debug

fix: kgcmkey quotes error
bump: 1.121.1
2024-12-28 13:16:09 +00:00 · 2024-12-28 13:02:43 +00:00 · 2024-12-23 03:35:45 +00:00 · 2024-09-27 07:43:03 +07:00 · 2024-09-27 07:43:02 +07:00 · 2024-09-27 07:43:02 +07:00
11 changed files with 63 additions and 48 deletions
--- a/.env
+++ b/.env
@ -1,6 +1,8 @@
 PROD_URL=matrix.gmoker.com
 SERVER_NAME=gmoker.com
-IMAGEAPP=ghcr.io/element-hq/synapse:v1.106.0
+IMAGEAPP=ghcr.io/element-hq/synapse:v1.121.1
-TURN_URL=turn.test.gmoker.com
+#TURN_URL=turn.test.gmoker.com
-IMAGECOTURN=docker.io/coturn/coturn:4.6.2
+#IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12
 MAX_UPLOAD_SIZE=50M
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@ -12,10 +12,11 @@ jobs:
            BASE_URL="$PROD_URL"
          else
            BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com"
            SERVER_NAME="$BASE_URL"
          fi
          cat <<EOF >> .env
          BASE_URL="$BASE_URL"
-          PUBLIC_URL="${PUBLIC_URL:-$BASE_URL}"
+          SERVER_NAME="$SERVER_NAME"
          EOF
          cat .env
--- a/compose.yaml
+++ b/compose.yaml
@ -1,12 +1,12 @@
 ---
 services:
  db:
-    image: docker.io/postgres:15
+    image: docker.io/postgres:17
    restart: unless-stopped
    environment:
-      - POSTGRES_DB
+      - POSTGRES_DB=db
-      - POSTGRES_USER
+      - POSTGRES_USER=db
-      - POSTGRES_PASSWORD
+      - POSTGRES_PASSWORD=db
    volumes:
      - db:/var/lib/postgresql/data/
@ -16,6 +16,11 @@ services:
    ports:
      - "8080:8008"
      - "8448:8448"
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=db
      - POSTGRES_USER=db
      - POSTGRES_PASSWORD=db
    volumes:
      - synapse_config:/config/
      - synapse_data:/data/
--- a/config/homeserver.yaml
+++ b/config/homeserver.yaml
@ -1,16 +1,16 @@
 server_name: "$SERVER_NAME"
 public_baseurl: "https://$BASE_URL"
 pid_file: /homeserver.pid
-web_client: false
+web_client: False
 soft_file_limit: 0
 log_config: "/config/log.config"
 listeners:
  - port: 8008
-    tls: false
+    tls: False
    type: http
    x_forwarded: true
    bind_addresses: ['::']
    type: http
    x_forwarded: False
    resources:
      - names: [client, federation]
        compress: true
@ -39,7 +39,7 @@ federation_rc_concurrent: 3
 media_store_path: "/data/media"
 max_upload_size: "50M"
 max_image_pixels: "32M"
-dynamic_thumbnails: false
+dynamic_thumbnails: False
 thumbnail_sizes:
 - width: 32
@ -58,24 +58,23 @@ thumbnail_sizes:
  height: 600
  method: scale
-url_preview_enabled: false
+url_preview_enabled: False
 max_spider_size: "10M"
-enable_registration_captcha: false
+enable_registration_captcha: False
 turn_uris: [ "turn:$TURN_URL?transport=tcp", "turn:$TURN_URL?transport=udp" ]
 turn_shared_secret: "$TURN_SHARED_SECRET"
 turn_user_lifetime: "1h"
-turn_allow_guests: true
+turn_allow_guests: True
-enable_registration: false
+enable_registration: False
 registration_shared_secret: "$REGISTRATION_SECRET"
-enable_metrics: true
+enable_metrics: True
-report_stats: true
+report_stats: True
 macaroon_secret_key: "$API_SECRET"
 expire_access_token: false
 signing_key_path: "/keys/signing.key"
 key_refresh_interval: "1d"
@ -86,6 +85,6 @@ trusted_key_servers:
      "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 password_config:
-   enabled: true
+   enabled: True
 encryption_enabled_by_default_for_room_type: "all"
--- a/config/log.config
+++ b/config/log.config
--- a/manifests/bin/deploy.sh
+++ b/manifests/bin/deploy.sh
@ -1,37 +1,40 @@
-#!/bin/bash -e
+#!/bin/bash
-set -o pipefail
+set -xeo pipefail
 function kapply() {
    for f in "$@"; do
-        kubectl apply -f \
+        kubectl apply -f <(envsubst < "manifests/$f")
            <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
    done
-}
+}; export -f kapply
 function kcreatesec() {
-    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
+    kubectl create secret generic --dry-run=client -oyaml "$@" | kubectl replace -f-
-}
+}; export -f kcreatesec
 function kcreatecm() {
-    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
+    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl replace -f-
-}
+}; export -f kcreatecm
 function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift
-    kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
+    if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then
-}
+        return 1
    fi
 }; export -f kgseckey
 function kgcmkey() {
-    local cm="$1"; shift
+    local cm="$1";  shift
    local key="$1"; shift
