From 1212109d47bfa2e49f6391eb88e9ee6dddc09f3b Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:43:25 +0200 Subject: [PATCH 1/9] feat: rename cm synapse-config -> synapse --- .env | 2 +- homeserver.yaml => config/homeserver.yaml | 0 log.config => config/log.config | 0 manifests/bin/deploy.sh | 4 ++-- manifests/common/app.yaml | 3 +-- manifests/common/delegation.yaml | 1 - 6 files changed, 4 insertions(+), 6 deletions(-) rename homeserver.yaml => config/homeserver.yaml (100%) rename log.config => config/log.config (100%) diff --git a/.env b/.env index 5df369c..bcb03b8 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ PROD_URL=matrix.gmoker.com SERVER_NAME=gmoker.com -IMAGEAPP=ghcr.io/element-hq/synapse:v1.106.0 +IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 TURN_URL=turn.test.gmoker.com IMAGECOTURN=docker.io/coturn/coturn:4.6.2 diff --git a/homeserver.yaml b/config/homeserver.yaml similarity index 100% rename from homeserver.yaml rename to config/homeserver.yaml diff --git a/log.config b/config/log.config similarity index 100% rename from log.config rename to config/log.config diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 31c4fac..0e134ef 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -31,7 +31,7 @@ function kgcmkey() { } function get_synapse_key() { - kgcmkey synapse-config 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32 + kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32 } @@ -47,7 +47,7 @@ export API_SECRET; API_SECRET="$(get_synapse_key macaroon_secr export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)" export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)" -kcreatecm synapse-config \ +kcreatecm synapse \ --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \ --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config) diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 7db7c30..2af9182 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -69,7 +69,6 @@ spec: volumeMounts: - name: config mountPath: /config/ - readOnly: true - name: data mountPath: /data/ - name: keys @@ -79,7 +78,7 @@ spec: volumes: - name: config configMap: - name: synapse-config + name: synapse - name: keys persistentVolumeClaim: claimName: keys diff --git a/manifests/common/delegation.yaml b/manifests/common/delegation.yaml index fe5dfd6..995c478 100644 --- a/manifests/common/delegation.yaml +++ b/manifests/common/delegation.yaml @@ -85,7 +85,6 @@ spec: volumeMounts: - name: delegation mountPath: /etc/nginx/conf.d/ - readOnly: true volumes: - name: delegation configMap: -- 2.45.2 From 2f4e00a44e9ba6336068e58705c56f8e803277c2 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:47:04 +0200 Subject: [PATCH 2/9] fix: config path --- manifests/bin/deploy.sh | 4 ++-- manifests/common/turn.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 manifests/common/turn.yaml diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 0e134ef..8ad5db1 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -48,8 +48,8 @@ export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_s export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)" kcreatecm synapse \ - --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < homeserver.yaml) \ - --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < log.config) + --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \ + --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config) kapply common/keys.yaml common/app.yaml common/delegation.yaml diff --git a/manifests/common/turn.yaml b/manifests/common/turn.yaml new file mode 100644 index 0000000..2be3987 --- /dev/null +++ b/manifests/common/turn.yaml @@ -0,0 +1 @@ +# https://element-hq.github.io/synapse/latest/setup/turn/coturn.html -- 2.45.2 From abb225d36281bb89617363cd7efe51807c0e87e6 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:49:45 +0200 Subject: [PATCH 3/9] fix: delegation prod-only --- manifests/bin/deploy.sh | 3 +-- manifests/bin/prod.sh | 4 ++++ manifests/{common => prod}/delegation.yaml | 0 3 files changed, 5 insertions(+), 2 deletions(-) rename manifests/{common => prod}/delegation.yaml (100%) diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index 8ad5db1..cd0fe42 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -51,7 +51,6 @@ kcreatecm synapse \ --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \ --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config) -kapply common/keys.yaml common/app.yaml common/delegation.yaml +kapply common/keys.yaml common/app.yaml -kubectl rollout restart deployment delegation kubectl rollout restart statefulset app diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index db50906..6fc304b 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,3 +4,7 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh + +#kapply