Before beginning cp .envrc.tpl .envrc, edit all empty values accordingly (for passwords you can generate automated ones with pwgen -s 64 1), and preferably use direnv
to reliably and automatically source the project's environment variables.
The rest of the instructions assume you have ansible and packer installed.
-
If not done before,
ansible-galaxy install -r requirements.yml -
cd packer -
packer build matrix-base.json
- We do this manually using Hetzner web interface
e.g. A-records mapping matrix domain to ip of instance, the rest can be CNAME mapping to matrix domain. Remember to whitelist IP of instance for Namecheap API access for example.
-
ssh ubuntu@<Instance-IP> -
ssh-keygen- Proceed through with defaults -
cat ~/.ssh/id_rsa.pub -
Create a deploy key on this git repo with the contents of previous command (do not allow write access)
-
git clone git@github.com:Wakoma/matrix.git(git checkout to correct branch) -
cd /home/ubuntu/matrix -
cp .envrc.tpl .envrcand edit values of.envrcas appropriate -
direnv allow .envrc -
docker-compose config(optional) -
docker-compose up -d -
Check
${DOMAIN_TRAEFIK}in the browser to see if ssl certificates are active. Sometimes it is necessary todocker restart traefikdepending on timing with regards to DNS propagation. Sometimes rate limits with free tier DNS providers can cause it to take some time before traefik successfully obtains valid SSL certificates.
-
cd ansible -
mkdir -p matrix-docker-ansible-deploy/inventory/host_vars/${DOMAIN_MATRIX} -
cp hosts.tpl matrix-docker-ansible-deploy/inventory/hosts -
cp host-vars.yml.tpl matrix-docker-ansible-deploy/inventory/host_vars/${DOMAIN_MATRIX}/vars.yml -
sed -i "s/<your-matrix-domain>/${DOMAIN_MATRIX}/g" matrix-docker-ansible-deploy/inventory/hosts -
Continue following docs of matrix-docker-ansible-deploy repo
In summary:
-
Configure DNS:
e.g.
Type: CNAME
Name ${DOMAIN_ELEMENT}
Target ${DOMAIN_MATRIX};
Type: SRV
Service: _matrix-identity
Protocol: TCP
Priority: 10
Weight: 0
Port: 443
Target: ${DOMAIN_MATRIX}
-
cd matrix-docker-ansible-deploy -
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all -
ansible-playbook -i inventory/hosts setup.yml --tags=start
- SSH to server as before
- Add admin user to Synapse (Space prepended to avoid password staying in bash history),
sudo /usr/local/bin/matrix-synapse-register-user <user> <password> 1 - You can log in at
${DOMAIN_MATRIX}/synapse-adminwith the following entered into form fields:<user>,<password>,${DOMAIN_MATRIX}
-
Read about how to configure playbook for dimension by retrieving an access token
-
Make changes to
inventory/host_vars/${DOMAIN_MATRIX}/vars.ymle.g.- Create dedicated dimension non-admin user (through the synapse admin portal,
@dimension:${DOMAIN}is a good name), then fill in appropriate value forMATRIX_DIMENSION_ACCESS_TOKEN(see step 14.) - To configure dimension you need to read and uncomment block starting with line,
## The following block can only be uncommented on a second run - Supply valid values for
matrix_dimension_admins(e.g.@dimension:{{ matrix_domain }}or a user created as in first step of this block
- Create dedicated dimension non-admin user (through the synapse admin portal,
-
Subsequent runs:
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-
Optional, only if Jitsi was configured with auth: Register Jitsi users e.g
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> matrix-jitsi-web <PASSWORD> -
Note, it is not possible to configure dimension by config files e.g. To set local jitsi server to room, in Element on room settings, go to Integrations Manager (Add widgets, bridges & bots) → Jitsi Conference and set Jitsi Domain and Jitsi Script URL appropriately.