mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-16 18:43:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move dendrite configuration again

Browse source
This commit is contained in:
Till Faelligen 2023-01-06 10:24:31 +01:00
parent 37b251dd99
commit 37fa1fcde3
No known key found for this signature in database
GPG key ID: ACCDC9606D472758
6 changed files with 298 additions and 328 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

114
helm/dendrite/README.md
View file

@ -41,54 +41,64 @@ Create a folder `appservices` and place your configurations in there. The confi
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| clientapi.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration |
| clientapi.guests_disabled | bool | `true` | |
| clientapi.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds |
| clientapi.rate_limiting.enabled | bool | `true` | Enable rate limiting |
| clientapi.rate_limiting.exempt_user_ids | string | `nil` | Users which should be exempt from rate limiting |
| clientapi.rate_limiting.threshold | int | `20` | After how many requests a rate limit should be activated |
| clientapi.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret |
| clientapi.recaptcha_private_key | string | `""` | reCAPTCHA private key |
| clientapi.recaptcha_public_key | string | `""` | reCAPTCHA public key |
| clientapi.recaptcha_siteverify_api | string | `""` | |
| clientapi.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. |
| clientapi.shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. |
| clientapi.turn.turn_password | string | `""` | The TURN password |
| clientapi.turn.turn_shared_secret | string | `""` | |
| clientapi.turn.turn_uris | list | `[]` | |
| clientapi.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| clientapi.turn.turn_username | string | `""` | The TURN username |
| federationapi.disable_tls_validation | bool | `false` | Disable TLS validation |
| federationapi.prefer_direct_fetch | bool | `false` | |
| federationapi.send_max_retries | int | `16` | |
| global.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. |
| global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
| global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime |
| global.database.host | string | `""` | Default database host |
| global.database.max_idle_conns | int | `5` | Default database maximum idle connections |
| global.database.max_open_conns | int | `90` | Default database maximum open connections |
| global.database.password | string | `""` | Default database password |
| global.database.user | string | `""` | Default database user |
| global.disable_federation | bool | `false` | Disable federation. Dendrite will not be able to make any outbound HTTP requests to other servers and the federation API will not be exposed. |
| global.dns_cache.cache_lifetime | string | `"10m"` | Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| global.dns_cache.cache_size | int | `256` | Maximum number of entries to hold in the DNS cache |
| global.dns_cache.enabled | bool | `false` | Whether or not the DNS cache is enabled. |
| global.key_validity_period | string | `"168h0m0s"` | |
| global.logging | list | [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml) | Default logging configuration |
| global.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password |
| global.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username |
| global.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. |
| global.mscs | list | `["msc2946"]` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) |
| global.presence | object | `{"enable_inbound":false,"enable_outbound":false}` | Configures the handling of presence events. Inbound controls whether we receive presence events from other servers, outbound controls whether we send presence events for our local users to other servers. |
| global.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` |
| global.profiling.port | int | `65432` | pprof port, if enabled |
| global.report_stats | object | `{"enabled":false,"endpoint":"https://matrix.org/report-usage-stats/push"}` | Configures phone-home statistics reporting. These statistics contain the server name, number of active users and some information on your deployment config. We use this information to understand how Dendrite is being used in the wild. |
