Add LiveKit, coturn, and JWT service to Matrix module
Some checks failed
Test action / kaas (push) Failing after 1s
Some checks failed
Test action / kaas (push) Failing after 1s
- Integrate LiveKit SFU, coturn TURN server, and lk-jwt-service for Element Call support in the Matrix Synapse module - Add firewall rules for new services and ports - Add key generation systemd service for LiveKit JWT - Extend Synapse config with TURN URIs and experimental features - Update Caddy config for new endpoints and well-known support - Improve OIDC config with additional scopes and user mapping - Add Grafana secret_key to SOPS secrets and config - Refactor and modularize secret checking in justfile scripts
This commit is contained in:
Chris Kruining
parent
a2071e16a2
commit
d3a394dfd9
4 changed files with 234 additions and 27 deletions
|
|
@ -23,7 +23,7 @@ edit machine:
|
|||
|
||||
echo "Done"
|
||||
|
||||
[doc('Get var value by {key} of {machine}')]
|
||||
[doc('Get var by {key} from {machine}')]
|
||||
get machine key:
|
||||
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')"
|
||||
|
||||
|
|
@ -38,25 +38,52 @@ remove machine key:
|
|||
|
||||
[script]
|
||||
check:
|
||||
cd ..
|
||||
|
||||
for machine in $(ls {{ base_path }}); do
|
||||
[ -f "{{ base_path }}/$machine/secrets.yml" ] || continue
|
||||
[ -f "{{ base_path }}/$machine/default.nix" ] || continue
|
||||
|
||||
echo "Processing $machine"
|
||||
|
||||
mapfile -t missing < <(jq -nr \
|
||||
--rawfile defined <(nix eval --json --apply 'builtins.attrNames' ..#nixosConfigurations.$machine.config.sops.secrets 2>/dev/null) \
|
||||
--rawfile configured <(sops decrypt {{ base_path }}/$machine/secrets.yml | yq '.') \
|
||||
'
|
||||
$defined | fromjson as $def
|
||||
| $configured
|
||||
| fromjson
|
||||
| paths(scalars)
|
||||
| join("/")
|
||||
| select(. | IN($def[]) | not)
|
||||
')
|
||||
|
||||
if (( ${#missing[@]} > 0 )); then
|
||||
printf 'missing the following %d secret(s):\n%s\n\n' "${#missing[@]}" "$(printf -- '- %s\n' "${missing[@]}")"
|
||||
fi
|
||||
just vars _check "$machine"
|
||||
done
|
||||
|
||||
[no-exit-message]
|
||||
[script]
|
||||
_check machine:
|
||||
# If the default nix file is missing,
|
||||
# we can skip this folder as we are
|
||||
# missing the files used to compare
|
||||
# the defined vs the configured secrets
|
||||
if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then
|
||||
printf "\r• %-8sskipped\n" "{{ machine }}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
exec 3< <(jq -nr \
|
||||
--rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \
|
||||
--rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
|
||||
'
|
||||
[ $configured | fromjson | paths(scalars) | join("/") ] as $conf
|
||||
| $defined
|
||||
| fromjson
|
||||
| map(.key | select(. | IN($conf[]) | not))
|
||||
| unique
|
||||
| .[]
|
||||
')
|
||||
|
||||
pid=$! # Process Id of the previous running command
|
||||
spin='⠇⠋⠙⠸⢰⣠⣄⡆'
|
||||
|
||||
i=0
|
||||
while kill -0 $pid 2>/dev/null
|
||||
do
|
||||
i=$(( (i+1) %${#spin} ))
|
||||
printf "\r${spin:$i:1} %s" "{{ machine }}"
|
||||
sleep .1
|
||||
done
|
||||
|
||||
mapfile -t missing <&3
|
||||
|
||||
if (( ${#missing[@]} > 0 )); then
|
||||
printf '\r✗ %-8smissing %d secret(s):\n%s\n' "{{ machine }}" "${#missing[@]}" "$(printf -- ' %s\n' "${missing[@]}")"
|
||||
exit 1
|
||||
else
|
||||
printf "\r✓ %-8sup to date\n" "{{ machine }}"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue