app/matrix: matrix-ng - synapse deployment cleanup
This is a major revamp of our matrix/synapse deployment as a separate
.libsonnet module.
* synapse version bump to 1.25.0
* riot-web version bump to 1.7.18
* Replaced synapse migration hack we used to template configuration with
environment variable replacement done by Kubernetes itself
* Implemented support for OpenID Connect, migration from CAS has been
verified to be working with some additional configuration options
* Moved homeserver signing key into k8s secret, thus making it possible
to run synapse processes without a single data volume
* Split synapse into main process, generic worker and media repository
worker. (latter is the only container using data volume) Both generic
worker and media repository worker is running on a single replica, until
we get proper HTTP routing/loadbalancing
* Riot nginx.conf has been extracted into an external file loaded using
importstr.
Change-Id: I6c4d34bf41e148a302d1cbe725608a5aeb7b87ba
diff --git a/app/matrix/lib/synapse/homeserver-secrets.yaml b/app/matrix/lib/synapse/homeserver-secrets.yaml
new file mode 100644
index 0000000..1f6221f
--- /dev/null
+++ b/app/matrix/lib/synapse/homeserver-secrets.yaml
@@ -0,0 +1,22 @@
+## Common secrets ##
+registration_shared_secret: "$(SYNAPSE_REGISTRATION_SHARED_SECRET)"
+macaroon_secret_key: "$(SYNAPSE_MACAROON_SECRET_KEY)"
+worker_replication_secret: "$(WORKER_REPLICATION_SECRET)"
+
+## Database ##
+database:
+ name: "psycopg2"
+ args:
+ user: "synapse"
+ password: "$(POSTGRES_PASSWORD)"
+ database: "synapse"
+ host: "waw3-postgres"
+ port: "5432"
+ cp_min: 5
+ cp_max: 10
+
+## Replication Redis ##
+redis:
+ enabled: true
+ host: "redis"
+ password: "$(REDIS_PASSWORD)"