infra-cluster-config

.dockerignore

@@ -11,6 +11,7 @@
 !Cargo.lock
 !Cargo.toml
 !build_rust.py
+!modules
 
 rust/target
 synapse/*.so

infra/k8s/fluffy-httproute.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: fluffy-route
+spec:
+  parentRefs:
+    - name: gateway
+      sectionName: https-fluffy
+  hostnames:
+    - "fluffy.nexojornal.com.br"
+  rules:
+    - backendRefs:
+        - name: fluffy
+          namespace: default
+          port: 80

infra/k8s/fluffy-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fluffy
+spec:
+  type: NodePort
+  selector:
+    app: fluffy
+  ports:
+    - port: 80
+      targetPort: 80
+      nodePort: 30007

infra/k8s/fluffy.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fluffy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fluffy
+  template:
+    metadata:
+      labels:
+        app: fluffy
+    spec:
+      containers:
+        - name: fluffy
+          image: docker.buzzlabs.com.br/fluffy-grupos
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+      imagePullSecrets:
+        - name: global-regcred

infra/k8s/migration-job.yaml

@@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: synapse-migrations
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: migration
+          image: postgres:15
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              echo "Esperando banco subir..."
+              until pg_isready -h postgres -U synapse; do
+                sleep 2
+              done
+
+              echo "Rodando migrations..."
+
+              PGPASSWORD=senhaDoBD psql -h postgres -U userDoBD -d synapse <<EOF
+
+              CREATE TABLE IF NOT EXISTS public.bundles (
+                  bundle_id uuid PRIMARY KEY,
+                  bundle_name text NOT NULL,
+                  price int4 NOT NULL,
+                  created_at timestamp DEFAULT now(),
+                  updated_at timestamp DEFAULT now(),
+                  created_by text NOT NULL,
+                  status text DEFAULT 'draft' NOT NULL
+              );
+
+              CREATE TABLE IF NOT EXISTS public.bundle_rooms (
+                  bundle_id uuid NOT NULL,
+                  room_id text NOT NULL,
+                  PRIMARY KEY (bundle_id, room_id),
+                  FOREIGN KEY (bundle_id)
+                      REFERENCES public.bundles(bundle_id)
+                      ON DELETE CASCADE
+              );
+
+              CREATE TABLE IF NOT EXISTS public.room_business (
+                  room_id text PRIMARY KEY,
+                  room_kind text NOT NULL,
+                  access_type text NOT NULL,
+                  visible bool NOT NULL,
+                  price int4 DEFAULT 0,
+                  keyword text UNIQUE,
+                  created_at int8 NOT NULL
+              );
+
+              EOF
+
+              echo "Migrations finalizadas!"

infra/k8s/postgres-service.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  selector:
+    app: postgres
+  ports:
+    - port: 5432

infra/k8s/postgres.yaml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:15
+          env:
+            - name: POSTGRES_DB
+              value: synapse
+            - name: POSTGRES_USER
+              value: userDoBD
+            - name: POSTGRES_PASSWORD
+              value: senhaDoBD
+            - name: POSTGRES_INITDB_ARGS
+              value: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
+          ports:
+            - containerPort: 5432

infra/k8s/synapse-httproute.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: synapse-route
+spec:
+  parentRefs:
+    - name: gateway
+      sectionName: https-synapse
+  hostnames:
+    - "synapse.nexojornal.com.br"
+  rules:
+    - backendRefs:
+        - name: synapse
+          namespace: default
+          port: 3000

infra/k8s/synapse-pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: synapse-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

infra/k8s/synapse-reference-grant.yaml

@@ -0,0 +1,14 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: allow-synapse-service
+  namespace: default
+spec:
+  from:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: default
+  to:
+    - group: ""
+      kind: Service
+      name: synapse

