From 20c696a55b5047d388788a593bdbd637addcd275 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Fri, 14 Aug 2020 10:31:13 +0200
Subject: [PATCH] matrix-synapse: Stamp as 1.0

This cleans up plenty of config to use as many defaults as possible, and
adds extraSecrets for specifying secret values into config
---
 charts/matrix-synapse/Chart.yaml              |  3 +-
 .../templates/configuration.yaml              | 78 +++----------------
 charts/matrix-synapse/templates/secrets.yaml  |  6 ++
 charts/matrix-synapse/values.yaml             | 61 +++++++--------
 4 files changed, 46 insertions(+), 102 deletions(-)

diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml
index 561dfd5..8cac32f 100644
--- a/charts/matrix-synapse/Chart.yaml
+++ b/charts/matrix-synapse/Chart.yaml
@@ -2,10 +2,11 @@
 apiVersion: v2
 name: matrix-synapse
 description: Matrix reference homeserver
+icon: https://matrix.org/images/matrix-logo.svg
 appVersion: 1.18.0
 
 type: application
-version: 0.2.0
+version: 1.0.0
 maintainers:
   - name: Alexander Olofsson
     email: ace@haxalot.com
diff --git a/charts/matrix-synapse/templates/configuration.yaml b/charts/matrix-synapse/templates/configuration.yaml
index f84fc1e..36be258 100644
--- a/charts/matrix-synapse/templates/configuration.yaml
+++ b/charts/matrix-synapse/templates/configuration.yaml
@@ -40,8 +40,6 @@ data:
     soft_file_limit: 0
     log_config: "/synapse/config/log.yaml"
 
-    trusted_third_party_id_servers: {{- .Values.config.thirdPartyIDServers | toYaml | nindent 6 }}
-
     ## Ports ##
 
     listeners:
@@ -76,55 +74,16 @@ data:
       {{ .Values.config.extraListeners | toYaml | nindent 6 }}
     {{- end }}
 
-    ## Performance ##
-
-    event_cache_size: {{ .Values.config.eventCacheSize | default "10K" | quote }}
-
-    ## Ratelimiting ##
-
-    rc_messages_per_second: 0.2
-    rc_message_burst_count: 10.0
-    federation_rc_window_size: 1000
-    federation_rc_sleep_limit: 10
-    federation_rc_sleep_delay: 500
-    federation_rc_reject_limit: 50
-    federation_rc_concurrent: 3
-
     ## Files ##
 
     media_store_path: "/synapse/data/media"
     uploads_path: "/synapse/data/uploads"
-    max_upload_size: {{ .Values.config.maxUploadSize | default "10M" | quote }}
-    max_image_pixels: "32M"
-    dynamic_thumbnails: false
-
-    # List of thumbnail to precalculate when an image is uploaded.
-    thumbnail_sizes:
-    - width: 32
-      height: 32
-      method: crop
-    - width: 96
-      height: 96
-      method: crop
-    - width: 320
-      height: 240
-      method: scale
-    - width: 640
-      height: 480
-      method: scale
-    - width: 800
-      height: 600
-      method: scale
-
-    url_preview_enabled: false
-    max_spider_size: "10M"
     {{- if .Values.config.recaptcha }}
 
     ## Captcha ##
 
     recaptcha_public_key: {{ .Values.config.recaptcha.publicKey | quote }}
     enable_registration_captcha: true
-    recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
     {{- end }}
     {{- if .Values.config.turnUris }}
 
@@ -132,55 +91,41 @@ data:
 
     turn_uris:
       {{ toYaml .Values.config.turnUris | nindent 6 }}
-    turn_user_lifetime: "1h"
-    turn_allow_guests: true
     {{- end }}
 
     ## Registration ##
 
     enable_registration: {{ .Values.config.enableRegistration | default false }}
-    bcrypt_rounds: 12
-    allow_guest_access: {{ .Values.config.allowGuests | default false }}
-    enable_group_creation: true
 
     ## Metrics ###
 
     enable_metrics: true
-    report_stats: {{ .Values.config.reportStats | default false }}
-
-    ## API Configuration ##
-
-    room_invite_state_types:
-      - "m.room.join_rules"
-      - "m.room.canonical_alias"
-      - "m.room.avatar"
-      - "m.room.name"
-
-    expire_access_token: False
 
     ## Signing Keys ##
 
     signing_key_path: "/synapse/keys/signing.key"
-    old_signing_keys: {}
-    key_refresh_interval: "1d" # 1 Day.
 
