Commit ce7d0e3a authored by ecobytes collective's avatar ecobytes collective

init

parents
Pipeline #198 canceled with stages
files/*
turn/*
*.env
*.env.*
# compose-matrix
This composition aligns Matrix' `synapse` and `riot` with `postgres` and `coturn`.
## Dependencies
- Docker
- Docker Compose
## Opinionated environment
- libre.sh
- seperate data and database ZFS datasets
- Træfik TLS termination
- Turn configuration
- Weave network
## Installation
```
git clone https://lab.libreho.st/ecobytes/compose/compose-matrix.git
cd compose-matrix
docker-compose pull
```
Please refer to the official Docker installation instructions, to proceed with configuring your homeserver.
- https://github.com/matrix-org/synapse/tree/master/docker
- https://github.com/matrix-org/synapse/blob/master/INSTALL.md#setting-up-synapse
- https://github.com/matrix-org/synapse/blob/bee1982d177234d92d06c352a303653eee9c1e98/docs/sample_config.yaml
An exemplary configuration is provided for
- `files/homeserver.yaml.example`
- `riot/config.json.example`
- `turn/turnserver.conf.example`
from which you can adapt your settings. Please make sure to replace the `SECRET` placeholders accordingly when not generating the configuration file automatically.
```
docker-compose up
```
If that works according to your wishes, one may also comment the `logging` sections to verify, you can enable and start your libre.sh application.
```
libre enable
libre start
```
Also see:
- https://github.com/spantaleev/matrix-docker-ansible-deploy
## Maintenance
Update tagged application versions
```
sed -i 's/riot-web:v1.5.3/riot-web:v1.5.6/' docker-compose.yaml
sed -i 's/synapse:v1.5.1/synapse:v1.7.0/' docker-compose.yaml
docker-compose pull synapse riot
```
Recycle chosen containers
docker-compose stop synapse riot && docker-compose rm -f synapse riot && docker-compose up -d
Recycle all containers
```
docker-compose stop
docker-compose rm -f
docker-compose up -d
```
or
libre restart
## License
2019 Ecobytes e.V., Jon Richter, Public Domain.
version: '2'
services:
riot:
image: vectorim/riot-web:v1.5.6
labels:
- traefik.enable=true
- traefik.backend=matrix-riot
- traefik.frontend.rule=Host:riot.allmende.io
- traefik.frontend.passHostHeader=true
- traefik.frontend.redirect.entryPoint=https
- traefik.docker.network=web
- traefik.port=80
volumes:
- /data/domains/matrix.allmende.io/riot/config.json:/app/config.json
logging:
driver: none
networks:
- web
synapse:
image: docker.io/matrixdotorg/synapse:v1.7.0
env_file: ["./synapse.env"]
labels:
- traefik.enable=true
- traefik.backend=matrix-allmende
- traefik.frontend.rule=Host:matrix.allmende.io
- traefik.frontend.passHostHeader=true
- traefik.frontend.redirect.entryPoint=https
- traefik.docker.network=web
- traefik.port=8008
volumes:
- /data/domains/matrix.allmende.io/files:/data
- /data/media/matrix.allmende.io:/data/media
logging:
driver: none
networks:
- web
- backend
- weave
depends_on:
- data
dns: 172.17.0.1
dns_search: weave.local
coturn:
image: allmende/coturn
command: start
expose:
- "3478"
- "3479"
- "5349"
- "5350"
ports:
- "3478:3478"
- "3478:3478/udp"
- "3479:3479"
- "3479:3479/udp"
- "5349:5349"
- "5349:5349/udp"
- "5350:5350"
- "5350:5350/udp"
# - "49152-65535:49152-65535/udp"
volumes:
- /data/domains/matrix.allmende.io/turn:/data
logging:
driver: none
data:
image: "postgres:11.4-alpine"
volumes:
- /data/bases/postgres/11/data/matrix.allmende.io:/var/lib/postgresql/data
- /data/bases/postgres/11/wal/matrix.allmende.io:/var/lib/postgresql/data/pg_wal
env_file: ["postgres.env"]
networks:
- backend
logging:
driver: none
networks:
web:
external: true
backend:
driver: bridge
weave:
external: true
# vim:ft=yaml
# See https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml
## TLS ##
## Server ##
server_name: "matrix.allmende.io"
pid_file: /homeserver.pid
web_client: False
soft_file_limit: 0
log_config: "/data/log.config"
public_baseurl: https://matrix.allmende.io/
federation_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
## Ports ##
listeners:
- port: 8008
tls: false
bind_addresses: ['::']
type: http
x_forwarded: true
resources:
- names: [client, consent]
compress: true
- names: [federation]
compress: false
## Database ##
database:
name: "psycopg2"
args:
user: "matrix"
password: "POSTGRES_PASSWORD"
database: "matrix"
host: "data"
port: "5432"
cp_min: 5
cp_max: 10
## Performance ##
event_cache_size: "10K"
## Ratelimiting ##
# Using defaults
## Files ##
media_store_path: "/data/media"
uploads_path: "/data/uploads"
max_upload_size: "50M"
max_image_pixels: "32M"
dynamic_thumbnails: false
# List of thumbnail to precalculate when an image is uploaded.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: True
max_spider_size: "10M"
## Captcha ##
recaptcha_public_key: "YOUR_PUBLIC_KEY"
recaptcha_private_key: "YOUR_PRIVATE_KEY"
enable_registration_captcha: False
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
## Turn ##
turn_uris:
- "turn:matrix.allmende.io:3478?transport=udp"
- "turn:matrix.allmende.io:3478?transport=tcp"
- "turn:matrix.allmende.io:3479?transport=udp"
- "turn:matrix.allmende.io:3479?transport=tcp"
- "turn:matrix.allmende.io:5349?transport=udp"
- "turn:matrix.allmende.io:5349?transport=tcp"
- "turn:matrix.allmende.io:5350?transport=udp"
- "turn:matrix.allmende.io:5350?transport=tcp"
turn_shared_secret: "TURN_SHARED_SECRET"
turn_user_lifetime: "1h"
turn_allow_guests: True
## Registration ##
enable_registration: True
registration_shared_secret: "REGISTRATION_SHARED_SECRET"
bcrypt_rounds: 12
allow_guest_access: True
enable_group_creation: true
# The list of identity servers trusted to verify third party
# identifiers by this server.
#
# Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily).
trusted_third_party_id_servers:
- matrix.org
- vector.im
## Metrics ###
enable_metrics: True
report_stats: True
## API Configuration ##
room_invite_state_types:
- "m.room.join_rules"
- "m.room.canonical_alias"
- "m.room.avatar"
- "m.room.encryption"
- "m.room.name"
app_service_config_files:
- "/data/appservices/gitter-registration.yaml"
- "/data/appservices/appservice-dimension-jQtnPd3WGyuFQGvalwL714Za8.yaml"
- "/data/appservices/mautrix.yaml"
macaroon_secret_key: "MACROON_SECRET_KEY"
expire_access_token: False
## Signing Keys ##
signing_key_path: "/data/matrix.allmende.io.signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
# The trusted servers to download signing keys from.
trusted_key_servers:
- server_name: "matrix.org"
verify_keys:
"ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
password_config:
enabled: true
email:
enable_notifs: true
smtp_host: "email.ecobytes.net"
smtp_port: "587"
notif_from: "%(app) <user@host>"
smtp_user: ""
smtp_pass: ""
app_name: Matrix
notif_for_new_users: true
riot_base_url: "https://riot.allmende.io"
trust_identity_server_for_password_resets: true
# If set to 'false', requires authentication to access the server's public rooms
# directory through the client API. Defaults to 'true'.
#
allow_public_rooms_without_auth: true
# If set to 'false', forbids any other homeserver to fetch the server's public
# rooms directory via federation. Defaults to 'true'.
#
allow_public_rooms_over_federation: true
POSTGRES_USER=matrix
POSTGRES_PASSWORD=
{
"default_hs_url": "https://matrix.allmende.io",
"default_is_url": "https://vector.im",
"brand": "Allmende",
"integrations_ui_url": "https://connect.allmende.io/riot",
"integrations_rest_url": "https://connect.allmende.io/api/v1/scalar",
"integrations_widgets_urls": ["https://connect.allmende.io/widgets"],
"integrations_jitsi_widget_url": "https://connect.allmende.io/widgets/jitsi",
"features": {
"feature_lazyloading": "enable",
"feature_room_breadcrumbs": "labs"
},
"showLabsSettings": true,
"default_federate": true,
"welcomePageUrl": "home.html",
"default_theme": "light",
"roomDirectory": {
"servers": [
"matrix.allmende.io",
"matrix.org",
"chat.weho.st",
"tomesh.net",
"disroot.org"
]
},
"welcomeUserId": "@riot-bot:matrix.org",
"piwik": {
"url": "https://piwik.allmende.io/",
"whitelistedHSUrls": ["https://matrix.org", "https://matrix.allmende.io"],
"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
"siteId": 13
},
"enable_presence_by_hs_url": {
"https://matrix.org": false
}
}
SYNAPSE_SERVER_NAME=matrix.allmende.io
SYNAPSE_REPORT_STATS=yes
lt-cred-mech
use-auth-secret
static-auth-secret=TURN_SHARED_SECRET
realm=turn.matrix.allmende.io
cert=/data/matrix.allmende.io.tls.crt
pkey=/data/matrix.allmende.io.tls.key
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment