diff --git a/README.md b/README.md
index d879268..0e82653 100644
--- a/README.md
+++ b/README.md
@@ -101,8 +101,8 @@ parameters:
Then make this the new default `storageClass`:
```
kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
-kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
-kubectl delete storageclass longhorn
+#kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
+#kubectl delete storageclass longhorn
```
### 2) Ingress Controller
@@ -253,6 +253,13 @@ kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
kubectl apply -f services/Lighttpd/cronJob-Spotweb.yml
```
+##### 4.8) [Matrix]() (federated chat)
+*WIP*
+```
+kubectl apply -f services/Matrix/configMap-Matrix.yml
+kubectl apply -f services/Matrix/middleware-Matrix.yml
+kubectl apply -f services/Matrix/deploy-Matrix.yml
+```
##### 4.8) PVR `namespace` (automated media management)
*Containers use shared resources to be able to interact with downloaded files*
```
@@ -303,6 +310,21 @@ kubectl apply -f services/Theia/deploy-Theia.yml
```
kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
```
+##### 4.12) [Unifi-Controller]() (wlan AP management)
+```
+kubectl apply -f services/Unifi/deploy-Unifi.yml
+```
+*Change STUN port to non-default:*
+```
+kubectl exec --namespace unifi -it unifi- -- /bin/bash
+sed -e 's/# unifi.stun.port=3478/unifi.stun.port=3479/' -i /data/system.properties
+exit
+kubectl rollout restart deployment --namespace unifi unifi
+```
+*Update STUN url on devices:* doesn't seem to work
+ssh @
+sed -e 's|stun://|stun://:3479|' -i /etc/persistent/cfg/mgmt
+```
### 5) Miscellaneous
*Various notes/useful links*
diff --git a/ingress/Traefik2.x/configMap-Traefik.yml b/ingress/Traefik2.x/configMap-Traefik.yml
index 3bb44bc..5578cd4 100644
--- a/ingress/Traefik2.x/configMap-Traefik.yml
+++ b/ingress/Traefik2.x/configMap-Traefik.yml
@@ -25,6 +25,7 @@ data:
- main: '*.spamasaurus.com'
sans:
- 'spamasaurus.com'
+ - main: '*.chat.spamasaurus.com'
- main: '*.bessems.com'
sans:
- 'bessems.com'
diff --git a/services/DDclient/secret-DDclient.yml b/services/DDclient/secret-DDclient.yml.template
similarity index 91%
rename from services/DDclient/secret-DDclient.yml
rename to services/DDclient/secret-DDclient.yml.template
index 5790314..ffa884c 100644
--- a/services/DDclient/secret-DDclient.yml
+++ b/services/DDclient/secret-DDclient.yml.template
@@ -14,7 +14,7 @@ stringData:
ssl=yes
ttl=1
login=cloudflare.com.danny@spamasaurus.com
- password=9ec5ad8d1e8c6240c5488bb61b7bcd7bdc0fc
+ password=
zone=bessems.com
bessems.com
diff --git a/services/Lighttpd/configMap-Lighttpd.yml b/services/Lighttpd/configMap-Lighttpd.yml
index ec983ac..6be68b1 100644
--- a/services/Lighttpd/configMap-Lighttpd.yml
+++ b/services/Lighttpd/configMap-Lighttpd.yml
@@ -56,6 +56,9 @@ data:
index-file.names += ("spamasaurusRex.login.php")
}
+ $HTTP["url"] =~ "^/.well-known/" {
+ mimetype.assign += ( "server" => "application/json" )
+ }
sw.itch.fyi.conf: |
$HTTP["host"] == "sw.itch.fyi" {
server.document-root = "/var/www/sw.itch.fyi/"
diff --git a/services/Matrix/configMap-Matrix.yml b/services/Matrix/configMap-Matrix.yml
new file mode 100644
index 0000000..e57003c
--- /dev/null
+++ b/services/Matrix/configMap-Matrix.yml
@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: configmap-matrix-config
+data:
+ config.json: |
+ {
+ "default_server_config": {
+ "m.homeserver": {
+ "base_url": "https://synapse.chat.spamasaurus.com",
+ "server_name": "Familie Bessems"
+ },
+ "m.identity_server": {
+ "base_url": "https://vector.im"
+ }
+ },
+ "disable_custom_urls": true,
+ "disable_guests": false,
+ "disable_login_language_selector": false,
+ "disable_3pid_login": false,
+ "brand": "Element",
+ "integrations_ui_url": "https://scalar.vector.im/",
+ "integrations_rest_url": "https://scalar.vector.im/api",
+ "integrations_widgets_urls": [
+ "https://scalar.vector.im/_matrix/integrations/v1",
+ "https://scalar.vector.im/api",
+ "https://scalar-staging.vector.im/_matrix/integrations/v1",
+ "https://scalar-staging.vector.im/api",
+ "https://scalar-staging.riot.im/scalar/api"
+ ],
+ "bug_report_endpoint_url": "https://element.io/bugreports/submit",
+ "defaultCountryCode": "NL",
+ "showLabsSettings": true,
+ "features": {
+ "feature_new_spinner": true
+ },
+ "default_federate": true,
+ "default_theme": "light",
+ "roomDirectory": {
+ "servers": [
+ "matrix.org"
+ ]
+ },
+ "piwik": false,
+ "enable_presence_by_hs_url": {
+ "https://matrix.org": false,
+ "https://matrix-client.matrix.org": false
+ },
+ "settingDefaults": {
+ "breadcrumbs": true,
+ "UIFeature.communities": false
+ },
+ "jitsi": {
+ "preferredDomain": "jitsi.riot.im"
+ }
+ }
diff --git a/services/Matrix/deploy-Matrix.yml b/services/Matrix/deploy-Matrix.yml
new file mode 100644
