Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 50e987cb683ba9ce46dc9a9ab2b32ca970da806e / . / app / matrix / lib / appservice-irc.libsonnet
blob: 7906463921fdaaf54bf43eae6d2d53e6c347c0d5 [file] [log] [blame]
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]2
3{
4 AppServiceIrc(name):: {
5 local bridge = self,
6 local cfg = bridge.cfg,
7 cfg:: {
8 metadata: {},
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]9 // Whether the bootstrap job should be created/updated. Kubernetes
10 // doesn't like changing the configuration of jobs, so once this
11 // appservice has been set up, this flag should be flipped to
12 // false.
13 bootstrapJob: true,
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]14 config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
Serge Bazanski41546732021-05-19 16:10:01 +0000[diff] [blame]15 local appservicecfg = self,
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]16 ircService+: {
Serge Bazanski41546732021-05-19 16:10:01 +0000[diff] [blame]17 [if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem",
18 debugApi+: {
19 # Unfortunately, we have to enable the debugApi if any
20 # configured server wants to use
21 # ignoreIdleUsersOnStartup. This is seemingly an
22 # appservice-irc bug:
23 # https://github.com/matrix-org/matrix-appservice-irc/issues/1240
24 enabled: std.length(std.filter(
25 function (k) (
26 local v = appservicecfg.ircService.servers[k];
27 v.membershipLists.ignoreIdleUsersOnStartup.enabled == true
28 ),
29 std.objectFields(appservicecfg.ircService.servers)
30 )) > 0,
31 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]32 },
33 },
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]34 image: error "image must be set",
35 storageClassName: error "storageClassName must be set",
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]36
37 # RSA encryption private key secret name containing "key.pem" key
38 # Create using:
39 # kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
40 passwordEncryptionKeySecret: null,
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]41 },
42
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]43 config: kube.Secret("appservice-irc-%s" % [name]) {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]44 metadata+: cfg.metadata,
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]45 data_: {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]46 "config.yaml": std.manifestJsonEx(cfg.config, ""),
47 },
48 },
49
50 dataVolume: kube.PersistentVolumeClaim("appservice-irc-%s" % [name]) {
51 metadata+: cfg.metadata,
52 spec+: {
53 storageClassName: cfg.storageClassName,
54 accessModes: [ "ReadWriteOnce" ],
55 resources: {
56 requests: {
57 storage: "10Gi",
58 },
59 },
60 },
61 },
62
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]63 bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-irc-%s-bootstrap" % [name]) {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]64 metadata+: cfg.metadata {
65 labels: {
66 "job-name": "appservice-irc-%s-bootstrap" % [name],
67 },
68 },
69 spec+: {
70 template+: {
71 spec+: {
72 volumes_: {
Serge Bazanski972e5462021-06-06 12:30:19 +0000[diff] [blame]73 config: kube.SecretVolume(bridge.config),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]74 },
75 containers_: {
76 bootstrap: kube.Container("appservice-irc-%s-bootstrap" % [name]) {
77 image: cfg.image,
78 command: ["sh", "-c", "node app.js -r -u http://appservice-irc-%s:9999 -c /config/config.yaml -f /tmp/registration.yaml && cat /tmp/registration.yaml" % [name]],
79 volumeMounts_: {
80 config: { mountPath: "/config" },
81 },
82 },
83 },
84 },
85 },
86 },
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]87 }) else {},
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]88
89 deployment: kube.Deployment("appservice-irc-%s" % [name]) {
90 metadata+: cfg.metadata,
91 spec+: {
92 replicas: 1,
93 template+: {
94 spec+: {
95 volumes_: {
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]96 config: kube.SecretVolume(bridge.config),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]97 data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
98 registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]99 } + (if cfg.passwordEncryptionKeySecret != null then {
100 key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
101 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]102 nodeSelector: cfg.nodeSelector,
103 containers_: {
104 appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
105 image: cfg.image,
106 command: ["node", "app.js", "-c", "/config/config.yaml", "-f", "/registration/registration.yaml", "-p", "9999"],
107 ports_: {
108 http: { containerPort: 9999 },
109 },
110 volumeMounts_: {
111 registration: { mountPath: "/registration", },
112 config: { mountPath: "/config", },
113 data: { mountPath: "/data" },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]114 } + (if cfg.passwordEncryptionKeySecret != null then {
115 key: { mountPath: "/key" },
116 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]117 },
118 },
119 },
120 },
121 },
122 },
123
124 svc: kube.Service("appservice-irc-%s" % [name]) {
125 metadata+: cfg.metadata,
126 target_pod:: bridge.deployment.spec.template,
127 },
128 },
129}