PulseDev/mautrix-discord
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add initial chart (untested)

Browse Source
This commit is contained in:
Loïc Kalbermatter 2024-05-15 00:19:54 +02:00
parent c29182f406
commit 8364c8b0f0
12 changed files with 1031 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v2
type: application
name: mautrix-discord
version: 0.0.1
appVersion: 0.6.5
annotations:
artifacthub.io/images: |
- name: discord
image: dock.mau.dev/mautrix/discord:v0.6.5
description: A Matrix-Discord puppeting bridge.
home: https://matrix.to/#/#discord:maunium.net
keywords:
- chat
- matrix
- discord
maintainers:
- email: loic.kalbermatter@pulseflow.ch
name: Loic Kalbermatter
sources:
- https://github.com/mautrix/discord
- https://code.pulseflow.ch/PulseDev/mautrix-discord

159
README.md
View File

@ -1,3 +1,158 @@
# mautrix-discord-helm
# mautrix-discord
Mautrix Discord Bridge Helm Chart
![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.5](https://img.shields.io/badge/AppVersion-0.6.5-informational?style=flat-square)
A Matrix-Discord puppeting bridge.
**Homepage:** <https://matrix.to/#/#discord:maunium.net>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Loic Kalbermatter | <loic.kalbermatter@pulseflow.ch> | |
## Source Code
* <https://github.com/mautrix/discord>
* <https://code.pulseflow.ch/PulseDev/mautrix-discord>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| config.appservice.address | string | `""` | |
| config.appservice.as_token | string | `"This value is generated when generating the registration"` | |
| config.appservice.async_transactions | bool | `false` | |
| config.appservice.bot.avatar | string | `"mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC"` | |
| config.appservice.bot.displayname | string | `"Discord bridge bot"` | |
| config.appservice.bot.username | string | `"discordbot"` | |
| config.appservice.database.max_conn_idle_time | string | `nil` | |
| config.appservice.database.max_conn_lifetime | string | `nil` | |
| config.appservice.database.max_idle_conns | int | `2` | |
| config.appservice.database.max_open_conns | int | `20` | |
| config.appservice.database.type | string | `"postgres"` | |
| config.appservice.database.uri | string | `"postgres://user:password@host/database?sslmode=disable"` | |
| config.appservice.ephemeral_events | bool | `true` | |
| config.appservice.hostname | string | `"0.0.0.0"` | |
| config.appservice.hs_token | string | `"This value is generated when generating the registration"` | |
| config.appservice.id | string | `"discord"` | |
| config.appservice.port | int | `80` | |
| config.bridge.animated_sticker.args.fps | int | `25` | |
| config.bridge.animated_sticker.args.height | int | `320` | |
| config.bridge.animated_sticker.args.width | int | `320` | |
| config.bridge.animated_sticker.target | string | `"webp"` | |
| config.bridge.autojoin_thread_on_open | bool | `true` | |
| config.bridge.backfill.forward_limits.initial.channel | int | `0` | |
| config.bridge.backfill.forward_limits.initial.dm | int | `0` | |
| config.bridge.backfill.forward_limits.missed.channel | int | `0` | |
| config.bridge.backfill.forward_limits.missed.dm | int | `0` | |
| config.bridge.backfill.max_guild_members | int | `-1` | |
| config.bridge.channel_name_template | string | `"{{ \"{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}\" }}"` | |
| config.bridge.command_prefix | string | `"!discord"` | |
| config.bridge.custom_emoji_reactions | bool | `true` | |
| config.bridge.delete_portal_on_channel_delete | bool | `false` | |
| config.bridge.delivery_receipts | bool | `false` | |
| config.bridge.displayname_template | string | `"{{ \"{{.Username}}#{{.Discriminator}}{{if .Bot}} (bot){{end}}\" }}"` | |
| config.bridge.double_puppet_allow_discovery | bool | `false` | |
| config.bridge.double_puppet_server_map | object | `{}` | |
| config.bridge.embed_fields_as_tables | bool | `true` | |
| config.bridge.encryption.allow | bool | `false` | |
| config.bridge.encryption.allow_key_sharing | bool | `false` | |
| config.bridge.encryption.appservice | bool | `false` | |
| config.bridge.encryption.default | bool | `false` | |
| config.bridge.encryption.delete_keys.delete_fully_used_on_decrypt | bool | `false` | |
| config.bridge.encryption.delete_keys.delete_on_device_delete | bool | `false` | |
| config.bridge.encryption.delete_keys.delete_outbound_on_ack | bool | `false` | |
| config.bridge.encryption.delete_keys.delete_prev_on_new_session | bool | `false` | |
| config.bridge.encryption.delete_keys.dont_store_outbound | bool | `false` | |
| config.bridge.encryption.delete_keys.periodically_delete_expired | bool | `false` | |
