palid
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Actions Activity

app/matrix: parametrize configuration 

This adds cfg.cas.enable, and parametrizes homeserver.yaml from jsonnet
configuration.

Change-Id: I37a9b27a7080248cdd70282b897bbf6d3f9ae5f6
master
q3k 2020-11-03 22:04:06 +01:00
parent 60076c70f8
commit ace32c0360
3 changed files with 49 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
app/matrix/lib/matrix.libsonnet
View File

@ -31,12 +31,19 @@ local postgres = import "../../../kube/postgres.libsonnet";
serverName: error "cfg.serverName must be set", serverName: error "cfg.serverName must be set",
storageClassName: "waw-hdd-redundant-3", storageClassName: "waw-hdd-redundant-3",
synapseImage: "matrixdotorg/synapse:v1.19.2", images: {
riotImage: "vectorim/riot-web:v1.7.7", synapse: "matrixdotorg/synapse:v1.19.2",
casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4", riot: "vectorim/riot-web:v1.7.7",
appserviceIRCImage: "matrixdotorg/matrix-appservice-irc:release-0.17.1", casProxy: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
# That's v0.8.2 - we just don't trust that host to not re-tag images. appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
appserviceTelegramImage: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330" # That's v0.8.2 - we just don't trust that host to not re-tag images.
appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
},
cas: {
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
enable: false,
},
}, },
metadata(component):: { metadata(component):: {
@ -76,15 +83,35 @@ local postgres = import "../../../kube/postgres.libsonnet";
}, },
}, },
// homeserver.yaml that will be used to run synapse (in synapseConfig ConfigMap).
// This is based off of //app/matrix/lib/synapse/homeserver.yaml with some fields overriden per
// deployment.
// Note this is a templated yaml - {{}}/{%%} style. This templatization is consumed by the Docker
// container startup magic.
homeserverYaml:: (std.native("parseYaml"))(importstr "synapse/homeserver.yaml")[0] {
server_name: cfg.serverName,
public_baseurl: "https://%s" % [cfg.webDomain],
signing_key_path: "/data/%s.signing.key" % [cfg.serverName],
cas_config+: if cfg.cas.enable then {
enabled: true,
server_url: "https://%s/_cas" % [cfg.webDomain],
service_url: "https://%s" % [cfg.webDomain],
} else {},
app_service_config_files: [
"/data/appservices/%s.yaml" % [k]
for k in std.objectFields(app.appservices)
],
},
synapseConfig: kube.ConfigMap("synapse") { synapseConfig: kube.ConfigMap("synapse") {
metadata+: app.metadata("synapse"), metadata+: app.metadata("synapse"),
data: { data: {
"homeserver.yaml": importstr "synapse/homeserver.yaml", "homeserver.yaml": std.manifestYamlDoc(app.homeserverYaml),
"log.config": importstr "synapse/log.config", "log.config": importstr "synapse/log.config",
}, },
}, },
casDeployment: kube.Deployment("oauth2-cas-proxy") { casDeployment: if cfg.cas.enable then kube.Deployment("oauth2-cas-proxy") {
metadata+: app.metadata("oauth2-cas-proxy"), metadata+: app.metadata("oauth2-cas-proxy"),
spec+: { spec+: {
replicas: 1, replicas: 1,
@ -92,7 +119,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
spec+: { spec+: {
containers_: { containers_: {
proxy: kube.Container("oauth2-cas-proxy") { proxy: kube.Container("oauth2-cas-proxy") {
image: cfg.casProxyImage, image: cfg.images.casProxy,
ports_: { ports_: {
http: { containerPort: 5000 }, http: { containerPort: 5000 },
}, },
@ -109,7 +136,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
}, },
}, },
casSvc: kube.Service("oauth2-cas-proxy") { casSvc: if cfg.cas.enable then kube.Service("oauth2-cas-proxy") {
metadata+: app.metadata("oauth2-cas-proxy"), metadata+: app.metadata("oauth2-cas-proxy"),
target_pod:: app.casDeployment.spec.template, target_pod:: app.casDeployment.spec.template,
}, },
@ -129,7 +156,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
}, },
containers_: { containers_: {
web: kube.Container("synapse") { web: kube.Container("synapse") {
image: cfg.synapseImage, image: cfg.images.synapse,
command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"], command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"],
ports_: { ports_: {
http: { containerPort: 8008 }, http: { containerPort: 8008 },
@ -216,7 +243,7 @@ local postgres = import "../../../kube/postgres.libsonnet";
}, },
containers_: { containers_: {
web: kube.Container("riot-web") { web: kube.Container("riot-web") {
image: cfg.riotImage, image: cfg.images.riot,
ports_: { ports_: {
http: { containerPort: 80 }, http: { containerPort: 80 },
}, },
@ -268,8 +295,9 @@ local postgres = import "../../../kube/postgres.libsonnet";
paths: [ paths: [
{ path: "/", backend: app.riotSvc.name_port }, { path: "/", backend: app.riotSvc.name_port },
{ path: "/_matrix", backend: app.synapseSvc.name_port }, { path: "/_matrix", backend: app.synapseSvc.name_port },
] + (if cfg.cas.enable then [
{ path: "/_cas", backend: app.casSvc.name_port }, { path: "/_cas", backend: app.casSvc.name_port },
] ] else [])
}, },
} }
], ],

17
app/matrix/lib/synapse/homeserver.yaml
View File

@ -2,8 +2,8 @@
## Server ## ## Server ##
server_name: "hackerspace.pl" server_name: "example.com"
public_baseurl: "https://matrix.hackerspace.pl" public_baseurl: "https://example.com"
pid_file: /homeserver.pid pid_file: /homeserver.pid
web_client: False web_client: False
soft_file_limit: 0 soft_file_limit: 0
@ -117,15 +117,6 @@ room_invite_state_types:
- "m.room.avatar" - "m.room.avatar"
- "m.room.name" - "m.room.name"
{% if SYNAPSE_APPSERVICES %}
app_service_config_files:
{% for appservice in SYNAPSE_APPSERVICES %} - "{{ appservice }}"
{% endfor %}
{% else %}
app_service_config_files: []
{% endif %}
macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}" macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
expire_access_token: False expire_access_token: False
@ -147,6 +138,4 @@ password_config:
enabled: false enabled: false
cas_config: cas_config:
enabled: true enabled: false
server_url: "https://matrix.hackerspace.pl/_cas"
service_url: "https://matrix.hackerspace.pl"

7
app/matrix/matrix.hackerspace.pl.jsonnet
View File

@ -9,12 +9,15 @@ matrix {
namespace: "matrix", namespace: "matrix",
webDomain: "matrix.hackerspace.pl", webDomain: "matrix.hackerspace.pl",
serverName: "hackerspace.pl", serverName: "hackerspace.pl",
cas: {
enable: true,
},
}, },
appservices: { appservices: {
"irc-freenode": irc.AppServiceIrc("freenode") { "irc-freenode": irc.AppServiceIrc("freenode") {
cfg+: { cfg+: {
image: cfg.appserviceIRCImage, image: cfg.images.appserviceIRC,
// TODO(q3k): move this appservice to waw-hdd-redundant-3 // TODO(q3k): move this appservice to waw-hdd-redundant-3
storageClassName: "waw-hdd-paranoid-2", storageClassName: "waw-hdd-paranoid-2",
metadata: app.metadata("appservice-irc-freenode"), metadata: app.metadata("appservice-irc-freenode"),
@ -41,7 +44,7 @@ matrix {
}, },
"telegram-prod": telegram.AppServiceTelegram("prod") { "telegram-prod": telegram.AppServiceTelegram("prod") {
cfg+: { cfg+: {
image: cfg.appserviceTelegramImage, image: cfg.images.appserviceTelegram,
storageClassName: cfg.storageClassName, storageClassName: cfg.storageClassName,
metadata: app.metadata("appservice-telegram-prod"), metadata: app.metadata("appservice-telegram-prod"),