bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

communication: fix Synapse delegated auth

Browse Source
This commit is contained in:
Brad Stein 2025-12-31 16:05:32 -03:00
parent 20df5cfb6e
commit 07ae28e1b1
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
services/communication/synapse-rendered.yaml
View File

@ -321,6 +321,7 @@ data:
## Signing Keys ## ## Signing Keys ##
signing_key_path: "/synapse/keys/signing.key" signing_key_path: "/synapse/keys/signing.key"
macaroon_secret_key: "@@MACAROON_SECRET_KEY@@"
# The trusted servers to download signing keys from. # The trusted servers to download signing keys from.
trusted_key_servers: trusted_key_servers:
@ -342,7 +343,7 @@ data:
msc4222_enabled: true msc4222_enabled: true
max_event_delay_duration: 24h max_event_delay_duration: 24h
password_config: password_config:
enabled: true enabled: false
turn_uris: turn_uris:
- "turn:turn.live.bstein.dev:3478?transport=udp" - "turn:turn.live.bstein.dev:3478?transport=udp"
- "turn:turn.live.bstein.dev:3478?transport=tcp" - "turn:turn.live.bstein.dev:3478?transport=tcp"
@ -371,6 +372,9 @@ data:
well_known_client: well_known_client:
"m.homeserver": "m.homeserver":
"base_url": "https://matrix.live.bstein.dev" "base_url": "https://matrix.live.bstein.dev"
"org.matrix.msc2965.authentication":
"issuer": "https://matrix.live.bstein.dev/"
"account": "https://matrix.live.bstein.dev/account/"
"org.matrix.msc4143.rtc_foci": "org.matrix.msc4143.rtc_foci":
- type: "livekit" - type: "livekit"
livekit_service_url: "https://kit.live.bstein.dev/livekit/jwt" livekit_service_url: "https://kit.live.bstein.dev/livekit/jwt"
@ -717,6 +721,7 @@ spec:
export OIDC_CLIENT_SECRET_ESCAPED=$(echo "${OIDC_CLIENT_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \ export OIDC_CLIENT_SECRET_ESCAPED=$(echo "${OIDC_CLIENT_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \
export TURN_SECRET_ESCAPED=$(echo "${TURN_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \ export TURN_SECRET_ESCAPED=$(echo "${TURN_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \
export MAS_SHARED_SECRET_ESCAPED=$(echo "${MAS_SHARED_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \ export MAS_SHARED_SECRET_ESCAPED=$(echo "${MAS_SHARED_SECRET:-}" | sed 's/[\\/&]/\\&/g') && \
export MACAROON_SECRET_KEY_ESCAPED=$(echo "${MACAROON_SECRET_KEY:-}" | sed 's/[\\/&]/\\&/g') && \
cat /synapse/secrets/*.yaml | \ cat /synapse/secrets/*.yaml | \
sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \
-e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \
@ -731,6 +736,9 @@ spec:
fi; \ fi; \
if [ -n "${MAS_SHARED_SECRET_ESCAPED}" ]; then \ if [ -n "${MAS_SHARED_SECRET_ESCAPED}" ]; then \
sed -i "s/@@MAS_SHARED_SECRET@@/${MAS_SHARED_SECRET_ESCAPED}/g" /synapse/runtime-config/homeserver.yaml; \ sed -i "s/@@MAS_SHARED_SECRET@@/${MAS_SHARED_SECRET_ESCAPED}/g" /synapse/runtime-config/homeserver.yaml; \
fi; \
if [ -n "${MACAROON_SECRET_KEY_ESCAPED}" ]; then \
sed -i "s/@@MACAROON_SECRET_KEY@@/${MACAROON_SECRET_KEY_ESCAPED}/g" /synapse/runtime-config/homeserver.yaml; \
fi fi
exec python -B -m synapse.app.homeserver \ exec python -B -m synapse.app.homeserver \
-c /synapse/runtime-config/homeserver.yaml \ -c /synapse/runtime-config/homeserver.yaml \
@ -761,6 +769,11 @@ spec:
secretKeyRef: secretKeyRef:
name: mas-secrets-runtime name: mas-secrets-runtime
key: matrix_shared_secret key: matrix_shared_secret
- name: MACAROON_SECRET_KEY
valueFrom:
secretKeyRef:
name: synapse-macaroon
key: macaroon_secret_key
image: "ghcr.io/element-hq/synapse:v1.144.0" image: "ghcr.io/element-hq/synapse:v1.144.0"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext: