Merge changes I2afe9e52,Ideb13ba9

* changes:
  app/matrix/appservice-irc: implement passwordEncryptionKey
  app/matrix/appservice-irc: add ignoreIdleUsersOnStartup option
This commit is contained in:
q3k 2021-05-19 15:41:55 +00:00 committed by Gerrit Code Review
commit 6751d826f1
3 changed files with 27 additions and 3 deletions

View file

@ -6,9 +6,18 @@ local kube = import "../../../kube/kube.libsonnet";
local cfg = bridge.cfg,
cfg:: {
metadata: {},
config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0],
config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
ircService+: {
[if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem"
},
},
image: error "image must be set",
storageClassName: error "storageClassName must be set",
# RSA encryption private key secret name containing "key.pem" key
# Create using:
# kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
passwordEncryptionKeySecret: null,
},
config: kube.ConfigMap("appservice-irc-%s" % [name]) {
@ -67,7 +76,9 @@ local kube = import "../../../kube/kube.libsonnet";
config: kube.ConfigMapVolume(bridge.config),
data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
},
} + (if cfg.passwordEncryptionKeySecret != null then {
key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
} else {}),
nodeSelector: cfg.nodeSelector,
containers_: {
appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
@ -80,7 +91,9 @@ local kube = import "../../../kube/kube.libsonnet";
registration: { mountPath: "/registration", },
config: { mountPath: "/config", },
data: { mountPath: "/data" },
},
} + (if cfg.passwordEncryptionKeySecret != null then {
key: { mountPath: "/key" },
} else {}),
},
},
},

View file

@ -239,6 +239,16 @@ ircService:
# initial: false
# incremental: false
# Should the bridge ignore users which are not considered active on the bridge
# during startup
ignoreIdleUsersOnStartup:
enabled: true
# How many hours can a user be considered idle for before they are considered
# ignoreable
idleForHours: 72
# A regex which will exclude matching MXIDs from this check.
# exclude: "foobar"
#mappings:
# 1:many mappings from IRC channels to room IDs on this IRC server.
# The matrix room must already exist. Your matrix client should expose

View file

@ -53,6 +53,7 @@ matrix {
},
},
},
passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
},
},
"telegram-prod": telegram.AppServiceTelegram("prod") {