From 857798fa845327432f58a4b299278c00ee515727 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 20:57:11 +0000 Subject: [PATCH 01/31] Initial plan From 1665c9c6d59f1c1db58cb57d2ef856c7a992070c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:20:02 +0000 Subject: [PATCH 02/31] Add matrix-stack helm app Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/assets/charts.json | 6 + packages/standard/k8s.apps/package.json | 1 + .../k8s.apps/src/matrix-stack/index.ts | 80 ++++++++++ .../standard/library/src/k8s/apps/index.ts | 1 + .../library/src/k8s/apps/matrix-stack.ts | 145 ++++++++++++++++++ 5 files changed, 233 insertions(+) create mode 100644 packages/standard/k8s.apps/src/matrix-stack/index.ts create mode 100644 packages/standard/library/src/k8s/apps/matrix-stack.ts diff --git a/packages/standard/k8s.apps/assets/charts.json b/packages/standard/k8s.apps/assets/charts.json index 5fd8690..f93c7ac 100644 --- a/packages/standard/k8s.apps/assets/charts.json +++ b/packages/standard/k8s.apps/assets/charts.json @@ -35,6 +35,12 @@ "version": "0.5.7", "sha256": "184d60dd6b6a723842957b2d642cf13ed145c3c70564f475d5b58825aa556e00" }, + "matrix-stack": { + "repo": "oci://ghcr.io/element-hq/ess-helm", + "name": "matrix-stack", + "version": "26.2.0", + "sha256": "96881b2746acf6251a7fbdd2a06bab6c0d42b0e2c3a75b20210bb4e2cc47a165" + }, "valkey": { "repo": "oci://ghcr.io/cloudpirates-io/helm-charts", "name": "valkey", diff --git a/packages/standard/k8s.apps/package.json b/packages/standard/k8s.apps/package.json index fc22bbc..6b49c7e 100644 --- a/packages/standard/k8s.apps/package.json +++ b/packages/standard/k8s.apps/package.json @@ -15,6 +15,7 @@ "./mariadb/app": "./dist/mariadb/app/index.js", "./mariadb/database": "./dist/mariadb/database/index.js", "./maybe": "./dist/maybe/index.js", + "./matrix-stack": "./dist/matrix-stack/index.js", "./postgresql": "./dist/postgresql/index.js", "./postgresql/app": "./dist/postgresql/app/index.js", "./postgresql/database": "./dist/postgresql/database/index.js", diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts new file mode 100644 index 0000000..4a176c4 --- /dev/null +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -0,0 +1,80 @@ +import { l4EndpointToString } from "@highstate/common" +import { Chart, Namespace } from "@highstate/k8s" +import { k8s } from "@highstate/library" +import { forUnit, toPromise } from "@highstate/pulumi" +import { charts } from "../shared" + +const { args, inputs, outputs } = forUnit(k8s.apps.matrixStack) + +const namespace = Namespace.create(args.appName, { cluster: inputs.k8sCluster }) + +const synapseHost = args.synapseHost ?? `synapse.${args.serverName}` +const elementWebHost = args.elementWebHost ?? `element.${args.serverName}` +const matrixAuthenticationServiceHost = + args.matrixAuthenticationServiceHost ?? `mas.${args.serverName}` +const matrixRtcHost = args.matrixRtcHost ?? `mrtc.${args.serverName}` +const elementAdminHost = args.elementAdminHost ?? `admin.${args.serverName}` + +const ingress = { + ...(args.ingressClassName ? { className: args.ingressClassName } : {}), + ...(args.ingressTlsSecret ? { tlsSecret: args.ingressTlsSecret } : {}), + ...(args.ingressAnnotations && Object.keys(args.ingressAnnotations).length > 0 + ? { annotations: args.ingressAnnotations } + : {}), +} + +const chart = new Chart(args.appName, { + namespace, + + chart: charts["matrix-stack"], + serviceName: `${args.appName}-synapse`, + + values: { + serverName: args.serverName, + + ...(Object.keys(ingress).length > 0 ? { ingress } : {}), + + synapse: { + ingress: { + host: synapseHost, + }, + }, + elementWeb: { + ingress: { + host: elementWebHost, + }, + }, + elementAdmin: { + ingress: { + host: elementAdminHost, + }, + }, + matrixAuthenticationService: { + ingress: { + host: matrixAuthenticationServiceHost, + }, + }, + matrixRTC: { + ingress: { + host: matrixRtcHost, + }, + }, + }, +}) + +const endpoints = await toPromise(chart.service.endpoints) + +export default outputs({ + service: chart.service.entity, + endpoints: chart.service.endpoints, + + $statusFields: { + serverName: args.serverName, + synapse: `https://${synapseHost}`, + elementWeb: `https://${elementWebHost}`, + elementAdmin: `https://${elementAdminHost}`, + matrixAuthenticationService: `https://${matrixAuthenticationServiceHost}`, + matrixRtc: `https://${matrixRtcHost}`, + endpoints: endpoints.map(l4EndpointToString), + }, +}) diff --git a/packages/standard/library/src/k8s/apps/index.ts b/packages/standard/library/src/k8s/apps/index.ts index f6bbb0a..cb0df3a 100644 --- a/packages/standard/library/src/k8s/apps/index.ts +++ b/packages/standard/library/src/k8s/apps/index.ts @@ -4,6 +4,7 @@ export * from "./grocy" export * from "./hubble" export * from "./kubernetes-dashboard" export * from "./mariadb" +export * from "./matrix-stack" export * from "./maybe" export * from "./minio" export * from "./mongodb" diff --git a/packages/standard/library/src/k8s/apps/matrix-stack.ts b/packages/standard/library/src/k8s/apps/matrix-stack.ts new file mode 100644 index 0000000..d56cd78 --- /dev/null +++ b/packages/standard/library/src/k8s/apps/matrix-stack.ts @@ -0,0 +1,145 @@ +import { defineUnit, text, z } from "@highstate/contract" +import { pick } from "remeda" +import { l4EndpointEntity } from "../../network" +import { serviceEntity } from "../service" +import { appName, sharedInputs, source } from "./shared" + +/** + * The Matrix stack deployed on Kubernetes. + */ +export const matrixStack = defineUnit({ + type: "k8s.apps.matrix-stack.v1", + + args: { + ...appName("matrix-stack"), + + /** + * The Matrix server name used in user and room IDs. + */ + serverName: { + schema: z.string(), + meta: { + description: text` + The Matrix server name used for user and room identifiers. + This value cannot be changed after the first deployment. + `, + }, + }, + + /** + * The Synapse ingress hostname. + */ + synapseHost: { + schema: z.string().optional(), + meta: { + description: text` + The hostname for the Synapse ingress. + Defaults to "synapse.". + `, + }, + }, + + /** + * The Element Web ingress hostname. + */ + elementWebHost: { + schema: z.string().optional(), + meta: { + description: text` + The hostname for the Element Web ingress. + Defaults to "element.". + `, + }, + }, + + /** + * The Element Admin ingress hostname. + */ + elementAdminHost: { + schema: z.string().optional(), + meta: { + description: text` + The hostname for the Element Admin ingress. + Defaults to "admin.". + `, + }, + }, + + /** + * The Matrix Authentication Service ingress hostname. + */ + matrixAuthenticationServiceHost: { + schema: z.string().optional(), + meta: { + description: text` + The hostname for the Matrix Authentication Service ingress. + Defaults to "mas.". + `, + }, + }, + + /** + * The Matrix RTC ingress hostname. + */ + matrixRtcHost: { + schema: z.string().optional(), + meta: { + description: text` + The hostname for the Matrix RTC ingress. + Defaults to "mrtc.". + `, + }, + }, + + /** + * The ingress class to use for all Matrix stack ingresses. + */ + ingressClassName: { + schema: z.string().optional(), + meta: { + description: text`The ingress class name to apply to all ingresses.`, + }, + }, + + /** + * The TLS secret to use for all Matrix stack ingresses. + */ + ingressTlsSecret: { + schema: z.string().optional(), + meta: { + description: text`The TLS secret name to apply to all ingresses.