Commit new App releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
a9dabc3b8a
commit
997b9f0870
|
@ -0,0 +1,99 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="synapse-1.0.0"></a>
|
||||
### [synapse-1.0.0](https://github.com/truecharts/apps/compare/synapse-0.0.14...synapse-1.0.0) (2022-01-31)
|
||||
|
||||
#### Feat
|
||||
|
||||
* move synapse to stable
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.14"></a>
|
||||
### [synapse-0.0.14](https://github.com/truecharts/apps/compare/synapse-0.0.13...synapse-0.0.14) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* use opencors headerset
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.13"></a>
|
||||
### [synapse-0.0.13](https://github.com/truecharts/apps/compare/synapse-0.0.12...synapse-0.0.13) (2022-01-31)
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.12"></a>
|
||||
### [synapse-0.0.12](https://github.com/truecharts/apps/compare/synapse-0.0.11...synapse-0.0.12) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* secret tweaking
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.11"></a>
|
||||
### [synapse-0.0.11](https://github.com/truecharts/apps/compare/synapse-0.0.10...synapse-0.0.11) (2022-01-31)
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.10"></a>
|
||||
### [synapse-0.0.10](https://github.com/truecharts/apps/compare/synapse-0.0.9...synapse-0.0.10) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* fix mistake in variable definition
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.9"></a>
|
||||
### [synapse-0.0.9](https://github.com/truecharts/apps/compare/synapse-0.0.8...synapse-0.0.9) (2022-01-31)
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.8"></a>
|
||||
### [synapse-0.0.8](https://github.com/truecharts/apps/compare/synapse-0.0.7...synapse-0.0.8) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* fix federation service
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.7"></a>
|
||||
### [synapse-0.0.7](https://github.com/truecharts/apps/compare/synapse-0.0.5...synapse-0.0.7) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Try another way of defining the macaroon secret
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.5"></a>
|
||||
### [synapse-0.0.5](https://github.com/truecharts/apps/compare/synapse-0.0.4...synapse-0.0.5) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* fix custom config and don't decode stringData
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.4"></a>
|
||||
### [synapse-0.0.4](https://github.com/truecharts/apps/compare/synapse-0.0.3...synapse-0.0.4) (2022-01-31)
|
||||
|
||||
#### Fix
|
||||
|
||||
* update questions.yaml to beter reflect values.yaml
|
||||
|
||||
|
||||
|
||||
<a name="synapse-0.0.3"></a>
|
||||
### [synapse-0.0.3](https://github.com/truecharts/apps/compare/synapse-0.0.2...synapse-0.0.3) (2022-01-25)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1791](https://github.com/truecharts/apps/issues/1791))
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -0,0 +1,9 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.14.2
|
||||
- name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 6.0.58
|
||||
digest: sha256:a28ed48da9797a2e9d6e9a194aa6f65b07fc1cc0169d5ffdb0ba7c44c94806b1
|
||||
generated: "2022-01-31T21:08:16.776099224Z"
|
|
@ -0,0 +1,32 @@
|
|||
apiVersion: v2
|
||||
appVersion: "1.50.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.14.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://truecharts.org/
|
||||
version: 6.0.58
|
||||
deprecated: false
|
||||
description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes
|
||||
home: https://github.com/truecharts/apps/charts/stable/synapse
|
||||
icon: https://truecharts.org/_static/img/appicons/synapse-icon.png
|
||||
keywords:
|
||||
- chat
|
||||
- matrix
|
||||
- synapse
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: synapse
|
||||
sources: []
|
||||
type: application
|
||||
version: 1.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- cloud
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,34 @@
|
|||
# Introduction
|
||||
|
||||
A Helm chart to deploy a Matrix homeserver stack into Kubernetes
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org/ | postgresql | 6.0.58 |
|
||||
| https://truecharts.org | common | 8.14.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -0,0 +1,3 @@
|
|||
A Helm chart to deploy a Matrix homeserver stack into Kubernetes
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
matrix:
|
||||
# Hostname where Synapse can be reached.
|
||||
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
|
||||
# Ingress will be used
|
||||
hostname: "matrix.example.com"
|
|
@ -0,0 +1,5 @@
|
|||
matrix:
|
||||
# Hostname where Synapse can be reached.
|
||||
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
|
||||
# Ingress will be used
|
||||
hostname: "matrix.example.com"
|
|
@ -0,0 +1,129 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| command[0] | string | `"sh"` | |
|
||||
| command[1] | string | `"-c"` | |
|
||||
| command[2] | string | `"exec python -B -m synapse.app.homeserver \\\n -c /data/homeserver.yaml \\\n -c /data/secret/secret.yaml \\\n -c /data/custom.yaml\n"` | |
|
||||
| coturn.enabled | bool | `false` | |
|
||||
| env | object | `{}` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"matrixdotorg/synapse"` | |
|
||||
| image.tag | string | `"v1.50.2"` | |
|
||||
| installContainers.generate-signing-key.args[0] | string | `"-m"` | |
|
||||
| installContainers.generate-signing-key.args[10] | string | `"--generate-keys"` | |
|
||||
| installContainers.generate-signing-key.args[1] | string | `"synapse.app.homeserver"` | |
|
||||
| installContainers.generate-signing-key.args[2] | string | `"--config-path"` | |
|
||||
| installContainers.generate-signing-key.args[3] | string | `"/data/homeserver.yaml"` | |
|
||||
| installContainers.generate-signing-key.args[4] | string | `"--config-path"` | |
|
||||
| installContainers.generate-signing-key.args[5] | string | `"/data/secret/secret.yaml"` | |
|
||||
| installContainers.generate-signing-key.args[6] | string | `"--config-path"` | |
|
||||
| installContainers.generate-signing-key.args[7] | string | `"/data/custom.yaml"` | |
|
||||
| installContainers.generate-signing-key.args[8] | string | `"--keys-directory"` | |
|
||||
| installContainers.generate-signing-key.args[9] | string | `"/data/keys"` | |
|
||||
| installContainers.generate-signing-key.command[0] | string | `"python"` | |
|
||||
| installContainers.generate-signing-key.env[0].name | string | `"SYNAPSE_SERVER_NAME"` | |
|
||||
| installContainers.generate-signing-key.env[0].value | string | `"{{ .Values.matrix.serverName }}"` | |
|
||||
| installContainers.generate-signing-key.env[1].name | string | `"SYNAPSE_REPORT_STATS"` | |
|
||||
| installContainers.generate-signing-key.env[1].value | string | `"no"` | |
|
||||
| installContainers.generate-signing-key.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[0].mountPath | string | `"/data"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[0].name | string | `"config"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[1].mountPath | string | `"/data/secret"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[1].name | string | `"secret"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[2].mountPath | string | `"/data/keys"` | |
|
||||
| installContainers.generate-signing-key.volumeMounts[2].name | string | `"key"` | |
|
||||
| mail.enabled | bool | `false` | |
|
||||
| mail.from | string | `"Matrix <matrix@example.com>"` | |
|
||||
| mail.host | string | `""` | |
|
||||
| mail.password | string | `""` | |
|
||||
| mail.port | int | `25` | |
|
||||
| mail.requireTransportSecurity | bool | `true` | |
|
||||
| mail.riotUrl | string | `""` | |
|
||||
| mail.username | string | `""` | |
|
||||
| matrix.adminEmail | string | `"admin@example.com"` | |
|
||||
| matrix.blockNonAdminInvites | bool | `false` | |
|
||||
| matrix.disabled | bool | `false` | |
|
||||
| matrix.disabledMessage | string | `""` | |
|
||||
| matrix.encryptByDefault | string | `"invite"` | |
|
||||
| matrix.federation.allowPublicRooms | bool | `true` | |
|
||||
| matrix.federation.blacklist[0] | string | `"127.0.0.0/8"` | |
|
||||
| matrix.federation.blacklist[1] | string | `"10.0.0.0/8"` | |
|
||||
| matrix.federation.blacklist[2] | string | `"172.16.0.0/12"` | |
|
||||
| matrix.federation.blacklist[3] | string | `"192.168.0.0/16"` | |
|
||||
| matrix.federation.blacklist[4] | string | `"100.64.0.0/10"` | |
|
||||
| matrix.federation.blacklist[5] | string | `"169.254.0.0/16"` | |
|
||||
| matrix.federation.blacklist[6] | string | `"::1/128"` | |
|
||||
| matrix.federation.blacklist[7] | string | `"fe80::/64"` | |
|
||||
| matrix.federation.blacklist[8] | string | `"fc00::/7"` | |
|
||||
| matrix.federation.enabled | bool | `true` | |
|
||||
| matrix.logging.rootLogLevel | string | `"WARNING"` | |
|
||||
| matrix.logging.sqlLogLevel | string | `"WARNING"` | |
|
||||
| matrix.logging.synapseLogLevel | string | `"WARNING"` | |
|
||||
| matrix.presence | bool | `true` | |
|
||||
| matrix.registration.allowGuests | bool | `false` | |
|
||||
| matrix.registration.autoJoinRooms | list | `[]` | |
|
||||
| matrix.registration.enabled | bool | `false` | |
|
||||
| matrix.retentionPeriod | string | `"7d"` | |
|
||||
| matrix.search | bool | `true` | |
|
||||
| matrix.security.surpressKeyServerWarning | bool | `true` | |
|
||||
| matrix.serverName | string | `"example.com"` | |
|
||||
| matrix.uploads.maxPixels | string | `"32M"` | |
|
||||
| matrix.uploads.maxSize | string | `"10M"` | |
|
||||
| matrix.urlPreviews.enabled | bool | `false` | |
|
||||
| persistence.config.enabled | bool | `true` | |
|
||||
| persistence.config.mountPath | string | `"/data"` | |
|
||||
| persistence.config.objectName | string | `"synapse-config"` | |
|
||||
| persistence.config.readOnly | bool | `false` | |
|
||||
| persistence.config.type | string | `"configMap"` | |
|
||||
| persistence.key.enabled | bool | `true` | |
|
||||
| persistence.key.mountPath | string | `"/data/keys"` | |
|
||||
| persistence.media.enabled | bool | `true` | |
|
||||
| persistence.media.mountPath | string | `"/data/media_store"` | |
|
||||
| persistence.secret.enabled | bool | `true` | |
|
||||
| persistence.secret.mountPath | string | `"/data/secret"` | |
|
||||
| persistence.secret.objectName | string | `"synapse-secret"` | |
|
||||
| persistence.secret.readOnly | bool | `false` | |
|
||||
| persistence.secret.type | string | `"secret"` | |
|
||||
| persistence.uploads.enabled | bool | `true` | |
|
||||
| persistence.uploads.mountPath | string | `"/uploads"` | |
|
||||
| postgresql.enabled | bool | `true` | |
|
||||
| postgresql.env.POSTGRES_INITDB_ARGS | string | `"--encoding=UTF8 --locale=C"` | |
|
||||
| postgresql.existingSecret | string | `"dbcreds"` | |
|
||||
| postgresql.postgresqlDatabase | string | `"synapse"` | |
|
||||
| postgresql.postgresqlUsername | string | `"synapse"` | |
|
||||
| probes.liveness.path | string | `"/health"` | |
|
||||
| probes.readiness.path | string | `"/health"` | |
|
||||
| probes.startup.path | string | `"/health"` | |
|
||||
| secret | object | `{}` | |
|
||||
| securityContext.allowPrivilegeEscalation | bool | `true` | |
|
||||
| service.federation.enabled | bool | `true` | |
|
||||
| service.federation.ports.federation.enabled | bool | `true` | |
|
||||
| service.federation.ports.federation.port | int | `8448` | |
|
||||
| service.federation.ports.federation.targetPort | int | `8008` | |
|
||||
| service.main.ports.main.port | int | `8008` | |
|
||||
| service.main.ports.main.targetPort | int | `8008` | |
|
||||
| service.metrics.enabled | bool | `true` | |
|
||||
| service.metrics.ports.metrics.enabled | bool | `true` | |
|
||||
| service.metrics.ports.metrics.port | int | `9093` | |
