$ cp examples\/vars.yml inventory\/host_vars \/matrix.teichert.sh\/vars.yml\n$ cp examples\/hosts inventory\/hosts<\/code><\/pre>\n\n\n\nNow we generate two Passwords. one as the matrix server secret key which is used to encrypt other stuff in matrix. and one as postgres password<\/p>\n\n\n\n
We will use pwgen for this<\/p>\n\n\n\n
-s -> secure. generates a totally random password (thats what the man page says ;))
<\/p>\n\n\n\n
# generate matrix and postgres secret\n$ pwgen -s 64 2\nL0KYiXz2IYpaWNHQxwSEZLOvGiMTIo7ELRwtKGoyVpuvPXCAC7MXeIbAABr0wR61\nvXeNlsnaolAKEramzgXHFfJM8cIo3YTQ4XWreTVhQJSJM1Tqp633CTfZKc7ShNM0<\/code><\/pre>\n\n\n\nnow we edit the vars.yml config file<\/p>\n\n\n\n
# open file for writing\n$ vim inventory\/host_vars\/matrix.<your-domain>\/vars.yml<\/code><\/pre>\n\n\n\nEdit the config as following<\/p>\n\n\n\n
---\n# The bare domain name which represents your Matrix identity.\n# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).\n#\n# Note: this playbook does not touch the server referenced here.\n# Installation happens on another server (\"matrix.<matrix-domain>\").\n#\n# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,\n# because you can't change the Domain after deployment.\n#\n# Example value: example.com\nmatrix_domain: <your-domain>\n\n# The Matrix homeserver software to install.\n# See `roles\/matrix-base\/defaults\/main.yml` for valid options.\nmatrix_homeserver_implementation: synapse\n\n# A secret used as a base, for generating various other secrets.\n# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).\nmatrix_homeserver_generic_secret_key: 'L0KYiXz2IYpaWNHQxwSEZLOvGiMTIo7ELRwtKGoyVpuvPXCAC7MXeIbAABr0wR61'\n\n# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.\n#\n# In case SSL renewal fails at some point, you'll also get an email notification there.\n#\n# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),\n# you won't be required to define this variable (see `docs\/configuring-playbook-ssl-certificates.md`).\n#\n# Example value: someone@example.com\nmatrix_ssl_lets_encrypt_support_email: '<your-mail-address>'\n\n# A Postgres password to use for the superuser Postgres user (called `matrix` by default).\n#\n# The playbook creates additional Postgres users and databases (one for each enabled service)\n# using this superuser account.\nmatrix_postgres_connection_password: 'vXeNlsnaolAKEramzgXHFfJM8cIo3YTQ4XWreTVhQJSJM1Tqp633CTfZKc7ShNM0'\n<\/code><\/pre>\n\n\n\n<\/p>\n\n\n\n
Now we need to edit the hosts file. so it fits our setup.<\/p>\n\n\n\n
vim inventory\/hosts<\/code><\/pre>\n\n\n\nEdit the string to look as following<\/p>\n\n\n\n
# We explicitly ask for your server's external IP address, because the same value is used for configuring Coturn.\n# If you'd rather use a local IP here, make sure to set up `matrix_coturn_turn_external_ip_address`.\n#\n# To connect using a non-root user (and elevate to root with sudo later),\n# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username become=true become_user=root`\n#\n# For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.\n# If this causes SSH connection troubles, disable it by adding `ansible_ssh_pipelining=False`\n# to the host line below or by adding `ansible_ssh_pipelining: False` to your variables file.\n#\n# If you're running this Ansible playbook on the same server as the one you're installing to,\n# consider adding an additional `ansible_connection=local` argument to the host line below.\n#\n# Ansible may fail to discover which Python interpreter to use on the host for some distros (like Ubuntu 20.04).\n# You may sometimes need to explicitly add the argument `ansible_python_interpreter=\/usr\/bin\/python3`\n# to the host line below.\n\n[matrix_servers]\nmatrix.<your-domain> ansible_host=<external-ip-address> ansible_ssh_user=root<\/code><\/pre>\n\n\n\nNow everything is ready for install the the application. The cool thing about ansible is that the playbooks are idempotent and can be run again and again and will only change what was changes<\/p>\n\n\n\n
ansible-playbook -i inventory\/hosts setup.yml --tags=setup-all<\/code><\/pre>\n\n\n\nnow all the playbooks will run for 5 – 10 minutes and none should show failed at the recap.<\/p>\n\n\n\n
