Matrix is an open network for secure, decentralised communication :)
We're using small-hack/matrix-chart, which is a fork of Arkaniad/matrix-chart, which is a fork of typokign/matrix-chart (no longer maintained).
| Sync Wave | Description |
|---|---|
| 1 | External Secrets and Persistent volumes |
| 2 | Postgresql cluster |
| 3 | Matrix |
To use the stable version of synapse and element, use the app_of_apps directory, however if you'd like to try to the new element-x, you'll want to use the app_of_apps_beta directory until all is declared live and stable.
app_of_apps_beta will use matrix authentication service for OIDC instead of the current OIDC implementation baked into synapse, which you can read more about on the matrix.org blog. It also uses sliding sync which is supposed to be faster at syncing large rooms. We've experimented a bit with this, but we don't feel element-x is production ready yet, as it also doesn't have a lot of features yet, but we're excited for when it does :)
We're currently experimenting with turning on bridges in the app_of_apps_with_bridge directory. This is not yet stable and should only be used for testing.
Currently, we add trusted key servers per federated instance, and we also use ModSecurity as our Web Application Firewall, which uses the OWASP Core Rule Set and then we use the plugin to allow rule exclusion for legitimate traffic. You can see our exact ModSecurity config in the ingress-nginx/ingress-nginx_argocd_appset.yaml and ingress-nginx/plugins/plugins-configmap.yaml.