matrix: refactor synapse into library
This is in prepration for bringing up a Matrix server for hsp.sh.
Verified to cause no diff on prod.
Change-Id: Ied2de210692e3ddfdb1d3f37b12893b214c34b0b
diff --git a/app/matrix/appservice-irc.libsonnet b/app/matrix/lib/appservice-irc.libsonnet
similarity index 97%
rename from app/matrix/appservice-irc.libsonnet
rename to app/matrix/lib/appservice-irc.libsonnet
index 51e4f2c..7628920 100644
--- a/app/matrix/appservice-irc.libsonnet
+++ b/app/matrix/lib/appservice-irc.libsonnet
@@ -1,4 +1,4 @@
-local kube = import "../../kube/kube.libsonnet";
+local kube = import "../../../kube/kube.libsonnet";
{
AppServiceIrc(name):: {
@@ -6,7 +6,7 @@
local cfg = bridge.cfg,
cfg:: {
metadata: {},
- config: std.native("parseYaml")(importstr "appservice-irc.yaml")[0],
+ config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0],
image: error "image must be set",
storageClassName: error "storageClassName must be set",
},
diff --git a/app/matrix/appservice-telegram.libsonnet b/app/matrix/lib/appservice-telegram.libsonnet
similarity index 98%
rename from app/matrix/appservice-telegram.libsonnet
rename to app/matrix/lib/appservice-telegram.libsonnet
index b174225..fd2a9a0 100644
--- a/app/matrix/appservice-telegram.libsonnet
+++ b/app/matrix/lib/appservice-telegram.libsonnet
@@ -1,4 +1,4 @@
-local kube = import "../../kube/kube.libsonnet";
+local kube = import "../../../kube/kube.libsonnet";
{
AppServiceTelegram(name):: {
@@ -14,7 +14,7 @@
// dock.mau.dev/tulir/mautrix-telegram:v0.8.2. We override here
// fields that we know are strictly necessary to be configured when
// instantiating this template.
- config: (std.native("parseYaml")(importstr "appservice-telegram.yaml")[0]) + {
+ config: (std.native("parseYaml")(importstr "appservice/appservice-telegram.yaml")[0]) + {
homeserver+: {
address: error "homeserver.address must be set",
domain: error "homeserver.domain must be set",
diff --git a/app/matrix/appservice-irc.yaml b/app/matrix/lib/appservice/appservice-irc.yaml
similarity index 100%
rename from app/matrix/appservice-irc.yaml
rename to app/matrix/lib/appservice/appservice-irc.yaml
diff --git a/app/matrix/appservice-telegram.yaml b/app/matrix/lib/appservice/appservice-telegram.yaml
similarity index 100%
rename from app/matrix/appservice-telegram.yaml
rename to app/matrix/lib/appservice/appservice-telegram.yaml
diff --git a/app/matrix/prod.jsonnet b/app/matrix/lib/matrix.libsonnet
similarity index 74%
rename from app/matrix/prod.jsonnet
rename to app/matrix/lib/matrix.libsonnet
index 25f943f..300cf31 100644
--- a/app/matrix/prod.jsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -1,7 +1,8 @@
-# matrix.hackerspace.pl, a matrix/synapse instance
+# Matrix server (synapse).
# This needs a secret provisioned, create with:
-# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1) --from-literal=macaroon_secret_key=$(pwgen 32 1) --from-literal=registration_shared_secret=$(pwgen 32 1)
-# kubectl -n matrix create secret generic oauth2-cas-proxy --from-literal=oauth2_secret=...
+# ns=matrix
+# kubectl -n $ns create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1) --from-literal=macaroon_secret_key=$(pwgen 32 1) --from-literal=registration_shared_secret=$(pwgen 32 1)
+# kubectl -n $ns create secret generic oauth2-cas-proxy --from-literal=oauth2_secret=...
