apiVersion: v1 kind: ConfigMap metadata: name: config namespace: matrix data: homeserver.yaml: | server_name: "matrix.apps.undercloud.dev" public_baseurl: "https://matrix.apps.undercloud.dev/" pid_file: /data/homeserver.pid serve_server_wellknown: true enable_registration: true enable_registration_without_verification: true enable_metrics: true report_stats: true oidc_providers: - idp_id: authentik idp_name: "Authentik" idp_brand: "authentik" issuer: "https://auth.apps.undercloud.dev/application/o/matrix/" client_id: "w9W4luRWCA8VGnzkrw278ppJVVEV2LE5XuPfjU5d" client_secret: "n3sjaFXIZZzgUxS822AakkGdueTZNcEQAx92WQVjnZ714ZKuujAaPtx7ML7MPtSPT3qLmrIduSKICkSO05zrht7kttn2DxpIeFNRELpCNPK171xglqb9lGhGuRIVJV4J" scopes: ["openid", "profile", "email"] allow_existing_users: true enable_registration: true user_mapping_provider: config: localpart_template: "{{ user.preferred_username | lower }}" display_name_template: "{{ user.name }}" email_template: "{{ user.email }}" listeners: - port: 8008 tls: false type: http x_forwarded: true resources: - names: [client, federation] compress: false database: name: psycopg2 args: user: matrix password: matrixUserPW database: synapse host: db cp_min: 5 cp_max: 10 media_store_path: /data/media_store #log_config: "/data/matrix.apps.undercloud.dev.log.config" registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y" macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-" form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@" signing_key_path: "/data/matrix.apps.undercloud.dev.signing.key" trusted_key_servers: - server_name: "matrix.org" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data namespace: matrix spec: accessModes: - ReadWriteMany resources: requests: storage: 4Gi storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment metadata: name: synapse namespace: matrix labels: app: synapse spec: replicas: 1 selector: matchLabels: app: synapse template: metadata: labels: app: synapse spec: securityContext: fsGroup: 991 fsGroupChangePolicy: OnRootMismatch initContainers: - name: fix-permissions image: busybox:1.36 command: - sh - -c - | mkdir -p /data chown -R 991:991 /data chmod -R u+rwX,g+rwX /data ls -ld /data ls -l /data || true volumeMounts: - mountPath: /data name: data containers: - name: synapse image: matrixdotorg/synapse:v1.150.0 imagePullPolicy: IfNotPresent ports: - containerPort: 8008 name: http readinessProbe: httpGet: path: /_matrix/client/versions port: 8008 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /_matrix/client/versions port: 8008 scheme: HTTP initialDelaySeconds: 120 periodSeconds: 20 volumeMounts: - mountPath: /data name: data - mountPath: /data/homeserver.yaml name: homeserver subPath: homeserver.yaml volumes: - name: data persistentVolumeClaim: claimName: data - name: homeserver configMap: name: config items: - key: homeserver.yaml path: homeserver.yaml --- apiVersion: v1 kind: Service metadata: name: synapse namespace: matrix labels: app: synapse spec: type: ClusterIP internalTrafficPolicy: Cluster ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack selector: app: synapse ports: - name: http port: 80 protocol: TCP targetPort: 8008