feat(synapse): add synapse (#1768)

This commit is contained in:
Kjeld Schouten-Lebbing
2022-01-24 00:22:17 +01:00
committed by GitHub
parent 4e89e852c4
commit 6e5e9da04c
10 changed files with 967 additions and 0 deletions

View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS

View File

@@ -0,0 +1,32 @@
apiVersion: v2
appVersion: "23.0.0"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.14.1
- condition: postgresql.enabled
name: postgresql
repository: https://truecharts.org/
version: 6.0.56
deprecated: false
description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes
home: https://github.com/truecharts/apps/charts/stable/synapse
icon: https://truecharts.org/_static/img/appicons/synapse-icon.png
keywords:
- chat
- matrix
- synapse
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: synapse
sources: []
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,5 @@
matrix:
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
hostname: "matrix.example.com"

View File

@@ -0,0 +1,5 @@
matrix:
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
hostname: "matrix.example.com"

View File

@@ -0,0 +1,349 @@
# Include{groups}
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: secret
group: "Container Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: NEXTCLOUD_ADMIN_USER
label: "NEXTCLOUD_ADMIN_USER (First Install Only)"
description: "Sets the initial nextcloud's admin username, changing this variable after first launch will NOT change admin's username"
schema:
type: string
required: true
default: "REPLACETHIS"
- variable: NEXTCLOUD_ADMIN_PASSWORD
label: "NEXTCLOUD_ADMIN_PASSWORD (First Install Only)"
description: "Sets the initial nextcloud's admin password, changing this variable after first launch will NOT change admin's password"
schema:
type: string
private: true
required: true
default: "REPLACETHIS"
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
# Include{fixedEnv}
- variable: TRUSTED_PROXIES
label: "Trusted Proxies (Advanced)"
description: "Sets nextcloud Trusted Proxies"
schema:
type: string
default: "172.16.0.0/16"
- variable: NODE_IP
label: "NODE_IP"
description: "Sets nextcloud nodeip for nodeport connections (Ensure this is correct at first install!)"
schema:
type: string
$ref:
- "definitions/nodeIP"
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10020
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 80
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: data
label: "App Data Storage"
description: "Stores the Application Data."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 33
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}

View File

@@ -0,0 +1,153 @@
{{/* Define the configs */}}
{{- define "synapse.config" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: synapse-config
labels:
{{ include "common.labels" . | nindent 4 }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
homeserver.yaml: |
server_name: {{ .Values.matrix.serverName }}
pid_file: /data/homeserver.pid
public_baseurl: {{ include "matrix.baseUrl" . | quote }}
use_presence: {{ .Values.matrix.presence }}
allow_public_rooms_over_federation: {{ and .Values.matrix.federation.enabled .Values.matrix.federation.allowPublicRooms }}
block_non_admin_invites: {{ .Values.matrix.blockNonAdminInvites }}
enable_search: {{ .Values.matrix.search }}
{{- if .Values.matrix.federation.whitelist }}
federation_domain_whitelist:
{{- range .Values.matrix.federation.whitelist }}
- {{ . }}
{{- end }}
{{- end}}
federation_ip_range_blacklist:
{{- range .Values.matrix.federation.blacklist }}
- {{ . }}
{{- end }}
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['0.0.0.0']
resources:
- names: [client, federation]
compress: false
{{- if .Values.synapse.metrics.enabled }}
- type: metrics
port: {{ .Values.synapse.metrics.port }}
bind_addresses: ['0.0.0.0']
resources:
- names: [metrics]
{{- end }}
admin_contact: 'mailto:{{ .Values.matrix.adminEmail }}'
hs_disabled: {{ .Values.matrix.disabled }}
hs_disabled_message: {{ .Values.matrix.disabledMessage }}
redaction_retention_period: {{ .Values.matrix.retentionPeriod }}
log_config: "/data/{{ .Values.matrix.serverName }}.log.config"
media_store_path: "/data/media_store"
uploads_path: "/data/uploads"
max_upload_size: {{ .Values.matrix.uploads.maxSize }}
max_image_pixels: {{ .Values.matrix.uploads.maxPixels }}
url_preview_enabled: {{ .Values.matrix.urlPreviews.enabled }}
{{- if .Values.coturn.enabled -}}
{{- if not (empty .Values.coturn.uris) }}
turn_uris:
{{- range .Values.coturn.uris }}
- {{ . }}
{{- end }}
{{- else }}
turn_uris:
- "turn:{{ include "matrix.hostname" . }}?transport=udp"
{{- end }}
turn_user_lifetime: 1h
turn_allow_guests: {{ .Values.coturn.allowGuests }}
{{- end }}
enable_registration: {{ .Values.matrix.registration.enabled }}
allow_guest_access: {{ .Values.matrix.registration.allowGuests }}
{{- if .Values.synapse.metrics.enabled }}
enable_metrics: true
{{- end }}
report_stats: false
{{- if .Values.synapse.appConfig }}
app_service_config_files:
{{- range .Values.synapse.appConfig }}
- {{ . }}
{{- end }}
{{- end }}
signing_key_path: "/data/keys/{{ .Values.matrix.serverName }}.signing.key"
{{- if .Values.matrix.security.trustedKeyServers }}
trusted_key_servers:
{{- range .Values.matrix.security.trustedKeyServers }}
- server_name: {{ .serverName }}
{{- if .verifyKeys }}
verify_keys:
{{- range .verifyKeys }}
{{ .id | quote }}: {{ .key | quote }}
{{- end }}
{{- end }}
{{- if .acceptKeysInsecurely }}
accept_keys_insecurely: {{ .acceptKeysInsecurely }}
{{- end }}
{{- end }}
{{- end }}
suppress_key_server_warning: {{ .Values.matrix.security.supressKeyServerWarning }}
{{- if not .Values.loadCustomConfig }}
custom.yaml: |
# PLACEHOLDER
{{- end }}
{{ .Values.matrix.serverName }}.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: {{ .Values.matrix.logging.synapseLogLevel }}
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: {{ .Values.matrix.logging.sqlLogLevel }}
root:
level: {{ .Values.matrix.logging.rootLogLevel }}
handlers: [console]
{{- end }}

View File

@@ -0,0 +1,20 @@
Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition
*/}}
{{- define "matrix.hostname" -}}
{{- if .Values.matrix.hostname }}
{{- .Values.matrix.hostname -}}
{{- else }}
{{- .Values.ingress.hosts.synapse -}}
{{- end }}
{{- end }}
{{/*
Synapse hostname prepended with https:// to form a complete URL
*/}}
{{- define "matrix.baseUrl" -}}
{{- if .Values.matrix.hostname }}
{{- printf "https://%s" .Values.matrix.hostname -}}
{{- else }}
{{- printf "https://%s" .Values.ingress.hosts.synapse -}}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,55 @@
{{/* Define the configs */}}
{{- define "synapse.secret" -}}
---
apiVersion: v1
kind: Secret
metadata:
name: synapse-secret
labels:
{{ include "common.labels" . | nindent 4 }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
stringData:
{{- $previous := lookup "v1" "Secret" .Release.Namespace "synapse-secret" }}
{{- $msk := "" }}
secret.yaml: |
{{- if .Values.mail.enabled }}
email:
enable_notifs: {{ .Values.mail.enabled }}
notif_from: {{ .Values.mail.from }}
smtp_host: {{ .Values.mail.external.host }}
smtp_port: {{ .Values.mail.external.port }}
smtp_user: {{ .Values.mail.external.username }}
smtp_pass: {{ .Values.mail.external.password }}
require_transport_security: {{ .Values.mail.external.requireTransportSecurity }}
{{- end }}
database:
name: "psycopg2"
args:
user: "{{ .Values.postgresql.postgresqlUsername }}"
password: {{ .Values.postgresql.postgresqlPassword }}
database: "{{ .Values.postgresql.postgresqlDatabase }}"
host: "{{ printf "%v-%v" .Release.Name "postgresql" }}"
port: "5432"
cp_min: 5
cp_max: 10
sslmode: "disable"
{{- if .Values.matrix.registration.sharedSecret }}
registration_shared_secret: {{ .Values.matrix.registration.sharedSecret }}
{{- end }}
{{- if $previous }}
{{- $msk = ( index $previous.data "macaroon_secret_key" ) | b64dec }}
macaroon_secret_key: {{ ( index $previous.data "macaroon_secret_key" ) }}
{{- else }}
{{- $msk = randAlphaNum 50 }}
macaroon_secret_key: {{ $msk | b64enc | quote }}
{{- end }}
{{- if .Values.coturn.enabled -}}
turn_shared_secret: {{ include "matrix.coturn.sharedSecret" . }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,11 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render configmap for synapse */}}
{{- include "synapse.config" . }}
{{/* Render secret for synapse */}}
{{- include "synapse.secret" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