| config.bridge.encryption.delete_keys.ratchet_on_decrypt | bool | `false` | |
| config.bridge.encryption.require | bool | `false` | |
| config.bridge.encryption.rotation.enable_custom | bool | `false` | |
| config.bridge.encryption.rotation.messages | int | `100` | |
| config.bridge.encryption.rotation.milliseconds | int | `604800000` | |
| config.bridge.encryption.verification_levels.receive | string | `"unverified"` | |
| config.bridge.encryption.verification_levels.send | string | `"unverified"` | |
| config.bridge.encryption.verification_levels.share | string | `"cross-signed-tofu"` | |
| config.bridge.federate_rooms | bool | `true` | |
| config.bridge.guild_name_template | string | `"{{ \"{{.Name}}\" }}"` | |
| config.bridge.login_shared_secret_map | object | `{}` | |
| config.bridge.management_room_text.additional_help | string | `""` | |
| config.bridge.management_room_text.welcome | string | `"Hello, I'm a Discord bridge bot."` | |
| config.bridge.management_room_text.welcome_connected | string | `"Use `help` for help."` | |
| config.bridge.management_room_text.welcome_unconnected | string | `"Use `help` for help or `login` to log in."` | |
| config.bridge.message_error_notices | bool | `true` | |
| config.bridge.message_status_events | bool | `false` | |
| config.bridge.mute_channels_on_create | bool | `false` | |
| config.bridge.permissions | object | `{}` | |
| config.bridge.portal_message_buffer | int | `128` | |
| config.bridge.private_chat_portal_meta | string | `"default"` | |
| config.bridge.provisioning.prefix | string | `"/_matrix/provision"` | |
| config.bridge.provisioning.shared_secret | string | `"generate"` | |
| config.bridge.resend_bridge_info | bool | `false` | |
| config.bridge.restricted_rooms | bool | `true` | |
| config.bridge.startup_private_channel_create_limit | int | `5` | |
| config.bridge.sync_direct_chat_list | bool | `false` | |
| config.bridge.username_template | string | `"discord_{{ \"{{.}}\" }}"` | |
| config.homeserver.address | string | `""` | |
| config.homeserver.async_media | bool | `false` | |
| config.homeserver.domain | string | `""` | |
| config.homeserver.message_send_checkpoint_endpoint | string | `nil` | |
| config.homeserver.software | string | `"standard"` | |
| config.homeserver.status_endpoint | string | `nil` | |
| config.logging.directory | string | `"/data/logs"` | |
| config.logging.file_date_format | string | `"2006-01-02"` | |
| config.logging.file_json | bool | `false` | |
| config.logging.file_mode | int | `384` | |
| config.logging.file_name_format | string | `"{{ \"{{.Date}}-{{.Index}}.log\" }}"` | |
| config.logging.print_json | bool | `false` | |
| config.logging.print_level | string | `"debug"` | |
| config.logging.timestamp_format | string | `"Jan _2, 2006 15:04:05"` | |
| deploymentAnnotations | object | `{}` | |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"dock.mau.dev/mautrix/discord"` | |
| image.tag | string | `"{{ .Chart.AppVersion }}"` | |
| imagePullSecrets | list | `[]` | |
| ingress.annotations | object | `{}` | |
| ingress.class | string | `nil` | |
| ingress.enabled | bool | `false` | |
| ingress.hosts[0] | string | `"chart-example.local"` | |
| ingress.path | string | `"/"` | |
| ingress.tls | list | `[]` | |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | |
| persistence.accessMode | string | `"ReadWriteOnce"` | |
| persistence.enabled | bool | `false` | |
| persistence.existingClaim | string | `""` | |
| persistence.size | string | `"128Mi"` | |
| persistence.storageClass | string | `""` | |
| podAnnotations | object | `{}` | |
| podSecurityContext.sysctls[0].name | string | `"net.ipv4.ip_unprivileged_port_start"` | |
| podSecurityContext.sysctls[0].value | string | `"0"` | |
| probes.liveness.failureThreshold | int | `5` | |
| probes.liveness.periodSeconds | int | `10` | |
| probes.readiness.failureThreshold | int | `5` | |
| probes.readiness.periodSeconds | int | `10` | |
| probes.startup.failureThreshold | int | `30` | |
| probes.startup.initialDelaySeconds | int | `5` | |
| probes.startup.periodSeconds | int | `10` | |
| registration.rate_limited | bool | `false` | |
| replicaCount | int | `1` | |
| resources.limits.cpu | int | `1` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"100m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| securityContext | object | `{}` | |
| service.clusterIP | string | `"None"` | |
| service.externalTrafficPolicy | string | `nil` | |
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `nil` | |
| tolerations | list | `[]` | |
----------------------------------------------

19
templates/NOTES.txt Normal file
View File

@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mautrix-slack.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "mautrix-discord.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mautrix-discord.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mautrix-discord.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:9000 to use your application"
kubectl port-forward $POD_NAME 9000:{{ .Values.config.appservice.port }}
{{- end }}

84
templates/_helpers.tpl Normal file
View File

@ -0,0 +1,84 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "mautrix-discord.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mautrix-discord.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mautrix-discord.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "mautrix-discord.labels" -}}
helm.sh/chart: {{ include "mautrix-discord.chart" . }}
{{ include "mautrix-discord.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "mautrix-discord.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mautrix-discord.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "mautrix-discord.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "mautrix-discord.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Generate registration.yaml from other configuration
*/}}
{{- define "mautrix-discord.registration-yaml" -}}
id: {{ .Values.config.appservice.id | quote }}
as_token: {{ .Values.config.appservice.as_token | quote }}
hs_token: {{ .Values.config.appservice.hs_token | quote }}
namespaces:
users:
- regex: {{ printf "^@discordbot:%s$" (replace "." "\\." .Values.config.homeserver.domain) }}
exclusive: true
- regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.config.bridge.username_template .)) (replace "." "\\." .Values.config.homeserver.domain) }}
exclusive: true
url: {{ .Values.config.appservice.address | quote }}
sender_localpart: {{ .Values.registration.sender_localpart | quote }}
rate_limited: {{ .Values.registration.rate_limited }}
de.sorunome.msc2409.push_ephemeral: true
push_ephemeral: true
{{- end -}}

132
templates/deployment.yaml Normal file
View File

@ -0,0 +1,132 @@
apiVersion: apps/v1
{{- $podAnnotations := .Values.podAnnotations }}
{{- $secretAnnotation := dict "checksum/secret" (include (print $.Template.BasePath "/secret.yaml") . | sha256sum) }}
{{- $podAnnotations := merge $podAnnotations $secretAnnotation }}
kind: Deployment
metadata:
name: {{ include "mautrix-discord.fullname" . }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- range $key, $value := .Values.deploymentAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{ include "mautrix-discord.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.strategy }}
strategy:
{{ toYaml .Values.strategy | indent 4 }}
{{ if eq .Values.strategy.type "Recreate" }}
rollingUpdate: null
{{- end }}
{{- end }}
selector:
matchLabels:
{{- include "mautrix-discord.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "mautrix-discord.selectorLabels" . | nindent 8 }}
{{- if $podAnnotations }}
annotations:
{{- range $key, $value := $podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "mautrix-discord.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
{{- end }}
initContainers:
- name: init
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/bin/sh"]
args:
- "-c"
- |-
set -ex
cp /config/*.yaml /data/
#chown {{.Values.uid}}:{{.Values.gid}} -R /data
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
resources:
{{- toYaml .Values.resources | nindent 12 }}
containers:
- name: mautrix-discord
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ required "need config.appservice.port" .Values.config.appservice.port }}
protocol: TCP
env:
[]
livenessProbe:
httpGet:
path: /_matrix/mau/live
port: http
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
readinessProbe:
httpGet:
path: /_matrix/mau/live
port: http
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
startupProbe:
httpGet:
path: /_matrix/mau/live
port: http
initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
{{- end }}
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: config
secret:
secretName: {{ include "mautrix-discord.fullname" . }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "mautrix-discord.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

64
templates/ingress.yaml Normal file
View File

@ -0,0 +1,64 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "mautrix-discord.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
{{- $new := false }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
apiVersion: networking.k8s.io/v1
{{- $new = true }}
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "mautrix-discord.labels" . | nindent 4 }}
annotations:
{{- if not $new }}
kubernetes.io/ingress.class: {{ required "If ingress.enabled is set to true, ingress.class is required" .Values.ingress.class | quote }}
{{- end }}
{{- if .Values.ingress.annotations }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
{{- end }}
spec:
{{- if $new }}
ingressClassName: {{ required "If ingress.enabled is set to true, ingress.class is required" .Values.ingress.class | quote }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end }}

22
templates/pvc.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "mautrix-discord.fullname" . }}
labels:
{{- include "mautrix-discord.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if not .Values.persistence.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
{{- end }}
{{- end }}

19
templates/secret.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if not .Values.config.homeserver.address }}
{{- fail "config.homeserver.address is required" }}
{{- else if not .Values.config.homeserver.domain }}
{{- fail "config.homeserver.domain is required" }}
{{- else if not .Values.config.appservice.address }}
{{- fail "config.appservice.address is required" }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mautrix-discord.fullname" . }}
labels:
{{ include "mautrix-discord.labels" . | indent 4 }}
type: Opaque
data:
# Ugh. Can we stop leaving real issues unfixed because of "purity" and twisted definitions of "intended behavior"? https://github.com/helm/helm/issues/5568
config.yaml: {{ tpl (regexReplaceAll "('{{ \".*?)\\n\\s*(.*?\" }}')" (.Values.config | toYaml) "${1} ${2}") . | b64enc | quote }}
registration.yaml: {{ include "mautrix-discord.registration-yaml" . | b64enc | quote }}

21
templates/service.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.config }}
{{- if .Values.config.appservice }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "mautrix-discord.fullname" . }}
labels:
{{ include "mautrix-discord.labels" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
clusterIP: {{ .Values.service.clusterIP | quote }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
ports:
- port: {{ required "need config.appservice.port" .Values.config.appservice.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "mautrix-discord.selectorLabels" . | nindent 4 }}
{{- end }}
{{- end }}

12
templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "mautrix-discord.serviceAccountName" . }}
labels:
{{ include "mautrix-discord.labels" . | indent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

