Blame - app/matrix/lib/appservice-telegram.libsonnet - hscloud

blob: fd2a9a0e20e3e40a8dd5cf1ad495f4037edc117e [file] [log] [blame]

Serge Bazanski	60076c7	2020-11-03 19:17:25 +0100	[diff] [blame^]	1	local kube = import "../../../kube/kube.libsonnet";
Serge Bazanski	de62751	2020-08-24 21:17:55 +0000	[diff] [blame]	2
				3	{
				4	AppServiceTelegram(name):: {
				5	local bridge = self,
				6	local cfg = bridge.cfg,
				7	cfg:: {
				8	metadata: {},
				9	image: error "image must be set",
				10	storageClassName: error "storageClassName must be set",
				11
				12	// Data that will be serialized into the appservice's config.yaml.
				13	// This is taken straight from a YAML that was generated by
				14	// dock.mau.dev/tulir/mautrix-telegram:v0.8.2. We override here
				15	// fields that we know are strictly necessary to be configured when
				16	// instantiating this template.
Serge Bazanski	60076c7	2020-11-03 19:17:25 +0100	[diff] [blame^]	17	config: (std.native("parseYaml")(importstr "appservice/appservice-telegram.yaml")[0]) + {
Serge Bazanski	de62751	2020-08-24 21:17:55 +0000	[diff] [blame]	18	homeserver+: {
				19	address: error "homeserver.address must be set",
				20	domain: error "homeserver.domain must be set",
				21	},
				22	appservice+: {
				23	address: bridge.svc.http_url,
				24	// We disable this. I have no idea what it does, but it
				25	// wants a secret. ~q3k
				26	provisioning+: {
				27	enabled: false,
				28	shared_secret: if self.enabled then error "appservice.provisioning.shared_secret must be set" else "hackme",
				29	},
				30	id: error "appservice.id must be set",
				31	as_token: "This value is generated when generating the registration",
				32	hs_token: "This value is generated when generating the registration",
				33	},
				34	telegram+: {
				35	api_id: error "telegram.api_id must be set",
				36	api_hash: error "telegram.api_hash must be set",
				37	bot_token: error "telegram.bot_token must be set",
				38	},
				39	bridge+: {
				40	permissions: {
				41	'*': "relaybot",
				42	},
				43	},
				44	},
				45	},
				46
				47	config: kube.Secret("appservice-telegram-%s" % [name]) {
				48	metadata+: cfg.metadata,
				49	data: {
				50	"config.yaml": std.base64(std.manifestYamlDoc(cfg.config)),
				51	},
				52	},
				53
				54	dataVolume: kube.PersistentVolumeClaim("appservice-telegram-%s" % [name]) {
				55	metadata+: cfg.metadata,
				56	spec+: {
				57	storageClassName: cfg.storageClassName,
				58	accessModes: [ "ReadWriteOnce" ],
				59	resources: {
				60	requests: {
				61	storage: "10Gi",
				62	},
				63	},
				64	},
				65	},
				66
				67	bootstrapJob: kube.Job("appservice-telegram-%s-bootstrap" % [name]) {
				68	metadata+: cfg.metadata {
				69	labels: {
				70	"job-name": "appservice-telegram-%s-bootstrap" % [name],
				71	},
				72	},
				73	spec+: {
				74	template+: {
				75	spec+: {
				76	volumes_: {
				77	config: kube.SecretVolume(bridge.config),
				78	},
				79	containers_: {
				80	bootstrap: kube.Container("appservice-telegram-%s-bootstrap" % [name]) {
				81	image: cfg.image,
				82	command: [
				83	"sh", "-c",
				84	"python3 -m mautrix_telegram -g -c /config/config.yaml -r /tmp/registration.yaml && echo SNIPSNIP && cat /tmp/registration.yaml",
				85	],
				86	volumeMounts_: {
				87	config: { mountPath: "/config" },
				88	},
				89	},
				90	},
				91	},
				92	},
				93	},
				94	},
				95
				96	deployment: kube.Deployment("appservice-telegram-%s" % [name]) {
				97	metadata+: cfg.metadata,
				98	spec+: {
				99	replicas: 1,
				100	template+: {
				101	spec+: {
				102	volumes_: {
				103	config: kube.SecretVolume(bridge.config),
				104	data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
				105	registration: { secret: { secretName: "appservice-telegram-%s-registration" % [name] } },
				106	},
				107	initContainers: [
				108	// This container takes the stateless config from the Secret, and
				109	// updates it with the registration secrets from the registration token.
				110	kube.Container("generate-config") {
				111	volumeMounts_: {
				112	config: { mountPath: "/config", },
				113	registration: { mountPath: "/registration", },
				114	data: { mountPath: "/data" },
				115	},
				116	// Ow, the edge! We need yq.
				117	// See: https://github.com/mikefarah/yq/issues/190#issuecomment-667519015
				118	image: "alpine@sha256:156f59dc1cbe233827642e09ed06e259ef6fa1ca9b2e29d52ae14d5e7b79d7f0",
				119	command: [
				120	"sh", "-c", \|\|\|
				121	set -e -x
				122	apk add --no-cache yq
				123	cp /config/config.yaml /data/config.yaml
				124	yq w -i /data/config.yaml appservice.as_token $(yq r /registration/registration.yaml as_token)
				125	yq w -i /data/config.yaml appservice.hs_token $(yq r /registration/registration.yaml hs_token)
				126	\|\|\|
				127	],
				128	},
				129	],
				130	containers_: {
				131	appserviceIrc: kube.Container("appservice-telegram-%s" % [name]) {
				132	image: cfg.image,
				133	command: [
				134	"sh", "-c", \|\|\|
				135	alembic -x config=/data/config.yaml upgrade head
				136	python3 -m mautrix_telegram -n -c /data/config.yaml
				137	\|\|\|
				138	],
				139	ports_: {
				140	http: { containerPort: 29317 },
				141	},
				142	volumeMounts_: {
				143	data: { mountPath: "/data" },
				144	},
				145	},
				146	},
				147	},
				148	},
				149	},
				150	},
				151
				152	svc: kube.Service("appservice-telegram-%s" % [name]) {
				153	metadata+: cfg.metadata,
				154	target_pod:: bridge.deployment.spec.template,
				155	},
				156	},
				157	}