Merge changes I2afe9e52,Ideb13ba9
* changes:
app/matrix/appservice-irc: implement passwordEncryptionKey
app/matrix/appservice-irc: add ignoreIdleUsersOnStartup option
diff --git a/app/matrix/lib/appservice-irc.libsonnet b/app/matrix/lib/appservice-irc.libsonnet
index 7628920..b9e5b84 100644
--- a/app/matrix/lib/appservice-irc.libsonnet
+++ b/app/matrix/lib/appservice-irc.libsonnet
@@ -6,9 +6,18 @@
local cfg = bridge.cfg,
cfg:: {
metadata: {},
- config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0],
+ config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
+ ircService+: {
+ [if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem"
+ },
+ },
image: error "image must be set",
storageClassName: error "storageClassName must be set",
+
+ # RSA encryption private key secret name containing "key.pem" key
+ # Create using:
+ # kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
+ passwordEncryptionKeySecret: null,
},
config: kube.ConfigMap("appservice-irc-%s" % [name]) {
@@ -67,7 +76,9 @@
config: kube.ConfigMapVolume(bridge.config),
data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
- },
+ } + (if cfg.passwordEncryptionKeySecret != null then {
+ key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
+ } else {}),
nodeSelector: cfg.nodeSelector,
containers_: {
appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
@@ -80,7 +91,9 @@
registration: { mountPath: "/registration", },
config: { mountPath: "/config", },
data: { mountPath: "/data" },
- },
+ } + (if cfg.passwordEncryptionKeySecret != null then {
+ key: { mountPath: "/key" },
+ } else {}),
},
},
},
diff --git a/app/matrix/lib/appservice/appservice-irc.yaml b/app/matrix/lib/appservice/appservice-irc.yaml
index cc65926..49c07f8 100644
--- a/app/matrix/lib/appservice/appservice-irc.yaml
+++ b/app/matrix/lib/appservice/appservice-irc.yaml
@@ -239,6 +239,16 @@
# initial: false
# incremental: false
+ # Should the bridge ignore users which are not considered active on the bridge
+ # during startup
+ ignoreIdleUsersOnStartup:
+ enabled: true
+ # How many hours can a user be considered idle for before they are considered
+ # ignoreable
+ idleForHours: 72
+ # A regex which will exclude matching MXIDs from this check.
+ # exclude: "foobar"
+
#mappings:
# 1:many mappings from IRC channels to room IDs on this IRC server.
# The matrix room must already exist. Your matrix client should expose
diff --git a/app/matrix/matrix.hackerspace.pl.jsonnet b/app/matrix/matrix.hackerspace.pl.jsonnet
index 8ca94f4..f150f6d 100644
--- a/app/matrix/matrix.hackerspace.pl.jsonnet
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet
@@ -53,6 +53,7 @@
},
},
},
+ passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
},
},
"telegram-prod": telegram.AppServiceTelegram("prod") {