ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ungleich-k8s/apps/matrix
History
Nico Schottelius 54706c382e [apps/matrix] further cleanup
2021-12-21 13:00:48 +01:00
..
templates [apps/matrix] further cleanup 2021-12-21 13:00:48 +01:00
.helmignore starting matrix 2021-07-01 18:29:33 +02:00
Chart.yaml ++matrix 2021-07-17 20:12:27 +02:00
README.md [apps/matrix] further cleanup 2021-12-21 13:00:48 +01:00
values.yaml [apps/matrix] Begin cleanup for single worker approach 2021-12-21 12:02:28 +01:00

README.md

Todos / missing 2021-12-21

  • Splitting / checking postgresql
  • Setting up element-web + config
  • Defining the homeserver.yaml
  • Integration with certbot

Components

General

  • Need switches for element-web (?)
    • Or always deploy

element-web

  • Needs config: /app/config.json
  • Needs FQDN for HTTPS / nginx
  • Maybe limit the builtin webserver to localhost?
    • Configmap to /etc/nginx/conf.d/default.conf
    • Entrypoint nginx -g daemon offD

To add:

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";

matrix-synapse

  • Requires homeserver.yaml for starting
  • Need to overwrite the entrypoint
  • How/where do we specifiy the postgresql password?
    • Maybe in our own init container using alpine?

Need to generate for postgresql:

database:
  # The database engine name
  name: "psycopg2"
  # Arguments to pass to the engine
  args:
    database: "matrix-synapse"
    host: "/var/run/postgresql"
    user: "matrix-synapse"
    password: ""
    cp_min: 10
    cp_min: 5

For configuration set/do not set:

  • SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
  • SYNAPSE_DATA_DIR is by default /data, keep as is

Save under:

Missing

  • db secret generation (sops?)
    • done via mittwald
  • SMTP settings / secrets (ungleich mail + sops?)
  • Exposing sizes in value.yaml (db, gitea)
    • Maybe reducing to 1 PVC?

TODOs

  • Move postgres into own service -> stays running by default

Reset

What I want:

  • Easy access to latest matrix version
    • Based on the official container makes sense
  • Being able to inject postgres secret
  • Postgres not restarting if synapse is getting updated
    • 2nd service could nicely solve that

input / image

/data

SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults to /data.

SYNAPSE_CONFIG_PATH: path to the config file. Defaults to <SYNAPSE_CONFIG_DIR>/homeserver.yaml

TZ: the timezone the container will run with. Defaults to UTC.

docker run -d --name synapse
--mount type=volume,src=synapse-data,dst=/data
-p 8008:8008
matrixdotorg/synapse:latest run
-m synapse.app.generic_worker
--config-path=/data/homeserver.yaml
--config-path=/data/generic_worker.yaml

admin user

docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help

Setup in terms of functionality

Synapse

  • Base, clear

Element

  • Another FQDN
  • If set, another nginx instance