release | ||
.drone.yml | ||
.env.sample | ||
.gitignore | ||
abra.sh | ||
admin.conf.tmpl | ||
alaconnect.yml | ||
compose.admin.yml | ||
compose.discord.yml | ||
compose.keycloak2.yml | ||
compose.keycloak3.yml | ||
compose.keycloak.yml | ||
compose.shared_secret_auth.yml | ||
compose.signal.yml | ||
compose.smtp.yml | ||
compose.telegram.yml | ||
compose.turn.yml | ||
compose.yml | ||
discord_bridge.yaml.tmpl | ||
entrypoint.sh.tmpl | ||
homeserver.yaml.tmpl | ||
log.config.tmpl | ||
nginx.conf.tmpl | ||
pg_backup.sh | ||
README.md | ||
shared_secret_authenticator.py | ||
signal_bridge.yaml.tmpl | ||
telegram_bridge.yaml.tmpl | ||
well_known_client.conf.tmpl | ||
well_known_server.conf.tmpl |
Matrix (Synapse)
- Category: Apps
- Status: 0, work-in-progress
- Image:
matrixdotorg/synapse
, 4, upstream - Healthcheck: Yes
- Backups: No
- Email: Yes
- Tests: No
- SSO: Yes
Basic usage
- Set up Docker Swarm and
abra
- Deploy
coop-cloud/traefik
abra app new matrix-synapse --secrets
(optionally with--pass
if you'd like to save secrets inpass
)abra app config YOURAPPDOMAIN
- be sure to change$DOMAIN
to something that resolves to your Docker swarm boxabra app deploy YOURAPPDOMAIN
- Create an initial user:
abra app run YOURAPPDOMAIN app register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
Tips & Tricks
Create User
register_new_matrix_user -u <username> -k $(cat /var/run/secrets/registration) -p <password>
Set Admin User
abra app cmd YOURAPPDOMAIN db set_admin <adminuser>
Disabling federation
- Use
DISABLE_FEDERATION=1
to turn off federation listeners - Don't use
compose.matrix.yml
in your traefik config to keep the federation ports closed
Enabling federation
See #27
for more. Depending on your setup, using SERVE_SERVER_WELLKNOWN=true
might work to start federating. Make sure you don't leave DISABLE_FEDERATION=1
set!
Getting client discovery on a custom domain
You'll need to deploy something like this. This could be implemented in this recipe but we haven't merged it in yet. Change sets are welcome.
Bridges
For all Bridges:
- Setting it up is a bit of a chicken/egg & chasing cats moment.
- Make sure to uncomment
APP_SERVICES_ENABLED
,HOMESERVER_URL
,HOMESERVER_DOMAIN
,compose.shared_secret_auth.yml
,SHARED_SECRET_AUTH_ENABLED
andSECRET_SHARED_SECRET_AUTH_VERSION
- include the registration in synapse, e.g.
APP_SERVICE_CONFIGS="[\"/telegram-data/registration.yaml\"]"
- and set yourself as admin, e.g.:
TELEGRAM_BRIDGE_PERMISSIONS="{ \"*\": \"relaybot\", \"@akadmin:example.com\": \"admin\"}"
Telegram bridging
You need to get your bot setup on the telegram side first by creating a telegram app and a telegram bot and have these values:
api_id: ...
api_hash: ...
telegram_bot_token: ...
Experimental script for a automated token replacement:
DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN
abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens telegram
Alternatively a manual guide for the necessary steps:
DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN
abra app deploy $DOMAIN
abra app run $DOMAIN telegrambridge cat /data/registration.yaml
abra app undeploy $DOMAIN
abra app secret rm $DOMAIN telegram_as_token
abra app secret insert $DOMAIN telegram_as_token v1 <secret>
abra app secret rm $DOMAIN telegram_hs_token
abra app secret insert $DOMAIN telegram_hs_token v1 <secret>
abra app deploy $DOMAIN
Some helpful documentation:
Discord bridging
WIP docs
Just as messy as the Telegram bridging above! Rough guide:
- get a local copy of
config.yaml
- fill it out with the values you need, all the discord token stuff, etc.
- run
mkdir -p data && cp config.yaml data/
thendocker run --rm -v data:/data halfshot/matrix-appservice-discord:v1.0.0 sh -c "cd /data && node /build/src/discordas.js -r -u "http://discordbridge:9005" -c config.yaml"
- this generates the app service registration configuration you need to feed to the homeserver
- run secret generation for the
discord_db_password
, insert yourdiscord_bot_token
- run
abra app cp <domain> discord-registration.yaml app:/discord-data
(it has to be calleddiscord-registration.yaml
) - deploy the bridge & happy hacking
Some helpful documentation:
Signal bridging
Experimental script for a more automated token replacement:
DOMAIN=<domain>
abra app secret generate -a $DOMAIN
abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens signal
Alternatively a manual guide for the necessary steps:
DOMAIN=<domain>
abra app secret insert $DOMAIN signal_hs_token v1 foo
abra app secret insert $DOMAIN signal_as_token v1 foo
abra app secret generate $DOMAIN -a
abra app deploy $DOMAIN
abra app run $DOMAIN signalbridge cat /data/registration.yaml
abra app secret rm $DOMAIN signal_as_token
abra app secret insert $DOMAIN signal_as_token v1 <secret>
abra app secret rm $DOMAIN signal_hs_token
abra app secret insert $DOMAIN signal_hs_token v1 <secret>
abra app deploy $DOMAIN
- message
@signalbot:example.com
to test - See the docs for authentication