Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d / . / app / matrix / lib / appservice-telegram.libsonnet
blob: 77eac1dfb4943530591c256f04ff6d4fd1fcc7c9 [file] [log] [blame]
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]2
3{
4 AppServiceTelegram(name):: {
5 local bridge = self,
6 local cfg = bridge.cfg,
7 cfg:: {
8 metadata: {},
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]9 // Whether the bootstrap job should be created/updated. Kubernetes
10 // doesn't like changing the configuration of jobs, so once this
11 // appservice has been set up, this flag should be flipped to
12 // false.
13 bootstrapJob: true,
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]14 image: error "image must be set",
15 storageClassName: error "storageClassName must be set",
16
17 // Data that will be serialized into the appservice's config.yaml.
18 // This is taken straight from a YAML that was generated by
19 // dock.mau.dev/tulir/mautrix-telegram:v0.8.2. We override here
20 // fields that we know are strictly necessary to be configured when
21 // instantiating this template.
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]22 config: (std.native("parseYaml")(importstr "appservice/appservice-telegram.yaml")[0]) + {
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]23 homeserver+: {
24 address: error "homeserver.address must be set",
25 domain: error "homeserver.domain must be set",
26 },
27 appservice+: {
28 address: bridge.svc.http_url,
29 // We disable this. I have no idea what it does, but it
30 // wants a secret. ~q3k
31 provisioning+: {
32 enabled: false,
33 shared_secret: if self.enabled then error "appservice.provisioning.shared_secret must be set" else "hackme",
34 },
35 id: error "appservice.id must be set",
36 as_token: "This value is generated when generating the registration",
37 hs_token: "This value is generated when generating the registration",
38 },
39 telegram+: {
40 api_id: error "telegram.api_id must be set",
41 api_hash: error "telegram.api_hash must be set",
42 bot_token: error "telegram.bot_token must be set",
43 },
44 bridge+: {
45 permissions: {
46 '*': "relaybot",
47 },
48 },
49 },
50 },
51
52 config: kube.Secret("appservice-telegram-%s" % [name]) {
53 metadata+: cfg.metadata,
54 data: {
55 "config.yaml": std.base64(std.manifestYamlDoc(cfg.config)),
56 },
57 },
58
59 dataVolume: kube.PersistentVolumeClaim("appservice-telegram-%s" % [name]) {
60 metadata+: cfg.metadata,
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]61 storage:: "10Gi",
62 storageClass:: cfg.storageClassName,
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]63 },
64
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]65 bootstrapJob: if cfg.bootstrapJob then (kube.Job("appservice-telegram-%s-bootstrap" % [name]) {
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]66 metadata+: cfg.metadata {
67 labels: {
68 "job-name": "appservice-telegram-%s-bootstrap" % [name],
69 },
70 },
71 spec+: {
72 template+: {
73 spec+: {
74 volumes_: {
75 config: kube.SecretVolume(bridge.config),
76 },
77 containers_: {
78 bootstrap: kube.Container("appservice-telegram-%s-bootstrap" % [name]) {
79 image: cfg.image,
80 command: [
81 "sh", "-c",
82 "python3 -m mautrix_telegram -g -c /config/config.yaml -r /tmp/registration.yaml && echo SNIPSNIP && cat /tmp/registration.yaml",
83 ],
84 volumeMounts_: {
85 config: { mountPath: "/config" },
86 },
87 },
88 },
89 },
90 },
91 },
Serge Bazanski25cd6502021-05-19 16:05:38 +0000[diff] [blame]92 }) else {},
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]93
94 deployment: kube.Deployment("appservice-telegram-%s" % [name]) {
95 metadata+: cfg.metadata,
96 spec+: {
97 replicas: 1,
98 template+: {
99 spec+: {
100 volumes_: {
101 config: kube.SecretVolume(bridge.config),
102 data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
103 registration: { secret: { secretName: "appservice-telegram-%s-registration" % [name] } },
104 },
105 initContainers: [
106 // This container takes the stateless config from the Secret, and
107 // updates it with the registration secrets from the registration token.
108 kube.Container("generate-config") {
109 volumeMounts_: {
110 config: { mountPath: "/config", },
111 registration: { mountPath: "/registration", },
112 data: { mountPath: "/data" },
113 },
Serge Bazanski34f56932021-02-08 17:53:44 +0100[diff] [blame]114 image: "alpine:3.13",
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]115 command: [
116 "sh", "-c", |||
117 set -e -x
118 apk add --no-cache yq
119 cp /config/config.yaml /data/config.yaml
120 yq w -i /data/config.yaml appservice.as_token $(yq r /registration/registration.yaml as_token)
121 yq w -i /data/config.yaml appservice.hs_token $(yq r /registration/registration.yaml hs_token)
122 |||
123 ],
124 },
125 ],
126 containers_: {
127 appserviceIrc: kube.Container("appservice-telegram-%s" % [name]) {
128 image: cfg.image,
129 command: [
130 "sh", "-c", |||
131 alembic -x config=/data/config.yaml upgrade head
132 python3 -m mautrix_telegram -n -c /data/config.yaml
133 |||
134 ],
135 ports_: {
136 http: { containerPort: 29317 },
137 },
138 volumeMounts_: {
139 data: { mountPath: "/data" },
140 },
141 },
142 },
143 },
144 },
145 },
146 },
147
148 svc: kube.Service("appservice-telegram-%s" % [name]) {
149 metadata+: cfg.metadata,
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]150 target:: bridge.deployment,
Serge Bazanskide627512020-08-24 21:17:55 +0000[diff] [blame]151 },
152 },
153}