- Add upstream_oauth2_config with Authentik provider credentials
- Configure OIDC with client_id and client_secret from Authentik
- Disable local password authentication (OIDC-only login)
- Set claims mapping: subject, localpart, displayname, email
This enables users to login via Authentik OIDC provider with email
and username claims properly mapped for Matrix user provisioning.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
The config.json was truncated and had unclosed brackets. This prevented
Helm from properly merging the ElementWeb configuration, so the custom themes
were never loaded into the cluster.
This fix:
- Closes the unclosed JSON brackets
- Validates the full JSON structure
- Removes duplicate/extra closing brackets
- Ensures all 6 custom themes are properly included
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Reduce HelmRelease interval from 1h to 5m for faster sync
- Add checksum annotation to trigger reconciliation when element-values.yaml changes
- This ensures Flux CD re-deploys the chart when themes/config updates are made
To update the checksum after editing element-values.yaml:
md5sum apps/production/custom-configs/element-values.yaml
# Update the value in apps/production/kustomization.yaml patches[0].patch
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add coturn Deployment with hostNetwork mode and init container for secret substitution. Include SOPS-encrypted shared secret, TLS certificate for turn.axion1337.chat, and Synapse TURN configuration with proper relay URIs and credentials.
Resolves DTLS timeout issues in RTC video calls by providing media relay for clients behind NAT/Firewall.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Allow all users to publish public rooms in room list
- Fixes 403 'Not allowed to publish room' error
- Applies to rooms with join_rule: public
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Rename property from auto-join-rooms to auto_join (underscore instead of dash)
- Keep YAML structure with embedded config
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Use simpler property name 'retention' instead of 'retention-config'
- Helm Chart schema may not allow 'retention-config' naming convention
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Create index.html with styled setup guide and download links
- Update init-container to copy index.html to nginx
- Configure nginx to serve index.html as default for /docs/setup/
- Remove directory listing (autoindex), show proper HTML instead
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Remove duplicate nginx Ingress from element-web-docs-server.yaml (using Traefik instead)
- Traefik IngressRoute in apex-ingress.yaml now handles /docs/setup routing
- Deployment and Service remain unchanged for file serving
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
