diff --git a/apps/base/matrix/release.yaml b/apps/base/matrix/release.yaml
index 2a06be944ccee53305698e5d5e3d49418418f1f8..478eecba0774884d056423b0cce6cb008b4d868e 100644
--- a/apps/base/matrix/release.yaml
+++ b/apps/base/matrix/release.yaml
@@ -22,7 +22,22 @@ spec:
upgrade:
remediation:
retries: -1
- values:
+ valuesFrom:
+ - kind: ConfigMap
+ name: matrix-base-values
+ valuesKey: values.yaml
+ - kind: Secret
+ name: matrix-override-values
+ valuesKey: values-overrides.yaml
+ optional: true
+ values: {}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: matrix-base-values
+data:
+ values.yaml: |
image:
repository: docker.io/matrixdotorg/synapse
# serverName: example.com
@@ -79,6 +94,8 @@ spec:
postgresql:
enabled: false
externalPostgresql:
+ host: matrix-postgres.matrix.svc.cluster.local
+ existingSecret: synapse.matrix-postgres.credentials.postgresql.acid.zalan.do
existingSecretPasswordKey: password
sslmode: prefer
redis:
diff --git a/apps/k8s01/matrix/matrix-synapse-values.yaml b/apps/k8s01/matrix/matrix-synapse-values.yaml
index 5d6d87dad8145218197e269aa1a8c418df51aab0..dede63dfe8cbe2ed20776dbaa50d1e9cf6b12fd9 100644
--- a/apps/k8s01/matrix/matrix-synapse-values.yaml
+++ b/apps/k8s01/matrix/matrix-synapse-values.yaml
@@ -1,84 +1,18 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
+apiVersion: v1
+kind: Secret
metadata:
- name: matrix-synapse
- namespace: matrix
-spec:
- values:
- serverName: ENC[AES256_GCM,data:Lo0s/0SBf10jHnUI9G5Y1m50QA==,iv:hsQu/HgrG5NTEHTRcjWt9fWZZNR87OFsvh1WIBWhRv0=,tag:CbFQBnUh5rILhEg2rIdQYg==,type:str]
- publicServerName: ENC[AES256_GCM,data:ksi//ovaD/F/JiYXmPM7qmvnmZnVNrDp5dc=,iv:4p++sIgfEx6tmuZYPHgljuAVPAIIOk34Ub3FTfrvBYo=,tag:QQ8gILJG/iTyGCRXR3o3uA==,type:str]
- externalPostgresql:
- host: ENC[AES256_GCM,data:gBVjOzfXCYsIq/OBAWPf,iv:MoP+2ZD/TAtGNr/Yc753a3p6rRW7s5wG+NRyhx/LvaQ=,tag:+eZkjt3RpyUfSP9UVw5euA==,type:str]
- existingSecret: ENC[AES256_GCM,data:eVvqPriv0C6MGNeOUqSE3RjeX1SiNvXwMEfoKJY8cGEH4f3UQ5Zyau4LNryw6TnWvlNtPChujUpLy10N,iv:K8FHKN5riQFdPNvgjUwVVB40pUnQuV2mcNxrbBZrZu8=,tag:AQkP0vFfOd+JdVKlDXENYQ==,type:str]
- synapse:
- enableRegistration: false
