mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-21 04:53:14 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move dendrite configuration again

Browse source
This commit is contained in:
Till Faelligen 2023-01-06 10:24:31 +01:00
parent 37b251dd99
commit 37fa1fcde3
No known key found for this signature in database
GPG key ID: ACCDC9606D472758
6 changed files with 298 additions and 328 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

114
helm/dendrite/README.md
View file

@ -41,54 +41,64 @@ Create a folder `appservices` and place your configurations in there. The confi
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| clientapi.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration | | dendrite_config.app_service_api.disable_tls_validation | bool | `false` | Disable the validation of TLS certificates of appservices. This is not recommended in production since it may allow appservice traffic to be sent to an insecure endpoint. |
| clientapi.guests_disabled | bool | `true` | | | dendrite_config.clientapi.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration |
| clientapi.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds | | dendrite_config.clientapi.guests_disabled | bool | `true` | |
| clientapi.rate_limiting.enabled | bool | `true` | Enable rate limiting | | dendrite_config.clientapi.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds |
| clientapi.rate_limiting.exempt_user_ids | string | `nil` | Users which should be exempt from rate limiting | | dendrite_config.clientapi.rate_limiting.enabled | bool | `true` | Enable rate limiting |
| clientapi.rate_limiting.threshold | int | `20` | After how many requests a rate limit should be activated | | dendrite_config.clientapi.rate_limiting.exempt_user_ids | string | `nil` | Users which should be exempt from rate limiting |
| clientapi.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret | | dendrite_config.clientapi.rate_limiting.threshold | int | `20` | After how many requests a rate limit should be activated |
| clientapi.recaptcha_private_key | string | `""` | reCAPTCHA private key | | dendrite_config.clientapi.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret |
| clientapi.recaptcha_public_key | string | `""` | reCAPTCHA public key | | dendrite_config.clientapi.recaptcha_private_key | string | `""` | reCAPTCHA private key |
| clientapi.recaptcha_siteverify_api | string | `""` | | | dendrite_config.clientapi.recaptcha_public_key | string | `""` | reCAPTCHA public key |
| clientapi.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. | | dendrite_config.clientapi.recaptcha_siteverify_api | string | `""` | |
| clientapi.shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. | | dendrite_config.clientapi.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. |
| clientapi.turn.turn_password | string | `""` | The TURN password | | dendrite_config.clientapi.shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. |
| clientapi.turn.turn_shared_secret | string | `""` | | | dendrite_config.clientapi.turn.turn_password | string | `""` | The TURN password |
| clientapi.turn.turn_uris | list | `[]` | | | dendrite_config.clientapi.turn.turn_shared_secret | string | `""` | |
| clientapi.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) | | dendrite_config.clientapi.turn.turn_uris | list | `[]` | |
| clientapi.turn.turn_username | string | `""` | The TURN username | | dendrite_config.clientapi.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| federationapi.disable_tls_validation | bool | `false` | Disable TLS validation | | dendrite_config.clientapi.turn.turn_username | string | `""` | The TURN username |
| federationapi.prefer_direct_fetch | bool | `false` | | | dendrite_config.federation_api.disable_http_keepalives | bool | `false` | Prevents Dendrite from keeping HTTP connections open for reuse for future requests. Connections will be closed quicker but we may spend more time on TLS handshakes instead. |
| federationapi.send_max_retries | int | `16` | | | dendrite_config.federation_api.disable_tls_validation | bool | `false` | Disable TLS validation. This is not recommended in production! |
| global.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. | | dendrite_config.federation_api.key_perspectives | list | `[{"keys":[{"key_id":"ed25519:auto","public_key":"Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"},{"key_id":"ed25519:a_RXGa","public_key":"l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"}],"server_name":"matrix.org"}]` | Perspective keyservers, to use as a backup when direct key fetch requests don't succeed. |
| global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. | | dendrite_config.federation_api.prefer_direct_fetch | bool | `false` | |
| global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime | | dendrite_config.federation_api.send_max_retries | int | `16` | Federation failure threshold. How many consecutive failures that we should tolerate when sending federation requests to a specific server. The backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc. The default value is 16 if not specified, which is circa 18 hours. |
| global.database.host | string | `""` | Default database host | | dendrite_config.global.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. |
| global.database.max_idle_conns | int | `5` | Default database maximum idle connections | | dendrite_config.global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
| global.database.max_open_conns | int | `90` | Default database maximum open connections | | dendrite_config.global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime |
| global.database.password | string | `""` | Default database password | | dendrite_config.global.database.host | string | `""` | Default database host |
| global.database.user | string | `""` | Default database user | | dendrite_config.global.database.max_idle_conns | int | `5` | Default database maximum idle connections |
| global.disable_federation | bool | `false` | Disable federation. Dendrite will not be able to make any outbound HTTP requests to other servers and the federation API will not be exposed. | | dendrite_config.global.database.max_open_conns | int | `90` | Default database maximum open connections |
| global.dns_cache.cache_lifetime | string | `"10m"` | Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) | | dendrite_config.global.database.password | string | `""` | Default database password |
| global.dns_cache.cache_size | int | `256` | Maximum number of entries to hold in the DNS cache | | dendrite_config.global.database.user | string | `""` | Default database user |
| global.dns_cache.enabled | bool | `false` | Whether or not the DNS cache is enabled. | | dendrite_config.global.disable_federation | bool | `false` | Disable federation. Dendrite will not be able to make any outbound HTTP requests to other servers and the federation API will not be exposed. |
| global.key_validity_period | string | `"168h0m0s"` | | | dendrite_config.global.dns_cache.cache_lifetime | string | `"10m"` | Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) |
| global.logging | list | [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml) | Default logging configuration | | dendrite_config.global.dns_cache.cache_size | int | `256` | Maximum number of entries to hold in the DNS cache |
| global.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password | | dendrite_config.global.dns_cache.enabled | bool | `false` | Whether or not the DNS cache is enabled. |
| global.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username | | dendrite_config.global.key_validity_period | string | `"168h0m0s"` | |
| global.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. | | dendrite_config.global.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password |
| global.mscs | list | `["msc2946"]` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) | | dendrite_config.global.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username |
| global.presence | object | `{"enable_inbound":false,"enable_outbound":false}` | Configures the handling of presence events. Inbound controls whether we receive presence events from other servers, outbound controls whether we send presence events for our local users to other servers. | | dendrite_config.global.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. |
| global.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` | | dendrite_config.global.presence | object | `{"enable_inbound":false,"enable_outbound":false}` | Configures the handling of presence events. Inbound controls whether we receive presence events from other servers, outbound controls whether we send presence events for our local users to other servers. |
| global.profiling.port | int | `65432` | pprof port, if enabled | | dendrite_config.global.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` |
| global.report_stats | object | `{"enabled":false,"endpoint":"https://matrix.org/report-usage-stats/push"}` | Configures phone-home statistics reporting. These statistics contain the server name, number of active users and some information on your deployment config. We use this information to understand how Dendrite is being used in the wild. | | dendrite_config.global.profiling.port | int | `65432` | pprof port, if enabled |
| global.server_name | string | `""` | Servername for this Dendrite deployment | | dendrite_config.global.report_stats | object | `{"enabled":false,"endpoint":"https://matrix.org/report-usage-stats/push"}` | Configures phone-home statistics reporting. These statistics contain the server name, number of active users and some information on your deployment config. We use this information to understand how Dendrite is being used in the wild. |
| global.server_notices | object | `{"avatar_url":"","display_name":"Server Alerts","enabled":false,"local_part":"_server","room_name":"Server Alerts"}` | Server notices allows server admins to send messages to all users on the server. | | dendrite_config.global.server_name | string | `""` | Servername for this Dendrite deployment |
| global.tracing | object | disabled | Default tracing configuration | | dendrite_config.global.server_notices | object | `{"avatar_url":"","display_name":"Server Alerts","enabled":false,"local_part":"_server","room_name":"Server Alerts"}` | Server notices allows server admins to send messages to all users on the server. |
| global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses. | | dendrite_config.global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses. |
| global.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 | | dendrite_config.global.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 |
| global.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 | | dendrite_config.global.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 |
| dendrite_config.logging | list | `[{"level":"info","type":"std"}]` | Default logging configuration |
| dendrite_config.mediaapi.dynamic_thumbnails | bool | `false` | |
| dendrite_config.mediaapi.max_file_size_bytes | string | `"10485760"` | The max file size for uploaded media files |
| dendrite_config.mediaapi.max_thumbnail_generators | int | `10` | The maximum number of simultaneous thumbnail generators to run. |
| dendrite_config.mediaapi.thumbnail_sizes | list | `[{"height":32,"method":"crop","width":32},{"height":96,"method":"crop","width":96},{"height":480,"method":"scale","width":640}]` | A list of thumbnail sizes to be generated for media content. |
| dendrite_config.mscs | object | `{"mscs":["msc2946"]}` | Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) |
| dendrite_config.sync_api.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. |
| dendrite_config.sync_api.search | object | `{"enabled":true,"language":"en"}` | Configuration for the full-text search engine. |
| dendrite_config.sync_api.search.enabled | bool | `true` | Whether or not search is enabled. |
| dendrite_config.sync_api.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) |
| image.name | string | `"ghcr.io/matrix-org/dendrite-monolith:v0.10.8"` | Docker repository/image to use | | image.name | string | `"ghcr.io/matrix-org/dendrite-monolith:v0.10.8"` | Docker repository/image to use |
| image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy | | image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy |
| ingress.annotations | object | `{}` | Extra, custom annotations | | ingress.annotations | object | `{}` | Extra, custom annotations |
@ -97,10 +107,6 @@ Create a folder `appservices` and place your configurations in there. The confi
| ingress.hostName | string | `""` | | | ingress.hostName | string | `""` | |
| ingress.hosts | list | `[]` | | | ingress.hosts | list | `[]` | |
| ingress.tls | list | `[]` | | | ingress.tls | list | `[]` | |
| mediaapi.dynamic_thumbnails | bool | `false` | |
| mediaapi.max_file_size_bytes | string | `"10485760"` | The max file size for uploaded media files |
| mediaapi.max_thumbnail_generators | int | `10` | The maximum number of simultaneous thumbnail generators to run. |
| mediaapi.thumbnail_sizes | list | [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml) | A list of thumbnail sizes to be generated for media content. |
| persistence.jetstream.capacity | string | `"1Gi"` | | | persistence.jetstream.capacity | string | `"1Gi"` | |
| persistence.jetstream.existingClaim | string | `""` | Use an existing volume claim for jetstream | | persistence.jetstream.existingClaim | string | `""` | Use an existing volume claim for jetstream |
| persistence.media.capacity | string | `"1Gi"` | | | persistence.media.capacity | string | `"1Gi"` | |
@ -120,7 +126,3 @@ Create a folder `appservices` and place your configurations in there. The confi
| service.type | string | `"ClusterIP"` | | | service.type | string | `"ClusterIP"` | |
| signing_key.create | bool | `true` | Create a new signing key, if not exists | | signing_key.create | bool | `true` | Create a new signing key, if not exists |
| signing_key.existingSecret | string | `""` | Use an existing secret | | signing_key.existingSecret | string | `""` | Use an existing secret |
| syncapi.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. |
| syncapi.search | object | `{"enabled":false,"language":"en"}` | Configuration for the full-text search engine. |
| syncapi.search.enabled | bool | `false` | Whether or not search is enabled. |
| syncapi.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) |