infra/k8s/synapse-scripts.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: synapse-scripts
+data:
+  init-admin.sh: |
+    #!/bin/sh
+    set -e
+
+    TOKEN_FILE="/data/admin_token.txt"
+    HOMESERVER_URL="http://localhost:3000"
+
+    DB_HOST="postgres"
+    DB_USER="userDoDB"
+    DB_NAME="synapse"
+    DB_PASSWORD="senhaDoDB"
+
+    EMAIL="matheus.silva@buzzlabs.com.br"
+    PASSWORD='Xablau3521@!'
+
+    echo "Esperando Synapse subir..."
+    until curl -s "$HOMESERVER_URL/_matrix/client/versions" > /dev/null; do
+      sleep 2
+    done
+
+    echo "Fazendo login..."
+
+    RESPONSE=$(curl -s -X POST "$HOMESERVER_URL/_matrix/client/v3/login" \
+      -H "Content-Type: application/json" \
+      -d "{
+        \"type\": \"m.login.password\",
+        \"identifier\": {
+          \"type\": \"m.id.user\",
+          \"user\": \"$EMAIL\"
+        },
+        \"password\": \"$PASSWORD\"
+      }")
+
+    ACCESS_TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
+    USER_ID=$(echo "$RESPONSE" | jq -r '.user_id')
+
+    if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" = "null" ]; then
+      echo "Erro ao logar"
+      exit 1
+    fi
+
+    echo "Tornando admin..."
+
+    PGPASSWORD="$DB_PASSWORD" psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" -c \
+    "UPDATE users SET admin = 1 WHERE name = '$USER_ID';"
+
+    echo "$ACCESS_TOKEN" > "$TOKEN_FILE"
+
+    echo "Finalizado"
+    echo "Mantendo container vivo..."
+    tail -f /dev/null

infra/k8s/synapse-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: synapse
+spec:
+  type: NodePort
+  selector:
+    app: synapse
+  ports:
+    - port: 3000
+      targetPort: 3000
+      nodePort: 30008

infra/k8s/synapse.yaml

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: synapse
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: synapse
+  template:
+    metadata:
+      labels:
+        app: synapse
+    spec:
+      containers:
+
+        # 🧠 SYNAPSE
+        - name: synapse
+          image: docker.buzzlabs.com.br/synapse
+          imagePullPolicy: Always 
+          ports:
+            - containerPort: 3000
+          volumeMounts:
+            # 📁 volume persistente
+            - name: data
+              mountPath: /data
+
+            # 📜 arquivos do configmap (injeção dentro do /data)
+            - name: config
+              mountPath: /data/homeserver.yaml
+              subPath: homeserver.yaml
+
+            - name: config
+              mountPath: /data/localhost.log.config
+              subPath: localhost.log.config
+
+            - name: config
+              mountPath: /data/localhost.signing.key
+              subPath: localhost.signing.key
+
+        # 🔥 INIT ADMIN (SIDECAR)
+        - name: init-admin
+          image: docker.buzzlabs.com.br/synapse
+          imagePullPolicy: Always
+
+          command: ["/bin/sh", "/scripts/init-admin.sh"]
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+
+            - name: data
+              mountPath: /data
+
+      imagePullSecrets:
+        - name: global-regcred
+      volumes:
+        # 💾 persistência
+        - name: data
+          persistentVolumeClaim:
+            claimName: synapse-pvc
+
+        # 📜 script
+        - name: scripts
+          configMap:
+            name: synapse-scripts
+            defaultMode: 0755
+
+        # ⚙️ config do synapse
+        - name: config
+          configMap:
+            name: synapse-config

infra/synapse-docker/Dockerfile

@@ -0,0 +1,29 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y \
+    build-essential libffi-dev libssl-dev libjpeg-dev zlib1g-dev \
+    jq curl libpq-dev gcc postgresql-client \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN pip install --upgrade pip
+RUN pip install "prometheus_client<0.20"
+RUN pip install "matrix-synapse[all]"
+RUN pip install --upgrade "pyOpenSSL>=24.2.1" "cryptography>=43,<48"
+
+# código do synapse (com suas modificações locais)
+COPY synapse       /app/synapse
+COPY rust          /app/rust
+COPY modules       /app/modules
+COPY pyproject.toml Cargo.toml Cargo.lock build_rust.py README.rst /app/
+
+RUN pip install -e /app
+
+ENV PYTHONPATH=/app
+
+EXPOSE 3000
+CMD ["python", "-m", "synapse.app.homeserver", "--config-path", "/data/homeserver.yaml"]