| global.server_name | string | `""` | Servername for this Dendrite deployment |
| global.server_notices | object | `{"avatar_url":"","display_name":"Server Alerts","enabled":false,"local_part":"_server","room_name":"Server Alerts"}` | Server notices allows server admins to send messages to all users on the server. |
| global.tracing | object | disabled | Default tracing configuration |
| global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses. |
| global.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 |
| global.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 |
| dendrite_config.app_service_api.disable_tls_validation | bool | `false` | Disable the validation of TLS certificates of appservices. This is not recommended in production since it may allow appservice traffic to be sent to an insecure endpoint. |
| dendrite_config.clientapi.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration |
| dendrite_config.clientapi.guests_disabled | bool | `true` | |
| dendrite_config.clientapi.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds |
| dendrite_config.clientapi.rate_limiting.enabled | bool | `true` | Enable rate limiting |
| dendrite_config.clientapi.rate_limiting.exempt_user_ids | string | `nil` | Users which should be exempt from rate limiting |
| dendrite_config.clientapi.rate_limiting.threshold | int | `20` | After how many requests a rate limit should be activated |
| dendrite_config.clientapi.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret |
| dendrite_config.clientapi.recaptcha_private_key | string | `""` | reCAPTCHA private key |
| dendrite_config.clientapi.recaptcha_public_key | string | `""` | reCAPTCHA public key |
| dendrite_config.clientapi.recaptcha_siteverify_api | string | `""` | |
| dendrite_config.clientapi.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. |
| dendrite_config.clientapi.shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. |
| dendrite_config.clientapi.turn.turn_password | string | `""` | The TURN password |
| dendrite_config.clientapi.turn.turn_shared_secret | string | `""` | |
| dendrite_config.clientapi.turn.turn_uris | list | `[]` | |
| dendrite_config.clientapi.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| dendrite_config.clientapi.turn.turn_username | string | `""` | The TURN username |
| dendrite_config.federation_api.disable_http_keepalives | bool | `false` | Prevents Dendrite from keeping HTTP connections open for reuse for future requests. Connections will be closed quicker but we may spend more time on TLS handshakes instead. |
| dendrite_config.federation_api.disable_tls_validation | bool | `false` | Disable TLS validation. This is not recommended in production! |
| dendrite_config.federation_api.key_perspectives | list | `[{"keys":[{"key_id":"ed25519:auto","public_key":"Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"},{"key_id":"ed25519:a_RXGa","public_key":"l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"}],"server_name":"matrix.org"}]` | Perspective keyservers, to use as a backup when direct key fetch requests don't succeed. |
| dendrite_config.federation_api.prefer_direct_fetch | bool | `false` | |
| dendrite_config.federation_api.send_max_retries | int | `16` | Federation failure threshold. How many consecutive failures that we should tolerate when sending federation requests to a specific server. The backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc. The default value is 16 if not specified, which is circa 18 hours. |
| dendrite_config.global.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. |
| dendrite_config.global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
| dendrite_config.global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime |
| dendrite_config.global.database.host | string | `""` | Default database host |
| dendrite_config.global.database.max_idle_conns | int | `5` | Default database maximum idle connections |
| dendrite_config.global.database.max_open_conns | int | `90` | Default database maximum open connections |
| dendrite_config.global.database.password | string | `""` | Default database password |
| dendrite_config.global.database.user | string | `""` | Default database user |
