Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 36964dca3b75e054d24b91dbaec76b0611147e3c / . / app / matrix / lib / media-repo.libsonnet
blob: 4b079d852f079862cde9ec51292795b26b335c6b [file] [log] [blame]
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
2
3{
4 local app = self,
5 local cfg = app.cfg,
6 cfg:: {
7 image: error "cfg.image needs to be set",
8
9 homeservers: [],
10 admins: [],
11
12 s3: {
13 endpoint: error "cfg.s3.endpoint needs to be set",
14 accessKey: error "cfg.s3.accessKey needs to be set",
15 secretKey: error "cfg.s3.secretKey needs to be set",
16 bucketName: error "cfg.s3.bucketName needs to be set",
17 region: error "cfg.s3.region needs to be set",
18 },
19
20 db: {
21 username: error "cfg.db.username needs to be set",
22 password: error "cfg.db.password needs to be set",
23 database: error "cfg.db.database needs to be set",
24 host: error "cfg.db.host needs to be set",
Piotr Dobrowolskiad3cb5c2023-03-28 22:39:08 +0200[diff] [blame]25 port: error "cfg.db.port needs to be set",
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]26 },
27 },
28
29 ns:: error "ns needs to be a kube.Namespace object",
30
31 config:: {
32 repo: {
33 bindAddress: "0.0.0.0",
34 port: 8000,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]35 useForwardedHost: false,
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]36 },
37 database: {
Piotr Dobrowolskiad3cb5c2023-03-28 22:39:08 +0200[diff] [blame]38 postgres: "postgres://%s:%s@%s:%d/%s?sslmode=disable" % [cfg.db.username, cfg.db.password, cfg.db.host, cfg.db.port, cfg.db.database],
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]39 },
40 homeservers: cfg.homeservers,
41 admins: cfg.admins,
Piotr Dobrowolski21c8cd62021-09-16 13:07:54 +0200[diff] [blame]42 thumbnails: {
43 maxSourceBytes: 10485760 * 3,
44 },
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]45 datastores: [
46 {
47 type: "s3",
48 enabled: true,
49 forKinds: ["all"],
50 opts: {
51 tempPath: "/tmp/mediarepo_s3_upload",
52 endpoint: cfg.s3.endpoint,
53 accessKeyId: cfg.s3.accessKey,
54 accessSecret: cfg.s3.secretKey,
55 ssl: false,
56 bucketName: cfg.s3.bucketName,
57 region: cfg.s3.region,
58 },
59 }
60 ],
61 },
62
63 configSecret: app.ns.Contain(kube.Secret("media-repo-config")) {
64 data_: {
65 "config.yaml": std.manifestJsonEx(app.config, ""),
66 },
67 },
68
69 deployment: app.ns.Contain(kube.Deployment("media-repo")) {
70 spec+: {
71 replicas: 1,
72 template+: {
73 spec+: {
74 volumes_: {
75 config: kube.SecretVolume(app.configSecret),
76 tempdir: kube.EmptyDirVolume(),
77 },
78 containers_: {
79 repo: kube.Container("media-repo") {
80 image: cfg.image,
81 command: ["/usr/local/bin/media_repo"],
82 ports_: {
83 http: { containerPort: 8000 },
84 },
85 env_: {
86 REPO_CONFIG: "/config",
87 },
88 volumeMounts_: {
89 config: { mountPath: "/config" },
90 tempdir: { mountPath: "/tmp/mediarepo_s3_upload" },
91 },
Piotr Dobrowolski77af94d2021-09-16 22:17:58 +0200[diff] [blame]92 readinessProbe: {
93 httpGet: {
94 path: "/healthz",
95 port: "http",
96 },
97 initialDelaySeconds: 5,
98 periodSeconds: 10,
99 },
100 livenessProbe: {
101 httpGet: {
102 path: "/healthz",
103 port: "http",
104 },
105 initialDelaySeconds: 60,
106 periodSeconds: 30,
107 },
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]108 },
109 },
110 },
111 },
112 },
113 },
114
Serge Bazanskiebe60752021-09-16 11:28:00 +0200[diff] [blame]115 // Run //app/matrix/media-repo-proxy, if needed. This rewrites Host headers
116 // from the homeserver's serving Host to the MXID hostname (which
117 // matrix-media-repo expects).
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]118 //
Serge Bazanskiebe60752021-09-16 11:28:00 +0200[diff] [blame]119 // Currently we only are able to run one proxy for one homeserver config -
120 // but we don't expect to have multiple homeservers per matrix-media-repo
121 // any time soon.
122 local needProxying = [
123 h
124 for h in cfg.homeservers
125 if "https://%s" % [h.name] != h.csApi
126 ],
127 proxies: if std.length(needProxying) > 1 then error "can only proxy one homeserver" else
128 if std.length(needProxying) == 1 then {
129 local homeserver = needProxying[0],
130
131 local upstreamHost = homeserver.name,
132 local prefix = "https://",
133 local downstreamHost = std.substr(homeserver.csApi, std.length(prefix), std.length(homeserver.csApi)-std.length(prefix)),
134
135 deployment: app.ns.Contain(kube.Deployment("media-repo-proxy")) {
136 spec+: {
137 template+: {
138 spec+: {
139 containers_: {
140 default: kube.Container("default") {
141 image: "registry.k0.hswaw.net/q3k/media-repo-proxy:1631791816-18609443fffde38a055f504e80f95e44f49d2481",
142 command: [
143 "/app/matrix/media-repo-proxy",
144 "-downstream_host", downstreamHost,
145 "-upstream_host", upstreamHost,
146 "-upstream", app.internalSvc.host_colon_port,
147 "-listen", ":8080",
148 ],
149 ports_: {
150 http: { containerPort: 8080 },
151 },
152 },
153 },
154 },
155 },
156 },
157 },
158 } else {},
159
160 internalSvc: app.ns.Contain(kube.Service("media-repo-internal")) {
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]161 target:: app.deployment,
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]162 },
Serge Bazanskiebe60752021-09-16 11:28:00 +0200[diff] [blame]163
164 svc: if std.length(needProxying) > 0 then app.ns.Contain(kube.Service("media-repo")) {
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]165 target:: app.proxies.deployment,
Serge Bazanskiebe60752021-09-16 11:28:00 +0200[diff] [blame]166 } else app.internalSvc,
Piotr Dobrowolski122d5e52021-09-10 23:54:34 +0200[diff] [blame]167}