coop-cloud/matrix-synapse
coop-cloud/matrix-synapse
4
0
Fork 1
Code Issues 3 Pull Requests Releases Wiki Activity
281 Commits 5 Branches 44 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
marlon 32721ace23
All checks were successful
continuous-integration/drone/push Build is passing
Details
Merge pull request 'Add REGISTRATION_REQUIRES_TOKEN to matrix config' (#46) from FunPecan/matrix-synapse:add-registration-token into main 
Reviewed-on: #46
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
2025-04-15 21:47:06 +00:00
release
Update release notes
2024-04-13 11:05:21 -03:00
.drone.yml
bump python version in shared_secret_authenticator module
2025-02-11 19:01:59 +01:00
.env.sample
Add regsitration token
2025-04-14 16:49:58 -07:00
.gitignore
chore: ignore synapse clone
2022-02-08 01:37:10 +01:00
abra.sh
Bump homeserver version
2025-04-15 08:45:05 -07:00
admin.conf.tmpl
add synapse-admin
2025-01-28 17:42:07 +01:00
alaconnect.yml
add alakazam integration file alaconnect.yml
2024-05-13 17:37:27 +02:00
compose.admin.yml
add synapse-admin
2025-01-28 17:42:07 +01:00
compose.discord.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.keycloak2.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.keycloak3.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.keycloak.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.shared_secret_auth.yml
bump python version in shared_secret_authenticator module
2025-02-11 19:01:59 +01:00
compose.signal.yml
updated signal bridge to 0.7.5 and added env var for default encry bridge2server
2025-01-16 14:15:04 +01:00
compose.smtp.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.telegram.yml
update backupbot label
2024-10-24 14:30:32 +02:00
compose.turn.yml
app → web, synapse → app
2024-04-12 12:30:05 -03:00
compose.yml
Add regsitration token
2025-04-14 16:49:58 -07:00
discord_bridge.yaml.tmpl
fix: make bridge logging ERROR only
2023-01-08 01:11:58 +01:00
entrypoint.sh.tmpl
finalize signal bot upgrade
2024-09-19 14:57:49 +02:00
homeserver.yaml.tmpl
Add regsitration token
2025-04-14 16:49:58 -07:00
log.config.tmpl
feat: more privacy friendly defaults
2022-02-08 00:32:28 +01:00
nginx.conf.tmpl
add synapse-admin
2025-01-28 17:42:07 +01:00
pg_backup.sh
update backupbot label
2024-10-24 14:30:32 +02:00
README.md
add script to setup bridge tokens
2025-01-17 15:43:47 +01:00
shared_secret_authenticator.py
feat: shared secret auth
2022-09-22 16:01:19 +02:00
signal_bridge.yaml.tmpl
updated signal bridge to 0.7.5 and added env var for default encry bridge2server
2025-01-16 14:15:04 +01:00
telegram_bridge.yaml.tmpl
feat: sync_channel_members configurable for telegram bridge
2023-05-10 17:57:54 +02:00
well_known_client.conf.tmpl
feat: use nginx proxy, config for public rooms (fedi)
2023-10-08 01:41:29 +02:00
well_known_server.conf.tmpl
feat: use nginx proxy, config for public rooms (fedi)
2023-10-08 01:41:29 +02:00

README.md

Matrix (Synapse)

  • Category: Apps
  • Status: 0, work-in-progress
  • Image: matrixdotorg/synapse, 4, upstream
  • Healthcheck: Yes
  • Backups: No
  • Email: Yes
  • Tests: No
  • SSO: Yes

Basic usage

  1. Set up Docker Swarm and abra
  2. Deploy coop-cloud/traefik
  3. abra app new matrix-synapse --secrets (optionally with --pass if you'd like to save secrets in pass)
  4. abra app config YOURAPPDOMAIN - be sure to change $DOMAIN to something that resolves to your Docker swarm box
  5. abra app deploy YOURAPPDOMAIN
  6. Create an initial user: abra app run YOURAPPDOMAIN app register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008

Tips & Tricks

Create User

register_new_matrix_user -u <username> -k $(cat /var/run/secrets/registration) -p <password>

Set Admin User

abra app cmd YOURAPPDOMAIN db set_admin <adminuser>

Disabling federation

  • Use DISABLE_FEDERATION=1 to turn off federation listeners
  • Don't use compose.matrix.yml in your traefik config to keep the federation ports closed

Enabling federation

See #27 for more. Depending on your setup, using SERVE_SERVER_WELLKNOWN=true might work to start federating. Make sure you don't leave DISABLE_FEDERATION=1 set!

Getting client discovery on a custom domain

You'll need to deploy something like this. This could be implemented in this recipe but we haven't merged it in yet. Change sets are welcome.

Bridges

For all Bridges:

  • Setting it up is a bit of a chicken/egg & chasing cats moment.
  • Make sure to uncomment APP_SERVICES_ENABLED, HOMESERVER_URL, HOMESERVER_DOMAIN, compose.shared_secret_auth.yml, SHARED_SECRET_AUTH_ENABLED and SECRET_SHARED_SECRET_AUTH_VERSION
  • include the registration in synapse, e.g. APP_SERVICE_CONFIGS="[\"/telegram-data/registration.yaml\"]"
  • and set yourself as admin, e.g.: TELEGRAM_BRIDGE_PERMISSIONS="{ \"*\": \"relaybot\", \"@akadmin:example.com\": \"admin\"}"

Telegram bridging

You need to get your bot setup on the telegram side first by creating a telegram app and a telegram bot and have these values:

api_id: ...
api_hash: ...
telegram_bot_token: ...

Experimental script for a automated token replacement:

DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN

abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens telegram

Alternatively a manual guide for the necessary steps:

DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN

abra app deploy $DOMAIN
abra app run $DOMAIN telegrambridge cat /data/registration.yaml
abra app undeploy $DOMAIN

abra app secret rm $DOMAIN telegram_as_token
abra app secret insert $DOMAIN telegram_as_token v1 <secret>

abra app secret rm $DOMAIN telegram_hs_token
abra app secret insert $DOMAIN telegram_hs_token v1 <secret>

abra app deploy $DOMAIN

Some helpful documentation:

Discord bridging

WIP docs

Just as messy as the Telegram bridging above! Rough guide:

  • get a local copy of config.yaml
  • fill it out with the values you need, all the discord token stuff, etc.
  • run mkdir -p data && cp config.yaml data/ then docker run --rm -v data:/data halfshot/matrix-appservice-discord:v1.0.0 sh -c "cd /data && node /build/src/discordas.js -r -u "http://discordbridge:9005" -c config.yaml"
  • this generates the app service registration configuration you need to feed to the homeserver
  • run secret generation for the discord_db_password, insert your discord_bot_token
  • run abra app cp <domain> discord-registration.yaml app:/discord-data (it has to be called discord-registration.yaml)
  • deploy the bridge & happy hacking

Some helpful documentation:

Signal bridging

Experimental script for a more automated token replacement:

DOMAIN=<domain>
abra app secret generate -a $DOMAIN
abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens signal

Alternatively a manual guide for the necessary steps:

DOMAIN=<domain>
abra app secret insert $DOMAIN signal_hs_token v1 foo
abra app secret insert $DOMAIN signal_as_token v1 foo
abra app secret generate $DOMAIN -a
abra app deploy $DOMAIN
abra app run $DOMAIN signalbridge cat /data/registration.yaml

abra app secret rm $DOMAIN signal_as_token
abra app secret insert $DOMAIN signal_as_token v1 <secret>
abra app secret rm $DOMAIN signal_hs_token
abra app secret insert $DOMAIN signal_hs_token v1 <secret>

abra app deploy $DOMAIN
  • message @signalbot:example.com to test
  • See the docs for authentication
Description
Open, interoperable, decentralised real-time communication
https://matrix.org
recipe
Readme 2.3 MiB
Languages
Python 57.3%
Shell 36.1%
Roff 6.6%