From 70fbe48e4222cf9242bab58732f0767542ff0582 Mon Sep 17 00:00:00 2001 From: keyan Date: Fri, 12 Apr 2024 19:14:36 -0500 Subject: [PATCH] sndev matrix chat --- chat-web/Dockerfile | 5 + chat-web/config.json | 41 +++++ copilot/chat-web/manifest.yml | 53 ++++++ copilot/chat/manifest.yml | 52 ++++++ .../environments/addons/addons.parameters.yml | 3 + copilot/environments/addons/chat.yml | 154 ++++++++++++++++++ copilot/environments/capture/manifest.yml | 2 +- copilot/environments/sndev/manifest.yml | 21 +++ copilot/exec/manifest.yml | 55 +++++++ copilot/synapse-generate/manifest.yml | 53 ++++++ 10 files changed, 438 insertions(+), 1 deletion(-) create mode 100644 chat-web/Dockerfile create mode 100644 chat-web/config.json create mode 100644 copilot/chat-web/manifest.yml create mode 100644 copilot/chat/manifest.yml create mode 100644 copilot/environments/addons/addons.parameters.yml create mode 100644 copilot/environments/addons/chat.yml create mode 100644 copilot/environments/sndev/manifest.yml create mode 100644 copilot/exec/manifest.yml create mode 100644 copilot/synapse-generate/manifest.yml diff --git a/chat-web/Dockerfile b/chat-web/Dockerfile new file mode 100644 index 00000000..d95d5ae2 --- /dev/null +++ b/chat-web/Dockerfile @@ -0,0 +1,5 @@ +# use vectorim/element-web as base but copy config.json to /app/config.json + +FROM vectorim/element-web:latest + +COPY config.json /app/config.json \ No newline at end of file diff --git a/chat-web/config.json b/chat-web/config.json new file mode 100644 index 00000000..2d09476c --- /dev/null +++ b/chat-web/config.json @@ -0,0 +1,41 @@ +{ + "default_server_name": "https://sndev.team", + "default_server_config": { + "m.homeserver": { + "base_url": "https://sndev.team" + }, + "m.identity_server": { + "base_url": "https://sndev.team" + } + }, + "brand": "chat.sndev.team", + "permalink_prefix": "https://chat.sndev.team", + "show_labs_settings": false, + "mobile_guide_toast": false, + "default_country_code": "US", + "disable_3pid_login": true, + "disable_custom_urls": true, + "disable_guests": true, + "disable_login_language_selector": true, + "room_directory": { + "servers": ["sndev.team"] + }, + "enable_presence_by_hs_url": { + "https://matrix.org": false, + "https://matrix-client.matrix.org": false + }, + "terms_and_conditions_links": [ + { + "url": "https://element.io/privacy", + "text": "Privacy Policy" + }, + { + "url": "https://element.io/cookie-policy", + "text": "Cookie Policy" + } + ], + "privacy_policy_url": "https://element.io/cookie-policy", + "setting_defaults": { + "RustCrypto.staged_rollout_percent": 10 + } +} \ No newline at end of file diff --git a/copilot/chat-web/manifest.yml b/copilot/chat-web/manifest.yml new file mode 100644 index 00000000..63eded41 --- /dev/null +++ b/copilot/chat-web/manifest.yml @@ -0,0 +1,53 @@ +# The manifest for the "chat-web" service. +# Read the full specification for the "Load Balanced Web Service" type at: +# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ + +# Your service name will be used in naming your resources like log groups, ECS services, etc. +name: chat-web +type: Load Balanced Web Service + +# Distribute traffic to your service. +http: + # Requests to this path will be forwarded to your service. + # To match all requests you can use the "/" path. + path: 'chat-web' + # You can specify a custom health check path. The default is "/". + healthcheck: '/' + +# Configuration for your containers and service. +image: + build: ./chat-web/Dockerfile + # args: + # - USE_CUSTOM_SDKS: true + # - REACT_SDK_REPO: https://github.com/matrix-org/matrix-react-sdk.git + # - REACT_SDK_BRANCH: develop + # - JS_SDK_REPO: https://github.com/matrix-org/matrix-js-sdk.git + # - JS_SDK_BRANCH: develop + # Port exposed through your container to route traffic to it. + port: 80 + +cpu: 256 # Number of CPU units for the task. +memory: 512 # Amount of memory in MiB used by the task. +count: 1 # Number of tasks that should be running in your service. +exec: true # Enable running commands in your container. +platform: linux/x86_64 +network: + connect: true # Enable Service Connect for intra-environment traffic between services. + +# storage: + # readonly_fs: true # Limit to read-only access to mounted root filesystems. + +# Optional fields for more advanced use-cases. +# +#variables: # Pass environment variables as key value pairs. +# LOG_LEVEL: info + +#secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store. +# GITHUB_TOKEN: GITHUB_TOKEN # The key is the name of the environment variable, the value is the name of the SSM parameter. + +# You can override any of the values defined above by environment. +#environments: +# test: +# count: 2 # Number of tasks to run for the "test" environment. +# deployment: # The deployment strategy for the "test" environment. +# rolling: 'recreate' # Stops existing tasks before new ones are started for faster deployments. \ No newline at end of file diff --git a/copilot/chat/manifest.yml b/copilot/chat/manifest.yml new file mode 100644 index 00000000..9c27a263 --- /dev/null +++ b/copilot/chat/manifest.yml @@ -0,0 +1,52 @@ +# The manifest for the "chat" service. +# Read the full specification for the "Load Balanced Web Service" type at: +# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ + +# Your service name will be used in naming your resources like log groups, ECS services, etc. +name: chat +type: Load Balanced Web Service + +# Distribute traffic to your service. +http: + # Requests to this path will be forwarded to your service. + # To match all requests you can use the "/" path. + path: '/' + # You can specify a custom health check path. The default is "/". + healthcheck: '/health' + +# Configuration for your containers and service. +image: + location: matrixdotorg/synapse + # Port exposed through your container to route traffic to it. + port: 8008 + +cpu: 2048 # Number of CPU units for the task. +memory: 4096 # Amount of memory in MiB used by the task. +count: 1 # Number of tasks that should be running in your service. +exec: true # Enable running commands in your container. +network: + connect: true # Enable Service Connect for intra-environment traffic between services. + +storage: + volumes: + efs: + path: /var/lib/efs/ + read_only: false + efs: + id: fs-0b9130403869b3430 + auth: + iam: true + access_point_id: fsap-06cd2e16280eb6c27 + +# storage: + # readonly_fs: true # Limit to read-only access to mounted root filesystems. + +# Optional fields for more advanced use-cases. +# +variables: # Pass environment variables as key value pairs. + SYNAPSE_SERVER_NAME: sndev.team + SYNAPSE_REPORT_STATS: no + SYNAPSE_CONFIG_DIR: /var/lib/efs/matrix + SYNAPSE_DATA_DIR: /var/lib/efs/matrix + UID: 991 + GID: 991 \ No newline at end of file diff --git a/copilot/environments/addons/addons.parameters.yml b/copilot/environments/addons/addons.parameters.yml new file mode 100644 index 00000000..cde0469e --- /dev/null +++ b/copilot/environments/addons/addons.parameters.yml @@ -0,0 +1,3 @@ +Parameters: + VPCID: !Ref VPC + PrivateSubnets: !Join [ ',', [ !Ref PrivateSubnet1, !Ref PrivateSubnet2 ] ] \ No newline at end of file diff --git a/copilot/environments/addons/chat.yml b/copilot/environments/addons/chat.yml new file mode 100644 index 00000000..385dabe8 --- /dev/null +++ b/copilot/environments/addons/chat.yml @@ -0,0 +1,154 @@ +Parameters: + App: + Type: String + Description: Your application's name. + Env: + Type: String + Description: The name of the environment being deployed. + # Customize your Aurora Serverless cluster by setting the default value of the following parameters. + chatDBName: + Type: String + Description: The name of the initial database to be created in the Aurora Serverless v2 cluster. + Default: chat + # Cannot have special characters + # Naming constraints: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints + VPCID: + Type: String + Description: The ID of the VPC in which to create the Aurora Serverless v2 cluster. + Default: "" + PrivateSubnets: + Type: String + Description: The IDs of the private subnets in which to create the Aurora Serverless v2 cluster. + Default: "" + +Conditions: + IsSNDevEnv: !Equals [ !Ref Env, "sndev" ] + +Mappings: + chatEnvScalingConfigurationMap: + All: + "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128 + "DBMaxCapacity": 8 # AllowedValues: from 0.5 through 128 + +Resources: + chatDBSubnetGroup: + Type: 'AWS::RDS::DBSubnetGroup' + Properties: + DBSubnetGroupDescription: Group of private subnets for Aurora Serverless v2 cluster. + SubnetIds: + !Split [',', !Ref PrivateSubnets] + + chatWorkloadSecurityGroup: + Metadata: + 'aws:copilot:description': 'A security group for one or more workloads to access the Aurora Serverless v2 cluster chat' + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: 'The Security Group to access Aurora Serverless v2 cluster chat.' + VpcId: !Ref VPCID + Tags: + - Key: Name + Value: !Sub 'copilot-${App}-${Env}-Aurora' + + chatDBClusterSecurityGroup: + Metadata: + 'aws:copilot:description': 'A security group for your Aurora Serverless v2 cluster chat' + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: The Security Group for the Aurora Serverless v2 cluster. + VpcId: !Ref VPCID + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + SourceSecurityGroupId: { 'Fn::ImportValue': !Sub '${App}-${Env}-EnvironmentSecurityGroup' } + Description: 'Access to environment security group' + Tags: + - Key: Name + Value: !Sub 'copilot-${App}-${Env}-Aurora' + + chatDBClusterSecurityGroupIngressFromWorkload: + Type: AWS::EC2::SecurityGroupIngress + Properties: + Description: Ingress from one or more workloads in the environment. + GroupId: !Ref chatDBClusterSecurityGroup + IpProtocol: tcp + ToPort: 5432 + FromPort: 5432 + SourceSecurityGroupId: !Ref chatWorkloadSecurityGroup + + chatAuroraSecret: + Metadata: + 'aws:copilot:description': 'A Secrets Manager secret to store your DB credentials' + Type: AWS::SecretsManager::Secret + Properties: + Description: !Sub Aurora main user secret for ${AWS::StackName} + GenerateSecretString: + SecretStringTemplate: '{"username": "postgres"}' + GenerateStringKey: "password" + ExcludePunctuation: true + IncludeSpace: false + PasswordLength: 16 + chatDBClusterParameterGroup: + Metadata: + 'aws:copilot:description': 'A DB parameter group for engine configuration values' + Type: 'AWS::RDS::DBClusterParameterGroup' + Properties: + Description: !Ref 'AWS::StackName' + Family: 'aurora-postgresql16' + Parameters: + client_encoding: 'UTF8' + + chatDBCluster: + Metadata: + 'aws:copilot:description': 'The chat Aurora Serverless v2 database cluster' + Type: 'AWS::RDS::DBCluster' + Properties: + MasterUsername: + !Join [ "", [ '{{resolve:secretsmanager:', !Ref chatAuroraSecret, ":SecretString:username}}" ]] + MasterUserPassword: + !Join [ "", [ '{{resolve:secretsmanager:', !Ref chatAuroraSecret, ":SecretString:password}}" ]] + DatabaseName: !Ref chatDBName + Engine: 'aurora-postgresql' + EngineVersion: '16.1' + DBClusterParameterGroupName: !Ref chatDBClusterParameterGroup + DBSubnetGroupName: !Ref chatDBSubnetGroup + Port: 5432 + VpcSecurityGroupIds: + - !Ref chatDBClusterSecurityGroup + ServerlessV2ScalingConfiguration: + # Replace "All" below with "!Ref Env" to set different autoscaling limits per environment. + MinCapacity: !FindInMap [chatEnvScalingConfigurationMap, All, DBMinCapacity] + MaxCapacity: !FindInMap [chatEnvScalingConfigurationMap, All, DBMaxCapacity] + + chatDBWriterInstance: + Metadata: + 'aws:copilot:description': 'The chat Aurora Serverless v2 writer instance' + Type: 'AWS::RDS::DBInstance' + Properties: + DBClusterIdentifier: !Ref chatDBCluster + DBInstanceClass: db.serverless + Engine: 'aurora-postgresql' + PromotionTier: 1 + AvailabilityZone: !Select + - 0 + - !GetAZs + Ref: AWS::Region + + chatSecretAuroraClusterAttachment: + Type: AWS::SecretsManager::SecretTargetAttachment + Properties: + SecretId: !Ref chatAuroraSecret + TargetId: !Ref chatDBCluster + TargetType: AWS::RDS::DBCluster + +Outputs: + chatSecret: + Description: "The JSON secret that holds the database username and password. Fields are 'host', 'port', 'dbname', 'username', 'password', 'dbClusterIdentifier' and 'engine'" + Value: !Ref chatAuroraSecret + Export: + Name: !Sub ${App}-${Env}-chatAuroraSecret + chatSecurityGroup: + Description: "The security group to attach to the workload." + Value: !Ref chatWorkloadSecurityGroup + Export: + Name: !Sub ${App}-${Env}-chatSecurityGroup diff --git a/copilot/environments/capture/manifest.yml b/copilot/environments/capture/manifest.yml index 76109faa..32e1f6ed 100644 --- a/copilot/environments/capture/manifest.yml +++ b/copilot/environments/capture/manifest.yml @@ -18,4 +18,4 @@ type: Environment # Configure observability for your environment resources. observability: - container_insights: false + container_insights: true diff --git a/copilot/environments/sndev/manifest.yml b/copilot/environments/sndev/manifest.yml new file mode 100644 index 00000000..6fbf223c --- /dev/null +++ b/copilot/environments/sndev/manifest.yml @@ -0,0 +1,21 @@ +# The manifest for the "sndev" environment. +# Read the full specification for the "Environment" type at: +# https://aws.github.io/copilot-cli/docs/manifest/environment/ + +# Your environment name will be used in naming your resources like VPC, cluster, etc. +name: sndev +type: Environment + +# Import your own VPC and subnets or configure how they should be created. +# network: +# vpc: +# id: + +# Configure the load balancers in your environment, once created. +# http: +# public: +# private: + +# Configure observability for your environment resources. +observability: + container_insights: true diff --git a/copilot/exec/manifest.yml b/copilot/exec/manifest.yml new file mode 100644 index 00000000..bccf4528 --- /dev/null +++ b/copilot/exec/manifest.yml @@ -0,0 +1,55 @@ +# The manifest for the "exec" service. +# Read the full specification for the "Load Balanced Web Service" type at: +# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ + +# Your service name will be used in naming your resources like log groups, ECS services, etc. +name: exec +type: Load Balanced Web Service + +# Distribute traffic to your service. +http: + # Requests to this path will be forwarded to your service. + # To match all requests you can use the "/" path. + path: 'exec' + # You can specify a custom health check path. The default is "/". + # healthcheck: '/' + +# Configuration for your containers and service. +image: + location: amazon/amazon-ecs-sample + # Port exposed through your container to route traffic to it. + port: 80 + +storage: + volumes: + efs: + path: /var/lib/efs/ + read_only: false + efs: + uid: 991 + gid: 991 + +cpu: 256 # Number of CPU units for the task. +memory: 512 # Amount of memory in MiB used by the task. +count: 1 # Number of tasks that should be running in your service. +exec: true # Enable running commands in your container. +network: + connect: true # Enable Service Connect for intra-environment traffic between services. + +# storage: + # readonly_fs: true # Limit to read-only access to mounted root filesystems. + +# Optional fields for more advanced use-cases. +# +#variables: # Pass environment variables as key value pairs. +# LOG_LEVEL: info + +#secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store. +# GITHUB_TOKEN: GITHUB_TOKEN # The key is the name of the environment variable, the value is the name of the SSM parameter. + +# You can override any of the values defined above by environment. +#environments: +# test: +# count: 2 # Number of tasks to run for the "test" environment. +# deployment: # The deployment strategy for the "test" environment. +# rolling: 'recreate' # Stops existing tasks before new ones are started for faster deployments. \ No newline at end of file diff --git a/copilot/synapse-generate/manifest.yml b/copilot/synapse-generate/manifest.yml new file mode 100644 index 00000000..08748bc6 --- /dev/null +++ b/copilot/synapse-generate/manifest.yml @@ -0,0 +1,53 @@ +# The manifest for the "synapse-generate" job. +# Read the full specification for the "Scheduled Job" type at: +# https://aws.github.io/copilot-cli/docs/manifest/scheduled-job/ + +# Your job name will be used in naming your resources like log groups, ECS Tasks, etc. +name: synapse-generate +type: Scheduled Job + +# Trigger for your task. +on: + # The scheduled trigger for your job. You can specify a Unix cron schedule or keyword (@weekly) or a rate (@every 1h30m) + # AWS Schedule Expressions are also accepted: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html + schedule: "none" +#retries: 3 # Optional. The number of times to retry the job before failing. +#timeout: 1h30m # Optional. The timeout after which to stop the job if it's still running. You can use the units (h, m, s). + +# Configuration for your container and task. +image: + location: matrixdotorg/synapse:latest +command: generate + +cpu: 256 # Number of CPU units for the task. +memory: 512 # Amount of memory in MiB used by the task. + +storage: + volumes: + efs: + path: /var/lib/efs/ + read_only: false + efs: + id: fs-0b9130403869b3430 + auth: + iam: true + access_point_id: fsap-06cd2e16280eb6c27 + +# Optional fields for more advanced use-cases. +# +variables: # Pass environment variables as key value pairs. + SYNAPSE_SERVER_NAME: sndev.team + SYNAPSE_REPORT_STATS: no + SYNAPSE_CONFIG_DIR: /var/lib/efs/matrix + SYNAPSE_DATA_DIR: /var/lib/efs/matrix + UID: 991 + GID: 991 + + +#secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store. +# GITHUB_TOKEN: GITHUB_TOKEN # The key is the name of the environment variable, the value is the name of the SSM parameter. + +# You can override any of the values defined above by environment. +#environments: +# prod: +# cpu: 2048 # Larger CPU value for prod environment. \ No newline at end of file