KI-AGENT: Starte Matrix im Selfhost ohne Profil

2026-05-19 19:00:35 +02:00
parent bace26c084
commit 697abc99fa
4 changed files with 127 additions and 65 deletions
--- a/docker-compose.selfhost.yml
+++ b/docker-compose.selfhost.yml
@@ -135,10 +135,10 @@ services:
      MATRIX_RTC_HOST: ${MATRIX_RTC_HOST:-${DOMAIN}}
      MATRIX_RTC_JWT_URL: ${MATRIX_RTC_JWT_URL:-}
      MATRIX_LIVEKIT_URL: ${MATRIX_LIVEKIT_URL:-}
-      MATRIX_REGISTRATION_SHARED_SECRET: ${MATRIX_REGISTRATION_SHARED_SECRET:-}
+      MATRIX_REGISTRATION_SHARED_SECRET: ${MATRIX_REGISTRATION_SHARED_SECRET:-change-this-matrix-registration-secret}
      MATRIX_SERVICE_USER_LOCALPART: ${MATRIX_SERVICE_USER_LOCALPART:-fedeo_service}
      LIVEKIT_KEY: ${LIVEKIT_KEY:-fedeo-livekit}
-      LIVEKIT_SECRET: ${LIVEKIT_SECRET:-}
+      LIVEKIT_SECRET: ${LIVEKIT_SECRET:-change-this-livekit-secret-please-replace}
    labels:
      - traefik.enable=true
      - traefik.http.routers.fedeo-backend.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`)
@@ -178,8 +178,6 @@ services:
    image: postgres:16-alpine
    container_name: fedeo-matrix-db
    restart: unless-stopped
-    profiles:
-      - matrix
    environment:
      POSTGRES_DB: ${MATRIX_POSTGRES_DB:-synapse}
      POSTGRES_USER: ${MATRIX_POSTGRES_USER:-synapse}
@@ -199,8 +197,6 @@ services:
    image: redis:7-alpine
    container_name: fedeo-matrix-redis
    restart: unless-stopped
-    profiles:
-      - matrix
    networks:
      - internal

@@ -208,15 +204,79 @@ services:
    image: ghcr.io/element-hq/synapse:latest
    container_name: fedeo-matrix-synapse
    restart: unless-stopped
-    profiles:
-      - matrix
    depends_on:
      matrix-db:
        condition: service_healthy
      matrix-redis:
        condition: service_started
    environment:
+      DOMAIN: ${DOMAIN}
+      MATRIX_POSTGRES_DB: ${MATRIX_POSTGRES_DB:-synapse}
+      MATRIX_POSTGRES_USER: ${MATRIX_POSTGRES_USER:-synapse}
+      MATRIX_POSTGRES_PASSWORD: ${MATRIX_POSTGRES_PASSWORD:-change-this-matrix-db-password}
+      MATRIX_REGISTRATION_SHARED_SECRET: ${MATRIX_REGISTRATION_SHARED_SECRET:-change-this-matrix-registration-secret}
+      MATRIX_SERVER_NAME: ${MATRIX_SERVER_NAME:-${DOMAIN}}
+      MATRIX_TURN_SHARED_SECRET: ${MATRIX_TURN_SHARED_SECRET:-change-this-turn-secret}
      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
+      SYNAPSE_REPORT_STATS: "no"
+      SYNAPSE_SERVER_NAME: ${MATRIX_SERVER_NAME:-${DOMAIN}}
+    entrypoint: /bin/sh
+    command:
+      - -ec
+      - |
+        if [ ! -f /data/homeserver.yaml ]; then
+          /start.py generate
+        fi
+        python - <<'PY'
+        import os
+        import yaml
+
+        path = "/data/homeserver.yaml"
+        with open(path, "r", encoding="utf-8") as handle:
+            config = yaml.safe_load(handle) or {}
+
+        domain = os.environ["DOMAIN"]
+        server_name = os.environ.get("MATRIX_SERVER_NAME") or domain
+        config["server_name"] = server_name
+        config["public_baseurl"] = f"https://{domain}/"
+        config["database"] = {
+            "name": "psycopg2",
+            "args": {
+                "user": os.environ.get("MATRIX_POSTGRES_USER", "synapse"),
+                "password": os.environ["MATRIX_POSTGRES_PASSWORD"],
+                "database": os.environ.get("MATRIX_POSTGRES_DB", "synapse"),
+                "host": "matrix-db",
+                "cp_min": 5,
+                "cp_max": 10,
+            },
+        }
+        config["redis"] = {"enabled": True, "host": "matrix-redis"}
+        config["registration_shared_secret"] = os.environ["MATRIX_REGISTRATION_SHARED_SECRET"]
+        config["turn_uris"] = [
+            f"turn:{domain}:3478?transport=udp",
+            f"turn:{domain}:3478?transport=tcp",
+        ]
+        config["turn_shared_secret"] = os.environ["MATRIX_TURN_SHARED_SECRET"]
+        config["turn_user_lifetime"] = "1h"
+        config["enable_registration"] = False
+        config["experimental_features"] = {
+            **(config.get("experimental_features") or {}),
+            "msc3266_enabled": True,
+            "msc4222_enabled": True,
+        }
+        config["login_via_existing_session"] = {
+            "enabled": True,
+            "require_ui_auth": False,
+            "token_timeout": "5m",
+        }
+        config["max_event_delay_duration"] = "24h"
+        config["rc_message"] = {"per_second": 0.5, "burst_count": 30}
+        config["rc_delayed_event_mgmt"] = {"per_second": 1, "burst_count": 20}
+
+        with open(path, "w", encoding="utf-8") as handle:
+            yaml.safe_dump(config, handle, sort_keys=False)
+        PY
+        exec /start.py
    volumes:
      - ./matrix/synapse:/data
    labels:
@@ -234,10 +294,30 @@ services:
    image: nginx:1.27-alpine
    container_name: fedeo-matrix-well-known
    restart: unless-stopped
-    profiles:
-      - matrix
-    volumes:
-      - ./matrix/well-known:/usr/share/nginx/html/.well-known/matrix:ro
+    command:
+      - /bin/sh
+      - -ec
+      - |
+        mkdir -p /usr/share/nginx/html/.well-known/matrix
+        cat >/usr/share/nginx/html/.well-known/matrix/client <<EOF
+        {
+          "m.homeserver": {
+            "base_url": "https://${DOMAIN}"
+          },
+          "org.matrix.msc4143.rtc_foci": [
+            {
+              "type": "livekit",
+              "livekit_service_url": "https://${DOMAIN}/livekit/jwt"
+            }
+          ]
+        }
+        EOF
+        cat >/usr/share/nginx/html/.well-known/matrix/server <<EOF
+        {
+          "m.server": "${MATRIX_SERVER_NAME:-${DOMAIN}}:443"
+        }
+        EOF
+        exec nginx -g 'daemon off;'
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolalloworiginlist=*
@@ -256,8 +336,6 @@ services:
    image: instrumentisto/coturn:4
    container_name: fedeo-matrix-turn
    restart: unless-stopped
-    profiles:
-      - matrix
    command:
      - --fingerprint
      - --use-auth-secret
@@ -282,8 +360,6 @@ services:
    image: livekit/livekit-server:v1.9
    container_name: fedeo-matrix-livekit
    restart: unless-stopped
-    profiles:
-      - matrix
    depends_on:
      - matrix-redis
    entrypoint: /bin/sh
@@ -325,8 +401,6 @@ services:
    image: ghcr.io/element-hq/lk-jwt-service:latest
    container_name: fedeo-matrix-rtc-jwt
    restart: unless-stopped
-    profiles:
-      - matrix
    depends_on:
      - matrix-livekit
      - matrix-synapse
@@ -353,10 +427,34 @@ services:
    image: vectorim/element-web:latest
    container_name: fedeo-matrix-element
    restart: unless-stopped
-    profiles:
-      - matrix
-    volumes:
-      - ./matrix/selfhost/element-config.json:/app/config.json:ro
+    entrypoint: /bin/sh
+    command:
+      - -ec
+      - |
+        cat >/app/config.json <<EOF
+        {
+          "default_server_config": {
+            "m.homeserver": {
+              "base_url": "https://${DOMAIN}",
+              "server_name": "${MATRIX_SERVER_NAME:-${DOMAIN}}"
+            }
+          },
+          "org.matrix.msc4143.rtc_foci": [
+            {
+              "type": "livekit",
+              "livekit_service_url": "https://${DOMAIN}/livekit/jwt"
+            }
+          ],
+          "disable_custom_urls": false,
+          "disable_guests": true,
+          "brand": "FEDEO Matrix",
+          "default_theme": "light",
+          "features": {
+            "feature_video_rooms": true
+          }
+        }
+        EOF
+        exec nginx -g 'daemon off;'
    labels:
      - traefik.enable=true
      - traefik.http.routers.fedeo-matrix-element.rule=Host(`${DOMAIN}`) && PathPrefix(`/element`)