Eduardo Ansible Matrix setup notes
Note for the reader: this is a document that explains how to set up a matrix server in a Google cloud instance. Matrix is a new, open source and actively developed chat protocol that enables anyone to set up a server and use their own client (it’s like IRC, but with modern features). In order to send messages to other chat systems, there are many matrix bridges that are actively developed. This guide shows how to set up a server and configure it to use the Facebook messenger, Signal, Whatsapp and Google hangouts bridges. Now you can use all the chat services from within one matrix client, here the well developed element.io client! (It used to be called riot which is how it appears in the screenshots here).
It really is incredible how much wasted mental effort from context switching having a single client removes. Once you enter the matrix you will not want to come back.
Overall, this is a guide on how to follow Slavi’s ansible guide (yes a guide to follow a guide):
https://github.com/spantaleev/matrix-docker-ansible-deploy
Google cloud setup
Sign up for a new Google cloud account at cloud.google.com and get $300 free credits for a year. They ask for a credit card (no charges made), you can create burner cards at www.privacy.com
On the Cloud menu on the left under COMPUTE choose Compute Engine > VM Instances > CREATE INSTANCE
Use the settings as shown below .
- Up to 30 GB storage is free
- Ubuntu 18.04 LTS
- 3.75GB RAM
- Allow full access to all Cloud APIs
- Under firewall Allow HTTP and HTTPS traffic
- Get a static IP under the Networking tab
Synapse ansible setup
This follows Slavi’s ansible guide: https://github.com/spantaleev/matrix-docker-ansible-deploy
I’m gonna use the domain poop.blue
Note about ansible: Any change you want to make will always go in the file inventory/host_vars/matrix.<your-domain>/vars.yml
So since we’re using matrix.eduardobeltrame.com those changes would go to inventory/host_vars/matrix.poop.blue.com/vars.yml
Configuring DNS server
You’ll need to buy a domain. I like namecheap.com for buying domains for cheap (har), right now you can get .xyz for $1 or .club for $1.37. Once you buy a domain, go to your dashboard on your dashboard click manage for that domain, then go to Advanced DNS. The table below shows generally how to set the records, and the screenshot shows what namecheap will look like. Remember that in the Google cloud setup we got static IP, that’s what you’ll put on the A record so they instance’s static IP. Also, you can use something other than the subdomain matrix.example.com, like poop.example.com and it’ll be fine.
I don’t want to use a subdomain so that my username address can be @munfred:poop.blue instead of @munfred:matrix.poop.blue
So we ass the A record @ for the server IP
Configuring the Ansible playbook
SSH into your google cloud instance - Googles browser SSH client is really great.
On the server user home folder (cd ~) do:
git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git
cd matrix-docker-ansible-deploy/
create a directory to hold your configuration (mkdir inventory/host_vars/matrix.<your-domain>)
mkdir inventory/host_vars/matrix.poop.blue
copy the sample configuration file (cp examples/host-vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml)
cp examples/host-vars.yml inventory/host_vars/matrix.poop.blue/vars.yml
Then the file needs to be adapted to your domain
vi inventory/host_vars/matrix.poop.blue/vars.yml
Then the hosts file
cp examples/hosts inventory/hosts
I added like this in the inventory/hosts file
vi inventory/hosts
Installing
First make sure you got Ansible 2.7, I got version 2.7.12 and it worked
sudo add-apt-repository ppa:ansible/ansible-2.7
sudo apt-get update
sudo apt install ansible
sudo apt upgrade ansible
Then you can try installing Synapse with the Ansible playbook
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
At this point I got
fatal: [matrix.poop.blue]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"34.68.167.188\". Make
sure this host can be reached over ssh", "unreachable": true}
Then I realized this thing gotta ssh into itself...AND YOU ALSO NEED TO ENABLE SSH FOR THE ROOT. Simplest way to do it is:
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sudo service ssh restart
ssh-keygen
<then press enter 3 times>
head ~/.ssh/id_rsa.pub
Then copy that and then in the Google cloud panel go to Compute Engine > VM instances then edit the instance and paste the key into the SSH keys section as shown below. At the end, change it to be root@servername instead of the normal user name of your instance (eg. root@matrix for me, since I called my VM instance matrix). Test that it worked by trying to ssh as root, e.g. ssh root@34.68.167.188
Test that it work!!! To confirm the root ssh work and also that the nameservers are configured we test the following 3 logins:
ssh root@34.68.167.188
ssh root@poop.blue
ssh root@matrix.poop.blue
Now you can install Synapse with the Ansible playbook and it will work
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
Success looks like this
You can run it again if you want. The important is to get to the end with no errors or red things
Starting the services
Now do
ansible-playbook -i inventory/hosts setup.yml --tags=start
And if you’re lucky:
Wow it worked!
Checking if services work
This playbook can perform a check to ensure that you've configured things correctly and that services are running.
To perform the check, run:
ansible-playbook -i inventory/hosts setup.yml --tags=self-check
FAIL
Registering users
Run this to create a new user account on your Matrix server.
You can do it via this Ansible playbook (make sure to edit the <your-username> and <your-password> part below):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
I can login, but cannot connect to other servers or find users -- turns out it’s a firewall problem
Update firewall rules
sudo apt-get install ufw
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 8448
sudo ufw enable
sudo ufw status verbose
Serving the base domain
We do this to serve the base domain from the Matrix server via the integrated webserver (matrix-nginx-proxy).
With the DNS records we used the base domain is pointed to the Matrix server's IP address and use the following configuration:
matrix_nginx_proxy_base_domain_serving_enabled: true
Note about ansible: Any change you want to make will always go in the file inventory/host_vars/matrix.<your-domain>/vars.yml
So since we’re using matrix.eduardobeltrame.com those changes would go to
vi inventory/host_vars/matrix.poop.blue/vars.yml
And add it there, OR we can append to the file by doing
echo 'matrix_nginx_proxy_base_domain_serving_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml
Confirm it’s there by doing
less inventory/host_vars/matrix.poop.blue/vars.yml
Now stop matrix, run ansible, restart
ansible-playbook -i inventory/hosts setup.yml --tags=stop
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=start
Now server is being served correctly from poop.blue, and my username adress can be @nunfred:poop.blue
----
Setting up Mautrix Facebook
We need to add the following to the file inventory/host_vars/matrix.<your-domain>/vars.yml
matrix_mautrix_facebook_enabled: true
And add it there, OR we can append to the file by doing
echo 'matrix_mautrix_facebook_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml
Confirm it’s there by doing
head -n100 inventory/host_vars/matrix.poop.blue/vars.yml
Now stop matrix, run ansible, restart
ansible-playbook -i inventory/hosts setup.yml --tags=stop
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=start
You then need to start a chat with @facebookbot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).
It works!!!
Set up bridging: Send login YOUR_FACEBOOK_EMAIL_ADDRESS YOUR_FACEBOOK_PASSWORD to the bridge bot to enable bridging for your Facebook/Messenger account.
Setting up Mautrix Telegram (optional)
The playbook can install and configure mautrix-telegram for you.
See the project's documentation to learn what it does and why it might be useful to you.
You'll need to obtain API keys from https://my.telegram.org/apps and then use the following playbook configuration:
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
You then need to start a chat with @telegrambot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).
echo 'matrix_mautrix_telegram_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml
echo 'matrix_mautrix_telegram_api_id: 794658' >> inventory/host_vars/matrix.poop.blue/vars.yml
echo 'matrix_mautrix_telegram_api_hash: f3c730ab6979a6c9fd82e01ee921831c' >> inventory/host_vars/matrix.poop.blue/vars.yml
head -n100 inventory/host_vars/matrix.poop.blue/vars.yml
Now stop matrix, run ansible, restart
ansible-playbook -i inventory/hosts setup.yml --tags=stop
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=start
794658
f3c730ab6979a6c9fd82e01ee921831c
Setting up Mautrix Whatsapp (optional)
The playbook can install and configure mautrix-whatsapp for you.
See the project's documentation to learn what it does and why it might be useful to you.
Use the following playbook configuration:
matrix_mautrix_whatsapp_enabled: true
You then need to start a chat with @whatsappbot:YOUR_DOMAIN (where YOUR_DOMAIN is your base domain, not the matrix.domain).
echo 'matrix_mautrix_whatsapp_enabled: true' >> inventory/host_vars/matrix.poop.blue/vars.yml
head -n100 inventory/host_vars/matrix.poop.blue/vars.yml
Now stop matrix, run ansible, restart
ansible-playbook -i inventory/hosts setup.yml --tags=stop
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=start
