Merge branch 'master' of ssh://gitlab.com/ananace/charts into allow-probe-customisation

This commit is contained in:
Florian Piesche 2021-03-23 23:13:12 +00:00
commit 60c7c44ef1
No known key found for this signature in database
GPG key ID: CF7283FB896221F3
30 changed files with 248 additions and 74 deletions

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
# Helm resources
charts/*/charts/*.tgz
charts/*/Chart.lock

View file

@ -16,6 +16,10 @@ pages:
name: codenest/helm name: codenest/helm
entrypoint: ["/bin/sh", "-c"] entrypoint: ["/bin/sh", "-c"]
stage: deploy stage: deploy
before_script:
- grep 'repository:' charts/*/Chart.yaml charts/*/requirements.yaml | awk '{ print $3 }' | uniq | xargs -rn1 sh -c 'helm repo add $(basename $0) $0'
- helm repo update
- ls -d1 charts/* | xargs -rn1 helm dependency build --skip-refresh
script: script:
- mkdir -p public - mkdir -p public
- "echo \"User-Agent: *\nDisallow: /\" > ./public/robots.txt" - "echo \"User-Agent: *\nDisallow: /\" > ./public/robots.txt"

View file

@ -7,10 +7,10 @@ description: |
Talk to everyone through the open global Matrix network, protected by proper Talk to everyone through the open global Matrix network, protected by proper
end-to-end encryption. end-to-end encryption.
icon: https://element.io/images/element-logo.svg icon: https://element.io/images/element-logo.svg
appVersion: 1.7.22 appVersion: 1.7.23
type: application type: application
version: 1.0.17 version: 1.0.18
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson

View file

@ -1,7 +1,13 @@
--- ---
apiVersion: v1 apiVersion: v2
appVersion: "1.0.1" appVersion: "1.1"
description: A social platform to enjoy and share music description: A social platform to enjoy and share music
icon: https://funkwhale.audio/favicon.png icon: https://funkwhale.audio/favicon.png
name: funkwhale name: funkwhale
version: 0.3.6 version: 0.3.7
dependencies:
- name: redis
version: ~10.6.10
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled

View file

@ -1,6 +0,0 @@
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 10.6.10
digest: sha256:5a929e0124864ab7fbe29c01fcbe1a23e4532dd0912abcb8bc185fff5f4e65f3
generated: "2020-04-24T11:47:31.68381778+02:00"

View file

@ -1,4 +0,0 @@
dependencies:
- name: redis
version: ~10.6.10
repository: https://charts.bitnami.com/bitnami

View file

@ -7,11 +7,7 @@ Expand the name of the chart.
{{- end -}} {{- end -}}
{{- define "funkwhale.dbUrl" -}} {{- define "funkwhale.dbUrl" -}}
postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }} postgres://{{ .Values.database.user }}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }}
{{- end -}}
{{- define "funkwhale.redisUrl" -}}
redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}:{{ .Values.redis.redisPort }}/0
{{- end -}} {{- end -}}
{{/* {{/*
@ -45,3 +41,15 @@ Create the correct image tag name
{{- define "funkwhale.imageTag" -}} {{- define "funkwhale.imageTag" -}}
{{- .Values.image.tag | default .Chart.AppVersion -}} {{- .Values.image.tag | default .Chart.AppVersion -}}
{{- end -}} {{- end -}}
{{- define "funkwhale.redisUrl" -}}
{{- if and .Values.redis.enabled .Values.redis.host -}}
{{ fail "Setting both redis.enabled and redis.host will deploy an internal Redis service and attempt to use an external one - please set only one of the two!" }}
{{- else if .Values.redis.enabled -}}
redis://:{{ .Values.redis.password }}@{{ template "funkwhale.fullname" . }}-redis-master:{{ .Values.redis.redisPort }}/0
{{- else if .Values.redis.host -}}
redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}:{{ .Values.redis.redisPort }}/0
{{- else -}}
{{ fail "Either redis.enabled or redis.host are required!" }}
{{- end -}}
{{- end -}}

View file

@ -1,3 +1,5 @@
{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "funkwhale.fullname" .)) -}}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -10,7 +12,11 @@ metadata:
data: data:
CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }} CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }}
DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }} DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }}
DJANGO_SECRET_KEY: {{ .Values.djangoSecret | b64enc }} {{ if $secret -}}
DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }}
{{ else -}}
DJANGO_SECRET_KEY: {{ (.Values.djangoSecret | default uuidv4) | b64enc }}
{{ end }}
{{- range $key, $val := .Values.extraSecret }} {{- range $key, $val := .Values.extraSecret }}
{{ $key }}: {{ $val | b64enc }} {{ $key }}: {{ $val | b64enc }}

