136 lines
6.4 KiB
YAML
136 lines
6.4 KiB
YAML
|
# services/communication/seed-othrys-room.yaml
|
||
|
|
apiVersion: batch/v1
|
||
|
|
kind: CronJob
|
||
|
|
metadata:
|
||
|
|
name: seed-othrys-room
|
||
|
|
namespace: communication
|
||
|
|
spec:
|
||
|
|
schedule: "*/10 * * * *"
|
||
|
|
concurrencyPolicy: Forbid
|
||
|
|
jobTemplate:
|
||
|
|
spec:
|
||
|
|
template:
|
||
|
|
spec:
|
||
|
|
restartPolicy: OnFailure
|
||
|
|
containers:
|
||
|
|
- name: seed
|
||
|
|
image: python:3.11-slim
|
||
|
|
env:
|
||
|
|
- name: SYNAPSE_BASE
|
||
|
|
value: http://othrys-synapse-matrix-synapse:8008
|
||
|
|
- name: REG_SECRET
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: othrys-synapse-matrix-synapse
|
||
|
|
key: config.yaml
|
||
|
|
- name: SEEDER_USER
|
||
|
|
value: othrys-seeder
|
||
|
|
- name: SEEDER_PASS
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: atlasbot-credentials
|
||
|
|
key: seeder-password
|
||
|
|
- name: BOT_USER
|
||
|
|
value: atlasbot
|
||
|
|
- name: BOT_PASS
|
||
|
|
valueFrom:
|
||
|
|
secretKeyRef:
|
||
|
|
name: atlasbot-credentials
|
||
|
|
key: bot-password
|
||
|
|
command:
|
||
|
|
- /bin/sh
|
||
|
|
- -c
|
||
|
|
- |
|
||
|
|
set -euo pipefail
|
||
|
|
pip install --no-cache-dir requests pyyaml matrix-synapse >/dev/null
|
||
|
|
python - <<'PY'
|
||
|
|
import os, subprocess, requests, yaml
|
||
|
|
|
||
|
|
BASE = os.environ["SYNAPSE_BASE"]
|
||
|
|
CONFIG = "/config/config.yaml"
|
||
|
|
|
||
|
|
def register(user, password, admin=False):
|
||
|
|
args = ["register_new_matrix_user", "-c", CONFIG, "-u", user, "-p", password]
|
||
|
|
if admin:
|
||
|
|
args.append("-a")
|
||
|
|
args.append(BASE)
|
||
|
|
res = subprocess.run(args, capture_output=True, text=True)
|
||
|
|
if res.returncode not in (0, 1): # 1 = already exists
|
||
|
|
raise SystemExit(f"register {user} failed: {res.returncode} {res.stderr}")
|
||
|
|
|
||
|
|
def login(user, password):
|
||
|
|
r = requests.post(f"{BASE}/_matrix/client/v3/login", json={
|
||
|
|
"type": "m.login.password",
|
||
|
|
"identifier": {"type": "m.id.user", "user": user},
|
||
|
|
"password": password,
|
||
|
|
})
|
||
|
|
if r.status_code != 200:
|
||
|
|
raise SystemExit(f"login failed: {r.status_code} {r.text}")
|
||
|
|
return r.json()["access_token"]
|
||
|
|
|
||
|
|
def ensure_room(token):
|
||
|
|
headers = {"Authorization": f"Bearer {token}"}
|
||
|
|
alias = "#othrys:live.bstein.dev"
|
||
|
|
alias_enc = "%23othrys%3Alive.bstein.dev"
|
||
|
|
exists = requests.get(f"{BASE}/_matrix/client/v3/directory/room/{alias_enc}", headers=headers)
|
||
|
|
if exists.status_code == 200:
|
||
|
|
room_id = exists.json()["room_id"]
|
||
|
|
else:
|
||
|
|
create = requests.post(f"{BASE}/_matrix/client/v3/createRoom", headers=headers, json={
|
||
|
|
"preset": "public_chat",
|
||
|
|
"name": "Othrys",
|
||
|
|
"room_alias_name": "othrys",
|
||
|
|
"initial_state": [],
|
||
|
|
"power_level_content_override": {"events_default": 0, "users_default": 0, "state_default": 50},
|
||
|
|
})
|
||
|
|
if create.status_code not in (200, 409):
|
||
|
|
raise SystemExit(f"create room failed: {create.status_code} {create.text}")
|
||
|
|
exists = requests.get(f"{BASE}/_matrix/client/v3/directory/room/{alias_enc}", headers=headers)
|
||
|
|
room_id = exists.json()["room_id"]
|
||
|
|
state_events = [
|
||
|
|
("m.room.join_rules", {"join_rule": "public"}),
|
||
|
|
("m.room.guest_access", {"guest_access": "can_join"}),
|
||
|
|
("m.room.history_visibility", {"history_visibility": "shared"}),
|
||
|
|
("m.room.canonical_alias", {"alias": alias}),
|
||
|
|
]
|
||
|
|
for ev_type, content in state_events:
|
||
|
|
requests.put(f"{BASE}/_matrix/client/v3/rooms/{room_id}/state/{ev_type}", headers=headers, json=content)
|
||
|
|
requests.put(f"{BASE}/_matrix/client/v3/directory/list/room/{room_id}", headers=headers, json={"visibility": "public"})
|
||
|
|
return room_id
|
||
|
|
|
||
|
|
def join_user(token, room_id, user_id):
|
||
|
|
headers = {"Authorization": f"Bearer {token}"}
|
||
|
|
requests.post(f"{BASE}/_synapse/admin/v1/join/{room_id}", headers=headers, json={"user_id": user_id})
|
||
|
|
|
||
|
|
def join_all_locals(token, room_id):
|
||
|
|
headers = {"Authorization": f"Bearer {token}"}
|
||
|
|
users = []
|
||
|
|
from_token = None
|
||
|
|
while True:
|
||
|
|
url = f"{BASE}/_synapse/admin/v2/users?local=true&deactivated=false&limit=100"
|
||
|
|
if from_token:
|
||
|
|
url += f"&from={from_token}"
|
||
|
|
res = requests.get(url, headers=headers).json()
|
||
|
|
users.extend([u["name"] for u in res.get("users", [])])
|
||
|
|
from_token = res.get("next_token")
|
||
|
|
if not from_token:
|
||
|
|
break
|
||
|
|
for uid in users:
|
||
|
|
join_user(token, room_id, uid)
|
||
|
|
|
||
|
|
register(os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"], admin=True)
|
||
|
|
register(os.environ["BOT_USER"], os.environ["BOT_PASS"], admin=False)
|
||
|
|
token = login(os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])
|
||
|
|
room_id = ensure_room(token)
|
||
|
|
join_user(token, room_id, f"@{os.environ['BOT_USER']}:live.bstein.dev")
|
||
|
|
join_all_locals(token, room_id)
|
||
|
|
PY
|
||
|
|
volumeMounts:
|
||
|
|
- name: synapse-config
|
||
|
|
mountPath: /config
|
||
|
|
readOnly: true
|
||
|
|
volumes:
|
||
|
|
- name: synapse-config
|
||
|
|
secret:
|
||
|
|
secretName: othrys-synapse-matrix-synapse
|