.. | ||
element-web | ||
element-web-nginx | ||
element-web-nginx-proxy | ||
synapse | ||
synapse-nginx | ||
templates | ||
.helmignore | ||
Chart.yaml | ||
README.md | ||
values.yaml |
Todos / missing 2021-12-21
- Splitting / checking postgresql
- Setting up element-web + config
- Defining the homeserver.yaml
- Integration with certbot
Next
- create db.yaml with
#database:
# name: psycopg2
# args:
# user: synapse_user
# password: secretpassword
# database: synapse
# host: localhost
# port: 5432
# cp_min: 5
# cp_max: 10
- create log.config
- put pvc at /media_store
Components
General
- Need switches for element-web (?)
- Or always deploy
element-web
- Needs config: /app/config.json
- Needs FQDN for HTTPS / nginx
- Maybe limit the builtin webserver to localhost?
- Configmap to /etc/nginx/conf.d/default.conf
- Entrypoint
nginx -g daemon off
D
To add:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
# Whether to create the two federation files on the web client
# - /.well-known/matrix/server containing {"m.server":
# "homeserver:443"}.
# - /.well-known/matrix/client containing { "m.homeserver": {
# "base_url": "https://homeserver" } }. Example:
matrix-synapse
- Requires homeserver.yaml for starting
- Need to overwrite the entrypoint
- How/where do we specifiy the postgresql password?
- Maybe in our own init container using alpine?
Need to generate for postgresql:
database:
# The database engine name
name: "psycopg2"
# Arguments to pass to the engine
args:
database: "matrix-synapse"
host: "/var/run/postgresql"
user: "matrix-synapse"
password: ""
cp_min: 10
cp_min: 5
For configuration set/do not set:
- SYNAPSE_CONFIG_DIR=/config (this contains generated files from us)
- SYNAPSE_DATA_DIR is by default /data, keep as is
Save under:
Missing
- db secret generation (sops?)
- done via mittwald
- SMTP settings / secrets (ungleich mail + sops?)
- Exposing sizes in value.yaml (db, gitea)
- Maybe reducing to 1 PVC?
TODOs
- Move postgres into own service -> stays running by default
Reset
What I want:
- Easy access to latest matrix version
- Based on the official container makes sense
- Being able to inject postgres secret
- Postgres not restarting if synapse is getting updated
- 2nd service could nicely solve that
input / image
/data
SYNAPSE_CONFIG_DIR: where additional config files are stored. Defaults to /data.
SYNAPSE_CONFIG_PATH: path to the config file. Defaults to <SYNAPSE_CONFIG_DIR>/homeserver.yaml
TZ: the timezone the container will run with. Defaults to UTC.
docker run -d --name synapse
--mount type=volume,src=synapse-data,dst=/data
-p 8008:8008
matrixdotorg/synapse:latest run
-m synapse.app.generic_worker
--config-path=/data/homeserver.yaml
--config-path=/data/generic_worker.yaml
admin user
docker exec -it synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml --help
Setup in terms of functionality
Synapse
- Base, clear
Element
- Another FQDN
- If set, another nginx instance
Usage
Element-Web
- Includes config.json that is being populated by values.yaml
- Includes nginx on port localhost:8080 (http)
- Includes nginx proxy on port 80+443 (http redirect, https)