Enable MSC2946 by default, enable profiling if specified, README tweaks

helm/dendrite/README.md

@@ -41,12 +41,13 @@ Create a folder `appservices` and place your configurations in there.  The confi
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| clientapi.registration.disabled | bool | `true` | Disable registration |
 | clientapi.registration.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration |
+| clientapi.registration.guests_disabled | bool | `true` |  |
 | clientapi.registration.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret |
 | clientapi.registration.recaptcha_private_key | string | `""` | reCAPTCHA private key |
 | clientapi.registration.recaptcha_public_key | string | `""` | reCAPTCHA public key |
 | clientapi.registration.recaptcha_siteverify_api | string | `""` |  |
+| clientapi.registration.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. |
 | clientapi.registration.shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. |
 | configuration.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. |
 | configuration.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
@@ -65,8 +66,8 @@ Create a folder `appservices` and place your configurations in there.  The confi
 | configuration.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password |
 | configuration.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username |
 | configuration.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. |
-| configuration.mscs | list | `[]` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) |
+| configuration.mscs | list | `["msc2946"]` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) |
-| configuration.profiling.enabled | bool | `false` | Enable pprof |
+| configuration.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` |
 | configuration.profiling.port | int | `65432` | pprof port, if enabled |
 | configuration.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds |
 | configuration.rate_limiting.enabled | bool | `true` | Enable rate limiting |
@@ -79,9 +80,9 @@ Create a folder `appservices` and place your configurations in there.  The confi
 | configuration.turn.turn_password | string | `""` | The TURN password |
 | configuration.turn.turn_shared_secret | string | `""` |  |
 | configuration.turn.turn_uris | list | `[]` |  |
-| configuration.turn.turn_user_lifetime | string | `""` |  |
+| configuration.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
 | configuration.turn.turn_username | string | `""` | The TURN username |
-| configuration.well_known_client_name | string | `nil` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 |
+| configuration.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 |
 | configuration.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 |
 | federationapi.disable_tls_validation | bool | `false` | Disable TLS validation |
 | federationapi.prefer_direct_fetch | bool | `false` |  |
@@ -119,4 +120,4 @@ Create a folder `appservices` and place your configurations in there.  The confi
 | syncapi.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. |
 | syncapi.search | object | `{"enabled":false,"language":"en"}` | Configuration for the full-text search engine. |
 | syncapi.search.enabled | bool | `false` | Whether or not search is enabled. |
-| syncapi.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang |
+| syncapi.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) |

helm/dendrite/templates/deployment.yaml

@@ -48,6 +48,11 @@ spec:
           - name: http
             containerPort: 8008
             protocol: TCP
+        {{- if $.Values.configuration.profiling.enabled }}
+        env:
+          - name: PPROFLISTEN
+            value: "localhost:{{- $.Values.configuration.profiling.port -}}"
+        {{- end }}
         resources:
         {{- toYaml $.Values.resources | nindent 10 }}
         volumeMounts:

helm/dendrite/templates/secrets.yaml

@@ -71,6 +71,7 @@ stringData:
     client_api:
     {{- with .Values.clientapi }}
       registration_disabled: {{ .registration.disabled }}
+      guests_disabled: {{ .registration.guests_disabled }}
       registration_shared_secret: {{ .registration.shared_secret | quote }}
       enable_registration_captcha:  {{ .registration.enable_registration_captcha }}
       recaptcha_public_key: {{ .registration.recaptcha_public_key | quote }}

helm/dendrite/templates/service.yaml

@@ -5,12 +5,12 @@ apiVersion: v1
 kind: Service
 metadata:
   namespace: {{ $.Release.Namespace }}
-  name: dendrite
+  name: {{ $.Chart.Name }}
   labels:
-    app: {{ $.Chart.Name }}
+    {{- include "dendrite.labels" . | nindent 4 }}
 spec:
   selector:
-    app: {{ $.Chart.Name }}
+    {{- include "dendrite.selectorLabels" . | nindent 4 }}
   ports:
     - name: http
       protocol: TCP

helm/dendrite/values.yaml

@@ -14,7 +14,7 @@ configuration:
 
   # -- The server name to delegate client-server communications to, with optional port
   # e.g. localhost:443
-  well_known_client_name:
+  well_known_client_name: ""
 
   # -- Lists of domains that the server will trust as identity servers to verify third
   # party identifiers such as phone numbers and email addresses.
@@ -77,7 +77,8 @@ configuration:
 
   # TURN server information that this homeserver should send to clients.
   turn:
-    turn_user_lifetime: ""
+    # -- Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
+    turn_user_lifetime: "24h"
     turn_uris: []
     turn_shared_secret: ""
     # -- The TURN username
@@ -123,13 +124,16 @@ configuration:
       throttler: null
 
   profiling:
-    # -- Enable pprof
+    # -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF,
+    # as it will only listen on localhost and the defined port.
+    # e.g. `kubectl port-forward deployments/dendrite 65432:65432`
     enabled: false
     # -- pprof port, if enabled
     port: 65432
 
   # -- Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946)
-  mscs: []
+  mscs:
+    - msc2946
     # A list of enabled MSC's
     # Currently valid values are:
     # - msc2836    (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
@@ -161,8 +165,13 @@ persistence:
 
 clientapi:
   registration:
-    # -- Disable registration
+    # -- Prevents new users from being able to register on this homeserver, except when
-    disabled: true
+    # using the registration shared secret below.
+    registration_disabled: true
+
+    # Prevents new guest accounts from being created. Guest registration is also
+    # disabled implicitly by setting 'registration_disabled' above.
+    guests_disabled: true
 
     # -- If set, allows registration by anyone who knows the shared secret, regardless of
     # whether registration is otherwise disabled.
@@ -216,7 +225,7 @@ syncapi:
     enabled: false
     # -- The language most likely to be used on the server - used when indexing, to
     # ensure the returned results match expectations. A full list of possible languages
-    # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
+    # can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46)
     language: "en"
 
 postgresql: