Add synapse

2025-02-02 15:56:47 -07:00 · 2025-02-02 15:56:47 -07:00 · 885e376e06
commit 885e376e06
parent cc56f13a9b
3 changed files with 90 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -10,9 +10,9 @@ Like the cloud but local.

 ### Add node to talos cluster
 ```sh
-talosctl apply-config --insecure -n 192.168.1.38 --file worker.yaml 
-talosctl apply-config --insecure -n 192.168.1.39 --file worker.yaml 
-talosctl apply-config --insecure -n 192.168.1.43 --file controlplane.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.38 --file worker.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.39 --file worker.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.43 --file controlplane.yaml 
 ```
 ### Update context
 ```sh 
@ -97,7 +97,14 @@ helm repo add ananace-charts https://ananace.gitlab.io/charts

 kubectl create ns goatchat
 kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
-helm upgrade --create-namespace --namespace goatchat goatchat ananace-charts/matrix-synapse --values synapse/values.yaml --install
+helm upgrade --create-namespace \
+             --namespace goatchat \
+             goatchat ananace-charts/matrix-synapse \
+             --set config.macaroonSecretKey=$GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY \
+             --set config.registrationSharedSecret=$GOATCHAT_REGISTRATION_SHARED_SECRET \
+             --set extraConfig.email.smtp_pass=$GOATCHAT_SMTP_PASSWORD \
+             --values synapse/values.yaml \
+             --install
 ```

 ### Install Matrix Registration
--- a/metallb/kubeproxy.yaml
+++ b/metallb/kubeproxy.yaml
@ -1,5 +0,0 @@
-apiVersion: kubeproxy.config.k8s.io/v1alpha1
-kind: KubeProxyConfiguration
-mode: "ipvs"
-ipvs:
-  strictARP: true
--- a/synapse/values.yaml
+++ b/synapse/values.yaml
@ -0,0 +1,79 @@
+image:
+  tag: v1.123.0    
+
+serverName: 'goatchat.ca'
+publicServerName: 'goatchat.ca'
+
+wellknown:
+  enabled: true
+  
+signingkey:
+  job:
+    enabled: false
+  existingSecret: goatchatca-signingkey
+  existingSecretKey: signing.key
+
+synapse:
+  strategy:
+    type: Recreate
+config:
+  macaroonSecretKey: # set through cli args
+  registrationSharedSecret: # set through cli args
+
+extraConfig:
+  url_preview_enabled: true    
+  url_preview_ip_range_blacklist:
+     - '127.0.0.0/8'
+     - '10.0.0.0/8'
+     - '172.16.0.0/12'
+     - '192.168.0.0/16'
+     - '100.64.0.0/10'
+     - '169.254.0.0/16'
+     - '::1/128'
+     - 'fe80::/64'
+     - 'fc00::/7'
+
+  max_upload_size: 100M
+
+  email:
+    enable_notifs: true
+    smtp_host: "smtp.sendgrid.net"
+    smtp_port: 587
+    smtp_user: "apikey"
+    smtp_pass: # set through cli args
+    require_transport_security: true
+    notif_from: "Your Friendly %(app)s homeserver <noreply@goatchat.ca>"
+    app_name: Goatchat
+    validation_token_lifetime: 1h
+
+
+  user_directory:
+    enabled: false
+    search_all_users: true
+    prefer_local_users: true
+
+  server_notices:
+    system_mxid_localpart: notices
+    system_mxid_display_name: "Screaming Goat"
+    system_mxid_avatar_url: ""
+    room_name: "Goatchat Notices"
+    room_avatar_url: ""
+    room_topic: "Room used by your server admin to notify you of important information"
+    auto_join: true
+  
+
+ingress:
+  traefikPaths: true
+  annotations:
+    "traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
+
+
+persistence:
+  size: 30Gi    
+
+postgresql:
+  enabled: false    
+externalPostgresql:
+  host: postgres-primary.datastore.svc
+  existingSecret: postgres-pguser-synapse
+  existingSecretPasswordKey: password