From 849de96f925be99d899a22fccaa1c86e5143f46b Mon Sep 17 00:00:00 2001
From: shodan <thrawn235@gmail.com>
Date: Sun, 29 Mar 2026 14:55:13 +0000
Subject: [PATCH] .

---
 matrix/synapse.yaml | 93 +++++++++++++++++++++++++++------------------
 1 file changed, 55 insertions(+), 38 deletions(-)

diff --git a/matrix/synapse.yaml b/matrix/synapse.yaml
index 561f99d..94bf1a4 100644
--- a/matrix/synapse.yaml
+++ b/matrix/synapse.yaml
@@ -76,47 +76,64 @@ spec:
       labels:
         app: synapse
     spec:
+      securityContext:
+        fsGroup: 991
+        fsGroupChangePolicy: OnRootMismatch
+
+      initContainers:
+      - name: fix-permissions
+        image: busybox:1.36
+        command:
+          - sh
+          - -c
+          - |
+            mkdir -p /data
+            chown -R 991:991 /data
+            chmod -R u+rwX,g+rwX /data
+            ls -ld /data
+            ls -l /data || true
+        volumeMounts:
+        - mountPath: /data
+          name: data
+
       containers:
-        - name: synapse
-          image: matrixdotorg/synapse:v1.150.0
-          imagePullPolicy: IfNotPresent
-          ports:
-            - containerPort: 8008
-              name: http
-
-          readinessProbe:
-            httpGet:
-              path: /_matrix/client/versions
-              port: 8008
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 10
-
-          livenessProbe:
-            httpGet:
-              path: /_matrix/client/versions
-              port: 8008
-              scheme: HTTP
-            initialDelaySeconds: 120
-            periodSeconds: 20
-
-          volumeMounts:
-            - mountPath: /data
-              name: data
-            - mountPath: /data/homeserver.yaml
-              name: homeserver
-              subPath: homeserver.yaml
+      - name: synapse
+        image: matrixdotorg/synapse:v1.150.0
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8008
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /_matrix/client/versions
+            port: 8008
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        livenessProbe:
+          httpGet:
+            path: /_matrix/client/versions
+            port: 8008
+            scheme: HTTP
+          initialDelaySeconds: 120
+          periodSeconds: 20
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        - mountPath: /data/homeserver.yaml
+          name: homeserver
+          subPath: homeserver.yaml
 
       volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: data
-        - name: homeserver
-          configMap:
-            name: config
-            items:
-              - key: homeserver.yaml
-                path: homeserver.yaml
+      - name: data
+        persistentVolumeClaim:
+          claimName: data
+      - name: homeserver
+        configMap:
+          name: config
+          items:
+          - key: homeserver.yaml
+            path: homeserver.yaml
 ---
 apiVersion: v1
 kind: Service