values.yaml

# Runtime configuration for Synapse and settings related to the Matrix protocol
matrix:
  # Manual overrides for homeserver.yaml, the main configuration file for Synapse
  # If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents.
  # If homeserverExtra is set, the contents will be appended to the end of the default configuration.
  # It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense
  # of the requirements and default configuration options to use other services in this chart.
  # homeserverOverride: {}
  # homeserverExtra: {}

  # Domain name of the server
  # This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains
  # from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the
  # domain name at the end of every user's username
  serverName: "example.com"

  # Enable anonymous telemetry to matrix.org
  telemetry: false

  # Hostname where Synapse can be reached.
  # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the
  # Ingress will be used
  # hostname: "matrix.example.com"

  # Set to false to disable presence (online/offline indicators)
  presence: true

  # Set to true to block non-admins from inviting users to any rooms
  blockNonAdminInvites: false

  # Set to false to disable message searching
  search: true

  # Which types of rooms to enable end-to-end encryption on by default
  # off: none
  # invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset
  # all: all rooms
  encryptByDefault: invite

  # Email address of the administrator
  adminEmail: "admin@example.com"

  # Settings related to image and multimedia uploads
  uploads:
    # Max upload size in bytes
    maxSize: 10M

    # Max image size in pixels
    maxPixels: 32M

  # Settings related to federation
  federation:
    # Set to false to disable federation and run an isolated homeserver
    enabled: true

    # Set to false to disallow members of other homeservers from fetching *public* rooms
    allowPublicRooms: true

    # Whitelist of domains to federate with (comment for all domains except blacklisted)
    # whitelist: []

    # IP addresses to blacklist federation requests to
    blacklist:
      - '127.0.0.0/8'
      - '10.0.0.0/8'
      - '172.16.0.0/12'
      - '192.168.0.0/16'
      - '100.64.0.0/10'
      - '169.254.0.0/16'
      - '::1/128'
      - 'fe80::/64'
      - 'fc00::/7'

  # User registration settings
  registration:
    # Allow new users to register an account
    enabled: false

    # If set, allows registration of standard or admin accounts by anyone who
    # has the shared secret, even if registration is otherwise disabled.
    #
    # sharedSecret: <PRIVATE STRING>

    # Identity server used
    # Should be the same as set in the .well-known/matrix/client
    identityServer: ""

    # Allow users to join rooms as a guest
    allowGuests: false

    # Required "3PIDs" - third-party identifiers such as email or msisdn (SMS)
    # required3Pids:
    #   - email
    #   - msisdn

    # Rooms to automatically join all new users to
    autoJoinRooms: []
    # - "#welcome:example.com"

  # Settings for the URL preview crawler
  urlPreviews:
    # Enable URL previews.
    # WARNING: Make sure to review the default rules below to ensure that users cannot crawl
    # sensitive internal endpoints in your cluster.
    enabled: false

    # Blacklists and whitelists for the URL preview crawler
    rules:
      # Maximum size of a crawlable page. Keep this low to prevent a DOS vector
      maxSize: 10M

      # Whitelist and blacklist for crawlable IP addresses
      ip:
        # whitelist:
        blacklist:
          - '127.0.0.0/8'
          - '10.0.0.0/8'
          - '172.16.0.0/12'
          - '192.168.0.0/16'
          - '100.64.0.0/10'
          - '169.254.0.0/16'
          - '::1/128'
          - 'fe80::/64'
          - 'fc00::/7'

      # Whitelist and blacklist based on URL pattern matching
      url: {}
        # whitelist:
        # blacklist:
        #  # blacklist any URL with a username in its URI
        #  - username: '*'
        #
        #  # blacklist all *.google.com URLs
        #  - netloc: 'google.com'
        #  - netloc: '*.google.com'
        #
        #  # blacklist all plain HTTP URLs
        #  - scheme: 'http'
        #
        #  # blacklist http(s)://www.acme.com/foo
        #  - netloc: 'www.acme.com'
        #    path: '/foo'
        #
        #  # blacklist any URL with a literal IPv4 address
        #  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'

  # How long to keep redacted events in unredacted form in the database
  retentionPeriod: 7d

  security:
    # a secret which is used to sign access tokens. If none is specified,
    # the registration_shared_secret is used, if one is given; otherwise,
    # a secret key is derived from the signing key.
    #
    # macaroonSecretKey: <PRIVATE STRING>

    # This disables the warning that is emitted when the
    # trustedKeyServers include 'matrix.org'. See below.
    # Set to false to re-enable the warning.
    #
    surpressKeyServerWarning: true

    # The trusted servers to download signing keys from.
    #
    # When we need to fetch a signing key, each server is tried in parallel.
    #
    # Normally, the connection to the key server is validated via TLS certificates.
    # Additional security can be provided by configuring a `verify key`, which
    # will make synapse check that the response is signed by that key.
    #
    # This setting supercedes an older setting named `perspectives`. The old format
    # is still supported for backwards-compatibility, but it is deprecated.
    #
    # 'trustedKeyServers' defaults to matrix.org, but using it will generate a
    # warning on start-up. To suppress this warning, set
    # 'surpressKeyServerWarning' to true.
    #
    # Options for each entry in the list include:
    #
    #    serverName: the name of the server. required.
    #
    #    verifyKeys: an optional map from key id to base64-encoded public key.
    #       If specified, we will check that the response is signed by at least
    #       one of the given keys.
    #
    #    acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset,
    #       and federation_verify_certificates is not `true`, synapse will refuse
    #       to start, because this would allow anyone who can spoof DNS responses
    #       to masquerade as the trusted key server. If you know what you are doing
    #       and are sure that your network environment provides a secure connection
    #       to the key server, you can set this to `true` to override this
    #       behaviour.
    #
    # An example configuration might look like:
    #
    # trustedKeyServers:
    #   - serverName: my_trusted_server.example.com
    #     verifyKeys:
    #       - id: "ed25519:auto"
    #         key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
    #     acceptKeysInsecurely: false
    #   - serverName: my_other_trusted_server.example.com

  # Set to true to globally block access to the homeserver
  disabled: false
  # Human readable reason for why the homeserver is blocked
  disabledMessage: ""

  logging:
    # Root log level is the default log level for log outputs that do not have more
    # specific settings.
    rootLogLevel: WARNING
    # beware: increasing this to DEBUG will make synapse log sensitive
    # information such as access tokens.
    sqlLogLevel: WARNING
    # The log level for the synapse server
    synapseLogLevel: WARNING

# Persistent volumes configuration
volumes:
  # Uploaded attachments/multimedia
  media:
    # Capacity of the media persistent volume claim
    capacity: 10Gi
    # Storage class (optional)
    storageClass: ""
  signingKey:
    # Capacity of the signing key PVC
    # Note: 1Mi is more than enough, but some cloud providers set a minimum PVC size of 1Mi or 1Gi, adjust as necessary
    capacity: 1Mi
    # Storage class (optional)
    storageClass: ""

ingress:
  enabled: true
  # Whether to expose the federation API behind the Ingress
  # If you would rather use an external proxy to run federation on a port other than 443, set this to false and set the synapse.service.federation.type value to either LoadBalancer or NodePort
  federation: true
  tls: []
  hosts:
    synapse: matrix.chart-example.local
    riot: element.chart-example.local
    federation: matrix-fed.chart-example.local
  annotations:
    # This annotation is required for the Nginx ingress provider. You can remove it if you use a different ingress provider
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_intercept_errors off;

# PostgreSQL Database Configuration
postgresql:
  # Whether to deploy the stable/postgresql chart with this chart. If disabled, make sure PostgreSQL is available at the hostname below and credentials are configured below
  enabled: true

  username: matrix
  password: matrix
  database: matrix

  connpool:
    cpMin: 5
    cpMax: 10

  # Set this if postgresql.enabled = false
  hostname: ""
  port: 5432

  # Whether to connect to the database over SSL
  ssl: false
  # See https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS for documentation of these modes
  sslMode: prefer