PLAY RECAP ******************************************************************************************************************************************************************\nmatrix.<your-domain> : ok=221 changed=5 unreachable=0 failed=0 skipped=1696 rescued=0 ignored=0 \n<\/code><\/pre>\n\n\n\nStart all services<\/p>\n\n\n\n
ansible-playbook -i inventory\/hosts setup.yml --tags=start<\/code><\/pre>\n\n\n\ncheck the recap. nothiing should fail<\/p>\n\n\n\n
PLAY RECAP ******************************************************************************************************************************************************************\nmatrix.<your-domain> : ok=22 changed=2 unreachable=0 failed=0 skipped=193 rescued=0 ignored=0<\/code><\/pre>\n\n\n\nNow the Server is up and running. user registration is by default disabled.<\/p>\n\n\n\n
we can access https:\/\/element.<your-domain> to verify if everything looks good. Element is the Web Interface for matrix.<\/p>\n\n\n\nnow we need to create a user for login<\/p>\n\n\n\n
There are two ways to create a user.<\/p>\n\n\n\n
You can use ansible or via CLI on the Server<\/p>\n\n\n\n
ansible-playbook -i inventory\/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user<\/code><\/pre>\n\n\n\nOR<\/strong><\/p>\n\n\n\n\/usr\/local\/bin\/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1><\/code><\/pre>\n\n\n\nNow we should be able to login with the user in the element UI.<\/p>\n\n\n\n
By default the setup federates with the whole matrix network.<\/p>\n\n\n\n
To disable this add the following to inventory\/host_vars\/matrix.\/vars.yml<\/p>\n\n\n\n
matrix_synapse_federation_enabled: false<\/code><\/pre>\n\n\n\nTo share your public rooms to the whole matrix network add the following to inventory\/host_vars\/matrix.\/vars.yml<\/p>\n\n\n\n
matrix_synapse_allow_public_rooms_over_federation: true<\/code><\/pre>\n\n\n\nin either case you have to rerun the install routine<\/p>\n\n\n\n
ansible-playbook -i inventory\/hosts setup.yml --tags=setup-all<\/code><\/pre>\n\n\n\nGratulations. Your own messaging server is now up and running and can be used for messaging in browser and mobile app.<\/p>\n\n\n\n
more articles about the other functions will follow.<\/p>\n","protected":false},"excerpt":{"rendered":"
In days where governments are checking out more and more services and demanding backdoors in messanger services it may be good to host his own messenger service. I recently found this one and it seems to be quite easy to setup. All Information can also be found on the projects page Git Hub Project: https:\/\/github.com\/spantaleev\/matrix-docker-ansible-deploy […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,3,10],"tags":[],"class_list":["post-89","post","type-post","status-publish","format-standard","hentry","category-anonymity","category-linux","category-matrix"],"_links":{"self":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/comments?post=89"}],"version-history":[{"count":7,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/89\/revisions"}],"predecessor-version":[{"id":117,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/posts\/89\/revisions\/117"}],"wp:attachment":[{"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/media?parent=89"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/categories?post=89"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blubb.fish\/index.php\/wp-json\/wp\/v2\/tags?post=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/blubb.fish\/wp-content\/uploads\/2022\/03\/element-1024x397.png\")
<\/figure>\n\n\n\n