Matrix server
·3 mins
Server:
- An Always Free virtual machine from Oracle, running Canonical-Ubuntu-20.04-Minimal.
- This version of Ubuntu comes with an older and buggy version of Ansible. So, I had to install the latest one via instructions documented here. I now activate it on the server by doing:
source ~/ansible/bin/activate
.
- This version of Ubuntu comes with an older and buggy version of Ansible. So, I had to install the latest one via instructions documented here. I now activate it on the server by doing:
- Free domain from: Freenom.
Setup #
In a nutshell:
sudo apt update
sudo apt install git python-is-python3 cron vim
git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git
cd matrix-docker-ansible-deploy # Run all future commands within this directory.
mkdir inventory/host_vars/matrix.flister.cf
cp examples/host-vars.yml inventory/host_vars/matrix.flister.cf/vars.yml # This is 1 of the 2 configuration files.
cp examples/hosts inventory/hosts # This is 2 of the 2 configuration files.
# Setup everything
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
# Create a user - admin or not.
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=foo password=bar admin=yes' --tags=register-user
# Test everything is working as expected.
ansible-playbook -i inventory/hosts setup.yml --tags=self-check
The inventory/host_vars/matrix.flister.cf/vars.yml file:
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: flister.cf
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: ...
matrix_nginx_proxy_base_domain_serving_enabled: true
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: "..."
# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: "..."
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "..."
matrix_mautrix_whatsapp_enabled: true
matrix_synapse_configuration_extension_yaml: |
limit_remote_rooms:
enabled: true
complexity: 1.0
And inventory/hosts:
# We explicitly ask for your server's external IP address, because the same value is used for configuring Coturn.
# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.
#
# To connect using a non-root user (and elevate to root with sudo later),
# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`
#
# For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.
# If this causes SSH connection troubles, disable it by adding `ansible_ssh_pipelining=False`
# to the host line below or by adding `ansible_ssh_pipelining: False` to your variables file.
#
# If you're running this Ansible playbook on the same server as the one you're installing to,
# consider adding an additional `ansible_connection=local` argument below.
[matrix_servers]
matrix.flister.cf ansible_host=140.238.156.10 ansible_ssh_user=root ansible_connection=local