Slack, like many organization in the current recession, are tightening their belt. Originally I used the software to chat with my better half. Over the years I have added friends and the older spawn. Definitely hit the integration limit but paying at minimum $25 a month might be above my families budget. So checking out alternatives.

Matrix is a decentralized communication system. Originally they implemented their reference software in Python known as Synapse. Some have been working on another reference implementation in Go named Dendrite.

Dendrite Dependencies

Dendrite does require a database however it may user either SQLite or Postgres. Out of laziness I will start with SQLite then move over to Postgres.


Looks like Dendrite Monolith has an active image. Looks like developers commonly deploy on via docker-compose so I will need to translate this into Kubernetes deployments.

First Deployment Attempt

Given the state storage via SQLite, a StatefulSet is probably the best bet. Port 8008 appears to be the HTTP port.

apiVersion: v1
kind: Service
  name: dendrite
  namespace: xp-dendrite
    app: dendrite
    - port: 80
      name: http
      targetPort: 8008
    app: dendrite
apiVersion: apps/v1
kind: StatefulSet
  name: dendrite
  namespace: xp-dendrite
      app: dendrite
  serviceName: "dendrite"
  replicas: 1
        app: dendrite
        - name: key-gen
          image: matrixdotorg/dendrite-monolith:latest
          command: ["/usr/bin/generate-keys","-private-key", "/mnt/matrix_key.pem", "-tls-cert","/mnt/server.crt", "-tls-key","/mnt/server.key"]
            - name: storage-keys
              mountPath: /mnt
        - name: monolith
          image: matrixdotorg/dendrite-monolith:latest
          args: ["-config", "/etc/dendrite/config.yaml"]
            - containerPort: 8008
              name: http
            - name: jetstream
              mountPath: /var/dendrite/jetstream
            - name: sqlite
              mountPath: /var/sqlite/dendrite
            - name: config
              mountPath: /etc/dendrite
              readOnly: true
            - name: media
              mountPath: /var/dendrite/media
            - name: storage-keys
              mountPath: /var/dendrite/storage-keys
              readOnly: true
            - name: logs
              mountPath: /var/dendrite/logs
        - name: config
            name: dendrite
            optional: false
        - name: storage-keys
          emptyDir: {}
    - metadata:
        name: jetstream
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: "longhorn"
            storage: 512Mi
    - metadata:
        name: sqlite
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: "longhorn"
            storage: 512Mi
    - metadata:
        name: media
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: "longhorn"
            storage: 512Mi
    - metadata:
        name: logs
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: "longhorn"
            storage: 512Mi

Based on the official monolith configuration file, mine looks like the following:

# This is the Dendrite configuration file.
# The configuration is split up into sections - each Dendrite component has a
# configuration section, in addition to the "global" section which applies to
# all components.

# The version of the configuration file.
version: 2

# Global Matrix configuration. This configuration applies to all components.
  # The domain name of this homeserver.

  # The path to the signing private key file, used to sign requests and events.
  # Note that this is NOT the same private key as used for TLS! To generate a
  # signing key, use "./bin/generate-keys --private-key matrix_key.pem".
  private_key: /var/dendrite/storage-keys/matrix_key.pem

  # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
  # to old signing private keys that were formerly in use on this domain. These
  # keys will not be used for federation request or event signing, but will be
  # provided to any other homeserver that asks when trying to verify old events.
  #  - private_key: old_matrix_key.pem
  #    expired_at: 1601024554498

  # How long a remote server can cache our server signing key before requesting it
  # again. Increasing this number will reduce the number of requests made by other
  # servers for our key but increases the period that a compromised key will be
  # considered valid by other homeservers.
  key_validity_period: 168h0m0s

  # Global database connection pool, for PostgreSQL monolith deployments only. If
  # this section is populated then you can omit the "database" blocks in all other
  # sections. For polylith deployments, or monolith deployments using SQLite databases,
  # you must configure the "database" block for each component instead.
  #  database:
  #    connection_string: file:///var/sqlite/dendrite
  #    max_open_conns: 10
  #    max_idle_conns: 2
  #    conn_max_lifetime: -1

  # Configuration for in-memory caches. Caches can often improve performance by
  # keeping frequently accessed items (like events, identifiers etc.) in memory
  # rather than having to read them from the database.
    # The estimated maximum size for the global cache in bytes, or in terabytes,
    # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
    # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
    # memory limit for the entire process. A cache that is too small may ultimately
    # provide little or no benefit.
    max_size_estimated: 1gb