     # The trusted servers to download signing keys from.
-    perspectives:
-      servers: {{- .Values.config.perspectiveServers | toYaml | nindent 8 }}
+    trusted_key_servers: {{- .Values.config.trustedKeyServers | toYaml | nindent 6 }}
 
     ## Workers ##
     {{- $default := .Values.workers.default }}
     {{- range $worker, $config := .Values.workers }}
       {{- if $config.enabled }}
-        {{- if eq $worker "pusher" }}
+        {{ if eq $worker "pusher" }}
+    # For pusher worker
     start_pushers: false
-        {{- else if eq $worker "appservice" }}
+        {{ else if eq $worker "appservice" }}
+    # For appservice worker
     notify_appservices: false
-        {{- else if eq $worker "federation_sender" }}
+        {{ else if eq $worker "federation_sender" }}
+    # For federation_sender worker
     send_federation: false
-        {{- else if eq $worker "media_repository" }}
+        {{ else if eq $worker "media_repository" }}
+    # For media_repository worker
     enable_media_repo: false
-        {{- else if eq $worker "user_dir" }}
+        {{ else if eq $worker "user_dir" }}
+    # For user_dir worker
     update_user_directory: false
         {{- end }}
       {{- end }}
@@ -188,6 +133,5 @@ data:
     {{- with .Values.extraConfig }}
 
     ## Extra config ##
-
     {{ . | toYaml | nindent 4 }}
     {{- end }}
diff --git a/charts/matrix-synapse/templates/secrets.yaml b/charts/matrix-synapse/templates/secrets.yaml
index 05090db..e7b30d4 100644
--- a/charts/matrix-synapse/templates/secrets.yaml
+++ b/charts/matrix-synapse/templates/secrets.yaml
@@ -70,6 +70,12 @@ stringData:
   {{- end }}
 {{- end }}
 
+    {{- with .Values.extraSecrets }}
+
+    ## Extra secrets ##
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
+
 {{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }}
   {{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey") }}
   {{- if not (lookup "v1" "Secret" .Release.Namespace $name) }}
diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml
index 13725f2..559eeeb 100644
--- a/charts/matrix-synapse/values.yaml
+++ b/charts/matrix-synapse/values.yaml
@@ -45,8 +45,10 @@ signingkey:
 ## in config as well as for client API links in the ingress.
 # publicServerName: 'matrix.example.com'
 
-## Common Matrix configuration values, for any value not handled by this block,
-## you will want to instead set it in extraConfig.
+## Matrix configuration values that affect other parts of the chart, for any
+## value not handled by this block, you will want to instead set it in
+## extraConfig below.
+## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
 ##
 config:
   ## The publicly accessible URL for the Synapse instance, will default to
@@ -54,23 +56,15 @@ config:
   ##
   # publicBaseurl: 'https://matrix.example.com'
 
-  ## The size of the event cache.
-  ##
-  # eventCacheSize: 10K
-
-  ## The maximum allowed size of uploaded media.
-  ##
-  # maxUploadSize: 10M
-
   ## The log level for Synapse and all modules.
   ##
   # logLevel: INFO
 
-  ## The recaptcha configuration for registering. (optional)
+  ## Protect registration with recaptcha. (optional)
   ##
   # recaptcha:
-  #   publicKey:
-  #   privateKey:
+  #   publicKey: ''
+  #   privateKey: ''
 
   ## URIs and secret key for TURN servers to use to help establish 1:1 WebRTC
   ## calls.
@@ -82,31 +76,20 @@ config:
   ## container-internal register_new_matrix_user tool is always possible.
   ##
   # enableRegistration: false
-  ## Note; this value will default to a random string if not specified.
+
+  ## NB; this value will default to a random string if not specified.
   # registrationSharedSecret: ''
-  ## Note; Strongly recommended to set this to a secure value.
+
+  ## NB; Strongly recommended to set this to a secure value.
   # macaroonSecretKey: ''
-  # allowGuests: false
 
-  ## Should the Synapse instance report stats.
+  ## A set of trusted servers to contact if another server doesn't respond to a
+  ## signing key request.
   ##
-  # reportStats: false
-
-  ## Servers to contact when doing 3PID lookups - for example when searching for
-  ## Matrix users by email/phone number.
-  ##
-  thirdPartyIDServers:
-    - matrix.org
-    - vector.im
-
-  ## A set of fallback servers - and their key fingerprint - to contact if a
-  ## server doesn't respond to a signing key request.
-  ##
-  perspectiveServers:
-    matrix.org:
-      verify_keys:
-        ed25519:auto:
-          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+  trustedKeyServers:
+    - server_name: matrix.org
+  #   verify_keys:
+  #     "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 
   ## Extra listeners to configure.
   ##
@@ -116,6 +99,7 @@ config:
   #    type: manhole
 
 ## Specify arbitrary Synapse configuration here;
+## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
 ##
 extraConfig: {}
 #  use_presence: false
@@ -124,6 +108,15 @@ extraConfig: {}
 #    - lon.example.com
 #    - nyc.example.com
 #    - syd.example.com
+#  dynamic_thumbnails: true
+
+## Specify arbitrary - secret - Synapse configuration here;
+## These values will be stored in secrets instead of configmaps
+## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
+##
+extraSecrets: {}
+#  password_config:
+#    pepper: ''
 
 ## Configuration to apply to the main Synapse pod.
 ##