---
# tasks file for ansible-role-matrix-stack
- name: Deploy Matrix Stack
  kubernetes.core.helm:
    name: matrix
    chart_ref: oci://ghcr.io/element-hq/ess-helm/matrix-stack
    release_namespace: "{{ release_namespace }}"
    create_namespace: true
    values:
      certManager:
        clusterIssuer: ca-issuer
      serverName: "{{ server_name }}"
      ingress:
        className: nginx
        annotations:
          nginx.ingress.kubernetes.io/configuration-snippet: proxy_intercept_errors off;
      initSecrets:
        enabled: true
        serviceAccount:
          ## Whether a ServiceAccount should be created by the chart or not
          create: true

          ## What name to give the ServiceAccount. If not provided the chart will provide the name automatically
          name: ""

          ## Annotations to add to the service account
          annotations: {}

      matrixRTC:
        ingress:
          host: rtc.eom.dev

      elementWeb:
        ingress:
          host: element.eom.dev

      matrixAuthenticationService:

        ## Additional configuration to provide to Matrix Authentication Service.
        ## Each key under additional is an additional config to merge into Matrix Authentication Service config.yaml
        ## Full details on available configuration options can be found at https://element-hq.github.io/matrix-authentication-service/reference/configuration.html
        ## This can be provided in-line in the Helm Chart and/or via an existing Secret
        ## e.g.
        ## additional:
        ##   0-customConfig:
        ##     config: |
        ##       <any valid configuration>
        ##   1-customConfig:
        ##     configSecret: custom-config
        ##     configSecretKey: shared.yaml
        ##
        ## Most settings are configurable but some settings are owned by the chart and can't overwritten
        additional: {}
        ingress:
          host: mas.eom.dev
      postgres:
        storage:
          size: 2Ti

      synapse:
        ## Configures the media store for Synapse
        media:
          ## Configures the PersistentVolumeClaim to be used for storage
          storage:
            ## Name of an existing PersistentVolumeClaim in this namespace that should be used
            # existingClaim:

            ## The size of a PersistentVolumeClaim to be constructed
            ## Ignored if existingClaim is provided
            size: 256Gi

            ## The StorageClass to be used by the constructed PersistentVolumeClaim.
            ## Will use the cluster default if not provided
            ## Ignored if existingClaim is provided
            # storageClass:

            ## Whether to instruct Helm to keep or delete the constructed PersistentVolumeClaim when uninstalling the chart
            ## Ignored if existingClaim is provided
            resourcePolicy: keep

          ## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
          ## You may need to adjust your ingress controller to also allow uploads of this size
          maxUploadSize: 100M
        ## Key used to sign events and federation requests.
        ## This needs to be the full signing key starting `ed25519 ...`.
        ## This secret is optional, and will be generated by the `initSecrets` job
        ## if it is empty.
        ## It can either be provided inline in the Helm chart e.g.:
        ## signingKey:
        ##   value: SecretValue
        ##
        ## Or it can be provided via an existing Secret e.g.:
        ## signingKey:
        ##   secret: existing-secret
        ##   secretKey: key-in-secret
        signingKey: {}
        ingress:
          host: synapse.eom.dev