|
||||
| service.metrics.ports.metrics.targetPort | int | `9090` | |
|
||||
| service.replication.enabled | bool | `true` | |
|
||||
| service.replication.ports.replication.enabled | bool | `true` | |
|
||||
| service.replication.ports.replication.port | int | `9092` | |
|
||||
| service.replication.ports.replication.targetPort | int | `9092` | |
|
||||
| synapse.appConfig | list | `[]` | List of application config .yaml files to be loaded from /appConfig |
|
||||
| synapse.loadCustomConfig | bool | `false` | |
|
||||
| synapse.metrics.annotations | bool | `true` | |
|
||||
| synapse.metrics.enabled | bool | `true` | |
|
||||
| synapse.metrics.port | int | `9092` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -0,0 +1,317 @@
|
|||
image:
|
||||
repository: matrixdotorg/synapse
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.50.2
|
||||
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
exec python -B -m synapse.app.homeserver \
|
||||
-c /data/homeserver.yaml \
|
||||
-c /data/secret/secret.yaml \
|
||||
-c /data/custom.yaml
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 8008
|
||||
targetPort: 8008
|
||||
federation:
|
||||
enabled: true
|
||||
ports:
|
||||
federation:
|
||||
enabled: true
|
||||
port: 8448
|
||||
targetPort: 8008
|
||||
replication:
|
||||
enabled: true
|
||||
ports:
|
||||
replication:
|
||||
enabled: true
|
||||
port: 9092
|
||||
targetPort: 9092
|
||||
metrics:
|
||||
enabled: true
|
||||
ports:
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9093
|
||||
targetPort: 9090
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
|
||||
secret: {}
|
||||
|
||||
installContainers:
|
||||
generate-signing-key:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
env:
|
||||
- name: SYNAPSE_SERVER_NAME
|
||||
value: "{{ .Values.matrix.serverName }}"
|
||||
- name: SYNAPSE_REPORT_STATS
|
||||
value: "no"
|
||||
command: ["python"]
|
||||
args:
|
||||
- "-m"
|
||||
- "synapse.app.homeserver"
|
||||
- "--config-path"
|
||||
- "/data/homeserver.yaml"
|
||||
- "--config-path"
|
||||
- "/data/secret/secret.yaml"
|
||||
- "--config-path"
|
||||
- "/data/custom.yaml"
|
||||
- "--keys-directory"
|
||||
- "/data/keys"
|
||||
- "--generate-keys"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /data
|
||||
- name: secret
|
||||
mountPath: /data/secret
|
||||
- name: key
|
||||
mountPath: /data/keys
|
||||
|
||||
env: {}
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
objectName: synapse-config
|
||||
mountPath: /data
|
||||
readOnly: false
|
||||
secret:
|
||||
enabled: true
|
||||
type: secret
|
||||
objectName: synapse-secret
|
||||
mountPath: /data/secret
|
||||
readOnly: false
|
||||
key:
|
||||
enabled: true
|
||||
mountPath: "/data/keys"
|
||||
media:
|
||||
enabled: true
|
||||
mountPath: "/data/media_store"
|
||||
uploads:
|
||||
enabled: true
|
||||
mountPath: "/uploads"
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
path: /health
|
||||
|
||||
readiness:
|
||||
path: /health
|
||||
|
||||
startup:
|
||||
path: /health
|
||||
|
||||
# Synapse Kubernetes resource settings
|
||||
synapse:
|
||||
loadCustomConfig: false
|
||||
# -- List of application config .yaml files to be loaded from /appConfig
|
||||
appConfig: []
|
||||
# Prometheus metrics for Synapse
|
||||
# https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
|
||||
metrics:
|
||||
# Whether Synapse should capture metrics on an additional endpoint
|
||||
enabled: true
|
||||
# Port to listen on for metrics scraping
|
||||
port: 9092
|
||||
annotations: true
|
||||
|
||||
# Runtime configuration for Synapse and settings related to the Matrix protocol
|
||||
matrix:
|
||||
# Manual overrides for homeserver.yaml, the main configuration file for Synapse
|
||||
# If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents.
|
||||
# If homeserverExtra is set, the contents will be appended to the end of the default configuration.
|
||||
# It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense
|
||||
# of the requirements and default configuration options to use other services in this chart.
|
||||
# homeserverOverride: {}
|
||||
# homeserverExtra: {}
|
||||
|
||||
# Domain name of the server
|
||||
# This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains
|
||||
# from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the
|
||||
# domain name at the end of every user's username
|
||||
serverName: "example.com"
|
||||
|
||||
urlPreviews:
|
||||
enabled: false
|
||||
|
||||
# Hostname where Synapse can be reached.
|
||||
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
|
||||
# Ingress will be used
|
||||
# hostname: "matrix.example.com"
|
||||
|
||||
# Set to false to disable presence (online/offline indicators)
|
||||
presence: true
|
||||
|
||||
# Set to true to block non-admins from inviting users to any rooms
|
||||
blockNonAdminInvites: false
|
||||
|
||||
# Set to false to disable message searching
|
||||
search: true
|
||||
|
||||
# Which types of rooms to enable end-to-end encryption on by default
|
||||
# off: none
|
||||
# invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset
|
||||
# all: all rooms
|
||||
encryptByDefault: invite
|
||||
|
||||
# Email address of the administrator
|
||||
adminEmail: "admin@example.com"
|
||||
|
||||
# Settings related to image and multimedia uploads
|
||||
uploads:
|
||||
# Max upload size in bytes
|
||||
maxSize: 10M
|
||||
|
||||
# Max image size in pixels
|
||||
maxPixels: 32M
|
||||
|
||||
# Settings related to federation
|
||||
federation:
|
||||
# Set to false to disable federation and run an isolated homeserver
|
||||
enabled: true
|
||||
|
||||
# Set to false to disallow members of other homeservers from fetching *public* rooms
|
||||
allowPublicRooms: true
|
||||
|
||||
# Whitelist of domains to federate with (comment for all domains except blacklisted)
|
||||
# whitelist: []
|
||||
|
||||
# IP addresses to blacklist federation requests to
|
||||
blacklist:
|
||||
- '127.0.0.0/8'
|
||||
- '10.0.0.0/8'
|
||||
- '172.16.0.0/12'
|
||||
- '192.168.0.0/16'
|
||||
- '100.64.0.0/10'
|
||||
- '169.254.0.0/16'
|
||||
- '::1/128'
|
||||
- 'fe80::/64'
|
||||
- 'fc00::/7'
|
||||
|
||||
# User registration settings
|
||||
registration:
|
||||
# Allow new users to register an account
|
||||
enabled: false
|
||||
|
||||
# If set, allows registration of standard or admin accounts by anyone who
|
||||
# has the shared secret, even if registration is otherwise disabled.
|
||||
#
|
||||
# sharedSecret: <PRIVATE STRING>
|
||||
|
||||
# Allow users to join rooms as a guest
|
||||
allowGuests: false
|
||||
|
||||
# Required "3PIDs" - third-party identifiers such as email or msisdn (SMS)
|
||||
# required3Pids:
|
||||
# - email
|
||||
# - msisdn
|
||||
|
||||
# Rooms to automatically join all new users to
|
||||
autoJoinRooms: []
|
||||
# - "#welcome:example.com"
|
||||
|
||||
# How long to keep redacted events in unredacted form in the database
|
||||
retentionPeriod: 7d
|
||||
|
||||
security:
|
||||
|
||||
# This disables the warning that is emitted when the
|
||||
# trustedKeyServers include 'matrix.org'. See below.
|
||||
# Set to false to re-enable the warning.
|
||||
#
|
||||
surpressKeyServerWarning: true
|
||||
|
||||
# The trusted servers to download signing keys from.
|
||||
#
|
||||
# When we need to fetch a signing key, each server is tried in parallel.
|
||||
#
|
||||
# Normally, the connection to the key server is validated via TLS certificates.
|
||||
# Additional security can be provided by configuring a `verify key`, which
|
||||
# will make synapse check that the response is signed by that key.
|
||||
#
|
||||
# This setting supercedes an older setting named `perspectives`. The old format
|
||||
# is still supported for backwards-compatibility, but it is deprecated.
|
||||
#
|
||||
# 'trustedKeyServers' defaults to matrix.org, but using it will generate a
|
||||
# warning on start-up. To suppress this warning, set
|
||||
# 'surpressKeyServerWarning' to true.
|
||||
#
|
||||
# Options for each entry in the list include:
|
||||
#
|
||||
# serverName: the name of the server. required.
|
||||
#
|
||||
# verifyKeys: an optional map from key id to base64-encoded public key.
|
||||
# If specified, we will check that the response is signed by at least
|
||||
# one of the given keys.
|
||||
#
|
||||
# acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset,
|
||||
# and federation_verify_certificates is not `true`, synapse will refuse
|
||||
# to start, because this would allow anyone who can spoof DNS responses
|
||||
# to masquerade as the trusted key server. If you know what you are doing
|
||||
# and are sure that your network environment provides a secure connection
|
||||
# to the key server, you can set this to `true` to override this
|
||||
# behaviour.
|
||||
#
|
||||
# An example configuration might look like:
|
||||
#
|
||||
# trustedKeyServers:
|
||||
# - serverName: my_trusted_server.example.com
|
||||
# verifyKeys:
|
||||
# - id: "ed25519:auto"
|
||||
# key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
|
||||
# acceptKeysInsecurely: false
|
||||
# - serverName: my_other_trusted_server.example.com
|
||||
|
||||
# Set to true to globally block access to the homeserver
|
||||
disabled: false
|
||||
# Human readable reason for why the homeserver is blocked
|
||||
disabledMessage: ""
|
||||
|
||||
logging:
|
||||
# Root log level is the default log level for log outputs that do not have more
|
||||
# specific settings.
|
||||
rootLogLevel: WARNING
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
sqlLogLevel: WARNING
|
||||
# The log level for the synapse server
|
||||
synapseLogLevel: WARNING
|
||||
|
||||
|
||||
# Settings for email notifications
|
||||
mail:
|
||||
# Set to false to disable all email notifications
|
||||
# NOTE: If enabled, either enable the Exim relay or configure an external mail server below
|
||||
enabled: false
|
||||
# Name and email address for outgoing mail
|
||||
from: "Matrix <matrix@example.com>"
|
||||
# Optional: Element instance URL.
|
||||
# If the ingress is enabled, this is unnecessary.
|
||||
# If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io
|
||||
riotUrl: ""
|
||||
|
||||
host: ""
|
||||
port: 25 # SSL: 465, STARTTLS: 587
|
||||
username: ""
|
||||
password: ""
|
||||
requireTransportSecurity: true
|
||||
|
||||
coturn:
|
||||
enabled: false
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
env:
|
||||
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C"
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: synapse
|
||||
postgresqlDatabase: synapse
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
hide:
|
||||
- toc
|
||||
---
|
||||
|
||||
# Security Overview
|
||||
|
||||
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
||||
|
||||
| No Misconfigurations found |
|
||||
|:---------------------------------|
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
|
||||
##### Scan Results
|
||||
|
|
@ -0,0 +1,153 @@
|
|||
{{/* Define the configs */}}
|
||||
{{- define "synapse.config" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: synapse-config
|
||||
labels:
|
||||
{{ include "common.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
rollme: {{ randAlphaNum 5 | quote }}
|
||||
data:
|
||||
homeserver.yaml: |
|
||||
server_name: {{ .Values.matrix.serverName }}
|
||||
pid_file: /data/homeserver.pid
|
||||
public_baseurl: {{ include "matrix.baseUrl" . | quote }}
|
||||
use_presence: {{ .Values.matrix.presence }}
|
||||
|
||||
allow_public_rooms_over_federation: {{ and .Values.matrix.federation.enabled .Values.matrix.federation.allowPublicRooms }}
|
||||
|
||||
block_non_admin_invites: {{ .Values.matrix.blockNonAdminInvites }}
|
||||
|
||||
enable_search: {{ .Values.matrix.search }}
|
||||
|
||||
{{- if .Values.matrix.federation.whitelist }}
|
||||
federation_domain_whitelist:
|
||||
{{- range .Values.matrix.federation.whitelist }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
|
||||
federation_ip_range_blacklist:
|
||||
{{- range .Values.matrix.federation.blacklist }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
|
||||
listeners:
|
||||
- port: 8008
|
||||
tls: false
|
||||
type: http
|
||||
x_forwarded: true
|
||||
bind_addresses: ['0.0.0.0']
|
||||
resources:
|
||||
- names: [client, federation]
|
||||
compress: false
|
||||
|
||||
{{- if .Values.synapse.metrics.enabled }}
|
||||
- type: metrics
|
||||
port: {{ .Values.synapse.metrics.port }}
|
||||
bind_addresses: ['0.0.0.0']
|
||||
resources:
|
||||
- names: [metrics]
|
||||
{{- end }}
|
||||
|
||||
admin_contact: 'mailto:{{ .Values.matrix.adminEmail }}'
|
||||
hs_disabled: {{ .Values.matrix.disabled }}
|
||||
hs_disabled_message: {{ .Values.matrix.disabledMessage }}
|
||||
redaction_retention_period: {{ .Values.matrix.retentionPeriod }}
|
||||
|
||||
log_config: "/data/{{ .Values.matrix.serverName }}.log.config"
|
||||
media_store_path: "/data/media_store"
|
||||
uploads_path: "/data/uploads"
|
||||
max_upload_size: {{ .Values.matrix.uploads.maxSize }}
|
||||
max_image_pixels: {{ .Values.matrix.uploads.maxPixels }}
|
||||
url_preview_enabled: {{ .Values.matrix.urlPreviews.enabled }}
|
||||
|
||||
{{- if .Values.coturn.enabled -}}
|
||||
{{- if not (empty .Values.coturn.uris) }}
|
||||
turn_uris:
|
||||
{{- range .Values.coturn.uris }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
turn_uris:
|
||||
- "turn:{{ include "matrix.hostname" . }}?transport=udp"
|
||||
{{- end }}
|
||||
turn_user_lifetime: 1h
|
||||
turn_allow_guests: {{ .Values.coturn.allowGuests }}
|
||||
{{- end }}
|
||||
|
||||
enable_registration: {{ .Values.matrix.registration.enabled }}
|
||||
|
||||
allow_guest_access: {{ .Values.matrix.registration.allowGuests }}
|
||||
|
||||
{{- if .Values.synapse.metrics.enabled }}
|
||||
enable_metrics: true
|
||||
{{- end }}
|
||||
|
||||
report_stats: false
|
||||
|
||||
{{- if .Values.synapse.appConfig }}
|
||||
app_service_config_files:
|
||||
{{- range .Values.synapse.appConfig }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
signing_key_path: "/data/keys/{{ .Values.matrix.serverName }}.signing.key"
|
||||
|
||||
{{- if .Values.matrix.security.trustedKeyServers }}
|
||||
trusted_key_servers:
|
||||
{{- range .Values.matrix.security.trustedKeyServers }}
|
||||
- server_name: {{ .serverName }}
|
||||
{{- if .verifyKeys }}
|
||||
verify_keys:
|
||||
{{- range .verifyKeys }}
|
||||
{{ .id | quote }}: {{ .key | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .acceptKeysInsecurely }}
|
||||
accept_keys_insecurely: {{ .acceptKeysInsecurely }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
