Skip to content

Commit c94b43a

Browse files
ildocildoc
committed
tmp
1 parent cf0d8bc commit c94b43a

File tree

1 file changed

+61
-63
lines changed

1 file changed

+61
-63
lines changed

kubernetes/applications/matrix/deployment.yaml

Lines changed: 61 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -20,46 +20,86 @@ spec:
2020
spec:
2121
securityContext:
2222
fsGroup: 991
23+
2324
initContainers:
24-
- name: generate-keys
25+
# Init container unificato: templating config + generazione chiavi
26+
- name: prepare-synapse
2527
image: ghcr.io/element-hq/synapse:v1.123.0
2628
command:
2729
- /bin/sh
2830
- -c
2931
- |
30-
echo "=== Matrix Synapse Key Generation ==="
32+
set -e
33+
34+
echo "=== Matrix Synapse Preparation ==="
35+
36+
# Step 1: Template della configurazione
37+
echo "Step 1: Templating configuration files..."
38+
39+
# Sostituisci le variabili nel homeserver.yaml
40+
sed "s|\${POSTGRES_PASSWORD}|${POSTGRES_PASSWORD}|g" \
41+
/config-template/homeserver.yaml > /data/homeserver.yaml
42+
43+
sed "s|\${SYNAPSE_REDIS_PASSWORD}|${SYNAPSE_REDIS_PASSWORD}|g" \
44+
-i /data/homeserver.yaml
45+
46+
sed "s|\${REGISTRATION_SHARED_SECRET}|${REGISTRATION_SHARED_SECRET}|g" \
47+
-i /data/homeserver.yaml
48+
49+
sed "s|\${MACAROON_SECRET_KEY}|${MACAROON_SECRET_KEY}|g" \
50+
-i /data/homeserver.yaml
51+
52+
sed "s|\${FORM_SECRET}|${FORM_SECRET}|g" \
53+
-i /data/homeserver.yaml
54+
55+
# Copia log.config
56+
cp /config-template/log.config /data/log.config
57+
58+
echo "✓ Configuration templating complete"
59+
60+
# Debug: verifica la configurazione del database
61+
echo "Database configuration:"
62+
grep -A10 "database:" /data/homeserver.yaml | head -15
63+
64+
# Step 2: Generazione chiavi
65+
echo ""
66+
echo "Step 2: Checking signing keys..."
67+
3168
if [ -f /data/keys/signing.key ]; then
32-
echo "✓ Signing key exists"
33-
exit 0
69+
echo "✓ Signing key already exists"
70+
else
71+
echo "Generating signing key..."
72+
mkdir -p /data/keys
73+
python -m synapse.app.homeserver \
74+
--server-name=matrix.ildoc.it \
75+
--config-path=/data/homeserver.yaml \
76+
--generate-keys
77+
echo "✓ Signing key generated successfully"
3478
fi
3579
36-
echo "Generating signing key..."
37-
mkdir -p /data/keys
38-
python -m synapse.app.homeserver \
39-
--server-name=matrix.ildoc.it \
40-
--config-path=/data/homeserver.yaml \
41-
--generate-keys
42-
43-
echo "✓ Key generated successfully"
80+
echo ""
81+
echo "=== Preparation Complete ==="
4482
env:
4583
- name: SYNAPSE_SERVER_NAME
4684
value: "matrix.ildoc.it"
4785
- name: SYNAPSE_REPORT_STATS
4886
value: "no"
87+
88+
# Database password
4989
- name: POSTGRES_PASSWORD
5090
valueFrom:
5191
secretKeyRef:
5292
name: matrix-cross-secrets
5393
key: postgres-password
54-
- name: SYNAPSE_REDIS_HOST
55-
value: "matrix-redis.apps.svc.cluster.local"
56-
- name: SYNAPSE_REDIS_PORT
57-
value: "6379"
94+
95+
# Redis password
5896
- name: SYNAPSE_REDIS_PASSWORD
5997
valueFrom:
6098
secretKeyRef:
6199
name: matrix-redis-secret
62100
key: password
101+
102+
# Synapse secrets
63103
- name: REGISTRATION_SHARED_SECRET
64104
valueFrom:
65105
secretKeyRef:
@@ -78,12 +118,9 @@ spec:
78118
volumeMounts:
79119
- name: data
80120
mountPath: /data
81-
- name: config
82-
mountPath: /data/homeserver.yaml
83-
subPath: homeserver.yaml
84-
- name: config
85-
mountPath: /data/log.config
86-
subPath: log.config
121+
- name: config-template
122+
mountPath: /config-template
123+
readOnly: true
87124

88125
containers:
89126
- name: synapse
@@ -99,40 +136,6 @@ spec:
99136
value: "991"
100137
- name: TZ
101138
value: "Europe/Rome"
102-
# PostgreSQL configuration
103-
- name: POSTGRES_HOST
104-
value: "192.168.0.30"
105-
- name: POSTGRES_PORT
106-
value: "5432"
107-
- name: POSTGRES_DB
108-
value: "synapse"
109-
- name: POSTGRES_USER
110-
value: "synapse"
111-
- name: POSTGRES_PASSWORD
112-
valueFrom:
113-
secretKeyRef:
114-
name: matrix-cross-secrets
115-
key: postgres-password
116-
- name: SYNAPSE_REDIS_PASSWORD
117-
valueFrom:
118-
secretKeyRef:
119-
name: matrix-redis-secret
120-
key: password
121-
- name: REGISTRATION_SHARED_SECRET
122-
valueFrom:
123-
secretKeyRef:
124-
name: matrix-k8s-secrets
125-
key: registration-shared-secret
126-
- name: MACAROON_SECRET_KEY
127-
valueFrom:
128-
secretKeyRef:
129-
name: matrix-k8s-secrets
130-
key: macaroon-secret-key
131-
- name: FORM_SECRET
132-
valueFrom:
133-
secretKeyRef:
134-
name: matrix-k8s-secrets
135-
key: form-secret
136139
ports:
137140
- containerPort: 8008
138141
name: http
@@ -143,12 +146,6 @@ spec:
143146
volumeMounts:
144147
- name: data
145148
mountPath: /data
146-
- name: config
147-
mountPath: /data/homeserver.yaml
148-
subPath: homeserver.yaml
149-
- name: config
150-
mountPath: /data/log.config
151-
subPath: log.config
152149
resources:
153150
limits:
154151
cpu: 2000m
@@ -172,10 +169,11 @@ spec:
172169
periodSeconds: 10
173170
timeoutSeconds: 5
174171
failureThreshold: 3
172+
175173
volumes:
176174
- name: data
177175
persistentVolumeClaim:
178176
claimName: matrix-synapse
179-
- name: config
177+
- name: config-template
180178
configMap:
181179
name: matrix-config

0 commit comments

Comments
 (0)