app/matrix: parametrize configuration
This adds cfg.cas.enable, and parametrizes homeserver.yaml from jsonnet
configuration.
Change-Id: I37a9b27a7080248cdd70282b897bbf6d3f9ae5f6
diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet
index 300cf31..ed033bb 100644
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -31,12 +31,19 @@
serverName: error "cfg.serverName must be set",
storageClassName: "waw-hdd-redundant-3",
- synapseImage: "matrixdotorg/synapse:v1.19.2",
- riotImage: "vectorim/riot-web:v1.7.7",
- casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
- appserviceIRCImage: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
- # That's v0.8.2 - we just don't trust that host to not re-tag images.
- appserviceTelegramImage: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330"
+ images: {
+ synapse: "matrixdotorg/synapse:v1.19.2",
+ riot: "vectorim/riot-web:v1.7.7",
+ casProxy: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4",
+ appserviceIRC: "matrixdotorg/matrix-appservice-irc:release-0.17.1",
+ # That's v0.8.2 - we just don't trust that host to not re-tag images.
+ appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
+ },
+
+ cas: {
+ # whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
+ enable: false,
+ },
},
metadata(component):: {
@@ -76,15 +83,35 @@
},
},
+ // homeserver.yaml that will be used to run synapse (in synapseConfig ConfigMap).
+ // This is based off of //app/matrix/lib/synapse/homeserver.yaml with some fields overriden per
+ // deployment.
+ // Note this is a templated yaml - {{}}/{%%} style. This templatization is consumed by the Docker
+ // container startup magic.
+ homeserverYaml:: (std.native("parseYaml"))(importstr "synapse/homeserver.yaml")[0] {
+ server_name: cfg.serverName,
+ public_baseurl: "https://%s" % [cfg.webDomain],
+ signing_key_path: "/data/%s.signing.key" % [cfg.serverName],
+ cas_config+: if cfg.cas.enable then {
+ enabled: true,
+ server_url: "https://%s/_cas" % [cfg.webDomain],
+ service_url: "https://%s" % [cfg.webDomain],
+ } else {},
+ app_service_config_files: [
+ "/data/appservices/%s.yaml" % [k]
+ for k in std.objectFields(app.appservices)
+ ],
+ },
+
synapseConfig: kube.ConfigMap("synapse") {
metadata+: app.metadata("synapse"),
data: {
- "homeserver.yaml": importstr "synapse/homeserver.yaml",
+ "homeserver.yaml": std.manifestYamlDoc(app.homeserverYaml),
"log.config": importstr "synapse/log.config",
},
},
- casDeployment: kube.Deployment("oauth2-cas-proxy") {
+ casDeployment: if cfg.cas.enable then kube.Deployment("oauth2-cas-proxy") {
metadata+: app.metadata("oauth2-cas-proxy"),
spec+: {
replicas: 1,
@@ -92,7 +119,7 @@
spec+: {
containers_: {
proxy: kube.Container("oauth2-cas-proxy") {
- image: cfg.casProxyImage,
+ image: cfg.images.casProxy,
ports_: {
http: { containerPort: 5000 },
},
@@ -109,7 +136,7 @@
},
},
- casSvc: kube.Service("oauth2-cas-proxy") {
+ casSvc: if cfg.cas.enable then kube.Service("oauth2-cas-proxy") {
metadata+: app.metadata("oauth2-cas-proxy"),
target_pod:: app.casDeployment.spec.template,
},
@@ -129,7 +156,7 @@
},
containers_: {
web: kube.Container("synapse") {
- image: cfg.synapseImage,
+ image: cfg.images.synapse,
command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"],
ports_: {
http: { containerPort: 8008 },
@@ -216,7 +243,7 @@
},
containers_: {
web: kube.Container("riot-web") {
- image: cfg.riotImage,
+ image: cfg.images.riot,
ports_: {
http: { containerPort: 80 },
},
@@ -268,8 +295,9 @@
paths: [
{ path: "/", backend: app.riotSvc.name_port },
{ path: "/_matrix", backend: app.synapseSvc.name_port },
+ ] + (if cfg.cas.enable then [
{ path: "/_cas", backend: app.casSvc.name_port },
- ]
+ ] else [])
},
}
],