{{- if (eq .Values.server.software "synapse") }} --- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: OCIRepository metadata: name: "{{ .Release.Name }}-synapse" spec: url: oci://codeberg.org/wrenix/helm-charts/matrix-synapse interval: 10m ref: semver: "^1.0.2" --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: "{{ .Release.Name }}-synapse" spec: chartRef: kind: OCIRepository name: "{{ .Release.Name }}-synapse" install: {{- toYaml .Values.commons.helm.release.install | nindent 4 }} test: {{- toYaml .Values.commons.helm.release.test | nindent 4 }} upgrade: {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} driftDetection: mode: {{ .Values.commons.helm.release.driftDetection.mode }} ignore: - target: kind: Job name: "{{ .Release.Name }}-synapse-signingkey-job" paths: [ "/" ] {{- with .Values.commons.helm.release.driftDetection.ignore }} {{- toYaml . | nindent 6 }} {{- end }} interval: 10m {{- if .Values.server.authenticationService.enabled }} valuesFrom: {{ $secretName := printf "%s-authentication-service-secrets" .Release.Name }} - kind: Secret name: {{ $secretName }} valuesKey: client_secret targetPath: "extraSecrets.experimental_features.msc3861.client_secret" - kind: Secret name: {{ $secretName }} valuesKey: admin_token targetPath: "extraSecrets.experimental_features.msc3861.admin_token" {{- end }} values: serverName: {{ include "mycloud-matrix.domain" . | quote }} publicServerName: {{ include "mycloud-matrix.host.server" . | quote }} config: enableRegistration: false useStructuredLogging: true logLevel: INFO extraConfig: use_presence: false enable_search: false dynamic_thumbnails: true {{- with .Values.bridge }} {{- if or .signal.enabled .slack.enabled }} app_service_config_files: - "/etc/appservices/doublepuppet.yaml" {{- if .signal.enabled }} - "/etc/appservices/bridge-signal.yaml" {{- end }}{{/* end-if .signal.enabled */}} {{- if .slack.enabled }} - "/etc/appservices/bridge-slack.yaml" {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} extraSecrets: email: smtp_host: {{ .Values.server.mail.host | default .Values.commons.mail.host | quote }} smtp_port: 587 {{- if .Values.commons.mail.use_tls }} require_transport_security: true {{- end }} smtp_user: {{ .Values.commons.mail.username | quote }} smtp_pass: {{ .Values.commons.mail.password | quote }} app_name: "{{ .Values.commons.theme.title }}-matrix" notif_from: {{ .Values.server.mail.from | default (printf "\"[%s] %s\" <%s>" .Values.commons.theme.title "matrix" .Values.commons.mail.from) | quote }} experimental_features: {{- if .Values.ingress.elementCall.enabled }} msc3266_enabled: true {{- end }} {{- if .Values.server.authenticationService.enabled }} msc3202_device_masquerading: true msc3861: enabled: true issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/" client_id: 0000000000000000000SYNAPSE client_auth_method: client_secret_basic account_management_url: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/account/" {{- else }} oidc_providers: - idp_id: mycloud idp_name: {{ .Values.commons.theme.title | quote }} discover: true issuer: "https://{{ include "mycloud-matrix.domain.auth" . }}/application/o/mycloud-matrix/" client_id: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }} client_secret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }} scopes: - "openid" - "profile" - "email" user_mapping_provider: config: {{` localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name|capitalize }}" `}} {{- end }} extraLoggers: synapse.storage.SQL: level: WARNING {{- if .Values.server.scaling }} workers: generic_worker: enabled: true federation_reader: enabled: true synchrotron: enabled: true pusher: enabled: true appservice: enabled: true federation_sender: enabled: true media_repository: enabled: true user_dir: enabled: true frontend_proxy: enabled: true csPaths: - "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload" - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status" {{- end }} synapse: livenessProbe: timeoutSeconds: 2 periodSeconds: 15 readinessProbe: timeoutSeconds: 2 periodSeconds: 15 startupProbe: timeoutSeconds: 2 periodSeconds: 15 resources: requests: cpu: 1 memory: "256Mi" limits: memory: "4Gi" extraVolumeMounts: {{- with .Values.bridge }} {{- if or .signal.enabled .slack.enabled }} - name: doublepuppet mountPath: "/etc/appservices/doublepuppet.yaml" subPath: "doublepuppet.yaml" {{- if .signal.enabled }} - name: bridge-signal mountPath: "/etc/appservices/bridge-signal.yaml" subPath: "bridge-signal.yaml" {{- end }}{{/* end-if .signal.enabled */}} {{- if .slack.enabled }} - name: bridge-slack mountPath: "/etc/appservices/bridge-slack.yaml" subPath: "bridge-slack.yaml" {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} extraVolumes: {{- with .Values.bridge }} {{- if or .signal.enabled .slack.enabled }} - name: doublepuppet secret: secretName: "{{ $.Release.Name }}-doublepuppet" items: - key: "registration.yaml" path: "doublepuppet.yaml" {{- if .signal.enabled }} - name: bridge-signal secret: secretName: "{{ $.Release.Name }}-mautrix-bridge-signal" items: - key: "registration.yaml" path: "bridge-signal.yaml" {{- end }}{{/* end-if .signal.enabled */}} {{- if .slack.enabled }} - name: bridge-slack secret: secretName: "{{ $.Release.Name }}-mautrix-bridge-slack" items: - key: "registration.yaml" path: "bridge-slack.yaml" {{- end }}{{/* end-if .slack.enabled */}} {{- end }}{{/* end-if .*.enabled */}} {{- end }}{{/* end-with .bridge*/}} wellknown: enabled: true client: "m.homeserver": base_url: "https://{{ include "mycloud-matrix.host.server" . }}/" {{- if .Values.server.slidingSync.enabled }} "org.matrix.msc3575.proxy": url: "https://{{ include "mycloud-matrix.host.slidingSync" . }}" {{- end }} {{- if .Values.server.authenticationService.enabled }} "org.matrix.msc2965.authentication": issuer: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/" account: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/account/" {{- end }} {{- if .Values.ingress.elementCall.enabled }} org.matrix.msc4143.rtc_foci: - type: "livekit" livekit_service_url: https://{{ .Values.ingress.elementCall.livekitJWT.host | default .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }} {{- end }} {{- with .Values.ingress.server.wellknown.client }} {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.ingress.elementCall.enabled }} element: call: widget_url: https://{{ .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }} {{- end }} resources: requests: cpu: 0.1 memory: "64Mi" limits: memory: "256Mi" signingkey: resources: requests: cpu: 0.1 memory: "64Mi" limits: memory: "256Mi" ingress: enabled: true annotations: {{- with .Values.commons.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.ingress.server.annotations }} {{- toYaml . | nindent 8 }} {{- end }} includeServerName: false hosts: - {{ include "mycloud-matrix.host.server" . | quote }} csHosts: - {{ include "mycloud-matrix.host.server" . | quote }} wkHosts: - {{ include "mycloud-matrix.domain" . | quote }} {{- if .Values.commons.ingress.tls.enabled }} tls: {{- with .Values.commons.ingress.tls.override }} {{- toYaml . | nindent 8 }} {{- else }} - secretName: "mycloud-matrix-server-cert" hosts: - {{ include "mycloud-matrix.domain" . | quote }} - {{ include "mycloud-matrix.host.server" . | quote }} {{- end }} {{- end }} persistence: enabled: true size: {{ .Values.persistence.size }} {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }} storageClass: {{ . }} {{- end }} {{- if .Values.commons.persistence.hostPath.enabled }} hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/matrix/synapse" {{- end }} postgresql: enabled: false externalPostgresql: {{- with .Values.databases.server }} host: {{ .host | quote }} username: {{ .username | quote }} password: {{ .password | default (derivePassword 1 "long" $.Values.commons.masterPassword "matrix-synapse" "database_password" | b64enc) | quote }} database: {{ .name | quote }} {{- end }} prometheus: podmonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }} labels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} rules: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} labels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }} grafana: dashboards: enabled: true labels: {{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }} annotations: {{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }} {{- end }}{{/* end-if .software == synapse */}}