View File

@@ -0,0 +1,313 @@
image:
repository: matrixdotorg/synapse
pullPolicy: IfNotPresent
tag: v1.50.1
command:
- sh
- -c
- |
exec python -B -m synapse.app.homeserver \
-c /data/homeserver.yaml \
-c /data/secret/secret.yaml \
-c /data/custom.yaml
service:
main:
ports:
main:
port: 8008
targetPort: 8008
replication:
enabled: true
ports:
replication:
enabled: true
port: 9092
targetPort: 9092
metrics:
enabled: true
ports:
metrics:
enabled: true
port: 9090
targetPort: 9090
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: true
runAsNonRoot: true
secret: {}
installContainers:
generate-signing-key:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
- name: SYNAPSE_SERVER_NAME
value: "{{ .Values.matrix.serverName }}"
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: config
mountPath: /data
- name: secret
mountPath: /data/secret
- name: key
mountPath: /data/keys
env: {}
persistence:
config:
enabled: true
type: configMap
objectName: synapse-config
mountPath: /data
readOnly: false
secret:
enabled: true
type: secret
objectName: synapse-secret
mountPath: /data/secret
readOnly: false
key:
enabled: true
mountPath: "/data/keys"
media:
enabled: true
mountPath: "/data/media_store"
uploads:
enabled: true
mountPath: "/uploads"
probes:
liveness:
path: /health
readiness:
path: /health
startup:
path: /health
# Synapse Kubernetes resource settings
synapse:
loadCustomConfig: false
# -- List of application config .yaml files to be loaded from /appConfig
appConfig: []
# Prometheus metrics for Synapse
# https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
metrics:
# Whether Synapse should capture metrics on an additional endpoint
enabled: true
# Port to listen on for metrics scraping
port: 9092
annotations: true
# Runtime configuration for Synapse and settings related to the Matrix protocol
matrix:
# Manual overrides for homeserver.yaml, the main configuration file for Synapse
# If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents.
# If homeserverExtra is set, the contents will be appended to the end of the default configuration.
# It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense
# of the requirements and default configuration options to use other services in this chart.
# homeserverOverride: {}
# homeserverExtra: {}
# Domain name of the server
# This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains
# from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the
# domain name at the end of every user's username
serverName: "example.com"
urlPreviews:
enabled: false
# Hostname where Synapse can be reached.
# This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
# Ingress will be used
# hostname: "matrix.example.com"
# Set to false to disable presence (online/offline indicators)
presence: true
# Set to true to block non-admins from inviting users to any rooms
blockNonAdminInvites: false
# Set to false to disable message searching
search: true
# Which types of rooms to enable end-to-end encryption on by default
# off: none
# invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset
# all: all rooms
encryptByDefault: invite
# Email address of the administrator
adminEmail: "admin@example.com"
# Settings related to image and multimedia uploads
uploads:
# Max upload size in bytes
maxSize: 10M
# Max image size in pixels
maxPixels: 32M
# Settings related to federation
federation:
# Set to false to disable federation and run an isolated homeserver
enabled: true
# Set to false to disallow members of other homeservers from fetching *public* rooms
allowPublicRooms: true
# Whitelist of domains to federate with (comment for all domains except blacklisted)
# whitelist: []
# IP addresses to blacklist federation requests to
blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
# User registration settings
registration:
# Allow new users to register an account
enabled: false
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
# sharedSecret: <PRIVATE STRING>
# Allow users to join rooms as a guest
allowGuests: false
# Required "3PIDs" - third-party identifiers such as email or msisdn (SMS)
# required3Pids:
# - email
# - msisdn
# Rooms to automatically join all new users to
autoJoinRooms: []
# - "#welcome:example.com"
# How long to keep redacted events in unredacted form in the database
retentionPeriod: 7d
security:
# a secret which is used to sign access tokens. If none is specified,
# the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key.
#
# macaroonSecretKey: <PRIVATE STRING>
# This disables the warning that is emitted when the
# trustedKeyServers include 'matrix.org'. See below.
# Set to false to re-enable the warning.
#
surpressKeyServerWarning: true
# The trusted servers to download signing keys from.
#
# When we need to fetch a signing key, each server is tried in parallel.
#
# Normally, the connection to the key server is validated via TLS certificates.
# Additional security can be provided by configuring a `verify key`, which
# will make synapse check that the response is signed by that key.
#
# This setting supercedes an older setting named `perspectives`. The old format
# is still supported for backwards-compatibility, but it is deprecated.
#
# 'trustedKeyServers' defaults to matrix.org, but using it will generate a
# warning on start-up. To suppress this warning, set
# 'surpressKeyServerWarning' to true.
#
# Options for each entry in the list include:
#
# serverName: the name of the server. required.
#
# verifyKeys: an optional map from key id to base64-encoded public key.
# If specified, we will check that the response is signed by at least
# one of the given keys.
#
# acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset,
# and federation_verify_certificates is not `true`, synapse will refuse
# to start, because this would allow anyone who can spoof DNS responses
# to masquerade as the trusted key server. If you know what you are doing
# and are sure that your network environment provides a secure connection
# to the key server, you can set this to `true` to override this
# behaviour.
#
# An example configuration might look like:
#
# trustedKeyServers:
# - serverName: my_trusted_server.example.com
# verifyKeys:
# - id: "ed25519:auto"
# key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
# acceptKeysInsecurely: false
# - serverName: my_other_trusted_server.example.com
# Set to true to globally block access to the homeserver
disabled: false
# Human readable reason for why the homeserver is blocked
disabledMessage: ""
logging:
# Root log level is the default log level for log outputs that do not have more
# specific settings.
rootLogLevel: WARNING
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
sqlLogLevel: WARNING
# The log level for the synapse server
synapseLogLevel: WARNING
# Settings for email notifications
mail:
# Set to false to disable all email notifications
# NOTE: If enabled, either enable the Exim relay or configure an external mail server below
enabled: false
# Name and email address for outgoing mail
from: "Matrix <matrix@example.com>"
# Optional: Element instance URL.
# If the ingress is enabled, this is unnecessary.
# If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io
riotUrl: ""
host: ""
port: 25 # SSL: 465, STARTTLS: 587
username: ""
password: ""
requireTransportSecurity: true
coturn:
enabled: false
# Enabled postgres
postgresql:
env:
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C"
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: synapse
postgresqlDatabase: synapse