| dendrite_config.global.disable_federation | bool | `false` | Disable federation. Dendrite will not be able to make any outbound HTTP requests to other servers and the federation API will not be exposed. |
| dendrite_config.global.dns_cache.cache_lifetime | string | `"10m"` | Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| dendrite_config.global.dns_cache.cache_size | int | `256` | Maximum number of entries to hold in the DNS cache |
| dendrite_config.global.dns_cache.enabled | bool | `false` | Whether or not the DNS cache is enabled. |
| dendrite_config.global.key_validity_period | string | `"168h0m0s"` | |
| dendrite_config.global.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password |
| dendrite_config.global.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username |
| dendrite_config.global.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. |
| dendrite_config.global.presence | object | `{"enable_inbound":false,"enable_outbound":false}` | Configures the handling of presence events. Inbound controls whether we receive presence events from other servers, outbound controls whether we send presence events for our local users to other servers. |
| dendrite_config.global.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` |
| dendrite_config.global.profiling.port | int | `65432` | pprof port, if enabled |
| dendrite_config.global.report_stats | object | `{"enabled":false,"endpoint":"https://matrix.org/report-usage-stats/push"}` | Configures phone-home statistics reporting. These statistics contain the server name, number of active users and some information on your deployment config. We use this information to understand how Dendrite is being used in the wild. |
| dendrite_config.global.server_name | string | `""` | Servername for this Dendrite deployment |
| dendrite_config.global.server_notices | object | `{"avatar_url":"","display_name":"Server Alerts","enabled":false,"local_part":"_server","room_name":"Server Alerts"}` | Server notices allows server admins to send messages to all users on the server. |
| dendrite_config.global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses. |
| dendrite_config.global.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 |
| dendrite_config.global.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 |
| dendrite_config.logging | list | `[{"level":"info","type":"std"}]` | Default logging configuration |
| dendrite_config.mediaapi.dynamic_thumbnails | bool | `false` | |
| dendrite_config.mediaapi.max_file_size_bytes | string | `"10485760"` | The max file size for uploaded media files |
| dendrite_config.mediaapi.max_thumbnail_generators | int | `10` | The maximum number of simultaneous thumbnail generators to run. |
| dendrite_config.mediaapi.thumbnail_sizes | list | `[{"height":32,"method":"crop","width":32},{"height":96,"method":"crop","width":96},{"height":480,"method":"scale","width":640}]` | A list of thumbnail sizes to be generated for media content. |
| dendrite_config.mscs | object | `{"mscs":["msc2946"]}` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) |
| dendrite_config.sync_api.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. |
| dendrite_config.sync_api.search | object | `{"enabled":true,"language":"en"}` | Configuration for the full-text search engine. |
| dendrite_config.sync_api.search.enabled | bool | `true` | Whether or not search is enabled. |
| dendrite_config.sync_api.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) |
| image.name | string | `"ghcr.io/matrix-org/dendrite-monolith:v0.10.8"` | Docker repository/image to use |
| image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy |
| ingress.annotations | object | `{}` | Extra, custom annotations |
@ -97,10 +107,6 @@ Create a folder `appservices` and place your configurations in there. The confi
| ingress.hostName | string | `""` | |
| ingress.hosts | list | `[]` | |
| ingress.tls | list | `[]` | |
| mediaapi.dynamic_thumbnails | bool | `false` | |
| mediaapi.max_file_size_bytes | string | `"10485760"` | The max file size for uploaded media files |
| mediaapi.max_thumbnail_generators | int | `10` | The maximum number of simultaneous thumbnail generators to run. |
| mediaapi.thumbnail_sizes | list | [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml) | A list of thumbnail sizes to be generated for media content. |
| persistence.jetstream.capacity | string | `"1Gi"` | |
| persistence.jetstream.existingClaim | string | `""` | Use an existing volume claim for jetstream |
| persistence.media.capacity | string | `"1Gi"` | |
@ -120,7 +126,3 @@ Create a folder `appservices` and place your configurations in there. The confi
| service.type | string | `"ClusterIP"` | |
| signing_key.create | bool | `true` | Create a new signing key, if not exists |
| signing_key.existingSecret | string | `""` | Use an existing secret |
| syncapi.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. |
| syncapi.search | object | `{"enabled":false,"language":"en"}` | Configuration for the full-text search engine. |
| syncapi.search.enabled | bool | `false` | Whether or not search is enabled. |
| syncapi.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) |

9
helm/dendrite/ci/ct-postgres-values.yaml
View file

@ -1,9 +0,0 @@
---
postgresql:
enabled: true
primary:
persistence:
size: 1Gi
global:
server_name: "localhost"

6
helm/dendrite/templates/_helpers.tpl
View file

@ -2,13 +2,13 @@
{{- if not .Values.signing_key.create -}}
{{- fail "You must create a signing key for configuration.signing_key. (see https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#server-key-generation)" -}}
{{- end -}}
{{- if not (or .Values.global.database.host .Values.postgresql.enabled) -}}
{{- if not (or .Values.dendrite_config.global.database.host .Values.postgresql.enabled) -}}
{{- fail "Database server must be set." -}}
{{- end -}}
{{- if not (or .Values.global.database.user .Values.postgresql.enabled) -}}
{{- if not (or .Values.dendrite_config.global.database.user .Values.postgresql.enabled) -}}
{{- fail "Database user must be set." -}}
{{- end -}}
{{- if not (or .Values.global.database.password .Values.postgresql.enabled) -}}
{{- if not (or .Values.dendrite_config.global.database.password .Values.postgresql.enabled) -}}
{{- fail "Database password must be set." -}}
{{- end -}}
{{- end -}}

2
helm/dendrite/templates/deployment.yaml
View file

@ -54,7 +54,7 @@ spec:
- name: http
containerPort: 8008
protocol: TCP
{{- if $.Values.global.profiling.enabled }}
{{- if $.Values.dendrite_config.global.profiling.enabled }}
env:
- name: PPROFLISTEN
value: "localhost:{{- $.Values.global.profiling.port -}}"

85
helm/dendrite/templates/secrets.yaml
View file

@ -21,7 +21,7 @@ metadata:
type: Opaque
{{ end }}
{{- $connectionString := print "postgresql://" .Values.global.database.user ":" .Values.global.database.password "@" .Values.global.database.host }}
{{- $connectionString := print "postgresql://" .Values.dendrite_config.global.database.user ":" .Values.dendrite_config.global.database.password "@" .Values.dendrite_config.global.database.host }}
{{- if .Values.postgresql.enabled }}
{{- $connectionString = print "postgresql://" .Values.postgresql.auth.username ":" .Values.postgresql.auth.password "@" .Release.Name "-postgresql/dendrite" -}}
{{ end }}
@ -36,88 +36,57 @@ stringData:
dendrite.yaml: |
version: 2
global:
server_name: {{ .Values.global.server_name }}
server_name: {{ .Values.dendrite_config.global.server_name }}
private_key: /etc/dendrite/secrets/signing.key
key_id: ed25519:auto
key_validity_period: {{ .Values.global.key_validity_period | quote }}
key_validity_period: {{ .Values.dendrite_config.global.key_validity_period | quote }}
database:
connection_string: {{ $connectionString }}?sslmode=disable
max_open_conns: {{ .Values.global.database.max_open_conns }}
max_idle_conns: {{ .Values.global.database.max_idle_conns }}
conn_max_lifetime: {{ .Values.global.database.conn_max_lifetime }}
max_open_conns: {{ .Values.dendrite_config.global.database.max_open_conns }}
max_idle_conns: {{ .Values.dendrite_config.global.database.max_idle_conns }}
conn_max_lifetime: {{ .Values.dendrite_config.global.database.conn_max_lifetime }}
cache:
max_size_estimated: {{ .Values.global.cache.max_size_estimated | quote }}
max_age: {{ .Values.global.cache.max_age }}
well_known_server_name: {{ .Values.global.well_known_server_name | quote }}
well_known_client_name: {{ .Values.global.well_known_client_name | quote }}
max_size_estimated: {{ .Values.dendrite_config.global.cache.max_size_estimated | quote }}
max_age: {{ .Values.dendrite_config.global.cache.max_age }}
well_known_server_name: {{ .Values.dendrite_config.global.well_known_server_name | quote }}