- macaroonSecretKey: ENC[AES256_GCM,data:9npXehMLKQGWoegLa12+sH/0mun0FxiY9b0ijTRA9yhGZghSVzaMT6h0Cuu4TCn3w3TtFkGxg3T0tb3IVd6Y73bMDWV5bcleNe9VpS6uHyOGK74UdjoHbopdxK0WN408nIeeH1+AbCk/1ZXxSMuWLaeCBA/MXmMmMg3d2PKxi00=,iv:Dq7JVBqJ1ZEJ8DaR+jC8NgqOk3X7sCyAezBI6+yugO8=,tag:JLShlwqBSzJNRbiDqHsang==,type:str]
- extraSecrets:
- presence:
- enabled: ENC[AES256_GCM,data:JuyRPsk=,iv:GDm8A7OGt5hlm+xYv6gnYNiJi4BzkM8E9KQ7zCrxpw0=,tag:xbJ8RfCt9FccJgMEPn9w3w==,type:bool]
- password_config:
- enabled: ENC[AES256_GCM,data:txK2ih8=,iv:rIAFOrqfsGTYb0Q+qeV+C0FteKqfHtZIL5sLX4l4upo=,tag:OAZMjlT7b/yp+d+nwudylQ==,type:bool]
- url_preview_enabled: ENC[AES256_GCM,data:FKVC+Q==,iv:EUlSRqhTI4uWx1Q1Hb7SNGW6fYPrJqOSz8K4Wnm5SSM=,tag:1vZPPX8zUBKXE76TROSLqg==,type:bool]
- url_preview_ip_range_blacklist:
- - ENC[AES256_GCM,data:TEVlvc6FJ4uaVv4=,iv:QzkMe9Z2DKRKW0hLGpc7H1QhFwVsq2U8tIBtSz/Ey3Y=,tag:19pPh8i0uyZbCMBsvXsc6w==,type:str]
- - ENC[AES256_GCM,data:nwNnVRmFyyUFvA==,iv:N+/bnfXrYrxBXC+eu+HI5/r4+6nmDv/u6k/C3Kq9V7g=,tag:81teKeyRyo+Ls2OKodrJ+A==,type:str]
- - ENC[AES256_GCM,data:LDIbUlCgXwxN52npRA==,iv:CO/CP+9taE4kmTIOqjfRDBmRLWZgsiFgVVqiaOq/f98=,tag:xbBB9xUqu4lOLjzZLLDfhQ==,type:str]
- - ENC[AES256_GCM,data:mJgLQLMJsc/aSKptu5U=,iv:Qou6DVsPVu2T50IZmJH32QCGIvgXJ3mklnGTGJqP/fg=,tag:paMxk7yQExPgAG4j5mn21g==,type:str]
- - ENC[AES256_GCM,data:XH94dyXWRDdJYBFgBQ==,iv:r46IyEe5KsJ1baNVxkvs+hV/Z/flvRi+U0AkNgglz9k=,tag:Rkc2NlGcohc3hInxmw3fVQ==,type:str]
- - ENC[AES256_GCM,data:zfzn6OWYwde8aQ+//jg=,iv:3P/LiJAosY6R+mZYUT/gcBdMX3hWX5wL8/mSQWQ3P1s=,tag:WpQ0h6uamM1jm9T/u6YTZw==,type:str]
- - ENC[AES256_GCM,data:2Wt07LRWWQ==,iv:v0VJ/jJFYkAVU1FWfC3csTU6hQ4UGyITxP1fvgnR9F0=,tag:BgwBErUC/ktTg3vYr61ddw==,type:str]
- - ENC[AES256_GCM,data:SFhqSStM9oAd,iv:EouEucz5mSNUlSlaziamBHFpM4eISE2vL66V8vIQI/s=,tag:nbBVKSpTX9r1z1fgDd+MMQ==,type:str]
- - ENC[AES256_GCM,data:iLrJhZyRsJk=,iv:IMtkQQ+LEBbmPUSz5AP/K73DTdEpH6ENcihMk1LGZ4k=,tag:kZ8deqLyVcLPSRsOAFncXg==,type:str]
- max_spider_size: ENC[AES256_GCM,data:JDpu,iv:5GPFxpNqofe9gmzEWyhK1iiHaLTtFHG4osiAEeQcvYw=,tag:KZ/7HFQPVOzt8m3M1EGvjg==,type:str]
- oidc_providers:
- - idp_id: ENC[AES256_GCM,data:6QDF32ptC6s=,iv:R46NhZ4vCU+ZQiA5aviDZGU0J4phuBv8C3VurBm6Yfs=,tag:wR45lAdOqXHNpmgw4PZlsw==,type:str]
- idp_name: ENC[AES256_GCM,data:w4Gwk6FITQ==,iv:Smky2E5vCnp/y3ZBaM8KKSLxP4MWvOUHpDmrYe7/gGU=,tag:pMQRbSQs8emTOVBC6+zh9Q==,type:str]
- issuer: ENC[AES256_GCM,data:0mpluCI1PhQkF1RbkhXOASAqWiDcIYXthbvR1bXT2KCSiflcZdi3T/pw/54L4l7v/S45PkLPZQ==,iv:HMt8wLGRp+E9eWDCnEdr9YhOQdatnQx6VsSVUiTgdk0=,tag:qf1H1V1NcToGuwxssWJdFw==,type:str]
- client_id: ENC[AES256_GCM,data:t2d6J/eZO6hjiEU=,iv:p59wB/Avgw5iZrUIkmMjBq/V/fFzG2cd6hf7+R6+gVk=,tag:43FXcBsLS6CEq/bhR8Rjsg==,type:str]
- client_secret: ENC[AES256_GCM,data:v5hg6ezG3rxPN2brhgtWogwjVzx/194ltRKkDT5u5VE=,iv:t7d0n2a1p7Um54EobxXmcTotymUEdguOuqzgzXZpzdk=,tag:exkhrThWM0CGl/kD1dcdfw==,type:str]
- backchannel_logout_enabled: ENC[AES256_GCM,data:P4MFgg==,iv:wRIzT19A7oRLB8gghimHufdbahaT1T8Y6gt3oWzC9ik=,tag:uo2Nei/X61eVGvKcMPw/Gg==,type:bool]
- scopes:
- - ENC[AES256_GCM,data:jNaWsgHD,iv:MYOknIP/N5B5ANWzV8CA3H688hguYh9urZnBs0+sYBM=,tag:W4Xbi9JQAyF2BT7tvx6T0w==,type:str]
- - ENC[AES256_GCM,data:esITnb81sQ==,iv:y81jidW50mvW6zIlC7Cr09iwDVtOI8zc/ib0/PW7HPY=,tag:Ne1KNy98Q/Mv/GVQcf68FQ==,type:str]
- allow_existing_users: ENC[AES256_GCM,data:vCFNmg==,iv:oUF838nl4Me/sXIVkZesa0F1D5cMzsDtNloi1u2IsoE=,tag:OWaD0qWuFM5nJVkPuv10Yw==,type:bool]
- user_mapping_provider:
- config:
- localpart_template: ENC[AES256_GCM,data:bk6Si5XYanjkb2bIQpMolTUHrRsvQ5/3toT2x+Q=,iv:roCEEivw20CmEsyl6qp6fyIXzErtPQbAxiWVmhjXA9U=,tag:1nQEVM1rtPUVv3Tzb1rQxw==,type:str]
- display_name_template: ENC[AES256_GCM,data:ou3tp8vQb2QvGimMVPZe,iv:F54PehLh05M8zFdMqeTm3dPiSNBQTmuF+7rtDhlAJl0=,tag:LUkSw0yl70Mt0x3aHrFG3w==,type:str]
- attribute_requirements:
- - attribute: ENC[AES256_GCM,data:usrShY4=,iv:YuJMgflJ5WK/IauLtJw2pvI/Yw8dtuRJkBgsKwdEc/k=,tag:nYHm9cuyMvEWjILv67Hx0g==,type:str]
- value: ENC[AES256_GCM,data:RdJxIA==,iv:gzDymgNtaTF8ytOZfcO6zyaJLWyHfmeKjFp8Lmh+v6w=,tag:IhiAz2olDYNLwH7Uwiz7NA==,type:str]
- persistence:
- size: 40Gi
- signingkey:
- job:
- enabled: false
- existingSecret: ENC[AES256_GCM,data:H4BzHHLDrTAFfM1jvZ1+mWK5,iv:ViNkpMyJ8Ufllj4S9rSLDhqdwrV4ysMFJuGEc1d1cRA=,tag:FEI2czmKDUIOCR4jNx5goA==,type:str]
- existingSecretKey: ENC[AES256_GCM,data:NWP9ncbiOUuMQok=,iv:j6riPlx+67+eIJTeftqe1K4Xz/5C/io4bnB7BkjlRx4=,tag:dbwnzVAlBUmIrmwnAO6eqA==,type:str]
