search

small-hack / smol-k8s-lab

ā˜ļø CLI & TUI with a smol friendly vibe to get started with Kubernetes on metal, then bootstrap apps using Argo CD šŸ§ø Great for testing webapps and benchmarking.
https://small-hack.github.io/smol-k8s-lab/
GNU Affero General Public License v3.0
15 stars 1 forks source link

šŸ› Matrix `SMTP_PASS` from TUI does not get set in `matrix-smtp-credentials` #226

Open cloudymax opened 6 months ago

cloudymax commented 6 months ago

Describe the Bug

The SMTP_PASS for Matrix entered via the TUI does end up in the matrix-smtp-credentials

Input:

Screenshot 2024-05-19 at 14 46 12

Resulting Secret:

> kgs matrix-smtp-credentials
host: toots.com
password:
username: dogoninternet

Steps to Reproduce Bug

  1. run smol-k8s-lab
  2. enable external-secret-operator (with bitwarden)
  3. enable matrix
  4. enter the smtp password in the tui

User info (please complete the following information):

  matrix:
    description: |
      [link=https://matrix.org/]Matrix[/link] is an open protocol for decentralised, secure communications.
      This deploys a matrix synapse server, element (web frontend), and turn server (voice)

      smol-k8s-lab supports initialization by creating initial secrets for your:
        - matrix, element, and federation hostnames,
        - credentials for: postgresql, admin user, S3 storage, and SMTP

      smol-k8s-lab also sets up an OIDC application via Zitadel.

      To provide sensitive values via environment variables to smol-k8s-lab use:
        - MATRIX_SMTP_PASSWORD
        - MATRIX_BACKUP_S3_ACCESS_ID
        - MATRIX_BACKUP_S3_SECRET_KEY
        - MATRIX_RESTIC_REPO_PASSWORD
    enabled: true
    init:
      enabled: true
      restore:
        enabled: false
        cnpg_restore: true
        restic_snapshot_ids:
          seaweedfs_volume: latest
          seaweedfs_filer: latest
          seaweedfs_master: latest
          matrix_media: latest
          matrix_synapse_config: latest
          matrix_signing_key: latest
      values:
        smtp_user: dogoninternet
        smtp_host: toots.com
        smtp_password:
          value_from:
            env: MATRIX_SMTP_PASSWORD
    backups:
      # cronjob syntax schedule to run matrix pvc backups
      pvc_schedule: 0 0 * * *
      postgres_schedule: 0 45 23 * * *
      s3:
        # these are for pushing remote backups of your local s3 storage, for speed and cost optimization
        endpoint: s3.us-example-example.example.com
        bucket: example-matrix-backups
        region: us-west-004
        secret_access_key:
          value_from:
            env: MATRIX_S3_BACKUP_SECRET_KEY
        access_key_id:
          value_from:
            env: MATRIX_S3_BACKUP_ACCESS_ID
      restic_repo_password:
        value_from:
          env: MATRIX_RESTIC_REPO_PASSWORD
    argo:
      # secrets keys to make available to Argo CD ApplicationSets
      secret_keys:
        # hostname of the synapse matrix server
        hostname: matrix.example.online
        # the hostname of the element web interface
        element_hostname: element.example.online
        # hostname for federation, that others can see you on the fediverse
        federation_hostname: matrix-fed.example.online
        # email for of the admin user
        admin_email: example@example.net
        # enable signing key backups
        signing_key_pvc_enabled: 'true'
        # size of signing key pvc storage
        signing_key_storage: 1Mi
        signing_key_access_mode: ReadWriteOnce
        # enable persistent volume claim for matrix media storage
        media_pvc_enabled: 'true'
        # size of media pvc storage
        media_storage: 10Gi
        media_access_mode: ReadWriteOnce
        # enable persistent volume claim for matrix synapse config storage
        synapse_config_pvc_enabled: 'true'
        # size of synapse config pvc storage
        synapse_config_storage: 2Mi
        synapse_config_access_mode: ReadWriteOnce
        # choose S3 as the local primary object store from either: seaweedfs, or minio
        # SeaweedFS - deploy SeaweedFS filer/s3 gateway
        # MinIO     - deploy MinIO vanilla helm chart
        s3_provider: seaweedfs
        # local s3 provider bucket name
        s3_bucket: matrix
        # the endpoint you'd like to use for your minio or SeaweedFS instance
        s3_endpoint: matrix-s3.example.online
        # how large the backing pvc's capacity should be for minio or seaweedfs
        s3_pvc_capacity: 10Gi
        s3_region: eu-west-1
      # git repo to install the Argo CD app from
      repo: https://github.com/small-hack/argocd-apps
      # path in the argo repo to point to. Trailing slash very important!
      path: matrix/app_of_apps/
      # either the branch or tag to point at in the argo repo above
      revision: test-matrix-chart
      # kubernetes cluster to install the k8s app into, defaults to Argo CD default
      cluster: https://kubernetes.default.svc
      # namespace to install the k8s app in
      namespace: matrix
      # recurse directories in the git repo
      directory_recursion: false
      # source repos for Argo CD App Project (in addition to argo.repo)
      project:
        source_repos:
        - https://small-hack.github.io/cloudnative-pg-cluster-chart
        - https://small-hack.github.io/matrix-chart
        - https://github.com/small-hack/matrix-chart
        - https://operator.min.io/
        - https://seaweedfs.github.io/seaweedfs/helm
        destination:
          # automatically includes the app's namespace and argocd's namespace
          namespaces: []
        name: matrix

  # This app is installed with helm or manifests depending on what is recommended
  # for your k8s distro. Becomes managed by Argo CD if you enable it below

If it's related to the install of something on k8s:

Additional context, if any

Add any other context about the problem here.

jessebot commented 6 months ago

this is indeed broken, but I'm unsure why. Will look at this weekend šŸ’™

jessebot commented 5 months ago

I've been thinking about this, and since we do an OIDC-only setup for matrix, perhaps we just remove the SMTP feature entirely here? The SMTP feature is generally for account management, and since we use ZITADEL for that, the only other thing it could be used for is email notifications, and I feel like no one actually uses email for that anymore. If I'm wrong, feel free to correct me, but I think for the smol-k8s-lab use case, unless others disagree, using SMTP is more of a hassle than it creates benefits šŸ¤”

Open to other opinions, and the TUI not updating other sensitive values still needs to be fixed btw, just maybe not for matrix.