well_known_client_name: {{ .Values.dendrite_config.global.well_known_client_name | quote }}
trusted_third_party_id_servers:
{{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }}
disable_federation: {{ .Values.global.disable_federation }}
{{- toYaml .Values.dendrite_config.global.trusted_third_party_id_servers | nindent 8 }}
disable_federation: {{ .Values.dendrite_config.global.disable_federation }}
report_stats:
{{- toYaml .Values.global.report_stats | nindent 8 }}
{{- toYaml .Values.dendrite_config.global.report_stats | nindent 8 }}
presence:
{{- toYaml .Values.global.presence | nindent 8 }}
{{- toYaml .Values.dendrite_config.global.presence | nindent 8 }}
server_notices:
{{- toYaml .Values.global.server_notices | nindent 8 }}
{{- toYaml .Values.dendrite_config.global.server_notices | nindent 8 }}
jetstream:
in_memory: false
storage_path: /data/jetstream
metrics:
{{- toYaml .Values.global.metrics | nindent 8 }}
{{- toYaml .Values.dendrite_config.global.metrics | nindent 8 }}
dns_cache:
{{- toYaml .Values.global.dns_cache | nindent 8 }}
{{- toYaml .Values.dendrite_config.global.dns_cache | nindent 8 }}
mscs:
mscs:
{{- toYaml .Values.global.mscs | nindent 8 }}
{{- toYaml .Values.dendrite_config.mscs.mscs | nindent 8 }}
app_service_api:
disable_tls_validation: {{ .Values.dendrite_config.app_service_api.disable_tls_validation }}
config_files:
{{- range $x, $y := .Files.Glob "appservices/*" }}
- /etc/dendrite/appservices/{{ base $x }}
{{ end }}
client_api:
{{- with .Values.clientapi }}
registration_disabled: {{ .registration_disabled }}
guests_disabled: {{ .guests_disabled }}
registration_shared_secret: {{ .shared_secret | quote }}
enable_registration_captcha: {{ .enable_registration_captcha }}
recaptcha_public_key: {{ .recaptcha_public_key | quote }}
recaptcha_private_key: {{ .recaptcha_private_key | quote}}
recaptcha_bypass_secret: {{ .recaptcha_bypass_secret | quote}}
recaptcha_siteverify_api: {{ .recaptcha_siteverify_api | quote}}
turn:
{{- toYaml .turn | nindent 8 }}
rate_limiting:
{{- toYaml .rate_limiting | nindent 8 }}
{{ end }}
{{- toYaml .Values.dendrite_config.clientapi | nindent 6 }}
federation_api:
#federation_certificates: []
send_max_retries: {{ .Values.federationapi.send_max_retries }}
disable_tls_validation: {{ .Values.federationapi.disable_tls_validation }}
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }}
{{- toYaml .Values.dendrite_config.federation_api | nindent 6 }}
media_api:
base_path: /data/media_store
max_file_size_bytes: {{ int .Values.mediaapi.max_file_size_bytes }}
dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }}
max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }}
max_file_size_bytes: {{ int .Values.dendrite_config.mediaapi.max_file_size_bytes }}
dynamic_thumbnails: {{ .Values.dendrite_config.mediaapi.dynamic_thumbnails }}
max_thumbnail_generators: {{ .Values.dendrite_config.mediaapi.max_thumbnail_generators }}
thumbnail_sizes:
{{- toYaml .Values.mediaapi.thumbnail_sizes | nindent 8 }}
room_server:
{{- toYaml .Values.dendrite_config.mediaapi.thumbnail_sizes | nindent 8 }}
sync_api:
real_ip_header: {{ .Values.syncapi.real_ip_header }}
search:
enabled: {{ .Values.syncapi.search.enabled }}
index_path: /data/search
language: {{ .Values.syncapi.search.language }}
tracing:
{{- toYaml .Values.global.tracing | nindent 6 }}
{{- toYaml .Values.dendrite_config.sync_api | nindent 6 }}
logging:
{{- if .Values.global.logging }}
{{- toYaml .Values.global.logging | nindent 4 }}
{{ end }}
{{- toYaml .Values.dendrite_config.logging | nindent 6 }}

410
helm/dendrite/values.yaml
View file

@ -36,227 +36,235 @@ persistence:
existingClaim: ""
capacity: "1Gi"
dendrite_config:
global:
# -- Servername for this Dendrite deployment
server_name: ""
global:
# -- Servername for this Dendrite deployment
server_name: ""
# -- The server name to delegate server-server communications to, with optional port
# e.g. localhost:443
well_known_server_name: ""
# -- The server name to delegate server-server communications to, with optional port
# e.g. localhost:443
well_known_server_name: ""
# -- The server name to delegate client-server communications to, with optional port
# e.g. localhost:443
well_known_client_name: ""
# -- The server name to delegate client-server communications to, with optional port
# e.g. localhost:443
well_known_client_name: ""
# -- Lists of domains that the server will trust as identity servers to verify third
# party identifiers such as phone numbers and email addresses.
trusted_third_party_id_servers:
- matrix.org
- vector.im
# -- Lists of domains that the server will trust as identity servers to verify third
# party identifiers such as phone numbers and email addresses.
trusted_third_party_id_servers:
- matrix.org
- vector.im
# -- Disable federation. Dendrite will not be able to make any outbound HTTP requests
# to other servers and the federation API will not be exposed.
disable_federation: false
# -- Disable federation. Dendrite will not be able to make any outbound HTTP requests
# to other servers and the federation API will not be exposed.
disable_federation: false
key_validity_period: 168h0m0s
key_validity_period: 168h0m0s
database:
# -- Default database host
host: ""
# -- Default database user
user: ""
# -- Default database password
password: ""
database:
# -- Default database host
host: ""
# -- Default database user
user: ""
# -- Default database password
password: ""
# -- Default database maximum open connections
max_open_conns: 90
# -- Default database maximum idle connections
max_idle_conns: 5
# -- Default database maximum lifetime
conn_max_lifetime: -1
# -- Default database maximum open connections
max_open_conns: 90
# -- Default database maximum idle connections
max_idle_conns: 5
# -- Default database maximum lifetime
conn_max_lifetime: -1
cache:
# -- The estimated maximum size for the global cache in bytes, or in terabytes,
# gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
# 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
# memory limit for the entire process. A cache that is too small may ultimately
# provide little or no benefit.
max_size_estimated: 1gb
# -- The maximum amount of time that a cache entry can live for in memory before
# it will be evicted and/or refreshed from the database. Lower values result in
# easier admission of new cache entries but may also increase database load in
# comparison to higher values, so adjust conservatively. Higher values may make
# it harder for new items to make it into the cache, e.g. if new rooms suddenly
# become popular.
max_age: 1h
cache:
# -- The estimated maximum size for the global cache in bytes, or in terabytes,
# gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
# 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
# memory limit for the entire process. A cache that is too small may ultimately
# provide little or no benefit.
max_size_estimated: 1gb
# -- The maximum amount of time that a cache entry can live for in memory before
# it will be evicted and/or refreshed from the database. Lower values result in
# easier admission of new cache entries but may also increase database load in
# comparison to higher values, so adjust conservatively. Higher values may make
# it harder for new items to make it into the cache, e.g. if new rooms suddenly
# become popular.
max_age: 1h
# -- Configures phone-home statistics reporting. These statistics contain the server
# name, number of active users and some information on your deployment config.
# We use this information to understand how Dendrite is being used in the wild.
report_stats:
