Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / c315aaccc7fe9cc98a2145da51fde039115d5b50^! / . / hswaw / kube
commitc315aaccc7fe9cc98a2145da51fde039115d5b50[log] [tgz]
authorSergiusz Bazanski <q3k@hackerspace.pl>Thu Jan 02 16:43:39 2020 +0100
committerSergiusz Bazanski <q3k@hackerspace.pl>Sun Jan 05 20:59:17 2020 +0100
treea7ec4ccc5f42cd209f6f62437a8ba0f542026e23
parentaa76e55eea9dd4a99e7b665f7162078d90d19721 [diff]
teleimg: init

This is a shitty small proxy to unfuck telegram's bot image URLs, ie. do
not add content-disposition and send a proper MIME in content-type.

It also does some local caching and hides the Telegram API token.

Change-Id: I0afb29ca3f1807a13fa157fdcf486ee4c857f08d

diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index 905d964..49c9aa3 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet

@@ -3,6 +3,7 @@
 
 local smsgw = import "smsgw.libsonnet";
 local ldapweb = import "ldapweb.libsonnet";
+local teleimg = import "teleimg.libsonnet";
 
 {
     hswaw(name):: mirko.Environment(name) {
@@ -12,11 +13,13 @@
         cfg+: {
             smsgw: smsgw.cfg,
             ldapweb: ldapweb.cfg,
+            teleimg: teleimg.cfg,
         },
 
         components: {
             smsgw: smsgw.component(cfg.smsgw, env),
             ldapweb: ldapweb.component(cfg.ldapweb, env),
+            teleimg: teleimg.component(cfg.teleimg, env),
         },
     },
 
@@ -31,6 +34,12 @@
             ldapweb+: {
                 webFQDN: "profile.hackerspace.pl",
             },
+            teleimg+: {
+                webFQDN: "teleimg.hswaw.net",
+                secret+: {
+                    telegram_token: std.base64(std.split(importstr "secrets/plain/prod-telegram-token", "\n")[0]),
+                },
+            },
         },
     },
 }

diff --git a/hswaw/kube/teleimg.libsonnet b/hswaw/kube/teleimg.libsonnet
new file mode 100644
index 0000000..58026fb
--- /dev/null
+++ b/hswaw/kube/teleimg.libsonnet

@@ -0,0 +1,41 @@
+local mirko = import "../../kube/mirko.libsonnet";
+local kube = import "../../kube/kube.libsonnet";
+
+{
+    cfg:: {
+        secret: {
+            telegram_token: error "telegram_token must be set",
+        },
+        image: "registry.k0.hswaw.net/q3k/teleimg:1578240550-1525c84e4cef4f382e2dca2210f31830533dc7c4",
+        webFQDN: error "webFQDN must be set!",
+    },
+
+    component(cfg, env):: mirko.Component(env, "teleimg") {
+        local teleimg = self,
+        cfg+: {
+            image: cfg.image,
+            container: teleimg.GoContainer("main", "/teleimg/teleimg") {
+                env_: {
+                    TELEGRAM_TOKEN: kube.SecretKeyRef(teleimg.secret, "telegram_token"),
+                },
+                command+: [
+                    "-public_listen", "0.0.0.0:5000",
+                    "-telegram_token", "$(TELEGRAM_TOKEN)",
+                ],
+            },
+            ports+: {
+                publicHTTP: {
+                    public: {
+                        port: 5000,
+                        dns: cfg.webFQDN,
+                    },
+                },
+            },
+        },
+
+        secret: kube.Secret("teleimg") {
+            metadata+: teleimg.metadata,
+            data: cfg.secret,
+        },
+    },
+}