pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

matrix-synapse: Stamp as 1.0

Browse source 
This cleans up plenty of config to use as many defaults as possible, and
adds extraSecrets for specifying secret values into config
This commit is contained in:
Alexander Olofsson 2020-08-14 10:31:13 +02:00
parent 61efea988a
commit 20c696a55b
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
4 changed files with 46 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
charts/matrix-synapse/Chart.yaml
View file

@ -2,10 +2,11 @@
apiVersion: v2 apiVersion: v2
name: matrix-synapse name: matrix-synapse
description: Matrix reference homeserver description: Matrix reference homeserver
icon: https://matrix.org/images/matrix-logo.svg
appVersion: 1.18.0 appVersion: 1.18.0
type: application type: application
version: 0.2.0 version: 1.0.0
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson
email: ace@haxalot.com email: ace@haxalot.com

78
charts/matrix-synapse/templates/configuration.yaml
View file

@ -40,8 +40,6 @@ data:
soft_file_limit: 0 soft_file_limit: 0
log_config: "/synapse/config/log.yaml" log_config: "/synapse/config/log.yaml"
trusted_third_party_id_servers: {{- .Values.config.thirdPartyIDServers | toYaml | nindent 6 }}
## Ports ## ## Ports ##
listeners: listeners:
@ -76,55 +74,16 @@ data:
{{ .Values.config.extraListeners | toYaml | nindent 6 }} {{ .Values.config.extraListeners | toYaml | nindent 6 }}
{{- end }} {{- end }}
## Performance ##
event_cache_size: {{ .Values.config.eventCacheSize | default "10K" | quote }}
## Ratelimiting ##
rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
## Files ## ## Files ##
media_store_path: "/synapse/data/media" media_store_path: "/synapse/data/media"
uploads_path: "/synapse/data/uploads" uploads_path: "/synapse/data/uploads"
max_upload_size: {{ .Values.config.maxUploadSize | default "10M" | quote }}
max_image_pixels: "32M"
dynamic_thumbnails: false
# List of thumbnail to precalculate when an image is uploaded.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: false
max_spider_size: "10M"
{{- if .Values.config.recaptcha }} {{- if .Values.config.recaptcha }}
## Captcha ## ## Captcha ##
recaptcha_public_key: {{ .Values.config.recaptcha.publicKey | quote }} recaptcha_public_key: {{ .Values.config.recaptcha.publicKey | quote }}
enable_registration_captcha: true enable_registration_captcha: true
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
{{- end }} {{- end }}
{{- if .Values.config.turnUris }} {{- if .Values.config.turnUris }}
@ -132,55 +91,41 @@ data:
turn_uris: turn_uris:
{{ toYaml .Values.config.turnUris | nindent 6 }} {{ toYaml .Values.config.turnUris | nindent 6 }}
turn_user_lifetime: "1h"
turn_allow_guests: true
{{- end }} {{- end }}
## Registration ## ## Registration ##
enable_registration: {{ .Values.config.enableRegistration | default false }} enable_registration: {{ .Values.config.enableRegistration | default false }}
bcrypt_rounds: 12
allow_guest_access: {{ .Values.config.allowGuests | default false }}
enable_group_creation: true
## Metrics ### ## Metrics ###
enable_metrics: true enable_metrics: true
report_stats: {{ .Values.config.reportStats | default false }}
## API Configuration ##
room_invite_state_types:
- "m.room.join_rules"
- "m.room.canonical_alias"
- "m.room.avatar"
- "m.room.name"
expire_access_token: False
## Signing Keys ## ## Signing Keys ##
signing_key_path: "/synapse/keys/signing.key" signing_key_path: "/synapse/keys/signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
# The trusted servers to download signing keys from. # The trusted servers to download signing keys from.
perspectives: trusted_key_servers: {{- .Values.config.trustedKeyServers | toYaml | nindent 6 }}
servers: {{- .Values.config.perspectiveServers | toYaml | nindent 8 }}
## Workers ## ## Workers ##
{{- $default := .Values.workers.default }} {{- $default := .Values.workers.default }}
{{- range $worker, $config := .Values.workers }} {{- range $worker, $config := .Values.workers }}
{{- if $config.enabled }} {{- if $config.enabled }}
{{- if eq $worker "pusher" }} {{ if eq $worker "pusher" }}
# For pusher worker
start_pushers: false start_pushers: false
{{- else if eq $worker "appservice" }} {{ else if eq $worker "appservice" }}
# For appservice worker
notify_appservices: false notify_appservices: false
{{- else if eq $worker "federation_sender" }} {{ else if eq $worker "federation_sender" }}
# For federation_sender worker
send_federation: false send_federation: false
{{- else if eq $worker "media_repository" }} {{ else if eq $worker "media_repository" }}
# For media_repository worker
enable_media_repo: false enable_media_repo: false
{{- else if eq $worker "user_dir" }} {{ else if eq $worker "user_dir" }}
# For user_dir worker
update_user_directory: false update_user_directory: false
{{- end }} {{- end }}
{{- end }} {{- end }}
@ -188,6 +133,5 @@ data:
{{- with .Values.extraConfig }} {{- with .Values.extraConfig }}
## Extra config ## ## Extra config ##
{{ . | toYaml | nindent 4 }} {{ . | toYaml | nindent 4 }}
{{- end }} {{- end }}

