app/matrix: split matrix-ng into submodules, use kube.Namespace.Contain
matrix-ng split into multiple submodules causes some changes in keys
that might've been used for homeserver/riot configuration customization.
Migration to kube.Namespace.Contain has also caused change in Deployment
selectors (immutable fields), thus needing manual removal of these
first.
This is, as always, documented in lib/matrix-ng.libsonnet header.
Change-Id: I39a745ee27e3c55ec748818b9cf9b4e8ba1d2df5
diff --git a/app/matrix/lib/riot.libsonnet b/app/matrix/lib/riot.libsonnet
new file mode 100644
index 0000000..fc2f2e7
--- /dev/null
+++ b/app/matrix/lib/riot.libsonnet
@@ -0,0 +1,95 @@
+local kube = import "../../../kube/kube.libsonnet";
+
+{
+ local app = self,
+ local cfg = app.cfg,
+ cfg:: {
+ # webDomain is the domain name at which element will run
+ webDomain: error "cfg.webDomain must be set",
+ # serverName is the server part of the MXID this homeserver will cover
+ serverName: error "cfg.serverName must be set",
+ image: error "cfg.image must be set",
+ },
+
+ ns:: error "ns needs to be a kube.Namespace object",
+
+ config:: {
+ "default_hs_url": "https://%s" % [cfg.webDomain],
+ "disable_custom_urls": false,
+ "disable_guests": false,
+ "disable_login_language_selector": false,
+ "disable_3pid_login": true,
+ "brand": "Riot",
+ "integrations_ui_url": "https://scalar.vector.im/",
+ "integrations_rest_url": "https://scalar.vector.im/api",
+ "integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
+
+ "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
+ "features": {
+ "feature_groups": "labs",
+ "feature_pinning": "labs",
+ "feature_reactions": "labs"
+ },
+ "default_federate": true,
+ "default_theme": "light",
+ "roomDirectory": {
+ "servers": [
+ cfg.serverName,
+ ]
+ },
+ "welcomeUserId": "@riot-bot:matrix.org",
+ "enable_presence_by_hs_url": {
+ "https://matrix.org": false
+ }
+ },
+
+ configMap: app.ns.Contain(kube.ConfigMap("riot-web-config")) {
+ data: {
+ "config.json": std.manifestJsonEx(app.config, ""),
+ // Standard nginx.conf, made to work when running as unprivileged user.
+ "nginx.conf": importstr "riot/nginx.conf",
+ },
+ },
+
+ deployment: app.ns.Contain(kube.Deployment("riot-web")) {
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ volumes_: {
+ config: kube.ConfigMapVolume(app.configMap),
+ },
+ containers_: {
+ web: kube.Container("riot-web") {
+ image: cfg.image,
+ ports_: {
+ http: { containerPort: 8080 },
+ },
+ volumeMounts: [
+ {
+ name: "config",
+ mountPath: "/app/config.json",
+ subPath: "config.json",
+ },
+ {
+ name: "config",
+ mountPath: "/etc/nginx/nginx.conf",
+ subPath: "nginx.conf",
+ },
+ ],
+ },
+ },
+ securityContext: {
+ // nginx:nginx
+ runAsUser: 101,
+ runAsGroup: 101,
+ },
+ },
+ },
+ },
+ },
+
+ svc: app.ns.Contain(kube.Service("riot-web")) {
+ target_pod:: app.deployment.spec.template,
+ },
+}