diff --git a/Caddyfile b/Caddyfile index 3852b49..35657ea 100644 --- a/Caddyfile +++ b/Caddyfile @@ -89,6 +89,33 @@ vw.alogins.net { reverse_proxy localhost:8041 } +mtx.alogins.net { + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver":{"base_url":"https://mtx.alogins.net"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://lkjwt.alogins.net"}]}` + } + handle /.well-known/matrix/server { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.server":"mtx.alogins.net:443"}` + } + handle /_matrix/client/unstable/org.matrix.msc4143/rtc/transports { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"foci":[{"type":"livekit","livekit_service_url":"https://lkjwt.alogins.net"}]}` + } + reverse_proxy localhost:8008 +} + +lkjwt.alogins.net { + reverse_proxy localhost:8009 +} + +lk.alogins.net { + reverse_proxy localhost:7880 +} + localhost:8042 { reverse_proxy localhost:8041 tls internal diff --git a/matrix/.env b/matrix/.env new file mode 100644 index 0000000..f9f92f6 --- /dev/null +++ b/matrix/.env @@ -0,0 +1,7 @@ +SYNAPSE_DATA=./data/synapse +POSTGRES_DATA=./data/postgres +POSTGRES_USER=synapse +POSTGRES_PASSWORD=OimW4JUSXhZBCtLHE1kFnZ7cWVbESsxynapnJ+PSw/4= +POSTGRES_DB=synapse +LIVEKIT_KEY=devkey +LIVEKIT_SECRET=ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9 diff --git a/matrix/.gitignore b/matrix/.gitignore new file mode 100644 index 0000000..8fce603 --- /dev/null +++ b/matrix/.gitignore @@ -0,0 +1 @@ +data/ diff --git a/matrix/README.md b/matrix/README.md new file mode 100644 index 0000000..3618e0e --- /dev/null +++ b/matrix/README.md @@ -0,0 +1,105 @@ +# Matrix Home Server + +Self-hosted Matrix homeserver running on `mtx.alogins.net`. + +## Stack + +| Service | Purpose | +|---------|---------| +| Synapse | Matrix homeserver | +| PostgreSQL | Synapse database | +| LiveKit | MatrixRTC media server (calls) | +| lk-jwt-service | LiveKit JWT auth for Matrix users | +| coturn | TURN/STUN server (ICE fallback) | + +## Clients + +- **Element X** (Android/iOS) — recommended, full call support +- **FluffyChat** — messaging only, calls not supported + +Connect clients to: `https://mtx.alogins.net` + +## Users + +| Username | Admin | +|----------|-------| +| admin | yes | +| elizaveta | no | +| aleksandra | no | + +## Managing Users + +```bash +# Add user +docker exec synapse register_new_matrix_user \ + -c /data/homeserver.yaml \ + -u -p --no-admin \ + http://localhost:8008 + +# Add admin +docker exec synapse register_new_matrix_user \ + -c /data/homeserver.yaml \ + -u -p -a \ + http://localhost:8008 +``` + +## Start / Stop + +```bash +cd /home/alvis/agap_git/matrix + +docker compose up -d # start all +docker compose down # stop all +docker compose restart # restart all +docker compose ps # status +docker compose logs -f # logs +``` + +## Caddy + +Entries in `/home/alvis/agap_git/Caddyfile`: + +| Domain | Purpose | +|--------|---------| +| `mtx.alogins.net` | Synapse + well-known | +| `lk.alogins.net` | LiveKit SFU | +| `lkjwt.alogins.net` | LiveKit JWT service | + +Deploy Caddyfile changes: +```bash +sudo cp /home/alvis/agap_git/Caddyfile /etc/caddy/Caddyfile && sudo systemctl reload caddy +``` + +## Firewall Ports Required + +| Port | Protocol | Service | +|------|----------|---------| +| 443 | TCP | Caddy (HTTPS) | +| 3478 | UDP+TCP | coturn TURN | +| 5349 | UDP+TCP | coturn TURNS | +| 7881 | TCP | LiveKit | +| 49152-65535 | UDP | coturn relay | +| 50100-50200 | UDP | LiveKit