6
charts/matrix-synapse/templates/secrets.yaml
View file

@ -70,6 +70,12 @@ stringData:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- with .Values.extraSecrets }}
## Extra secrets ##
{{ . | toYaml | nindent 4 }}
{{- end }}
{{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }} {{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }}
{{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey") }} {{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey") }}
{{- if not (lookup "v1" "Secret" .Release.Namespace $name) }} {{- if not (lookup "v1" "Secret" .Release.Namespace $name) }}

61
charts/matrix-synapse/values.yaml
View file

@ -45,8 +45,10 @@ signingkey:
## in config as well as for client API links in the ingress. ## in config as well as for client API links in the ingress.
# publicServerName: 'matrix.example.com' # publicServerName: 'matrix.example.com'
## Common Matrix configuration values, for any value not handled by this block, ## Matrix configuration values that affect other parts of the chart, for any
## you will want to instead set it in extraConfig. ## value not handled by this block, you will want to instead set it in
## extraConfig below.
## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
## ##
config: config:
## The publicly accessible URL for the Synapse instance, will default to ## The publicly accessible URL for the Synapse instance, will default to
@ -54,23 +56,15 @@ config:
## ##
# publicBaseurl: 'https://matrix.example.com' # publicBaseurl: 'https://matrix.example.com'
## The size of the event cache.
##
# eventCacheSize: 10K
## The maximum allowed size of uploaded media.
##
# maxUploadSize: 10M
## The log level for Synapse and all modules. ## The log level for Synapse and all modules.
## ##
# logLevel: INFO # logLevel: INFO
## The recaptcha configuration for registering. (optional) ## Protect registration with recaptcha. (optional)
## ##
# recaptcha: # recaptcha:
# publicKey: # publicKey: ''
# privateKey: # privateKey: ''
## URIs and secret key for TURN servers to use to help establish 1:1 WebRTC ## URIs and secret key for TURN servers to use to help establish 1:1 WebRTC
## calls. ## calls.
@ -82,31 +76,20 @@ config:
## container-internal register_new_matrix_user tool is always possible. ## container-internal register_new_matrix_user tool is always possible.
## ##
# enableRegistration: false # enableRegistration: false
## Note; this value will default to a random string if not specified.
## NB; this value will default to a random string if not specified.
# registrationSharedSecret: '' # registrationSharedSecret: ''
## Note; Strongly recommended to set this to a secure value.
## NB; Strongly recommended to set this to a secure value.
# macaroonSecretKey: '' # macaroonSecretKey: ''
# allowGuests: false
## Should the Synapse instance report stats. ## A set of trusted servers to contact if another server doesn't respond to a
## signing key request.
## ##
# reportStats: false trustedKeyServers:
- server_name: matrix.org
## Servers to contact when doing 3PID lookups - for example when searching for # verify_keys:
## Matrix users by email/phone number. # "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
##
thirdPartyIDServers:
- matrix.org
- vector.im
## A set of fallback servers - and their key fingerprint - to contact if a
## server doesn't respond to a signing key request.
##
perspectiveServers:
matrix.org:
verify_keys:
ed25519:auto:
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
## Extra listeners to configure. ## Extra listeners to configure.
## ##
@ -116,6 +99,7 @@ config:
# type: manhole # type: manhole
## Specify arbitrary Synapse configuration here; ## Specify arbitrary Synapse configuration here;
## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
## ##
extraConfig: {} extraConfig: {}
# use_presence: false # use_presence: false
@ -124,6 +108,15 @@ extraConfig: {}
# - lon.example.com # - lon.example.com
# - nyc.example.com # - nyc.example.com
# - syd.example.com # - syd.example.com
# dynamic_thumbnails: true
## Specify arbitrary - secret - Synapse configuration here;
## These values will be stored in secrets instead of configmaps
## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
##
extraSecrets: {}
# password_config:
# pepper: ''
## Configuration to apply to the main Synapse pod. ## Configuration to apply to the main Synapse pod.
## ##