From fabb9118c645ae9b1ec9d87fc38544da296c38a2 Mon Sep 17 00:00:00 2001
From: WrenIX <dev@wrenix.eu>
Date: Wed, 13 Mar 2024 22:58:36 +0100
Subject: [PATCH] fix(mycloud-matrix): some tweaks

---
 mycloud-matrix/templates/bridge/signal.yaml     | 17 +++++++++--------
 .../server/authentication-service.yaml          |  7 ++++++-
 mycloud-matrix/templates/server/synapse.yaml    |  1 +
 mycloud-matrix/values.yaml                      |  1 +
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/mycloud-matrix/templates/bridge/signal.yaml b/mycloud-matrix/templates/bridge/signal.yaml
index 43dbcc3..2b618ae 100644
--- a/mycloud-matrix/templates/bridge/signal.yaml
+++ b/mycloud-matrix/templates/bridge/signal.yaml
@@ -1,5 +1,4 @@
 {{- if .Values.bridge.signal.enabled }}
-{{- $domain := .Values.server.host | default .Values.commons.ingress.domain }}
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
@@ -37,12 +36,12 @@ spec:
     - kind: Secret
       name: "{{ .Release.Name }}-doublepuppet"
       valuesKey: as_token_code
-      targetPath: config.bridge.login_shared_secret_map.{{ $domain | replace "." "\\." }}
+      targetPath: config.bridge.login_shared_secret_map.{{ include "mycloud-matrix.domain" . | replace "." "\\." }}
   values:
     config:
       homeserver:
-        address: http://{{ .Release.Name }}-synapse:8008
-        domain: {{ $domain }}
+        address: https://{{ include "mycloud-matrix.host.server" . }}
+        domain: {{ include "mycloud-matrix.domain" . }}
       appservice:
         address: http://{{ .Release.Name }}-mautrix-signal:29328
         database:
@@ -57,19 +56,21 @@ spec:
         sync_direct_chat_list: true
         double_puppet_server_map:
           example.com: null
-          {{ $domain }}: http://{{ .Release.Name }}-synapse:8008
+          {{ include "mycloud-matrix.domain" . }}: https://{{ include "mycloud-matrix.host.server" . }}
         login_shared_secret_map:
           example.com: null
+        {{- if not .Values.server.authenticationService.enabled }}
         encryption:
           allow: true
           default: true
           require: true
           delete_keys:
             periodically_delete_expired: true
+        {{- end }}
         permissions:
           "example.com": null
           "@admin:example.com": null
-          "{{ $domain }}": user
+          {{ include "mycloud-matrix.domain" . | quote}}: user
           {{- range $user := .Values.bridge.signal.admins }}
           {{ $user | quote }}: admin
           {{- end }}
@@ -79,9 +80,9 @@ spec:
     registration:
       namespaces:
         users:
-          - regex: {{ printf "^@signalbot:%s$" ($domain | replace "." "\\.") | quote }}
+          - regex: {{ printf "^@signalbot:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }}
             exclusive: true
-          - regex: {{ printf "^@signal_.*:%s$" ($domain | replace "." "\\.") | quote }}
+          - regex: {{ printf "^@signal_.*:%s$" (include "mycloud-matrix.domain" . | replace "." "\\.") | quote }}
             exclusive: true
 
     persistence:
diff --git a/mycloud-matrix/templates/server/authentication-service.yaml b/mycloud-matrix/templates/server/authentication-service.yaml
index 7598cb1..01fd56b 100644
--- a/mycloud-matrix/templates/server/authentication-service.yaml
+++ b/mycloud-matrix/templates/server/authentication-service.yaml
@@ -58,7 +58,8 @@ spec:
         issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/"
       matrix:
         homeserver: {{ include "mycloud-matrix.domain" . }}
-        endpoint: "http://{{ .Release.Name }}-synapse:8008"
+        # endpoint: "http://{{ .Release.Name }}-synapse:8008"
+        endpoint: "https://{{ include "mycloud-matrix.host.server" . }}"
       {{- with .Values.databases.authenticationService }}
       database:
         host: {{ .host | quote }}
@@ -84,6 +85,10 @@ spec:
         {{- else }}
         transport: "blackhole"
         {{- end }}{{/* end-if $mailHostname */}}
+      policy:
+        data:
+          admin_users:
+            {{- toYaml .Values.server.authenticationService.admins | nindent 12 }}
       passwords:
         enabled: false
       upstream_oauth2:
diff --git a/mycloud-matrix/templates/server/synapse.yaml b/mycloud-matrix/templates/server/synapse.yaml
index 685ba35..51ff851 100644
--- a/mycloud-matrix/templates/server/synapse.yaml
+++ b/mycloud-matrix/templates/server/synapse.yaml
@@ -69,6 +69,7 @@ spec:
         notif_from: {{ .Values.server.mail.from | default .Values.commons.mail.from | quote }}
       {{- if .Values.server.authenticationService.enabled }}
       experimental_features:
+        msc3202_device_masquerading: true
         msc3861:
           enabled: true
           issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/"
diff --git a/mycloud-matrix/values.yaml b/mycloud-matrix/values.yaml
index c11b368..ac335ff 100644
--- a/mycloud-matrix/values.yaml
+++ b/mycloud-matrix/values.yaml
@@ -66,6 +66,7 @@ server:
     enabled: false
   authenticationService:
     enabled: false
+    admins: []
 
   auth:
     # -- generated by .commons.masterPassword