9
helm/dendrite/ci/ct-postgres-values.yaml
View file

@ -1,9 +0,0 @@
---
postgresql:
enabled: true
primary:
persistence:
size: 1Gi
global:
server_name: "localhost"

6
helm/dendrite/templates/_helpers.tpl
View file

@ -2,13 +2,13 @@
{{- if not .Values.signing_key.create -}} {{- if not .Values.signing_key.create -}}
{{- fail "You must create a signing key for configuration.signing_key. (see https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#server-key-generation)" -}} {{- fail "You must create a signing key for configuration.signing_key. (see https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#server-key-generation)" -}}
{{- end -}} {{- end -}}
{{- if not (or .Values.global.database.host .Values.postgresql.enabled) -}} {{- if not (or .Values.dendrite_config.global.database.host .Values.postgresql.enabled) -}}
{{- fail "Database server must be set." -}} {{- fail "Database server must be set." -}}
{{- end -}} {{- end -}}
{{- if not (or .Values.global.database.user .Values.postgresql.enabled) -}} {{- if not (or .Values.dendrite_config.global.database.user .Values.postgresql.enabled) -}}
{{- fail "Database user must be set." -}} {{- fail "Database user must be set." -}}
{{- end -}} {{- end -}}
{{- if not (or .Values.global.database.password .Values.postgresql.enabled) -}} {{- if not (or .Values.dendrite_config.global.database.password .Values.postgresql.enabled) -}}
{{- fail "Database password must be set." -}} {{- fail "Database password must be set." -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

