flfeders/FEDEO
2
1
Fork 0
Code Issues 95 Pull Requests Actions Packages Projects 22 Releases Wiki Activity

KI-AGENT: Ergänze Matrix im Selfhost-Stack

Browse Source
This commit is contained in:
florianfederspiel
2026-05-19 18:40:30 +02:00
parent 168d2fce6e
commit 274f3d5795
4 changed files with 281 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
docker-compose.selfhost.yml
View File

@@ -130,6 +130,15 @@ services:
FEDEO_BOOTSTRAP_ADMIN_LAST_NAME: ${FEDEO_BOOTSTRAP_ADMIN_LAST_NAME:-Benutzer}
FEDEO_BOOTSTRAP_TENANT_NAME: ${FEDEO_BOOTSTRAP_TENANT_NAME:-FEDEO}
FEDEO_BOOTSTRAP_TENANT_SHORT: ${FEDEO_BOOTSTRAP_TENANT_SHORT:-FEDEO}
MATRIX_HOMESERVER_URL: ${MATRIX_HOMESERVER_URL:-http://matrix-synapse:8008}
MATRIX_SERVER_NAME: ${MATRIX_SERVER_NAME:-fedeo.de}
MATRIX_RTC_HOST: ${MATRIX_RTC_HOST:-call.fedeo.de}
MATRIX_RTC_JWT_URL: ${MATRIX_RTC_JWT_URL:-}
MATRIX_LIVEKIT_URL: ${MATRIX_LIVEKIT_URL:-}
MATRIX_REGISTRATION_SHARED_SECRET: ${MATRIX_REGISTRATION_SHARED_SECRET:-}
MATRIX_SERVICE_USER_LOCALPART: ${MATRIX_SERVICE_USER_LOCALPART:-fedeo_service}
LIVEKIT_KEY: ${LIVEKIT_KEY:-fedeo-livekit}
LIVEKIT_SECRET: ${LIVEKIT_SECRET:-}
labels:
- traefik.enable=true
- traefik.http.routers.fedeo-backend.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`)
@@ -165,6 +174,199 @@ services:
networks:
- web
matrix-db:
image: postgres:16-alpine
container_name: fedeo-matrix-db
restart: unless-stopped
profiles:
- matrix
environment:
POSTGRES_DB: ${MATRIX_POSTGRES_DB:-synapse}
POSTGRES_USER: ${MATRIX_POSTGRES_USER:-synapse}
POSTGRES_PASSWORD: ${MATRIX_POSTGRES_PASSWORD:-change-this-matrix-db-password}
POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate=C --lc-ctype=C
volumes:
- ./matrix/postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${MATRIX_POSTGRES_USER:-synapse} -d ${MATRIX_POSTGRES_DB:-synapse}"]
interval: 10s
timeout: 5s
retries: 10
networks:
- internal
matrix-redis:
image: redis:7-alpine
container_name: fedeo-matrix-redis
restart: unless-stopped
profiles:
- matrix
networks:
- internal
matrix-synapse:
image: ghcr.io/element-hq/synapse:latest
container_name: fedeo-matrix-synapse
restart: unless-stopped
profiles:
- matrix
depends_on:
matrix-db:
condition: service_healthy
matrix-redis:
condition: service_started
environment:
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
volumes:
- ./matrix/synapse:/data
labels:
- traefik.enable=true
- traefik.http.routers.fedeo-matrix.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix`)
- traefik.http.routers.fedeo-matrix.entrypoints=websecure
- traefik.http.routers.fedeo-matrix.tls.certresolver=letsencrypt
- traefik.http.services.fedeo-matrix.loadbalancer.server.port=8008
- traefik.docker.network=fedeo_web
networks:
- web
- internal
matrix-well-known:
image: nginx:1.27-alpine
container_name: fedeo-matrix-well-known
restart: unless-stopped
profiles:
- matrix
volumes:
- ./matrix/well-known:/usr/share/nginx/html/.well-known/matrix:ro
labels:
- traefik.enable=true
- traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolalloworiginlist=*
- traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowmethods=GET,OPTIONS
- traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowheaders=Content-Type,Authorization
- traefik.http.routers.fedeo-matrix-well-known.rule=Host(`${MATRIX_SERVER_NAME:-fedeo.de}`) && PathPrefix(`/.well-known/matrix`)
- traefik.http.routers.fedeo-matrix-well-known.entrypoints=websecure
- traefik.http.routers.fedeo-matrix-well-known.tls.certresolver=letsencrypt
- traefik.http.routers.fedeo-matrix-well-known.middlewares=fedeo-matrix-well-known-cors
- traefik.http.services.fedeo-matrix-well-known.loadbalancer.server.port=80
- traefik.docker.network=fedeo_web
networks:
- web
matrix-turn:
image: instrumentisto/coturn:4
container_name: fedeo-matrix-turn
restart: unless-stopped
profiles:
- matrix
command:
- --fingerprint
- --use-auth-secret
- --static-auth-secret=${MATRIX_TURN_SHARED_SECRET:-change-this-turn-secret}
- --realm=${MATRIX_SERVER_NAME:-fedeo.de}
- --listening-port=3478
- --tls-listening-port=5349
- --min-port=49160
- --max-port=49200
- --no-cli
- --no-tlsv1
- --no-tlsv1_1
ports:
- "3478:3478/tcp"
- "3478:3478/udp"
- "5349:5349/tcp"
- "49160-49200:49160-49200/udp"
networks:
- internal
matrix-livekit:
image: livekit/livekit-server:v1.9
container_name: fedeo-matrix-livekit
restart: unless-stopped
profiles:
- matrix
depends_on:
- matrix-redis
entrypoint: /bin/sh
command:
- -ec
- |
cat >/tmp/livekit.yaml <<EOF
port: 7880
redis:
address: matrix-redis:6379
rtc:
tcp_port: 7881
port_range_start: 50000
port_range_end: 50100
use_external_ip: true
keys:
${LIVEKIT_KEY:-fedeo-livekit}: ${LIVEKIT_SECRET:-change-this-livekit-secret-please-replace}
room:
auto_create: true
EOF
exec /livekit-server --config /tmp/livekit.yaml
ports:
- "7881:7881/tcp"
- "50000-50100:50000-50100/udp"
labels:
- traefik.enable=true
- traefik.http.middlewares.fedeo-matrix-livekit-strip.stripprefix.prefixes=/livekit/sfu
- traefik.http.routers.fedeo-matrix-livekit.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/sfu`)
- traefik.http.routers.fedeo-matrix-livekit.entrypoints=websecure
- traefik.http.routers.fedeo-matrix-livekit.tls.certresolver=letsencrypt
- traefik.http.routers.fedeo-matrix-livekit.middlewares=fedeo-matrix-livekit-strip
- traefik.http.services.fedeo-matrix-livekit.loadbalancer.server.port=7880
- traefik.docker.network=fedeo_web
networks:
- web
- internal
matrix-rtc-jwt:
image: ghcr.io/element-hq/lk-jwt-service:latest
container_name: fedeo-matrix-rtc-jwt
restart: unless-stopped
profiles:
- matrix
depends_on:
- matrix-livekit
- matrix-synapse
environment:
LIVEKIT_URL: wss://${MATRIX_RTC_HOST:-call.fedeo.de}/livekit/sfu
LIVEKIT_KEY: ${LIVEKIT_KEY:-fedeo-livekit}
LIVEKIT_SECRET: ${LIVEKIT_SECRET:-change-this-livekit-secret-please-replace}
LIVEKIT_FULL_ACCESS_HOMESERVERS: ${MATRIX_SERVER_NAME:-fedeo.de}
LIVEKIT_JWT_BIND: :8080
labels:
- traefik.enable=true
- traefik.http.middlewares.fedeo-matrix-rtc-jwt-strip.stripprefix.prefixes=/livekit/jwt
- traefik.http.routers.fedeo-matrix-rtc-jwt.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/jwt`)
- traefik.http.routers.fedeo-matrix-rtc-jwt.entrypoints=websecure
- traefik.http.routers.fedeo-matrix-rtc-jwt.tls.certresolver=letsencrypt
- traefik.http.routers.fedeo-matrix-rtc-jwt.middlewares=fedeo-matrix-rtc-jwt-strip
- traefik.http.services.fedeo-matrix-rtc-jwt.loadbalancer.server.port=8080
- traefik.docker.network=fedeo_web
networks:
- web
- internal
matrix-element:
image: vectorim/element-web:latest
container_name: fedeo-matrix-element
restart: unless-stopped
profiles:
- matrix
volumes:
- ./matrix/selfhost/element-config.json:/app/config.json:ro
labels:
- traefik.enable=true
- traefik.http.routers.fedeo-matrix-element.rule=Host(`${MATRIX_ELEMENT_HOST:-element.fedeo.de}`)
- traefik.http.routers.fedeo-matrix-element.entrypoints=websecure
- traefik.http.routers.fedeo-matrix-element.tls.certresolver=letsencrypt
- traefik.http.services.fedeo-matrix-element.loadbalancer.server.port=80
- traefik.docker.network=fedeo_web
networks:
- web
networks:
web:
name: fedeo_web