suppress_key_server_warning: {{ .Values.matrix.security.supressKeyServerWarning }}
|
||||
{{- if not .Values.loadCustomConfig }}
|
||||
custom.yaml: |
|
||||
# PLACEHOLDER
|
||||
{{- end }}
|
||||
|
||||
{{ .Values.matrix.serverName }}.log.config: |
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
filters: [context]
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: {{ .Values.matrix.logging.synapseLogLevel }}
|
||||
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: {{ .Values.matrix.logging.sqlLogLevel }}
|
||||
|
||||
|
||||
root:
|
||||
level: {{ .Values.matrix.logging.rootLogLevel }}
|
||||
handlers: [console]
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition
|
||||
*/}}
|
||||
{{- define "matrix.hostname" -}}
|
||||
{{- if .Values.matrix.hostname }}
|
||||
{{- .Values.matrix.hostname -}}
|
||||
{{- else }}
|
||||
{{- .Values.ingress.hosts.synapse -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Synapse hostname prepended with https:// to form a complete URL
|
||||
*/}}
|
||||
{{- define "matrix.baseUrl" -}}
|
||||
{{- if .Values.matrix.hostname }}
|
||||
{{- printf "https://%s" .Values.matrix.hostname -}}
|
||||
{{- else }}
|
||||
{{- printf "https://%s" .Values.ingress.hosts.synapse -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,63 @@
|
|||
{{/* Define the configs */}}
|
||||
{{- define "synapse.secret" -}}
|
||||
{{- $previous := lookup "v1" "Secret" .Release.Namespace "synapse-secret-macaroon" }}
|
||||
{{- $msk := randAlphaNum 50 }}
|
||||
{{- if $previous }}
|
||||
{{- $msk = ( index $previous.data "key" ) | b64dec }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: synapse-secret-macaroon
|
||||
labels:
|
||||
{{ include "common.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
rollme: {{ randAlphaNum 5 | quote }}
|
||||
data:
|
||||
key: {{ $msk | b64enc }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: synapse-secret
|
||||
labels:
|
||||
{{ include "common.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
rollme: {{ randAlphaNum 5 | quote }}
|
||||
stringData:
|
||||
secret.yaml: |
|
||||
{{- if .Values.mail.enabled }}
|
||||
email:
|
||||
enable_notifs: {{ .Values.mail.enabled }}
|
||||
notif_from: {{ .Values.mail.from }}
|
||||
smtp_host: {{ .Values.mail.external.host }}
|
||||
smtp_port: {{ .Values.mail.external.port }}
|
||||
smtp_user: {{ .Values.mail.external.username }}
|
||||
smtp_pass: {{ .Values.mail.external.password }}
|
||||
require_transport_security: {{ .Values.mail.external.requireTransportSecurity }}
|
||||
{{- end }}
|
||||
|
||||
database:
|
||||
name: "psycopg2"
|
||||
args:
|
||||
user: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||
password: {{ .Values.postgresql.postgresqlPassword }}
|
||||
database: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
host: "{{ printf "%v-%v" .Release.Name "postgresql" }}"
|
||||
port: "5432"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
sslmode: "disable"
|
||||
|
||||
{{- if .Values.matrix.registration.sharedSecret }}
|
||||
registration_shared_secret: {{ .Values.matrix.registration.sharedSecret }}
|
||||
{{- end }}
|
||||
|
||||
macaroon_secret_key: {{ $msk }}
|
||||
|
||||
{{- if .Values.coturn.enabled -}}
|
||||
turn_shared_secret: {{ include "matrix.coturn.sharedSecret" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
|
@ -0,0 +1,14 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
{{/* Render configmap for synapse */}}
|
||||
{{- include "synapse.config" . }}
|
||||
|
||||
{{/* Render secret for synapse */}}
|
||||
{{- include "synapse.secret" . }}
|
||||
|
||||
{{- $newMiddlewares := list "tc-opencors-headers" }}
|
||||
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
|
@ -0,0 +1,4 @@
|
|||
icon_url: https://truecharts.org/_static/img/appicons/synapse-icon.png
|
||||
categories:
|
||||
- cloud
|
||||
|
Loading…
Reference in New Issue