enabled: false
endpoint: https://matrix.org/report-usage-stats/push
# -- Configures phone-home statistics reporting. These statistics contain the server
# name, number of active users and some information on your deployment config.
# We use this information to understand how Dendrite is being used in the wild.
report_stats:
enabled: false
endpoint: https://matrix.org/report-usage-stats/push
# -- Configures the handling of presence events. Inbound controls whether we receive
# presence events from other servers, outbound controls whether we send presence
# events for our local users to other servers.
presence:
enable_inbound: false
enable_outbound: false
# -- Configures the handling of presence events. Inbound controls whether we receive
# presence events from other servers, outbound controls whether we send presence
# events for our local users to other servers.
presence:
enable_inbound: false
enable_outbound: false
# -- Server notices allows server admins to send messages to all users on the server.
server_notices:
enabled: false
# The local part, display name and avatar URL (as a mxc:// URL) for the user that
# will send the server notices. These are visible to all users on the deployment.
local_part: "_server"
display_name: "Server Alerts"
avatar_url: ""
# The room name to be used when sending server notices. This room name will
# appear in user clients.
room_name: "Server Alerts"
# -- Server notices allows server admins to send messages to all users on the server.
server_notices:
enabled: false
# The local part, display name and avatar URL (as a mxc:// URL) for the user that
# will send the server notices. These are visible to all users on the deployment.
local_part: "_server"
display_name: "Server Alerts"
avatar_url: ""
# The room name to be used when sending server notices. This room name will
# appear in user clients.
room_name: "Server Alerts"
# prometheus metrics
metrics:
# -- Whether or not Prometheus metrics are enabled.
enabled: false
# HTTP basic authentication to protect access to monitoring.
basic_auth:
# -- HTTP basic authentication username
user: "metrics"
# -- HTTP basic authentication password
password: metrics
# prometheus metrics
metrics:
# -- Whether or not Prometheus metrics are enabled.
enabled: false
# HTTP basic authentication to protect access to monitoring.
basic_auth:
# -- HTTP basic authentication username
user: "metrics"
# -- HTTP basic authentication password
password: metrics
dns_cache:
# -- Whether or not the DNS cache is enabled.
enabled: false
# -- Maximum number of entries to hold in the DNS cache
cache_size: 256
# -- Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
cache_lifetime: "10m"
dns_cache:
# -- Whether or not the DNS cache is enabled.
enabled: false
# -- Maximum number of entries to hold in the DNS cache
cache_size: 256
# -- Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
cache_lifetime: "10m"
# -- Default logging configuration
# @default -- [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml)
logging:
- type: std
level: info
# -- Default tracing configuration
# @default -- disabled
tracing:
enabled: false
jaeger:
serviceName: ""
disabled: false
rpc_metrics: false
tags: []
sampler: null
reporter: null
headers: null
baggage_restrictions: null
throttler: null
profiling:
# -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF,
# as it will only listen on localhost and the defined port.
# e.g. `kubectl port-forward deployments/dendrite 65432:65432`
enabled: false
# -- pprof port, if enabled
port: 65432
profiling:
# -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF,
# as it will only listen on localhost and the defined port.
# e.g. `kubectl port-forward deployments/dendrite 65432:65432`
enabled: false
# -- pprof port, if enabled
port: 65432
# -- Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946)
mscs:
- msc2946
# A list of enabled MSC's
# Currently valid values are:
# - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
clientapi:
# -- Prevents new users from being able to register on this homeserver, except when
# using the registration shared secret below.
registration_disabled: true
# Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above.
guests_disabled: true
# -- If set, allows registration by anyone who knows the shared secret, regardless of
# whether registration is otherwise disabled.
shared_secret: ""
# -- enable reCAPTCHA registration
enable_registration_captcha: false
# -- reCAPTCHA public key
recaptcha_public_key: ""
# -- reCAPTCHA private key
recaptcha_private_key: ""
# -- reCAPTCHA bypass secret
recaptcha_bypass_secret: ""
recaptcha_siteverify_api: ""
# TURN server information that this homeserver should send to clients.
turn:
# -- Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
turn_user_lifetime: "24h"
turn_uris: []
turn_shared_secret: ""
# -- The TURN username
turn_username: ""
# -- The TURN password
turn_password: ""
rate_limiting:
# -- Enable rate limiting
enabled: true
# -- After how many requests a rate limit should be activated
threshold: 20
# -- Cooloff time in milliseconds
cooloff_ms: 500
# -- Users which should be exempt from rate limiting
exempt_user_ids:
federationapi:
send_max_retries: 16
# -- Disable TLS validation
disable_tls_validation: false
prefer_direct_fetch: false
mscs:
- msc2946
# A list of enabled MSC's
# Currently valid values are:
# - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
mediaapi:
# -- The max file size for uploaded media files
max_file_size_bytes: "10485760"