  # Storage to allocate for stable/postgresql
  persistence:
    size: 8Gi

  # If postgresql.enabled, stable/postgresql will run the scripts in templates/postgresql/initdb-configmap.yaml
  # If using an external Postgres server, make sure to configure the database as specified at https://github.com/matrix-org/synapse/blob/master/docs/postgres.md
  initdbScriptsConfigMap: "{{ .Release.Name }}-postgresql-initdb"

  securityContext:
    enabled: true
    runAsUser: 1000
    fsGroup: 1000

# Synapse Kubernetes resource settings
synapse:
  image:
    repository: "matrixdotorg/synapse"
    tag: v1.22.1
    pullPolicy: IfNotPresent
  service:
    type: ClusterIP
    port: 80
    federation:
      type: ClusterIP
      port: 80
  replicaCount: 1
  resources: {}
  # Configure timings for readiness, startup, and liveness probes here
  probes:
    readiness:
      timeoutSeconds: 5
      periodSeconds: 10
    startup:
      timeoutSeconds: 5
      periodSeconds: 5
      failureThreshold: 6
    liveness:
      timeoutSeconds: 5
      periodSeconds: 10

  # Labels to be appended to all Synapse resources
  labels:
    component: synapse

  # Prometheus metrics for Synapse
  # https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
  metrics:
    # Whether Synapse should capture metrics on an additional endpoint
    enabled: true
    # Port to listen on for metrics scraping
    port: 9092
    annotations: true

# Configurations for Synapse Workers
synapseWorkers:
  enabled: true
  # Create a separate deployment for client and federation generic worker URIs
  separate: false

  # Enable the federation_send worker
  federationSend:
    enabled: false
    replicaCount: 3

  homeserverReplicationPort: 9093

  sharedSecret: ""

  redis:
    host: redis.chart-example.local
    port: 6379
    pasword: ""

  replicaCount: 3

  resources: {}
    ##limits: {}
    ## cpu: 500m
    ## memory: 1Gi
    ##requests: {}
    ## cpu: 250m
    ## memory: 256Mi

  autoscaling:
    enabled: true
    minReplicas: 3
    maxReplicas: 12
    targetMemoryUtilizationPercentage: 50
    targetCPUUtilizationPercentage: 50

  service:
    port: 8008
    type: ClusterIP

  ingress:
    annotations:
      # update these if not using ingress-nginx
      common:
        # set to annotiation for you're ingress controller
        # to allow regex
        nginx.ingress.kubernetes.io/use-regex: "true"
      rooms:
        # set to balance via room URIs
        nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"
      sync:
        # set to balance via Source IPs
        nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"
      federationSend:
        # set to balance via Source IPs
        nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"

    #
    # DO NOT EDIT THIS LIST UNLESS YOU KNOW WHAT YOU'RE DOING
    # IT FOLLOWS THE docs/worker.md SPEC
    #
    genericWorker:
      client:
        sync:
          - /_matrix/client/(v2_alpha|r0)/sync$
          - /_matrix/client/(api/v1|v2_alpha|r0)/events$
          - /_matrix/client/(api/v1|r0)/initialSync$
          - /_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$
        common:
          - /_matrix/client/(api/v1|r0|unstable)/publicRooms$
          - /_matrix/client/(api/v1|r0|unstable)/account/3pid$
          - /_matrix/client/(api/v1|r0|unstable)/devices$
          - /_matrix/client/(api/v1|r0|unstable)/keys/query$
          - /_matrix/client/(api/v1|r0|unstable)/keys/changes$
          - /_matrix/client/versions$
          - /_matrix/client/(api/v1|r0|unstable)/voip/turnServer$
          - /_matrix/client/(api/v1|r0|unstable)/joined_groups$
          - /_matrix/client/(api/v1|r0|unstable)/publicised_groups$
          - /_matrix/client/(api/v1|r0|unstable)/publicised_groups/
          - /_matrix/client/(api/v1|r0|unstable)/login$
          - /_matrix/client/(r0|unstable)/register$
          - /_matrix/client/(api/v1|r0|unstable)/join/
          - /_matrix/client/(api/v1|r0|unstable)/profile/
        rooms:
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/messages
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/send
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/
          - /_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$
      federation:
        common:
          - /_matrix/federation/v1/event/
          - /_matrix/federation/v1/state/
          - /_matrix/federation/v1/state_ids/
          - /_matrix/federation/v1/backfill/
          - /_matrix/federation/v1/get_missing_events/
          - /_matrix/federation/v1/publicRooms
          - /_matrix/federation/v1/query/
          - /_matrix/federation/v1/make_join/
          - /_matrix/federation/v1/make_leave/
          - /_matrix/federation/v1/send_join/
          - /_matrix/federation/v2/send_join/
          - /_matrix/federation/v1/send_leave/
          - /_matrix/federation/v2/send_leave/
          - /_matrix/federation/v1/invite/
          - /_matrix/federation/v2/invite/
          - /_matrix/federation/v1/query_auth/
          - /_matrix/federation/v1/event_auth/
          - /_matrix/federation/v1/exchange_third_party_invite/
          - /_matrix/federation/v1/user/devices/
          - /_matrix/federation/v1/get_groups_publicised$
          - /_matrix/key/v2/query
        send:
          - /_matrix/federation/v1/send/
# Element (formerly Riot Web) client configuration
riot:
  # Set to false to disable a deployment of Element. Users will still be able to connect via any other instances of Element (such as https://app.element.io), Element Desktop, or any other Matrix clients
  enabled: true

  # Organization/enterprise branding
  branding:
    # Shown in email notifications
    brand: "Element"
    # Background of login splash screen
    welcomeBackgroundUrl: ""
    # Logo shown at top of login screen
    authHeaderLogoUrl: ""
    # Array of links to show at the bottom of the login screen
    authFooterLinks: []
#      - text:
#        url:

  # Element integrations configuration
  integrations:
    # Set to false to disable the Integrations menu (including widgets, bots, and other plugins to Element)
    enabled: true
    # UI to load when a user selects the Integrations button at the top-right of a room
    ui: "https://scalar.vector.im/"
    # API for the integration server
    api: "https://scalar.vector.im/api"
    # Array of API paths providing widgets
    widgets:
      - "https://scalar.vector.im/_matrix/integrations/v1"
      - "https://scalar.vector.im/api"
      - "https://scalar-staging.vector.im/_matrix/integrations/v1"
      - "https://scalar-staging.vector.im/api"
      - "https://scalar-staging.riot.im/scalar/api"

  # Experimental features in Element, see https://github.com/vector-im/riot-web/blob/develop/docs/labs.md
  labs:
    - feature_new_spinner
    - feature_pinning
    - feature_custom_status
    - feature_custom_tags
    - feature_state_counters
    - feature_many_integration_managers
    - feature_mjolnir
    - feature_dm_verification
    - feature_bridge_state
    - feature_presence_in_room_list
    - feature_custom_themes

  # Servers to show in the Explore menu (the current server is always shown)
  roomDirectoryServers:
    - matrix.org

  # Set to the user ID (@username:domain.tld) of a bot to invite all new users to a DM with the bot upon registration
  welcomeUserId: ""

  # Prefix before permalinks generated when users share links to rooms, users, or messages. If running an unfederated Synapse, set the below to the URL of your Element instance.
  permalinkPrefix: "https://matrix.to"

  ingress:
    tls: []
    host: element.chart-example.local
    annotations: {}

  # Element Kubernetes resource settings
  image:
    repository: "vectorim/riot-web"
    tag: v1.7.12
    pullPolicy: IfNotPresent
  service:
    type: ClusterIP
    port: 80
  replicaCount: 1
  resources: {}
  probes:
    readiness: {}
    startup: {}
    liveness: {}

  # Element specific labels
  labels:
    component: element

# Settings for ZerataX's Matrix Registration Service
matrixRegistration:
  # Enable matrix-registraton service
  enabled: false

  # Shared secret to use to Authenticate with the API
  # If one is not set, the chart will generate one at random
  adminApiSharedSecret: ""

  # Website to redirect the user
  clientRedirect: "https://element.chart-example.local/#/login"

  # Set the minimum password length
  passwordLength: 8

  # Postgres connection string to store tokens
  connectionString: ""

  data:
    # Size of the data PVC to allocate for logging and static files
    capacity: 256Mi
    # Storage class (optional)
    storageClass: ""

  # Any annotations for the matrix registration ingress
  # It will use the same URL as Element + '/register'
  ingress:
    annotations: {}

  # Matrix-Registration Kubernetes resource settings
  image:
    repository: "zeratax/matrix-registration"
    tag: v0.9.1.post1
    pullPolicy: IfNotPresent
  initImage:
    repository: "busybox"
    tag: 1.33.1
    pullPolicy: IfNotPresent
  service:
    type: ClusterIP
    port: 5000
  replicaCount: 1
  resources: {}
  probes:
    readiness: {}
    startup: {}
    liveness: {}

  labels:
    component: matrix-registraton

# Settings for Coturn TURN relay, used for routing voice calls
coturn:
  # Set to false to disable the included deployment of Coturn
  enabled: true

  # URIs of the Coturn servers
  # If deploying Coturn with this chart, include the public IPs of each node in your cluster (or a DNS round-robin hostname)
  # You can also include an external Coturn instance if you'd prefer
  uris: []
#    - "turn:turn.example.com?transport=udp"

  # How to deploy Coturn
  # Options:
  #   DaemonSet:  A DaemonSet will be used to schedule one Coturn pod per node. Each Coturn pod will open the ports it needs directly on the host it is scheduled on.
  #               This maximizes compatibility and will allow you to set up Coturn without any additional cluster configuration.
  #   Deployment: A Deployment will be used to schedule Coturn pods. The number of Coturn pods will be configurable (via the replicaCount setting below).
  #               You will need to use a NodePort service or an external load balancer to route traffic to the Coturn pods.
  #               This is more flexible and can use fewer pods in a multi-node setup, but will require additional networking configuration.
  kind: DaemonSet

  # Whether to allow guests to use the TURN server
  allowGuests: true

  # Shared secret for communication between Synapse and Coturn.
  # Optional, will be auto-generated if not overridden here.
  sharedSecret: ""

  # UDP port range for TURN connections
  ports:
    from: 49152
    to: 49172

  service:
    # The type of service to deploy for routing Coturn traffic
    # Options:
    #   ClusterIP:     Recommended for DaemonSet configurations. This will create a standard Kubernetes service for Coturn within the cluster. No external networking
    #                  will be configured as the DaemonSet will handle binding to each Node's host networking
    #   NodePort:      Recommended for Deployment configurations. This will open TURN ports on every node and route traffic on these ports to the Coturn pods.
    #                  You will need to make sure your cloud provider supports the cluster config setting "apiserver.service-node-port-range", as this range must contain
    #                  the ports defined above for the service to be created.
    #   LoadBalancer:  Recommended for Deployment configurations. This allows for clusters with metallb and the like with a single public IP (homelab situations)
    #                  to have the wide array of ports available on the loadbalancer service and will perform a Round-Robin balancing between all of the pods
    type: ClusterIP
    annotations: {}
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

  image:
    repository: "instrumentisto/coturn"
    tag: "4.5.1.3"
    pullPolicy: IfNotPresent
  replicaCount: 1
  resources: {}

  # Coturn specific labels
  labels:
    component: coturn

# Settings for email notifications
mail:
  # Set to false to disable all email notifications
  # NOTE: If enabled, either enable the Exim relay or configure an external mail server below
  enabled: true
  # Name and email address for outgoing mail
  from: "Matrix <matrix@example.com>"
  # Optional: Element instance URL.
  # If the ingress is enabled, this is unnecessary.
  # If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io
  riotUrl: ""

  # Exim relay
  relay:
    enabled: true
    image:
      repository: "devture/exim-relay"
      tag: "4.93.1-r0"
      pullPolicy: IfNotPresent
    service:
      type: ClusterIP
      port: 25
    replicaCount: 1
    resources: {}
    probes:
      readiness: {}
      startup: {}
      liveness: {}
    # Mail relay specific labels
    labels:
      component: mail


  # External mail server
  external:
    host: ""
    port: 25  # SSL: 465, STARTTLS: 587
    username: ""
    password: ""
    requireTransportSecurity: true

bots:
  # Mautrix MauBot Config
  maubot:
    # Set to true to enable MauBot
    enabled: false

    # PostgreSQL Database connection string
    connectionString: ""

    # Path on the synapse client ingress where the MauBot UI will be accessed
    uiPath: /_matrix/maubot

    # Username:Password pair for administrative access to the maubot UI
    # NOTE: This is NOT your matrix server username and password they should be
    #       unique to the maubot UI
    admins:
      maubot-admin: "superSecretPassword123@"

    # MauBot API features
    apiFeatures:
      login: true
      plugin: true
      plugin_upload: true
      instance: true
      instance_database: true
      client: true
      client_proxy: true
      client_auth: true
      dev_open: true
      log: true

    ingress:
      annotations: {}

    data:
      # Size of the PVC to allocate for the SQLite database
      capacity: 512Mi
      # Storage class (optional)
      storageClass: ""

    # MauBot Kubernetes resource settings
    image:
      repository: "dock.mau.dev/maubot/maubot"
      tag: latest
      pullPolicy: Always
    service:
      type: ClusterIP
      port: 29316
    replicaCount: 1
    resources: {}
    probes:
      readiness: {}
      startup: {}
      liveness: {}

bridges:
  irc:
    # Set to true to enable the IRC bridge
    enabled: false
    # Whether to enable presence (online/offline indicators). If presence is disabled for the homeserver (above), it should be disabled here too
    presence: false
    # Name of Postgres database to store IRC bridge data in, this database will be created if the included Postgres chart is enabled, otherwise you must create it manually
    database: "matrix_irc"
    databaseSslVerify: true

    # Object of IRC servers to connect to, see https://github.com/matrix-org/matrix-appservice-irc/blob/master/config.sample.yaml for config options
    servers:
      chat.freenode.net:
        # A human-readable short name.
        name: "Freenode"
        # The port to connect to. Optional.
        port: 6697
        # Whether to use SSL or not. Default: false.
        ssl: true

    data:
      # Size of the data PVC to allocate
      capacity: 1Mi

    image:
      repository: "matrixdotorg/matrix-appservice-irc"
      tag: "release-0.22.0-rc1"
      pullPolicy: IfNotPresent
    replicaCount: 1
    resources: {}
    service:
      type: ClusterIP
      port: 9006

  whatsapp:
    # Set to true to enable the WhatsApp bridge
    enabled: false

    # Username and display name of the WhatsApp bridge bot
    bot:
      username: "whatsappbot"
      displayName: "WhatsApp bridge bot"
      avatar: "mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr"

    # Permissions for using the bridge.
    # Permitted values:
    # relaybot - Talk through the relaybot (if enabled), no access otherwise
    #     user - Access to use the bridge to chat with a WhatsApp account.
    #    admin - User level and some additional administration tools
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
      "*": relaybot

