Add Matrix wiki page, update index

Home.md

@@ -20,6 +20,7 @@
 - [[Omo]] — AI coding agent (oh-my-opencode, local LLM via Bifrost)
 - [[Vaultwarden]] — Password manager (Bitwarden-compatible)
 - [[Seafile]] — File sync and document editing
+- [[Matrix]] — Synapse homeserver, E2EE bot adapter (Adolf + Zabbix)
 
 ## Quick Start
 

Matrix.md

@@ -0,0 +1,106 @@
+# Matrix
+
+Self-hosted Matrix homeserver (Synapse) with an E2EE bot adapter serving as the bridge between Adolf/Zabbix and Matrix rooms.
+
+## Synapse
+
+Homeserver: `mtx.alogins.net` (Caddy → Synapse container port 8008)
+
+Compose directory: `agap_git/matrix/`
+
+## Matrix Bot
+
+Repo: `~/matrixbot/` — `http://localhost:3000/alvis/matrixbot` (if pushed)
+
+FastAPI service (port 3002) running two matrix-nio E2EE clients:
+
+| Account | Device ID | Purpose |
+|---------|-----------|---------|
+| `@bot:mtx.alogins.net` | `BOTDEVICE` | Adolf channel adapter — inbound (forwards to deepagents) and outbound |
+| `@zabbix:mtx.alogins.net` | `ZABBIXDEVICE` | Zabbix notifications — outbound only |
+
+### API Endpoints
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `POST` | `/send` | Send message as `@bot` — body: `{"room_id": "...", "text": "..."}` |
+| `POST` | `/zabbix/send` | Send message as `@zabbix` — body: `{"room_id": "...", "text": "..."}` |
+| `GET` | `/health` | Health check |
+
+### E2EE and Cross-Signing
+
+Both bots bootstrap cross-signing keys on first startup:
+
+1. Generate master, self-signing, and user-signing olm key pairs
+2. Upload via `keys/device_signing/upload` with UIAA password auth
+3. Self-sign the device key via `keys/signatures/upload`
+4. Persist key material to `/data/{bot,zabbix}/cross_signing.json`
+
+On subsequent starts, keys are loaded from the persisted file — no regeneration.
+
+### In-Room SAS Verification
+
+Both bots support interactive emoji verification initiated from Element X. The full flow:
+
+```
+Element X                       Bot
+    ├─ m.key.verification.request ─→
+    ←─ m.key.verification.ready ───┤
+    ├─ m.key.verification.start ──→
+    ←─ m.key.verification.accept ──┤
+    ├─ m.key.verification.key ────→
+    ←─ m.key.verification.key ─────┤
+    ←─ m.key.verification.mac ─────┤
+    ├─ m.key.verification.mac ────→
+    ←─ m.key.verification.done ────┤
+    ├─ m.key.verification.done ───→
+```
+
+The bot auto-accepts emoji matches. Master cross-signing key is included in the MAC so Element X can establish the cross-signing trust chain.
+
+To-device verification is also handled as a fallback.
+
+### Environment
+
+Variables in `~/matrixbot/.env`, passed through `docker-compose.yml`:
+
+| Variable | Description |
+|----------|-------------|
+| `MATRIX_HOMESERVER` | Synapse URL (internal: `http://synapse:8008`) |
+| `MATRIX_BOT_TOKEN` | `@bot` access token |
+| `MATRIX_BOT_PASSWORD` | `@bot` password (for UIAA during cross-signing) |
+| `MATRIX_BOT_DEVICE_ID` | `BOTDEVICE` |
+| `MATRIX_ZABBIX_TOKEN` | `@zabbix` access token |
+| `MATRIX_ZABBIX_PASSWORD` | `@zabbix` password |
+| `MATRIX_ZABBIX_DEVICE_ID` | `ZABBIXDEVICE` |
+| `DEEPAGENTS_URL` | Adolf deepagents endpoint (`http://host.docker.internal:8000`) |
+
+Tokens and passwords stored in Vaultwarden: `MATRIX_BOT_TOKEN`, `MATRIX_BOT_PASSWORD`, `MATRIX_ZABBIX_TOKEN`, `MATRIX_ZABBIX_PASSWORD`.
+
+### Stack
+
+```
+~/matrixbot/
+├── bot.py                 Single-file bot (FastAPI + matrix-nio)
+├── docker-compose.yml     Service definition, networks: matrix_frontend, zabbix_frontend
+├── Dockerfile             python:3.12-slim + libolm-dev
+├── requirements.txt       matrix-nio[e2e]==0.25.2, fastapi, uvicorn, httpx, pydantic
+├── .env                   Tokens and passwords
+└── data/                  Persisted state (olm sessions, cross-signing keys)
+    ├── bot/
+    └── zabbix/
+```
+
+### Start
+
+```bash
+cd ~/matrixbot
+docker compose up -d --build
+```
+
+### Networks
+
+The container joins two external Docker networks:
+
+- `matrix_frontend` — access to Synapse container
+- `zabbix_frontend` — allows Zabbix media type to reach `/zabbix/send`