Skip to content

feat(matrix+synapse): Add new SaaS roles + multiple improvements#89

Merged
wiseflat merged 7 commits into
mainfrom
dev/matrix
Jun 27, 2026
Merged

feat(matrix+synapse): Add new SaaS roles + multiple improvements#89
wiseflat merged 7 commits into
mainfrom
dev/matrix

Conversation

@wiseflat

Copy link
Copy Markdown
Owner

No description provided.

wiseflat added 7 commits June 27, 2026 13:10
- Add nomad-driver-exec2 package installation
- Configure exec2.hcl plugin directory
- Add plugin_dir to nomad.hcl template
- Disable drain on shutdown (force and ignore_system_jobs)
- Make ExecStop conditional in override.conf.j2
- Change from bitnami/postgresql to postgres official image
- Update backup script to use /bin/pg_dumpall instead of bitnami path
- Update restore script to use /bin/psql
- Create /var/run/postgresql directory (owner 999:999, mode 3775)
- Create /var/backup directory for backups
- Mount /var/run/postgresql volume in nomad.hcl
- Add host_network = "public" for network exposure
- Update volumes path to use var/lib/postgresql structure
- Simplify download task: direct path to binary instead of find-binary loop
- Remove include_role for upstream/find-binary (no longer needed)
- Add minio-client (mc) package to Dockerfile
- Add host_network = "public" to nomad.hcl
- Fix traefik_tag template indentation
- Change GF_INSTALL_PLUGINS to GF_PLUGINS_PREINSTALL (correct env var)
- Comment out llm.yaml plugin configuration (not needed)
Add coturn role:
- TURN/STUN server for Matrix media relay
- Auto-generated turn_shared_secret
- Configurable relay port range (49152-49252)
- README with firewall rules documentation

Add synapse role:
- Matrix homeserver deployment
- Auto-generated secrets (registration, macaroon, form)
- Integration with PostgreSQL, Redis, TURN
- User management documentation

Add synapse_admin role:
- Synapse Admin UI for user management
- Docker-based deployment

Add element_web role:
- Web client for Matrix
- Configurable server connection

Add matrix_migrate role:
- Migration tools for Matrix data
- Python-based migration script

All roles include:
- backup/restore/destroy tasks
- Nomad job templates
- Upstream variables
PaaS changes:
- Add ufw_blocklist_enabled and ufw_blocklist_url
- Remove ufw_packages array
- Disable fail2ban_ratelimit_enabled
- Update nomad_client_drain_on_shutdown_force/ignore_system_jobs to false
- Update nomad_leave_on_terminate/interrupt to false

SaaS changes:
- Add coturn role (empty config)
- Add element_web role (empty config)
- Add matrix_migrate role (empty config)
- Add synapse role (empty config)
- Add synapse_admin role (empty config)
- Set fail2ban_ratelimit_enabled to false (was true)
- Prevents false positives on high-traffic servers
@wiseflat wiseflat merged commit c5fa1f8 into main Jun 27, 2026
6 checks passed
@wiseflat wiseflat deleted the dev/matrix branch June 27, 2026 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant