ungleich-k8s/apps/matrix/README.md
2021-12-24 15:22:37 +01:00

2.8 KiB

Todos / missing 2021-12-21

  • Splitting / checking postgresql
  • Setting up element-web + config
  • Defining the homeserver.yaml
  • Integration with certbot

Components

General

  • Need switches for element-web (?)
    • Or always deploy

element-web

  • Needs config: /app/config.json
  • Needs FQDN for HTTPS / nginx
  • Maybe limit the builtin webserver to localhost?
    • Configmap to /etc/nginx/conf.d/default.conf
    • Entrypoint nginx -g daemon offD

To add:

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
# Whether to create the two federation files on the web client
# - /.well-known/matrix/server containing {"m.server":
# "homeserver:443"}.
#  - /.well-known/matrix/client containing { "m.homeserver": {
# "base_url": "https://homeserver" } }. Example:

matrix-synapse

  • Requires homeserver.yaml for starting
  • Need to overwrite the entrypoint
  • How/where do we specifiy the postgresql password?
    • Maybe in our own init container using alpine?

Need to generate for postgresql:

database:
  # The database engine name
  name: "psycopg2"
  # Arguments to pass to the engine
  args:
    database: "matrix-synapse"
    host: "/var/run/postgresql"
    user: "matrix-synapse"
    password: ""
    cp_min: 10
    cp_min: 5

For configuration set/do not set:

  • SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
  • SYNAPSE_DATA_DIR is by default /data, keep as is

Save under:

Missing

  • db secret generation (sops?)
    • done via mittwald
  • SMTP settings / secrets (ungleich mail + sops?)
  • Exposing sizes in value.yaml (db, gitea)
    • Maybe reducing to 1 PVC?

TODOs

  • Move postgres into own service -> stays running by default

Reset

What I want:

  • Easy access to latest matrix version
    • Based on the official container makes sense
  • Being able to inject postgres secret
  • Postgres not restarting if synapse is getting updated
    • 2nd service could nicely solve that

input / image

/data

SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults to /data.

SYNAPSE_CONFIG_PATH: path to the config file. Defaults to <SYNAPSE_CONFIG_DIR>/homeserver.yaml

TZ: the timezone the container will run with. Defaults to UTC.

docker run -d --name synapse
--mount type=volume,src=synapse-data,dst=/data
-p 8008:8008
matrixdotorg/synapse:latest run
-m synapse.app.generic_worker
--config-path=/data/homeserver.yaml
--config-path=/data/generic_worker.yaml

admin user

docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help

Setup in terms of functionality

Synapse

  • Base, clear

Element

  • Another FQDN
  • If set, another nginx instance