2
helm/dendrite/templates/deployment.yaml
View file

@ -54,7 +54,7 @@ spec:
- name: http - name: http
containerPort: 8008 containerPort: 8008
protocol: TCP protocol: TCP
{{- if $.Values.global.profiling.enabled }} {{- if $.Values.dendrite_config.global.profiling.enabled }}
env: env:
- name: PPROFLISTEN - name: PPROFLISTEN
value: "localhost:{{- $.Values.global.profiling.port -}}" value: "localhost:{{- $.Values.global.profiling.port -}}"

85
helm/dendrite/templates/secrets.yaml
View file

@ -21,7 +21,7 @@ metadata:
type: Opaque type: Opaque
{{ end }} {{ end }}
{{- $connectionString := print "postgresql://" .Values.global.database.user ":" .Values.global.database.password "@" .Values.global.database.host }} {{- $connectionString := print "postgresql://" .Values.dendrite_config.global.database.user ":" .Values.dendrite_config.global.database.password "@" .Values.dendrite_config.global.database.host }}
{{- if .Values.postgresql.enabled }} {{- if .Values.postgresql.enabled }}
{{- $connectionString = print "postgresql://" .Values.postgresql.auth.username ":" .Values.postgresql.auth.password "@" .Release.Name "-postgresql/dendrite" -}} {{- $connectionString = print "postgresql://" .Values.postgresql.auth.username ":" .Values.postgresql.auth.password "@" .Release.Name "-postgresql/dendrite" -}}
{{ end }} {{ end }}
@ -36,88 +36,57 @@ stringData:
dendrite.yaml: | dendrite.yaml: |
version: 2 version: 2
global: global:
server_name: {{ .Values.global.server_name }} server_name: {{ .Values.dendrite_config.global.server_name }}
private_key: /etc/dendrite/secrets/signing.key private_key: /etc/dendrite/secrets/signing.key
key_id: ed25519:auto key_id: ed25519:auto
key_validity_period: {{ .Values.global.key_validity_period | quote }} key_validity_period: {{ .Values.dendrite_config.global.key_validity_period | quote }}
database: database:
connection_string: {{ $connectionString }}?sslmode=disable connection_string: {{ $connectionString }}?sslmode=disable
max_open_conns: {{ .Values.global.database.max_open_conns }} max_open_conns: {{ .Values.dendrite_config.global.database.max_open_conns }}
max_idle_conns: {{ .Values.global.database.max_idle_conns }} max_idle_conns: {{ .Values.dendrite_config.global.database.max_idle_conns }}
conn_max_lifetime: {{ .Values.global.database.conn_max_lifetime }} conn_max_lifetime: {{ .Values.dendrite_config.global.database.conn_max_lifetime }}
cache: cache:
max_size_estimated: {{ .Values.global.cache.max_size_estimated | quote }} max_size_estimated: {{ .Values.dendrite_config.global.cache.max_size_estimated | quote }}
max_age: {{ .Values.global.cache.max_age }} max_age: {{ .Values.dendrite_config.global.cache.max_age }}
well_known_server_name: {{ .Values.global.well_known_server_name | quote }} well_known_server_name: {{ .Values.dendrite_config.global.well_known_server_name | quote }}
well_known_client_name: {{ .Values.global.well_known_client_name | quote }} well_known_client_name: {{ .Values.dendrite_config.global.well_known_client_name | quote }}
trusted_third_party_id_servers: trusted_third_party_id_servers:
{{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }} {{- toYaml .Values.dendrite_config.global.trusted_third_party_id_servers | nindent 8 }}
disable_federation: {{ .Values.global.disable_federation }} disable_federation: {{ .Values.dendrite_config.global.disable_federation }}
report_stats: report_stats:
{{- toYaml .Values.global.report_stats | nindent 8 }} {{- toYaml .Values.dendrite_config.global.report_stats | nindent 8 }}
presence: presence:
{{- toYaml .Values.global.presence | nindent 8 }} {{- toYaml .Values.dendrite_config.global.presence | nindent 8 }}
server_notices: server_notices:
{{- toYaml .Values.global.server_notices | nindent 8 }} {{- toYaml .Values.dendrite_config.global.server_notices | nindent 8 }}
jetstream: jetstream:
in_memory: false in_memory: false
storage_path: /data/jetstream storage_path: /data/jetstream
metrics: metrics:
{{- toYaml .Values.global.metrics | nindent 8 }} {{- toYaml .Values.dendrite_config.global.metrics | nindent 8 }}
dns_cache: dns_cache:
{{- toYaml .Values.global.dns_cache | nindent 8 }} {{- toYaml .Values.dendrite_config.global.dns_cache | nindent 8 }}
mscs: mscs:
mscs: mscs:
{{- toYaml .Values.global.mscs | nindent 8 }} {{- toYaml .Values.dendrite_config.mscs.mscs | nindent 8 }}
app_service_api: app_service_api:
disable_tls_validation: {{ .Values.dendrite_config.app_service_api.disable_tls_validation }}
config_files: config_files:
{{- range $x, $y := .Files.Glob "appservices/*" }} {{- range $x, $y := .Files.Glob "appservices/*" }}
- /etc/dendrite/appservices/{{ base $x }} - /etc/dendrite/appservices/{{ base $x }}
{{ end }} {{ end }}
client_api: client_api:
{{- with .Values.clientapi }} {{- toYaml .Values.dendrite_config.clientapi | nindent 6 }}
registration_disabled: {{ .registration_disabled }}
guests_disabled: {{ .guests_disabled }}
registration_shared_secret: {{ .shared_secret | quote }}
enable_registration_captcha: {{ .enable_registration_captcha }}
recaptcha_public_key: {{ .recaptcha_public_key | quote }}
recaptcha_private_key: {{ .recaptcha_private_key | quote}}
recaptcha_bypass_secret: {{ .recaptcha_bypass_secret | quote}}
recaptcha_siteverify_api: {{ .recaptcha_siteverify_api | quote}}
turn:
{{- toYaml .turn | nindent 8 }}
rate_limiting:
{{- toYaml .rate_limiting | nindent 8 }}
{{ end }}
federation_api: federation_api:
#federation_certificates: [] {{- toYaml .Values.dendrite_config.federation_api | nindent 6 }}
send_max_retries: {{ .Values.federationapi.send_max_retries }}
disable_tls_validation: {{ .Values.federationapi.disable_tls_validation }}
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }}
media_api: media_api:
base_path: /data/media_store base_path: /data/media_store
max_file_size_bytes: {{ int .Values.mediaapi.max_file_size_bytes }} max_file_size_bytes: {{ int .Values.dendrite_config.mediaapi.max_file_size_bytes }}
dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }} dynamic_thumbnails: {{ .Values.dendrite_config.mediaapi.dynamic_thumbnails }}
max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }} max_thumbnail_generators: {{ .Values.dendrite_config.mediaapi.max_thumbnail_generators }}
thumbnail_sizes: thumbnail_sizes:
{{- toYaml .Values.mediaapi.thumbnail_sizes | nindent 8 }} {{- toYaml .Values.dendrite_config.mediaapi.thumbnail_sizes | nindent 8 }}
room_server:
sync_api: sync_api:
real_ip_header: {{ .Values.syncapi.real_ip_header }} {{- toYaml .Values.dendrite_config.sync_api | nindent 6 }}
search:
enabled: {{ .Values.syncapi.search.enabled }}
index_path: /data/search
language: {{ .Values.syncapi.search.language }}
tracing:
{{- toYaml .Values.global.tracing | nindent 6 }}
logging: logging:
{{- if .Values.global.logging }} {{- toYaml .Values.dendrite_config.logging | nindent 6 }}
{{- toYaml .Values.global.logging | nindent 4 }}
{{ end }}