457
values.yaml Normal file
View File

@ -0,0 +1,457 @@
# Default values for mautrix-discord.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: dock.mau.dev/mautrix/discord
tag: "v{{ .Chart.AppVersion }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext:
# The default sysctl is used to allow the process in the container to bind to port 80.
# You can safely remove it if you change config.appservice.port to something above 1024.
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "0"
# fsGroup: 2000
securityContext: {}
# privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
externalTrafficPolicy:
type: ClusterIP
clusterIP: None
port: 80
probes:
liveness:
failureThreshold: 5
periodSeconds: 10
readiness:
failureThreshold: 5
periodSeconds: 10
startup:
initialDelaySeconds: 5
failureThreshold: 30
periodSeconds: 10
config:
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: ""
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: ""
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket: false
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: ""
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 80
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://user:password@host/database?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: discord
# Appservice bot details.
bot:
# Username of the appservice bot.
username: discordbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Discord bridge bot
avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# Bridge config
bridge:
# Localpart template of MXIDs for Discord users.
# {{.}} is replaced with the internal ID of the Discord user.
username_template: 'discord_{{ "{{.}}" }}'
# Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# Available variables:
# .ID - Internal user ID
# .Username - Legacy display/username on Discord
# .GlobalName - New displayname on Discord
# .Discriminator - The 4 numbers after the name on Discord
# .Bot - Whether the user is a bot
# .System - Whether the user is an official system user
# .Webhook - Whether the user is a webhook and is not an application
# .Application - Whether the user is an application
displayname_template: '{{ "{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}} (Discord)" }}'
# Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
# Available variables:
# .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
# .ParentName - Parent channel name (used for categories).
# .GuildName - Guild name.
# .NSFW - Whether the channel is marked as NSFW.
# .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
channel_name_template: '{{ "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else if eq .Type 1}}{{.Name}} (Discord){{else}}#{{.Name}}{{end}}" }}'
# Displayname template for Discord guilds (bridged as spaces).
# Available variables:
# .Name - Guild name
guild_name_template: '{{ "{{.Name}}" }}'
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Number of private channel portals to create on bridge startup.
# Other portals will be created when receiving messages.
startup_private_channel_create_limit: 5
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
# This can avoid unnecessary invite events in guild rooms when members are synced in.
restricted_rooms: true
# Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix?
# This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4).
autojoin_thread_on_open: true
# Should inline fields in Discord embeds be bridged as HTML tables to Matrix?
# Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI.
embed_fields_as_tables: true
# Should guild channels be muted when the portal is created? This only meant for single-user instances,
# it won't mute it for all users if there are multiple Matrix users in the same Discord guild.
mute_channels_on_create: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Should incoming custom emoji reactions be bridged as mxc:// URIs?
# If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
custom_emoji_reactions: true
# Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
# If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
delete_portal_on_channel_delete: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Prefix messages from webhooks with the profile info? This can be used along with a custom displayname_template
# to better handle webhooks that change their name all the time (like ones used by bridges).
prefix_webhook_messages: false
# Bridge webhook avatars?
enable_webhook_avatars: true
# Should the bridge upload media to the Discord CDN directly before sending the message when using a user token,
# like the official client does? The other option is sending the media in the message send request as a form part
# (which is always used by bots and webhooks).
use_discord_cdn_upload: true
# Should mxc uris copied from Discord be cached?
# This can be `never` to never cache, `unencrypted` to only cache unencrypted mxc uris, or `always` to cache everything.
# If you have a media repo that generates non-unique mxc uris, you should set this to never.
cache_media: unencrypted
# Patterns for converting Discord media to custom mxc:// URIs instead of reuploading.
# Each of the patterns can be set to null to disable custom URIs for that type of media.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
media_patterns:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# Pattern for normal message attachments.
attachments: mxc://discord-media.mau.dev/attachments|{{.ChannelID}}|{{.AttachmentID}}|{{.FileName}}
# Pattern for custom emojis.
emojis: mxc://discord-media.mau.dev/emojis|{{.ID}}.{{.Ext}}
# Pattern for stickers. Note that animated lottie stickers will not be converted if this is enabled.
stickers: mxc://discord-media.mau.dev/stickers|{{.ID}}.{{.Ext}}
# Pattern for static user avatars.
avatars: mxc://discord-media.mau.dev/avatars|{{.UserID}}|{{.AvatarID}}.{{.Ext}}
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (lottie JSON)
# png - converts to non-animated png (fastest)
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target: webp
# Arguments for converter. All converters take width and height.
args:
width: 320
height: 320
fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
# Servers to always allow double puppeting from
double_puppet_server_map: {}
#example.com: https://example.com
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {}
#example.com: foobar
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!discord'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Discord bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Settings for backfilling messages.
backfill:
# Limits for forward backfilling.
forward_limits:
# Initial backfill (when creating portal). 0 means backfill is disabled.
# A special unlimited value is not supported, you must set a limit. Initial backfill will
# fetch all messages first before backfilling anything, so high limits can take a lot of time.
initial:
dm: 0
channel: 0
thread: 0
# Missed message backfill (on startup).
# 0 means backfill is disabled, -1 means fetch all messages since last bridged message.
# When using unlimited backfill (-1), messages are backfilled as they are fetched.
# With limits, all messages up to the limit are fetched first and backfilled afterwards.
missed:
dm: 0
channel: 0
thread: 0
# Maximum members in a guild to enable backfilling. Set to -1 to disable limit.
# This can be used as a rough heuristic to disable backfilling in channels that are too active.
# Currently only applies to missed message backfill.
max_guild_members: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# Should users mentions be in the event wire content to enable the server to send push notifications?
plaintext_mentions: false
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Discord account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {}
#"*": relay
#"example.com": user
#"@admin:example.com": admin
logging:
directory: /data/logs
file_name_format: '{{ "{{.Date}}-{{.Index}}.log" }}'
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: debug
print_json: false
file_json: false
registration:
rate_limited: false
sender_localpart: discordbridgebot
ingress:
enabled: false
## Support for ingress class name that was introduced in kubernetes 1.19
class:
annotations: {}
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
limits:
cpu: 1
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
deploymentAnnotations: {}
## Persist configuration to a persistent volume
persistence:
# persistence.enabled - Should disk persistence be enabled
enabled: false
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
existingClaim: ""
storageClass: ""
accessMode: ReadWriteOnce
size: 128Mi