From a6e8b9541a14fed550e59345ab42ec4a626fa45b Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Mon, 24 Aug 2020 14:59:53 +0200
Subject: [PATCH] matrix-synapse: Implement volume permissions

Forgot to set a TODO on these flags, and only now done another full test deploy
---
 charts/matrix-synapse/Chart.yaml               |  2 +-
 .../matrix-synapse/templates/deployment.yaml   | 18 ++++++++++++++++++
 charts/matrix-synapse/values.yaml              |  3 +++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml
index 472968b..9a53e7f 100644
--- a/charts/matrix-synapse/Chart.yaml
+++ b/charts/matrix-synapse/Chart.yaml
@@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
 appVersion: 1.19.0
 
 type: application
-version: 1.2.0
+version: 1.3.0
 maintainers:
   - name: Alexander Olofsson
     email: ace@haxalot.com
diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml
index c317974..a440cac 100644
--- a/charts/matrix-synapse/templates/deployment.yaml
+++ b/charts/matrix-synapse/templates/deployment.yaml
@@ -32,6 +32,24 @@ spec:
       {{- include "matrix-synapse.imagePullSecrets" . | nindent 6 }}
       securityContext:
         {{- toYaml .Values.synapse.podSecurityContext | nindent 8 }}
+    {{- if $needsVolumePermissions }}
+      initContainers:
+        - name: volume-permissions
+          command:
+            - sh
+            - -c
+            - |
+              chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data
+          image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
+          resources:
+            {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          securityContext:
+            runAsNonRoot: false
+            runAsUser: 0
+          volumeMounts:
+            - name: media
+              mountPath: /synapse/data
+    {{- end }}
       containers:
         - name: synapse
           command:
diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml
index 195276c..513719a 100644
--- a/charts/matrix-synapse/values.yaml
+++ b/charts/matrix-synapse/values.yaml
@@ -534,6 +534,9 @@ persistence:
 volumePermissions:
   enabled: false
 
+  uid: 666
+  gid: 666
+
   image:
     repository: alpine
     tag: latest