Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 50e987cb683ba9ce46dc9a9ab2b32ca970da806e / . / app / matrix / lib / appservice-telegram.libsonnet
blob: 7c1221cc82c160862382e628b87ca158e7487a1c [file] [log] [blame]
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]2
3{
4 AppServiceTelegram(name):: {
5 local bridge = self,
6 local cfg = bridge.cfg,
7 cfg:: {
8 metadata: {},
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]9 // Whether the bootstrap job should be created/updated. Kubernetes
10 // doesn't like changing the configuration of jobs, so once this
11 // appservice has been set up, this flag should be flipped to
12 // false.
13 bootstrapJob: true,
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]14 image: error "image must be set",
15 storageClassName: error "storageClassName must be set",
16
17 // Data that will be serialized into the appservice's config.yaml.
18 // This is taken straight from a YAML that was generated by
19 // dock.mau.dev/tulir/mautrix-telegram:v0.8.2. We override here
20 // fields that we know are strictly necessary to be configured when
21 // instantiating this template.
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]22 config: (std.native("parseYaml")(importstr "appservice/appservice-telegram.yaml")[0]) + {
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]23 homeserver+: {
24 address: error "homeserver.address must be set",
25 domain: error "homeserver.domain must be set",
26 },
27 appservice+: {
28 address: bridge.svc.http_url,
29 // We disable this. I have no idea what it does, but it
30 // wants a secret. ~q3k
31 provisioning+: {
32 enabled: false,
33 shared_secret: if self.enabled then error "appservice.provisioning.shared_secret must be set" else "hackme",
34 },
35 id: error "appservice.id must be set",
36 as_token: "This value is generated when generating the registration",
37 hs_token: "This value is generated when generating the registration",
38 },
39 telegram+: {
40 api_id: error "telegram.api_id must be set",
41 api_hash: error "telegram.api_hash must be set",
42 bot_token: error "telegram.bot_token must be set",
43 },
44 bridge+: {
45 permissions: {
46 '*': "relaybot",
47 },
48 },
49 },
50 },
51
52 config: kube.Secret("appservice-telegram-%s" % [name]) {
53 metadata+: cfg.metadata,
54 data: {
55 "config.yaml": std.base64(std.manifestYamlDoc(cfg.config)),
56 },
57 },
58
59 dataVolume: kube.PersistentVolumeClaim("appservice-telegram-%s" % [name]) {
60 metadata+: cfg.metadata,
61 spec+: {
62 storageClassName: cfg.storageClassName,
63 accessModes: [ "ReadWriteOnce" ],
64 resources: {
65 requests: {
66 storage: "10Gi",
67 },
68 },
69 },
70 },
71
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]72 bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-telegram-%s-bootstrap" % [name]) {
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]73 metadata+: cfg.metadata {
74 labels: {
75 "job-name": "appservice-telegram-%s-bootstrap" % [name],
76 },
77 },
78 spec+: {
79 template+: {
80 spec+: {
81 volumes_: {
82 config: kube.SecretVolume(bridge.config),
83 },
84 containers_: {
85 bootstrap: kube.Container("appservice-telegram-%s-bootstrap" % [name]) {
86 image: cfg.image,
87 command: [
88 "sh", "-c",
89 "python3 -m mautrix_telegram -g -c /config/config.yaml -r /tmp/registration.yaml && echo SNIPSNIP && cat /tmp/registration.yaml",
90 ],
91 volumeMounts_: {
92 config: { mountPath: "/config" },
93 },
94 },
95 },
96 },
97 },
98 },
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]99 }) else {},
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]100
101 deployment: kube.Deployment("appservice-telegram-%s" % [name]) {
102 metadata+: cfg.metadata,
103 spec+: {
104 replicas: 1,
105 template+: {
106 spec+: {
107 volumes_: {
108 config: kube.SecretVolume(bridge.config),
109 data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
110 registration: { secret: { secretName: "appservice-telegram-%s-registration" % [name] } },
111 },
112 initContainers: [
113 // This container takes the stateless config from the Secret, and
114 // updates it with the registration secrets from the registration token.
115 kube.Container("generate-config") {
116 volumeMounts_: {
117 config: { mountPath: "/config", },
118 registration: { mountPath: "/registration", },
119 data: { mountPath: "/data" },
120 },
Serge Bazanski34f56932021-02-08 17:53:44 +0100[diff] [blame]121 image: "alpine:3.13",
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]122 command: [
123 "sh", "-c", |||
124 set -e -x
125 apk add --no-cache yq
126 cp /config/config.yaml /data/config.yaml
127 yq w -i /data/config.yaml appservice.as_token $(yq r /registration/registration.yaml as_token)
128 yq w -i /data/config.yaml appservice.hs_token $(yq r /registration/registration.yaml hs_token)
129 |||
130 ],
131 },
132 ],
133 containers_: {
134 appserviceIrc: kube.Container("appservice-telegram-%s" % [name]) {
135 image: cfg.image,
136 command: [
137 "sh", "-c", |||
138 alembic -x config=/data/config.yaml upgrade head
139 python3 -m mautrix_telegram -n -c /data/config.yaml
140 |||
141 ],
142 ports_: {
143 http: { containerPort: 29317 },
144 },
145 volumeMounts_: {
146 data: { mountPath: "/data" },
147 },
148 },
149 },
150 },
151 },
152 },
153 },
154
155 svc: kube.Service("appservice-telegram-%s" % [name]) {
156 metadata+: cfg.metadata,
157 target_pod:: bridge.deployment.spec.template,
158 },
159 },
160}