#
# Sequencing appservices is fun. The appservice needs to run first (for
# instance, via a bootstrap job), and on startup it will spit out a
@@ -16,19 +17,18 @@
# For appservice-telegram instances, you can use this oneliner magic:
# kubectl -n matrix create secret generic appservice-telegram-prod-registration --from-file=registration.yaml=<(kubectl -n matrix logs job/appservice-telegram-prod-bootstrap | grep -A 100 SNIPSNIP | grep -v SNIPSNIP)
-local kube = import "../../kube/kube.libsonnet";
-local postgres = import "../../kube/postgres.libsonnet";
-
-local irc = import "appservice-irc.libsonnet";
-local telegram = import "appservice-telegram.libsonnet";
+local kube = import "../../../kube/kube.libsonnet";
+local postgres = import "../../../kube/postgres.libsonnet";
{
local app = self,
local cfg = app.cfg,
cfg:: {
- namespace: "matrix",
- domain: "matrix.hackerspace.pl",
- serverName: "hackerspace.pl",
+ namespace: error "cfg.namespace must be set",
+ # webDomain is the domain name at which element will run
+ webDomain: error "cfg.webDomain must be set",
+ # serverName is the server part of the MXID this homeserver will cover
+ serverName: error "cfg.serverName must be set",
storageClassName: "waw-hdd-redundant-3",
synapseImage: "matrixdotorg/synapse:v1.19.2",
@@ -79,8 +79,8 @@
synapseConfig: kube.ConfigMap("synapse") {
metadata+: app.metadata("synapse"),
data: {
- "homeserver.yaml": importstr "homeserver.yaml",
- "log.config": importstr "log.config",
+ "homeserver.yaml": importstr "synapse/homeserver.yaml",
+ "log.config": importstr "synapse/log.config",
},
},
@@ -97,8 +97,8 @@
http: { containerPort: 5000 },
},
env_: {
- BASE_URL: "https://matrix.hackerspace.pl",
- SERVICE_URL: "https://matrix.hackerspace.pl",
+ BASE_URL: "https://%s" % [cfg.webDomain],
+ SERVICE_URL: "https://%s" % [cfg.webDomain],
OAUTH2_CLIENT: "matrix",
OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
},
@@ -141,7 +141,7 @@
# These values are not used in a template, but
# are required by /start.py migrate_config
- SYNAPSE_SERVER_NAME: "hackerspace.pl",
+ SYNAPSE_SERVER_NAME: cfg.serverName,
SYNAPSE_REPORT_STATS: "no",
SYNAPSE_MACAROON_SECRET_KEY: { secretKeyRef: { name: "synapse", key: "macaroon_secret_key" } },
@@ -174,7 +174,7 @@
metadata+: app.metadata("riot-web-config"),
data: {
"config.json": std.manifestJsonEx({
- "default_hs_url": "https://%s" % [cfg.domain],
+ "default_hs_url": "https://%s" % [cfg.webDomain],
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
@@ -194,7 +194,7 @@
"default_theme": "light",
"roomDirectory": {
"servers": [
- "hackerspace.pl"
+ cfg.serverName,
]
},
"welcomeUserId": "@riot-bot:matrix.org",
@@ -244,63 +244,7 @@
// available - so change things carefully!
// If bootstrapping a new appservice, just keep it out of this dictionary
// until it spits you a registration YAML and you feed that to a secret.
- appservices: {
- "irc-freenode": irc.AppServiceIrc("freenode") {
- cfg+: {
- image: cfg.appserviceIRCImage,
- // TODO(q3k): move this appservice to waw-hdd-redundant-3
- storageClassName: "waw-hdd-paranoid-2",
- metadata: app.metadata("appservice-irc-freenode"),
- // TODO(q3k): add labels to blessed nodes
- nodeSelector: {
- "kubernetes.io/hostname": "bc01n03.hswaw.net",
- },
- config+: {
- homeserver+: {
- url: "https://%s" % [cfg.domain],
- domain: "%s" % [cfg.serverName],
- },
- ircService+: {
- servers+: {
- "irc.freenode.net"+: {
- ircClients+: {
- maxClients: 150,
- },
- },
- },
- },
- },
- },
- },
- "telegram-prod": telegram.AppServiceTelegram("prod") {
- cfg+: {
- image: cfg.appserviceTelegramImage,
- storageClassName: cfg.storageClassName,
- metadata: app.metadata("appservice-telegram-prod"),
-
- config+: {
- homeserver+: {
- address: "https://%s" % [cfg.domain],
- domain: cfg.serverName,
- },
- appservice+: {
- id: "telegram",
- },
- telegram+: {
- api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
- api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
- bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
- },
- bridge+: {
- permissions+: {
- "hackerspace.pl": "puppeting",
- "@q3k:hackerspace.pl": "admin",
- },
- },
- },
- },
- },
- },
+ appservices: {},
ingress: kube.Ingress("matrix") {
metadata+: app.metadata("matrix") {
@@ -313,13 +257,13 @@
spec+: {
tls: [
{
- hosts: [cfg.domain],
+ hosts: [cfg.webDomain],
secretName: "synapse-tls",
},
],
rules: [
{
- host: cfg.domain,
+ host: cfg.webDomain,
http: {
paths: [
{ path: "/", backend: app.riotSvc.name_port },
diff --git a/app/matrix/homeserver.yaml b/app/matrix/lib/synapse/homeserver.yaml
similarity index 100%
rename from app/matrix/homeserver.yaml
rename to app/matrix/lib/synapse/homeserver.yaml
diff --git a/app/matrix/log.config b/app/matrix/lib/synapse/log.config
similarity index 100%
rename from app/matrix/log.config
rename to app/matrix/lib/synapse/log.config
diff --git a/app/matrix/matrix.hackerspace.pl.jsonnet b/app/matrix/matrix.hackerspace.pl.jsonnet
new file mode 100644
index 0000000..bbfa27c
--- /dev/null
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet
@@ -0,0 +1,71 @@
+local matrix = import "lib/matrix.libsonnet";
+local irc = import "lib/appservice-irc.libsonnet";
+local telegram = import "lib/appservice-telegram.libsonnet";
+
+matrix {
+ local app = self,
+ local cfg = app.cfg,
+ cfg+:: {
+ namespace: "matrix",
+ webDomain: "matrix.hackerspace.pl",
+ serverName: "hackerspace.pl",
+ },
+
+ appservices: {
+ "irc-freenode": irc.AppServiceIrc("freenode") {
+ cfg+: {
+ image: cfg.appserviceIRCImage,
+ // TODO(q3k): move this appservice to waw-hdd-redundant-3
+ storageClassName: "waw-hdd-paranoid-2",
+ metadata: app.metadata("appservice-irc-freenode"),
+ // TODO(q3k): add labels to blessed nodes
+ nodeSelector: {
+ "kubernetes.io/hostname": "bc01n03.hswaw.net",
+ },
+ config+: {
+ homeserver+: {
+ url: "https://%s" % [cfg.webDomain],
+ domain: "%s" % [cfg.serverName],
+ },
+ ircService+: {
+ servers+: {
+ "irc.freenode.net"+: {
+ ircClients+: {
+ maxClients: 150,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "telegram-prod": telegram.AppServiceTelegram("prod") {
+ cfg+: {
+ image: cfg.appserviceTelegramImage,
+ storageClassName: cfg.storageClassName,
+ metadata: app.metadata("appservice-telegram-prod"),
+
+ config+: {
+ homeserver+: {
+ address: "https://%s" % [cfg.webDomain],
+ domain: cfg.serverName,
+ },
+ appservice+: {
+ id: "telegram",
+ },
+ telegram+: {
+ api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
+ api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
+ bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
+ },
+ bridge+: {
+ permissions+: {
+ "hackerspace.pl": "puppeting",
+ "@q3k:hackerspace.pl": "admin",
+ },
+ },
+ },
+ },
+ },
+ },
+}