# Whether to dynamically generate thumbnails if needed.
dynamic_thumbnails: false
# -- The maximum number of simultaneous thumbnail generators to run.
max_thumbnail_generators: 10
# -- A list of thumbnail sizes to be generated for media content.
# @default -- [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml)
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 640
height: 480
method: scale
app_service_api:
# -- Disable the validation of TLS certificates of appservices. This is
# not recommended in production since it may allow appservice traffic
# to be sent to an insecure endpoint.
disable_tls_validation: false
syncapi:
# -- This option controls which HTTP header to inspect to find the real remote IP
# address of the client. This is likely required if Dendrite is running behind
# a reverse proxy server.
real_ip_header: X-Real-IP
# -- Configuration for the full-text search engine.
search:
# -- Whether or not search is enabled.
enabled: false
# -- The language most likely to be used on the server - used when indexing, to
# ensure the returned results match expectations. A full list of possible languages
# can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46)
language: "en"
clientapi:
# -- Prevents new users from being able to register on this homeserver, except when
# using the registration shared secret below.
registration_disabled: true
# Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above.
guests_disabled: true
# -- If set, allows registration by anyone who knows the shared secret, regardless of
# whether registration is otherwise disabled.
shared_secret: ""
# -- enable reCAPTCHA registration
enable_registration_captcha: false
# -- reCAPTCHA public key
recaptcha_public_key: ""
# -- reCAPTCHA private key
recaptcha_private_key: ""
# -- reCAPTCHA bypass secret
recaptcha_bypass_secret: ""
recaptcha_siteverify_api: ""
# TURN server information that this homeserver should send to clients.
turn:
# -- Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
turn_user_lifetime: "24h"
turn_uris: []
turn_shared_secret: ""
# -- The TURN username
turn_username: ""
# -- The TURN password
turn_password: ""
rate_limiting:
# -- Enable rate limiting
enabled: true
# -- After how many requests a rate limit should be activated
threshold: 20
# -- Cooloff time in milliseconds
cooloff_ms: 500
# -- Users which should be exempt from rate limiting
exempt_user_ids:
federation_api:
# -- Federation failure threshold. How many consecutive failures that we should
# tolerate when sending federation requests to a specific server. The backoff
# is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc.
# The default value is 16 if not specified, which is circa 18 hours.
send_max_retries: 16
# -- Disable TLS validation. This is not recommended in production!
disable_tls_validation: false
prefer_direct_fetch: false
# -- Prevents Dendrite from keeping HTTP connections
# open for reuse for future requests. Connections will be closed quicker
# but we may spend more time on TLS handshakes instead.
disable_http_keepalives: false
# -- Perspective keyservers, to use as a backup when direct key fetch
# requests don't succeed.
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
mediaapi:
# -- The max file size for uploaded media files
max_file_size_bytes: "10485760"
# Whether to dynamically generate thumbnails if needed.
dynamic_thumbnails: false
# -- The maximum number of simultaneous thumbnail generators to run.
max_thumbnail_generators: 10
# -- A list of thumbnail sizes to be generated for media content.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 640
height: 480
method: scale
sync_api:
# -- This option controls which HTTP header to inspect to find the real remote IP
# address of the client. This is likely required if Dendrite is running behind
# a reverse proxy server.
real_ip_header: X-Real-IP
# -- Configuration for the full-text search engine.
search:
# -- Whether or not search is enabled.
enabled: true
# -- The language most likely to be used on the server - used when indexing, to
# ensure the returned results match expectations. A full list of possible languages
# can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46)
language: "en"
# -- Default logging configuration
logging:
- type: std
level: info
postgresql:
# -- Enable and configure postgres as the database for dendrite.