profile
viewpoint
David Cruz dacruz21 California, USA https://www.typokign.com/ Backend engineer with a passion for security and cryptography. PGP:0xF13C346C0DE56944

dacruz21/matrix-chart 26

Helm chart for deploying a Matrix homeserver stack

tictactoeteam/microservices 2

Microservices Project Repo

dacruz21/pass-copycat 1

A password store extension to copy the first line of a password record, and cat the rest

dacruz21/BitGoAPIWebStore 0

Practicing Node, Angular and the BitGo API with a simple web store

dacruz21/docker-images 0

Customized Docker images for some of my Helm charts

dacruz21/eight-ball-pool 0

[Archived] My Fall semester final project for AP Computer Science in 2017

dacruz21/hashbang.sh 0

Public facing website on hashbang.sh with embedded user creation script.

dacruz21/helm-charts 0

Repository/GitHub pages site for serving my packaged Helm charts

dacruz21/hub 0

For the distributed charts search at hub.helm.sh

Pull request review commentdacruz21/matrix-chart

template bridge-whatsapp/configmap.yaml relaybot.invites must be …

 spec:           image: "{{ .Values.bridges.whatsapp.image.repository }}:{{ .Values.bridges.whatsapp.image.tag }}"           imagePullPolicy: {{ .Values.bridges.whatsapp.image.pullPolicy }}           command: ["sh"]-          args: ["-c", "cp /load/config.yaml /data/config.yaml"]+          args: ["-c", "cp /load/config.yaml /data/config.yaml; touch /bridges/whatsapp.yaml; chown 1000:1000 /data/config.yaml /bridges/whatsapp.yaml"]           volumeMounts:             - name: data               mountPath: /data             - name: config               mountPath: /load               readOnly: true+            - name: bridges+              mountPath: /bridges           securityContext:-            capabilities:-              drop:-                - ALL+            runAsUser: 0

I've tried very hard to run as many containers rootless as possible in this chart. I don't see why this container should need to manually fiddle with file permissions. What's the context behind this change? And why is it only needed for the WhatsApp bridge?

arpagon

comment created time in 21 days

Pull request review commentdacruz21/matrix-chart

template bridge-whatsapp/configmap.yaml relaybot.invites must be …

 data:         # the command prefix completely like in user management rooms is not possible.         management: {{ .Values.bridges.whatsapp.relaybot.management }}         # List of users to invite to all created rooms that include the relaybot.-        invites: {{ .Values.bridges.whatsapp.relaybot.invites }}+        {{- if .Values.bridges.whatsapp.relaybot.invites }}+        invites:{{- if .Values.bridges.whatsapp.relaybot.invites }}+        {{- range initial .Values.bridges.whatsapp.relaybot.invites }}+        - {{ . | quote }}+        {{- end }}+        - {{ last .Values.bridges.whatsapp.relaybot.invites | quote }}+        {{- end }}+        {{- end }}

I'm not quite following the templating here - you have two nested if statements that are equivalent? And then you're only ranging over initial, when last has the same format? Why not just

{{- if .Values.bridges.whatsapp.relaybot.invites }}
invites:
{{- range .Values.bridges.whatsapp.relaybot.invites }}
- {{ . | quote }}
{{- end }}
{{- end }}
arpagon

comment created time in 21 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

fork dacruz21/hashbang.sh

Public facing website on hashbang.sh with embedded user creation script.

http://hashbang.sh

fork in a month

issue closeddacruz21/matrix-chart

Add option to export Prometheus metrics

Add a setting to export metrics from Synapse and any other services that support Prometheus metrics

closed time in a month

dacruz21

push eventdacruz21/helm-charts

David Cruz

commit sha 51f89685ed8251660321b39e26140be9ac052d77

Add matrix-2.7.0

view details

push time in a month

PR merged dacruz21/matrix-chart

Improved prometheus metrics & tags for selectors

Moved metrics from pod level to service level and added tags. Classic style scrape annotations still work and now you can use Prometheus Operator ServiceMonitor resources to monitor Synapse.

