bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/comms/seed-othrys-room.yaml

138 lines
6.7 KiB
YAML
Raw Normal View History

comms: consolidate stack manifests
2026-01-08 01:55:58 -03:00
# services/comms/seed-othrys-room.yaml
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
apiVersion: batch/v1
kind: CronJob
metadata:
name: seed-othrys-room
comms: reset othrys room
2026-01-01 16:29:11 -03:00
namespace: comms
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
spec:
schedule: "*/10 * * * *"
communication: suspend flaky bootstrap cronjobs
2025-12-31 17:28:44 -03:00
suspend: true
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
concurrencyPolicy: Forbid
jobTemplate:
spec:
communication: make suspended cronjobs fail-fast
2025-12-31 17:33:20 -03:00
backoffLimit: 0
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
template:
spec:
communication: make suspended cronjobs fail-fast
2025-12-31 17:33:20 -03:00
restartPolicy: Never
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
containers:
- name: seed
image: python:3.11-slim
env:
- name: SYNAPSE_BASE
value: http://othrys-synapse-matrix-synapse:8008
comms: fix auth env indentation
2026-01-08 04:05:03 -03:00
- name: AUTH_BASE
comms: add mas bot users and revert synapse auth
2026-01-08 05:12:14 -03:00
value: http://matrix-authentication-service:8080
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
- name: SEEDER_USER
value: othrys-seeder
- name: SEEDER_PASS
valueFrom:
secretKeyRef:
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
name: atlasbot-credentials-runtime
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
key: seeder-password
- name: BOT_USER
comms: reset othrys without synapse admin
2026-01-01 16:36:55 -03:00
value: atlasbot
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
- name: BOT_PASS
valueFrom:
secretKeyRef:
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
name: atlasbot-credentials-runtime
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
key: bot-password
command:
- /bin/sh
- -c
- |
set -euo pipefail
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
pip install --no-cache-dir requests pyyaml >/dev/null
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
python - <<'PY'
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
import os, requests, urllib.parse
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
BASE = os.environ["SYNAPSE_BASE"]
communication: use MAS for internal password logins
2026-01-01 12:57:00 -03:00
AUTH_BASE = os.environ.get("AUTH_BASE", BASE)
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
def login(user, password):
communication: use MAS for internal password logins
2026-01-01 12:57:00 -03:00
r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": user},
"password": password,
})
if r.status_code != 200:
raise SystemExit(f"login failed: {r.status_code} {r.text}")
return r.json()["access_token"]
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
def ensure_user(token, localpart, password, admin):
headers = {"Authorization": f"Bearer {token}"}
user_id = f"@{localpart}:live.bstein.dev"
url = f"{BASE}/_synapse/admin/v2/users/{urllib.parse.quote(user_id)}"
res = requests.get(url, headers=headers)
if res.status_code == 200:
return
payload = {"password": password, "admin": admin, "deactivated": False}
create = requests.put(url, headers=headers, json=payload)
if create.status_code not in (200, 201):
raise SystemExit(f"create user {user_id} failed: {create.status_code} {create.text}")
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
def ensure_room(token):
headers = {"Authorization": f"Bearer {token}"}
alias = "#othrys:live.bstein.dev"
alias_enc = "%23othrys%3Alive.bstein.dev"
exists = requests.get(f"{BASE}/_matrix/client/v3/directory/room/{alias_enc}", headers=headers)
if exists.status_code == 200:
room_id = exists.json()["room_id"]
else:
create = requests.post(f"{BASE}/_matrix/client/v3/createRoom", headers=headers, json={
"preset": "public_chat",
"name": "Othrys",
"room_alias_name": "othrys",
"initial_state": [],
"power_level_content_override": {"events_default": 0, "users_default": 0, "state_default": 50},
})
if create.status_code not in (200, 409):
raise SystemExit(f"create room failed: {create.status_code} {create.text}")
exists = requests.get(f"{BASE}/_matrix/client/v3/directory/room/{alias_enc}", headers=headers)
room_id = exists.json()["room_id"]
state_events = [
("m.room.join_rules", {"join_rule": "public"}),
("m.room.guest_access", {"guest_access": "can_join"}),
("m.room.history_visibility", {"history_visibility": "shared"}),
("m.room.canonical_alias", {"alias": alias}),
]
for ev_type, content in state_events:
requests.put(f"{BASE}/_matrix/client/v3/rooms/{room_id}/state/{ev_type}", headers=headers, json=content)
requests.put(f"{BASE}/_matrix/client/v3/directory/list/room/{room_id}", headers=headers, json={"visibility": "public"})
return room_id
def join_user(token, room_id, user_id):
headers = {"Authorization": f"Bearer {token}"}
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
requests.post(f"{BASE}/_synapse/admin/v1/join/{urllib.parse.quote(room_id)}", headers=headers, json={"user_id": user_id})
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
def join_all_locals(token, room_id):
headers = {"Authorization": f"Bearer {token}"}
users = []
from_token = None
while True:
url = f"{BASE}/_synapse/admin/v2/users?local=true&deactivated=false&limit=100"
if from_token:
url += f"&from={from_token}"
res = requests.get(url, headers=headers).json()
users.extend([u["name"] for u in res.get("users", [])])
from_token = res.get("next_token")
if not from_token:
break
for uid in users:
join_user(token, room_id, uid)
token = login(os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"], admin=True)
ensure_user(token, os.environ["BOT_USER"], os.environ["BOT_PASS"], admin=False)
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
room_id = ensure_room(token)
join_user(token, room_id, f"@{os.environ['BOT_USER']}:live.bstein.dev")
join_all_locals(token, room_id)
PY
volumeMounts:
- name: synapse-config
mountPath: /config
readOnly: true
volumes:
- name: synapse-config
secret:
secretName: othrys-synapse-matrix-synapse
Reference in New Issue Copy Permalink