sync wave

Author: ildoc

kubernetes/applications/matrix/cloudflared-configmap.yaml

@@ -4,6 +4,8 @@ kind: ConfigMap
 metadata:
   name: cloudflared-matrix-stack-config
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
 data:
   config.yaml: |
     tunnel: YOUR-TUNNEL-ID

kubernetes/applications/matrix/cloudflared-deployment.yaml

@@ -4,6 +4,8 @@ kind: Deployment
 metadata:
   name: cloudflared-matrix-stack
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
 spec:
   selector:
     matchLabels:

kubernetes/applications/matrix/cloudflared-secret.yaml

@@ -4,6 +4,8 @@ kind: ExternalSecret
 metadata:
   name: vault-cloudflared-matrix-stack-credentials
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
 spec:
   refreshInterval: "1h"
   secretStoreRef:
@@ -24,13 +26,13 @@ spec:
   data:
   - secretKey: account_tag
     remoteRef:
-      key: kubernetes/data/apps/matrix-stack/cloudflared
+      key: kubernetes/data/apps/matrix/cloudflared
       property: account_tag
   - secretKey: tunnel_secret
     remoteRef:
-      key: kubernetes/data/apps/matrix-stack/cloudflared
+      key: kubernetes/data/apps/matrix/cloudflared
       property: tunnel_secret
   - secretKey: tunnel_id
     remoteRef:
-      key: kubernetes/data/apps/matrix-stack/cloudflared
+      key: kubernetes/data/apps/matrix/cloudflared
       property: tunnel_id

kubernetes/applications/matrix/deployment.yaml

@@ -4,6 +4,8 @@ kind: Deployment
 metadata:
   name: matrix-synapse
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
 spec:
   selector:
     matchLabels:

kubernetes/applications/matrix/init-job.yaml

@@ -0,0 +1,95 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: matrix-synapse-init
+  namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "3"
+    argocd.argoproj.io/hook: PreSync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+spec:
+  ttlSecondsAfterFinished: 600
+  template:
+    metadata:
+      labels:
+        app: matrix-synapse-init
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: synapse-init
+          image: ghcr.io/element-hq/synapse:v1.123.0
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Checking for signing key..."
+              if [ ! -f /data/keys/signing.key ]; then
+                echo "Generating signing key..."
+                mkdir -p /data/keys
+                python -m synapse.app.homeserver \
+                  --server-name=matrix.ildoc.it \
+                  --config-path=/data/homeserver.yaml \
+                  --generate-keys
+                echo "Signing key generated successfully"
+              else
+                echo "Signing key already exists"
+              fi
+          env:
+            - name: SYNAPSE_SERVER_NAME
+              value: "matrix.ildoc.it"
+            - name: SYNAPSE_REPORT_STATS
+              value: "no"
+            - name: POSTGRES_HOST
+              value: "192.168.0.30"
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: POSTGRES_DB
+              value: "matrix_db"
+            - name: POSTGRES_USER
+              value: "matrix_user"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-cross-secrets
+                  key: postgres-password
+            - name: SYNAPSE_REDIS_HOST
+              value: "matrix-redis.apps.svc.cluster.local"
+            - name: SYNAPSE_REDIS_PORT
+              value: "6379"
+            - name: SYNAPSE_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-redis-secret
+                  key: password
+            - name: REGISTRATION_SHARED_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-k8s-secrets
+                  key: registration-shared-secret
+            - name: MACAROON_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-k8s-secrets
+                  key: macaroon-secret-key
+            - name: FORM_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: matrix-k8s-secrets
+                  key: form-secret
+          volumeMounts:
+            - name: data
+              mountPath: /data
+            - name: config
+              mountPath: /data/homeserver.yaml
+              subPath: homeserver.yaml
+            - name: config
+              mountPath: /data/log.config
+              subPath: log.config
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: matrix-synapse
+        - name: config
+          configMap:
+            name: matrix-config

kubernetes/applications/matrix/redis-deployment.yaml

@@ -4,6 +4,8 @@ kind: Deployment
 metadata:
   name: matrix-redis
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   replicas: 1
   selector:

kubernetes/applications/matrix/redis-pvc.yaml

@@ -4,6 +4,8 @@ kind: PersistentVolumeClaim
 metadata:
   name: matrix-redis
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   accessModes:
     - ReadWriteOnce

kubernetes/applications/matrix/redis-secret.yaml

@@ -4,6 +4,8 @@ kind: ExternalSecret
 metadata:
   name: vault-matrix-redis-secret
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   refreshInterval: "1h"
   secretStoreRef:

kubernetes/applications/matrix/redis-service.yaml

@@ -4,6 +4,8 @@ kind: Service
 metadata:
   name: matrix-redis
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   type: ClusterIP
   ports:

kubernetes/applications/matrix/secret.yaml

@@ -26,6 +26,8 @@ kind: ExternalSecret
 metadata:
   name: vault-matrix-k8s-secrets
   namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
 spec:
   refreshInterval: "1h"
   secretStoreRef: