pierre/MatrixGW
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: pierre:f2563c81bec566f0a6e9366d533eddbd82ab095f
Branches Tags
pierre:master pierre:renovate/eslint-10.x pierre:renovate/tokio-1.x pierre:renovate/ipnet-2.x
pierre:20251204 pierre:v1 pierre:v1.0.0
..
compare: pierre:ab0f974af23885582e18e4b9154c22345645047d
Branches Tags
pierre:master pierre:renovate/eslint-10.x pierre:renovate/tokio-1.x pierre:renovate/ipnet-2.x
pierre:20251204 pierre:v1 pierre:v1.0.0

1 Commits
f2563c81be ... ab0f974af2

Author SHA1 Message Date
Renovate Bot
ab0f974af2 Update dependency emoji-picker-react to ^4.18.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-24 00:14:53 +00:00
10 changed files with 0 additions and 403 deletions
Expand all files Collapse all files

6
docker_prod/.env.sample
View File

@@ -1,6 +0,0 @@
REDIS_PASS=redis_password
WEBSITE_ORIGIN=http://localhost:8000
APP_SECRET=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
AUTH_SECRET_KEY=secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
OIDC_CLIENT_ID=bar
OIDC_CLIENT_SECRET=foo

3
docker_prod/.gitignore vendored
View File

@@ -1,3 +0,0 @@
.env
storage
auth/users.json

44
docker_prod/README.md
View File

@@ -1,44 +0,0 @@
# Setup production environment
> Sample release deployment configuration. **MUST BE ADAPTED BEFORE REAL PRODUCTION DEPLOYMENT!**
1. Install prerequisites:
1. `docker`
2. `docker compose`
3. `git`
2. Clone this git repository:
```bash
git clone https://gitea.communiquons.org/pierre/MatrixGW
cd MatrixGW/docker_prod
```
3. Copy and adapt env values
```bash
cp .env.sample .env
nano .env
```
4. Create required directories:
```bash
mkdir -p storage/{redis-data,redis-conf,synapse,maspostgres,matrixgw}
```
5. Start containers
```bash
docker compose up
```
> Note: Before running `docker compose up`, if your user does not belong to the `docker` group, you should run the following command to be able to run docker in rootless mode:
>
> ```bash
> sudo -g docker bash
> ```
6. Done !
* Matrix GW: http://localhost:8000/, the default credentials are `admin` / `admin`
* Element: http://localhost:8080 (you will need to create your accounts)
* Auth platform: http://localhost:5001

5
docker_prod/auth/clients.yaml
View File

@@ -1,5 +0,0 @@
- id: ${OIDC_CLIENT_ID}
name: MatrixGW
description: Matrix Gateway
secret: ${OIDC_CLIENT_SECRET}
redirect_uri: ${APP_ORIGIN}/oidc_cb

102
docker_prod/docker-compose.yaml
View File

@@ -1,102 +0,0 @@
services:
oidc:
image: pierre42100/basic_oidc
user: "1000"
environment:
- LISTEN_ADDRESS=0.0.0.0:9001
- STORAGE_PATH=/storage
- TOKEN_KEY=$AUTH_SECRET_KEY
- WEBSITE_ORIGIN=http://localhost:9001
- OIDC_CLIENT_ID=$OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
- APP_ORIGIN=$WEBSITE_ORIGIN
expose:
- 9001
ports:
- 9001:9001
volumes:
- ./auth:/storage
redis:
image: redis:alpine
user: "1000"
command: redis-server --requirepass ${REDIS_PASS:-secretredis}
expose:
- 6379
ports:
- "6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 3
volumes:
- ./storage/redis-data:/data
- ./storage/redis-conf:/usr/local/etc/redis/redis.conf
mas:
image: ghcr.io/element-hq/matrix-authentication-service:main
user: "1000"
restart: unless-stopped
depends_on:
- masdb
volumes:
- ./mas:/config:ro
command: server -c /config/config.yaml
ports:
- "8778:8778/tcp"
synapse:
image: docker.io/matrixdotorg/synapse:latest
user: "1000"
restart: unless-stopped
environment:
- SYNAPSE_CONFIG_PATH=/config/homeserver.yaml
volumes:
- ./storage/synapse:/data
- ./synapse:/config:ro
ports:
- "8448:8448/tcp"
masdb:
image: docker.io/postgres:18-alpine
user: "1000"
environment:
- POSTGRES_DB=masdb
- POSTGRES_USER=masdb
- POSTGRES_PASSWORD=changeme
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
- PGDATA=/data
volumes:
- ./storage/maspostgres:/data
element:
image: docker.io/vectorim/element-web
ports:
- "8080:80/tcp"
volumes:
- ./element/config.json:/app/config.json:ro
matrixgw:
image: pierre42100/matrix_gateway
user: "1000"
ports:
- 8000:8000
depends_on:
redis:
condition: service_healthy
volumes:
- ./storage/matrixgw:/data
network_mode: host
environment:
- WEBSITE_ORIGIN=${WEBSITE_ORIGIN}
- SECRET=${APP_SECRET}
- OIDC_CONFIGURATION_URL=http://localhost:9001/.well-known/openid-configuration
- OIDC_PROVIDER_NAME=OIDC
- OIDC_CLIENT_ID=$OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
- REDIS_HOSTNAME=localhost #redis
- REDIS_PASSWORD=${REDIS_PASS:-secretredis}
- UNSECURE_AUTO_LOGIN_EMAIL=$UNSECURE_AUTO_LOGIN_EMAIL
- STORAGE_PATH=/data
- MATRIX_HOMESERVER=http://localhost:8448

49
docker_prod/element/config.json
View File

@@ -1,49 +0,0 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": "http://localhost:8448",
"server_name": "devserver"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"default_country_code": "GB",
"show_labs_settings": false,
"features": {},
"default_federate": true,
"default_theme": "light",
"room_directory": {
"servers": ["matrix.org"]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"setting_defaults": {
"breadcrumbs": true
},
"jitsi": {
"preferred_domain": "meet.element.io"
},
"element_call": {
"url": "https://call.element.io",
"participant_limit": 8,
"brand": "Element Call"
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}

113
docker_prod/mas/config.yaml
View File

@@ -1,113 +0,0 @@
http:
listeners:
- name: web
resources:
- name: discovery
- name: human
- name: oauth
- name: compat
- name: graphql
- name: assets
binds:
- address: '[::]:8778'
proxy_protocol: false
- name: internal
resources:
- name: health
binds:
- host: localhost
port: 8081
proxy_protocol: false
trusted_proxies:
- 192.168.0.0/16
- 172.16.0.0/12
- 10.0.0.0/10
- 127.0.0.1/8
- fd00::/8
- ::1/128
public_base: http://localhost:8778/
issuer: http://localhost:8778/
database:
uri: postgresql://masdb:changeme@masdb/masdb
max_connections: 10
min_connections: 0
connect_timeout: 30
idle_timeout: 600
max_lifetime: 1800
email:
from: '"Authentication Service" <root@localhost>'
reply_to: '"Authentication Service" <root@localhost>'
transport: blackhole
secrets:
encryption: 12de9ad7bc2bacfa2ab9b1e3f7f1b3feb802195c8ebe66a8293cdb27f00be471
keys:
- kid: Bj2PICQ7mf
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsCYCrrCJA7IuGbTYzP5yZN74QszbzudBUCX6MyN/+36HO2r6
xL8x1PRJ+Klx9Y90J9pWuo+cIuEmFLqO+Yfblo9fSQgZVvkWAFpO6Xh8J4z9qg49
M8xm0Ct8EnRDZDCEOBnwoDaAB9RTbpJGa1RPVCiamfi+xU+j47Zl4Er5jvLm81O7
DSlH9eK8Eih8AxuKTkAbKE1zyXquImE26Mj2dmMRfjDrWV/I8oqE3WFViAKR12Av
zw6TUyduiz8nK9pONCF3NIcQvBdHntBz1HlDXv6i0fRvlGIhjNL5LBgo6XQ3rNM1
bW2KYOw/iFP0YbfD4/xRjkBPvK2coQ8aRzK2VwIDAQABAoH/G4XU5Xav8ePlUB7x
wRYAycINCGL59Vos2lkUvujNFn6uopoUlKlLH/sLk87l/3hqrc9vvbayrsB/Mr3z
mQmhReUg/khFrVE+Hs/9hH1O6N8ew3N2HKHTbrNcr4V7AiySfDGRZ3ccihyi7KPu
XNbPjlbJ0UUMicfn06ysPl94nt0So0UAmXg+c7sDDqyzh3cY8emedYZ5FCljo/jA
F8k40rs7CywLJYMJB9O1vtomgt1xkDRO4F8UrZrriMIcYn0iFKe7i4AH8D6nkgNu
/v9Z43Leu8yRKrUvbpH3NaX8DlUSFWAXKpwUWr4sAQgWcLkVgjAXG1v9jCE97qW2
f0nBAoGBAOaKrnY5rWeZ74dERnPhSCsYiqRMneQAh7eJR+Er+xu1yF/bxwkhq2tK
/txheTK448DqhQRtr095t/v7TMZcPl3bSmybT1CQg/wiMJsgDMZqlC9tofvcq6uz
xP8vxMFHd0YSMSP693dkny4MzNY6LuoVWDLT+HxKPJyzGs1alruzAoGBAMOZp5J2
3ODcHQlcsGBtj1yVpQ4UXMvrSZF2ygiGK9bagL/f1iAtwACVOh5rgmbiOLSVgmR2
n4nupTgSAXMYkjmAmDyEh0PDaRl4WWvYEKp8GMvTPVPvjc6N0dT+y8Mf9bu+LcEt
+uZqPOZNbO5Vi+UgGeM9zZpxq/K7dpJmM/jNAoGBALsYHRGxKTsEwFEkZZCxaWIg
HpPL4e8hRwL6FC13BeitFBpHQDX27yi5yi+Lo1I4ngz3xk+bvERhYaDLhrkML0j4
KGQPfsTBI3vBO3UJA5Ua9XuwG19M7L0BvYPjfmfk2bUyGlM63w4zyMMUfD/3JA+w
ls1ZHTWxAZOh/sRdGirlAoGAX16B1+XgmDp6ZeAtlzaUGd5U1eKTxFF6U1SJ+VIB
+gYblHI84v+riB06cy6ULDnM0C+9neJAs24KXKZa0pV+Zk8O6yLrGN0kV2jYoL5+
kcFkDa13T3+TssxvLNz22LKyi9GUWYZjuQi/nMLPg/1t8k+Oj7/Iia822WkRzRvL
51kCgYEAwrN5Us8LR+fThm3C0vhvwv2wap6ccw0qq5+FTN+igAZAmmvKKvhow2Vi
LnPKBkc7QvxvQSNoXkdUo4qs3zOQ7DGvJLqSG9pwxFW5X1+78pNEm5OWe8AlT1uZ
Jz8Z1/Ae7fr/fFaucW9LkWjcuoPwPLiZ3b7ZQ6phs8qzoL+FpBI=
-----END RSA PRIVATE KEY-----
- kid: HcRvLHat12
key: |
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOCCFSnkfz1ksln6kus8enQstBTu0q62IGJVzuX0WiXPoAoGCCqGSM49
AwEHoUQDQgAEVWPLbvSdxquLAjU3zJLcCWdaxr6QK1tPVbV1IS+87QUMv/zKiCMa
fNpwgBXwU7dF0gY507R2yY9pcdTmRtnRug==
-----END EC PRIVATE KEY-----
- kid: YjMITk5VSn
key: |
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDCoPSjaN7qqnPz+vdzHeIy8RZCCtFOqLTkvylM1gz6xOGaVsS63VJw9
Td9BtpolZ0egBwYFK4EEACKhZANiAAT8tH88HYBHNiQTSqZzlxElSuSDC0+Xn0O9
ukj0xTTVBp8rUM9lCJQAlB8PjS2XK/n0YvYdzysQb3AYqszJa45/rOGvSar30YNE
gwpJvu36xNIKZT+nHalNwg069FdjNBc=
-----END EC PRIVATE KEY-----
- kid: NvFzzeMRU3
key: |
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEILJEmFPDGFZoBVBQf1P6h4YfasYsFiu8a6FrFxiJvKXPoAcGBSuBBAAK
oUQDQgAE4NY5H3+D8r9GNOhrpbUn2dvLZIzi4A+SiwfqvtvPEmZkW+KDbd2tzKmx
maydZBn52QWedVY65snGAEoh9mV1TQ==
-----END EC PRIVATE KEY-----
passwords:
enabled: true
schemes:
- version: 1
algorithm: argon2id
minimum_complexity: 0
account:
password_registration_enabled: true
password_registration_email_required: false
matrix:
kind: synapse
homeserver: localhost
secret: IhKoLn6jWf1qRRZWvqgaKuIdwD6H0Mvx
endpoint: http://synapse:8448/
policy:
data:
client_registration:
allow_insecure_uris: true

