[matrix] cleanup README, integrate well known urls 1/2

apps/matrix/README.md

@@ -1,37 +1,5 @@
-## Todos / missing 2021-12-21
-
-* Splitting / checking postgresql
-* Setting up element-web + config
-* Defining the homeserver.yaml
-* Integration with certbot
-
-## Next
-
-* create db.yaml with
-
-```
-#database:
-#  name: psycopg2
-#  args:
-#    user: synapse_user
-#    password: secretpassword
-#    database: synapse
-#    host: localhost
-#    port: 5432
-#    cp_min: 5
-#    cp_max: 10
-```
-
-* create log.config
-* put pvc at /media_store
-
 ## Components
 
-### General
-
-* Need switches for element-web (?)
-  * Or always deploy
-
 ### element-web
 
 * Needs config: /app/config.json
@@ -49,105 +17,14 @@ add_header X-XSS-Protection "1; mode=block";
 add_header Content-Security-Policy "frame-ancestors 'none'";
 ```
 
-    # Whether to create the two federation files on the web client
-    # - /.well-known/matrix/server containing {"m.server":
-    # "homeserver:443"}.
-    #  - /.well-known/matrix/client containing { "m.homeserver": {
-    # "base_url": "https://homeserver" } }. Example:
-
-
-### matrix-synapse
-
-* Requires homeserver.yaml for starting
-* Need to overwrite the entrypoint
-* How/where do we specifiy the postgresql password?
-  * Maybe in our own init container using alpine?
-
-Need to generate for postgresql:
-
-```
-database:
-  # The database engine name
-  name: "psycopg2"
-  # Arguments to pass to the engine
-  args:
-    database: "matrix-synapse"
-    host: "/var/run/postgresql"
-    user: "matrix-synapse"
-    password: ""
-    cp_min: 10
-    cp_min: 5
-```
-
-For configuration set/do not set:
-
-* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
-* SYNAPSE_DATA_DIR is by default /data, keep as is
-
-Save under:
-
-
-
 ## Missing
 
-- db secret generation (sops?)
-  - done via mittwald
 - SMTP settings / secrets (ungleich mail + sops?)
-- Exposing sizes in value.yaml (db, gitea)
-  - Maybe reducing to 1 PVC?
 
-
+### admin user
-
-
-## TODOs
-
-- Move postgres into own service -> stays running by default
-
-## Reset
-
-What I want:
-
-- Easy access to latest matrix version
-  - Based on the official container makes sense
-- Being able to inject postgres secret
-- Postgres not restarting if synapse is getting updated
-  - 2nd service could nicely solve that
-
-## input / image
-
-/data
-
-SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults
-to /data.
-
-SYNAPSE_CONFIG_PATH: path to the config file. Defaults to
-<SYNAPSE_CONFIG_DIR>/homeserver.yaml
-
-TZ: the timezone the container will run with. Defaults to UTC.
-
-docker run -d --name synapse \
-    --mount type=volume,src=synapse-data,dst=/data \
-    -p 8008:8008 \
-    matrixdotorg/synapse:latest run \
-    -m synapse.app.generic_worker \
-    --config-path=/data/homeserver.yaml \
-    --config-path=/data/generic_worker.yaml
-
-# admin user
 
 docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help
 
-# Setup in terms of functionality
-
-## Synapse
-
-* Base, clear
-
-## Element
-
-* Another FQDN
-* If set, another nginx instance
-
 ## Usage
 
 ### Element-Web
@@ -155,3 +32,20 @@ docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/
 * Includes config.json that is being populated by values.yaml
 * Includes nginx on port localhost:8080 (http)
 * Includes nginx proxy on port 80+443 (http redirect, https)
+
+### Synapse
+
+* homeserver.yaml is created from a ConfigMap in /config-ro
+* homeserver.yaml is edited using sed to add the postgres password and
+  stored in /config/homeserver.yaml
+* Logging configured to stdout
+
+### Postgres
+
+Tuned with `--no-locale --encoding=UTF8` using `POSTGRES_INITDB_ARGS` (required by synapse).
+
+See
+
+* https://www.postgresql.org/docs/9.5/app-initdb.html
+* https://hub.docker.com/_/postgres
+* https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md

apps/matrix/element-web-nginx-proxy/element-web.conf

@@ -9,6 +9,15 @@ server {
 
     client_max_body_size {{ .Values.max_filesize_in_mb}}m;
 
+    location /.well-known/matrix/server {
+      default_type application/json;
+      return 200 '{"m.server": "{{ tpl .Values.synapseFQDN . }}:443" }';
+    }
+    location /.well-known/matrix/client {
+      default_type application/json;
+      return 200 '{ "m.homeserver": { "base_url": "https://{{ tpl .Values.synapseFQDN . }}" } }';
+    }
+
     location / {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;

apps/matrix/templates/postgres.yaml

@@ -60,7 +60,6 @@ spec:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/component: postgres
 ---
----
 apiVersion: v1
 kind: Secret
 metadata:
@@ -74,3 +73,4 @@ metadata:
 stringData:
   POSTGRES_USER: "{{ .Values.postgresUser }}"
   POSTGRES_DB: "{{ .Values.postgresDBName }}"
+  POSTGRES_INITDB_ARGS: "--no-locale --encoding=UTF8"

apps/matrix/templates/synapse.yaml

@@ -60,12 +60,12 @@ spec:
           command:
             - sh
             - -c
-            - "mkdir -p /config; sed \"s/SECRETPOSTGRESPASSWORD/$POSTGRES_PW/\" > /config/db.yaml; /start.py run"
+            - "mkdir -p /config; sed \"s,SECRETPOSTGRESPASSWORD,$POSTGRES_PW,\" /config-ro/homeserver.yaml > /config/homeserver.yaml && /start.py run"
           ports:
             - containerPort: 8008
           env:
             - name: SYNAPSE_CONFIG_PATH
-              value: "/config-ro/homeserver.yaml"
+              value: "/config/homeserver.yaml"
             - name: SYNAPSE_CONFIG_DIR
               value: "/config"
             - name: POSTGRES_PW