gmoker/synapse
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
ange 2024-05-01 11:29:32 +02:00
commit 54c90b1caf
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
15 changed files with 348 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env Normal file
View File

@ -0,0 +1,4 @@
IMAGEAPP=ghcr.io/element-hq/synapse:v1.105.0
IMAGECOTURN=docker.io/coturn/coturn:4.6.2
TURN_URL=turn.test.gmoker.com

18
.gitea/workflows/deploy.yaml Normal file
View File

@ -0,0 +1,18 @@
on: push
jobs:
build:
name: test
runs-on: debian
steps:
- uses: actions/checkout@v1
- name: setup env
run: |
cat <<EOF >> .env
BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com"
EOF
cat .env
- uses: actions/k8sdeploy@v1
with:
kubeconfig: "${{ secrets.K8S }}"

1
README.md Normal file
View File

@ -0,0 +1 @@
# Synapse

26
compose.yaml Normal file
View File

@ -0,0 +1,26 @@
---
services:
db:
image: docker.io/postgres:15
restart: unless-stopped
environment:
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
volumes:
- db:/var/lib/postgresql/data/
synapse:
image: "$IMAGEAPP"
restart: unless-stopped
ports:
- "8080:8008"
- "8448:8448"
volumes:
- synapse_config:/config/
- synapse_data:/data/
volumes:
db: {}
synapse_config: {}
synapse_data: {}

92
homeserver.yaml Normal file
View File

@ -0,0 +1,92 @@
server_name: "$BASE_URL"
pid_file: /homeserver.pid
web_client: false
soft_file_limit: 0
log_config: "/config/log.config"
listeners:
- port: 8008
tls: false
bind_addresses: ['::']
type: http
x_forwarded: false
resources:
- names: [client]
compress: true
- names: [federation]
compress: false
database:
name: "psycopg2"
args:
host: "$POSTGRES_HOST"
port: "$POSTGRES_PORT"
database: "$POSTGRES_DB"
user: "$POSTGRES_USER"
password: "$POSTGRES_PASSWORD"
cp_min: 5
cp_max: 10
event_cache_size: "10K"
rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
media_store_path: "/data/media"
max_upload_size: "50M"
max_image_pixels: "32M"
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: false
max_spider_size: "10M"
enable_registration_captcha: false
turn_uris: [ "turn:$TURN_URL?transport=tcp", "turn:$TURN_URL?transport=udp" ]
turn_shared_secret: "$TURN_SHARED_SECRET"
turn_user_lifetime: "1h"
turn_allow_guests: true
enable_registration: false
registration_shared_secret: "$REGISTRATION_SECRET"
enable_metrics: true
report_stats: true
macaroon_secret_key: "$API_SECRET"
expire_access_token: false
signing_key_path: "/keys/signing.key"
key_refresh_interval: "1d"
trusted_key_servers:
- server_name: matrix.org
verify_keys:
"ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
password_config:
enabled: true
encryption_enabled_by_default_for_room_type: "all"

22
log.config Normal file
View File

@ -0,0 +1,22 @@
# vim: ft=yaml
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
level: INFO
root:
level: INFO
handlers: [console]
disable_existing_loggers: false

56
manifests/bin/deploy.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash -e
set -o pipefail
function kapply() {
for f in "$@"; do
kubectl apply -f \
<(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
done
}
function kcreatesec() {
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kcreatecm() {
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kgseckey() {
local sec="$1"; shift
local key="$1"; shift
kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
}
function kgcmkey() {
local cm="$1"; shift
local key="$1"; shift
kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
}
function get_synapse_key() {
kgcmkey synapse-config 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
}
kapply common/db.yaml
export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
export API_SECRET; API_SECRET="$(get_synapse_key macaroon_secret_key)"
export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"
kcreatecm synapse-config \
--from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \
--from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config)
kapply common/keys.yaml common/app.yaml
kubectl rollout restart statefulset app

5
manifests/bin/devel.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash -e
export NB_REPLICAS=1
. ./manifests/bin/deploy.sh

5
manifests/bin/prod.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash -e
export NB_REPLICAS=3
. ./manifests/bin/deploy.sh

95
manifests/common/app.yaml Normal file
View File

@ -0,0 +1,95 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- secretName: tls-app
hosts:
- "$BASE_URL"
rules:
- host: "$BASE_URL"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app
port:
name: http
---
apiVersion: v1
kind: Service
metadata:
name: app
labels:
app: app
spec:
selector:
app: app
ports:
- name: http
port: 80
targetPort: http
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: app
labels:
app: app
spec:
replicas: $NB_REPLICAS
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
imagePullSecrets:
- name: regcred
containers:
- name: app
image: "$IMAGEAPP"
ports:
- name: http
containerPort: 8008
env:
- name: SYNAPSE_CONFIG_PATH
value: /config/homeserver.yaml
- name: SYNAPSE_CONFIG_DIR
value: /keys/
volumeMounts:
- name: config
mountPath: /config/
readOnly: true
- name: data
mountPath: /data/
- name: keys
mountPath: /keys/
securityContext:
fsGroup: 991
volumes:
- name: config
configMap:
name: synapse-config
- name: keys
persistentVolumeClaim:
claimName: keys
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs-csi
resources:
requests:
storage: 10Gi

9
manifests/common/db.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
spec:
instances: $NB_REPLICAS
storage:
size: 10Gi

12
manifests/common/keys.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keys
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs-csi
resources:
requests:
storage: 10Mi

0
manifests/devel/.gitkeep Normal file
View File

0
manifests/prod/.gitkeep Normal file
View File

3
new_user.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash -e
kubectl exec -it -n synapse svc/app -- register_new_matrix_user -c /config/homeserver.yaml