diff --git a/apps/matrix/README.md b/apps/matrix/README.md index a0130ab..fc779aa 100644 --- a/apps/matrix/README.md +++ b/apps/matrix/README.md @@ -1,37 +1,5 @@ -## Todos / missing 2021-12-21 - -* Splitting / checking postgresql -* Setting up element-web + config -* Defining the homeserver.yaml -* Integration with certbot - -## Next - -* create db.yaml with - -``` -#database: -# name: psycopg2 -# args: -# user: synapse_user -# password: secretpassword -# database: synapse -# host: localhost -# port: 5432 -# cp_min: 5 -# cp_max: 10 -``` - -* create log.config -* put pvc at /media_store - ## Components -### General - -* Need switches for element-web (?) - * Or always deploy - ### element-web * Needs config: /app/config.json @@ -49,105 +17,14 @@ add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'none'"; ``` - # Whether to create the two federation files on the web client - # - /.well-known/matrix/server containing {"m.server": - # "homeserver:443"}. - # - /.well-known/matrix/client containing { "m.homeserver": { - # "base_url": "https://homeserver" } }. Example: - - -### matrix-synapse - -* Requires homeserver.yaml for starting -* Need to overwrite the entrypoint -* How/where do we specifiy the postgresql password? - * Maybe in our own init container using alpine? - -Need to generate for postgresql: - -``` -database: - # The database engine name - name: "psycopg2" - # Arguments to pass to the engine - args: - database: "matrix-synapse" - host: "/var/run/postgresql" - user: "matrix-synapse" - password: "" - cp_min: 10 - cp_min: 5 -``` - -For configuration set/do not set: - -* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us) -* SYNAPSE_DATA_DIR is by default /data, keep as is - -Save under: - - - ## Missing -- db secret generation (sops?) - - done via mittwald - SMTP settings / secrets (ungleich mail + sops?) -- Exposing sizes in value.yaml (db, gitea) - - Maybe reducing to 1 PVC? - - - -## TODOs - -- Move postgres into own service -> stays running by default - -## Reset - -What I want: - -- Easy access to latest matrix version - - Based on the official container makes sense -- Being able to inject postgres secret -- Postgres not restarting if synapse is getting updated - - 2nd service could nicely solve that - -## input / image - -/data - -SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults -to /data. - -SYNAPSE_CONFIG_PATH: path to the config file. Defaults to -/homeserver.yaml - -TZ: the timezone the container will run with. Defaults to UTC. - -docker run -d --name synapse \ - --mount type=volume,src=synapse-data,dst=/data \ - -p 8008:8008 \ - matrixdotorg/synapse:latest run \ - -m synapse.app.generic_worker \ - --config-path=/data/homeserver.yaml \ - --config-path=/data/generic_worker.yaml - -# admin user +### admin user docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help -# Setup in terms of functionality - -## Synapse - -* Base, clear - -## Element - -* Another FQDN -* If set, another nginx instance - ## Usage ### Element-Web @@ -155,3 +32,20 @@ docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/ * Includes config.json that is being populated by values.yaml * Includes nginx on port localhost:8080 (http) * Includes nginx proxy on port 80+443 (http redirect, https) + +### Synapse + +* homeserver.yaml is created from a ConfigMap in /config-ro +* homeserver.yaml is edited using sed to add the postgres password and + stored in /config/homeserver.yaml +* Logging configured to stdout + +### Postgres + +Tuned with `--no-locale --encoding=UTF8` using `POSTGRES_INITDB_ARGS` (required by synapse). + +See + +* https://www.postgresql.org/docs/9.5/app-initdb.html +* https://hub.docker.com/_/postgres +* https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md diff --git a/apps/matrix/element-web-nginx-proxy/element-web.conf b/apps/matrix/element-web-nginx-proxy/element-web.conf index d906b77..9216a58 100644 --- a/apps/matrix/element-web-nginx-proxy/element-web.conf +++ b/apps/matrix/element-web-nginx-proxy/element-web.conf @@ -9,6 +9,15 @@ server { client_max_body_size {{ .Values.max_filesize_in_mb}}m; + location /.well-known/matrix/server { + default_type application/json; + return 200 '{"m.server": "{{ tpl .Values.synapseFQDN . }}:443" }'; + } + location /.well-known/matrix/client { + default_type application/json; + return 200 '{ "m.homeserver": { "base_url": "https://{{ tpl .Values.synapseFQDN . }}" } }'; + } + location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/apps/matrix/templates/postgres.yaml b/apps/matrix/templates/postgres.yaml index e667edc..451fb37 100644 --- a/apps/matrix/templates/postgres.yaml +++ b/apps/matrix/templates/postgres.yaml @@ -60,7 +60,6 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: postgres --- ---- apiVersion: v1 kind: Secret metadata: @@ -74,3 +73,4 @@ metadata: stringData: POSTGRES_USER: "{{ .Values.postgresUser }}" POSTGRES_DB: "{{ .Values.postgresDBName }}" + POSTGRES_INITDB_ARGS: "--no-locale --encoding=UTF8" diff --git a/apps/matrix/templates/synapse.yaml b/apps/matrix/templates/synapse.yaml index f260d31..d583920 100644 --- a/apps/matrix/templates/synapse.yaml +++ b/apps/matrix/templates/synapse.yaml @@ -60,12 +60,12 @@ spec: command: - sh - -c - - "mkdir -p /config; sed \"s/SECRETPOSTGRESPASSWORD/$POSTGRES_PW/\" > /config/db.yaml; /start.py run" + - "mkdir -p /config; sed \"s,SECRETPOSTGRESPASSWORD,$POSTGRES_PW,\" /config-ro/homeserver.yaml > /config/homeserver.yaml && /start.py run" ports: - containerPort: 8008 env: - name: SYNAPSE_CONFIG_PATH - value: "/config-ro/homeserver.yaml" + value: "/config/homeserver.yaml" - name: SYNAPSE_CONFIG_DIR value: "/config" - name: POSTGRES_PW