Add Matrix homeserver with MatrixRTC calling support

- Synapse + PostgreSQL + coturn + LiveKit + lk-jwt-service
- Caddy entries for mtx.alogins.net, lk.alogins.net, lkjwt.alogins.net
- well-known endpoints for Matrix client/server discovery and RTC transport
- Users: admin, elizaveta, aleksandra

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

matrix/.env

@@ -0,0 +1,7 @@
+SYNAPSE_DATA=./data/synapse
+POSTGRES_DATA=./data/postgres
+POSTGRES_USER=synapse
+POSTGRES_PASSWORD=OimW4JUSXhZBCtLHE1kFnZ7cWVbESsxynapnJ+PSw/4=
+POSTGRES_DB=synapse
+LIVEKIT_KEY=devkey
+LIVEKIT_SECRET=ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9

matrix/.gitignore

@@ -0,0 +1 @@
+data/

matrix/README.md

@@ -0,0 +1,105 @@
+# Matrix Home Server
+
+Self-hosted Matrix homeserver running on `mtx.alogins.net`.
+
+## Stack
+
+| Service | Purpose |
+|---------|---------|
+| Synapse | Matrix homeserver |
+| PostgreSQL | Synapse database |
+| LiveKit | MatrixRTC media server (calls) |
+| lk-jwt-service | LiveKit JWT auth for Matrix users |
+| coturn | TURN/STUN server (ICE fallback) |
+
+## Clients
+
+- **Element X** (Android/iOS) — recommended, full call support
+- **FluffyChat** — messaging only, calls not supported
+
+Connect clients to: `https://mtx.alogins.net`
+
+## Users
+
+| Username | Admin |
+|----------|-------|
+| admin | yes |
+| elizaveta | no |
+| aleksandra | no |
+
+## Managing Users
+
+```bash
+# Add user
+docker exec synapse register_new_matrix_user \
+  -c /data/homeserver.yaml \
+  -u <username> -p <password> --no-admin \
+  http://localhost:8008
+
+# Add admin
+docker exec synapse register_new_matrix_user \
+  -c /data/homeserver.yaml \
+  -u <username> -p <password> -a \
+  http://localhost:8008
+```
+
+## Start / Stop
+
+```bash
+cd /home/alvis/agap_git/matrix
+
+docker compose up -d       # start all
+docker compose down        # stop all
+docker compose restart     # restart all
+docker compose ps          # status
+docker compose logs -f     # logs
+```
+
+## Caddy
+
+Entries in `/home/alvis/agap_git/Caddyfile`:
+
+| Domain | Purpose |
+|--------|---------|
+| `mtx.alogins.net` | Synapse + well-known |
+| `lk.alogins.net` | LiveKit SFU |
+| `lkjwt.alogins.net` | LiveKit JWT service |
+
+Deploy Caddyfile changes:
+```bash
+sudo cp /home/alvis/agap_git/Caddyfile /etc/caddy/Caddyfile && sudo systemctl reload caddy
+```
+
+## Firewall Ports Required
+
+| Port | Protocol | Service |
+|------|----------|---------|
+| 443 | TCP | Caddy (HTTPS) |
+| 3478 | UDP+TCP | coturn TURN |
+| 5349 | UDP+TCP | coturn TURNS |
+| 7881 | TCP | LiveKit |
+| 49152-65535 | UDP | coturn relay |
+| 50100-50200 | UDP | LiveKit media |
+
+## Data Locations
+
+| Data | Path |
+|------|------|
+| Synapse config & media | `./data/synapse/` |
+| PostgreSQL data | `./data/postgres/` |
+| LiveKit config | `./livekit/livekit.yaml` |
+| coturn config | `./coturn/turnserver.conf` |
+
+## First-Time Setup (reference)
+
+```bash
+# Generate Synapse config
+docker run --rm \
+  -v ./data/synapse:/data \
+  -e SYNAPSE_SERVER_NAME=mtx.alogins.net \
+  -e SYNAPSE_REPORT_STATS=no \
+  matrixdotorg/synapse:latest generate
+
+# Edit database section in data/synapse/homeserver.yaml, then:
+docker compose up -d
+```

matrix/coturn/turnserver.conf

@@ -0,0 +1,18 @@
+listening-port=3478
+tls-listening-port=5349
+
+external-ip=83.99.190.32/192.168.1.3
+
+realm=mtx.alogins.net
+server-name=mtx.alogins.net
+
+use-auth-secret
+static-auth-secret=144152cc09030796a4fd0109437dfc2089db2d5181b848d38d20c646c1d7a14b
+
+no-multicast-peers
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+
+log-file=stdout
+no-software-attribute

matrix/docker-compose.yml

@@ -0,0 +1,73 @@
+services:
+  synapse:
+    image: matrixdotorg/synapse:latest
+    container_name: synapse
+    restart: unless-stopped
+    volumes:
+      - ${SYNAPSE_DATA}:/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+    ports:
+      - "127.0.0.1:8008:8008"
+    depends_on:
+      - db
+    networks:
+      - matrix
+      - frontend
+
+  db:
+    image: postgres:16-alpine
+    container_name: synapse-db
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+    volumes:
+      - ${POSTGRES_DATA}:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - matrix
+
+  lk-jwt-service:
+    image: ghcr.io/element-hq/lk-jwt-service:latest
+    container_name: lk-jwt-service
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:8009:8080"
+    environment:
+      - LIVEKIT_JWT_BIND=:8080
+      - LIVEKIT_URL=wss://lk.alogins.net
+      - LIVEKIT_KEY=${LIVEKIT_KEY}
+      - LIVEKIT_SECRET=${LIVEKIT_SECRET}
+      - LIVEKIT_FULL_ACCESS_HOMESERVERS=mtx.alogins.net
+    extra_hosts:
+      - "mtx.alogins.net:host-gateway"
+      - "lk.alogins.net:host-gateway"
+
+  livekit:
+    image: livekit/livekit-server:latest
+    container_name: livekit
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - ./livekit/livekit.yaml:/etc/livekit.yaml:ro
+    command: --config /etc/livekit.yaml
+
+  coturn:
+    image: coturn/coturn:latest
+    container_name: coturn
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro
+      - /etc/localtime:/etc/localtime:ro
+
+networks:
+  matrix:
+    driver: bridge
+    internal: true
+  frontend:
+    driver: bridge

matrix/livekit/livekit.yaml

@@ -0,0 +1,15 @@
+port: 7880
+rtc:
+  tcp_port: 7881
+  port_range_start: 50100
+  port_range_end: 50200
+  use_external_ip: true
+
+keys:
+  devkey: ef3ef4b903ca8469b09b2dd7ab6af529c4d2f3c95668f53832fc351cf67777a9
+
+room:
+  auto_create: false
+
+logging:
+  level: info