forked from hswaw/hscloud
Merge changes I92c7cdf9,I54334f4e,I93472c8c,If5063a3b,I2778c543, ...
* changes: matrix.hackerspace.pl: add secret appservice-irc mappings matrix.hackerspace.pl: give appservce-irc admin access to q3k and inf matrix.hackerspace.pl: disable bootstrap jobs matrix: appservice-irc: set debugService.enable if needed matrix: add bootstrapJob config flag to appservices matrix: bump appservice-ircmaster
commit
e1d8680110
|
@ -6,9 +6,29 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
local cfg = bridge.cfg,
|
||||
cfg:: {
|
||||
metadata: {},
|
||||
// Whether the bootstrap job should be created/updated. Kubernetes
|
||||
// doesn't like changing the configuration of jobs, so once this
|
||||
// appservice has been set up, this flag should be flipped to
|
||||
// false.
|
||||
bootstrapJob: true,
|
||||
config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
|
||||
local appservicecfg = self,
|
||||
ircService+: {
|
||||
[if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem"
|
||||
[if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem",
|
||||
debugApi+: {
|
||||
# Unfortunately, we have to enable the debugApi if any
|
||||
# configured server wants to use
|
||||
# ignoreIdleUsersOnStartup. This is seemingly an
|
||||
# appservice-irc bug:
|
||||
# https://github.com/matrix-org/matrix-appservice-irc/issues/1240
|
||||
enabled: std.length(std.filter(
|
||||
function (k) (
|
||||
local v = appservicecfg.ircService.servers[k];
|
||||
v.membershipLists.ignoreIdleUsersOnStartup.enabled == true
|
||||
),
|
||||
std.objectFields(appservicecfg.ircService.servers)
|
||||
)) > 0,
|
||||
},
|
||||
},
|
||||
},
|
||||
image: error "image must be set",
|
||||
|
@ -20,9 +40,9 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
passwordEncryptionKeySecret: null,
|
||||
},
|
||||
|
||||
config: kube.ConfigMap("appservice-irc-%s" % [name]) {
|
||||
config: kube.Secret("appservice-irc-%s" % [name]) {
|
||||
metadata+: cfg.metadata,
|
||||
data: {
|
||||
data_: {
|
||||
"config.yaml": std.manifestJsonEx(cfg.config, ""),
|
||||
},
|
||||
},
|
||||
|
@ -40,7 +60,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
|
||||
bootstrapJob: kube.Job("appservice-irc-%s-bootstrap" % [name]) {
|
||||
bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-irc-%s-bootstrap" % [name]) {
|
||||
metadata+: cfg.metadata {
|
||||
labels: {
|
||||
"job-name": "appservice-irc-%s-bootstrap" % [name],
|
||||
|
@ -64,7 +84,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}) else {},
|
||||
|
||||
deployment: kube.Deployment("appservice-irc-%s" % [name]) {
|
||||
metadata+: cfg.metadata,
|
||||
|
@ -73,7 +93,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
template+: {
|
||||
spec+: {
|
||||
volumes_: {
|
||||
config: kube.ConfigMapVolume(bridge.config),
|
||||
config: kube.SecretVolume(bridge.config),
|
||||
data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
|
||||
registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
|
||||
} + (if cfg.passwordEncryptionKeySecret != null then {
|
||||
|
|
|
@ -6,6 +6,11 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
local cfg = bridge.cfg,
|
||||
cfg:: {
|
||||
metadata: {},
|
||||
// Whether the bootstrap job should be created/updated. Kubernetes
|
||||
// doesn't like changing the configuration of jobs, so once this
|
||||
// appservice has been set up, this flag should be flipped to
|
||||
// false.
|
||||
bootstrapJob: true,
|
||||
image: error "image must be set",
|
||||
storageClassName: error "storageClassName must be set",
|
||||
|
||||
|
@ -64,7 +69,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
|
||||
bootstrapJob: kube.Job("appservice-telegram-%s-bootstrap" % [name]) {
|
||||
bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-telegram-%s-bootstrap" % [name]) {
|
||||
metadata+: cfg.metadata {
|
||||
labels: {
|
||||
"job-name": "appservice-telegram-%s-bootstrap" % [name],
|
||||
|
@ -91,7 +96,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}) else {},
|
||||
|
||||
deployment: kube.Deployment("appservice-telegram-%s" % [name]) {
|
||||
metadata+: cfg.metadata,
|
||||
|
|
|
@ -65,9 +65,8 @@ local synapse = import "./synapse.libsonnet";
|
|||
synapse: "matrixdotorg/synapse:v1.25.0",
|
||||
riot: "vectorim/riot-web:v1.7.18",
|
||||
casProxy: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
|
||||
appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.23.0",
|
||||
# That's v0.8.2 - we just don't trust that host to not re-tag images.
|
||||
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
|
||||
appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.26.0",
|
||||
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:c6e25cb57e1b67027069e8dc2627338df35d156315c004a6f2b34b6aeaa79f77",
|
||||
wellKnown: "registry.k0.hswaw.net/q3k/wellknown:1611960794-adbf560851a46ad0e58b42f0daad7ef19535687c",
|
||||
},
|
||||
|
||||
|
|
|
@ -38,14 +38,20 @@ matrix {
|
|||
nodeSelector: {
|
||||
"kubernetes.io/hostname": "bc01n02.hswaw.net",
|
||||
},
|
||||
bootstrapJob: false,
|
||||
config+: {
|
||||
homeserver+: {
|
||||
url: "https://%s" % [cfg.webDomain],
|
||||
domain: "%s" % [cfg.serverName],
|
||||
},
|
||||
ircService+: {
|
||||
permissions: {
|
||||
"@q3k:hackerspace.pl": "admin",
|
||||
"@informatic:hackerspace.pl": "admin",
|
||||
},
|
||||
servers+: {
|
||||
"irc.freenode.net"+: {
|
||||
mappings+: import "secrets/plain/appservice-irc-freenode-mappings.jsonnet",
|
||||
ircClients+: {
|
||||
maxClients: 150,
|
||||
},
|
||||
|
@ -61,6 +67,7 @@ matrix {
|
|||
image: cfg.images.appserviceTelegram,
|
||||
storageClassName: cfg.storageClassName,
|
||||
metadata: app.metadata("appservice-telegram-prod"),
|
||||
bootstrapJob: false,
|
||||
|
||||
config+: {
|
||||
homeserver+: {
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzhuiT4RC8VbAQgAs87+NMBP+wny18oRBXEBXXNx8Uu4zJf8kJtxZgsPoUsH
|
||||
WZoNNUFeCdEvPse7IgEv5k9aaZDHR1mAQmRSwUcQQdAJ4u0Ry4UukyAMnoDsVvHo
|
||||
0yetyrbuWRO7aM4qI+34IOAPKQKUaj5kLrKXkRIcBVh4+owVPoIDTNPkwmZJTVb2
|
||||
lYZqrrdhGrY35ZJhOF6GgpaKvExowzfpIxsSySvUueZmfFhfO3GjoGDgZUosEPB6
|
||||
u7cmn5WxiM73+Lj4C6Qa44nvFj+HCVBZAAJ3uMfkx3XRWSCkXOYtx+VHvLkuLjsc
|
||||
ZuzKg8XNYqwmlyQdsIS2/RWI50sff1aIXjplaKJ7k4UBDANcG2tp6fXqvgEH/1iF
|
||||
HnUsfuRnO/XldHLLP04n/Vyzv4QrYV3uP4EwkVNSRrURg8TvJHnpaEnq4wyR+OPg
|
||||
JlQtBntVzfWxrwH0tTMLN5GM4eaTjfe/UlXqnmtAfo2byn17hvF9EAJdG86jLZ0J
|
||||
3OO3uVb7fMH7wk/R7PwzXPfKunVNJPrXfZvUDirBE4oiFBc2hhQ5QFTabRUIgzgC
|
||||
73ITigfHyT/c/TxEK2gxGZXoxRzgB35/DtYUlUSMvvujURkULh/H79H2WU5D8eN7
|
||||
Oj/zrTAB8D2Udw8ppnrHQk1Bt9/ees4HYhTJRxiYEHVa8wIkJGugfLpjJt8xQRQR
|
||||
dGT/Bpc23lpSwMF5BB6FAgwD4gPJTlzrs+8BD/0SPCH8Kni9Nw6DYNZ3/BOUq7Xk
|
||||
deGxLsAAaBGZiOa1VyVBEJDyL0KTQWDFQGfhjsQSAf41rBcuRDzDpKP9pg0yL/Zz
|
||||
w3YJD1uuxTTIbD6/104+JqQTeHKSsDZJIFI5o1ieZKs6O8F9ojOEmckJtpruyL/e
|
||||
lxysRssZSNaH3a5J2knmy4rMLABL5+okePt+dNKOjtWFM6ntsN4sxTsXdtI9uL5I
|
||||
Y1dCUyvGct64FrhmQXzC+SaT0g6oz45y9tDgAjekIaQMd5/VeKBCH4Tk6IncCW5+
|
||||
bpiBTY8qCbkXKCGay4xrzyVwoN9+1ez7JdYT7MO7/qopleuCgHjkcXmg0l3jBWAq
|
||||
IYFjcl9xn4LJMiqPHPVY4E71zqna0qCW/BvksbV68LXDlq03ftZwJhdW6EQhjyF1
|
||||
Zeutaz5xqrjixu8Ajwd2X8RAaiYzF2qT/wWl8iGihqBNYnE+5MXEr7enCbBkrjJN
|
||||
OSsZAe1jbMDKa480lT8/ifYQepsNeoQwn34nj8xlh4xr20OaED13UOiXPgRs0f1f
|
||||
kthPRM5CphVqEhE8vkw1ooqqNzL4CP134xu0WioJQW8BZWnFxw368bnAj+pDSzxP
|
||||
8MSprJzwM0H1FuFu/IGFpY8IFHj2OPdEmlLOzmjHQ8iM5+JmZynCv3iUDkOrWHBT
|
||||
Yj99hWp8QnvvijG0o9LARAG4pH1//SPgVMl9mVCkmVTnXHn3p4kaP00cIlkyCKIZ
|
||||
JsF4ynrTzrzzPwSa0J8IQw9hrhxM4Q0cxldFNRwrlyH1tPztGVcx9QjpCV3t+doE
|
||||
020IWVnS4k9n3hVYc5OmaQNhVc8HfljdvP06udLgcj/MXbMaK27VZfmkBnd/KFKc
|
||||
LiOkY4JaRvAalXku5lRtw4MGpzn3V9FqwQVQTMQs/iTR1G6kPrAWyH5WhrzmjNB2
|
||||
u3fFV74Y35BuZj/3S4LUoD6fOquLkwJnE3xXqrBezp3zIG0ExQH2GQ4X88BJY5YC
|
||||
M2AQ/ciBMS6UBp/t7P2CKvnaNl2QMdbbK6GOlbVyCnEg74PR
|
||||
=tKI3
|
||||
-----END PGP MESSAGE-----
|
Loading…
Reference in New Issue