Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-01-31 21:12:02 +00:00
parent a9dabc3b8a
commit 997b9f0870
20 changed files with 4037 additions and 0 deletions

View File

@ -0,0 +1,99 @@
# Changelog<br>
<a name="synapse-1.0.0"></a>
### [synapse-1.0.0](https://github.com/truecharts/apps/compare/synapse-0.0.14...synapse-1.0.0) (2022-01-31)
#### Feat
* move synapse to stable
<a name="synapse-0.0.14"></a>
### [synapse-0.0.14](https://github.com/truecharts/apps/compare/synapse-0.0.13...synapse-0.0.14) (2022-01-31)
#### Fix
* use opencors headerset
<a name="synapse-0.0.13"></a>
### [synapse-0.0.13](https://github.com/truecharts/apps/compare/synapse-0.0.12...synapse-0.0.13) (2022-01-31)
<a name="synapse-0.0.12"></a>
### [synapse-0.0.12](https://github.com/truecharts/apps/compare/synapse-0.0.11...synapse-0.0.12) (2022-01-31)
#### Fix
* secret tweaking
<a name="synapse-0.0.11"></a>
### [synapse-0.0.11](https://github.com/truecharts/apps/compare/synapse-0.0.10...synapse-0.0.11) (2022-01-31)
<a name="synapse-0.0.10"></a>
### [synapse-0.0.10](https://github.com/truecharts/apps/compare/synapse-0.0.9...synapse-0.0.10) (2022-01-31)
#### Fix
* fix mistake in variable definition
<a name="synapse-0.0.9"></a>
### [synapse-0.0.9](https://github.com/truecharts/apps/compare/synapse-0.0.8...synapse-0.0.9) (2022-01-31)
<a name="synapse-0.0.8"></a>
### [synapse-0.0.8](https://github.com/truecharts/apps/compare/synapse-0.0.7...synapse-0.0.8) (2022-01-31)
#### Fix
* fix federation service
<a name="synapse-0.0.7"></a>
### [synapse-0.0.7](https://github.com/truecharts/apps/compare/synapse-0.0.5...synapse-0.0.7) (2022-01-31)
#### Fix
* Try another way of defining the macaroon secret
<a name="synapse-0.0.5"></a>
### [synapse-0.0.5](https://github.com/truecharts/apps/compare/synapse-0.0.4...synapse-0.0.5) (2022-01-31)
#### Fix
* fix custom config and don't decode stringData
<a name="synapse-0.0.4"></a>
### [synapse-0.0.4](https://github.com/truecharts/apps/compare/synapse-0.0.3...synapse-0.0.4) (2022-01-31)
#### Fix
* update questions.yaml to beter reflect values.yaml
<a name="synapse-0.0.3"></a>
### [synapse-0.0.3](https://github.com/truecharts/apps/compare/synapse-0.0.2...synapse-0.0.3) (2022-01-25)
#### Chore
* update helm general non-major helm releases ([#1791](https://github.com/truecharts/apps/issues/1791))

View File

@ -0,0 +1,8 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@ -0,0 +1,9 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.14.2
- name: postgresql
repository: https://truecharts.org/
version: 6.0.58
digest: sha256:a28ed48da9797a2e9d6e9a194aa6f65b07fc1cc0169d5ffdb0ba7c44c94806b1
generated: "2022-01-31T21:08:16.776099224Z"

View File

@ -0,0 +1,32 @@
apiVersion: v2
appVersion: "1.50.2"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.14.2
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 6.0.58
deprecated: false
description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes
home: https://github.com/truecharts/apps/charts/stable/synapse
icon: https://truecharts.org/_static/img/appicons/synapse-icon.png
keywords:
- chat
- matrix
- synapse
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: synapse
sources: []
type: application
version: 1.0.0
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,34 @@
# Introduction
A Helm chart to deploy a Matrix homeserver stack into Kubernetes
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org/ | postgresql | 6.0.58 |
| https://truecharts.org | common | 8.14.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

View File

@ -0,0 +1,3 @@
A Helm chart to deploy a Matrix homeserver stack into Kubernetes
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,5 @@
matrix:
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
hostname: "matrix.example.com"

View File

@ -0,0 +1,5 @@
matrix:
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
hostname: "matrix.example.com"

View File

@ -0,0 +1,129 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| command[0] | string | `"sh"` | |
| command[1] | string | `"-c"` | |
| command[2] | string | `"exec python -B -m synapse.app.homeserver \\\n -c /data/homeserver.yaml \\\n -c /data/secret/secret.yaml \\\n -c /data/custom.yaml\n"` | |
| coturn.enabled | bool | `false` | |
| env | object | `{}` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"matrixdotorg/synapse"` | |
| image.tag | string | `"v1.50.2"` | |
| installContainers.generate-signing-key.args[0] | string | `"-m"` | |
| installContainers.generate-signing-key.args[10] | string | `"--generate-keys"` | |
| installContainers.generate-signing-key.args[1] | string | `"synapse.app.homeserver"` | |
| installContainers.generate-signing-key.args[2] | string | `"--config-path"` | |
| installContainers.generate-signing-key.args[3] | string | `"/data/homeserver.yaml"` | |
| installContainers.generate-signing-key.args[4] | string | `"--config-path"` | |
| installContainers.generate-signing-key.args[5] | string | `"/data/secret/secret.yaml"` | |
| installContainers.generate-signing-key.args[6] | string | `"--config-path"` | |
| installContainers.generate-signing-key.args[7] | string | `"/data/custom.yaml"` | |
| installContainers.generate-signing-key.args[8] | string | `"--keys-directory"` | |
| installContainers.generate-signing-key.args[9] | string | `"/data/keys"` | |
| installContainers.generate-signing-key.command[0] | string | `"python"` | |
| installContainers.generate-signing-key.env[0].name | string | `"SYNAPSE_SERVER_NAME"` | |
| installContainers.generate-signing-key.env[0].value | string | `"{{ .Values.matrix.serverName }}"` | |
| installContainers.generate-signing-key.env[1].name | string | `"SYNAPSE_REPORT_STATS"` | |
| installContainers.generate-signing-key.env[1].value | string | `"no"` | |
| installContainers.generate-signing-key.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
| installContainers.generate-signing-key.volumeMounts[0].mountPath | string | `"/data"` | |
| installContainers.generate-signing-key.volumeMounts[0].name | string | `"config"` | |
| installContainers.generate-signing-key.volumeMounts[1].mountPath | string | `"/data/secret"` | |
| installContainers.generate-signing-key.volumeMounts[1].name | string | `"secret"` | |
| installContainers.generate-signing-key.volumeMounts[2].mountPath | string | `"/data/keys"` | |
| installContainers.generate-signing-key.volumeMounts[2].name | string | `"key"` | |
| mail.enabled | bool | `false` | |
| mail.from | string | `"Matrix <matrix@example.com>"` | |
| mail.host | string | `""` | |
| mail.password | string | `""` | |
| mail.port | int | `25` | |
| mail.requireTransportSecurity | bool | `true` | |
| mail.riotUrl | string | `""` | |
| mail.username | string | `""` | |
| matrix.adminEmail | string | `"admin@example.com"` | |
| matrix.blockNonAdminInvites | bool | `false` | |
| matrix.disabled | bool | `false` | |
| matrix.disabledMessage | string | `""` | |
| matrix.encryptByDefault | string | `"invite"` | |
| matrix.federation.allowPublicRooms | bool | `true` | |
| matrix.federation.blacklist[0] | string | `"127.0.0.0/8"` | |
| matrix.federation.blacklist[1] | string | `"10.0.0.0/8"` | |
| matrix.federation.blacklist[2] | string | `"172.16.0.0/12"` | |
| matrix.federation.blacklist[3] | string | `"192.168.0.0/16"` | |
| matrix.federation.blacklist[4] | string | `"100.64.0.0/10"` | |
| matrix.federation.blacklist[5] | string | `"169.254.0.0/16"` | |
| matrix.federation.blacklist[6] | string | `"::1/128"` | |
| matrix.federation.blacklist[7] | string | `"fe80::/64"` | |
| matrix.federation.blacklist[8] | string | `"fc00::/7"` | |
| matrix.federation.enabled | bool | `true` | |
| matrix.logging.rootLogLevel | string | `"WARNING"` | |
| matrix.logging.sqlLogLevel | string | `"WARNING"` | |
| matrix.logging.synapseLogLevel | string | `"WARNING"` | |
| matrix.presence | bool | `true` | |
| matrix.registration.allowGuests | bool | `false` | |
| matrix.registration.autoJoinRooms | list | `[]` | |
| matrix.registration.enabled | bool | `false` | |
| matrix.retentionPeriod | string | `"7d"` | |
| matrix.search | bool | `true` | |
| matrix.security.surpressKeyServerWarning | bool | `true` | |
| matrix.serverName | string | `"example.com"` | |
| matrix.uploads.maxPixels | string | `"32M"` | |
| matrix.uploads.maxSize | string | `"10M"` | |
| matrix.urlPreviews.enabled | bool | `false` | |
| persistence.config.enabled | bool | `true` | |
| persistence.config.mountPath | string | `"/data"` | |
| persistence.config.objectName | string | `"synapse-config"` | |
| persistence.config.readOnly | bool | `false` | |
| persistence.config.type | string | `"configMap"` | |
| persistence.key.enabled | bool | `true` | |
| persistence.key.mountPath | string | `"/data/keys"` | |
| persistence.media.enabled | bool | `true` | |
| persistence.media.mountPath | string | `"/data/media_store"` | |
| persistence.secret.enabled | bool | `true` | |
| persistence.secret.mountPath | string | `"/data/secret"` | |
| persistence.secret.objectName | string | `"synapse-secret"` | |
| persistence.secret.readOnly | bool | `false` | |
| persistence.secret.type | string | `"secret"` | |
| persistence.uploads.enabled | bool | `true` | |
| persistence.uploads.mountPath | string | `"/uploads"` | |
| postgresql.enabled | bool | `true` | |
| postgresql.env.POSTGRES_INITDB_ARGS | string | `"--encoding=UTF8 --locale=C"` | |
| postgresql.existingSecret | string | `"dbcreds"` | |
| postgresql.postgresqlDatabase | string | `"synapse"` | |
| postgresql.postgresqlUsername | string | `"synapse"` | |
| probes.liveness.path | string | `"/health"` | |
| probes.readiness.path | string | `"/health"` | |
| probes.startup.path | string | `"/health"` | |
| secret | object | `{}` | |
| securityContext.allowPrivilegeEscalation | bool | `true` | |
| service.federation.enabled | bool | `true` | |
| service.federation.ports.federation.enabled | bool | `true` | |
| service.federation.ports.federation.port | int | `8448` | |
| service.federation.ports.federation.targetPort | int | `8008` | |
| service.main.ports.main.port | int | `8008` | |
| service.main.ports.main.targetPort | int | `8008` | |
| service.metrics.enabled | bool | `true` | |
| service.metrics.ports.metrics.enabled | bool | `true` | |
| service.metrics.ports.metrics.port | int | `9093` | |
| service.metrics.ports.metrics.targetPort | int | `9090` | |
| service.replication.enabled | bool | `true` | |
| service.replication.ports.replication.enabled | bool | `true` | |
| service.replication.ports.replication.port | int | `9092` | |
| service.replication.ports.replication.targetPort | int | `9092` | |
| synapse.appConfig | list | `[]` | List of application config .yaml files to be loaded from /appConfig |
| synapse.loadCustomConfig | bool | `false` | |
| synapse.metrics.annotations | bool | `true` | |
| synapse.metrics.enabled | bool | `true` | |
| synapse.metrics.port | int | `9092` | |
All Rights Reserved - The TrueCharts Project

View File

@ -0,0 +1,317 @@
image:
repository: matrixdotorg/synapse
pullPolicy: IfNotPresent
tag: v1.50.2
command:
- sh
- -c
- |
exec python -B -m synapse.app.homeserver \
-c /data/homeserver.yaml \
-c /data/secret/secret.yaml \
-c /data/custom.yaml
service:
main:
ports:
main:
port: 8008
targetPort: 8008
federation:
enabled: true
ports:
federation:
enabled: true
port: 8448
targetPort: 8008
replication:
enabled: true
ports:
replication:
enabled: true
port: 9092
targetPort: 9092
metrics:
enabled: true
ports:
metrics:
enabled: true
port: 9093
targetPort: 9090
securityContext:
allowPrivilegeEscalation: true
secret: {}
installContainers:
generate-signing-key:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
- name: SYNAPSE_SERVER_NAME
value: "{{ .Values.matrix.serverName }}"
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--config-path"
- "/data/secret/secret.yaml"
- "--config-path"
- "/data/custom.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: config
mountPath: /data
- name: secret
mountPath: /data/secret
- name: key
mountPath: /data/keys
env: {}
persistence:
config:
enabled: true
type: configMap
objectName: synapse-config
mountPath: /data
readOnly: false
secret:
enabled: true
type: secret
objectName: synapse-secret
mountPath: /data/secret
readOnly: false
key:
enabled: true
mountPath: "/data/keys"
media:
enabled: true
mountPath: "/data/media_store"
uploads:
enabled: true
mountPath: "/uploads"
probes:
liveness:
path: /health
readiness:
path: /health
startup:
path: /health
# Synapse Kubernetes resource settings
synapse:
loadCustomConfig: false
# -- List of application config .yaml files to be loaded from /appConfig
appConfig: []
# Prometheus metrics for Synapse
# https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
metrics:
# Whether Synapse should capture metrics on an additional endpoint
enabled: true
# Port to listen on for metrics scraping
port: 9092
annotations: true
# Runtime configuration for Synapse and settings related to the Matrix protocol
matrix:
# Manual overrides for homeserver.yaml, the main configuration file for Synapse
# If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents.
# If homeserverExtra is set, the contents will be appended to the end of the default configuration.
# It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense
# of the requirements and default configuration options to use other services in this chart.
# homeserverOverride: {}
# homeserverExtra: {}
# Domain name of the server
# This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains
# from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the
# domain name at the end of every user's username
serverName: "example.com"
urlPreviews:
enabled: false
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
# hostname: "matrix.example.com"
# Set to false to disable presence (online/offline indicators)
presence: true
# Set to true to block non-admins from inviting users to any rooms
blockNonAdminInvites: false
# Set to false to disable message searching
search: true
# Which types of rooms to enable end-to-end encryption on by default
# off: none
# invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset
# all: all rooms
encryptByDefault: invite
# Email address of the administrator
adminEmail: "admin@example.com"
# Settings related to image and multimedia uploads
uploads:
# Max upload size in bytes
maxSize: 10M
# Max image size in pixels
maxPixels: 32M
# Settings related to federation
federation:
# Set to false to disable federation and run an isolated homeserver
enabled: true
# Set to false to disallow members of other homeservers from fetching *public* rooms
allowPublicRooms: true
# Whitelist of domains to federate with (comment for all domains except blacklisted)
# whitelist: []
# IP addresses to blacklist federation requests to
blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
# User registration settings
registration:
# Allow new users to register an account
enabled: false
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
# sharedSecret: <PRIVATE STRING>
# Allow users to join rooms as a guest
allowGuests: false
# Required "3PIDs" - third-party identifiers such as email or msisdn (SMS)
# required3Pids:
# - email
# - msisdn
# Rooms to automatically join all new users to
autoJoinRooms: []
# - "#welcome:example.com"
# How long to keep redacted events in unredacted form in the database
retentionPeriod: 7d
security:
# This disables the warning that is emitted when the
# trustedKeyServers include 'matrix.org'. See below.
# Set to false to re-enable the warning.
#
surpressKeyServerWarning: true
# The trusted servers to download signing keys from.
#
# When we need to fetch a signing key, each server is tried in parallel.
#
# Normally, the connection to the key server is validated via TLS certificates.
# Additional security can be provided by configuring a `verify key`, which
# will make synapse check that the response is signed by that key.
#
# This setting supercedes an older setting named `perspectives`. The old format
# is still supported for backwards-compatibility, but it is deprecated.
#
# 'trustedKeyServers' defaults to matrix.org, but using it will generate a
# warning on start-up. To suppress this warning, set
# 'surpressKeyServerWarning' to true.
#
# Options for each entry in the list include:
#
# serverName: the name of the server. required.
#
# verifyKeys: an optional map from key id to base64-encoded public key.
# If specified, we will check that the response is signed by at least
# one of the given keys.
#
# acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset,
# and federation_verify_certificates is not `true`, synapse will refuse
# to start, because this would allow anyone who can spoof DNS responses
# to masquerade as the trusted key server. If you know what you are doing
# and are sure that your network environment provides a secure connection
# to the key server, you can set this to `true` to override this
# behaviour.
#
# An example configuration might look like:
#
# trustedKeyServers:
# - serverName: my_trusted_server.example.com
# verifyKeys:
# - id: "ed25519:auto"
# key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
# acceptKeysInsecurely: false
# - serverName: my_other_trusted_server.example.com
# Set to true to globally block access to the homeserver
disabled: false
# Human readable reason for why the homeserver is blocked
disabledMessage: ""
logging:
# Root log level is the default log level for log outputs that do not have more
# specific settings.
rootLogLevel: WARNING
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
sqlLogLevel: WARNING
# The log level for the synapse server
synapseLogLevel: WARNING
# Settings for email notifications
mail:
# Set to false to disable all email notifications
# NOTE: If enabled, either enable the Exim relay or configure an external mail server below
enabled: false
# Name and email address for outgoing mail
from: "Matrix <matrix@example.com>"
# Optional: Element instance URL.
# If the ingress is enabled, this is unnecessary.
# If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io
riotUrl: ""
host: ""
port: 25 # SSL: 465, STARTTLS: 587
username: ""
password: ""
requireTransportSecurity: true
coturn:
enabled: false
# Enabled postgres
postgresql:
env:
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C"
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: synapse
postgresqlDatabase: synapse

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,25 @@
---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
| No Misconfigurations found |
|:---------------------------------|
## Containers
##### Detected Containers
##### Scan Results

View File

@ -0,0 +1,153 @@
{{/* Define the configs */}}
{{- define "synapse.config" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: synapse-config
labels:
{{ include "common.labels" . | nindent 4 }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
homeserver.yaml: |
server_name: {{ .Values.matrix.serverName }}
pid_file: /data/homeserver.pid
public_baseurl: {{ include "matrix.baseUrl" . | quote }}
use_presence: {{ .Values.matrix.presence }}
allow_public_rooms_over_federation: {{ and .Values.matrix.federation.enabled .Values.matrix.federation.allowPublicRooms }}
block_non_admin_invites: {{ .Values.matrix.blockNonAdminInvites }}
enable_search: {{ .Values.matrix.search }}
{{- if .Values.matrix.federation.whitelist }}
federation_domain_whitelist:
{{- range .Values.matrix.federation.whitelist }}
- {{ . }}
{{- end }}
{{- end}}
federation_ip_range_blacklist:
{{- range .Values.matrix.federation.blacklist }}
- {{ . }}
{{- end }}
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['0.0.0.0']
resources:
- names: [client, federation]
compress: false
{{- if .Values.synapse.metrics.enabled }}
- type: metrics
port: {{ .Values.synapse.metrics.port }}
bind_addresses: ['0.0.0.0']
resources:
- names: [metrics]
{{- end }}
admin_contact: 'mailto:{{ .Values.matrix.adminEmail }}'
hs_disabled: {{ .Values.matrix.disabled }}
hs_disabled_message: {{ .Values.matrix.disabledMessage }}
redaction_retention_period: {{ .Values.matrix.retentionPeriod }}
log_config: "/data/{{ .Values.matrix.serverName }}.log.config"
media_store_path: "/data/media_store"
uploads_path: "/data/uploads"
max_upload_size: {{ .Values.matrix.uploads.maxSize }}
max_image_pixels: {{ .Values.matrix.uploads.maxPixels }}
url_preview_enabled: {{ .Values.matrix.urlPreviews.enabled }}
{{- if .Values.coturn.enabled -}}
{{- if not (empty .Values.coturn.uris) }}
turn_uris:
{{- range .Values.coturn.uris }}
- {{ . }}
{{- end }}
{{- else }}
turn_uris:
- "turn:{{ include "matrix.hostname" . }}?transport=udp"
{{- end }}
turn_user_lifetime: 1h
turn_allow_guests: {{ .Values.coturn.allowGuests }}
{{- end }}
enable_registration: {{ .Values.matrix.registration.enabled }}
allow_guest_access: {{ .Values.matrix.registration.allowGuests }}
{{- if .Values.synapse.metrics.enabled }}
enable_metrics: true
{{- end }}
report_stats: false
{{- if .Values.synapse.appConfig }}
app_service_config_files:
{{- range .Values.synapse.appConfig }}
- {{ . }}
{{- end }}
{{- end }}
signing_key_path: "/data/keys/{{ .Values.matrix.serverName }}.signing.key"
{{- if .Values.matrix.security.trustedKeyServers }}
trusted_key_servers:
{{- range .Values.matrix.security.trustedKeyServers }}
- server_name: {{ .serverName }}
{{- if .verifyKeys }}
verify_keys:
{{- range .verifyKeys }}
{{ .id | quote }}: {{ .key | quote }}
{{- end }}
{{- end }}
{{- if .acceptKeysInsecurely }}
accept_keys_insecurely: {{ .acceptKeysInsecurely }}
{{- end }}
{{- end }}
{{- end }}
suppress_key_server_warning: {{ .Values.matrix.security.supressKeyServerWarning }}
{{- if not .Values.loadCustomConfig }}
custom.yaml: |
# PLACEHOLDER
{{- end }}
{{ .Values.matrix.serverName }}.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: {{ .Values.matrix.logging.synapseLogLevel }}
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: {{ .Values.matrix.logging.sqlLogLevel }}
root:
level: {{ .Values.matrix.logging.rootLogLevel }}
handlers: [console]
{{- end }}

View File

@ -0,0 +1,20 @@
Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition
*/}}
{{- define "matrix.hostname" -}}
{{- if .Values.matrix.hostname }}
{{- .Values.matrix.hostname -}}
{{- else }}
{{- .Values.ingress.hosts.synapse -}}
{{- end }}
{{- end }}
{{/*
Synapse hostname prepended with https:// to form a complete URL
*/}}
{{- define "matrix.baseUrl" -}}
{{- if .Values.matrix.hostname }}
{{- printf "https://%s" .Values.matrix.hostname -}}
{{- else }}
{{- printf "https://%s" .Values.ingress.hosts.synapse -}}
{{- end }}
{{- end }}

View File

@ -0,0 +1,63 @@
{{/* Define the configs */}}
{{- define "synapse.secret" -}}
{{- $previous := lookup "v1" "Secret" .Release.Namespace "synapse-secret-macaroon" }}
{{- $msk := randAlphaNum 50 }}
{{- if $previous }}
{{- $msk = ( index $previous.data "key" ) | b64dec }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: synapse-secret-macaroon
labels:
{{ include "common.labels" . | nindent 4 }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
key: {{ $msk | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: synapse-secret
labels:
{{ include "common.labels" . | nindent 4 }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
stringData:
secret.yaml: |
{{- if .Values.mail.enabled }}
email:
enable_notifs: {{ .Values.mail.enabled }}
notif_from: {{ .Values.mail.from }}
smtp_host: {{ .Values.mail.external.host }}
smtp_port: {{ .Values.mail.external.port }}
smtp_user: {{ .Values.mail.external.username }}
smtp_pass: {{ .Values.mail.external.password }}
require_transport_security: {{ .Values.mail.external.requireTransportSecurity }}
{{- end }}
database:
name: "psycopg2"
args:
user: "{{ .Values.postgresql.postgresqlUsername }}"
password: {{ .Values.postgresql.postgresqlPassword }}
database: "{{ .Values.postgresql.postgresqlDatabase }}"
host: "{{ printf "%v-%v" .Release.Name "postgresql" }}"
port: "5432"
cp_min: 5
cp_max: 10
sslmode: "disable"
{{- if .Values.matrix.registration.sharedSecret }}
registration_shared_secret: {{ .Values.matrix.registration.sharedSecret }}
{{- end }}
macaroon_secret_key: {{ $msk }}
{{- if .Values.coturn.enabled -}}
turn_shared_secret: {{ include "matrix.coturn.sharedSecret" . }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,14 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render configmap for synapse */}}
{{- include "synapse.config" . }}
{{/* Render secret for synapse */}}
{{- include "synapse.secret" . }}
{{- $newMiddlewares := list "tc-opencors-headers" }}
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

View File

4
stable/synapse/item.yaml Normal file
View File

@ -0,0 +1,4 @@
icon_url: https://truecharts.org/_static/img/appicons/synapse-icon.png
categories:
- cloud