bump: v1.115.0 (#1)

Reviewed-on: #1

.env

@@ -1,6 +1,8 @@
 PROD_URL=matrix.gmoker.com
 SERVER_NAME=gmoker.com
-IMAGEAPP=ghcr.io/element-hq/synapse:v1.106.0
+IMAGEAPP=ghcr.io/element-hq/synapse:v1.115.0
 
 TURN_URL=turn.test.gmoker.com
-IMAGECOTURN=docker.io/coturn/coturn:4.6.2
+IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12
+
+MAX_UPLOAD_SIZE=50M

.gitea/workflows/deploy.yaml

@@ -12,10 +12,11 @@ jobs:
             BASE_URL="$PROD_URL"
           else
             BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com"
+            SERVER_NAME="$BASE_URL"
           fi
           cat <<EOF >> .env
           BASE_URL="$BASE_URL"
-          PUBLIC_URL="${PUBLIC_URL:-$BASE_URL}"
+          SERVER_NAME="$SERVER_NAME"
           EOF
           cat .env
 

config/homeserver.yaml

@@ -1,16 +1,16 @@
 server_name: "$SERVER_NAME"
 public_baseurl: "https://$BASE_URL"
 pid_file: /homeserver.pid
-web_client: false
+web_client: False
 soft_file_limit: 0
 log_config: "/config/log.config"
 
 listeners:
   - port: 8008
-    tls: false
-    type: http
-    x_forwarded: true
+    tls: False
     bind_addresses: ['::']
+    type: http
+    x_forwarded: False
     resources:
       - names: [client, federation]
         compress: true
@@ -39,7 +39,7 @@ federation_rc_concurrent: 3
 media_store_path: "/data/media"
 max_upload_size: "50M"
 max_image_pixels: "32M"
-dynamic_thumbnails: false
+dynamic_thumbnails: False
 
 thumbnail_sizes:
 - width: 32
@@ -58,24 +58,23 @@ thumbnail_sizes:
   height: 600
   method: scale
 
-url_preview_enabled: false
+url_preview_enabled: False
 max_spider_size: "10M"
 
-enable_registration_captcha: false
+enable_registration_captcha: False
 
 turn_uris: [ "turn:$TURN_URL?transport=tcp", "turn:$TURN_URL?transport=udp" ]
 turn_shared_secret: "$TURN_SHARED_SECRET"
 turn_user_lifetime: "1h"
-turn_allow_guests: true
+turn_allow_guests: True
 
-enable_registration: false
+enable_registration: False
 registration_shared_secret: "$REGISTRATION_SECRET"
 
-enable_metrics: true
-report_stats: true
+enable_metrics: True
+report_stats: True
 
 macaroon_secret_key: "$API_SECRET"
-expire_access_token: false
 
 signing_key_path: "/keys/signing.key"
 key_refresh_interval: "1d"
@@ -86,6 +85,6 @@ trusted_key_servers:
       "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 
 password_config:
-   enabled: true
+   enabled: True
 
 encryption_enabled_by_default_for_room_type: "all"

manifests/bin/deploy.sh

@@ -31,7 +31,7 @@ function kgcmkey() {
 }
 
 function get_synapse_key() {
-    kgcmkey synapse-config 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
+    kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
 }
 
 
@@ -47,11 +47,10 @@ export API_SECRET;                   API_SECRET="$(get_synapse_key macaroon_secr
 export TURN_SHARED_SECRET;   TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
 export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"
 
-kcreatecm synapse-config \
-    --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \
-    --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config)
+kcreatecm synapse \
+    --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \
+    --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config)
 
-kapply common/keys.yaml common/app.yaml common/delegation.yaml
+kapply common/keys.yaml common/app.yaml
 
-kubectl rollout restart deployment delegation
 kubectl rollout restart statefulset app

manifests/bin/prod.sh

@@ -4,3 +4,9 @@
 export NB_REPLICAS=1
 
 . ./manifests/bin/deploy.sh
+
+if [ "$GITHUB_REF_NAME" = prod ]; then
+    kapply common/delegation.yaml
+
+    kubectl rollout restart deployment delegation
+fi

manifests/common/app.yaml

@@ -4,6 +4,7 @@ kind: Ingress
 metadata:
   name: app
   annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "$MAX_UPLOAD_SIZE"
     cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
   ingressClassName: nginx
@@ -53,8 +54,6 @@ spec:
       labels:
         app: app
     spec:
-      imagePullSecrets:
-        - name: regcred
       containers:
         - name: app
           image: "$IMAGEAPP"
@@ -69,7 +68,6 @@ spec:
           volumeMounts:
             - name: config
               mountPath: /config/
-              readOnly: true
             - name: data
               mountPath: /data/
             - name: keys
@@ -79,7 +77,7 @@ spec:
       volumes:
         - name: config
           configMap:
-            name: synapse-config
+            name: synapse
         - name: keys
           persistentVolumeClaim:
             claimName: keys

manifests/common/turn.yaml

@@ -0,0 +1 @@
+# https://element-hq.github.io/synapse/latest/setup/turn/coturn.html

manifests/prod/delegation.yaml

@@ -85,7 +85,6 @@ spec:
           volumeMounts:
             - name: delegation
               mountPath: /etc/nginx/conf.d/
-              readOnly: true
       volumes:
         - name: delegation
           configMap: