# services/comms/synapse-user-seed-job.yaml apiVersion: batch/v1 kind: Job metadata: name: synapse-user-seed-2 namespace: comms spec: backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: spec: restartPolicy: Never serviceAccountName: comms-vault containers: - name: seed image: python:3.11-slim env: - name: PGHOST value: postgres-service.postgres.svc.cluster.local - name: PGPORT value: "5432" - name: PGDATABASE value: synapse - name: PGUSER value: synapse - name: SEEDER_USER value: othrys-seeder - name: BOT_USER value: atlasbot command: - /bin/sh - -c - | set -euo pipefail . /vault/scripts/comms_vault_env.sh pip install --no-cache-dir psycopg2-binary bcrypt >/dev/null python - <<'PY' import os import time import bcrypt import psycopg2 def get_cols(cur): cur.execute( """ SELECT column_name, is_nullable, column_default, data_type FROM information_schema.columns WHERE table_schema = 'public' AND table_name = 'users' """ ) cols = {} for name, is_nullable, default, data_type in cur.fetchall(): cols[name] = { "nullable": is_nullable == "YES", "default": default, "type": data_type, } return cols def upsert_user(cur, cols, user_id, password, admin): now_ms = int(time.time() * 1000) values = { "name": user_id, "password_hash": bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode(), "creation_ts": now_ms, } def add_flag(name, flag): if name not in cols: return if cols[name]["type"] in ("smallint", "integer"): values[name] = int(flag) else: values[name] = bool(flag) add_flag("admin", admin) add_flag("deactivated", False) add_flag("shadow_banned", False) add_flag("is_guest", False) columns = list(values.keys()) placeholders = ", ".join(["%s"] * len(columns)) updates = ", ".join([f"{col}=EXCLUDED.{col}" for col in columns if col != "name"]) query = f"INSERT INTO users ({', '.join(columns)}) VALUES ({placeholders}) ON CONFLICT (name) DO UPDATE SET {updates};" cur.execute(query, [values[c] for c in columns]) seeder_user = os.environ["SEEDER_USER"] bot_user = os.environ["BOT_USER"] server = "live.bstein.dev" seeder_id = f"@{seeder_user}:{server}" bot_id = f"@{bot_user}:{server}" conn = psycopg2.connect( host=os.environ["PGHOST"], port=int(os.environ["PGPORT"]), dbname=os.environ["PGDATABASE"], user=os.environ["PGUSER"], password=os.environ["PGPASSWORD"], ) try: with conn: with conn.cursor() as cur: cols = get_cols(cur) upsert_user(cur, cols, seeder_id, os.environ["SEEDER_PASS"], True) upsert_user(cur, cols, bot_id, os.environ["BOT_PASS"], False) finally: conn.close() PY volumeMounts: - name: vault-secrets mountPath: /vault/secrets readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true volumes: - name: vault-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: comms-vault - name: vault-scripts configMap: name: comms-vault-env defaultMode: 0555