Project

General

Profile

Actions

The ungleich Matrix infrastructure

This document concerns the infrastructure side of our MaaS offer and is intended for ungleich staff. See Ungleich Matrix-as-a-Service (MaaS) page for end-user/customer documentation. Common operations can be found on: [[https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Common_operations_on_X-as-a-Service]].

Status

This document is A DRAFT. This service is not in production. Ask Timothée Floure for details.

Environment

Our Matrix deployments make use of the Synapse (reference) Matrix homeserver and Riot web client. We use Debian buster as base Operating system, leveraging the matrix-synapse package from the buster-backports repository. The riot client (= static files) is directly fetched from upstream releases on github.

The matrix deployments run on ipv6only VMs, HTTP traffic - including federation - being proxy by the ungleich v4-to-v6 proxy. Federation is delegated using a /.well-known/ URI as described in the customer FAQ.

Tooling

The whole MaaS setup is defined in the manifest/matrix-as-a-service of dot-cdist file, which wraps the __ungleich_matrix type. This type leverages:

  • __matrix_synapse
  • __matrix_riot
  • __ungleich_nginx_static_type
  • _postgres_role and _postgres_database from upstream cdist.

The matterbridge application service can be deployed with the __matterbridge type.

Matrix Federation Tester: https://federationtester.matrix.org/

Synapse Admin UI

  • Allows manual admin management of users and rooms.
  • Use direct address of homeserver for login: https://XXXX.matrix.ungleich.cloud

Monitoring

Autodiscovered from consul in monitoring LAN.

Ungleich Deployments

We maintain our own deployments alongside the customer MaaS, both for our own usage and for testing.

matrix-staging.ungleich.ch

Staging instance used to tests the deployment pipeline and Matrix updates.

matrix.ungleich.ch

Production instance for ungleich. Some rooms are bridged to the chat.ungleich.ch mattermost instance. The bridge makes use of the #matterbridge:ungleich.ch local matrix user (i.e. not from LDAP) and matterbridge mattermost user (linked to matterbridge AT ungleich ch).

Customer Deployments

That's too sensitive to be public: this way !

Shared TURN server

Coturn is running at matrix-turn.ungleich.ch. See matrix-as-a-service manifest in dot-cdist for details.

create mass users on matrix host

- info.txt

user_id1 pw1
user_id2 pw2
user_id3 pw3

- creating user shall script

while read A B
do
  register_new_matrix_user -u $A -p $B --no-admin -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
  echo "$A" "$B" 
done < info.txt

invite mass users on matrix host

- info.txt

user_id1 pw1
user_id2 pw2
user_id3 pw3

- get user token

--> user : admin room user

curl -XPOST -d '{"type":"m.login.password", "user":"[user_id]", "password":"[user_password]"}' "http://localhost:8008/_matrix/client/r0/login" 

- inviting user script

matrixserver="testbr.lab.ungleich.ch" 

generate_post_data()
{
  cat <<EOF
{
  "user_id":"@$A:$matrixserver" 
}
EOF
}

while read A B
do
   curl -XPOST -d "$(generate_post_data)" "http://localhost:8008/_matrix/client/r0/rooms/[room_id]/invite?access_token=[user_token]" 
done < info.txt

Updated by Jin-Guk Kwon 12 days ago · 16 revisions