diff --git a/k8s/matrix/bridge.yaml b/k8s/matrix/bridge.yaml index ca51855..d02e708 100644 --- a/k8s/matrix/bridge.yaml +++ b/k8s/matrix/bridge.yaml @@ -4,7 +4,7 @@ metadata: name: bridge-init namespace: matrix data: - initialize-bridge.py: | + initialize-bridge.py: | # TODO: migrate this and it's users to secrets-init/secrets-init.py which is similar but more generic #!/usr/bin/python import os diff --git a/k8s/matrix/config-janky.bot/homeserver.yaml b/k8s/matrix/config-janky.bot/homeserver.yaml new file mode 100644 index 0000000..c4ffb75 --- /dev/null +++ b/k8s/matrix/config-janky.bot/homeserver.yaml @@ -0,0 +1,25 @@ +server_name: "janky.bot" +pid_file: /data/homeserver.pid +listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + resources: + - names: [client, federation] + compress: false +database: + name: sqlite3 + args: + database: /data/homeserver.db +log_config: "/config/log.yaml" +media_store_path: /data/media_store +registration_shared_secret: "SECRET_registration_shared_secret" +report_stats: false +macaroon_secret_key: "SECRET_macaroon_secret_key" +form_secret: "SECRET_form_secret" +signing_key_path: "/secrets/janky.bot.signing.key" +trusted_key_servers: + - server_name: "matrix.org" +public_baseurl: https://matrix.janky.bot +ip_range_whitelist: [10.5.1.245] diff --git a/k8s/matrix/config-janky.bot/log.yaml b/k8s/matrix/config-janky.bot/log.yaml new file mode 100644 index 0000000..bf690a3 --- /dev/null +++ b/k8s/matrix/config-janky.bot/log.yaml @@ -0,0 +1,21 @@ +version: 1 +formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' +handlers: + console: + class: logging.StreamHandler + formatter: precise +loggers: + # This is just here so we can leave `loggers` in the config regardless of whether + # we configure other loggers below (avoid empty yaml dict error). + _placeholder: + level: "INFO" + synapse.storage.SQL: + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + level: INFO +root: + level: INFO + handlers: [console] +disable_existing_loggers: false diff --git a/k8s/matrix/janky.bot-homeserver.yaml b/k8s/matrix/janky.bot-homeserver.yaml new file mode 100644 index 0000000..96900cc --- /dev/null +++ b/k8s/matrix/janky.bot-homeserver.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: homeserver-janky-bot +spec: + selector: + matchLabels: + app: synapse + instance: janky.bot + serviceName: homeserver-janky-bot + replicas: 1 + template: + metadata: + labels: + app: synapse + instance: janky.bot + spec: + securityContext: + fsGroup: 991 + fsGroupChangePolicy: "OnRootMismatch" + initContainers: + - name: initialize-secrets + image: library/python + command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"] + volumeMounts: + - name: init + mountPath: /init + - name: data + mountPath: /data + - name: config + mountPath: /config + envFrom: + - secretRef: + name: synapse-janky-bot + containers: + - image: matrixdotorg/synapse:latest + name: synapse + resources: {} + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /config + - name: secrets + mountPath: /secrets + env: + - name: SYNAPSE_SERVER_NAME + value: matrix.janky.bot + - name: SYNAPSE_REPORT_STATS + value: "no" + - name: TZ + value: America/Los_Angeles + volumes: + - name: config + configMap: + name: synapse-janky-bot + - name: init + configMap: + name: secrets-init + - name: secrets + secret: + secretName: synapse-janky-bot + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: homeserver-janky-bot +spec: + ports: + - name: http + port: 8008 + selector: + app: synapse + instance: janky.bot +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homeserver-janky-bot +spec: + rules: + - host: matrix.janky.bot + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homeserver-janky-bot + port: + name: http diff --git a/k8s/matrix/kustomization.yaml b/k8s/matrix/kustomization.yaml index 68c6d2d..e4267f6 100644 --- a/k8s/matrix/kustomization.yaml +++ b/k8s/matrix/kustomization.yaml @@ -6,9 +6,15 @@ resources: - bridge-meta.yaml - bridge-signal.yaml - bridge-telegram.yaml + - janky.bot-homeserver.yaml - secrets.yaml + - secrets-init.yaml configMapGenerator: -- name: bridge-init - files: - - bridge-init/initialize-bridge.py - - bridge-init/initialize-bridge.sh + - name: bridge-init + files: + - bridge-init/initialize-bridge.py + - bridge-init/initialize-bridge.sh + - name: synapse-janky-bot + files: + - config-janky.bot/homeserver.yaml + - config-janky.bot/log.yaml diff --git a/k8s/matrix/secrets-init.yaml b/k8s/matrix/secrets-init.yaml new file mode 100644 index 0000000..cf4da1b --- /dev/null +++ b/k8s/matrix/secrets-init.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: secrets-init +data: + initialize-secrets.py: | + #!/usr/bin/python + import os + import sys + + for f in sys.argv[1:]: + with open(f"/config/{f}") as r: + c = r.read() + + for k, v in os.environ.items(): + if not k.startswith("SECRET_"): + continue + + if v is not None: + c = c.replace(k, v) + print("replaced", k) + + with open(f"/data/{f}", 'w') as w: + w.write(c)