Inanis_Vault/21-Server Reference/homelab/stacks/matrix.md

# Matrix

Self-hosted Matrix homeserver (Synapse) with multiple messaging bridges.

## Access
- **Tailscale:** `matrix.bunny-wyvern.ts.net` (Synapse homeserver)

## Containers

| Container | Image | Role |
|---|---|---|
| `synapse` | `matrixdotorg/synapse:latest` | Matrix homeserver |
| `matrix-db` | `postgres:16-alpine` | PostgreSQL database |
| `matrix-tailscale` | `tailscale/tailscale:latest` | Tailscale node (shares synapse network) |
| `mautrix-whatsapp` | `dock.mau.dev/mautrix/whatsapp:latest` | WhatsApp bridge |
| `mautrix-gmessages` | `dock.mau.dev/mautrix/gmessages:latest` | Google Messages bridge |
| `mautrix-slack` | `dock.mau.dev/mautrix/slack:latest` | Slack bridge |
| `mautrix-discord` | `dock.mau.dev/mautrix/discord:latest` | Discord bridge |
| `matrix-relay` | `matrix-matrix-relay` (local build) | Custom relay service |

## Network Architecture

All containers (except the Tailscale sidecar) communicate over a shared internal bridge network `matrix_matrix-internal` (`172.25.0.0/16`). No ports are exposed directly to the host — all external access goes through Tailscale on the `synapse` container.

| Container | Internal IP |
|---|---|
| `synapse` | `172.25.0.2` |
| `mautrix-discord` | `172.25.0.3` |
| `mautrix-whatsapp` | `172.25.0.4` |
| `mautrix-gmessages` | `172.25.0.5` |
| `matrix-db` | `172.25.0.6` |
| `matrix-relay` | `172.25.0.7` |
| `mautrix-slack` | `172.25.0.8` |

## Compose File
**Path:** `/home/artanis/DockerFiles/Matrix/matrix/compose.yaml`

```yaml
services:
  matrix-tailscale:
    image: tailscale/tailscale:latest
    container_name: matrix-tailscale
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - matrix_tailscale_state:/var/lib/tailscale
    environment:
      - TS_AUTHKEY=<redacted>
      - TS_HOSTNAME=matrix
      - TS_STATE_DIR=/var/lib/tailscale
    network_mode: "service:synapse"

  matrix-db:
    image: postgres:16-alpine
    container_name: matrix-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: <redacted>
      POSTGRES_DB: synapse
    volumes:
      - /home/artanis/DockerFiles/Matrix/postgresdata:/var/lib/postgresql/data
    networks:
      - matrix-internal

  synapse:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    restart: unless-stopped
    depends_on:
      - matrix-db
    volumes:
      - /home/artanis/DockerFiles/Matrix/synapsedata:/data
    networks:
      - matrix-internal

  mautrix-whatsapp:
    image: dock.mau.dev/mautrix/whatsapp:latest
    container_name: mautrix-whatsapp
    restart: unless-stopped
    volumes:
      - /home/artanis/DockerFiles/Matrix/whatsappdata:/data
    networks:
      - matrix-internal

  mautrix-gmessages:
    image: dock.mau.dev/mautrix/gmessages:latest
    container_name: mautrix-gmessages
    restart: unless-stopped
    volumes:
      - /home/artanis/DockerFiles/Matrix/gmessagesdata:/data
    networks:
      - matrix-internal

  mautrix-slack:
    image: dock.mau.dev/mautrix/slack:latest
    container_name: mautrix-slack
    restart: unless-stopped
    volumes:
      - /home/artanis/DockerFiles/Matrix/slackdata:/data
    networks:
      - matrix-internal

  mautrix-discord:
    image: dock.mau.dev/mautrix/discord:latest
    container_name: mautrix-discord
    restart: unless-stopped
    volumes:
      - /home/artanis/DockerFiles/Matrix/discorddata:/data
    networks:
      - matrix-internal
    depends_on:
      - matrix-db
      - synapse

  matrix-relay:
    build:
      context: ../
      dockerfile: matrix_relay.Dockerfile
    container_name: matrix-relay
    restart: unless-stopped
    networks:
      - matrix-internal

networks:
  matrix-internal:
    driver: bridge

volumes:
  matrix_tailscale_state:
```

## Data Layout

| Path | Contents |
|---|---|
| `/home/artanis/DockerFiles/Matrix/postgresdata` | PostgreSQL data |
| `/home/artanis/DockerFiles/Matrix/synapsedata` | Synapse config, media store |
| `/home/artanis/DockerFiles/Matrix/whatsappdata` | WhatsApp bridge config/state |
| `/home/artanis/DockerFiles/Matrix/gmessagesdata` | Google Messages bridge config/state |
| `/home/artanis/DockerFiles/Matrix/slackdata` | Slack bridge config/state |
| `/home/artanis/DockerFiles/Matrix/discorddata` | Discord bridge config/state |

## Matrix Relay

`matrix-relay` is a small custom Python/Flask app. Its purpose is to receive Matrix push notifications and forward them to Home Assistant via webhook.

- **Source:** `/home/artanis/DockerFiles/Matrix/matrix_relay.py`
- **Dockerfile:** `/home/artanis/DockerFiles/Matrix/matrix_relay.Dockerfile`
- **Listens on:** port `5101` (internal only)
- **Forwards to:** `https://homeassistant.bunny-wyvern.ts.net/api/webhook/artanis_matrix_push`
- **Stack rebuild docs:** check `/home/artanis/DockerFiles/Matrix/` for any additional docs

To rebuild the image after source changes:
```bash
cd /home/artanis/DockerFiles/Matrix/matrix
docker compose build matrix-relay
docker compose up -d matrix-relay
```

## Notes
- Synapse does not expose any ports to the host — it is only reachable via the `matrix_matrix-internal` network and through Tailscale
- The Tailscale sidecar attaches to `synapse`'s network namespace, so Synapse's internal ports (8008, 8448) become accessible at `matrix.bunny-wyvern.ts.net`