From 0f359897fa858165871728d32812c1cadc38e3b8 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:43:25 +0200 Subject: [PATCH 1/8] feat: rename cm synapse-config -> synapse --- .env | 2 +- homeserver.yaml => config/homeserver.yaml | 0 log.config => config/log.config | 0 manifests/bin/deploy.sh | 4 ++-- manifests/common/app.yaml | 3 +-- manifests/common/delegation.yaml | 1 - 6 files changed, 4 insertions(+), 6 deletions(-) rename homeserver.yaml => config/homeserver.yaml (100%) rename log.config => config/log.config (100%) diff --git a/.env b/.env index 5df369c..bcb03b8 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ PROD_URL=matrix.gmoker.com SERVER_NAME=gmoker.com -IMAGEAPP=ghcr.io/element-hq/synapse:v1.106.0 +IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 TURN_URL=turn.test.gmoker.com IMAGECOTURN=docker.io/coturn/coturn:4.6.2 diff --git a/homeserver.yaml b/config/homeserver.yaml similarity index 100% rename from homeserver.yaml rename to config/homeserver.yaml diff --git a/log.config b/config/log.config similarity index 100% rename from log.config rename to config/log.config diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 31c4fac..0e134ef 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -31,7 +31,7 @@ function kgcmkey() { } function get_synapse_key() { - kgcmkey synapse-config 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32 + kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32 } @@ -47,7 +47,7 @@ export API_SECRET; API_SECRET="$(get_synapse_key macaroon_secr export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)" export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)" -kcreatecm synapse-config \ +kcreatecm synapse \ --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \ --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config) diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 7db7c30..2af9182 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -69,7 +69,6 @@ spec: volumeMounts: - name: config mountPath: /config/ - readOnly: true - name: data mountPath: /data/ - name: keys @@ -79,7 +78,7 @@ spec: volumes: - name: config configMap: - name: synapse-config + name: synapse - name: keys persistentVolumeClaim: claimName: keys diff --git a/manifests/common/delegation.yaml b/manifests/common/delegation.yaml index fe5dfd6..995c478 100644 --- a/manifests/common/delegation.yaml +++ b/manifests/common/delegation.yaml @@ -85,7 +85,6 @@ spec: volumeMounts: - name: delegation mountPath: /etc/nginx/conf.d/ - readOnly: true volumes: - name: delegation configMap: -- 2.45.2 From 2a8f3df4eb0e11541410851fec3eb84ee3292e0e Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:47:04 +0200 Subject: [PATCH 2/8] fix: config path --- manifests/bin/deploy.sh | 4 ++-- manifests/common/turn.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 manifests/common/turn.yaml diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 0e134ef..8ad5db1 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -48,8 +48,8 @@ export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_s export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)" kcreatecm synapse \ - --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \ - --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config) + --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \ + --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config) kapply common/keys.yaml common/app.yaml common/delegation.yaml diff --git a/manifests/common/turn.yaml b/manifests/common/turn.yaml new file mode 100644 index 0000000..2be3987 --- /dev/null +++ b/manifests/common/turn.yaml @@ -0,0 +1 @@ +# https://element-hq.github.io/synapse/latest/setup/turn/coturn.html -- 2.45.2 From bb099e98bf3aa46f576ac11e6fe6f18f6355c58e Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:49:45 +0200 Subject: [PATCH 3/8] fix: delegation prod-only --- manifests/bin/deploy.sh | 3 +-- manifests/bin/prod.sh | 4 ++++ manifests/{common => prod}/delegation.yaml | 0 3 files changed, 5 insertions(+), 2 deletions(-) rename manifests/{common => prod}/delegation.yaml (100%) diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 8ad5db1..cd0fe42 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -51,7 +51,6 @@ kcreatecm synapse \ --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \ --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config) -kapply common/keys.yaml common/app.yaml common/delegation.yaml +kapply common/keys.yaml common/app.yaml -kubectl rollout restart deployment delegation kubectl rollout restart statefulset app diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index db50906..6fc304b 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,3 +4,7 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh + +#kapply common/delegation.yaml + +#kubectl rollout restart deployment delegation diff --git a/manifests/common/delegation.yaml b/manifests/prod/delegation.yaml similarity index 100% rename from manifests/common/delegation.yaml rename to manifests/prod/delegation.yaml -- 2.45.2 From 57207d9b3db1033d03b6f44f7af922e8149a9090 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:52:08 +0200 Subject: [PATCH 4/8] feat: separate staging/prod binaries --- manifests/bin/prod.sh | 4 ---- manifests/bin/staging.sh | 7 +++++++ 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100755 manifests/bin/staging.sh diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index 6fc304b..db50906 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,7 +4,3 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh - -#kapply common/delegation.yaml - -#kubectl rollout restart deployment delegation diff --git a/manifests/bin/staging.sh b/manifests/bin/staging.sh new file mode 100755 index 0000000..27a60d6 --- /dev/null +++ b/manifests/bin/staging.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e + +. ./manifests/bin/staging.sh + +kapply common/delegation.yaml + +kubectl rollout restart deployment delegation -- 2.45.2 From 39e793a67a8dc4974af602184ef6bee2e0d082b5 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:55:06 +0200 Subject: [PATCH 5/8] fix: !staging.sh + if in prod.sh --- manifests/bin/prod.sh | 6 ++++++ manifests/bin/staging.sh | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) delete mode 100755 manifests/bin/staging.sh diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index db50906..018bd3b 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,3 +4,9 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh + +if [ "$GITHUB_REF_NAME" = prod ]; then + kapply common/delegation.yaml + + kubectl rollout restart deployment delegation +fi diff --git a/manifests/bin/staging.sh b/manifests/bin/staging.sh deleted file mode 100755 index 27a60d6..0000000 --- a/manifests/bin/staging.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -e - -. ./manifests/bin/staging.sh - -kapply common/delegation.yaml - -kubectl rollout restart deployment delegation -- 2.45.2 From 7916d34fa5595b9e33f3ea95a0246fabc1bb1619 Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 17 May 2024 15:02:20 +0200 Subject: [PATCH 6/8] fix: SERVER_NAME only for prod --- .gitea/workflows/deploy.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index f6d29c0..df9623a 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -12,10 +12,11 @@ jobs: BASE_URL="$PROD_URL" else BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com" + SERVER_NAME="$BASE_URL" fi cat <> .env BASE_URL="$BASE_URL" - PUBLIC_URL="${PUBLIC_URL:-$BASE_URL}" + SERVER_NAME="$SERVER_NAME" EOF cat .env -- 2.45.2 From 3ccf545e378e7c97ad0f57b5bd1c082814efb580 Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 17 May 2024 15:36:41 +0200 Subject: [PATCH 7/8] feat: MAX_UPLOAD_SIZE --- .env | 2 ++ manifests/common/app.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/.env b/.env index bcb03b8..95d0545 100644 --- a/.env +++ b/.env @@ -4,3 +4,5 @@ IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 TURN_URL=turn.test.gmoker.com IMAGECOTURN=docker.io/coturn/coturn:4.6.2 + +MAX_UPLOAD_SIZE=50M diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 2af9182..0e6d59c 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -4,6 +4,7 @@ kind: Ingress metadata: name: app annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "$MAX_UPLOAD_SIZE" cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx -- 2.45.2 From 398b25cfe21ddefe43e040226dd9de0d87b68b06 Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 27 Sep 2024 00:33:29 +0000 Subject: [PATCH 8/8] bump: v1.115.0 (#1) Reviewed-on: https://git.gmoker.com/gmoker/synapse/pulls/1 --- .env | 4 ++-- config/homeserver.yaml | 25 ++++++++++++------------- manifests/common/app.yaml | 2 -- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/.env b/.env index 95d0545..51a42f2 100644 --- a/.env +++ b/.env @@ -1,8 +1,8 @@ PROD_URL=matrix.gmoker.com SERVER_NAME=gmoker.com -IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 +IMAGEAPP=ghcr.io/element-hq/synapse:v1.115.0 TURN_URL=turn.test.gmoker.com -IMAGECOTURN=docker.io/coturn/coturn:4.6.2 +IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12 MAX_UPLOAD_SIZE=50M diff --git a/config/homeserver.yaml b/config/homeserver.yaml index 6073075..61abe1b 100644 --- a/config/homeserver.yaml +++ b/config/homeserver.yaml @@ -1,16 +1,16 @@ server_name: "$SERVER_NAME" public_baseurl: "https://$BASE_URL" pid_file: /homeserver.pid -web_client: false +web_client: False soft_file_limit: 0 log_config: "/config/log.config" listeners: - port: 8008 - tls: false - type: http - x_forwarded: true + tls: False bind_addresses: ['::'] + type: http + x_forwarded: False resources: - names: [client, federation] compress: true @@ -39,7 +39,7 @@ federation_rc_concurrent: 3 media_store_path: "/data/media" max_upload_size: "50M" max_image_pixels: "32M" -dynamic_thumbnails: false +dynamic_thumbnails: False thumbnail_sizes: - width: 32 @@ -58,24 +58,23 @@ thumbnail_sizes: height: 600 method: scale -url_preview_enabled: false +url_preview_enabled: False max_spider_size: "10M" -enable_registration_captcha: false +enable_registration_captcha: False turn_uris: [ "turn:$TURN_URL?transport=tcp", "turn:$TURN_URL?transport=udp" ] turn_shared_secret: "$TURN_SHARED_SECRET" turn_user_lifetime: "1h" -turn_allow_guests: true +turn_allow_guests: True -enable_registration: false +enable_registration: False registration_shared_secret: "$REGISTRATION_SECRET" -enable_metrics: true -report_stats: true +enable_metrics: True +report_stats: True macaroon_secret_key: "$API_SECRET" -expire_access_token: false signing_key_path: "/keys/signing.key" key_refresh_interval: "1d" @@ -86,6 +85,6 @@ trusted_key_servers: "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" password_config: - enabled: true + enabled: True encryption_enabled_by_default_for_room_type: "all" diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 0e6d59c..3d6b23f 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -54,8 +54,6 @@ spec: labels: app: app spec: - imagePullSecrets: - - name: regcred containers: - name: app image: "$IMAGEAPP" -- 2.45.2