64
helm/dendrite/values.yaml
View file

@ -36,7 +36,7 @@ persistence:
existingClaim: "" existingClaim: ""
capacity: "1Gi" capacity: "1Gi"
dendrite_config:
global: global:
# -- Servername for this Dendrite deployment # -- Servername for this Dendrite deployment
server_name: "" server_name: ""
@ -136,27 +136,6 @@ global:
# -- Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) # -- Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
cache_lifetime: "10m" cache_lifetime: "10m"
# -- Default logging configuration
# @default -- [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml)
logging:
- type: std
level: info
# -- Default tracing configuration
# @default -- disabled
tracing:
enabled: false
jaeger:
serviceName: ""
disabled: false
rpc_metrics: false
tags: []
sampler: null
reporter: null
headers: null
baggage_restrictions: null
throttler: null
profiling: profiling:
# -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, # -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF,
# as it will only listen on localhost and the defined port. # as it will only listen on localhost and the defined port.
@ -166,6 +145,7 @@ global:
port: 65432 port: 65432
# -- Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946) # -- Configuration for experimental MSC's. (Valid values are: msc2836 and msc2946)
mscs:
mscs: mscs:
- msc2946 - msc2946
# A list of enabled MSC's # A list of enabled MSC's
@ -173,6 +153,14 @@ global:
# - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
app_service_api:
# -- Disable the validation of TLS certificates of appservices. This is
# not recommended in production since it may allow appservice traffic
# to be sent to an insecure endpoint.
disable_tls_validation: false
clientapi: clientapi:
# -- Prevents new users from being able to register on this homeserver, except when # -- Prevents new users from being able to register on this homeserver, except when
# using the registration shared secret below. # using the registration shared secret below.
@ -217,12 +205,28 @@ clientapi:
# -- Users which should be exempt from rate limiting # -- Users which should be exempt from rate limiting
exempt_user_ids: exempt_user_ids:
federationapi: federation_api:
# -- Federation failure threshold. How many consecutive failures that we should
# tolerate when sending federation requests to a specific server. The backoff
# is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc.
# The default value is 16 if not specified, which is circa 18 hours.
send_max_retries: 16 send_max_retries: 16
# -- Disable TLS validation # -- Disable TLS validation. This is not recommended in production!
disable_tls_validation: false disable_tls_validation: false
prefer_direct_fetch: false prefer_direct_fetch: false
# -- Prevents Dendrite from keeping HTTP connections
# open for reuse for future requests. Connections will be closed quicker
# but we may spend more time on TLS handshakes instead.
disable_http_keepalives: false
# -- Perspective keyservers, to use as a backup when direct key fetch
# requests don't succeed.
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
mediaapi: mediaapi:
# -- The max file size for uploaded media files # -- The max file size for uploaded media files
@ -232,7 +236,6 @@ mediaapi:
# -- The maximum number of simultaneous thumbnail generators to run. # -- The maximum number of simultaneous thumbnail generators to run.
max_thumbnail_generators: 10 max_thumbnail_generators: 10
# -- A list of thumbnail sizes to be generated for media content. # -- A list of thumbnail sizes to be generated for media content.
# @default -- [default dendrite config values](https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml)
thumbnail_sizes: thumbnail_sizes:
- width: 32 - width: 32
height: 32 height: 32
@ -244,7 +247,7 @@ mediaapi:
height: 480 height: 480
method: scale method: scale
syncapi: sync_api:
# -- This option controls which HTTP header to inspect to find the real remote IP # -- This option controls which HTTP header to inspect to find the real remote IP
# address of the client. This is likely required if Dendrite is running behind # address of the client. This is likely required if Dendrite is running behind
# a reverse proxy server. # a reverse proxy server.
@ -252,12 +255,17 @@ syncapi:
# -- Configuration for the full-text search engine. # -- Configuration for the full-text search engine.
search: search:
# -- Whether or not search is enabled. # -- Whether or not search is enabled.
enabled: false enabled: true
# -- The language most likely to be used on the server - used when indexing, to # -- The language most likely to be used on the server - used when indexing, to
# ensure the returned results match expectations. A full list of possible languages # ensure the returned results match expectations. A full list of possible languages
# can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) # can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46)
language: "en" language: "en"
# -- Default logging configuration
logging:
- type: std
level: info
postgresql: postgresql:
# -- Enable and configure postgres as the database for dendrite. # -- Enable and configure postgres as the database for dendrite.
# @default -- See value.yaml # @default -- See value.yaml