Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker

ansible-playbook ansible-role docker jitsi matrix-org matrix-server

Go to file

Julian-Samuel Gebühr 5825a0c919 Cactus comments (#2089 ) * Add construct for cactus comments role * Adjust config files * Add docker self build to defaults * Adjust tasks * Fix smaller syntax errors * Fix env argument * Add tmp path to allow container writing there Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir * Change port back to 5000 as not configurable in container * Try to add appservice config file for synapse to use * Inject appservice file * Correct copied variable name * Comment out unused app service file injection would need mounting the appservice file to the synapse container i guess * Move role before synapse to be able to inject during runtime * Remove unused parts * Change default user id to mirror official docs * Add docs * Update roles/matrix-cactus-comments/tasks/setup_install.yml Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Generate secrets if necessary, adjust docs * Rename cactusbot userid * Shorten salt strings Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Use tmpfs instead of persistent mount * Remove proxy option as it is nonsense * Add download and serving of cc-client files * Add documentation on client * Clarify docs a bit * Add nginx proxy to required services Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use container address Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct comment of user id Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Use releases or local distributed client Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Move homeserver url to defaults Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Correct truth value Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Add documentation of variables Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Tabs vs. spaces Co-authored-by: Slavi Pantaleev <slavi@devture.com> * Make nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Complete ake nginx root configurable Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix file permission Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> * Fix lint errors Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net> Co-authored-by: Slavi Pantaleev <slavi@devture.com>		2022-09-09 14:37:52 +03:00
.config	Fix (suppress) var-naming ansible-lint errors	2022-07-18 16:43:12 +03:00
.github	rename job	2022-07-17 17:10:15 +03:00
collections	fix: all praise the allmighty yamllinter	2022-02-05 21:32:54 +01:00
docs	Cactus comments (#2089 )	2022-09-09 14:37:52 +03:00
examples	run the playbook on multiple hosts with different credentials (#1980 )	2022-07-26 16:34:55 +03:00
group_vars	Cactus comments (#2089 )	2022-09-09 14:37:52 +03:00
inventory	run the playbook on multiple hosts with different credentials (#1980 )	2022-07-26 16:34:55 +03:00
roles	Cactus comments (#2089 )	2022-09-09 14:37:52 +03:00
.editorconfig	Add comment about trailing whitespace in Markdown	2019-02-01 11:00:25 +02:00
.gitignore	Adding '.python-version' to .gitignore	2020-10-06 11:42:32 +02:00
.yamllint	fix: ignore generated file on yamllint	2022-02-09 15:03:39 +01:00
CHANGELOG.md	Announce Postmoogle email bridge bot	2022-08-23 14:16:10 +03:00
LICENSE	Add LICENSE file	2018-08-17 09:01:06 +03:00
Makefile	Add Makefile and lint target	2022-07-18 16:51:33 +03:00
README.md	Cactus comments (#2089 )	2022-09-09 14:37:52 +03:00
ansible.cfg	Use the yaml callback plugin when running ansible-playbook	2021-02-18 15:57:05 +01:00
setup.yml	Cactus comments (#2089 )	2022-09-09 14:37:52 +03:00

README.md

Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker

Purpose

This Ansible playbook is meant to help you run your own Matrix homeserver, along with the various services related to that.

That is, it lets you join the Matrix network using your own @<username>:<your-domain> identifier, all hosted on your own server (see prerequisites).

We run all services in Docker containers (see the container images we use), which lets us have a predictable and up-to-date setup, across multiple supported distros (see prerequisites) and architectures (x86/amd64 being recommended).

Installation (upgrades) and some maintenance tasks are automated using Ansible (see our Ansible guide).

Supported services

Using this playbook, you can get the following services configured on your server:

