ungleich-k8s/apps/matrix/README.md

158 lines
3.3 KiB
Markdown
Raw Normal View History

## Todos / missing 2021-12-21
* Splitting / checking postgresql
* Setting up element-web + config
* Defining the homeserver.yaml
* Integration with certbot
2021-12-25 09:53:35 +00:00
## Next
* create db.yaml with
```
#database:
# name: psycopg2
# args:
# user: synapse_user
# password: secretpassword
# database: synapse
# host: localhost
# port: 5432
# cp_min: 5
# cp_max: 10
```
* create log.config
* put pvc at /media_store
## Components
### General
* Need switches for element-web (?)
* Or always deploy
### element-web
* Needs config: /app/config.json
* Needs FQDN for HTTPS / nginx
* Maybe limit the builtin webserver to localhost?
2021-12-21 12:00:48 +00:00
* Configmap to /etc/nginx/conf.d/default.conf
* Entrypoint `nginx -g daemon off`D
To add:
```
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
```
2021-12-24 14:22:37 +00:00
# Whether to create the two federation files on the web client
# - /.well-known/matrix/server containing {"m.server":
# "homeserver:443"}.
# - /.well-known/matrix/client containing { "m.homeserver": {
# "base_url": "https://homeserver" } }. Example:
### matrix-synapse
* Requires homeserver.yaml for starting
* Need to overwrite the entrypoint
* How/where do we specifiy the postgresql password?
* Maybe in our own init container using alpine?
Need to generate for postgresql:
```
database:
# The database engine name
name: "psycopg2"
# Arguments to pass to the engine
args:
database: "matrix-synapse"
host: "/var/run/postgresql"
user: "matrix-synapse"
password: ""
cp_min: 10
cp_min: 5
```
For configuration set/do not set:
* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
* SYNAPSE_DATA_DIR is by default /data, keep as is
Save under:
2021-07-01 16:29:33 +00:00
## Missing
- db secret generation (sops?)
- done via mittwald
2021-07-01 16:29:33 +00:00
- SMTP settings / secrets (ungleich mail + sops?)
- Exposing sizes in value.yaml (db, gitea)
- Maybe reducing to 1 PVC?
## TODOs
- Move postgres into own service -> stays running by default
## Reset
What I want:
- Easy access to latest matrix version
- Based on the official container makes sense
- Being able to inject postgres secret
- Postgres not restarting if synapse is getting updated
- 2nd service could nicely solve that
2021-12-12 20:23:37 +00:00
## input / image
/data
SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults
to /data.
SYNAPSE_CONFIG_PATH: path to the config file. Defaults to
<SYNAPSE_CONFIG_DIR>/homeserver.yaml
TZ: the timezone the container will run with. Defaults to UTC.
docker run -d --name synapse \
--mount type=volume,src=synapse-data,dst=/data \
-p 8008:8008 \
matrixdotorg/synapse:latest run \
-m synapse.app.generic_worker \
--config-path=/data/homeserver.yaml \
--config-path=/data/generic_worker.yaml
# admin user
docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help
2021-12-12 21:02:24 +00:00
# Setup in terms of functionality
## Synapse
* Base, clear
## Element
* Another FQDN
* If set, another nginx instance
2021-12-25 15:04:59 +00:00
## Usage
### Element-Web
* Includes config.json that is being populated by values.yaml
* Includes nginx on port localhost:8080 (http)
* Includes nginx proxy on port 80+443 (http redirect, https)