View file

@ -47,6 +47,14 @@ database:
database: funkwhale database: funkwhale
redis: redis:
# If you already have a Redis service you'd like to use, set
# this to false and adjust the host to use your existing service.
enabled: true
host: ''
redisPort: 6379
password: 'funkwhale'
cluster: cluster:
enabled: false enabled: false
master: master:
@ -55,9 +63,6 @@ redis:
slave: slave:
persistence: persistence:
enabled: false enabled: false
password: funkwhale
redisPort: 6379
host: {{ template "funkwhale.fullname" . }}-redis-master
djangoSecret: '' djangoSecret: ''

View file

@ -2,10 +2,10 @@
apiVersion: v2 apiVersion: v2
name: matrix-media-repo name: matrix-media-repo
description: Matrix media repository with multi-domain in mind. description: Matrix media repository with multi-domain in mind.
appVersion: 1.2.4 appVersion: 1.2.5
type: application type: application
version: 1.0.2 version: 1.0.3
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson
email: ace@haxalot.com email: ace@haxalot.com

View file

@ -43,6 +43,9 @@ config:
# featureSupport: # featureSupport:
# MSC2448: # MSC2448:
# enabled: true # enabled: true
# sentry:
# enabled: true
# dsn: "https://examplekey@ingest.sentry.io/0"
## For setting extra parameters on the repo block, separated to avoid breaking ## For setting extra parameters on the repo block, separated to avoid breaking
## the defaults when merging multiple configurations. ## the defaults when merging multiple configurations.

View file

@ -3,10 +3,10 @@ apiVersion: v2
name: matrix-synapse name: matrix-synapse
description: Matrix reference homeserver description: Matrix reference homeserver
icon: https://matrix.org/images/matrix-logo.svg icon: https://matrix.org/images/matrix-logo.svg
appVersion: 1.29.0 appVersion: 1.30.0
type: application type: application
version: 1.4.1 version: 2.0.1
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson
email: ace@haxalot.com email: ace@haxalot.com

View file

@ -0,0 +1,41 @@
#!/bin/sh
set -eu
check_key() {
set +e
echo "Checking for existing signing key..."
key="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['signing\.key']}" 2> /dev/null)"
[ $? -ne 0 ] && return 1
[ -z "$key" ] && return 2
return 0
}
create_key() {
echo "Waiting for new signing key to be generated..."
begin=$(date +%s)
end=$((begin + 300)) # 5 minutes
while true; do
[ -f /synapse/keys/signing.key ] && return 0
[ "$(date +%s)" -gt $end ] && return 1
sleep 5
done
}
store_key() {
echo "Storing signing key in Kubernetes secret..."
kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"signing.key\":\"$(base64 /synapse/keys/signing.key | tr -d '\n')\"}}"
}
if check_key; then
echo "Key already in place, exiting."
exit
fi
if ! create_key; then
echo "Timed out waiting for a signing key to appear."
exit 1
fi
store_key

View file

@ -59,7 +59,7 @@ Create chart name and version as used by the chart label.
Get the correct image tag name Get the correct image tag name
*/}} */}}
{{- define "matrix-synapse.imageTag" -}} {{- define "matrix-synapse.imageTag" -}}
{{- .Values.image.tag | default (printf "%s" .Chart.AppVersion) -}} {{- .Values.image.tag | default (printf "v%s" .Chart.AppVersion) -}}
{{- end -}} {{- end -}}
{{/* {{/*

View file

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "matrix-synapse.fullname" . }}-scripts
labels:
{{- include "matrix-synapse.labels" . | nindent 4 }}
data:
{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}

View file

@ -1,4 +1,10 @@
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }}
{{- if (and .Values.postgresql.enabled (not .Values.postgresql.postgresqlPassword)) -}}
{{- fail "You must specify a static postgres password if using the included postgres chart" -}}
{{- end -}}
{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (not .Values.redis.password))) -}}
{{- fail "You must specify a static redis password if using the included redis chart" -}}
{{- end -}}
--- ---
# Server: {{ required "A valid serverName is required" .Values.serverName }} # Server: {{ required "A valid serverName is required" .Values.serverName }}
apiVersion: apps/v1 apiVersion: apps/v1
@ -68,9 +74,9 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
/matrix-synapse $@ exec python -B -m synapse.app.homeserver \
args: -c /synapse/config/homeserver.yaml \
- synapse.app.homeserver -c /synapse/config/conf.d/
env: env:
{{- $postgresPass := include "matrix-synapse.postgresql.password" . }} {{- $postgresPass := include "matrix-synapse.postgresql.password" . }}
{{- if and .Values.postgresql.enabled (not $postgresPass) }} {{- if and .Values.postgresql.enabled (not $postgresPass) }}
@ -116,6 +122,8 @@ spec:
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: /synapse/config mountPath: /synapse/config
- name: scripts
mountPath: /opt/k8s-synapse
- name: tmpconf - name: tmpconf
mountPath: /synapse/config/conf.d mountPath: /synapse/config/conf.d
- name: secrets - name: secrets
@ -133,6 +141,10 @@ spec:
- name: config - name: config
configMap: configMap:
name: {{ include "matrix-synapse.fullname" . }} name: {{ include "matrix-synapse.fullname" . }}
- name: scripts
configMap:
name: {{ include "matrix-synapse.fullname" . }}-scripts
defaultMode: 0755
- name: secrets - name: secrets
secret: secret:
secretName: {{ include "matrix-synapse.fullname" . }} secretName: {{ include "matrix-synapse.fullname" . }}

View file

@ -109,17 +109,21 @@ spec:
{{- end }} {{- end }}
{{- if has . $wkHosts }} {{- if has . $wkHosts }}
{{- if $.Values.wellknown.enabled }}
- path: /.well-known/matrix/client - path: /.well-known/matrix/client
backend: backend:
serviceName: {{ $fullName }} serviceName: {{ $wkName }}
servicePort: 8008 servicePort: 80
{{- if $.Values.wellknown.enabled }}
- path: /.well-known/matrix/server - path: /.well-known/matrix/server
backend: backend:
serviceName: {{ $wkName }} serviceName: {{ $wkName }}
servicePort: 80 servicePort: 80
{{- end }} {{- else }}
- path: /.well-known/matrix/client
backend:
serviceName: {{ $fullName }}
servicePort: 8008
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View file

@ -68,18 +68,14 @@ spec:
- sh - sh
- -c - -c
- | - |
echo "Copying key upload script..."
cp /key-upload /scripts/
echo "Generating signing key..." echo "Generating signing key..."
/usr/local/bin/generate_signing_key.py -o /synapse/keys/signing.key generate_signing_key.py -o /synapse/keys/signing.key
image: "{{ .Values.image.repository }}:{{ include "matrix-synapse.imageTag" . }}" image: "{{ .Values.signingkey.job.generateImage.repository }}:{{ default .Values.signingkey.job.generateImage.tag "latest" }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.signingkey.job.generateImage.pullPolicy }}
name: signing-key-generate name: signing-key-generate
resources: resources:
{{- toYaml .Values.signingkey.resources | nindent 12 }} {{- toYaml .Values.signingkey.resources | nindent 12 }}
volumeMounts: volumeMounts:
- mountPath: /scripts
name: scripts
- mountPath: /synapse/keys - mountPath: /synapse/keys
name: matrix-synapse-keys name: matrix-synapse-keys
- command: - command:
@ -88,13 +84,12 @@ spec:
- | - |
printf "Checking rights to update secret... " printf "Checking rights to update secret... "
kubectl auth can-i update secret/${SECRET_NAME} kubectl auth can-i update secret/${SECRET_NAME}
echo "Waiting for key upload script" /scripts/signing-key.sh
while ! [ -f /scripts/key-upload ]; do sleep 1; done
/scripts/key-upload
env: env:
- name: SECRET_NAME - name: SECRET_NAME
value: {{ $secretName }} value: {{ $secretName }}
image: bitnami/kubectl image: "{{ .Values.signingkey.job.publishImage.repository }}:{{ default .Values.signingkey.job.publishImage.tag "latest" }}"
imagePullPolicy: {{ .Values.signingkey.job.publishImage.pullPolicy }}
name: signing-key-upload name: signing-key-upload
resources: resources:
{{- toYaml .Values.signingkey.resources | nindent 12 }} {{- toYaml .Values.signingkey.resources | nindent 12 }}
@ -109,7 +104,12 @@ spec:
serviceAccount: {{ $name }} serviceAccount: {{ $name }}
volumes: volumes:
- name: scripts - name: scripts
emptyDir: {} configMap:
name: {{ include "matrix-synapse.fullname" . }}-scripts
defaultMode: 0755
- name: matrix-synapse-keys - name: matrix-synapse-keys
emptyDir: {} emptyDir: {}
parallelism: 1
completions: 1
backoffLimit: 1
{{- end }} {{- end }}

View file

@ -23,12 +23,11 @@ data:
server.groupname = "lighttpd" server.groupname = "lighttpd"
server.document-root = {{ .Values.wellknown.htdocsPath | quote }} server.document-root = {{ .Values.wellknown.htdocsPath | quote }}
server.pid-file = "/run/lighttpd.pid" server.pid-file = "/run/lighttpd.pid"
server.errorlog = "/dev/stderr"
url.rewrite-once = ( url.rewrite-once = (
"^/\.well-known/matrix/client" => "/client.json",
"^/\.well-known/matrix/server" => "/server.json" "^/\.well-known/matrix/server" => "/server.json"
) )
status.status-url = "/server-status" status.status-url = "/server-status"
accesslog.filename = "/dev/stderr"
extforward.forwarder = ( "all" => "trust") extforward.forwarder = ( "all" => "trust")
setenv.add-response-header = ( setenv.add-response-header = (
"access-control-allow-headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization", "access-control-allow-headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization",
@ -39,5 +38,15 @@ data:
"content-type" => "application/json" "content-type" => "application/json"
) )
server.json: |- server.json: |-
{{- if .Values.wellknown.server }}
{{ toJson .Values.wellknown.server | nindent 4 }}
{{- else }}
{{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.publicServerName | default .Values.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }} {{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.publicServerName | default .Values.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }}
{{- end }} {{- end }}
client.json: |-
{{- if .Values.wellknown.client }}
{{ toJson .Values.wellknown.client | nindent 4 }}
{{- else }}
{{ dict "m.homeserver" (dict "base_url" (printf "https://%s/" (.Values.publicServerName | default .Values.serverName))) | toJson | indent 4 }}
{{- end }}
{{- end -}}

View file

@ -64,6 +64,9 @@ spec:
- mountPath: /etc/lighttpd/lighttpd.conf - mountPath: /etc/lighttpd/lighttpd.conf
name: files name: files
subPath: lighttpd.conf subPath: lighttpd.conf
- mountPath: {{ .Values.wellknown.htdocsPath }}/client.json
name: files
subPath: client.json
- mountPath: {{ .Values.wellknown.htdocsPath }}/server.json - mountPath: {{ .Values.wellknown.htdocsPath }}/server.json
name: files name: files
subPath: server.json subPath: server.json

View file

@ -21,7 +21,13 @@ data:
{{- $name := $worker | replace "_" "-" }} {{- $name := $worker | replace "_" "-" }}
{{ $name }}.worker: | {{ $name }}.worker: |
worker_app: "synapse.app.{{ $worker }}" worker_app: "synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }}"
{{- if $config.name -}}
{{- if (ne $config.replicaCount 1) -}}
{{- fail "Replica count must be 1 if a worker has a unique name." -}}
{{- end }}
worker_name: {{ $config.name }}
{{- end }}
worker_main_http_uri: http://{{ include "matrix-synapse.fullname" $ }}:8008 worker_main_http_uri: http://{{ include "matrix-synapse.fullname" $ }}:8008
worker_replication_host: {{ include "matrix-synapse.replicationname" $ | quote }} worker_replication_host: {{ include "matrix-synapse.replicationname" $ | quote }}
@ -45,11 +51,17 @@ data:
x_forwarded: true x_forwarded: true
resources: resources:
- names: {{- toYaml $config.listeners | nindent 14 }} - names:
{{- toYaml $config.listeners | nindent 14 }}
compress: false compress: false
{{- end }} {{- end }}
worker_log_config: /synapse/config/log.yaml worker_log_config: /synapse/config/log.yaml
{{- if $config.extraConfig }}
# Extra config
{{ toYaml $config.extraConfig | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View file

@ -20,7 +20,8 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configuration.yaml") $ | sha256sum }}
checksum/worker-config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }}
{{- with ($config.annotations | default $default.annotations) }} {{- with ($config.annotations | default $default.annotations) }}
{{ . | toYaml | nindent 8 }} {{ . | toYaml | nindent 8 }}
@ -62,7 +63,10 @@ spec:
-e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \
> /synapse/config/conf.d/secrets.yaml > /synapse/config/conf.d/secrets.yaml
/matrix-synapse synapse.app.{{ $worker }} -c /synapse/config/{{ $name }}.worker exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }} \
-c /synapse/config/homeserver.yaml \
-c /synapse/config/conf.d/ \
-c /synapse/config/{{ $name }}.worker
env: env:
{{- if $.Values.postgresql.enabled }} {{- if $.Values.postgresql.enabled }}
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
@ -83,7 +87,7 @@ spec:
{{- end }} {{- end }}
securityContext: securityContext:
{{- $config.securityContext | default $default.securityContext | toYaml | nindent 12 }} {{- $config.securityContext | default $default.securityContext | toYaml | nindent 12 }}
image: "{{ $.Values.image.repository }}:{{ $.Chart.AppVersion }}" image: "{{ $.Values.image.repository }}:{{ include "matrix-synapse.imageTag" $ }}"
imagePullPolicy: {{ $.Values.image.pullPolicy }} imagePullPolicy: {{ $.Values.image.pullPolicy }}
ports: ports:
- name: metrics - name: metrics

View file

@ -2,7 +2,7 @@
## Docker image configuration, used for Synapse and workers. ## Docker image configuration, used for Synapse and workers.
## ##
image: image:
repository: ananace/matrix-synapse repository: matrixdotorg/synapse
## Tag to override with, will default to the application version. ## Tag to override with, will default to the application version.
## ##
# tag: '' # tag: ''
@ -31,6 +31,16 @@ signingkey:
job: job:
enabled: true enabled: true
generateImage:
repository: matrixdotorg/synapse
#tag: latest
pullPolicy: IfNotPresent
publishImage:
repository: bitnami/kubectl
# tag: latest
pullPolicy: IfNotPresent
## Specify an existing signing key secret, will need to be created in advance. ## Specify an existing signing key secret, will need to be created in advance.
## ##
# existingSecret: # existingSecret:
@ -149,14 +159,14 @@ synapse:
## Additional environment variables to apply to the main Synapse pod ## Additional environment variables to apply to the main Synapse pod
## ##
extraEnv: {} extraEnv: {}
# - name: USE_JEMALLOC # - name: LD_PRELOAD
# value: "1" # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2
# - name: SYNAPSE_CACHE_FACTOR # - name: SYNAPSE_CACHE_FACTOR
# value: "2" # value: "2"
## Additional volumes to mount into Synapse ## Additional volumes to mount into Synapse
## ##
extraVolumes: {} extraVolumes: []
# - name: spamcheck # - name: spamcheck
# flexVolume: # flexVolume:
# driver: ananace/git-live # driver: ananace/git-live
@ -164,7 +174,7 @@ synapse:
# repo: https://github.com/company/synapse-module # repo: https://github.com/company/synapse-module
# interval: 1d # interval: 1d
# readOnly: true # readOnly: true
extraVolumeMounts: {} extraVolumeMounts: []
# - name: spamcheck # - name: spamcheck
# mountPath: /usr/local/lib/python3.7/site-packages/company # mountPath: /usr/local/lib/python3.7/site-packages/company
@ -236,6 +246,13 @@ workers:
## ##
replicaCount: 1 replicaCount: 1
## A specific name for this worker, can't be set globally.
## Note that this can only be set when replicaCount is 1
#name:
## Additional configuration to set for the worker, can't be set globally.
#extraConfig: {}
## Annotations to apply to the worker. ## Annotations to apply to the worker.
## ##
annotations: {} annotations: {}
@ -246,16 +263,16 @@ workers:
## Additional environment variables to add to the worker. ## Additional environment variables to add to the worker.
## ##
extraEnv: {} extraEnv: {}
# - name: USE_JEMALLOC # - name: LD_PRELOAD
# value: "1" # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2
# - name: SYNAPSE_CACHE_FACTOR # - name: SYNAPSE_CACHE_FACTOR
# value: "1.0" # value: "1.0"
## Additional volumes to add to the worker. ## Additional volumes to add to the worker.
## Useful for the media repo, or for adding Python modules. ## Useful for the media repo, or for adding Python modules.
## ##
volumes: {} volumes: []
volumeMounts: {} volumeMounts: []
## Security context information to set to the worker. ## Security context information to set to the worker.
## ##
@ -303,6 +320,7 @@ workers:
## ##
generic_worker: generic_worker:
enabled: false enabled: false
generic: true
listeners: [client, federation] listeners: [client, federation]
csPaths: csPaths:
# - "/_matrix/client/(v2_alpha|r0)/sync" # - "/_matrix/client/(v2_alpha|r0)/sync"
@ -350,9 +368,34 @@ workers:
- "/_matrix/federation/v1/event_auth/" - "/_matrix/federation/v1/event_auth/"
- "/_matrix/federation/v1/exchange_third_party_invite/" - "/_matrix/federation/v1/exchange_third_party_invite/"
- "/_matrix/federation/v1/user/devices/" - "/_matrix/federation/v1/user/devices/"
- "/_matrix/federation/v1/send/"
- "/_matrix/federation/v1/get_groups_publicised" - "/_matrix/federation/v1/get_groups_publicised"
- "/_matrix/key/v2/query" - "/_matrix/key/v2/query"
- "/_matrix/federation/v1/send/"
## To separate the generic worker into specific concerns - for example federation transaction receiving;
## NB; This worker should have incoming traffic routed based on source IP, which is
## left as an exercise to the reader.
## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing
#federation_reader:
# enabled: true
# generic: true
# listeners: [federation]
# paths:
# - "/_matrix/federation/v1/send/"
## Or /sync handling.
## NB; Care should be taken to route users to the same instance when scaling this worker,
## this is left as an exercise to the reader.
## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing
#synchrotron:
# enabled: true
# generic: true
# listeners: [client]
# csPaths:
# - "/_matrix/client/(v2_alpha|r0)/sync"
# - "/_matrix/client/(api/v1|v2_alpha|r0)/events"
# - "/_matrix/client/(api/v1|r0)/initialSync"
# - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync"
## This worker deals with pushing notifications. ## This worker deals with pushing notifications.
## NB; Only one instance of this worker can be run at a time, refer to the ## NB; Only one instance of this worker can be run at a time, refer to the
@ -418,8 +461,14 @@ wellknown:
## The host and port combo to serve on .well-known/matrix/server. ## The host and port combo to serve on .well-known/matrix/server.
## ##
# host: matrix.example.com server: {}
# port: 443 # m.server: matrix.example.com:443
## Data to serve on .well-known/matrix/client.
##
client: {}
# m.homeserver:
# base_url: https://matrix.example.com
## A custom htdocs path, useful when running another image. ## A custom htdocs path, useful when running another image.
## ##
@ -485,13 +534,17 @@ wellknown:
postgresql: postgresql:
enabled: true enabled: true
# XXX Change me!
postgresqlPassword: synapse
postgresqlUsername: synapse postgresqlUsername: synapse
postgresqlDatabase: synapse postgresqlDatabase: synapse
postgresqlInitdbArgs: "--lc-collate=C --lc-ctype=C" postgresqlInitdbArgs: "--lc-collate=C --lc-ctype=C"
persistence: persistence:
size: 16G # storageClass: "-"
size: 16Gi
## An externally configured Postgres server to use for Synapse's database, note ## An externally configured Postgres server to use for Synapse's database, note
## that the database needs to have both COLLATE and CTYPE set to "C". ## that the database needs to have both COLLATE and CTYPE set to "C".
@ -511,8 +564,10 @@ externalPostgresql:
redis: redis:
enabled: true enabled: true
# usePassword: false # XXX Change me!
# password: synapse usePassword: true
password: synapse
cluster: cluster:
enabled: false enabled: false
master: master:

View file

@ -1,6 +1,6 @@
--- ---
apiVersion: v1 apiVersion: v1
appVersion: 2.10.5 appVersion: 2.10.6
description: | description: |
An IP address management (IPAM) and data center infrastructure management (DCIM) tool. An IP address management (IPAM) and data center infrastructure management (DCIM) tool.
@ -8,4 +8,4 @@ description: |
https://github.com/netbox-community/netbox-docker/releases/tag/1.0.0 for more info. https://github.com/netbox-community/netbox-docker/releases/tag/1.0.0 for more info.
icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/project-static/img/netbox.ico icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/project-static/img/netbox.ico
name: netbox name: netbox
version: 3.0.2 version: 3.0.3