-    kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
+    if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then
-}
+        return 1
    fi
 }; export -f kgcmkey
 function get_synapse_key() {
-    kgcmkey synapse-config 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
+    kgcmkey synapse homeserver.yaml | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
 }
@ -47,11 +50,10 @@ export API_SECRET;                   API_SECRET="$(get_synapse_key macaroon_secr
 export TURN_SHARED_SECRET;   TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
 export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"
-kcreatecm synapse-config \
+kcreatecm synapse \
-    --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \
+    --from-file=homeserver.yaml=<(envsubst < config/homeserver.yaml) \
-    --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config)
+    --from-file=log.config=<(envsubst < config/log.config)
-kapply common/keys.yaml common/app.yaml common/delegation.yaml
+kapply common/keys.yaml common/app.yaml
 kubectl rollout restart deployment delegation
 kubectl rollout restart statefulset app
--- a/manifests/bin/devel.sh
+++ b/manifests/bin/devel.sh
@ -1,4 +1,5 @@
-#!/bin/bash -e
+#!/bin/bash
 set -eo pipefail
 export NB_REPLICAS=1
--- a/manifests/bin/prod.sh
+++ b/manifests/bin/prod.sh
@ -1,6 +1,13 @@
-#!/bin/bash -e
+#!/bin/bash
 set -eo pipefail
 # TODO: 3
 export NB_REPLICAS=1
 . ./manifests/bin/deploy.sh
 if [ "$GITHUB_REF_NAME" = prod ]; then
    kapply common/delegation.yaml
    kubectl rollout restart deployment delegation
 fi
--- a/manifests/common/app.yaml
+++ b/manifests/common/app.yaml
@ -4,6 +4,7 @@ kind: Ingress
 metadata:
  name: app
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "$MAX_UPLOAD_SIZE"
    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
  ingressClassName: nginx
@ -53,8 +54,6 @@ spec:
      labels:
        app: app
    spec:
      imagePullSecrets:
        - name: regcred
      containers:
        - name: app
          image: "$IMAGEAPP"
@ -69,7 +68,6 @@ spec:
          volumeMounts:
            - name: config
              mountPath: /config/
              readOnly: true
            - name: data
              mountPath: /data/
            - name: keys
@ -79,7 +77,7 @@ spec:
      volumes:
        - name: config
          configMap:
-            name: synapse-config
+            name: synapse
        - name: keys
          persistentVolumeClaim:
            claimName: keys
--- a/manifests/common/turn.yaml
+++ b/manifests/common/turn.yaml
@ -0,0 +1 @@
 # https://element-hq.github.io/synapse/latest/setup/turn/coturn.html
--- a/manifests/common/delegation.yaml
+++ b/manifests/common/delegation.yaml
@ -85,7 +85,6 @@ spec:
          volumeMounts:
            - name: delegation
              mountPath: /etc/nginx/conf.d/
              readOnly: true
      volumes:
        - name: delegation
          configMap:
Author	SHA1	Message	Date
ange	de9de2716a	debug Some checks failed / deploy (push) Failing after 5s Details	2024-12-28 13:16:09 +00:00
ange	c8543f2ce7	fix: kgcmkey quotes error Some checks failed / deploy (push) Failing after 5s Details	2024-12-28 13:02:43 +00:00
ange	5b894d0007	bump: 1.121.1 All checks were successful / deploy (push) Successful in 6s Details	2024-12-23 03:35:45 +00:00
ange	8dd4256576	bump: v1.155.0 All checks were successful / deploy (push) Successful in 5s Details	2024-09-27 07:43:03 +07:00
ange	32fbfc761c	bump: v1.114.0	2024-09-27 07:43:02 +07:00
ange	fc2331f951	bump: v1.113.0	2024-09-27 07:43:02 +07:00
ange	f2400f2144	bump: v1.112.0rc1	2024-09-27 07:43:02 +07:00
ange	37dcd82f2d	bump: v1.110.0	2024-09-27 07:43:02 +07:00
ange	e2bdccb8fa	bump: v1.110.0rc2	2024-09-27 07:43:02 +07:00
ange	3ed6a4ec45	bump: v1.109.0	2024-09-27 07:43:02 +07:00
ange	298901b14a	bump: v1.115.0 (#1 ) All checks were successful / deploy (push) Successful in 6s Details Reviewed-on: #1	2024-09-27 07:42:17 +07:00
ange	f74286c0e2	feat: MAX_UPLOAD_SIZE	2024-09-27 07:42:17 +07:00
ange	3017d80d8a	fix: SERVER_NAME only for prod	2024-09-27 07:42:17 +07:00
ange	1abe0f8d37	fix: !staging.sh + if in prod.sh	2024-09-27 07:42:17 +07:00
ange	b78d74390b	feat: separate staging/prod binaries	2024-09-27 07:42:17 +07:00
ange	abb225d362	fix: delegation prod-only	2024-09-27 07:42:17 +07:00
ange	2f4e00a44e	fix: config path	2024-09-27 07:42:16 +07:00
ange	1212109d47	feat: rename cm synapse-config -> synapse	2024-09-27 07:42:16 +07:00
		`@ -0,0 +1 @@`
							`# https://element-hq.github.io/synapse/latest/setup/turn/coturn.html`