(optional, default) a Synapse homeserver - storing your data and managing your presence in the Matrix network
(optional) a Conduit homeserver - storing your data and managing your presence in the Matrix network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements
(optional) a Dendrite homeserver - storing your data and managing your presence in the Matrix network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
(optional) Amazon S3 storage for Synapse's content repository (media_store) files using Goofys
(optional, default) PostgreSQL database for Synapse. Using an external PostgreSQL server is also possible.
(optional, default) a coturn STUN/TURN server for WebRTC audio/video calls
(optional, default) free Let's Encrypt SSL certificate, which secures the connection to the Synapse server and the Element web UI
(optional, default) an Element (formerly Riot) web UI, which is configured to connect to your own Synapse server by default
(optional) a ma1sd Matrix Identity server
(optional, default) an Exim mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server)
(optional, default) an nginx web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver is possible
(optional, advanced) the matrix-synapse-rest-auth REST authentication password provider module
(optional, advanced) the matrix-synapse-shared-secret-auth password provider module
(optional, advanced) the matrix-synapse-ldap3 LDAP Auth password provider module
(optional, advanced) the synapse-simple-antispam spam checker module
(optional, advanced) the Matrix Corporal reconciliator and gateway for a managed Matrix server
(optional) the mautrix-discord bridge for bridging your Matrix server to Discord - see docs/configuring-playbook-bridge-mautrix-discord.md for setup documentation
(optional) the mautrix-telegram bridge for bridging your Matrix server to Telegram
(optional) the mautrix-whatsapp bridge for bridging your Matrix server to WhatsApp
(optional) the mautrix-facebook bridge for bridging your Matrix server to Facebook
(optional) the mautrix-twitter bridge for bridging your Matrix server to Twitter
(optional) the mautrix-hangouts bridge for bridging your Matrix server to Google Hangouts
(optional) the mautrix-googlechat bridge for bridging your Matrix server to Google Chat
(optional) the mautrix-instagram bridge for bridging your Matrix server to Instagram
(optional) the mautrix-signal bridge for bridging your Matrix server to Signal
(optional) the beeper-linkedin bridge for bridging your Matrix server to LinkedIn
(optional) the matrix-appservice-irc bridge for bridging your Matrix server to IRC
(optional) the matrix-appservice-discord bridge for bridging your Matrix server to Discord
(optional) the matrix-appservice-slack bridge for bridging your Matrix server to Slack
(optional) the matrix-appservice-webhooks bridge for slack compatible webhooks (ConcourseCI, Slack etc. pp.)
(optional) the matrix-hookshot bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular
(optional) the matrix-sms-bridge for bridging your Matrix server to SMS - see docs/configuring-playbook-bridge-matrix-bridge-sms.md for setup documentation
(optional) the Heisenbridge for bridging your Matrix server to IRC bouncer-style - see docs/configuring-playbook-bridge-heisenbridge.md for setup documentation
(optional) the go-skype-bridge for bridging your Matrix server to Skype - see docs/configuring-playbook-bridge-go-skype-bridge.md for setup documentation
(optional) the mx-puppet-slack for bridging your Matrix server to Slack - see docs/configuring-playbook-bridge-mx-puppet-slack.md for setup documentation
(optional) the mx-puppet-instagram bridge for Instagram-DMs (Instagram) - see docs/configuring-playbook-bridge-mx-puppet-instagram.md for setup documentation
(optional) the mx-puppet-twitter bridge for Twitter-DMs (Twitter) - see docs/configuring-playbook-bridge-mx-puppet-twitter.md for setup documentation
(optional) the mx-puppet-discord bridge for Discord - see docs/configuring-playbook-bridge-mx-puppet-discord.md for setup documentation
(optional) the mx-puppet-groupme bridge for GroupMe - see docs/configuring-playbook-bridge-mx-puppet-groupme.md for setup documentation
(optional) the mx-puppet-steam bridge for Steam - see docs/configuring-playbook-bridge-mx-puppet-steam.md for setup documentation
(optional) Email2Matrix for relaying email messages to Matrix rooms - see docs/configuring-playbook-email2matrix.md for setup documentation
(optional) Dimension, an open source integrations manager for matrix clients - see docs/configuring-playbook-dimension.md for setup documentation
(optional) Etherpad, an open source collaborative text editor - see docs/configuring-playbook-etherpad.md for setup documentation
(optional) Jitsi, an open source video-conferencing platform - see docs/configuring-playbook-jitsi.md for setup documentation
(optional) matrix-reminder-bot for scheduling one-off & recurring reminders and alarms - see docs/configuring-playbook-bot-matrix-reminder-bot.md for setup documentation
(optional) matrix-registration-bot for invitations by creating and managing registration tokens - see docs/configuring-playbook-bot-matrix-registration-bot.md for setup documentation
(optional) maubot a plugin-based Matrix bot system - see docs/configuring-playbook-bot-maubot.md for setup documentation
(optional) honoroit helpdesk bot - see docs/configuring-playbook-bot-honoroit.md for setup documentation
(optional) Postmoogle email to matrix bot - see docs/configuring-playbook-bot-postmoogle.md for setup documentation
(optional) Go-NEB multi functional bot written in Go - see docs/configuring-playbook-bot-go-neb.md for setup documentation
(optional) Mjolnir, a moderation tool for Matrix - see docs/configuring-playbook-bot-mjolnir.md for setup documentation
(optional) synapse-admin, a web UI tool for administrating users and rooms on your Matrix server - see docs/configuring-playbook-synapse-admin.md for setup documentation
(optional) matrix-registration, a simple python application to have a token based matrix registration - see docs/configuring-playbook-matrix-registration.md for setup documentation
(optional) the Prometheus time-series database server, the Prometheus node-exporter host metrics exporter, and the Grafana web UI - see Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server for setup documentation
(optional) the Sygnal push gateway - see Setting up the Sygnal push gateway for setup documentation
(optional) the ntfy push notifications server - see docs/configuring-playbook-ntfy.md for setup documentation
(optional) the Hydrogen web client - see docs/configuring-playbook-client-hydrogen.md for setup documentation
(optional) the Cinny web client - see docs/configuring-playbook-client-cinny.md for setup documentation
(optional) the Borg backup - see docs/configuring-playbook-backup-borg.md for setup documentation
(optional) the Buscarron bot - see docs/configuring-playbook-bot-buscarron.md for setup documentation
(optional) Cactus Comments, a federated comment system built on matrix - see docs/configuring-playbook-cactus-comments.md for setup documentation

Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.

Note: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation. You can always re-run the playbook later to add or remove components.

Installation

To configure and install Matrix on your own server, follow the README in the docs/ directory.

Changes

This playbook evolves over time, sometimes with backward-incompatible changes.

When updating the playbook, refer to the changelog to catch up with what's new.

Support

Matrix room: #matrix-docker-ansible-deploy:devture.com
IRC channel: #matrix-docker-ansible-deploy on the Libera Chat IRC network (irc.libera.chat:6697)
GitHub issues: spantaleev/matrix-docker-ansible-deploy/issues

Services by the community

etke.cc - matrix-docker-ansible-deploy and system stuff "as a service". That service will create your matrix homeserver on your domain and server (doesn't matter if it's cloud provider or on an old laptop in the corner of your room), (optional) maintains it (server's system updates, cleanup, security adjustments, tuning, etc.; matrix homeserver updates & maintenance) and (optional) provide full-featured email service for your domain