`, + }, + }, + + /** + * The annotations to apply to all Matrix stack ingresses. + */ + ingressAnnotations: { + schema: z.record(z.string(), z.string()).optional(), + meta: { + description: text`The ingress annotations to apply to all ingresses.`, + }, + }, + }, + + inputs: { + ...pick(sharedInputs, ["k8sCluster"]), + }, + + outputs: { + service: serviceEntity, + endpoints: { + entity: l4EndpointEntity, + multiple: true, + }, + }, + + meta: { + title: "Matrix Stack", + icon: "simple-icons:matrixdotorg", + secondaryIcon: "simple-icons:element", + category: "Communication", + }, + + source: source("matrix-stack"), +}) From 70d5e2fa2b9e32049d7101215539c5210d3cff3f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:35:46 +0000 Subject: [PATCH 03/31] Use access point routes for matrix stack Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 129 +++++++++++++++--- .../library/src/k8s/apps/matrix-stack.ts | 109 +-------------- 2 files changed, 114 insertions(+), 124 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 4a176c4..87911c7 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -1,4 +1,4 @@ -import { l4EndpointToString } from "@highstate/common" +import { AccessPointRoute, l4EndpointToString } from "@highstate/common" import { Chart, Namespace } from "@highstate/k8s" import { k8s } from "@highstate/library" import { forUnit, toPromise } from "@highstate/pulumi" @@ -8,20 +8,11 @@ const { args, inputs, outputs } = forUnit(k8s.apps.matrixStack) const namespace = Namespace.create(args.appName, { cluster: inputs.k8sCluster }) -const synapseHost = args.synapseHost ?? `synapse.${args.serverName}` -const elementWebHost = args.elementWebHost ?? `element.${args.serverName}` -const matrixAuthenticationServiceHost = - args.matrixAuthenticationServiceHost ?? `mas.${args.serverName}` -const matrixRtcHost = args.matrixRtcHost ?? `mrtc.${args.serverName}` -const elementAdminHost = args.elementAdminHost ?? `admin.${args.serverName}` - -const ingress = { - ...(args.ingressClassName ? { className: args.ingressClassName } : {}), - ...(args.ingressTlsSecret ? { tlsSecret: args.ingressTlsSecret } : {}), - ...(args.ingressAnnotations && Object.keys(args.ingressAnnotations).length > 0 - ? { annotations: args.ingressAnnotations } - : {}), -} +const synapseHost = `synapse.${args.fqdn}` +const elementWebHost = `element.${args.fqdn}` +const matrixAuthenticationServiceHost = `mas.${args.fqdn}` +const matrixRtcHost = `mrtc.${args.fqdn}` +const elementAdminHost = `admin.${args.fqdn}` const chart = new Chart(args.appName, { namespace, @@ -30,9 +21,11 @@ const chart = new Chart(args.appName, { serviceName: `${args.appName}-synapse`, values: { - serverName: args.serverName, - - ...(Object.keys(ingress).length > 0 ? { ingress } : {}), + serverName: args.fqdn, + ingress: { + className: "disabled", + tlsEnabled: false, + }, synapse: { ingress: { @@ -59,9 +52,107 @@ const chart = new Chart(args.appName, { host: matrixRtcHost, }, }, + wellKnownDelegation: { + baseDomainRedirect: { + enabled: false, + }, + }, }, }) +const synapseService = chart.getServiceOutput(`${args.appName}-synapse`) +const elementWebService = chart.getServiceOutput(`${args.appName}-element-web`) +const elementAdminService = chart.getServiceOutput(`${args.appName}-element-admin`) +const matrixAuthenticationService = chart.getServiceOutput( + `${args.appName}-matrix-authentication-service`, +) +const matrixRtcAuthorisationService = chart.getServiceOutput( + `${args.appName}-matrix-rtc-authorisation-service`, +) +const matrixRtcSfuService = chart.getServiceOutput(`${args.appName}-matrix-rtc-sfu`) +const wellKnownService = chart.getServiceOutput(`${args.appName}-well-known`) + +const commonRouteArgs = { + accessPoint: inputs.accessPoint, + type: "http" as const, + tlsCertificateNativeData: namespace, +} + +const _routes = [ + new AccessPointRoute( + `${args.appName}-synapse`, + { + ...commonRouteArgs, + fqdn: synapseHost, + endpoints: synapseService.endpoints, + gatewayNativeData: synapseService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-element-web`, + { + ...commonRouteArgs, + fqdn: elementWebHost, + endpoints: elementWebService.endpoints, + gatewayNativeData: elementWebService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-element-admin`, + { + ...commonRouteArgs, + fqdn: elementAdminHost, + endpoints: elementAdminService.endpoints, + gatewayNativeData: elementAdminService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-matrix-authentication-service`, + { + ...commonRouteArgs, + fqdn: matrixAuthenticationServiceHost, + endpoints: matrixAuthenticationService.endpoints, + gatewayNativeData: matrixAuthenticationService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-matrix-rtc-sfu`, + { + ...commonRouteArgs, + fqdn: matrixRtcHost, + endpoints: matrixRtcSfuService.endpoints, + gatewayNativeData: matrixRtcSfuService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-matrix-rtc-authorisation`, + { + ...commonRouteArgs, + fqdn: matrixRtcHost, + path: "/sfu/get", + endpoints: matrixRtcAuthorisationService.endpoints, + gatewayNativeData: matrixRtcAuthorisationService, + }, + { dependsOn: chart.chart }, + ), + new AccessPointRoute( + `${args.appName}-well-known`, + { + ...commonRouteArgs, + fqdn: args.fqdn, + path: "/.well-known/matrix", + endpoints: wellKnownService.endpoints, + gatewayNativeData: wellKnownService, + }, + { dependsOn: chart.chart }, + ), +] + const endpoints = await toPromise(chart.service.endpoints) export default outputs({ @@ -69,7 +160,7 @@ export default outputs({ endpoints: chart.service.endpoints, $statusFields: { - serverName: args.serverName, + serverName: args.fqdn, synapse: `https://${synapseHost}`, elementWeb: `https://${elementWebHost}`, elementAdmin: `https://${elementAdminHost}`, diff --git a/packages/standard/library/src/k8s/apps/matrix-stack.ts b/packages/standard/library/src/k8s/apps/matrix-stack.ts index d56cd78..5e15a1b 100644 --- a/packages/standard/library/src/k8s/apps/matrix-stack.ts +++ b/packages/standard/library/src/k8s/apps/matrix-stack.ts @@ -1,4 +1,4 @@ -import { defineUnit, text, z } from "@highstate/contract" +import { defineUnit, z } from "@highstate/contract" import { pick } from "remeda" import { l4EndpointEntity } from "../../network" import { serviceEntity } from "../service" @@ -14,116 +14,15 @@ export const matrixStack = defineUnit({ ...appName("matrix-stack"), /** - * The Matrix server name used in user and room IDs. + * The base domain for the Matrix stack. */ - serverName: { + fqdn: { schema: z.string(), - meta: { - description: text` - The Matrix server name used for user and room identifiers. - This value cannot be changed after the first deployment. - `, - }, - }, - - /** - * The Synapse ingress hostname. - */ - synapseHost: { - schema: z.string().optional(), - meta: { - description: text` - The hostname for the Synapse ingress. - Defaults to "synapse.". - `, - }, - }, - - /** - * The Element Web ingress hostname. - */ - elementWebHost: { - schema: z.string().optional(), - meta: { - description: text` - The hostname for the Element Web ingress. - Defaults to "element.". - `, - }, - }, - - /** - * The Element Admin ingress hostname. - */ - elementAdminHost: { - schema: z.string().optional(), - meta: { - description: text` - The hostname for the Element Admin ingress. - Defaults to "admin.". - `, - }, - }, - - /** - * The Matrix Authentication Service ingress hostname. - */ - matrixAuthenticationServiceHost: { - schema: z.string().optional(), - meta: { - description: text` - The hostname for the Matrix Authentication Service ingress. - Defaults to "mas.". - `, - }, - }, - - /** - * The Matrix RTC ingress hostname. - */ - matrixRtcHost: { - schema: z.string().optional(), - meta: { - description: text` - The hostname for the Matrix RTC ingress. - Defaults to "mrtc.". - `, - }, - }, - - /** - * The ingress class to use for all Matrix stack ingresses. - */ - ingressClassName: { - schema: z.string().optional(), - meta: { - description: text`The ingress class name to apply to all ingresses.`, - }, - }, - - /** - * The TLS secret to use for all Matrix stack ingresses. - */ - ingressTlsSecret: { - schema: z.string().optional(), - meta: { - description: text`The TLS secret name to apply to all ingresses.`, - }, - }, - - /** - * The annotations to apply to all Matrix stack ingresses. - */ - ingressAnnotations: { - schema: z.record(z.string(), z.string()).optional(), - meta: { - description: text`The ingress annotations to apply to all ingresses.`, - }, }, }, inputs: { - ...pick(sharedInputs, ["k8sCluster"]), + ...pick(sharedInputs, ["k8sCluster", "accessPoint"]), }, outputs: { From ebabc712a8a98fca82f59a4db903a0af551033dd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:37:03 +0000 Subject: [PATCH 04/31] Rename matrix stack routes variable Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 87911c7..b191185 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -78,7 +78,7 @@ const commonRouteArgs = { tlsCertificateNativeData: namespace, } -const _routes = [ +const routes = [ new AccessPointRoute( `${args.appName}-synapse`, { @@ -153,6 +153,8 @@ const _routes = [ ), ] +void routes + const endpoints = await toPromise(chart.service.endpoints) export default outputs({ From e8d0966e31effba693c2b4ed32f13781e168d6af Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:38:12 +0000 Subject: [PATCH 05/31] Inline matrix stack routes Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 148 +++++++++--------- 1 file changed, 72 insertions(+), 76 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index b191185..cebb1e9 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -78,82 +78,78 @@ const commonRouteArgs = { tlsCertificateNativeData: namespace, } -const routes = [ - new AccessPointRoute( - `${args.appName}-synapse`, - { - ...commonRouteArgs, - fqdn: synapseHost, - endpoints: synapseService.endpoints, - gatewayNativeData: synapseService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-element-web`, - { - ...commonRouteArgs, - fqdn: elementWebHost, - endpoints: elementWebService.endpoints, - gatewayNativeData: elementWebService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-element-admin`, - { - ...commonRouteArgs, - fqdn: elementAdminHost, - endpoints: elementAdminService.endpoints, - gatewayNativeData: elementAdminService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-matrix-authentication-service`, - { - ...commonRouteArgs, - fqdn: matrixAuthenticationServiceHost, - endpoints: matrixAuthenticationService.endpoints, - gatewayNativeData: matrixAuthenticationService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-matrix-rtc-sfu`, - { - ...commonRouteArgs, - fqdn: matrixRtcHost, - endpoints: matrixRtcSfuService.endpoints, - gatewayNativeData: matrixRtcSfuService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-matrix-rtc-authorisation`, - { - ...commonRouteArgs, - fqdn: matrixRtcHost, - path: "/sfu/get", - endpoints: matrixRtcAuthorisationService.endpoints, - gatewayNativeData: matrixRtcAuthorisationService, - }, - { dependsOn: chart.chart }, - ), - new AccessPointRoute( - `${args.appName}-well-known`, - { - ...commonRouteArgs, - fqdn: args.fqdn, - path: "/.well-known/matrix", - endpoints: wellKnownService.endpoints, - gatewayNativeData: wellKnownService, - }, - { dependsOn: chart.chart }, - ), -] - -void routes +new AccessPointRoute( + `${args.appName}-synapse`, + { + ...commonRouteArgs, + fqdn: synapseHost, + endpoints: synapseService.endpoints, + gatewayNativeData: synapseService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-element-web`, + { + ...commonRouteArgs, + fqdn: elementWebHost, + endpoints: elementWebService.endpoints, + gatewayNativeData: elementWebService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-element-admin`, + { + ...commonRouteArgs, + fqdn: elementAdminHost, + endpoints: elementAdminService.endpoints, + gatewayNativeData: elementAdminService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-matrix-authentication-service`, + { + ...commonRouteArgs, + fqdn: matrixAuthenticationServiceHost, + endpoints: matrixAuthenticationService.endpoints, + gatewayNativeData: matrixAuthenticationService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-matrix-rtc-sfu`, + { + ...commonRouteArgs, + fqdn: matrixRtcHost, + endpoints: matrixRtcSfuService.endpoints, + gatewayNativeData: matrixRtcSfuService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-matrix-rtc-authorisation`, + { + ...commonRouteArgs, + fqdn: matrixRtcHost, + path: "/sfu/get", + endpoints: matrixRtcAuthorisationService.endpoints, + gatewayNativeData: matrixRtcAuthorisationService, + }, + { dependsOn: chart.chart }, +) +new AccessPointRoute( + `${args.appName}-well-known`, + { + ...commonRouteArgs, + fqdn: args.fqdn, + path: "/.well-known/matrix", + endpoints: wellKnownService.endpoints, + gatewayNativeData: wellKnownService, + }, + { dependsOn: chart.chart }, +) const endpoints = await toPromise(chart.service.endpoints) From c5bb4173659c61e7761f6198d60631e37779b6b7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:39:40 +0000 Subject: [PATCH 06/31] Adjust ingress class and rtc path Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index cebb1e9..363ca21 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,6 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` +const ingressClassName = "highstate-disabled" const chart = new Chart(args.appName, { namespace, @@ -23,8 +24,11 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: "disabled", + className: ingressClassName, tlsEnabled: false, + annotations: { + "kubernetes.io/ingress.class": ingressClassName, + }, }, synapse: { @@ -123,6 +127,7 @@ new AccessPointRoute( { ...commonRouteArgs, fqdn: matrixRtcHost, + path: "/", endpoints: matrixRtcSfuService.endpoints, gatewayNativeData: matrixRtcSfuService, }, From 975314e0b2fc9f5b216a6ac16c94670daed51e98 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:40:42 +0000 Subject: [PATCH 07/31] Refine matrix stack ingress defaults Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 363ca21..4608bf1 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const ingressClassName = "highstate-disabled" +const ingressClassName = "none" const chart = new Chart(args.appName, { namespace, @@ -25,7 +25,6 @@ const chart = new Chart(args.appName, { serverName: args.fqdn, ingress: { className: ingressClassName, - tlsEnabled: false, annotations: { "kubernetes.io/ingress.class": ingressClassName, }, From 2efc3ec2ccdfe2a40f90a679105f6ecfaaf0c076 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:41:29 +0000 Subject: [PATCH 08/31] Tidy matrix stack ingress config Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 4608bf1..7410f87 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const ingressClassName = "none" +const disabledIngressClassName = "none" const chart = new Chart(args.appName, { namespace, @@ -24,10 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: ingressClassName, - annotations: { - "kubernetes.io/ingress.class": ingressClassName, - }, + className: disabledIngressClassName, }, synapse: { From 17b2307e4a832f44865b1b6bce79d5c161718f0c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:42:41 +0000 Subject: [PATCH 09/31] Clarify matrix stack fqdn Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++-- packages/standard/library/src/k8s/apps/matrix-stack.ts | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 7410f87..e29c4e5 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const disabledIngressClassName = "none" +const INGRESS_DISABLED_CLASS_NAME = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: disabledIngressClassName, + className: INGRESS_DISABLED_CLASS_NAME, }, synapse: { diff --git a/packages/standard/library/src/k8s/apps/matrix-stack.ts b/packages/standard/library/src/k8s/apps/matrix-stack.ts index 5e15a1b..919adae 100644 --- a/packages/standard/library/src/k8s/apps/matrix-stack.ts +++ b/packages/standard/library/src/k8s/apps/matrix-stack.ts @@ -14,7 +14,9 @@ export const matrixStack = defineUnit({ ...appName("matrix-stack"), /** - * The base domain for the Matrix stack. + * The base domain for the Matrix stack services. + * + * Subdomains like synapse. and element. are generated automatically. */ fqdn: { schema: z.string(), From ea60947a20dba76a9855078b996ee0dd75cd1837 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:43:52 +0000 Subject: [PATCH 10/31] Clarify matrix stack fqdn constraint Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 5 ++--- packages/standard/library/src/k8s/apps/matrix-stack.ts | 1 + 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index e29c4e5..1bcac78 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const INGRESS_DISABLED_CLASS_NAME = "none" +const UNUSED_INGRESS_CLASS_NAME = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: INGRESS_DISABLED_CLASS_NAME, + className: UNUSED_INGRESS_CLASS_NAME, }, synapse: { @@ -123,7 +123,6 @@ new AccessPointRoute( { ...commonRouteArgs, fqdn: matrixRtcHost, - path: "/", endpoints: matrixRtcSfuService.endpoints, gatewayNativeData: matrixRtcSfuService, }, diff --git a/packages/standard/library/src/k8s/apps/matrix-stack.ts b/packages/standard/library/src/k8s/apps/matrix-stack.ts index 919adae..08145df 100644 --- a/packages/standard/library/src/k8s/apps/matrix-stack.ts +++ b/packages/standard/library/src/k8s/apps/matrix-stack.ts @@ -17,6 +17,7 @@ export const matrixStack = defineUnit({ * The base domain for the Matrix stack services. * * Subdomains like synapse. and element. are generated automatically. + * This value cannot be changed after the first deployment. */ fqdn: { schema: z.string(), From 7a83d46178b31694ee57d75226a31ebb29e6acaf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:44:41 +0000 Subject: [PATCH 11/31] Rename ingress class constant Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 1bcac78..04a6fd6 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const UNUSED_INGRESS_CLASS_NAME = "none" +const INGRESS_DISABLED_CLASS_NAME = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: UNUSED_INGRESS_CLASS_NAME, + className: INGRESS_DISABLED_CLASS_NAME, }, synapse: { From 72fa3ae75e565ffe733738e55c9d2e734cd9bbea Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:45:36 +0000 Subject: [PATCH 12/31] Rename ingress class variable Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 04a6fd6..ad42aca 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const INGRESS_DISABLED_CLASS_NAME = "none" +const ingressDisabledClassName = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: INGRESS_DISABLED_CLASS_NAME, + className: ingressDisabledClassName, }, synapse: { @@ -123,6 +123,7 @@ new AccessPointRoute( { ...commonRouteArgs, fqdn: matrixRtcHost, + path: "/", endpoints: matrixRtcSfuService.endpoints, gatewayNativeData: matrixRtcSfuService, }, From 024a9e65c6e356965d746ee14297fa0385eb955d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:46:41 +0000 Subject: [PATCH 13/31] Refine matrix stack docs Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++-- packages/standard/library/src/k8s/apps/matrix-stack.ts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index ad42aca..7410f87 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const ingressDisabledClassName = "none" +const disabledIngressClassName = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: ingressDisabledClassName, + className: disabledIngressClassName, }, synapse: { diff --git a/packages/standard/library/src/k8s/apps/matrix-stack.ts b/packages/standard/library/src/k8s/apps/matrix-stack.ts index 08145df..144e8bc 100644 --- a/packages/standard/library/src/k8s/apps/matrix-stack.ts +++ b/packages/standard/library/src/k8s/apps/matrix-stack.ts @@ -16,7 +16,7 @@ export const matrixStack = defineUnit({ /** * The base domain for the Matrix stack services. * - * Subdomains like synapse. and element. are generated automatically. + * Subdomains for Matrix services are generated automatically. * This value cannot be changed after the first deployment. */ fqdn: { From f369aae60546f77001d3f4e1a0eee75bf219c8b1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:47:46 +0000 Subject: [PATCH 14/31] Adjust matrix stack naming Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 7410f87..f24ff6e 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const disabledIngressClassName = "none" +const INGRESS_CLASS_DISABLED = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: disabledIngressClassName, + className: INGRESS_CLASS_DISABLED, }, synapse: { @@ -123,7 +123,6 @@ new AccessPointRoute( { ...commonRouteArgs, fqdn: matrixRtcHost, - path: "/", endpoints: matrixRtcSfuService.endpoints, gatewayNativeData: matrixRtcSfuService, }, From 63f9cbb348b59b676dec730cba0631037a36b86c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:48:33 +0000 Subject: [PATCH 15/31] Rename ingress class constant Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index f24ff6e..908e02a 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const INGRESS_CLASS_DISABLED = "none" +const DISABLED_INGRESS_CLASS_VALUE = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: INGRESS_CLASS_DISABLED, + className: DISABLED_INGRESS_CLASS_VALUE, }, synapse: { From 7cc3cb89f461e3e8d9d5f072b2684220232a3933 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 21:49:38 +0000 Subject: [PATCH 16/31] Rename ingress class constant Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 908e02a..7157293 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -13,7 +13,7 @@ const elementWebHost = `element.${args.fqdn}` const matrixAuthenticationServiceHost = `mas.