Add janky.bot matrix homeserver

This commit is contained in:
Finn 2024-07-06 21:27:20 -07:00
parent 2ab5523f3a
commit 56bbb1b9e1
6 changed files with 180 additions and 5 deletions

View file

@ -4,7 +4,7 @@ metadata:
name: bridge-init
namespace: matrix
data:
initialize-bridge.py: |
initialize-bridge.py: | # TODO: migrate this and it's users to secrets-init/secrets-init.py which is similar but more generic
#!/usr/bin/python
import os

View file

@ -0,0 +1,25 @@
server_name: "janky.bot"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/config/log.yaml"
media_store_path: /data/media_store
registration_shared_secret: "SECRET_registration_shared_secret"
report_stats: false
macaroon_secret_key: "SECRET_macaroon_secret_key"
form_secret: "SECRET_form_secret"
signing_key_path: "/secrets/janky.bot.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
public_baseurl: https://matrix.janky.bot
ip_range_whitelist: [10.5.1.245]

View file

@ -0,0 +1,21 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
# This is just here so we can leave `loggers` in the config regardless of whether
# we configure other loggers below (avoid empty yaml dict error).
_placeholder:
level: "INFO"
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
handlers: [console]
disable_existing_loggers: false

View file

@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: homeserver-janky-bot
spec:
selector:
matchLabels:
app: synapse
instance: janky.bot
serviceName: homeserver-janky-bot
replicas: 1
template:
metadata:
labels:
app: synapse
instance: janky.bot
spec:
securityContext:
fsGroup: 991
fsGroupChangePolicy: "OnRootMismatch"
initContainers:
- name: initialize-secrets
image: library/python
command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"]
volumeMounts:
- name: init
mountPath: /init
- name: data
mountPath: /data
- name: config
mountPath: /config
envFrom:
- secretRef:
name: synapse-janky-bot
containers:
- image: matrixdotorg/synapse:latest
name: synapse
resources: {}
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
- name: secrets
mountPath: /secrets
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.janky.bot
- name: SYNAPSE_REPORT_STATS
value: "no"
- name: TZ
value: America/Los_Angeles
volumes:
- name: config
configMap:
name: synapse-janky-bot
- name: init
configMap:
name: secrets-init
- name: secrets
secret:
secretName: synapse-janky-bot
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: homeserver-janky-bot
spec:
ports:
- name: http
port: 8008
selector:
app: synapse
instance: janky.bot
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: homeserver-janky-bot
spec:
rules:
- host: matrix.janky.bot
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: homeserver-janky-bot
port:
name: http

View file

@ -6,9 +6,15 @@ resources:
- bridge-meta.yaml
- bridge-signal.yaml
- bridge-telegram.yaml
- janky.bot-homeserver.yaml
- secrets.yaml
- secrets-init.yaml
configMapGenerator:
- name: bridge-init
- name: bridge-init
files:
- bridge-init/initialize-bridge.py
- bridge-init/initialize-bridge.sh
- name: synapse-janky-bot
files:
- config-janky.bot/homeserver.yaml
- config-janky.bot/log.yaml

View file

@ -0,0 +1,24 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: secrets-init
data:
initialize-secrets.py: |
#!/usr/bin/python
import os
import sys
for f in sys.argv[1:]:
with open(f"/config/{f}") as r:
c = r.read()
for k, v in os.environ.items():
if not k.startswith("SECRET_"):
continue
if v is not None:
c = c.replace(k, v)
print("replaced", k)
with open(f"/data/{f}", 'w') as w:
w.write(c)