]
         :volumeMounts [{:name "db" :mountPath "/var/lib/postgresql/data"}]}]

       :volumes
@@ -27,4 +34,4 @@

   :k8s:service-opts
   {:spec {:selector {:app 'app-name}
-           :ports [{:port 5432 :targetPort 5432}]}}})
+           :ports [{:name 'app-name :port 5432 :targetPort 5432}]}}})
--- a/src/main/k8s/services/matrix/mmr/service.cljs
+++ b/src/main/k8s/services/matrix/mmr/service.cljs
@@ -2,7 +2,7 @@
 (ns k8s.services.matrix.mmr.service)

 (def config
-  {:stack [:vault:prepare [:k8s :config-map :deployment :service :httproute]]
+  {:stack [:vault:prepare [:k8s :config-map :deployment :service]]
   :image-port    80
   :app-namespace "matrix"
   :app-name      "matrix-media-repo"
@@ -19,7 +19,7 @@
              :accessTokens {:appservices [{:id "discord"
                                            :asToken discord-app-service-token
                                            :senderUserId discord-send-user-id
-                                            :userNamespaces {:regex user-namespace-regex}}]}
+                                            :userNamespaces [{:regex user-namespace-regex}]}]}
              :admins [admin]
              :datastores [{:type "s3"
                            :id s3-id
@@ -32,18 +32,27 @@
                                   :bucketName s3-bucket-name
                                   :region s3-region}}]
              :rateLimit {:enabled false}})}}
-   :k8s:deployment-opts {:spec {:template {:spec {:containers [{:args ["-config" "/etc/media-repo.yaml"]
-                                                                :name 'app-name
-                                                                :image '(str repo "/" app-name ":v1.3.8")
-                                                                :volumeMounts [{:name "config-vol"
-                                                                                :mountPath "/mmr"
-                                                                                :subPath "media-repo.yaml"}
-                                                                               {:name "temp-vol"
-                                                                                :mountPath "/tmp/media-repo"}]}]
-                                               :volumes [{:name "config-vol" :configMap {:name "mmr-config"}}
-                                                            {:name "temp-vol"
-                                                             :emptyDir {}}]}}}}
-   :k8s:httproute-opts {:spec {::hostnames ['host]}}})
+   :k8s:deployment-opts
+   {:spec
+    {:template
+     {:spec
+      {:containers
+       [{:name 'app-name
+         :image '(str repo "/" app-name ":v1.3.8") 
+         :command ["/usr/local/bin/media_repo"] 
+         :args ["-config" "/data/media-repo.yaml"]
+   
+         :volumeMounts [{:name "config-vol"
+                         :mountPath "/data/media-repo.yaml"
+                         :subPath "media-repo.yaml"}
+   
+                        {:name "temp-vol"
+                         :mountPath "/tmp/media-repo"}]}]
+   
+       :volumes
+       [{:name "config-vol" :configMap {:name "mmr-config"}}
+        {:name "temp-vol" :emptyDir {}}]}}}}
+   })


   
--- a/src/main/k8s/services/nextcloud/service.cljs
+++ b/src/main/k8s/services/nextcloud/service.cljs
@@ -1,6 +1,5 @@
 (ns k8s.services.nextcloud.service)