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` -const DISABLED_INGRESS_CLASS_VALUE = "none" +const HELM_INGRESS_DISABLED_VALUE = "none" const chart = new Chart(args.appName, { namespace, @@ -24,7 +24,7 @@ const chart = new Chart(args.appName, { values: { serverName: args.fqdn, ingress: { - className: DISABLED_INGRESS_CLASS_VALUE, + className: HELM_INGRESS_DISABLED_VALUE, }, synapse: { From 4c2522c15f7ded0edb2643ef41fdae278e20294e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 22:55:19 +0000 Subject: [PATCH 17/31] Align matrix stack hostnames with README Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 7157293..4ea46ce 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -8,9 +8,9 @@ const { args, inputs, outputs } = forUnit(k8s.apps.matrixStack) const namespace = Namespace.create(args.appName, { cluster: inputs.k8sCluster }) -const synapseHost = `synapse.${args.fqdn}` -const elementWebHost = `element.${args.fqdn}` -const matrixAuthenticationServiceHost = `mas.${args.fqdn}` +const synapseHost = `matrix.${args.fqdn}` +const elementWebHost = `chat.${args.fqdn}` +const matrixAuthenticationServiceHost = `account.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" From 874ebe1bb2cdb13a3794e6424c21ca3005e17025 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:11:10 +0000 Subject: [PATCH 18/31] Use helm release postrender Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 138 +++++++++++------- .../k8s.apps/src/matrix-stack/postrender.ts | 9 ++ 2 files changed, 97 insertions(+), 50 deletions(-) create mode 100755 packages/standard/k8s.apps/src/matrix-stack/postrender.ts diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 4ea46ce..efe28c8 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -1,7 +1,10 @@ +import { chmod } from "node:fs/promises" +import { fileURLToPath } from "node:url" import { AccessPointRoute, l4EndpointToString } from "@highstate/common" -import { Chart, Namespace } from "@highstate/k8s" +import { getProviderAsync, Namespace, resolveHelmChart, Service } from "@highstate/k8s" import { k8s } from "@highstate/library" import { forUnit, toPromise } from "@highstate/pulumi" +import { helm } from "@pulumi/kubernetes" import { charts } from "../shared" const { args, inputs, outputs } = forUnit(k8s.apps.matrixStack) @@ -14,63 +17,98 @@ const matrixAuthenticationServiceHost = `account.${args.fqdn}` const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" +const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -const chart = new Chart(args.appName, { - namespace, +await chmod(postrenderScript, 0o755) - chart: charts["matrix-stack"], - serviceName: `${args.appName}-synapse`, +const provider = await getProviderAsync(inputs.k8sCluster) +const chartPath = await resolveHelmChart(charts["matrix-stack"]) - values: { - serverName: args.fqdn, - ingress: { - className: HELM_INGRESS_DISABLED_VALUE, - }, +const release = new helm.v3.Release( + args.appName, + { + chart: chartPath, + namespace: namespace.metadata.name, - synapse: { + values: { + serverName: args.fqdn, ingress: { - host: synapseHost, + className: HELM_INGRESS_DISABLED_VALUE, }, - }, - elementWeb: { - ingress: { - host: elementWebHost, + + synapse: { + ingress: { + host: synapseHost, + }, }, - }, - elementAdmin: { - ingress: { - host: elementAdminHost, + elementWeb: { + ingress: { + host: elementWebHost, + }, }, - }, - matrixAuthenticationService: { - ingress: { - host: matrixAuthenticationServiceHost, + elementAdmin: { + ingress: { + host: elementAdminHost, + }, }, - }, - matrixRTC: { - ingress: { - host: matrixRtcHost, + matrixAuthenticationService: { + ingress: { + host: matrixAuthenticationServiceHost, + }, }, - }, - wellKnownDelegation: { - baseDomainRedirect: { - enabled: false, + matrixRTC: { + ingress: { + host: matrixRtcHost, + }, + }, + wellKnownDelegation: { + baseDomainRedirect: { + enabled: false, + }, }, }, + + postrender: postrenderScript, }, -}) + { provider, dependsOn: namespace }, +) -const synapseService = chart.getServiceOutput(`${args.appName}-synapse`) -const elementWebService = chart.getServiceOutput(`${args.appName}-element-web`) -const elementAdminService = chart.getServiceOutput(`${args.appName}-element-admin`) -const matrixAuthenticationService = chart.getServiceOutput( +const serviceOptions = { dependsOn: release } +const synapseService = Service.get( + `${args.appName}-synapse`, + { namespace, name: `${args.appName}-synapse` }, + serviceOptions, +) +const elementWebService = Service.get( + `${args.appName}-element-web`, + { namespace, name: `${args.appName}-element-web` }, + serviceOptions, +) +const elementAdminService = Service.get( + `${args.appName}-element-admin`, + { namespace, name: `${args.appName}-element-admin` }, + serviceOptions, +) +const matrixAuthenticationService = Service.get( `${args.appName}-matrix-authentication-service`, + { namespace, name: `${args.appName}-matrix-authentication-service` }, + serviceOptions, ) -const matrixRtcAuthorisationService = chart.getServiceOutput( +const matrixRtcAuthorisationService = Service.get( `${args.appName}-matrix-rtc-authorisation-service`, + { namespace, name: `${args.appName}-matrix-rtc-authorisation-service` }, + serviceOptions, +) +const matrixRtcSfuService = Service.get( + `${args.appName}-matrix-rtc-sfu`, + { namespace, name: `${args.appName}-matrix-rtc-sfu` }, + serviceOptions, +) +const wellKnownService = Service.get( + `${args.appName}-well-known`, + { namespace, name: `${args.appName}-well-known` }, + serviceOptions, ) -const matrixRtcSfuService = chart.getServiceOutput(`${args.appName}-matrix-rtc-sfu`) -const wellKnownService = chart.getServiceOutput(`${args.appName}-well-known`) const commonRouteArgs = { accessPoint: inputs.accessPoint, @@ -86,7 +124,7 @@ new AccessPointRoute( endpoints: synapseService.endpoints, gatewayNativeData: synapseService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-element-web`, @@ -96,7 +134,7 @@ new AccessPointRoute( endpoints: elementWebService.endpoints, gatewayNativeData: elementWebService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-element-admin`, @@ -106,7 +144,7 @@ new AccessPointRoute( endpoints: elementAdminService.endpoints, gatewayNativeData: elementAdminService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-matrix-authentication-service`, @@ -116,7 +154,7 @@ new AccessPointRoute( endpoints: matrixAuthenticationService.endpoints, gatewayNativeData: matrixAuthenticationService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-matrix-rtc-sfu`, @@ -126,7 +164,7 @@ new AccessPointRoute( endpoints: matrixRtcSfuService.endpoints, gatewayNativeData: matrixRtcSfuService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-matrix-rtc-authorisation`, @@ -137,7 +175,7 @@ new AccessPointRoute( endpoints: matrixRtcAuthorisationService.endpoints, gatewayNativeData: matrixRtcAuthorisationService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) new AccessPointRoute( `${args.appName}-well-known`, @@ -148,14 +186,14 @@ new AccessPointRoute( endpoints: wellKnownService.endpoints, gatewayNativeData: wellKnownService, }, - { dependsOn: chart.chart }, + { dependsOn: release }, ) -const endpoints = await toPromise(chart.service.endpoints) +const endpoints = await toPromise(synapseService.endpoints) export default outputs({ - service: chart.service.entity, - endpoints: chart.service.endpoints, + service: synapseService.entity, + endpoints: synapseService.endpoints, $statusFields: { serverName: args.fqdn, diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts new file mode 100755 index 0000000..4be83a5 --- /dev/null +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -0,0 +1,9 @@ +#!