Eduardo Ansible Matrix setup notes

Note for the reader: this is a document that explains how to set up a matrix server in a Google cloud instance. Matrix is a new, open source and actively developed chat protocol that enables anyone to set up a server and use their own client (it’s like IRC, but with modern features). In order to send messages to other chat systems, there are many matrix bridges that are actively developed. This guide shows how to set up a server and configure it to use the Facebook messenger, Signal, Whatsapp and Google hangouts bridges. Now you can use all the chat services from within one matrix client, here the well developed element.io client! (It used to be called riot which is how it appears in the screenshots here).

It really is incredible how much wasted mental effort from context switching having a single client removes. Once you enter the matrix you will not want to come back.

Overall, this is a guide on how to follow Slavi’s ansible guide (yes a guide to follow a guide):

https://github.com/spantaleev/matrix-docker-ansible-deploy

Google cloud setup

Sign up for a new Google cloud account at cloud.google.com and get $300 free credits for a year. They ask for a credit card (no charges made), you can create burner cards at www.privacy.com

On the Cloud menu on the left under COMPUTE choose Compute Engine > VM Instances > CREATE INSTANCE

Use the settings as shown below .

Synapse ansible setup

This follows Slavi’s ansible guide: https://github.com/spantaleev/matrix-docker-ansible-deploy

I’m gonna use the domain poop.blue

Note about ansible: Any change you want to make will always go in the file  inventory/host_vars/matrix.<your-domain>/vars.yml

So since we’re using matrix.eduardobeltrame.com those changes would go to inventory/host_vars/matrix.poop.blue.com/vars.yml

Configuring DNS server

You’ll need to buy a domain. I like namecheap.com for buying domains for cheap (har), right now you can get .xyz for $1 or .club for $1.37. Once you buy a domain, go to your dashboard on your dashboard click manage for that domain, then go to Advanced DNS. The table below shows generally how to set the records, and the screenshot shows what namecheap will look like. Remember that in the Google cloud setup we got static IP, that’s what you’ll put on the A record so they instance’s static IP. Also, you can use something other than the subdomain matrix.example.com, like poop.example.com and it’ll be fine.

I don’t want to use a subdomain so that my username address can be @munfred:poop.blue instead of @munfred:matrix.poop.blue

So we ass the A record @ for the server IP

Configuring the Ansible playbook

SSH into your google cloud instance - Googles browser SSH client is really great.



On the server user home folder (
cd ~) do:

git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git

cd matrix-docker-ansible-deploy/

create a directory to hold your configuration (mkdir inventory/host_vars/matrix.<your-domain>)

mkdir inventory/host_vars/matrix.poop.blue

copy the sample configuration file (cp examples/host-vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml)


cp examples/host-vars.yml inventory/host_vars/matrix.poop.blue/vars.yml

Then the file needs to be adapted to your domain

vi inventory/host_vars/matrix.poop.blue/vars.yml

Then the hosts file

cp examples/hosts inventory/hosts

I added like this in the inventory/hosts file

vi inventory/hosts

Installing

First make sure you got Ansible 2.7, I got version 2.7.12 and it worked

sudo add-apt-repository ppa:ansible/ansible-2.7

sudo apt-get update
sudo apt install ansible

sudo apt upgrade ansible

Then you can try installing Synapse with the Ansible playbook

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

At this point I got

fatal: [matrix.poop.blue]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"34.68.167.188\". Make

sure this host can be reached over ssh", "unreachable": true}                                                                              

Then I realized this thing gotta ssh into itself...AND YOU ALSO NEED TO ENABLE SSH FOR THE ROOT. Simplest way to do it is:

sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

sudo service ssh restart

ssh-keygen

<then press enter 3 times>

head ~/.ssh/id_rsa.pub

Then copy that and then in the Google cloud panel go to Compute Engine > VM instances then edit the instance and paste the key into the SSH keys section as shown below. At the end, change it to be root@servername instead of the normal user name of your instance (eg. root@matrix for me, since I called my VM instance matrix). Test that it worked by trying to ssh as root, e.g. ssh root@34.68.167.188

Test that it work!!! To confirm the root ssh work and also that the nameservers are configured we test the following 3 logins:

ssh root@34.68.167.188

ssh root@poop.blue

ssh root@matrix.poop.blue

Now you can install Synapse with the Ansible playbook and it will work

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

Success looks like this

You can run it again if you want. The important is to get to the end with no errors or red things

Starting the services

Now do

ansible-playbook -i inventory/hosts setup.yml --tags=start

And if you’re lucky:

Wow it worked!

Checking if services work

This playbook can perform a check to ensure that you've configured things correctly and that services are running.

To perform the check, run:

ansible-playbook -i inventory/hosts setup.yml --tags=self-check

FAIL

Registering users

Run this to create a new user account on your Matrix server.

You can do it via this Ansible playbook (make sure to edit the <your-username> and <your-password> part below):

ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user

I can login, but cannot connect to other servers or find users -- turns out it’s a firewall problem

Update firewall rules

sudo apt-get install ufw

sudo ufw default deny incoming

sudo ufw allow ssh

sudo ufw allow http

sudo ufw allow https

sudo ufw allow 8448

sudo ufw enable

sudo ufw status verbose

Serving the base domain

https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-base-domain-serving.md

We do this to serve the base domain from the Matrix server via the integrated webserver (matrix-nginx-proxy).

With the DNS records we used the  base domain is pointed to the Matrix server's IP address and use the following configuration:

matrix_nginx_proxy_base_domain_serving_enabled: true

Note about ansible: Any change you want to make will always go in the file  inventory/host_vars/matrix.<your-domain>/vars.yml

So since we’re using matrix.eduardobeltrame.com those changes would go to

vi inventory/host_vars/matrix.poop.blue/vars.yml

And add it there, OR we can append to the file by doing

echo 'matrix_nginx_proxy_base_domain_serving_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml

Confirm it’s there by doing

less inventory/host_vars/matrix.poop.blue/vars.yml

Now stop matrix, run ansible, restart

ansible-playbook -i inventory/hosts setup.yml --tags=stop

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

ansible-playbook -i inventory/hosts setup.yml --tags=start

Now server is being served correctly from poop.blue, and my username adress can be @nunfred:poop.blue

----

Setting up Mautrix Facebook

https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-bridge-mautrix-facebook.md#set-up-double-puppeting

We need to add the following to the file  inventory/host_vars/matrix.<your-domain>/vars.yml

matrix_mautrix_facebook_enabled: true

And add it there, OR we can append to the file by doing

echo 'matrix_mautrix_facebook_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml

Confirm it’s there by doing

head -n100 inventory/host_vars/matrix.poop.blue/vars.yml

Now stop matrix, run ansible, restart

ansible-playbook -i inventory/hosts setup.yml --tags=stop

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

ansible-playbook -i inventory/hosts setup.yml --tags=start

You then need to start a chat with @facebookbot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).

It works!!!

Set up bridging: Send login YOUR_FACEBOOK_EMAIL_ADDRESS YOUR_FACEBOOK_PASSWORD to the bridge bot to enable bridging for your Facebook/Messenger account.

Setting up Mautrix Telegram (optional)

The playbook can install and configure mautrix-telegram for you.

See the project's documentation to learn what it does and why it might be useful to you.

You'll need to obtain API keys from https://my.telegram.org/apps and then use the following playbook configuration:

matrix_mautrix_telegram_enabled: true

matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID

matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH

You then need to start a chat with @telegrambot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).

echo 'matrix_mautrix_telegram_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml

echo 'matrix_mautrix_telegram_api_id: 794658' >> inventory/host_vars/matrix.poop.blue/vars.yml

echo 'matrix_mautrix_telegram_api_hash: f3c730ab6979a6c9fd82e01ee921831c' >> inventory/host_vars/matrix.poop.blue/vars.yml

head -n100 inventory/host_vars/matrix.poop.blue/vars.yml

Now stop matrix, run ansible, restart

ansible-playbook -i inventory/hosts setup.yml --tags=stop

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

ansible-playbook -i inventory/hosts setup.yml --tags=start

794658

f3c730ab6979a6c9fd82e01ee921831c

Setting up Mautrix Whatsapp (optional)

The playbook can install and configure mautrix-whatsapp for you.

See the project's documentation to learn what it does and why it might be useful to you.

Use the following playbook configuration:

matrix_mautrix_whatsapp_enabled: true

You then need to start a chat with @whatsappbot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).

echo 'matrix_mautrix_whatsapp_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml

head -n100 inventory/host_vars/matrix.poop.blue/vars.yml

Now stop matrix, run ansible, restart

ansible-playbook -i inventory/hosts setup.yml --tags=stop

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all

ansible-playbook -i inventory/hosts setup.yml --tags=start