    # WhatsApp server connection settings
    connection:
      # WhatsApp server connection timeout (seconds)
      timeout: 20
      # Number of QR codes to store, essentially multiplying the connection timeout
      qrRegenCount: 2
      # Maximum number of connection attempts before failing
      maxAttempts: 3
      # Retry delay
      # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
      retryDelay: -1
      # Whether or not to notify the user when attempting to reconnect. Set to false to only report when maxAttempts has been reached
      reportRetry: true

    # Send notifications for incoming calls
    callNotices: true

    users:
      # Username for WhatsApp users
      # Evaluated as a template where {{ . }} is replaced with the phone number of the WhatsApp user
      username: "whatsapp_{{.}}"

      # Display name for WhatsApp users
      # Evaluated as a template, with variables:
      # {{.Notify}} - nickname set by the WhatsApp user
      # {{.Jid}}    - phone number (international format)
      # The following variables are also available, but will cause problems on multi-user instances:
      # {{.Name}}   - display name from contact list
      # {{.Short}}  - short display name from contact list
      displayName: "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)"

    # Display name for communities.
    # A community will be automatically generated for each user using the bridge, and can be used to group WhatsApp chats together
    # Evaluated as a template, with variables:
    # {{.Localpart}} - MXID localpart
    # {{.Server}}    - MXID server part of the user.
    communityName: "whatsapp_{{.Localpart}}={{.Server}}"

    relaybot:
      # Set to true to enable the relaybot and management room
      enabled: false

      # Management room for the relay bot where status notifications are posted
      management: "!foo:example.com"

      # Users to invite to the management room automatically
      invites: []

    data:
      # Size of the PVC to allocate for the SQLite database
      capacity: 512Mi
      # Storage class (optional)
      storageClass: ""

    image:
      repository: "dock.mau.dev/tulir/mautrix-whatsapp"
      tag: "latest"
      pullPolicy: Always
    replicaCount: 1
    resources: {}
    service:
      type: ClusterIP
      port: 29318

  discord:
    # Set to true to enable the Discord bridge
    enabled: false
    # Useranme for the bridge bot on the server
    botUser: "_discord_bot"
    # Discord bot authentication
    # See https://github.com/Half-Shot/matrix-appservice-discord#setting-up-discord
    auth:
      clientId: ""
      botToken: ""
      asToken: ""
      hsToken: ""

    # The name of bridged rooms
    # Available vars:
    #   :guild - guild/server name
    #   :name  - channel name prefixed with #
    channelName: "[Discord] :guild :name"

    users:
      # Nickname of bridged Discord users
      # Available vars:
      #   :nick     - user's Discord nickname
      #   :username - user's Discord username
      #   :tag      - user's 4 digit Discord tag
      #   :id       - user's Discord developer ID (long)
      nickname: ":nick"
      # Username of bridged Discord users
      # Available vars:
      #   :username - user's Discord username
      #   :tag      - user's 4 digit Discord tag
      #   :id       - user's Discord developer ID (long)
      username: ":username#:tag"

    # Set to false to disable online/offline presence for Discord users
    presence: true

    # Set to false to disable typing notifications (only for Discord to Matrix)
    typingNotifications: true

    # Set to true to allow users to bridge rooms themselves using !discord commands
    # More info: https://t2bot.io/discord
    selfService: false

    # Set to false to disable the Discord bot read receipt, which advances whenever the bot bridges a message
    readReceipt: true

    # Set to false to disable Discord notifications when a user joins/leaves the Matrix channel
    joinLeaveEvents: true

    # Set to false to disable Discord notifications when invites are sent from the Matrix channel
    inviteNotifications: true

    # Auto determine the language of code blocks (this can be CPU-Intensive)
    determineCodeLanguage: false

    # Use Privileged Gateway Intents
    # You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot)
    # for this to work
    usePrivilegedIntents: false

