133 lines
3.2 KiB
YAML
133 lines
3.2 KiB
YAML
# services/comms/values-synapse.yaml
|
|
serverName: live.bstein.dev
|
|
publicServerName: matrix.live.bstein.dev
|
|
|
|
config:
|
|
publicBaseurl: https://matrix.live.bstein.dev
|
|
|
|
externalPostgresql:
|
|
host: postgres-service.postgres.svc.cluster.local
|
|
port: 5432
|
|
username: synapse
|
|
existingSecret: synapse-db
|
|
existingSecretPasswordKey: POSTGRES_PASSWORD
|
|
database: synapse
|
|
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
enabled: true
|
|
existingSecret: synapse-redis
|
|
existingSecretPasswordKey: redis-password
|
|
|
|
postgresql:
|
|
enabled: false
|
|
|
|
persistence:
|
|
enabled: true
|
|
storageClass: asteria
|
|
accessMode: ReadWriteOnce
|
|
size: 50Gi
|
|
|
|
synapse:
|
|
podSecurityContext:
|
|
fsGroup: 666
|
|
runAsUser: 666
|
|
runAsGroup: 666
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: "2"
|
|
memory: 3Gi
|
|
nodeSelector:
|
|
hardware: rpi5
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 50
|
|
preference:
|
|
matchExpressions:
|
|
- key: hardware
|
|
operator: In
|
|
values: ["rpi5","rpi4"]
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
csHosts:
|
|
- matrix.live.bstein.dev
|
|
hosts:
|
|
- matrix.live.bstein.dev
|
|
wkHosts:
|
|
- live.bstein.dev
|
|
- bstein.dev
|
|
tls:
|
|
- secretName: matrix-live-tls
|
|
hosts:
|
|
- matrix.live.bstein.dev
|
|
- live.bstein.dev
|
|
|
|
extraConfig:
|
|
allow_guest_access: true
|
|
allow_public_rooms_without_auth: true
|
|
auto_join_rooms:
|
|
- "#othrys:live.bstein.dev"
|
|
autocreate_auto_join_rooms: true
|
|
default_room_version: "11"
|
|
experimental_features:
|
|
msc3266_enabled: true
|
|
msc4143_enabled: true
|
|
msc4222_enabled: true
|
|
max_event_delay_duration: 24h
|
|
password_config:
|
|
enabled: true
|
|
oidc_enabled: true
|
|
oidc_providers:
|
|
- idp_id: keycloak
|
|
idp_name: Keycloak
|
|
issuer: https://sso.bstein.dev/realms/atlas
|
|
client_id: synapse
|
|
client_secret: "@@OIDC_CLIENT_SECRET@@"
|
|
client_auth_method: client_secret_post
|
|
scopes: ["openid", "profile", "email"]
|
|
authorization_endpoint: https://sso.bstein.dev/realms/atlas/protocol/openid-connect/auth
|
|
token_endpoint: https://sso.bstein.dev/realms/atlas/protocol/openid-connect/token
|
|
userinfo_endpoint: https://sso.bstein.dev/realms/atlas/protocol/openid-connect/userinfo
|
|
user_mapping_provider:
|
|
config:
|
|
localpart_template: "{{ user.preferred_username }}"
|
|
display_name_template: "{{ user.name }}"
|
|
allow_existing_users: true
|
|
rc_message:
|
|
per_second: 0.5
|
|
burst_count: 30
|
|
rc_delayed_event_mgmt:
|
|
per_second: 1
|
|
burst_count: 20
|
|
rc_login:
|
|
address:
|
|
burst_count: 20
|
|
per_second: 5
|
|
account:
|
|
burst_count: 20
|
|
per_second: 5
|
|
failed_attempts:
|
|
burst_count: 20
|
|
per_second: 5
|
|
room_list_publication_rules:
|
|
- action: allow
|
|
well_known_client:
|
|
"m.homeserver":
|
|
"base_url": "https://matrix.live.bstein.dev"
|
|
"org.matrix.msc4143.rtc_foci":
|
|
- type: "livekit"
|
|
livekit_service_url: "https://kit.live.bstein.dev/livekit/jwt"
|
|
|
|
worker:
|
|
enabled: false
|