media | + +## Data Locations + +| Data | Path | +|------|------| +| Synapse config & media | `./data/synapse/` | +| PostgreSQL data | `./data/postgres/` | +| LiveKit config | `./livekit/livekit.yaml` | +| coturn config | `./coturn/turnserver.conf` | + +## First-Time Setup (reference) + +```bash +# Generate Synapse config +docker run --rm \ + -v ./data/synapse:/data \ + -e SYNAPSE_SERVER_NAME=mtx.alogins.net \ + -e SYNAPSE_REPORT_STATS=no \ + matrixdotorg/synapse:latest generate + +# Edit database section in data/synapse/homeserver.yaml, then: +docker compose up -d +``` diff --git a/matrix/coturn/turnserver.conf b/matrix/coturn/turnserver.conf new file mode 100644 index 0000000..98bf768 --- /dev/null +++ b/matrix/coturn/turnserver.conf @@ -0,0 +1,18 @@ +listening-port=3478 +tls-listening-port=5349 + +external-ip=83.99.190.32/192.168.1.3 + +realm=mtx.alogins.net +server-name=mtx.alogins.net + +use-auth-secret +static-auth-secret=144152cc09030796a4fd0109437dfc2089db2d5181b848d38d20c646c1d7a14b + +no-multicast-peers +denied-peer-ip=10.0.0.0-10.255.255.255 +denied-peer-ip=172.16.0.0-172.31.255.255 +denied-peer-ip=192.168.0.0-192.168.255.255 + +log-file=stdout +no-software-attribute diff --git a/matrix/docker-compose.yml b/matrix/docker-compose.yml new file mode 100644 index 0000000..23a66e7 --- /dev/null +++ b/matrix/docker-compose.yml @@ -0,0 +1,73 @@ +services: + synapse: + image: matrixdotorg/synapse:latest + container_name: synapse + restart: unless-stopped + volumes: + - ${SYNAPSE_DATA}:/data + - /etc/localtime:/etc/localtime:ro + environment: + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + ports: + - "127.0.0.1:8008:8008" + depends_on: + - db + networks: + - matrix + - frontend + + db: + image: postgres:16-alpine + container_name: synapse-db + restart: unless-stopped + environment: + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} + - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C + volumes: + - ${POSTGRES_DATA}:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro + networks: + - matrix + + lk-jwt-service: + image: ghcr.io/element-hq/lk-jwt-service:latest + container_name: lk-jwt-service + restart: unless-stopped + ports: + - "127.0.0.1:8009:8080" + environment: + - LIVEKIT_JWT_BIND=:8080 + - LIVEKIT_URL=wss://lk.alogins.net + - LIVEKIT_KEY=${LIVEKIT_KEY} + - LIVEKIT_SECRET=${LIVEKIT_SECRET} + - LIVEKIT_FULL_ACCESS_HOMESERVERS=mtx.alogins.net + extra_hosts: + - "mtx.alogins.net:host-gateway" + - "lk.alogins.net:host-gateway" + + livekit: + image: livekit/livekit-server:latest + container_name: livekit + restart: unless-stopped + network_mode: host + volumes: + - ./livekit/livekit.yaml:/etc/livekit.yaml:ro + command: --config /etc/livekit.yaml + + coturn: + image: coturn/coturn:latest + container_name: coturn + restart: unless-stopped + network_mode: host + volumes: + - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro + - /etc/localtime:/etc/localtime:ro + +networks: + matrix: + driver: bridge + internal: true + frontend: + driver: bridge diff --git a/matrix/livekit/livekit.yaml b/matrix/livekit/livekit.yaml new file mode 100644 index 0000000..cce60b6 --- /dev/null +++ b/matrix/livekit/livekit.yaml @@ -0,0 +1,15 @@ +port: 7880 +rtc: + tcp_port: 7881 + port_range_start: 50100 + port_range_end: 50200 + use_external_ip: true + +keys: + devkey: ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9 + +room: + auto_create: false + +logging: + level: info