apiVersion: v1
kind: Secret
metadata:
  name: mautrix-signal-registration
  namespace: chat
  annotations:
    kube-1password: z6tylu2br724gttcpfyi5egaui
    kube-1password/vault: Kubernetes
    kube-1password/secret-text-key: registration.yaml
  labels:
    app.kubernetes.io/name: "mautrix-signal"
    component: registration
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  name: mautrix-signal-config
  namespace: chat
  annotations:
    kube-1password: 5vfaorcudozlq4clkzgmzzszqe
    kube-1password/vault: Kubernetes
    kube-1password/secret-text-key: config.yaml
  labels:
    app.kubernetes.io/name: "mautrix-signal"
    component: config
type: Opaque

---

apiVersion: v1
kind: Service
metadata:
  name: mautrix-signal
  namespace: chat
  labels:
    app.kubernetes.io/name: mautrix-signal
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/path: "/metrics"
    prometheus.io/port: "9000"
spec:
  type: ClusterIP
  ports:
  - port: 29318
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app.kubernetes.io/name: mautrix-signal

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mautrix-signal
  labels:
    app.kubernetes.io/name: mautrix-signal
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: mautrix-signal
  template:
    metadata:
      labels:
        app.kubernetes.io/name: mautrix-signal
    spec:
      serviceAccountName: default
      automountServiceAccountToken: true
      dnsPolicy: ClusterFirst
      enableServiceLinks: true
      initContainers:
      - name: config-copy
        image: bash:latest
        imagePullPolicy: IfNotPresent
        args:
          - -c
          - |
            cp /secrets/* /data/
        volumeMounts:
          - name: mautrix-signal-config
            mountPath: /secrets/config.yaml
            subPath: config.yaml
          - name: mautrix-signal-registration
            mountPath: /secrets/registration.yaml
            subPath: registration.yaml
          - name: data
            mountPath: /data
      containers:
        - name: signald
          image: docker.io/signald/signald:stable
          imagePullPolicy: Always
          volumeMounts:
          - name: signald
            mountPath: /signald
        - name: mautrix-signal
          image: "dock.mau.dev/mautrix/signal:v0.3.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: "TZ"
              value: "UTC"
          ports:
            - name: http
              containerPort: 29318
              protocol: TCP
            - name: metrics
              containerPort: 9000
              protocol: TCP
          volumeMounts:
          - name: signald
            mountPath: /signald
          - name: data
            mountPath: /data
          livenessProbe:
            tcpSocket:
              port: 29318
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          readinessProbe:
            tcpSocket:
              port: 29318
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          startupProbe:
            tcpSocket:
              port: 29318
            initialDelaySeconds: 0
            failureThreshold: 30
            timeoutSeconds: 1
            periodSeconds: 5
      volumes:
        - name: data
          emptyDir: {}
        - name: signald
          emptyDir: {}
        - name: mautrix-signal-config
          secret:
            secretName: mautrix-signal-config
        - name: mautrix-signal-registration
          secret:
            secretName: mautrix-signal-registration
---