ungleich-k8s/apps/matrix/README.md

## Todos / missing 2021-12-21

* Splitting / checking postgresql
* Setting up element-web + config
* Defining the homeserver.yaml
* Integration with certbot


## Components

### General

* Need switches for element-web (?)
  * Or always deploy

### element-web

* Needs config: /app/config.json
* Needs FQDN for HTTPS / nginx
* Maybe limit the builtin webserver to localhost?

To add:

```
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
```

### matrix-synapse

* Requires homeserver.yaml for starting
* Need to overwrite the entrypoint
* How/where do we specifiy the postgresql password?
  * Maybe in our own init container using alpine?

Need to generate for postgresql:

```
database:
  # The database engine name
  name: "psycopg2"
  # Arguments to pass to the engine
  args:
    database: "matrix-synapse"
    host: "/var/run/postgresql"
    user: "matrix-synapse"
    password: ""
    cp_min: 10
    cp_min: 5
```

For configuration set/do not set:

* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
* SYNAPSE_DATA_DIR is by default /data, keep as is

Save under:


## Missing

- db secret generation (sops?)
  - done via mittwald
- SMTP settings / secrets (ungleich mail + sops?)
- Exposing sizes in value.yaml (db, gitea)
  - Maybe reducing to 1 PVC?


## TODOs

- Move postgres into own service -> stays running by default

## Reset

What I want:

- Easy access to latest matrix version
  - Based on the official container makes sense
- Being able to inject postgres secret
- Postgres not restarting if synapse is getting updated
  - 2nd service could nicely solve that

## input / image

/data

SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults
to /data.

SYNAPSE_CONFIG_PATH: path to the config file. Defaults to
<SYNAPSE_CONFIG_DIR>/homeserver.yaml

TZ: the timezone the container will run with. Defaults to UTC.

docker run -d --name synapse \
    --mount type=volume,src=synapse-data,dst=/data \
    -p 8008:8008 \
    matrixdotorg/synapse:latest run \
    -m synapse.app.generic_worker \
    --config-path=/data/homeserver.yaml \
    --config-path=/data/generic_worker.yaml

# admin user

docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help

# Setup in terms of functionality

## Synapse

* Base, clear

## Element

* Another FQDN
* If set, another nginx instance
[apps/matrix] Begin cleanup for single worker approach 2021-12-21 11:02:28 +00:00			`## Todos / missing 2021-12-21`

			`* Splitting / checking postgresql`
			`* Setting up element-web + config`
			`* Defining the homeserver.yaml`
			`* Integration with certbot`


			`## Components`

			`### General`

			`* Need switches for element-web (?)`
			`* Or always deploy`

			`### element-web`

			`* Needs config: /app/config.json`
			`* Needs FQDN for HTTPS / nginx`
			`* Maybe limit the builtin webserver to localhost?`

			`To add:`

			```
			`add_header X-Frame-Options SAMEORIGIN;`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header Content-Security-Policy "frame-ancestors 'none'";`
			```

			`### matrix-synapse`

			`* Requires homeserver.yaml for starting`
			`* Need to overwrite the entrypoint`
			`* How/where do we specifiy the postgresql password?`
			`* Maybe in our own init container using alpine?`

			`Need to generate for postgresql:`

			```
			`database:`
			`# The database engine name`
			`name: "psycopg2"`
			`# Arguments to pass to the engine`
			`args:`
			`database: "matrix-synapse"`
			`host: "/var/run/postgresql"`
			`user: "matrix-synapse"`
			`password: ""`
			`cp_min: 10`
			`cp_min: 5`
			```

			`For configuration set/do not set:`

			`* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)`
			`* SYNAPSE_DATA_DIR is by default /data, keep as is`

			`Save under:`



starting matrix 2021-07-01 16:29:33 +00:00			`## Missing`

			`- db secret generation (sops?)`
Add working knot variant + various other stuff 2021-07-17 22:16:35 +00:00			`- done via mittwald`
starting matrix 2021-07-01 16:29:33 +00:00			`- SMTP settings / secrets (ungleich mail + sops?)`
			`- Exposing sizes in value.yaml (db, gitea)`
			`- Maybe reducing to 1 PVC?`
Add working knot variant + various other stuff 2021-07-17 22:16:35 +00:00
[apps/matrix] Begin cleanup for single worker approach 2021-12-21 11:02:28 +00:00


Add working knot variant + various other stuff 2021-07-17 22:16:35 +00:00			`## TODOs`

[apps/matrix] Begin cleanup for single worker approach 2021-12-21 11:02:28 +00:00			`- Move postgres into own service -> stays running by default`
Add working knot variant + various other stuff 2021-07-17 22:16:35 +00:00
			`## Reset`

			`What I want:`

			`- Easy access to latest matrix version`
			`- Based on the official container makes sense`
			`- Being able to inject postgres secret`
			`- Postgres not restarting if synapse is getting updated`
			`- 2nd service could nicely solve that`
++matrix notes 2021-12-12 20:23:37 +00:00
			`## input / image`

			`/data`

			`SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults`
			`to /data.`

			`SYNAPSE_CONFIG_PATH: path to the config file. Defaults to`
			`<SYNAPSE_CONFIG_DIR>/homeserver.yaml`

			`TZ: the timezone the container will run with. Defaults to UTC.`

			`docker run -d --name synapse \`
			`--mount type=volume,src=synapse-data,dst=/data \`
			`-p 8008:8008 \`
			`matrixdotorg/synapse:latest run \`
			`-m synapse.app.generic_worker \`
			`--config-path=/data/homeserver.yaml \`
			`--config-path=/data/generic_worker.yaml`

			`# admin user`

			`docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help`
++matrix note 2021-12-12 21:02:24 +00:00
			`# Setup in terms of functionality`

			`## Synapse`

			`* Base, clear`

			`## Element`

			`* Another FQDN`
			`* If set, another nginx instance`