"vault backup: 2026-03-08 13:41:28 from Flow"

2026-03-08 13:41:28 -05:00
parent 3eccd6deee
commit ec242f1052
22 changed files with 313 additions and 40 deletions
--- a/Reference/homelab/stacks/matrix.md
+++ b/Reference/homelab/stacks/matrix.md
@@ -0,0 +1,150 @@
+# Matrix
+
+Self-hosted Matrix homeserver (Synapse) with multiple messaging bridges.
+
+## Access
+- **Tailscale:** `matrix.bunny-wyvern.ts.net` (Synapse homeserver)
+
+## Containers
+
+| Container | Image | Role |
+|---|---|---|
+| `synapse` | `matrixdotorg/synapse:latest` | Matrix homeserver |
+| `matrix-db` | `postgres:16-alpine` | PostgreSQL database |
+| `matrix-tailscale` | `tailscale/tailscale:latest` | Tailscale node (shares synapse network) |
+| `mautrix-whatsapp` | `dock.mau.dev/mautrix/whatsapp:latest` | WhatsApp bridge |
+| `mautrix-gmessages` | `dock.mau.dev/mautrix/gmessages:latest` | Google Messages bridge |
+| `mautrix-slack` | `dock.mau.dev/mautrix/slack:latest` | Slack bridge |
+| `mautrix-discord` | `dock.mau.dev/mautrix/discord:latest` | Discord bridge |
+| `matrix-relay` | `matrix-matrix-relay` (local build) | Custom relay service |
+
+## Network Architecture
+
+All containers (except the Tailscale sidecar) communicate over a shared internal bridge network `matrix_matrix-internal` (`172.25.0.0/16`). No ports are exposed directly to the host — all external access goes through Tailscale on the `synapse` container.
+
+| Container | Internal IP |
+|---|---|
+| `synapse` | `172.25.0.2` |
+| `mautrix-discord` | `172.25.0.3` |
+| `mautrix-whatsapp` | `172.25.0.4` |
+| `mautrix-gmessages` | `172.25.0.5` |
+| `matrix-db` | `172.25.0.6` |
+| `matrix-relay` | `172.25.0.7` |
+| `mautrix-slack` | `172.25.0.8` |
+
+## Compose File
+**Path:** `/home/artanis/DockerFiles/Matrix/matrix/compose.yaml`
+
+```yaml
+services:
+  matrix-tailscale:
+    image: tailscale/tailscale:latest
+    container_name: matrix-tailscale
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun
+    volumes:
+      - matrix_tailscale_state:/var/lib/tailscale
+    environment:
+      - TS_AUTHKEY=<redacted>
+      - TS_HOSTNAME=matrix
+      - TS_STATE_DIR=/var/lib/tailscale
+    network_mode: "service:synapse"
+
+  matrix-db:
+    image: postgres:16-alpine
+    container_name: matrix-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: synapse
+      POSTGRES_PASSWORD: <redacted>
+      POSTGRES_DB: synapse
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/postgresdata:/var/lib/postgresql/data
+    networks:
+      - matrix-internal
+
+  synapse:
+    image: matrixdotorg/synapse:latest
+    container_name: synapse
+    restart: unless-stopped
+    depends_on:
+      - matrix-db
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/synapsedata:/data
+    networks:
+      - matrix-internal
+
+  mautrix-whatsapp:
+    image: dock.mau.dev/mautrix/whatsapp:latest
+    container_name: mautrix-whatsapp
+    restart: unless-stopped
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/whatsappdata:/data
+    networks:
+      - matrix-internal
+
+  mautrix-gmessages:
+    image: dock.mau.dev/mautrix/gmessages:latest
+    container_name: mautrix-gmessages
+    restart: unless-stopped
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/gmessagesdata:/data
+    networks:
+      - matrix-internal
+
+  mautrix-slack:
+    image: dock.mau.dev/mautrix/slack:latest
+    container_name: mautrix-slack
+    restart: unless-stopped
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/slackdata:/data
+    networks:
+      - matrix-internal
+
+  mautrix-discord:
+    image: dock.mau.dev/mautrix/discord:latest
+    container_name: mautrix-discord
+    restart: unless-stopped
+    volumes:
+      - /home/artanis/DockerFiles/Matrix/discorddata:/data
+    networks:
+      - matrix-internal
+    depends_on:
+      - matrix-db
+      - synapse
+
+  matrix-relay:
+    build:
+      context: ../
+      dockerfile: matrix_relay.Dockerfile
+    container_name: matrix-relay
+    restart: unless-stopped
+    networks:
+      - matrix-internal
+
+networks:
+  matrix-internal:
+    driver: bridge
+
+volumes:
+  matrix_tailscale_state:
+```
+
+## Data Layout
+
+| Path | Contents |
+|---|---|
+| `/home/artanis/DockerFiles/Matrix/postgresdata` | PostgreSQL data |
+| `/home/artanis/DockerFiles/Matrix/synapsedata` | Synapse config, media store |
+| `/home/artanis/DockerFiles/Matrix/whatsappdata` | WhatsApp bridge config/state |
+| `/home/artanis/DockerFiles/Matrix/gmessagesdata` | Google Messages bridge config/state |
+| `/home/artanis/DockerFiles/Matrix/slackdata` | Slack bridge config/state |
+| `/home/artanis/DockerFiles/Matrix/discorddata` | Discord bridge config/state |
+
+## Notes
+- The `matrix-relay` container is built from a local `matrix_relay.Dockerfile` located one directory up from the compose file (`/home/artanis/DockerFiles/Matrix/`)
+- Synapse does not expose any ports to the host — it is only reachable via the `matrix_matrix-internal` network and through Tailscale
+- The Tailscale sidecar attaches to `synapse`'s network namespace, so Synapse's internal ports (8008, 8448) become accessible at `matrix.bunny-wyvern.ts.net`