From 04f29a155db4284afacdcc901e16de118ff19641 Mon Sep 17 00:00:00 2001
From: root <root@rke2-server.iamworkin.lan>
Date: Mon, 9 Mar 2026 17:06:01 -0500
Subject: [PATCH] Fix Synapse init container: run as root, fix /data ownership
 for uid 991

---
 apps/matrix/matrix.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps/matrix/matrix.yaml b/apps/matrix/matrix.yaml
index 1eb7a04..f00b73f 100644
--- a/apps/matrix/matrix.yaml
+++ b/apps/matrix/matrix.yaml
@@ -186,12 +186,18 @@ spec:
       initContainers:
         - name: generate-signing-key
           image: matrixdotorg/synapse:latest
+          securityContext:
+            runAsUser: 0
           command: ["sh", "-c"]
           args:
             - |
               if [ \! -f /data/signing.key ]; then
                 python -m synapse.app.homeserver --generate-keys --config-path /config/homeserver.yaml
               fi
+              chown 991:991 /data/signing.key 2>/dev/null || true
+              chmod 644 /data/signing.key 2>/dev/null || true
+              mkdir -p /data/media_store
+              chown -R 991:991 /data 2>/dev/null || true
           volumeMounts:
             - name: synapse-data
               mountPath: /data