forked from hswaw/hscloud
app/matrix: parametrize configuration
This adds cfg.cas.enable, and parametrizes homeserver.yaml from jsonnet configuration. Change-Id: I37a9b27a7080248cdd70282b897bbf6d3f9ae5f6master
parent
60076c70f8
commit
ace32c0360
|
@ -31,12 +31,19 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
serverName: error "cfg.serverName must be set",
|
serverName: error "cfg.serverName must be set",
|
||||||
storageClassName: "waw-hdd-redundant-3",
|
storageClassName: "waw-hdd-redundant-3",
|
||||||
|
|
||||||
synapseImage: "matrixdotorg/synapse:v1.19.2",
|
images: {
|
||||||
riotImage: "vectorim/riot-web:v1.7.7",
|
synapse: "matrixdotorg/synapse:v1.19.2",
|
||||||
casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
|
riot: "vectorim/riot-web:v1.7.7",
|
||||||
appserviceIRCImage: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
|
casProxy: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
|
||||||
# That's v0.8.2 - we just don't trust that host to not re-tag images.
|
appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
|
||||||
appserviceTelegramImage: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330"
|
# That's v0.8.2 - we just don't trust that host to not re-tag images.
|
||||||
|
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
|
||||||
|
},
|
||||||
|
|
||||||
|
cas: {
|
||||||
|
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
|
||||||
|
enable: false,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
metadata(component):: {
|
metadata(component):: {
|
||||||
|
@ -76,15 +83,35 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
// homeserver.yaml that will be used to run synapse (in synapseConfig ConfigMap).
|
||||||
|
// This is based off of //app/matrix/lib/synapse/homeserver.yaml with some fields overriden per
|
||||||
|
// deployment.
|
||||||
|
// Note this is a templated yaml - {{}}/{%%} style. This templatization is consumed by the Docker
|
||||||
|
// container startup magic.
|
||||||
|
homeserverYaml:: (std.native("parseYaml"))(importstr "synapse/homeserver.yaml")[0] {
|
||||||
|
server_name: cfg.serverName,
|
||||||
|
public_baseurl: "https://%s" % [cfg.webDomain],
|
||||||
|
signing_key_path: "/data/%s.signing.key" % [cfg.serverName],
|
||||||
|
cas_config+: if cfg.cas.enable then {
|
||||||
|
enabled: true,
|
||||||
|
server_url: "https://%s/_cas" % [cfg.webDomain],
|
||||||
|
service_url: "https://%s" % [cfg.webDomain],
|
||||||
|
} else {},
|
||||||
|
app_service_config_files: [
|
||||||
|
"/data/appservices/%s.yaml" % [k]
|
||||||
|
for k in std.objectFields(app.appservices)
|
||||||
|
],
|
||||||
|
},
|
||||||
|
|
||||||
synapseConfig: kube.ConfigMap("synapse") {
|
synapseConfig: kube.ConfigMap("synapse") {
|
||||||
metadata+: app.metadata("synapse"),
|
metadata+: app.metadata("synapse"),
|
||||||
data: {
|
data: {
|
||||||
"homeserver.yaml": importstr "synapse/homeserver.yaml",
|
"homeserver.yaml": std.manifestYamlDoc(app.homeserverYaml),
|
||||||
"log.config": importstr "synapse/log.config",
|
"log.config": importstr "synapse/log.config",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
casDeployment: kube.Deployment("oauth2-cas-proxy") {
|
casDeployment: if cfg.cas.enable then kube.Deployment("oauth2-cas-proxy") {
|
||||||
metadata+: app.metadata("oauth2-cas-proxy"),
|
metadata+: app.metadata("oauth2-cas-proxy"),
|
||||||
spec+: {
|
spec+: {
|
||||||
replicas: 1,
|
replicas: 1,
|
||||||
|
@ -92,7 +119,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
spec+: {
|
spec+: {
|
||||||
containers_: {
|
containers_: {
|
||||||
proxy: kube.Container("oauth2-cas-proxy") {
|
proxy: kube.Container("oauth2-cas-proxy") {
|
||||||
image: cfg.casProxyImage,
|
image: cfg.images.casProxy,
|
||||||
ports_: {
|
ports_: {
|
||||||
http: { containerPort: 5000 },
|
http: { containerPort: 5000 },
|
||||||
},
|
},
|
||||||
|
@ -109,7 +136,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
casSvc: kube.Service("oauth2-cas-proxy") {
|
casSvc: if cfg.cas.enable then kube.Service("oauth2-cas-proxy") {
|
||||||
metadata+: app.metadata("oauth2-cas-proxy"),
|
metadata+: app.metadata("oauth2-cas-proxy"),
|
||||||
target_pod:: app.casDeployment.spec.template,
|
