## Todos / missing 2021-12-21

* Splitting / checking postgresql
* Setting up element-web + config
* Defining the homeserver.yaml
* Integration with certbot


## Components

### General

* Need switches for element-web (?)
  * Or always deploy

### element-web

* Needs config: /app/config.json
* Needs FQDN for HTTPS / nginx
* Maybe limit the builtin webserver to localhost?

To add:

```
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
```

### matrix-synapse

* Requires homeserver.yaml for starting
* Need to overwrite the entrypoint
* How/where do we specifiy the postgresql password?
  * Maybe in our own init container using alpine?

Need to generate for postgresql:

```
database:
  # The database engine name
  name: "psycopg2"
  # Arguments to pass to the engine
  args:
    database: "matrix-synapse"
    host: "/var/run/postgresql"
    user: "matrix-synapse"
    password: ""
    cp_min: 10
    cp_min: 5
```

For configuration set/do not set:

* SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
* SYNAPSE_DATA_DIR is by default /data, keep as is

Save under:



## Missing

- db secret generation (sops?)
  - done via mittwald
- SMTP settings / secrets (ungleich mail + sops?)
- Exposing sizes in value.yaml (db, gitea)
  - Maybe reducing to 1 PVC?




## TODOs

- Move postgres into own service -> stays running by default

## Reset

What I want:

- Easy access to latest matrix version
  - Based on the official container makes sense
- Being able to inject postgres secret
- Postgres not restarting if synapse is getting updated
  - 2nd service could nicely solve that

## input / image

/data

SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults
to /data.

SYNAPSE_CONFIG_PATH: path to the config file. Defaults to
<SYNAPSE_CONFIG_DIR>/homeserver.yaml

TZ: the timezone the container will run with. Defaults to UTC.

docker run -d --name synapse \
    --mount type=volume,src=synapse-data,dst=/data \
    -p 8008:8008 \
    matrixdotorg/synapse:latest run \
    -m synapse.app.generic_worker \
    --config-path=/data/homeserver.yaml \
    --config-path=/data/generic_worker.yaml

# admin user

docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help

# Setup in terms of functionality

## Synapse

* Base, clear

## Element

* Another FQDN
* If set, another nginx instance