coop-cloud/matrix-synapse
coop-cloud/matrix-synapse
4
0
Fork 2
Code Issues 4 Pull Requests 1 Releases Wiki Activity
matrix-synapse/README.md

6.6 KiB
Raw Blame History

Matrix (Synapse)

  • Category: Apps
  • Status: 0, work-in-progress
  • Image: matrixdotorg/synapse, 4, upstream
  • Healthcheck: Yes
  • Backups: No
  • Email: Yes
  • Tests: No
  • SSO: Yes

Basic usage

  1. Set up Docker Swarm and abra
  2. Deploy coop-cloud/traefik
  3. abra app new matrix-synapse --secrets (optionally with --pass if you'd like to save secrets in pass)
  4. abra app config YOURAPPDOMAIN - be sure to change YOURAPPDOMAIN to something that resolves to your server running coop-cloud.
  5. abra app deploy YOURAPPDOMAIN
  6. Create an initial user: abra app run YOURAPPDOMAIN app -- register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008

Tips & Tricks

Create User

register_new_matrix_user -u <username> -k $(cat /var/run/secrets/registration) -p <password>

Set Admin User

abra app cmd YOURAPPDOMAIN db set_admin <adminuser>

Federation

Federation is how users on different servers can participate in the same chat room. Enabling federation involves allowing other Matrix servers to connect to yours, generally over port 8448. Once enabled, you can test federation at https://federationtester.matrix.org/

Enabling federation on port 8448

In this recipe, federation is enabled by default, but you have to configure traefik to expose the federation port (8448) by adding COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml" to your traefik config. You may also have to update port-forwarding rules or firewall rules to open port 8448.

Enabling federation on port 443

Alternatively, it might be easier to use a feature called delegation, which tells other Matrix servers to use port 443 for federation instead of port 8448. To use this method, set SERVE_SERVER_WELLKNOWN=true in the app config.

Note that if your synapse instance is running on a subdomain like matrix.example.com but you want your Matrix usernames to use the base domain (example.com), you will need to set SERVER_NAME=<your base domain> and configure your base domain to redirect requests to /.well-known/matrix/* to your synapse instance. More details here.

Disabling federation

If you want to completely block federation, set DISABLE_FEDERATION=1 and do not do either of steps mentioned in the previous two sections.

Bridges

For all Bridges:

  • Setting it up is a bit of a chicken/egg & chasing cats moment.
  • Make sure to uncomment APP_SERVICES_ENABLED, HOMESERVER_URL, HOMESERVER_DOMAIN, compose.shared_secret_auth.yml, SHARED_SECRET_AUTH_ENABLED and SECRET_SHARED_SECRET_AUTH_VERSION
  • include the registration in synapse, e.g. APP_SERVICE_CONFIGS="[\"/telegram-data/registration.yaml\"]"
  • and set yourself as admin, e.g.: TELEGRAM_BRIDGE_PERMISSIONS="{ \"*\": \"relaybot\", \"@akadmin:example.com\": \"admin\"}"

Telegram bridging

You need to get your bot setup on the telegram side first by creating a telegram app and a telegram bot and have these values:

api_id: ...
api_hash: ...
telegram_bot_token: ...

Experimental script for a automated token replacement:

DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN

abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens telegram

Alternatively a manual guide for the necessary steps:

DOMAIN=<domain>
abra app secret insert $DOMAIN telegram_api_hash v1 <secret>
abra app secret insert $DOMAIN telegram_bot_token v1 <secret>
abra app secret generate -a $DOMAIN

abra app deploy $DOMAIN
abra app run $DOMAIN telegrambridge cat /data/registration.yaml
abra app undeploy $DOMAIN

abra app secret rm $DOMAIN telegram_as_token
abra app secret insert $DOMAIN telegram_as_token v1 <secret>

abra app secret rm $DOMAIN telegram_hs_token
abra app secret insert $DOMAIN telegram_hs_token v1 <secret>

abra app deploy $DOMAIN

Some helpful documentation:

Discord bridging

WIP docs

Just as messy as the Telegram bridging above! Rough guide:

  • get a local copy of config.yaml
  • fill it out with the values you need, all the discord token stuff, etc.
  • run mkdir -p data && cp config.yaml data/ then docker run --rm -v data:/data halfshot/matrix-appservice-discord:v1.0.0 sh -c "cd /data && node /build/src/discordas.js -r -u "http://discordbridge:9005" -c config.yaml"
  • this generates the app service registration configuration you need to feed to the homeserver
  • run secret generation for the discord_db_password, insert your discord_bot_token
  • run abra app cp <domain> discord-registration.yaml app:/discord-data (it has to be called discord-registration.yaml)
  • deploy the bridge & happy hacking

Some helpful documentation:

Signal bridging

Experimental script for a more automated token replacement:

DOMAIN=<domain>
abra app secret generate -a $DOMAIN
abra app deploy $DOMAIN
abra app cmd -l $DOMAIN set_bridge_tokens signal

Alternatively a manual guide for the necessary steps:

DOMAIN=<domain>
abra app secret insert $DOMAIN signal_hs_token v1 foo
abra app secret insert $DOMAIN signal_as_token v1 foo
abra app secret generate $DOMAIN -a
abra app deploy $DOMAIN
abra app run $DOMAIN signalbridge cat /data/registration.yaml

abra app secret rm $DOMAIN signal_as_token
abra app secret insert $DOMAIN signal_as_token v1 <secret>
abra app secret rm $DOMAIN signal_hs_token
abra app secret insert $DOMAIN signal_hs_token v1 <secret>

abra app deploy $DOMAIN
  • message @signalbot:example.com to test
  • See the docs for authentication