    # Default visibility of bridged rooms (public/private)
    defaultVisibility: public

    data:
      # Size of the PVC to allocate for the SQLite database
      capacity: 512Mi
      # Storage class (optional)
      storageClass: ""

    image:
      repository: "t2bot/matrix-appservice-discord"
      tag: "latest"
      pullPolicy: Always
    replicaCount: 1
    resources: {}
    service:
      type: ClusterIP
      port: 9005

  signal:
    # Set to true to enable the Signal bridge
    enabled: false
    # Useranme for the bridge bot on the server
    bot:
      user: "signal_bot"
      displayName: "Signal bridge bot"
      avatar: "mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp"

    #Connection string to the database
    connString: ""

    metrics: false

    users:
      # Localpart template of MXIDs for Signal users.
      # {userid} is replaced with an identifier for the Signal user.
      usernameTemplate: "signal_{userid}"
      # Displayname template for Signal users.
      # {displayname} is replaced with the displayname of the Signal user, which is the first
      # available variable in displayname_preference. The variables in displayname_preference
      # can also be used here directly.
      displaynameTemplate: "{displayname} (Signal)"
      # Whether or not contact list displaynames should be used.
      # Possible values: disallow, allow, prefer
      #
      # Multi-user instances are recommended to disallow contact list names, as otherwise there can
      # be conflicts between names from different users' contact lists.
      contactListNames: disallow
      # Available variables: full_name, first_name, last_name, phone, uuid
      displaynamePreference:
      - full_name
      - phone

    # Whether or not to receive ephemeral events via appservice transactions.
    # Requires MSC2409 support (i.e. Synapse 1.22+).
    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
    ephemeralEvents: false
    # Whether or not to create portals for all groups on login/connect.
    autocreateGroupPortal: true
    # Whether or not to create portals for all contacts on login/connect.
    autocreateContactPortal: false
    # Whether or not to use /sync to get read receipts and typing notifications
    # when double puppeting is enabled
    syncWithCustomPuppets: true
    # Whether or not created rooms should have federation enabled.
    # If false, created portal rooms will never be federated.
    federateRooms: true

    encryption:
      # Allow encryption, work in group chat rooms with e2ee enabled
      allow: true
      # Default to encryption, force-enable encryption in all portals the bridge creates
      # This will cause the bridge bot to be in private chats for the encryption to work properly.
      default: false
      keySharing:
        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
        # You must use a client that supports requesting keys from other users to use this feature.
        allow: true

    # Permissions for using the bridge.
    # Permitted values:
    #       user - Use the bridge with puppeting.
    #      admin - Use and administrate the bridge.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
        "example.com": "user"
        "@admin:example.com": "admin"

    data:
      # Size of the PVC to allocate for the SQLite database
      capacity: 512Mi
      # Storage class (optional)
      storageClass: ""

    image:
      signald:
        repository: "finn/signald"
        tag: "latest"
        pullPolicy: Always
        resources: {}
      bridge:
        repository: "dock.mau.dev/tulir/mautrix-signal"
        tag: "latest"
        pullPolicy: Always
        resources: {}
    replicaCount: 1
    resources: {}
    service:
      type: ClusterIP
      port: 29328
  # Recommended to leave this disabled to allow bridges to be scheduled on separate nodes.
  # Set this to true to reduce latency between the homeserver and bridges, or if your cloud provider does not allow
  # the ReadWriteMany access mode (see below)
  affinity: false
  volume:
    # Capacity of the shared volume for storing bridge/appservice registration files
    # Note: 1Mi should be enough but some cloud providers may set a minimum PVC size of 1Gi, adjust as necessary
    capacity: 1Mi
    # Storage class (optional)
    storageClass: ""
    # Access mode of the shared volume. ReadWriteMany is recommended to allow bridges to be scheduled on separate nodes.
    # Some cloud providers may not allow the ReadWriteMany access mode. In that case, change this to ReadWriteOnce -AND-
    # set bridges.affinity (above) to true
    accessMode: ReadWriteMany

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

networkPolicies:
  enabled: true