Matrix: Difference between revisions
Jump to navigation
Jump to search
Content deleted Content added
+ |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
== Matrix Installation == |
== Matrix Installation == |
||
We are using NixOS, so |
We are using NixOS, so the config to setup both Synapse and PostgreSQL is hosted at https://git.csclub.uwaterloo.ca/k95ma/matrix-nixos/. |
||
The reverse proxy, Caddy is configured on citric-acid. |
|||
'''Note''': We could have used <code>recommendedProxySettings = true</code> which sets most of the <code>X-Forwarded-For</code> headers correctly. However, this is a reverse proxy behind a reverse proxy (Nginx on citric acid -> Nginx on the container -> Synapse) so <code>X-Forwarded-Proto</code> has to be always set to https. I'm sure there is a better way to do this. |
|||
== Testing == |
|||
<pre> |
|||
{ pkgs, lib, config, ... }: |
|||
let |
|||
fqdn = "matrix.${config.networking.domain}"; |
|||
clientConfig = { |
|||
"m.homeserver".base_url = "https://${fqdn}"; |
|||
"m.identity_server" = {}; |
|||
}; |
|||
serverConfig."m.server" = "${fqdn}:443"; |
|||
mkWellKnown = data: '' |
|||
add_header Content-Type application/json; |
|||
add_header Access-Control-Allow-Origin *; |
|||
return 200 '${builtins.toJSON data}'; |
|||
''; |
|||
extraCfg = pkgs.writeText "synapse-extra-config.yaml" '' |
|||
''; |
|||
in { |
|||
networking.firewall = { |
|||
enable = true; |
|||
allowedTCPPorts = [ 80 8008 ]; |
|||
}; |
|||
networking.domain = "csclub.uwaterloo.ca"; |
|||
Go to https://app.cinny.in/login/csclub.uwaterloo.ca, and click "Continue with CSC". |
|||
services.postgresql = { |
|||
enable = true; |
|||
initialScript = pkgs.writeText "synapse-init.sql" '' |
|||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; |
|||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" |
|||
TEMPLATE template0 |
|||
LC_COLLATE = "C" |
|||
LC_CTYPE = "C"; |
|||
''; |
|||
dataDir = "/data/postgresql"; |
|||
}; |
|||
== Bridging == |
|||
services.nginx = { |
|||
enable = true; |
|||
# recommendedProxySettings = true; |
|||
virtualHosts = { |
|||
"csclub.uwaterloo.ca" = { |
|||
locations."/".extraConfig = '' |
|||
return 404; |
|||
''; |
|||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; |
|||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; |
|||
}; |
|||
"${fqdn}" = { |
|||
locations."/".extraConfig = '' |
|||
return 404; |
|||
''; |
|||
locations."/_matrix".proxyPass = "http://[::1]:8008"; |
|||
locations."/_matrix".extraConfig = '' |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header X-Forwarded-Proto https; |
|||
proxy_set_header X-Forwarded-Host $host; |
|||
proxy_set_header X-Forwarded-Server $host; |
|||
''; |
|||
locations."/_synapse/client".proxyPass = "http://[::1]:8008"; |
|||
locations."/_synapse/client".extraConfig = '' |
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|||
proxy_set_header X-Forwarded-Proto https; |
|||
proxy_set_header X-Forwarded-Host $host; |
|||
proxy_set_header X-Forwarded-Server $host; |
|||
''; |
|||
}; |
|||
}; |
|||
}; |
|||
We are currently running mautrix-discord. Bridge to IRC via heisenbridge may be added in the future. |
|||
services.matrix-synapse = { |
|||
enable = true; |
|||
extraConfigFiles = [ extraCfg ]; |
|||
dataDir = "/data/matrix-synapse"; |
|||
settings = { |
|||
server_name = config.networking.domain; |
|||
public_baseurl = "https://matrix.csclub.uwaterloo.ca/"; |
|||
listeners = [ |
|||
{ |
|||
port = 8008; |
|||
bind_addresses = [ "::1" ]; |
|||
type = "http"; |
|||
tls = false; |
|||
x_forwarded = true; |
|||
resources = [ |
|||
{ |
|||
names = [ "client" ]; # no federation |
|||
compress = true; |
|||
} |
|||
]; |
|||
} |
|||
]; |
|||
=== Discord Instructions === |
|||
oidc_providers = [ |
|||
{ |
|||
idp_id = "keycloak"; |
|||
idp_name = "CSC"; |
|||
issuer = "https://keycloak.csclub.uwaterloo.ca/realms/csc"; |
|||
client_id = "synapse"; |
|||
client_secret = "xxxx"; # fill the client secret from keycloak here |
|||
scopes = [ "openid" "profile" ]; |
|||
user_mapping_provider.config = { |
|||
localpart_template = "{{ user.preferred_username }}"; |
|||
display_name_template = "{{ user.name }}"; |
|||
}; |
|||
} |
|||
]; |
|||
registration_shared_secret = "xxxxx"; |
|||
enable_registration = true; |
|||
enable_registration_captcha = false; |
|||
registration_requires_token = true; |
|||
}; |
|||
}; |
|||
} |
|||
</pre> |
|||
== Testing == |
|||
* Create the Matrix channel to bridge to |
|||
Go to https://app.cinny.in/login/matrix.csclub.uwaterloo.ca, and click "Continue with CSC". |
|||
* Invite {{code|@beefbot:csclub.uwaterloo.ca}} and {{code|@discordbot:csclub.uwaterloo.ca}} to the channel |
|||
* Login to User {{code|beefbot}} (ask syscom for password) on our matrix instance (when we eventually disable password login, you will need to edit the nix config to re-enable it) |
|||
* ''Inside'' the matrix channel, send, {{code|!discord bridge <channel ID>}} (the channel ID on Discord, the Discord bot must be able to see that channel) |
|||
* Create a Discord Webhook URL for that channel on Discord's side, and then DM the discord bot with {{code|!discord set-relay !26DmcJd3cQ...:csclub.uwaterloo.ca --url https://discord.com/...}} with the first argument replaced by the actual room identifier and the second parameter the webhook URL. |
|||
Latest revision as of 21:00, 28 October 2025
We are currently setting up a test server for Matrix. We use Synapse. If everything goes well, we will set up a production Matrix server.
Server Setup
We are currently running Matrix on a Proxmox LXE container on citric-acid. Ask Siracha for the credentials to access Proxmox and the VM.
Matrix Installation
We are using NixOS, so the config to setup both Synapse and PostgreSQL is hosted at https://git.csclub.uwaterloo.ca/k95ma/matrix-nixos/.
The reverse proxy, Caddy is configured on citric-acid.
Testing
Go to https://app.cinny.in/login/csclub.uwaterloo.ca, and click "Continue with CSC".
Bridging
We are currently running mautrix-discord. Bridge to IRC via heisenbridge may be added in the future.
Discord Instructions
- Create the Matrix channel to bridge to
- Invite
@beefbot:csclub.uwaterloo.caand@discordbot:csclub.uwaterloo.cato the channel - Login to User
beefbot(ask syscom for password) on our matrix instance (when we eventually disable password login, you will need to edit the nix config to re-enable it) - Inside the matrix channel, send,
!discord bridge <channel ID>(the channel ID on Discord, the Discord bot must be able to see that channel) - Create a Discord Webhook URL for that channel on Discord's side, and then DM the discord bot with
!discord set-relay !26DmcJd3cQ...:csclub.uwaterloo.ca --url https://discord.com/...with the first argument replaced by the actual room identifier and the second parameter the webhook URL.