-;; Need to automate set-up/restore
 (def config
  {:stack [:vault:prepare :k8s:chart :k8s:httproute]
   :app-namespace "nextcloud"
@@ -9,7 +8,8 @@
   :vault-load-yaml true
   :k8s:chart-opts {:repositoryOpts {:repo "https://nextcloud.github.io/helm/"}
                    :values
-                    {:nextcloud {:host 'host
+                    {:podAnnotations {"backup.velero.io/backup-volumes" "data"}
+                     :nextcloud {:host 'host
                                 :containerPort 80
                                 :trustedDomains ['host 'app-name]
                                 :persistence {:enabled true
@@ -17,9 +17,10 @@
                                               :accessMode "ReadWriteMany"
                                               :size "1Ti"}}
                     :service {:port 80}
-                     :mariadb {:enabled true
+                     :mariadb {:enabled true 
                               :architecture "standalone"
-                               :primary {:persistence {:enabled true
+                               :primary {:podAnnotations {"backup.velero.io/backup-volumes" "data"}
+                                         :persistence {:enabled true
                                                       :storageClass "hcloud-volumes"
                                                       :size "8Gi"}}
                               ;; Obligatory what the fuck Broadcom, why are you like this. RIP Bitnami
--- a/src/main/k8s/services/velero/service.cljs
+++ b/src/main/k8s/services/velero/service.cljs
@@ -0,0 +1,55 @@
+(ns k8s.services.velero.service)
+
+(def config
+  {:stack [:vault:prepare :k8s:secret :k8s:chart]
+   :app-namespace "velero"
+   :app-name      "velero"
+
+   :k8s:secret-opts
+   {:metadata {:name "velero-s3-creds"}
+    :stringData {"cloud" '(str "[default]\n"
+                               "aws_access_key_id = " s3-access-key "\n"
+                               "aws_secret_access_key = " s3-secret-key)}}
+
+   :k8s:chart-opts
+   {:repositoryOpts {:repo 'repo}
+    :chart "velero"
+    :version "5.1.0"
+    
+    :values
+    {:deployNodeAgent true
+
+     :configuration
+     {:backupStorageLocation
+      [{:name "default"
+        :provider "aws"
+        :bucket 's3-bucket-name
+        :config {:region 's3-region
+                 :s3ForcePathStyle true
+                 :s3Url 's3-url}}]
+
+      :volumeSnapshotLocation
+      [{:name "default"
+        :provider "aws"
+        :config {:region 's3-region}}]}
+
+
+     :credentials {:useSecret true
+                   :existingSecret "velero-s3-creds"}
+
+     :initContainers
+     [{:name "velero-plugin-for-aws"
+       :image "velero/velero-plugin-for-aws:v1.8.0"
+       :volumeMounts [{:mountPath "/target" :name "plugins"}]}]
+
+     :defaultVolumesToFsBackup true
+
+     :nodeAgent {:resources {:requests {:cpu "50m" :memory "64Mi"}
+                             :limits   {:cpu "1000m" :memory "1Gi"}}}
+
+     :schedules
+     {:daily-backup
+      {:disabled false
+       :schedule "0 4 * * *"
+       :template {:ttl "720h"
+                  :includedNamespaces ["matrix" "generic" "home" "nextcloud"]}}}}}})
--- a/src/main/stack_resource_definitions.cljs
+++ b/src/main/stack_resource_definitions.cljs
@@ -23,11 +23,18 @@
   [k8s.services.foundryvtt.service :as foundryvtt-service]
   [k8s.services.foundryvtt.service-2 :as girls-foundry-service]
   [k8s.services.productive.service :as productive-service]
+   [k8s.services.velero.service :as velero-service]
   [k8s.services.matrix.cinny.service :as cinny-service]
   [k8s.services.matrix.element-call.service :as element-call-service]
   [k8s.services.matrix.element.service :as element-service]
   [k8s.services.matrix.element-call.livekit-server.service :as livekit-server-service]
   [k8s.services.matrix.element-call.livekit-jwt.service :as livekit-jwt-service]
+   [k8s.services.matrix.mmr.service :as mmr-service]
+   [k8s.services.matrix.mmr.database.service :as mmr-db-service]
+   [k8s.services.matrix.mautrix-discord.database.service :as mautrix-discord-db-service]
+   [k8s.services.matrix.mautrix-discord.service :as mautrix-discord-service]
+   [k8s.services.matrix.home-server.well-known.service :as matrix-well-known-service]
+   [k8s.services.matrix.home-server.service :as homeserver-service]
   ))

 (defn general-provider-output-refs []
@@ -85,6 +92,7 @@
   [girls-foundry-service/config foundryvtt-service/config 
    mesite-service/config productive-service/config
    nextcloud-service/config
+    velero-service/config
    ;;gitea-service/config act-runner-service/config 
    ]
   ["base" "init" "shared"]
@@ -97,7 +105,15 @@
    element-call-service/config
    element-service/config
    livekit-server-service/config
-    livekit-jwt-service/config]
+    livekit-jwt-service/config
+    mmr-db-service/config
+    mmr-service/config
+    mautrix-discord-db-service/config
+    mautrix-discord-service/config
+    matrix-well-known-service/config
+    homeserver-service/config
+
+    ]
   ["base" "init" "shared"]
   (general-provider-output-refs)))
Author	SHA1	Message	Date
GigiaJ	63b859b576	Add Velero and all remaining Matrix resources	2025-12-03 01:36:59 -06:00
GigiaJ	96363ed7ca	Add Velero	2025-12-03 01:36:46 -06:00
GigiaJ	23b479a851	Add Velero annotations	2025-12-03 01:36:29 -06:00
GigiaJ	8ad304a663	Define MMR DB	2025-12-03 01:35:58 -06:00
GigiaJ	c6785f0b9b	Flesh out homeserver	2025-12-03 01:35:41 -06:00
GigiaJ	6b260de324	Clean up and remove httproute	2025-12-03 01:34:27 -06:00
GigiaJ	07216ddae5	Properly set up DB for discord bridge	2025-12-03 01:33:57 -06:00
GigiaJ	e26b421d44	Add Discord Bridge	2025-12-03 01:32:53 -06:00
GigiaJ	e0c9e71fda	Set correct port and add name	2025-12-03 01:32:38 -06:00