Pairs well with Grafana Dashboards - Synapse Dashboard

+86 -7

0 comment

21 changed files

Arkaniad

pr closed time in a month

push eventdacruz21/matrix-chart

Tanner Danzey

commit sha a25786d76ebf25c9c1fc1b4fb69df2a0279cab94

Added metrics port to synapse service

view details

Tanner Danzey

commit sha 797cb7f959ef19d8d5283607cdbe94462a8ccfc0

Added labels to all chart components to facilitate things like prometheus-operator ServiceMonitors

view details

Tanner Danzey

commit sha ee2901c11f0e2e2341e32c77885fccd2e4913fe6

Finished adding labels and have metrics exposed properly

view details

David Cruz

commit sha 5207c706e1d1e2f34a28ef9686ba00d46d0721ae

Merge remote-tracking branch 'Arkaniad/dev-prometheus-metrics' into master

view details

David Cruz

commit sha 16e23cfa5001b2bc489cd3117b394debd92a3371

Move exim relay labels under mail.relay

view details

David Cruz

commit sha 358a1dac5e0cdd738efa4cded148b3999745596b

Update images

view details

push time in a month

Pull request review commentdacruz21/matrix-chart

Improved prometheus metrics & tags for selectors

 helm.sh/chart: {{ include "matrix.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }}+app.kubernetes.io/name: "matrix"+{{- end -}}+# TODO: Include labels from values+{{/*+Synapse specific labels+*/}}+{{- define "matrix.synapse.labels" -}}+{{- range $key, $val := .Values.synapse.labels -}}+{{ $key }}: {{ $val }}+{{- end }}+{{- end -}}++{{/*+Element specific labels+*/}}+#TOOO: Change riot to element+{{- define "matrix.element.labels" -}}+{{- range $key, $val := .Values.riot.labels }}+{{ $key }}: {{ $val }}+{{- end }}+{{- end -}}++{{/*+Coturn specific labels+*/}}+{{- define "matrix.coturn.labels" -}}+{{- range $key, $val := .Values.coturn.labels -}}+{{ $key }}: {{ $val }}+{{- end }}+{{- end -}}++{{/*+Mail specific labels+*/}}+{{- define "matrix.mail.labels" -}}+{{- range $key, $val := .Values.matrix.labels -}}

also, typo here, s/matrix/mail. Will fix :)

Arkaniad

comment created time in a month

PullRequestReviewEvent

Pull request review commentdacruz21/matrix-chart

Improved prometheus metrics & tags for selectors

 mail:       readiness: {}       startup: {}       liveness: {}+  +  # Mail relay specific labels+  labels:

LGTM but I'm going to move this under relay, with the rest of the deployment-specific fields.

Arkaniad

comment created time in a month

PullRequestReviewEvent
PullRequestReviewEvent

PR merged dacruz21/matrix-chart

Some CoTURN fixes & Prometheus metrics

In the values.yaml file, it appears that you can manually set TURN URIs to be set in the Matrix homeserver configuration. See below: https://github.com/dacruz21/matrix-chart/blob/55dfb5b5c8f386bb3541aa27492e9cd07f611430/values.yaml#L381-L386

However, these URIs do not actually get templated into the homeserver.yaml file - rather, a TURN URI is generated based off of the matrix.hostname helper.

https://github.com/dacruz21/matrix-chart/blob/55dfb5b5c8f386bb3541aa27492e9cd07f611430/templates/synapse/_homeserver.yaml#L860-L883

The surrounding logic of the TURN configuration block looks like it should take URIs if they are listed in the values.yaml file.


More context for anyone getting here via Google:

I am using DigitalOcean Kubernetes Service (DOKS). My Synapse ingress is on a shared nginx-ingress deployment with a DO LoadBalancer but my CoTURN servers are running as DaemonSets with ClusterIP. My DNS is configured so that I have multiple A records for turn.matrix.mydomain.tld that point to each node in my cluster. With the way that this chart works as of this present time the defaulting to turn:matrix.mydomain.tld?transport=udp does not work because my turn servers are not there and cannot be there - not any particularly sane ways to make nginx-ingress handle this traffic.

Furthermore, neither Element nor Synapse seem to care about SRV records for TURN servers or, if they do, I have not found the secret to making that work. My configuration seems to work if I manually adjust the homeserver and CoTURN configmaps, so with these changes this use case should be solvable with the values.yaml file only.

+44 -3

3 comments

4 changed files

Arkaniad

pr closed time in a month

push eventdacruz21/matrix-chart

Tanner Danzey

commit sha 74f55b8ca973244368119883befdcc27d7ff6f3a

Fixed CoTURN URIs, incremented patch number

view details

Tanner Danzey

commit sha e51c52e4cc1d0616f2f8ec65b083c716676b2485

Added Prometheus metrics capabilitiesg

view details

David Cruz

commit sha cfb41c808cd427e956fb4b6a80df53a43eeece49

Merge remote-tracking branch 'Arkaniad/master' into master

view details

push time in a month

PullRequestReviewEvent

pull request commentdacruz21/matrix-chart

Some CoTURN fixes & Prometheus metrics

Nah no need, this is all good stuff, thanks! Will merge tonight when I'm back in front of my computer.

Arkaniad

comment created time in a month

pull request commentdacruz21/matrix-chart

Support SSL DB connections on IRC Bridge

Very useful, thanks! I've made some changes to this in 6b59681ab14f9468e9604f606601eced6ac29a3a though, mainly to preserve backwards compatibility (changing the type of .Values.bridges.irc.database would have broken existing deployments), but to also keep SSL settings in one place for any future bridges/appservices/anything that needs a database really.

Routhinator

comment created time in 2 months

push eventdacruz21/helm-charts

David Cruz

commit sha bac9fbe356aba1cb125bb7fa9ec0f76a433b3ba7

Add matrix-2.6.0

view details

push time in 2 months

PR merged dacruz21/matrix-chart

Support SSL DB connections on IRC Bridge

I've had some 'fun' trying to get the IRC Bridge working with a DO Managed DB. They use SSL and self signed certs.

What this PR adds:

  • Support for publicly signed SSL db connectors
  • Support for self-signed SSL db connectors

What is not yet supported:

  • Mutual TLS auth (this requires client certs and while I know how to do this I don't have the means to test it at the moment, so that will be a later PR.)
+11 -3

0 comment

3 changed files

Routhinator

pr closed time in 2 months

push eventdacruz21/matrix-chart

Chris Routh

commit sha 01c5d06f741e72dd2e04302211b4957ed3e0eadb

Merge pull request #3 from dacruz21/master Updating fork.

view details

Chris Routh

commit sha f5dc4719a77cf302cf4f698a649fa9b20b51e8c9

Add support for ssl db connections on the IRC bridge, and to disable SSL verification if needed

view details

David Cruz

commit sha 9fea157aa0b29e144245e69b65907a9857b4eddf

Merge remote-tracking branch 'Routhinator/master' into master

view details

David Cruz

commit sha 6b59681ab14f9468e9604f606601eced6ac29a3a

Move SSL settings to postgres values

view details

David Cruz

commit sha 46380fd28fca38a54ab0674adf286c4893688c58

More Riot->Element renames

view details

David Cruz

commit sha 55dfb5b5c8f386bb3541aa27492e9cd07f611430

Update images

view details

push time in 2 months

push eventdacruz21/helm-charts

David Cruz

commit sha 8b954acf4f78d6991fd82d75fb0e1b0eae45b8ce

Add matrix-2.5.0

view details

push time in 2 months

push eventdacruz21/matrix-chart

David Cruz

commit sha 1d0cc9b26032bbbd36c33a2d101290a4d2b0e396

Bump versions

view details

push time in 2 months

push eventdacruz21/helm-charts

David Cruz

commit sha e924d1227d146470fad18c3049b34595fad89442

Add matrix-2.4.0

view details

push time in 3 months

issue closeddacruz21/matrix-chart

Upgraded to 1.12.4 and now the pod restarts

I upped the logging to INFO and it looks like it restarts during a federation loop

