====== Matrix / Synapse / Dendrite / Element (Riot) ======

[[https://www.golem.de/news/matrix-grundschule-forkt-messenger-2201-162562.amp.html|Grundschule forkt Messenger]] => eigener Matrix-Server + geforkter Matrix-Client "Fluffychat" => **"Hermannpost"** ist der neue Messenger für Grundschüler an der Gemeinschaftsgrundschule Hermannstraße in Stolberg

**[[https://status.matrix.org/]]**


===== Matrix (Protokoll) =====

  * [[https://matrix.org/|Matrix]]
    * [[https://matrix.org/docs/guides|Guides]] -> zum schlau lesen, empfohlen von //matrix.org//
    * [[https://matrix.org/bridges|Bridges]] -> Kompatibilität mit anderen Diensten mithilfe einer Bridge


===== Synapse (Server) =====

  * [[https://github.com/matrix-org/synapse]] -> 1st Gen Matrix homeserver (Python)

=== Installation ===

  * [[https://github.com/matrix-org/synapse/blob/develop/INSTALL.md|Offizielle Anleitung zur Installation]]
    * [[https://github.com/matrix-org/synapse/blob/develop/docs/reverse_proxy.md|Reverse Proxy aufsetzen]]
    * [[https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md|TURN Server benutzen (für zuverlässige IP-Telefonie)]]


== Linux Debian / Ubuntu (64-bit) ==

  * Synapse installieren: ''apt install matrix-synapse python''
  * eine zufällige Zeichenkette erzeugen: ''head -c 100 /dev/urandom | base64 | tr -cd '[:alnum:]' | cut -b-12''
  * die gerade erzeugte zufällige Zeichenkette muss als Wert für die Variable ''registration_shared_secret'' eingetragen werden:
    * ''vi /etc/matrix-synapse/homeserver.yaml''
    * ''tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"''
    * ''tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"''
    * ''tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"''
    * ''enable_registration: true''
    * ''registration_shared_secret: "2VfccrQJr7OHNOZg44wqWRxVSGT9nc9q"''
  * Die Ports ''8008'' (HTTP) und ''8448'' (HTTPS) im Router/Firewall freischalten -> **besser: Portweiterleitung mit Port ''443'' und nginx als reverse proxy für die internen Ports ''8008'' und ''8448''**
  * <del>''service matrix-synapse start''</del> //das hat bei mir nicht funktioniert//
  * ''/usr/bin/python3 -m synapse.app.homeserver -****-config-path=/etc/matrix-synapse/homeserver.yaml -****-config-path=/etc/matrix-synapse/conf.d/''


== FreeBSD 13.0 (64-bit) ==

  > cd /usr/ports/net-im/py-matrix-synapse/ && make config
<file ini /var/db/ports/net-im_py-matrix-synapse/options>
# This file is auto-generated by 'make config'.
# Options for py37-matrix-synapse-1.31.0
_OPTIONS_READ=py37-matrix-synapse-1.31.0
_FILE_COMPLETE_OPTIONS_LIST=DOCS LDAP OIDC PGSQL REDIS SQLITE URLPREVIEW
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=LDAP
OPTIONS_FILE_UNSET+=OIDC
OPTIONS_FILE_SET+=PGSQL
OPTIONS_FILE_UNSET+=REDIS
OPTIONS_FILE_SET+=SQLITE
OPTIONS_FILE_SET+=URLPREVIEW
</file>
  > cd /usr/ports/net-im/py-matrix-synapse/ && make clean && make && make install ; make clean


== FreeBSD 13.2 (64-bit) ==

  > cd /usr/ports/textproc/py-tomli && make clean ; make deinstall ; make install ; make clean
  > cd /usr/ports/devel/py-immutabledict && make clean ; make deinstall ; make install ; make clean
  > cd /usr/ports/devel/py-packaging && make clean ; make deinstall ; make install ; make clean
  > cd /usr/ports/print/libraqm && make clean ; make deinstall ; make install ; make clean
  > cd /usr/ports/net-im/py-matrix-synapse/ && make config
  > cd /usr/ports/net-im/py-matrix-synapse && make clean ; make deinstall ; make install ; make clean


=== Konfiguration ===

== FreeBSD 13.0 (64-bit) ==

Es wirtd auch ein gültiges SSL-Zertifikat benötigt.
Das kann man sich per [[::letsencrypt]] erstellen.

  > vi /usr/local/etc/matrix-synapse/homeserver.yaml
  server_name: "meinim.de"
  pid_file: /var/run/matrix-synapse/homeserver.pid
  public_baseurl: https://meinim.de/
  allow_public_rooms_without_auth: true
  allow_public_rooms_over_federation: true
  listeners:
    - port: 8008
      tls: false
      type: http
      x_forwarded: true
      bind_addresses: ['127.0.0.1']
      resources:
        - names: [client, federation]
          compress: false
  
  ## TLS ##
  
  acme:
      account_key_file: /var/db/matrix-synapse/acme_account.key
  database:
    name: sqlite3
    args:
      database: /var/db/matrix-synapse/homeserver.db
  log_config: "/usr/local/etc/matrix-synapse/meinim.de.log.config"
  media_store_path: "/var/db/matrix-synapse/media_store"
  max_upload_size: 50M
  url_preview_accept_language:
     - de
     - en
  enable_registration: true
  registrations_require_3pid:
    - email
  default_identity_server: https://matrix.org
  auto_join_rooms:
    - "#public:meinim.de"
  signing_key_path: "/usr/local/etc/matrix-synapse/meinim.de.signing.key"
  trusted_key_servers:
    - server_name: "matrix.org"
  email:
    smtp_host: mailout.emaildomain.de
    smtp_port: 587
    smtp_user: "emailbenutzer"
    smtp_pass: "emailgeheim"
    require_transport_security: true
    notif_from: "meinim.de %(app)s Server <emailbenutzer@emaildomain.de>"

  > mkdir -p /var/db/matrix-synapse/media_store/
  > chown -R synapse:synapse /var/db/matrix-synapse/
  > service synapse restart
  > service synapse status
  > ls -lha /var/db/matrix-synapse/

zusätzliche Konfiguration für den [[::nginx]] reverse proxy:

<file properties /home/etc/nginx/conf.d/server.conf>
    location ~* ^(\/_matrix|\/_synapse\/client) {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
    }
</file>


===== Dendrite (Server) =====

  * [[https://github.com/matrix-org/dendrite]] -> 2nd Gen Matrix homeserver (Go) **noch alpha**


===== Element (Client) =====

  * [[https://element.io/|Element (ehemals Riot)]]
  * [[https://app.element.io/|Element WebApp]] -> Client


=== Installation ===

  * [[https://element.io/get-started]]


== Linux Debian / Ubuntu (64-bit) ==

Vorbereitung:
  apt install -y wget apt-transport-https

bis Ubuntu 20.04:
  apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C2850B265AC085BD
  apt-key export C2850B265AC085BD > /etc/apt/trusted.gpg.d/element-desktop.asc

ab Ubuntu 22.04:
  wget -qO /etc/apt/trusted.gpg.d/element-desktop.asc https://packages.element.io/debian/element-io-archive-keyring.asc
  echo "deb [signed-by=/etc/apt/trusted.gpg.d/element-desktop.asc] https://packages.riot.im/debian default main" | tee /etc/apt/sources.list.d/element-desktop.list
  oder
  apt install ubuntu-dbgsym-keyring
  echo 'deb [ signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg ] https://packages.element.io/debian default main' | tee /etc/apt/sources.list.d/element-desktop.list

Installation:
  apt install --only-upgrade ubuntu-dbgsym-keyring
  apt update
  apt install element-desktop