target_pod:: app.casDeployment.spec.template,
|
||||||
},
|
},
|
||||||
|
@ -129,7 +156,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
},
|
},
|
||||||
containers_: {
|
containers_: {
|
||||||
web: kube.Container("synapse") {
|
web: kube.Container("synapse") {
|
||||||
image: cfg.synapseImage,
|
image: cfg.images.synapse,
|
||||||
command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"],
|
command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"],
|
||||||
ports_: {
|
ports_: {
|
||||||
http: { containerPort: 8008 },
|
http: { containerPort: 8008 },
|
||||||
|
@ -216,7 +243,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
},
|
},
|
||||||
containers_: {
|
containers_: {
|
||||||
web: kube.Container("riot-web") {
|
web: kube.Container("riot-web") {
|
||||||
image: cfg.riotImage,
|
image: cfg.images.riot,
|
||||||
ports_: {
|
ports_: {
|
||||||
http: { containerPort: 80 },
|
http: { containerPort: 80 },
|
||||||
},
|
},
|
||||||
|
@ -268,8 +295,9 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
paths: [
|
paths: [
|
||||||
{ path: "/", backend: app.riotSvc.name_port },
|
{ path: "/", backend: app.riotSvc.name_port },
|
||||||
{ path: "/_matrix", backend: app.synapseSvc.name_port },
|
{ path: "/_matrix", backend: app.synapseSvc.name_port },
|
||||||
|
] + (if cfg.cas.enable then [
|
||||||
{ path: "/_cas", backend: app.casSvc.name_port },
|
{ path: "/_cas", backend: app.casSvc.name_port },
|
||||||
]
|
] else [])
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
|
|
||||||
## Server ##
|
## Server ##
|
||||||
|
|
||||||
server_name: "hackerspace.pl"
|
server_name: "example.com"
|
||||||
public_baseurl: "https://matrix.hackerspace.pl"
|
public_baseurl: "https://example.com"
|
||||||
pid_file: /homeserver.pid
|
pid_file: /homeserver.pid
|
||||||
web_client: False
|
web_client: False
|
||||||
soft_file_limit: 0
|
soft_file_limit: 0
|
||||||
|
@ -117,15 +117,6 @@ room_invite_state_types:
|
||||||
- "m.room.avatar"
|
- "m.room.avatar"
|
||||||
- "m.room.name"
|
- "m.room.name"
|
||||||
|
|
||||||
|
|
||||||
{% if SYNAPSE_APPSERVICES %}
|
|
||||||
app_service_config_files:
|
|
||||||
{% for appservice in SYNAPSE_APPSERVICES %} - "{{ appservice }}"
|
|
||||||
{% endfor %}
|
|
||||||
{% else %}
|
|
||||||
app_service_config_files: []
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
|
macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
|
||||||
expire_access_token: False
|
expire_access_token: False
|
||||||
|
|
||||||
|
@ -147,6 +138,4 @@ password_config:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
cas_config:
|
cas_config:
|
||||||
enabled: true
|
enabled: false
|
||||||
server_url: "https://matrix.hackerspace.pl/_cas"
|
|
||||||
service_url: "https://matrix.hackerspace.pl"
|
|
||||||
|
|
|
@ -9,12 +9,15 @@ matrix {
|
||||||
namespace: "matrix",
|
namespace: "matrix",
|
||||||
webDomain: "matrix.hackerspace.pl",
|
webDomain: "matrix.hackerspace.pl",
|
||||||
serverName: "hackerspace.pl",
|
serverName: "hackerspace.pl",
|
||||||
|
cas: {
|
||||||
|
enable: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
appservices: {
|
appservices: {
|
||||||
"irc-freenode": irc.AppServiceIrc("freenode") {
|
"irc-freenode": irc.AppServiceIrc("freenode") {
|
||||||
cfg+: {
|
cfg+: {
|
||||||
image: cfg.appserviceIRCImage,
|
image: cfg.images.appserviceIRC,
|
||||||
// TODO(q3k): move this appservice to waw-hdd-redundant-3
|
// TODO(q3k): move this appservice to waw-hdd-redundant-3
|
||||||
storageClassName: "waw-hdd-paranoid-2",
|
storageClassName: "waw-hdd-paranoid-2",
|
||||||
metadata: app.metadata("appservice-irc-freenode"),
|
metadata: app.metadata("appservice-irc-freenode"),
|
||||||
|
@ -41,7 +44,7 @@ matrix {
|
||||||
},
|
},
|
||||||
"telegram-prod": telegram.AppServiceTelegram("prod") {
|
"telegram-prod": telegram.AppServiceTelegram("prod") {
|
||||||
cfg+: {
|
cfg+: {
|
||||||
image: cfg.appserviceTelegramImage,
|
image: cfg.images.appserviceTelegram,
|
||||||
storageClassName: cfg.storageClassName,
|
storageClassName: cfg.storageClassName,
|
||||||
metadata: app.metadata("appservice-telegram-prod"),
|
metadata: app.metadata("appservice-telegram-prod"),
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue