From afc82bc6723429fa654c49ab26db7d2d02661dae Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Tue, 29 Jun 2021 22:27:05 +0100
Subject: [PATCH 1/2] Fix volumePermissions for media repository worker

---
 charts/matrix-synapse/templates/deployment.yaml       |  1 +
 .../matrix-synapse/templates/worker-deployment.yaml   | 11 ++++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml
index 61d2092..095795f 100644
--- a/charts/matrix-synapse/templates/deployment.yaml
+++ b/charts/matrix-synapse/templates/deployment.yaml
@@ -47,6 +47,7 @@ spec:
             - |
               chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data
           image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
+          imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }}
           resources:
             {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           securityContext:
diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml
index dfbf0b9..e36b034 100644
--- a/charts/matrix-synapse/templates/worker-deployment.yaml
+++ b/charts/matrix-synapse/templates/worker-deployment.yaml
@@ -39,10 +39,15 @@ spec:
     {{- if and $needsVolumePermissions (eq $name "media-repository") }}
       initContainers:
         - name: volume-permissions
-          command: ["chown", "-R", "666:666", "/synapse/data"]
-          image: "{{ $.Values.volumePermissions.repository }}:{{ $.Values.volumePermissions.tag }}"
-          imagePullPolicy: {{ $.Values.volumePermissions.pullPolicy }}
+          command:
+            - sh
+            - -c
+            - |
+              chown {{ $.Values.volumePermissions.uid }}:{{ $.Values.volumePermissions.gid }} -R /synapse/data
+          image: "{{ $.Values.volumePermissions.image.repository }}:{{ $.Values.volumePermissions.image.tag }}"
+          imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }}
           securityContext:
+            runAsNonRoot: false
             runAsUser: 0
           resources: {{ $.Values.volumePermissions.resources | toYaml | nindent 12 }}
           volumeMounts:

From db2a430b8a2d170607e7c5939ddebedda45afad2 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Tue, 29 Jun 2021 22:28:04 +0100
Subject: [PATCH 2/2] Add extraCommands for workers

---
 .../templates/worker-deployment.yaml          |  9 +++++++++
 charts/matrix-synapse/values.yaml             | 20 ++++++++++++-------
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml
index e36b034..958a74b 100644
--- a/charts/matrix-synapse/templates/worker-deployment.yaml
+++ b/charts/matrix-synapse/templates/worker-deployment.yaml
@@ -65,6 +65,15 @@ spec:
                     -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \
                        > /synapse/config/conf.d/secrets.yaml
 
+              {{- if (or $config.extraCommands $default.extraCommands) }}
+
+              {{- with $config.extraCommands | default $default.extraCommands }}
+              {{ range . }}
+              {{ . }}
+              {{- end }}
+              {{- end }}
+              {{- end }}
+
               exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }} \
                           -c /synapse/config/homeserver.yaml \
                           -c /synapse/config/conf.d/ \
diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml
index b30142b..d809921 100644
--- a/charts/matrix-synapse/values.yaml
+++ b/charts/matrix-synapse/values.yaml
@@ -220,14 +220,14 @@ synapse:
 
   ## Liveness probe configuration to use
   ##
-  livenessProbe: 
+  livenessProbe:
     httpGet:
       path: /health
       port: http
 
   ## Readiness probe configuration to use
   ##
-  readinessProbe: 
+  readinessProbe:
     httpGet:
       path: /health
       port: http
@@ -262,8 +262,8 @@ workers:
 
     ## A specific name for this worker, can't be set globally.
     ## Note that this can only be set when replicaCount is 1
-    #name: 
-    
+    #name:
+
     ## Additional configuration to set for the worker, can't be set globally.
     #extraConfig: {}
 
@@ -288,6 +288,12 @@ workers:
     volumes: []
     volumeMounts: []
 
+    ## Extra commands to run when starting Synapse
+    ##
+    extraCommands: []
+    # - 'apt-get update -yqq && apt-get install patch -yqq'
+    # - 'patch -d/usr/local/lib/python3.7/site-packages/synapse -p2 < /synapse/patches/something.patch'
+
     ## Security context information to set to the worker.
     ##
     podSecurityContext: {}
@@ -314,17 +320,17 @@ workers:
     #   requests:
     #     cpu: 100m
     #     memory: 128Mi
-    
+
     ## Liveness probe configuration to use
     ##
-    livenessProbe: 
+    livenessProbe:
       httpGet:
         path: /health
         port: listener
 
     ## Readiness probe configuration to use
     ##
-    readinessProbe: 
+    readinessProbe:
       httpGet:
         path: /health
         port: listener