common/delegation.yaml + +#kubectl rollout restart deployment delegation diff --git a/manifests/common/delegation.yaml b/manifests/prod/delegation.yaml similarity index 100% rename from manifests/common/delegation.yaml rename to manifests/prod/delegation.yaml -- 2.45.2 From b78d74390b6d07faa66e1c52a36ded27b6553478 Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:52:08 +0200 Subject: [PATCH 4/9] feat: separate staging/prod binaries --- manifests/bin/prod.sh | 4 ---- manifests/bin/staging.sh | 7 +++++++ 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100755 manifests/bin/staging.sh diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index 6fc304b..db50906 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,7 +4,3 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh - -#kapply common/delegation.yaml - -#kubectl rollout restart deployment delegation diff --git a/manifests/bin/staging.sh b/manifests/bin/staging.sh new file mode 100755 index 0000000..27a60d6 --- /dev/null +++ b/manifests/bin/staging.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e + +. ./manifests/bin/staging.sh + +kapply common/delegation.yaml + +kubectl rollout restart deployment delegation -- 2.45.2 From 1abe0f8d374296eb8a9eb69cf8e184e96410e3be Mon Sep 17 00:00:00 2001 From: ange Date: Wed, 15 May 2024 23:55:06 +0200 Subject: [PATCH 5/9] fix: !staging.sh + if in prod.sh --- manifests/bin/prod.sh | 6 ++++++ manifests/bin/staging.sh | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) delete mode 100755 manifests/bin/staging.sh diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index db50906..018bd3b 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -4,3 +4,9 @@ export NB_REPLICAS=1 . ./manifests/bin/deploy.sh + +if [ "$GITHUB_REF_NAME" = prod ]; then + kapply common/delegation.yaml + + kubectl rollout restart deployment delegation +fi diff --git a/manifests/bin/staging.sh b/manifests/bin/staging.sh deleted file mode 100755 index 27a60d6..0000000 --- a/manifests/bin/staging.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -e - -. ./manifests/bin/staging.sh - -kapply common/delegation.yaml - -kubectl rollout restart deployment delegation -- 2.45.2 From 3017d80d8aa6541c7c0501bc21b11ca12713aaff Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 17 May 2024 15:02:20 +0200 Subject: [PATCH 6/9] fix: SERVER_NAME only for prod --- .gitea/workflows/deploy.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index f6d29c0..df9623a 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -12,10 +12,11 @@ jobs: BASE_URL="$PROD_URL" else BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com" + SERVER_NAME="$BASE_URL" fi cat <> .env BASE_URL="$BASE_URL" - PUBLIC_URL="${PUBLIC_URL:-$BASE_URL}" + SERVER_NAME="$SERVER_NAME" EOF cat .env -- 2.45.2 From f74286c0e2577c138b7538f6e53ebb6526bb30fa Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 17 May 2024 15:36:41 +0200 Subject: [PATCH 7/9] feat: MAX_UPLOAD_SIZE --- .env | 2 ++ manifests/common/app.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/.env b/.env index bcb03b8..95d0545 100644 --- a/.env +++ b/.env @@ -4,3 +4,5 @@ IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 TURN_URL=turn.test.gmoker.com IMAGECOTURN=docker.io/coturn/coturn:4.6.2 + +MAX_UPLOAD_SIZE=50M diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 2af9182..0e6d59c 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -4,6 +4,7 @@ kind: Ingress metadata: name: app annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "$MAX_UPLOAD_SIZE" cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx -- 2.45.2 From 298901b14a61ed7a4dee8c165e437dea9895e7d8 Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 27 Sep 2024 00:33:29 +0000 Subject: [PATCH 8/9] bump: v1.115.0 (#1) Reviewed-on: https://git.gmoker.com/gmoker/synapse/pulls/1 --- .env | 4 ++-- config/homeserver.yaml | 25 ++++++++++++------------- manifests/common/app.yaml | 2 -- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/.env b/.env index 95d0545..51a42f2 100644 --- a/.env +++ b/.env @@ -1,8 +1,8 @@ PROD_URL=matrix.gmoker.com SERVER_NAME=gmoker.com -IMAGEAPP=ghcr.io/element-hq/synapse:v1.107.0 +IMAGEAPP=ghcr.io/element-hq/synapse:v1.115.0 TURN_URL=turn.test.gmoker.com -IMAGECOTURN=docker.io/coturn/coturn:4.6.2 +IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12 MAX_UPLOAD_SIZE=50M diff --git a/config/homeserver.yaml b/config/homeserver.yaml index 6073075..61abe1b 100644 --- a/config/homeserver.yaml +++ b/config/homeserver.yaml @@ -1,16 +1,16 @@ server_name: "$SERVER_NAME" public_baseurl: "https://$BASE_URL" pid_file: /homeserver.pid -web_client: false +web_client: False soft_file_limit: 0 log_config: "/config/log.config" listeners: - port: 8008 - tls: false - type: http - x_forwarded: true + tls: False bind_addresses: ['::'] + type: http + x_forwarded: False resources: - names: [client, federation] compress: true @@ -39,7 +39,7 @@ federation_rc_concurrent: 3 media_store_path: "/data/media" max_upload_size: "50M" max_image_pixels: "32M" -dynamic_thumbnails: false +dynamic_thumbnails: False thumbnail_sizes: - width: 32 @@ -58,24 +58,23 @@ thumbnail_sizes: height: 600 method: scale -url_preview_enabled: false +url_preview_enabled: False max_spider_size: "10M" -enable_registration_captcha: false +enable_registration_captcha: False turn_uris: [ "turn:$TURN_URL?transport=tcp", "turn:$TURN_URL?transport=udp" ] turn_shared_secret: "$TURN_SHARED_SECRET" turn_user_lifetime: "1h" -turn_allow_guests: true +turn_allow_guests: True -enable_registration: false +enable_registration: False registration_shared_secret: "$REGISTRATION_SECRET" -enable_metrics: true -report_stats: true +enable_metrics: True +report_stats: True macaroon_secret_key: "$API_SECRET" -expire_access_token: false signing_key_path: "/keys/signing.key" key_refresh_interval: "1d" @@ -86,6 +85,6 @@ trusted_key_servers: "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" password_config: - enabled: true + enabled: True encryption_enabled_by_default_for_room_type: "all" diff --git a/manifests/common/app.yaml b/manifests/common/app.yaml index 0e6d59c..3d6b23f 100644 --- a/manifests/common/app.yaml +++ b/manifests/common/app.yaml @@ -54,8 +54,6 @@ spec: labels: app: app spec: - imagePullSecrets: - - name: regcred containers: - name: app image: "$IMAGEAPP" -- 2.45.2 From b0d8cddd7b6957e3b565f74bf2b6d7ec5cef7d1c Mon Sep 17 00:00:00 2001 From: ange Date: Mon, 23 Dec 2024 03:40:25 +0000 Subject: [PATCH 9/9] bump: 1.21.1 (#3) Reviewed-on: https://git.gmoker.com/gmoker/synapse/pulls/3 --- .env | 6 +++--- compose.yaml | 13 +++++++++---- manifests/bin/deploy.sh | 27 +++++++++++++++------------ manifests/bin/devel.sh | 1 + manifests/bin/prod.sh | 1 + 5 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.env b/.env index 51a42f2..ee88b05 100644 --- a/.env +++ b/.env @@ -1,8 +1,8 @@ PROD_URL=matrix.gmoker.com SERVER_NAME=gmoker.com -IMAGEAPP=ghcr.io/element-hq/synapse:v1.115.0 +IMAGEAPP=ghcr.io/element-hq/synapse:v1.121.1 -TURN_URL=turn.test.gmoker.com -IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12 +#TURN_URL=turn.test.gmoker.com +#IMAGECOTURN=docker.io/coturn/coturn:4.6.2-r12 MAX_UPLOAD_SIZE=50M diff --git a/compose.yaml b/compose.yaml index c7e182c..71a3b09 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,12 +1,12 @@ --- services: db: - image: docker.io/postgres:15 + image: docker.io/postgres:17 restart: unless-stopped environment: - - POSTGRES_DB - - POSTGRES_USER - - POSTGRES_PASSWORD + - POSTGRES_DB=db + - POSTGRES_USER=db + - POSTGRES_PASSWORD=db volumes: - db:/var/lib/postgresql/data/ @@ -16,6 +16,11 @@ services: ports: - "8080:8008" - "8448:8448" + environment: + - POSTGRES_HOST=db + - POSTGRES_DB=db + - POSTGRES_USER=db + - POSTGRES_PASSWORD=db volumes: - synapse_config:/config/ - synapse_data:/data/ diff --git a/manifests/bin/deploy.sh b/manifests/bin/deploy.sh index cd0fe42..2e8c599 100755 --- a/manifests/bin/deploy.sh +++ b/manifests/bin/deploy.sh @@ -3,32 +3,35 @@ set -o pipefail function kapply() { for f in "$@"; do - kubectl apply -f \ - <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f") + kubectl apply -f <(envsubst < "manifests/$f") done -} +}; export -f kapply function kcreatesec() { - kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f- -} + kubectl create secret generic --dry-run=client -oyaml "$@" | kubectl replace -f- +}; export -f kcreatesec function kcreatecm() { - kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f- -} + kubectl create configmap --dry-run=client -oyaml "$@" | kubectl replace -f- +}; export -f kcreatecm function kgseckey() { local sec="$1"; shift local key="$1"; shift - kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d -} + if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then + return 1 + fi +}; export -f kgseckey function kgcmkey() { - local cm="$1"; shift + local cm="$1"; shift local key="$1"; shift - kubectl get configmap "$cm" -o jsonpath="{.data.$key}" -} + if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then + return 1 + fi +}; export -f kgcmkey function get_synapse_key() { kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32 diff --git a/manifests/bin/devel.sh b/manifests/bin/devel.sh index 464c4d0..65675aa 100755 --- a/manifests/bin/devel.sh +++ b/manifests/bin/devel.sh @@ -1,4 +1,5 @@ #!/bin/bash -e +set -o pipefail export NB_REPLICAS=1 diff --git a/manifests/bin/prod.sh b/manifests/bin/prod.sh index 018bd3b..f70a7f1 100755 --- a/manifests/bin/prod.sh +++ b/manifests/bin/prod.sh @@ -1,4 +1,5 @@ #!/bin/bash -e +set -o pipefail # TODO: 3 export NB_REPLICAS=1 -- 2.45.2