41
docker_prod/synapse/homeserver.yaml
View File

@@ -1,41 +0,0 @@
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "localhost"
pid_file: /data/homeserver.pid
listeners:
- port: 8448
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/config/localhost.log.config"
media_store_path: /data/media_store
registration_shared_secret: "+oJd9zgvkQpXN-tt;95Wy,AFAdRH+FSTg&LxUXh6ZSvwMJHT;h"
report_stats: false
macaroon_secret_key: "d@ck1QkQLxlRg^aB#c#oZeII.oxOS6E2DX;YobP^Vm#iB5pQpd"
form_secret: "P.uleBJUYc6AM.UOrFF1q7OKH2N5T*Ae2;fGh46;vIHLIQ#JBP"
signing_key_path: "/config/localhost.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
# vim:ft=yaml
matrix_authentication_service:
enabled: true
endpoint: http://mas:8778/
secret: "IhKoLn6jWf1qRRZWvqgaKuIdwD6H0Mvx"
# Alternatively, using a file:
#secret_file: /path/to/secret.txt

39
docker_prod/synapse/localhost.log.config
View File

@@ -1,39 +0,0 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
# This is just here so we can leave `loggers` in the config regardless of whether
# we configure other loggers below (avoid empty yaml dict error).
_placeholder:
level: "INFO"
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
handlers: [console]
disable_existing_loggers: false

1
docker_prod/synapse/localhost.signing.key
View File

@@ -1 +0,0 @@
ed25519 a_HEcG Q2iG1Yy5WTiZ/VIy+zHPyHCRUpqyE3qrVttGULrVQK4