index 0000000..85ec180
--- /dev/null
+++ b/services/Matrix/deploy-Matrix.yml
@@ -0,0 +1,177 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: matrix
+spec:
+ ports:
+ - protocol: TCP
+ name: synapse
+ port: 8008
+ - protocol: TCP
+ name: db
+ port: 5432
+ - protocol: TCP
+ name: element
+ port: 80
+ selector:
+ app: matrix
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: matrix
+ labels:
+ app: matrix
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: matrix
+ template:
+ metadata:
+ labels:
+ app: matrix
+ spec:
+ containers:
+ - name: synapse
+ image: bv11-cr01.bessems.eu/proxy/matrixdotorg/synapse:latest
+# args:
+# - generate
+ env:
+# - name: SYNAPSE_SERVER_NAME
+# value: spamasaurus.com
+# - name: SYNAPSE_REPORT_STATS
+# value: 'no'
+ - name: SYNAPSE_CONFIG_PATH
+ value: /data/homeserver.yaml
+ ports:
+ - name: synapse
+ containerPort: 8008
+ volumeMounts:
+ - mountPath: /data
+ name: flexvolsmb-matrix-data
+ - name: postgres
+ image: bv11-cr01.bessems.eu/proxy/library/postgres:alpine
+ env:
+ - name: POSTGRES_USER
+ value: synapse
+ - name: POSTGRES_PASSWORD
+ value: synapse
+ - name: POSTGRES_INITDB_ARGS
+ value: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
+ ports:
+ - name: db
+ containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: flexvolsmb-matrix-db
+ - name: element
+ image: bv11-cr01.bessems.eu/proxy/vectorim/element-web
+ ports:
+ - name: element
+ containerPort: 80
+ volumeMounts:
+ - name: configmap-matrix-config
+ mountPath: /usr/share/nginx/html/config.json
+ subPath: config.json
+ volumes:
+ - name: flexvolsmb-matrix-data
+ persistentVolumeClaim:
+ claimName: flexvolsmb-matrix-data
+ - name: flexvolsmb-matrix-db
+ persistentVolumeClaim:
+ claimName: flexvolsmb-matrix-db
+ - name: configmap-matrix-config
+ configMap:
+ name: configmap-matrix-config
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: matrix
+spec:
+ entryPoints:
+ - websecure
+ routes:
+ - match: Host(`synapse.chat.spamasaurus.com`)
+ kind: Rule
+ services:
+ - name: matrix
+ port: 8008
+ middlewares:
+ - name: security-headers@file
+ - name: compression@file
+ - name: matrix-cors-headers
+ - match: Host(`chat.spamasaurus.com`)
+ kind: Rule
+ services:
+ - name: matrix
+ port: 80
+ middlewares:
+ - name: security-headers@file
+ - name: compression@file
+ - name: matrix-cors-headers
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: flexvolsmb-matrix-data
+spec:
+ capacity:
+ storage: 1Gi
+ accessModes:
+ - ReadWriteMany
+ storageClassName: flexvolsmb-matrix-data
+ flexVolume:
+ driver: mount/smb
+ secretRef:
+ name: smb-secret
+ options:
+ opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
+ server: 192.168.11.225
+ share: /K3s.Volumes/matrix/data
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: flexvolsmb-matrix-data
+ namespace: default
+spec:
+ accessModes:
+ - ReadWriteMany
+ storageClassName: flexvolsmb-matrix-data
+ resources:
+ requests:
+ storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: flexvolsmb-matrix-db
+spec:
+ capacity:
+ storage: 1Gi
+ accessModes:
+ - ReadWriteMany
+ storageClassName: flexvolsmb-matrix-db
+ flexVolume:
+ driver: mount/smb
+ secretRef:
+ name: smb-secret
+ options:
+ opts: domain=bessems.eu,file_mode=0600,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
+ server: 192.168.11.225
+ share: /K3s.Volumes/matrix/db
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: flexvolsmb-matrix-db
+ namespace: default
+spec:
+ accessModes:
+ - ReadWriteMany
+ storageClassName: flexvolsmb-matrix-db
+ resources:
+ requests:
+ storage: 1Gi
diff --git a/services/Matrix/middleware-Matrix.yml b/services/Matrix/middleware-Matrix.yml
new file mode 100644
index 0000000..c4f3e25
--- /dev/null
+++ b/services/Matrix/middleware-Matrix.yml
@@ -0,0 +1,18 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: matrix-cors-headers
+spec:
+ headers:
+ accessControlAllowHeaders:
+ - "Authorization"
+ - "Content-Type"
+ accessControlAllowMethods:
+ - "GET"
+ - "OPTIONS"
+ - "PUT"
+ accessControlAllowOriginList:
+ - "https://chat.spamasaurus.com"
+ - "https://synapse.chat.spamasaurus.com"
+ accessControlMaxAge: 100
+ addVaryHeader: true
diff --git a/services/Unifi/deploy-Unifi.yml b/services/Unifi/deploy-Unifi.yml
index 2e3b48e..4aefae7 100644
--- a/services/Unifi/deploy-Unifi.yml
+++ b/services/Unifi/deploy-Unifi.yml
@@ -41,7 +41,7 @@ spec:
ports:
- protocol: UDP
name: stun
- port: 3478
+ port: 3479
- protocol: UDP
name: discovery
port: 10001
@@ -60,6 +60,8 @@ spec:
selector:
matchLabels:
app: unifi
+ strategy:
+ type: Recreate
template:
metadata:
labels:
@@ -78,7 +80,7 @@ spec:
- name: syslog
containerPort: 5514
- name: stun
- containerPort: 3478
+ containerPort: 3479
protocol: UDP
- name: discovery
containerPort: 10001