teleimg: init
This is a shitty small proxy to unfuck telegram's bot image URLs, ie. do
not add content-disposition and send a proper MIME in content-type.
It also does some local caching and hides the Telegram API token.
Change-Id: I0afb29ca3f1807a13fa157fdcf486ee4c857f08d
diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index 905d964..49c9aa3 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@@ -3,6 +3,7 @@
local smsgw = import "smsgw.libsonnet";
local ldapweb = import "ldapweb.libsonnet";
+local teleimg = import "teleimg.libsonnet";
{
hswaw(name):: mirko.Environment(name) {
@@ -12,11 +13,13 @@
cfg+: {
smsgw: smsgw.cfg,
ldapweb: ldapweb.cfg,
+ teleimg: teleimg.cfg,
},
components: {
smsgw: smsgw.component(cfg.smsgw, env),
ldapweb: ldapweb.component(cfg.ldapweb, env),
+ teleimg: teleimg.component(cfg.teleimg, env),
},
},
@@ -31,6 +34,12 @@
ldapweb+: {
webFQDN: "profile.hackerspace.pl",
},
+ teleimg+: {
+ webFQDN: "teleimg.hswaw.net",
+ secret+: {
+ telegram_token: std.base64(std.split(importstr "secrets/plain/prod-telegram-token", "\n")[0]),
+ },
+ },
},
},
}
diff --git a/hswaw/kube/teleimg.libsonnet b/hswaw/kube/teleimg.libsonnet
new file mode 100644
index 0000000..58026fb
--- /dev/null
+++ b/hswaw/kube/teleimg.libsonnet
@@ -0,0 +1,41 @@
+local mirko = import "../../kube/mirko.libsonnet";
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ cfg:: {
+ secret: {
+ telegram_token: error "telegram_token must be set",
+ },
+ image: "registry.k0.hswaw.net/q3k/teleimg:1578240550-1525c84e4cef4f382e2dca2210f31830533dc7c4",
+ webFQDN: error "webFQDN must be set!",
+ },
+
+ component(cfg, env):: mirko.Component(env, "teleimg") {
+ local teleimg = self,
+ cfg+: {
+ image: cfg.image,
+ container: teleimg.GoContainer("main", "/teleimg/teleimg") {
+ env_: {
+ TELEGRAM_TOKEN: kube.SecretKeyRef(teleimg.secret, "telegram_token"),
+ },
+ command+: [
+ "-public_listen", "0.0.0.0:5000",
+ "-telegram_token", "$(TELEGRAM_TOKEN)",
+ ],
+ },
+ ports+: {
+ publicHTTP: {
+ public: {
+ port: 5000,
+ dns: cfg.webFQDN,
+ },
+ },
+ },
+ },
+
+ secret: kube.Secret("teleimg") {
+ metadata+: teleimg.metadata,
+ data: cfg.secret,
+ },
+ },
+}