forked from hswaw/hscloud
Merge changes Ic71cbdce,I097b58ef
* changes: app/matrix: cleanup irc bridge registration oneliner app/matrix: add wellKnown server integrationmaster
commit
77351a68c7
|
|
@ -23,7 +23,7 @@
|
|||
#
|
||||
# For appservice-irc instances, you can use this oneliner magic to get the
|
||||
# registration YAML from logs.
|
||||
# kubectl -n matrix create secret generic appservice-irc-freenode-registration --from-file=registration.yaml=<(kubectl logs -n matrix $(kubectl get pods -n matrix --selector=job-name=appservice-irc-freenode-bootstrap --output=jsonpath='{.items[*].metadata.name}') | tail -n +4 | sed -r 's/(.*aliases:.*)/ group_id: "+freenode:hackerspace.pl"\n\1/')
|
||||
# kubectl -n matrix create secret generic appservice-irc-freenode-registration --from-file=registration.yaml=<(kubectl -n matrix logs job/appservice-irc-freenode-bootstrap | tail -n +4 | sed -r 's/(.*aliases:.*)/ group_id: "+freenode:hackerspace.pl"\n\1/')
|
||||
#
|
||||
# For appservice-telegram instances, you can use this oneliner magic:
|
||||
# kubectl -n matrix create secret generic appservice-telegram-prod-registration --from-file=registration.yaml=<(kubectl -n matrix logs job/appservice-telegram-prod-bootstrap | grep -A 100 SNIPSNIP | grep -v SNIPSNIP)
|
||||
|
|
@ -49,6 +49,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
|||
appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
|
||||
# That's v0.8.2 - we just don't trust that host to not re-tag images.
|
||||
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
|
||||
wellKnown: "registry.k0.hswaw.net/q3k/wellknown:1611960794-adbf560851a46ad0e58b42f0daad7ef19535687c",
|
||||
},
|
||||
|
||||
# Central Authentication Scheme, a single-sign-on system. Note: this flow is now called 'SSO' in Matrix, we keep this name for legacy reasons.
|
||||
|
|
@ -66,6 +67,8 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
|||
userinfoURL: error "cas.oauth2.userinfoURL must be set",
|
||||
},
|
||||
},
|
||||
|
||||
wellKnown: false,
|
||||
},
|
||||
|
||||
metadata(component):: {
|
||||
|
|
@ -351,6 +354,37 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
|||
target_pod:: app.riotDeployment.spec.template,
|
||||
},
|
||||
|
||||
wellKnown: if cfg.wellKnown then {
|
||||
deployment: kube.Deployment("wellknown") {
|
||||
metadata+: app.metadata("wellknown"),
|
||||
spec+: {
|
||||
replicas: 1,
|
||||
template+: {
|
||||
spec+: {
|
||||
containers_: {
|
||||
web: kube.Container("wellknown") {
|
||||
image: cfg.images.wellKnown,
|
||||
ports_: {
|
||||
http: { containerPort: 8080 },
|
||||
},
|
||||
command: ["/app/matrix/wellknown"],
|
||||
args: ["-hspki_disable", "-domain", cfg.webDomain],
|
||||
},
|
||||
},
|
||||
securityContext: {
|
||||
runAsUser: 101,
|
||||
runAsGroup: 101,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
svc: kube.Service("wellknown") {
|
||||
metadata+: app.metadata("wellknown"),
|
||||
target_pod:: app.wellKnown.deployment.spec.template,
|
||||
},
|
||||
} else {},
|
||||
|
||||
// Any appservice you add here will require an appservice-X-registration
|
||||
// secret containing a registration.yaml file. Adding something to this
|
||||
// dictionary will cause Synapse to not start until that secret is
|
||||
|
|
@ -383,6 +417,8 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
|||
{ path: "/_matrix", backend: app.synapseSvc.name_port },
|
||||
] + (if cfg.cas.enable then [
|
||||
{ path: "/_cas", backend: app.casSvc.name_port },
|
||||
] else []) + (if cfg.wellKnown then [
|
||||
{ path: "/.well-known/matrix", backend: app.wellKnown.svc.name_port },
|
||||
] else [])
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue