89 lines
3.6 KiB
YAML
89 lines
3.6 KiB
YAML
|
---
|
||
|
apiVersion: external-secrets.io/v1beta1
|
||
|
kind: ExternalSecret
|
||
|
metadata:
|
||
|
name: "synapse-werts-config"
|
||
|
namespace: synapse
|
||
|
spec:
|
||
|
refreshInterval: "5s"
|
||
|
secretStoreRef:
|
||
|
name: k8s-store
|
||
|
kind: SecretStore
|
||
|
data:
|
||
|
- {"secretKey": "registration_shared_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "registration_shared_secret"}}
|
||
|
- {"secretKey": "pepper", "remoteRef": {"key": "synapse-werts-secrets", "property": "password_config__pepper"}}
|
||
|
- {"secretKey": "macaroon_secret_key", "remoteRef": {"key": "synapse-werts-secrets", "property": "macaroon_secret_key"}}
|
||
|
- {"secretKey": "form_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "form_secret"}}
|
||
|
|
||
|
- {"secretKey": "oidc_client_id", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_id"}}
|
||
|
- {"secretKey": "oidc_client_secret", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_secret"}}
|
||
|
|
||
|
- {"secretKey": "db_user", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "user"}}
|
||
|
- {"secretKey": "db_password", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "password"}}
|
||
|
- {"secretKey": "db_dbname", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "dbname"}}
|
||
|
- {"secretKey": "db_host", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "host"}}
|
||
|
target:
|
||
|
name: synapse-werts-config
|
||
|
template:
|
||
|
type: Opaque
|
||
|
data:
|
||
|
"homeserver.yaml": |
|
||
|
macaroon_secret_key: "{{.macaroon_secret_key}}"
|
||
|
form_secret: "{{.form_secret}}"
|
||
|
registration_shared_secret: "{{.registration_shared_secret}}"
|
||
|
password_config:
|
||
|
enabled: true
|
||
|
pepper: "{{ .pepper }}"
|
||
|
|
||
|
server_name: werts.us
|
||
|
public_baseurl: https://chat.werts.us/
|
||
|
pid_file: /data/homeserver.pid
|
||
|
|
||
|
media_store_path: "/data/media_store"
|
||
|
report_stats: false
|
||
|
trusted_key_servers:
|
||
|
- server_name: "matrix.org"
|
||
|
signing_key_path: "/data/my.matrix.host.signing.key"
|
||
|
limit_remote_rooms:
|
||
|
enabled: true
|
||
|
complexity: 0.0
|
||
|
complexity_error: "only admins are allowed to join federated rooms"
|
||
|
admins_can_join: true
|
||
|
allow_public_rooms_without_auth: false
|
||
|
allow_public_rooms_over_federation: false
|
||
|
|
||
|
|
||
|
listeners:
|
||
|
- port: 8008
|
||
|
tls: false
|
||
|
type: http
|
||
|
x_forwarded: true
|
||
|
|
||
|
resources:
|
||
|
- names: [client, federation]
|
||
|
compress: false
|
||
|
database:
|
||
|
name: psycopg2
|
||
|
args:
|
||
|
user: "{{ .db_user }}"
|
||
|
password: "{{ .db_password }}"
|
||
|
database: "{{ .db_dbname }}"
|
||
|
host: "{{ .db_host }}"
|
||
|
cp_min: 5
|
||
|
cp_max: 10
|
||
|
oidc_providers:
|
||
|
- idp_id: my_idp
|
||
|
idp_name: "werts.us"
|
||
|
discover: true
|
||
|
issuer: "https://auth.werts.us/realms/werts"
|
||
|
scopes: ["openid", "profile"]
|
||
|
skip_verification: true
|
||
|
user_mapping_provider:
|
||
|
config:
|
||
|
subject_claim: "preferred_username"
|
||
|
localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
|
||
|
display_name_template: "{{"{{"}} user.name {{"}}"}}"
|
||
|
email_template: "{{"{{"}} user.email {{"}}"}}"
|
||
|
client_id: "{{ .oidc_client_id }}"
|
||
|
client_secret: "{{ .oidc_client_secret }}"
|