2020-04-28 12:33:26,445 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-531 - Connecting to skalarprodukt.de:8448
2020-04-28 12:33:26,447 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-697 - Connecting to matrix.allmende.io:443
2020-04-28 12:33:26,449 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-1011 - Connecting to chat.phuks.co:8448
2020-04-28 12:33:26,455 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-504 - Connecting to 10friends.info:8448
2020-04-28 12:33:26,457 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-572 - Connecting to tozein.com:8448
2020-04-28 12:33:26,459 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-501 - Connecting to synapse.asra.gr:443
2020-04-28 12:33:26,464 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-901 - Connecting to matrix.oldrevelminds.com:8448
2020-04-28 12:33:26,467 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-664 - Connecting to chat.138.io:8448
2020-04-28 12:33:26,469 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-297 - Connecting to matrix.rptc.bid:8448
2020-04-28 12:33:26,471 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-412 - Connecting to matrix.decent.fund:8448
2020-04-28 12:33:26,473 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-995 - Connecting to matrix.p6ril.fr:8448
2020-04-28 12:33:26,476 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-852 - Connecting to rduce.org:8448
2020-04-28 12:33:26,478 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-354 - Connecting to matrix.grin.hu:8448
2020-04-28 12:33:26,481 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-382 - Connecting to matrix.trustserv.de:8448
2020-04-28 12:33:26,491 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-253 - Connecting to jhammons.io:8449
2020-04-28 12:33:26,494 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-806 - Connecting to hackerfraternity.org:8448
2020-04-28 12:33:26,496 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-370 - Connecting to chat.eritonito.com:8448
2020-04-28 12:33:26,498 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-731 - Connecting to matrix.antonionapolitano.eu:8448
2020-04-28 12:33:26,505 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-373 - Connecting to tenpthree.net:8448
2020-04-28 12:33:26,508 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-983 - Connecting to matrix.1312.media:8448
2020-04-28 12:33:26,510 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-900 - Connecting to backstop.modular.im:443
2020-04-28 12:33:26,512 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-792 - Connecting to matrix.ffslfl.net:443
2020-04-28 12:33:26,518 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-535 - Connecting to nets.sh:8448
2020-04-28 12:33:26,520 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-317 - Connecting to heavner.dev:8448
2020-04-28 12:33:26,522 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-368 - Connecting to resplendent.company:8448
2020-04-28 12:33:26,524 - synapse.http.federation.matrix_federation_agent - 242 - INFO - federation_transaction_transmission_loop-518 - Connecting to matrix.jon02.ch:8448
2020-04-28 12:33:26,525 - twisted - 192 - INFO -  - Main loop terminated.

Anyone else had problems with 1.12.4 before I look into it further and submit an upstream issue?

closed time in 3 months

danjenkins

issue closeddacruz21/matrix-chart

Update homeserver.yaml from upstream

Todo item as many of the config changes are backwards compatible for now, however the homeserver.yaml in the chart has drifted from upstream and a number of options that have been added are not there for reference for expanding on that config. Additionally we are using deprecated options, like riot_base_url

closed time in 3 months

Routhinator

issue commentdacruz21/matrix-chart

Update homeserver.yaml from upstream

Thanks, merged the changes from upstream and added a few new config options to values.yaml. Also added matrix.homeserverOverride and matrix.homeserverExtra to override or extend the default config.

Routhinator

comment created time in 3 months

push eventdacruz21/helm-charts

David Cruz

commit sha 905fcc2b21507e308cb0e383ae2a47521dbb9001

Add matrix-2.4.0

view details

push time in 3 months

push eventdacruz21/matrix-chart

David Cruz

commit sha 7a7281c895c56f2fb00f398d3a62ed93816c40be

Update homeserver.yaml and allow overrides

view details

David Cruz

commit sha ac7c84440996bdcd49a6a89541daee90df3c3e10

Update images

view details

David Cruz

commit sha 3664700196eab7adb5c7122a6f52aa5966085db7

Bump version

view details

push time in 3 months

startedshesek/minsc

started time in 3 months

more