catalog/incubator/synapse/8.0.0/ix_values.yaml

321 lines
9.3 KiB
YAML

image:
repository: tccr.io/truecharts/synapse
pullPolicy: IfNotPresent
tag: 1.82.0@sha256:ed16bd72a84769040c24c49311a587e1cbb066b49a141126b5e377e84552c0c4
command:
- sh
- -c
- |
exec python -B -m synapse.app.homeserver \
-c /data/homeserver.yaml \
-c /data/secret/secret.yaml \
-c /data/custom.yaml
service:
main:
ports:
main:
port: 8008
targetPort: 8008
federation:
enabled: true
ports:
federation:
enabled: true
port: 8448
targetPort: 8008
replication:
enabled: true
ports:
replication:
enabled: true
port: 9092
targetPort: 9092
metrics:
enabled: true
ports:
metrics:
enabled: true
port: 9093
targetPort: 9090
securityContext:
allowPrivilegeEscalation: true
secretEnv: {}
installContainers:
generate-signing-key:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
- name: SYNAPSE_SERVER_NAME
value: "{{ .Values.matrix.serverName }}"
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--config-path"
- "/data/secret/secret.yaml"
- "--config-path"
- "/data/custom.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: config
mountPath: /data
- name: secret
mountPath: /data/secret
- name: key
mountPath: /data/keys
env: {}
persistence:
config:
enabled: true
type: configMap
objectName: synapse-config
mountPath: /data
readOnly: false
secret:
enabled: true
type: secret
objectName: synapse-secret
mountPath: /data/secret
readOnly: false
key:
enabled: true
mountPath: "/data/keys"
media:
enabled: true
mountPath: "/data/media_store"
uploads:
enabled: true
mountPath: "/uploads"
probes:
liveness:
path: /health
readiness:
path: /health
startup:
path: /health
# Synapse Kubernetes resource settings
synapse:
loadCustomConfig: false
# -- List of application config .yaml files to be loaded from /appConfig
appConfig: []
# Prometheus metrics for Synapse
# https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
metrics:
# Whether Synapse should capture metrics on an additional endpoint
enabled: true
# Port to listen on for metrics scraping
port: 9092
annotations: true
# Runtime configuration for Synapse and settings related to the Matrix protocol
matrix:
# Manual overrides for homeserver.yaml, the main configuration file for Synapse
# If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents.
# If homeserverExtra is set, the contents will be appended to the end of the default configuration.
# It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense
# of the requirements and default configuration options to use other services in this chart.
# homeserverOverride: {}
# homeserverExtra: {}
# Domain name of the server
# This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains
# from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the
# domain name at the end of every user's username
serverName: "example.com"
urlPreviews:
enabled: false
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
# hostname: "matrix.example.com"
# Set to false to disable presence (online/offline indicators)
presence: true
# Set to true to block non-admins from inviting users to any rooms
blockNonAdminInvites: false
# Set to false to disable message searching
search: true
# Which types of rooms to enable end-to-end encryption on by default
# off: none
# invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset
# all: all rooms
encryptByDefault: invite
# Email address of the administrator
adminEmail: "admin@example.com"
# Settings related to image and multimedia uploads
uploads:
# Max upload size in bytes
maxSize: 10M
# Max image size in pixels
maxPixels: 32M
# Settings related to federation
federation:
# Set to false to disable federation and run an isolated homeserver
enabled: true
# Set to false to disallow members of other homeservers from fetching *public* rooms
allowPublicRooms: true
# Whitelist of domains to federate with (comment for all domains except blacklisted)
# whitelist: []
# IP addresses to blacklist federation requests to
blacklist:
- "127.0.0.0/8"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
- "100.64.0.0/10"
- "169.254.0.0/16"
- "::1/128"
- "fe80::/64"
- "fc00::/7"
# User registration settings
registration:
# Allow new users to register an account
enabled: false
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
# sharedSecret: <PRIVATE STRING>
# Allow users to join rooms as a guest
allowGuests: false
# Required "3PIDs" - third-party identifiers such as email or msisdn (SMS)
# required3Pids:
# - email
# - msisdn
# Rooms to automatically join all new users to
autoJoinRooms: []
# - "#welcome:example.com"
# How long to keep redacted events in unredacted form in the database
retentionPeriod: 7d
security:
# This disables the warning that is emitted when the
# trustedKeyServers include 'matrix.org'. See below.
# Set to false to re-enable the warning.
#
surpressKeyServerWarning: true
# The trusted servers to download signing keys from.
#
# When we need to fetch a signing key, each server is tried in parallel.
#
# Normally, the connection to the key server is validated via TLS certificates.
# Additional security can be provided by configuring a `verify key`, which
# will make synapse check that the response is signed by that key.
#
# This setting supercedes an older setting named `perspectives`. The old format
# is still supported for backwards-compatibility, but it is deprecated.
#
# 'trustedKeyServers' defaults to matrix.org, but using it will generate a
# warning on start-up. To suppress this warning, set
# 'surpressKeyServerWarning' to true.
#
# Options for each entry in the list include:
#
# serverName: the name of the server. required.
#
# verifyKeys: an optional map from key id to base64-encoded public key.
# If specified, we will check that the response is signed by at least
# one of the given keys.
#
# acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset,
# and federation_verify_certificates is not `true`, synapse will refuse
# to start, because this would allow anyone who can spoof DNS responses
# to masquerade as the trusted key server. If you know what you are doing
# and are sure that your network environment provides a secure connection
# to the key server, you can set this to `true` to override this
# behaviour.
#
# An example configuration might look like:
#
# trustedKeyServers:
# - serverName: my_trusted_server.example.com
# verifyKeys:
# - id: "ed25519:auto"
# key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
# acceptKeysInsecurely: false
# - serverName: my_other_trusted_server.example.com
# Set to true to globally block access to the homeserver
disabled: false
# Human readable reason for why the homeserver is blocked
disabledMessage: ""
logging:
# Root log level is the default log level for log outputs that do not have more
# specific settings.
rootLogLevel: WARNING
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
sqlLogLevel: WARNING
# The log level for the synapse server
synapseLogLevel: WARNING
# Settings for email notifications
mail:
# Set to false to disable all email notifications
# NOTE: If enabled, either enable the Exim relay or configure an external mail server below
enabled: false
# Name and email address for outgoing mail
from: "Matrix <matrix@example.com>"
# Optional: Element instance URL.
# If the ingress is enabled, this is unnecessary.
# If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io
riotUrl: ""
host: ""
# -- Sets the smtp port
# SSL: 465, STARTTLS: 587
port: 25
username: ""
password: ""
requireTransportSecurity: true
coturn:
enabled: false
# Enabled postgres
postgresql:
env:
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C"
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: synapse
postgresqlDatabase: synapse
portal:
enabled: true