- redis:
- auth:
- password: ENC[AES256_GCM,data:VhQvNboPkCYQ329Gsl+vfjhwmcibSAzCAJ7fzAVSQJIOFL9Egf8Vjg==,iv:CjIyZfhk99p8Ifg+vNRI4F4jJwKakSHq8QGmB9nihLE=,tag:m+EThKM8MuQJW7tRTxOSkw==,type:str]
- ingress:
- enabled: true
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: 10m
- nginx.ingress.kubernetes.io/use-regex: "true"
- csHosts:
- - ENC[AES256_GCM,data:e8/OAaI0hD4t47qwHXRbG6KPeUxD4LPlWwA=,iv:IaZkdxzcdhjvHyZvhjzpj1tRADcZGBmMkDjQ1LJxIwc=,tag:l9YFxoOqzh1VRPazcFeOSg==,type:str]
- includeServerName: ENC[AES256_GCM,data:nXnRCqQ=,iv:EBVbKqOeguzlo1HOUc2J44dEiGEZD3tBJVWARp/zEjQ=,tag:7PMh7o/4tVan7XR/1Epy6w==,type:bool]
- includeUnderscoreSynapse: true
- tls:
- - secretName: ingress-matrix-tls
- hosts:
- - ENC[AES256_GCM,data:hgqXHg5seSmHMjBNn4IqxVrHOP2U23dqzP8=,iv:HgXIHqZHIMPs2lFVT+ir0rwFa10Zsekn8LrgrCkhLnI=,tag:8YXosTEkVzw7nma0nARjHQ==,type:str]
+ name: matrix-override-values
+type: Opaque
+stringData:
+ values-overrides.yaml: ENC[AES256_GCM,data:gx22p8fmq4svnyWWX4h5SAwP9MtsulcApW8YShD9PA4qVBY+Q599ynn6MxwsnV4/y7hTsOxw43MIMncwn9U6fzNvymHqCuS1DEMi/f+bUfrS913MmkZGm4LcH8BxRitT5s5337LgrhazI7LV5iq+ZPAIQUqT0ZAZSbFZ86raE2LEwTe9DwOmXUL233lfM5jm7w6vxpQ6Oe1lE0xcyCsJYWF9iugSBR//MrFLZtrzrA1oOh4p++FundyErgfSaLXuKdM+2VErJUXCk+5fKDrTw2F8g/rj2DP1PUepP9hrMMDpkWESaHG4UWO/Pq48vajjKSkkDDr8Pyq+EmSkrksmqVBWAWzSSaff0wwGz4sGiq8L8SkPQ34hF1qL702MlBQRjjo33yrkXUsxJFTpqX5PbdwriH14kVju2op0gILuF9sjfKhWZ6QTXaxA9EIMiz55W3/sOID95lR7QtgxfhvQZfW3CcVuJlCngasnHDAxkJbqP3M6ykRw9zHlmEHeZoPHkzNSWFKQYokbtlHrGeRgMoLLCabkN80eNT3OEiQ/3HNH9tPesvkFnPZxsgtkUnXYg7Q6L0EK/IIwC1r0ZdnBEIYj/jKIEa6RbMoDwLICSMn/XXd4yQSjkldOQmAwpE0kt6sEhETXLqtoNqr1ArjjExl1x2sXIpb7tqTdo8YWvHPiTlu8N8FYpdKr05xvOt0vuwa0dj+BxJOF9Uk7RsqxDqtM0Iew9BX/y9wxEX+7hcZhAOti5GIsu5RAzn0oLd+VUjqV2EtVrLl50j/JLB+1FNNwwxdw9+WBvSfA2ss06naeXDxB2qv9xvSW0jPrKPWjHsOkd6K0GkmM3f1cbsjn4mJ+3CB2Ze69bwDCw1DX4BTdhhUmXfS5DwywCfg0KYbtsMzLUNTaNG3ulXLESnq4sZqGycsSrb1PnKwyRNIPcHriKw70gaUc/g2N6PtAbk5coMY3NngnZtwPIp2q/frv9hZnMk5/hNr5I5pPFjX7FMClWpeh+qqDqSCCgTzUauDW/7iD0LcpB2mhztsXX8Y8cj8wE6Y8AEBntuwULt+avjFWPCr2Xmg8DzKfC2BATUuoXwDWp3nY+l1k8q3MIPBoxmAzn8Cdn9i/sEYOspsRB+NZHTiWkicDA6pWbShmK94TQ2LsrJ4DW3FfD6ru5NUOEIpJrRnuaLhtVg6iOzxZrErUI1Rk3Fk9QU4YoOOtRIROJ2Vco0H0I++T0EdLHBFG9VfOg6W8YNif51dCEIidJtQZAciZOhdNR5boJ3D9CyTGlrAxgFkr1FGsDQ0jdBOkSuX5HV49XVDniN9ss0dWYImAO010A4egsYMSUen889nCADkIoPZ11CqVH3yFEBC2LSrjccEFLKkZjFBqvrgl6uqe0HlAFm4efiZx1uLR0bDXwMmsqhEP5xKYM+UiNCRzWtgM2CHOqZAl+uMRE2Z8ePNktpQUNvQCF/FRTUjiuK2Yaj9+dO4v6d81J0C//ZO7tQyGKWi0cxp4MusOtM3FBm9NCKFMUeZ6efGaHBJ6AFA7JXh+J6aIq8h/S0DnvLZ1+qEnNMBgd735MyTmh9e8kr+iJz1nwVrfNWvRPAn84PkinVXbU7s8qPHNn1AfYS4ZNC0Pz8thBPPtWRibpBYPq3irsbpXnfqmHuF/v/9f9heNxvKb8MhgFVlpBJ1wyQIv7RGwqQdtnd0hpinMQDWgdMND81nCznNanKcENi053QASU6KFrz608cUvuPKpV1SHiNzFzseZ2j6tVmdweVH7YUP+77SfdwUk3A3cQMdewmzoEkf69pmcgdiaR7BMVgpqx1cIEEADQD6YpZEuEMm/pHdncPPyKy1qJsRBV2UG7FRff1UaO0M77K5BVlAwujyl2PrzlKOaQv9lhOEMnHbmK/A+iQ1f2NGXeLdG/ldEfkjo1AAL/H9U515bt9Zi4enftovRXGcQhimbKCrEbYzcOxXfj17Wm0M4bc8ibfyWgox8BWi2jqEQG7Hyd0PkWGI2wmaKtDUGcevoSUUkF+ClaPVL8CjfNq38yuGCuz5MHojtVzUtNsOUnkIdb0ij7HEpAuxJ4xugLBB5BxkcT4XRS3HG0s/5rAa+2kX+oc2rdGCktqdv6SWwaTRg0QbOQOO33JlVbw08w5ahvL3UkamF4mFx92xHKsTFGuSINE67+sGPJbLDABh1V3/M5iLoiNPVnZ9XDMObywFfr+U7xMHdcc+1zQ2v6gsT+hPU6tWSvekdoFMndZRDyZOAV0oteaS7UPGyPQnIUZe6bYSIQzST9UwaG2MX21i00d5iRr1cRqPdK05CpGhWISG2p09JS3rY7abMSQS6DsHeRPYMBLG7EprzY8WDHJwHQA4NXTCLMcGW3Z0AWaNxOtapksUbMHbc9s327PwxS9JNEfhcrckwjS9SMzf9ABZcM/kLRBiBsg3FWcK4Ih2iKjSgOzERgKnHTfvE+Daivzdqdw3KltAlMApABaoT5cUlnJuLGcjGfMA+vl4/VuELXO4MAKcUgF5FA5KfB9BAY2n2iXucpms=,iv:11iuQSsymyVJAcaSB85Y634os582zPNm5OFYRSgaZiY=,tag:tF9hOjGNf2uoQSYu0+gpbA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2023-04-13T20:08:25Z"
- mac: ENC[AES256_GCM,data:ydKb9XaNuyxl3HWYLQux2k+MOUp1eAnXUGoJpZ4CrbZOyTRm4uCBkgjC3hYUSQeBugZI7+Yga+lB7zXQcQGhwTIZmnG8LGBFhCY4SQl4jc7jOIoHY/MmxEwVEy2KzCLzNQ2zr+mIt7PXljsVS9XNdSqmFjxAoXRBzAnA+XbX+9E=,iv:5YUdHafbWMF+s7FERIpbIs0fbC/C/HaIBrAxEdydy9c=,tag:ewTJzL3ZixEJiqktBu2Nhg==,type:str]
+ lastmodified: "2024-02-13T21:11:49Z"
+ mac: ENC[AES256_GCM,data:WJp0wGzyIhMo7DclLyxIMFyjB4aqT9HPT81VfvSRYq9bzmglFPyCAi8vqAbBbrdLspTDTryUzPiTPqYTgPScAwlYZSGl/Jr4QFTSgGD8lXcKHMT9j8mAdeMDQ9QZfos54qdmdX19N3OQdIUJN6hdovAkGhX7WElHCrxVIEVnlD4=,iv:BuH8oPSRj0yZdAYVxZj6a1+yNrwjwby6L+5HDS7iTk8=,tag:1NUL73bv+UBAuOKY9wIdmA==,type:str]
pgp:
- created_at: "2022-04-19T15:47:33Z"
enc: |-