/usr/bin/env node +import { readFileSync } from "node:fs" + +const input = readFileSync(0, "utf8") +const documents = input.split(/\n---\s*\n/) +const filtered = documents.filter(document => !/^\s*kind:\s*Ingress\s*$/m.test(document)) +const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") + +process.stdout.write(output.endsWith("\n") ? output : `${output}\n`) From f6f5f137298af1035f0c65789d4e5d8437056c9c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:12:40 +0000 Subject: [PATCH 19/31] Harden postrender script handling Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 6 +++++- packages/standard/k8s.apps/src/matrix-stack/postrender.ts | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index efe28c8..1efe5a9 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -19,7 +19,11 @@ const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -await chmod(postrenderScript, 0o755) +try { + await chmod(postrenderScript, 0o755) +} catch (error) { + throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) +} const provider = await getProviderAsync(inputs.k8sCluster) const chartPath = await resolveHelmChart(charts["matrix-stack"]) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts index 4be83a5..af06c6c 100755 --- a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -3,7 +3,8 @@ import { readFileSync } from "node:fs" const input = readFileSync(0, "utf8") const documents = input.split(/\n---\s*\n/) -const filtered = documents.filter(document => !/^\s*kind:\s*Ingress\s*$/m.test(document)) +const ingressPattern = /^\s*kind:\s*Ingress\s*(?:#.*)?$/m +const filtered = documents.filter(document => !ingressPattern.test(document)) const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") process.stdout.write(output.endsWith("\n") ? output : `${output}\n`) From d1016ceba2ed81ce585ce8fcdce2409815935f13 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:14:12 +0000 Subject: [PATCH 20/31] Refine postrender handling Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../standard/k8s.apps/src/matrix-stack/index.ts | 14 +++++++++----- .../k8s.apps/src/matrix-stack/postrender.ts | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 1efe5a9..7901519 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -1,4 +1,4 @@ -import { chmod } from "node:fs/promises" +import { chmod, stat } from "node:fs/promises" import { fileURLToPath } from "node:url" import { AccessPointRoute, l4EndpointToString } from "@highstate/common" import { getProviderAsync, Namespace, resolveHelmChart, Service } from "@highstate/k8s" @@ -19,10 +19,14 @@ const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -try { - await chmod(postrenderScript, 0o755) -} catch (error) { - throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) +const postrenderMode = (await stat(postrenderScript)).mode + +if ((postrenderMode & 0o111) === 0) { + try { + await chmod(postrenderScript, 0o755) + } catch (error) { + throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) + } } const provider = await getProviderAsync(inputs.k8sCluster) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts index af06c6c..7a8de2e 100755 --- a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -2,7 +2,7 @@ import { readFileSync } from "node:fs" const input = readFileSync(0, "utf8") -const documents = input.split(/\n---\s*\n/) +const documents = input.split(/^\s*---\s*$/m) const ingressPattern = /^\s*kind:\s*Ingress\s*(?:#.*)?$/m const filtered = documents.filter(document => !ingressPattern.test(document)) const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") From 25637f632521000ad6d893e1cbd29c78435116a3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:15:23 +0000 Subject: [PATCH 21/31] Improve postrender robustness Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 11 +++++------ .../standard/k8s.apps/src/matrix-stack/postrender.ts | 3 ++- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 7901519..13db844 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -19,14 +19,13 @@ const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -const postrenderMode = (await stat(postrenderScript)).mode - -if ((postrenderMode & 0o111) === 0) { - try { +try { + const postrenderMode = (await stat(postrenderScript)).mode + if ((postrenderMode & 0o111) === 0) { await chmod(postrenderScript, 0o755) - } catch (error) { - throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) } +} catch (error) { + throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) } const provider = await getProviderAsync(inputs.k8sCluster) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts index 7a8de2e..6368d56 100755 --- a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -2,7 +2,8 @@ import { readFileSync } from "node:fs" const input = readFileSync(0, "utf8") -const documents = input.split(/^\s*---\s*$/m) +const normalizedInput = input.replace(/\r\n/g, "\n").replace(/^---\s*\n/, "") +const documents = normalizedInput.split(/\n---\s*\n/) const ingressPattern = /^\s*kind:\s*Ingress\s*(?:#.*)?$/m const filtered = documents.filter(document => !ingressPattern.test(document)) const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") From f3419e81c373e2190420283fa70ec01fdd946bc9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:17:04 +0000 Subject: [PATCH 22/31] Polish postrender handling Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 +++- packages/standard/k8s.apps/src/matrix-stack/postrender.ts | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 13db844..97ce68a 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -25,7 +25,9 @@ try { await chmod(postrenderScript, 0o755) } } catch (error) { - throw new Error(`Failed to mark Helm postrender script as executable`, { cause: error }) + throw new Error(`Failed to mark Helm postrender script as executable: ${postrenderScript}`, { + cause: error, + }) } const provider = await getProviderAsync(inputs.k8sCluster) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts index 6368d56..3c8f8db 100755 --- a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -2,8 +2,8 @@ import { readFileSync } from "node:fs" const input = readFileSync(0, "utf8") -const normalizedInput = input.replace(/\r\n/g, "\n").replace(/^---\s*\n/, "") -const documents = normalizedInput.split(/\n---\s*\n/) +const normalizedInput = `\n${input.replace(/\r\n/g, "\n")}` +const documents = normalizedInput.split(/\n---\s*\n/).filter(Boolean) const ingressPattern = /^\s*kind:\s*Ingress\s*(?:#.*)?$/m const filtered = documents.filter(document => !ingressPattern.test(document)) const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") From 6e88b172d83ae744b9db8ee78bead9ba210c3345 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:18:13 +0000 Subject: [PATCH 23/31] Clarify postrender errors Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 97ce68a..3f25a48 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -25,6 +25,10 @@ try { await chmod(postrenderScript, 0o755) } } catch (error) { + if (error instanceof Error && "code" in error && error.code === "ENOENT") { + throw new Error(`Helm postrender script not found: ${postrenderScript}`, { cause: error }) + } + throw new Error(`Failed to mark Helm postrender script as executable: ${postrenderScript}`, { cause: error, }) From 50918746d334cd0802f6407ab0c14dd7bb751faf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:19:40 +0000 Subject: [PATCH 24/31] Adjust postrender splitting Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/postrender.