    # The maximum amount of time that a cache entry can live for in memory before
    # it will be evicted and/or refreshed from the database. Lower values result in
    # easier admission of new cache entries but may also increase database load in
    # comparison to higher values, so adjust conservatively. Higher values may make
    # it harder for new items to make it into the cache, e.g. if new rooms suddenly
    # become popular.
    max_age: 1h

  # The server name to delegate server-server communications to, with optional port
  # e.g. localhost:443
  well_known_server_name: "http://dendrite.xp-dendrite.svc.workshop.k8s"

  # The server name to delegate client-server communications to, with optional port
  # e.g. localhost:443
  well_known_client_name: "http://dendrite.xp-dendrite.svc.workshop.k8s"

  # Lists of domains that the server will trust as identity servers to verify third
  # party identifiers such as phone numbers and email addresses.
  #    -
  #    -

  # Disables federation. Dendrite will not be able to communicate with other servers
  # in the Matrix federation and the federation API will not be exposed.
  disable_federation: true

  # Configures the handling of presence events. Inbound controls whether we receive
  # presence events from other servers, outbound controls whether we send presence
  # events for our local users to other servers.
    enable_inbound: false
    enable_outbound: false

  # Configures phone-home statistics reporting. These statistics contain the server
  # name, number of active users and some information on your deployment config.
  # We use this information to understand how Dendrite is being used in the wild.
    enabled: false

  # Server notices allows server admins to send messages to all users on the server.
    enabled: false
    # The local part, display name and avatar URL (as a mxc:// URL) for the user that
    # will send the server notices. These are visible to all users on the deployment.
    local_part: "_server"
    display_name: "Server Alerts"
    avatar_url: ""
    # The room name to be used when sending server notices. This room name will
    # appear in user clients.
    room_name: "Server Alerts"

  # Configuration for NATS JetStream
    # A list of NATS Server addresses to connect to. If none are specified, an
    # internal NATS server will be started automatically when running Dendrite in
    # monolith mode. For polylith deployments, it is required to specify the address
    # of at least one NATS Server node.
    # - localhost:4222

    # Disable the validation of TLS certificates of NATS. This is
    # not recommended in production since it may allow NATS traffic
    # to be sent to an insecure endpoint.
    disable_tls_validation: false

    # Persistent directory to store JetStream streams in. This directory should be
    # preserved across Dendrite restarts.
    storage_path: /var/dendrite/jetstream

    # The prefix to use for stream names for this homeserver - really only useful
    # if you are running more than one Dendrite server on the same NATS deployment.
    topic_prefix: Dendrite

  # Configuration for Prometheus metric collection.
    enabled: false
      username: metrics
      password: metrics

  # Optional DNS cache. The DNS cache may reduce the load on DNS servers if there
  # is no local caching resolver available for use.
    enabled: false
    cache_size: 256
    cache_lifetime: "5m" # 5 minutes;

# Configuration for the Appservice API.
  # Disable the validation of TLS certificates of appservices. This is
  # not recommended in production since it may allow appservice traffic
  # to be sent to an insecure endpoint.
  disable_tls_validation: false
    connection_string: file:///var/sqlite/dendrite/appservice
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

  # Appservice configuration files to load into this homeserver.
  #  - /path/to/appservice_registration.yaml

# Configuration for the Client API.
  # Prevents new users from being able to register on this homeserver, except when
  # using the registration shared secret below.
  registration_disabled: true

  # Prevents new guest accounts from being created. Guest registration is also
  # disabled implicitly by setting 'registration_disabled' above.
  guests_disabled: true

  # If set, allows registration by anyone who knows the shared secret, regardless
  # of whether registration is otherwise disabled.
  registration_shared_secret: ""

  # Whether to require reCAPTCHA for registration. If you have enabled registration
  # then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used
  # for coordinated spam attacks.
  enable_registration_captcha: false

  # Settings for ReCAPTCHA.
  recaptcha_public_key: ""
  recaptcha_private_key: ""
  recaptcha_bypass_secret: ""
  recaptcha_siteverify_api: ""

  # TURN server information that this homeserver should send to clients.
    turn_user_lifetime: "5m"
    #  -
    #  -
    turn_shared_secret: ""
    # If your TURN server requires static credentials, then you will need to enter
    # them here instead of supplying a shared secret. Note that these credentials
    # will be visible to clients!
    # turn_username: ""
    # turn_password: ""

  # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
  # number of "slots" have been taken by requests from a specific host. Each "slot"
  # will be released after the cooloff time in milliseconds. Server administrators
  # and appservice users are exempt from rate limiting by default.
    enabled: true
    threshold: 20
    cooloff_ms: 500
    #  - ""

# Configuration for the Federation API.
  # How many times we will try to resend a failed transaction to a specific server. The
  # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. Once
  # the max retries are exceeded, Dendrite will no longer try to send transactions to
  # that server until it comes back to life and connects to us again.
  send_max_retries: 16

  # Disable the validation of TLS certificates of remote federated homeservers. Do not
  # enable this option in production as it presents a security risk!
  disable_tls_validation: false

  # Perspective keyservers to use as a backup when direct key fetches fail. This may
  # be required to satisfy key requests for servers that are no longer online when
  # joining some rooms.
    - server_name:
        - key_id: ed25519:auto
          public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
        - key_id: ed25519:a_RXGa
          public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ

  # This option will control whether Dendrite will prefer to look up keys directly
  # or whether it should try perspective servers first, using direct fetches as a
  # last resort.
  prefer_direct_fetch: false
    connection_string: file:///var/sqlite/dendrite/federationapi
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

# Configuration for the Media API.
  # Storage path for uploaded media. May be relative or absolute.
  base_path: /var/dendrite/media
    connection_string: file:///var/sqlite/dendrite/mediaapi
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

  # The maximum allowed file size (in bytes) for media uploads to this homeserver
  # (0 = unlimited). If using a reverse proxy, ensure it allows requests at least
  #this large (e.g. the client_max_body_size setting in nginx).
  max_file_size_bytes: 10485760

  # Whether to dynamically generate thumbnails if needed.
  dynamic_thumbnails: false

  # The maximum number of simultaneous thumbnail generators to run.
  max_thumbnail_generators: 10

  # A list of thumbnail sizes to be generated for media content.
    - width: 32
      height: 32
      method: crop
    - width: 96
      height: 96
      method: crop
    - width: 640
      height: 480
      method: scale

# Configuration for enabling experimental MSCs on this homeserver.
  #  - msc2836  # (Threading, see
  #  - msc2946  # (Spaces Summary, see
    connection_string: file:///var/sqlite/dendrite/mscs
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

# Configuration for the Sync API.
  # This option controls which HTTP header to inspect to find the real remote IP
  # address of the client. This is likely required if Dendrite is running behind
  # a reverse proxy server.
  # real_ip_header: X-Real-IP
    connection_string: file:///var/sqlite/dendrite/syncapi
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

# Configuration for the User API.
  # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
  # See for more information.
  # Setting this lower makes registration/login consume less CPU resources at the cost
  # of security should the database be compromised. Setting this higher makes registration/login
  # consume more CPU resources but makes it harder to brute force password hashes. This value
  # can be lowered if performing tests or on embedded Dendrite instances (e.g WASM builds).
  bcrypt_cost: 10

  # The length of time that a token issued for a relying party from
  # /_matrix/client/r0/user/{userId}/openid/request_token endpoint
  # is considered to be valid in milliseconds.
  # The default lifetime is 3600000ms (60 minutes).
  # openid_token_lifetime_ms: 3600000
    connection_string: file:///var/sqlite/dendrite/userapi
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

# Configuration for Opentracing.
# See for information on
# how this works and how to set it up.
  enabled: false
    serviceName: ""
    disabled: false
    rpc_metrics: false
    tags: []
    sampler: null
    reporter: null
    headers: null
    baggage_restrictions: null
    throttler: null

# Logging configuration. The "std" logging type controls the logs being sent to
# stdout. The "file" logging type controls logs being written to a log folder on
# the disk. Supported log levels are "debug", "info", "warn", "error".
  - type: std
    level: info

# The following were taken from
# and
    connection_string: file:///var/sqlite/dendrite/roomserver
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30
    connection_string: file:///var/sqlite/dendrite/keyserver
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: 30

Well, definitely not production ready. Nor is there a built-in client which makes sense. At a future point I will have to carve out time to find a decent client to see if it works as a reasonable competitor to Slack.