Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d / . / app / matrix / lib / appservice-irc.libsonnet
blob: 33fa5e12aeabad8db4a0e8ec636b6cf1023fe20b [file] [log] [blame]
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]2
3{
4 AppServiceIrc(name):: {
5 local bridge = self,
6 local cfg = bridge.cfg,
7 cfg:: {
8 metadata: {},
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]9 // Whether the bootstrap job should be created/updated. Kubernetes
10 // doesn't like changing the configuration of jobs, so once this
11 // appservice has been set up, this flag should be flipped to
12 // false.
13 bootstrapJob: true,
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]14 config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
Serge Bazanski41546732021-05-19 16:10:01 +0000[diff] [blame]15 local appservicecfg = self,
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]16 ircService+: {
Serge Bazanski41546732021-05-19 16:10:01 +0000[diff] [blame]17 [if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem",
18 debugApi+: {
19 # Unfortunately, we have to enable the debugApi if any
20 # configured server wants to use
21 # ignoreIdleUsersOnStartup. This is seemingly an
22 # appservice-irc bug:
23 # https://github.com/matrix-org/matrix-appservice-irc/issues/1240
24 enabled: std.length(std.filter(
25 function (k) (
26 local v = appservicecfg.ircService.servers[k];
27 v.membershipLists.ignoreIdleUsersOnStartup.enabled == true
28 ),
29 std.objectFields(appservicecfg.ircService.servers)
30 )) > 0,
31 },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]32 },
33 },
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]34 image: error "image must be set",
35 storageClassName: error "storageClassName must be set",
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]36
37 # RSA encryption private key secret name containing "key.pem" key
38 # Create using:
39 # kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
40 passwordEncryptionKeySecret: null,
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]41 },
42
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]43 config: kube.Secret("appservice-irc-%s" % [name]) {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]44 metadata+: cfg.metadata,
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]45 data_: {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]46 "config.yaml": std.manifestJsonEx(cfg.config, ""),
47 },
48 },
49
50 dataVolume: kube.PersistentVolumeClaim("appservice-irc-%s" % [name]) {
51 metadata+: cfg.metadata,
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]52 storage:: "10Gi",
53 storageClass:: cfg.storageClassName,
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]54 },
55
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]56 bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-irc-%s-bootstrap" % [name]) {
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]57 metadata+: cfg.metadata {
58 labels: {
59 "job-name": "appservice-irc-%s-bootstrap" % [name],
60 },
61 },
62 spec+: {
63 template+: {
64 spec+: {
65 volumes_: {
Serge Bazanski972e5462021-06-06 12:30:19 +0000[diff] [blame]66 config: kube.SecretVolume(bridge.config),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]67 },
68 containers_: {
69 bootstrap: kube.Container("appservice-irc-%s-bootstrap" % [name]) {
70 image: cfg.image,
71 command: ["sh", "-c", "node app.js -r -u http://appservice-irc-%s:9999 -c /config/config.yaml -f /tmp/registration.yaml && cat /tmp/registration.yaml" % [name]],
72 volumeMounts_: {
73 config: { mountPath: "/config" },
74 },
75 },
76 },
77 },
78 },
79 },
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]80 }) else {},
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]81
82 deployment: kube.Deployment("appservice-irc-%s" % [name]) {
83 metadata+: cfg.metadata,
84 spec+: {
85 replicas: 1,
86 template+: {
87 spec+: {
88 volumes_: {
Serge Bazanski856b2162021-05-19 22:03:20 +0000[diff] [blame]89 config: kube.SecretVolume(bridge.config),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]90 data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
91 registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]92 } + (if cfg.passwordEncryptionKeySecret != null then {
93 key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
94 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]95 nodeSelector: cfg.nodeSelector,
96 containers_: {
97 appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
98 image: cfg.image,
99 command: ["node", "app.js", "-c", "/config/config.yaml", "-f", "/registration/registration.yaml", "-p", "9999"],
100 ports_: {
101 http: { containerPort: 9999 },
102 },
103 volumeMounts_: {
104 registration: { mountPath: "/registration", },
105 config: { mountPath: "/config", },
106 data: { mountPath: "/data" },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame]107 } + (if cfg.passwordEncryptionKeySecret != null then {
108 key: { mountPath: "/key" },
109 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]110 },
111 },
112 },
113 },
114 },
115 },
116
117 svc: kube.Service("appservice-irc-%s" % [name]) {
118 metadata+: cfg.metadata,
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]119 target:: bridge.deployment,
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]120 },
121 },
122}