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts index 3c8f8db..209162d 100755 --- a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/postrender.ts @@ -2,8 +2,11 @@ import { readFileSync } from "node:fs" const input = readFileSync(0, "utf8") -const normalizedInput = `\n${input.replace(/\r\n/g, "\n")}` -const documents = normalizedInput.split(/\n---\s*\n/).filter(Boolean) +const normalizedInput = input.replace(/\r\n/g, "\n") +const rawDocuments = normalizedInput.split(/\n---\s*\n/) +const documents = (normalizedInput.startsWith("---") ? rawDocuments.slice(1) : rawDocuments).filter( + Boolean, +) const ingressPattern = /^\s*kind:\s*Ingress\s*(?:#.*)?$/m const filtered = documents.filter(document => !ingressPattern.test(document)) const output = filtered.filter(document => document.trim().length > 0).join("\n---\n") From 1f981b19aa5eeb3617c772c74001732303f8ef78 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:20:59 +0000 Subject: [PATCH 25/31] Refactor matrix stack service names Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 3f25a48..5550004 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -87,39 +87,47 @@ const release = new helm.v3.Release( ) const serviceOptions = { dependsOn: release } +const serviceName = (name: string) => `${args.appName}-${name}` +const synapseServiceName = serviceName("synapse") +const elementWebServiceName = serviceName("element-web") +const elementAdminServiceName = serviceName("element-admin") +const matrixAuthenticationServiceName = serviceName("matrix-authentication-service") +const matrixRtcAuthorisationServiceName = serviceName("matrix-rtc-authorisation-service") +const matrixRtcSfuServiceName = serviceName("matrix-rtc-sfu") +const wellKnownServiceName = serviceName("well-known") const synapseService = Service.get( - `${args.appName}-synapse`, - { namespace, name: `${args.appName}-synapse` }, + synapseServiceName, + { namespace, name: synapseServiceName }, serviceOptions, ) const elementWebService = Service.get( - `${args.appName}-element-web`, - { namespace, name: `${args.appName}-element-web` }, + elementWebServiceName, + { namespace, name: elementWebServiceName }, serviceOptions, ) const elementAdminService = Service.get( - `${args.appName}-element-admin`, - { namespace, name: `${args.appName}-element-admin` }, + elementAdminServiceName, + { namespace, name: elementAdminServiceName }, serviceOptions, ) const matrixAuthenticationService = Service.get( - `${args.appName}-matrix-authentication-service`, - { namespace, name: `${args.appName}-matrix-authentication-service` }, + matrixAuthenticationServiceName, + { namespace, name: matrixAuthenticationServiceName }, serviceOptions, ) const matrixRtcAuthorisationService = Service.get( - `${args.appName}-matrix-rtc-authorisation-service`, - { namespace, name: `${args.appName}-matrix-rtc-authorisation-service` }, + matrixRtcAuthorisationServiceName, + { namespace, name: matrixRtcAuthorisationServiceName }, serviceOptions, ) const matrixRtcSfuService = Service.get( - `${args.appName}-matrix-rtc-sfu`, - { namespace, name: `${args.appName}-matrix-rtc-sfu` }, + matrixRtcSfuServiceName, + { namespace, name: matrixRtcSfuServiceName }, serviceOptions, ) const wellKnownService = Service.get( - `${args.appName}-well-known`, - { namespace, name: `${args.appName}-well-known` }, + wellKnownServiceName, + { namespace, name: wellKnownServiceName }, serviceOptions, ) From ce1a6c54d60e2f362b78cd32cadf862d696f5b38 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:22:33 +0000 Subject: [PATCH 26/31] Deduplicate matrix stack service lookups Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 76 ++++++++----------- 1 file changed, 30 insertions(+), 46 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 5550004..f8e6ad2 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -18,22 +18,33 @@ const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) +let postrenderReady = false -try { - const postrenderMode = (await stat(postrenderScript)).mode - if ((postrenderMode & 0o111) === 0) { - await chmod(postrenderScript, 0o755) - } -} catch (error) { - if (error instanceof Error && "code" in error && error.code === "ENOENT") { - throw new Error(`Helm postrender script not found: ${postrenderScript}`, { cause: error }) +const ensurePostrenderExecutable = async () => { + if (postrenderReady) { + return } - throw new Error(`Failed to mark Helm postrender script as executable: ${postrenderScript}`, { - cause: error, - }) + postrenderReady = true + + try { + const postrenderMode = (await stat(postrenderScript)).mode + if ((postrenderMode & 0o111) === 0) { + await chmod(postrenderScript, 0o755) + } + } catch (error) { + if (error instanceof Error && "code" in error && error.code === "ENOENT") { + throw new Error(`Helm postrender script not found: ${postrenderScript}`, { cause: error }) + } + + throw new Error(`Failed to mark Helm postrender script as executable: ${postrenderScript}`, { + cause: error, + }) + } } +await ensurePostrenderExecutable() + const provider = await getProviderAsync(inputs.k8sCluster) const chartPath = await resolveHelmChart(charts["matrix-stack"]) @@ -95,41 +106,14 @@ const matrixAuthenticationServiceName = serviceName("matrix-authentication-servi const matrixRtcAuthorisationServiceName = serviceName("matrix-rtc-authorisation-service") const matrixRtcSfuServiceName = serviceName("matrix-rtc-sfu") const wellKnownServiceName = serviceName("well-known") -const synapseService = Service.get( - synapseServiceName, - { namespace, name: synapseServiceName }, - serviceOptions, -) -const elementWebService = Service.get( - elementWebServiceName, - { namespace, name: elementWebServiceName }, - serviceOptions, -) -const elementAdminService = Service.get( - elementAdminServiceName, - { namespace, name: elementAdminServiceName }, - serviceOptions, -) -const matrixAuthenticationService = Service.get( - matrixAuthenticationServiceName, - { namespace, name: matrixAuthenticationServiceName }, - serviceOptions, -) -const matrixRtcAuthorisationService = Service.get( - matrixRtcAuthorisationServiceName, - { namespace, name: matrixRtcAuthorisationServiceName }, - serviceOptions, -) -const matrixRtcSfuService = Service.get( - matrixRtcSfuServiceName, - { namespace, name: matrixRtcSfuServiceName }, - serviceOptions, -) -const wellKnownService = Service.get( - wellKnownServiceName, - { namespace, name: wellKnownServiceName }, - serviceOptions, -) +const getService = (name: string) => Service.get(name, { namespace, name }, serviceOptions) +const synapseService = getService(synapseServiceName) +const elementWebService = getService(elementWebServiceName) +const elementAdminService = getService(elementAdminServiceName) +const matrixAuthenticationService = getService(matrixAuthenticationServiceName) +const matrixRtcAuthorisationService = getService(matrixRtcAuthorisationServiceName) +const matrixRtcSfuService = getService(matrixRtcSfuServiceName) +const wellKnownService = getService(wellKnownServiceName) const commonRouteArgs = { accessPoint: inputs.accessPoint, From a9a7a8072e9c2d3d75c50070ce27a24a51786092 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:24:12 +0000 Subject: [PATCH 27/31] Memoize postrender setup Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/index.ts | 50 +++++++++++-------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index f8e6ad2..8a45f09 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -18,29 +18,34 @@ const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -let postrenderReady = false - -const ensurePostrenderExecutable = async () => { - if (postrenderReady) { - return +let postrenderReady: Promise | undefined + +const ensurePostrenderExecutable = () => { + if (!postrenderReady) { + postrenderReady = (async () => { + try { + const postrenderMode = (await stat(postrenderScript)).mode + if ((postrenderMode & 0o111) === 0) { + await chmod(postrenderScript, 0o755) + } + } catch (error) { + if (error instanceof Error && "code" in error && error.code === "ENOENT") { + throw new Error(`Helm postrender script not found: ${postrenderScript}`, { + cause: error, + }) + } + + throw new Error( + `Failed to mark Helm postrender script as executable: ${postrenderScript}`, + { + cause: error, + }, + ) + } + })() } - postrenderReady = true - - try { - const postrenderMode = (await stat(postrenderScript)).mode - if ((postrenderMode & 0o111) === 0) { - await chmod(postrenderScript, 0o755) - } - } catch (error) { - if (error instanceof Error && "code" in error && error.code === "ENOENT") { - throw new Error(`Helm postrender script not found: ${postrenderScript}`, { cause: error }) - } - - throw new Error(`Failed to mark Helm postrender script as executable: ${postrenderScript}`, { - cause: error, - }) - } + return postrenderReady } await ensurePostrenderExecutable() @@ -106,7 +111,8 @@ const matrixAuthenticationServiceName = serviceName("matrix-authentication-servi const matrixRtcAuthorisationServiceName = serviceName("matrix-rtc-authorisation-service") const matrixRtcSfuServiceName = serviceName("matrix-rtc-sfu") const wellKnownServiceName = serviceName("well-known") -const getService = (name: string) => Service.get(name, { namespace, name }, serviceOptions) +const getService = (serviceName: string) => + Service.get(serviceName, { namespace, name: serviceName }, serviceOptions) const synapseService = getService(synapseServiceName) const elementWebService = getService(elementWebServiceName) const elementAdminService = getService(elementAdminServiceName) From 52f4f354dcc0f4a9186ec83f2982b7d2d50e1b26 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:25:37 +0000 Subject: [PATCH 28/31] Switch postrender script to JS Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../k8s.apps/src/matrix-stack/{postrender.ts => postrender.js} | 0 packages/standard/k8s.apps/tsconfig.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename packages/standard/k8s.apps/src/matrix-stack/{postrender.ts => postrender.js} (100%) diff --git a/packages/standard/k8s.apps/src/matrix-stack/postrender.ts b/packages/standard/k8s.apps/src/matrix-stack/postrender.js similarity index 100% rename from packages/standard/k8s.apps/src/matrix-stack/postrender.ts rename to packages/standard/k8s.apps/src/matrix-stack/postrender.js diff --git a/packages/standard/k8s.apps/tsconfig.json b/packages/standard/k8s.apps/tsconfig.json index e833636..e73b08d 100644 --- a/packages/standard/k8s.apps/tsconfig.json +++ b/packages/standard/k8s.apps/tsconfig.json @@ -1,4 +1,4 @@ { "extends": "./node_modules/@highstate/cli/assets/tsconfig.base.json", - "include": ["./src/**/*.ts", "./package.json", "./assets/**/*.json"] + "include": ["./src/**/*.{js,ts}", "./package.json", "./assets/**/*.json"] } From 360071d93a9f1d29a3dd05c768cdff889a10e739 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:26:53 +0000 Subject: [PATCH 29/31] Rename service helper param Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index 8a45f09..d0fd90c 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -111,8 +111,7 @@ const matrixAuthenticationServiceName = serviceName("matrix-authentication-servi const matrixRtcAuthorisationServiceName = serviceName("matrix-rtc-authorisation-service") const matrixRtcSfuServiceName = serviceName("matrix-rtc-sfu") const wellKnownServiceName = serviceName("well-known") -const getService = (serviceName: string) => - Service.get(serviceName, { namespace, name: serviceName }, serviceOptions) +const getService = (name: string) => Service.get(name, { namespace, name }, serviceOptions) const synapseService = getService(synapseServiceName) const elementWebService = getService(elementWebServiceName) const elementAdminService = getService(elementAdminServiceName) From 8bcd59b11ef455e8109a643206762b7f7a1f0b82 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:27:56 +0000 Subject: [PATCH 30/31] Clarify executable constants Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- .../standard/k8s.apps/src/matrix-stack/index.ts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index d0fd90c..b260b64 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -18,15 +18,17 @@ const matrixRtcHost = `mrtc.${args.fqdn}` const elementAdminHost = `admin.${args.fqdn}` const HELM_INGRESS_DISABLED_VALUE = "none" const postrenderScript = fileURLToPath(new URL("./postrender.js", import.meta.url)) -let postrenderReady: Promise | undefined +const EXECUTABLE_MASK = 0o111 +const EXECUTABLE_MODE = 0o755 +let postrenderExecutablePromise: Promise | undefined const ensurePostrenderExecutable = () => { - if (!postrenderReady) { - postrenderReady = (async () => { + if (!postrenderExecutablePromise) { + postrenderExecutablePromise = (async () => { try { const postrenderMode = (await stat(postrenderScript)).mode - if ((postrenderMode & 0o111) === 0) { - await chmod(postrenderScript, 0o755) + if ((postrenderMode & EXECUTABLE_MASK) === 0) { + await chmod(postrenderScript, EXECUTABLE_MODE) } } catch (error) { if (error instanceof Error && "code" in error && error.code === "ENOENT") { @@ -45,7 +47,7 @@ const ensurePostrenderExecutable = () => { })() } - return postrenderReady + return postrenderExecutablePromise } await ensurePostrenderExecutable() From e2a19f775202579c7e89c01449aedc3675fbfc16 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:28:46 +0000 Subject: [PATCH 31/31] Rename service helper param Co-authored-by: Exeteres <29506045+Exeteres@users.noreply.github.com> --- packages/standard/k8s.apps/src/matrix-stack/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/standard/k8s.apps/src/matrix-stack/index.ts b/packages/standard/k8s.apps/src/matrix-stack/index.ts index b260b64..09cc881 100644 --- a/packages/standard/k8s.apps/src/matrix-stack/index.ts +++ b/packages/standard/k8s.apps/src/matrix-stack/index.ts @@ -113,7 +113,8 @@ const matrixAuthenticationServiceName = serviceName("matrix-authentication-servi const matrixRtcAuthorisationServiceName = serviceName("matrix-rtc-authorisation-service") const matrixRtcSfuServiceName = serviceName("matrix-rtc-sfu") const wellKnownServiceName = serviceName("well-known") -const getService = (name: string) => Service.get(name, { namespace, name }, serviceOptions) +const getService = (serviceName: string) => + Service.get(serviceName, { namespace, name: serviceName }, serviceOptions) const synapseService = getService(synapseServiceName) const elementWebService = getService(elementWebServiceName) const elementAdminService = getService(elementAdminServiceName)