129 lines
5.1 KiB
Markdown
129 lines
5.1 KiB
Markdown
#Installatie:
|
|
You only need to expose port 443 (HTTPS) on your public IP.
|
|
All Matrix client communication and server-to-server federation is done over HTTPS.
|
|
|
|
Dus ingressroute van entrypoint 443 naar poort 8008 is voldoende.
|
|
Je hoeft niks open te zetten op de internet router
|
|
|
|
#configuratie STUN & TURN:
|
|
|
|
als je de container directory "data" mount op een pvc dan vind je daar de bestanden:
|
|
|
|
homeserver.db homeserver.db-wal matrix-lp.allarddcs.nl.log.config media_store
|
|
homeserver.db-shm homeserver.yaml matrix-lp.allarddcs.nl.signing.key
|
|
|
|
homeserver.yaml bevat:
|
|
|
|
turn_uris:
|
|
- "turn:coturn-lp.allarddcs.nl:3478?transport=udp"
|
|
- "turn:coturn-lp.allarddcs.nl:3478?transport=tcp"
|
|
stun_uris:
|
|
- "stun:stun.l.google.com:19302"
|
|
- "stun:stun1.l.google.com:19302"
|
|
- "stun:stun2.l.google.com:19302"
|
|
|
|
#registratie admin:
|
|
|
|
kubectl exec -it matrix-644984f6b7-d7jcp -n matrix -- register_new_matrix_user http://localhost:8008 -u admin -p Matrix01@ \
|
|
-a -k f0hE.OTU8UXQ44yIHPWtO+8CKhM-b:QZNngk_qhE8EvgmP-3h@
|
|
|
|
#registratie gewone gebruiker:
|
|
|
|
kubectl exec -it matrix-644984f6b7-d7jcp -n matrix -- register_new_matrix_user http://localhost:8008 -u diederick -p Matrix01@ \
|
|
--no-admin -k f0hE.OTU8UXQ44yIHPWtO+8CKhM-b:QZNngk_qhE8EvgmP-3h@
|
|
|
|
#algemeen:
|
|
|
|
usage: register_new_matrix_user [-h] [-u USER] [--exists-ok] [-p PASSWORD | --password-file PASSWORD_FILE] [-t USER_TYPE] [-a | --no-admin] (-c CONFIG | -k SHARED_SECRET)
|
|
[server_url]
|
|
|
|
Used to register new users with a given homeserver when registration has been disabled. The homeserver must be configured with
|
|
the 'registration_shared_secret' option set.
|
|
|
|
positional arguments:
|
|
server_url URL to use to talk to the homeserver. By default, tries to find a suitable URL from the configuration
|
|
file. Otherwise, defaults to 'http://localhost:8008'.
|
|
|
|
options:
|
|
-h, --help show this help message and exit
|
|
-u USER, --user USER Local part of the new user. Will prompt if omitted.
|
|
--exists-ok Do not fail if user already exists.
|
|
-p PASSWORD, --password PASSWORD
|
|
New password for user. Will prompt for a password if this flag and `--password-file` are both omitted.
|
|
--password-file PASSWORD_FILE
|
|
File containing the new password for user. If set, will override `--password`.
|
|
-t USER_TYPE, --user_type USER_TYPE
|
|
User type as specified in synapse.api.constants.UserTypes
|
|
-a, --admin Register new user as an admin. Will prompt if --no-admin is not set either.
|
|
--no-admin Register new user as a regular user. Will prompt if --admin is not set either.
|
|
-c CONFIG, --config CONFIG
|
|
Path to server config file. Used to read in shared secret.
|
|
-k SHARED_SECRET, --shared-secret SHARED_SECRET
|
|
Shared secret as defined in server config file.
|
|
#COTURN:
|
|
|
|
#check udp:
|
|
|
|
nc -zvu coturn-lp.allarddcs.nl 3478
|
|
nc -zv coturn-lp.allarddcs.nl 3478
|
|
nc -zv coturn-lp.allarddcs.nl 5349
|
|
|
|
#checken certificaat:
|
|
kubectl describe secret coturn-cert -n matrix
|
|
|
|
#HOOKSHOT
|
|
|
|
|
|
#passkey genereren en in secret zetten. Passkey wordt gebruikt om andere sleutels versleuteld op te slaan.
|
|
|
|
openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096
|
|
kubectl -n matrix create secret generic hookshot-passkey --from-file=passkey.pem
|
|
|
|
#opvragen access token:
|
|
|
|
curl -X POST "https://matrix-lp.allarddcs.nl/_matrix/client/v3/login" -H "Content-Type: application/json" -d '{
|
|
"type": "m.login.password",
|
|
"user": "admin",
|
|
"password": "Matrix01@"
|
|
}'
|
|
|
|
syt_YWRtaW4_laSGClQJFMQNKKjqyfVj_1XLp4x
|
|
|
|
#room aanmaken:
|
|
|
|
curl -k -X POST \
|
|
-H "Authorization: Bearer syt_YWRtaW4_bUqQKyFkonSgjkghnuxY_4IsleV" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"name":"harbor","preset":"private_chat"}' \
|
|
"https://matrix-lp.allarddcs.nl/_matrix/client/v3/createRoom"
|
|
|
|
{"room_id":"!AmeLKsUWrKBIkosFbY:matrix-lp.allarddcs.nl"}
|
|
|
|
#toevoegen hookshot bot aan room:
|
|
|
|
curl -X POST \
|
|
-H "Authorization: Bearer syt_YWRtaW4_bUqQKyFkonSgjkghnuxY_4IsleV" \
|
|
-H "Content-Type: application/json" \
|
|
"https://matrix-lp.allarddcs.nl/_synapse/admin/v1/join/AmeLKsUWrKBIkosFbY:matrix-lp.allarddcs.nl" \
|
|
-d '{
|
|
"user_id": "@hookshot:matrix-lp.allarddcs.nl"
|
|
}'
|
|
|
|
Opmerking: doordat de bot is toegevoegd wordt de status van de room veranderd in: gemanaged door de appservice.
|
|
Daardoor kun je de room niet publiceren en ook geen leden uitnodigen.
|
|
|
|
#toevoegen allardhook aan room:
|
|
|
|
curl -k -X POST -H "Authorization: Bearer $ACCESS_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
"https://matrix-lp.allarddcs.nl/_synapse/admin/v1/join/!BPcyrRUfYdBJrFVdlV:matrix-lp.allarddcs.nl" \
|
|
-d '{
|
|
"user_id": "@allard:matrix-lp.allarddcs.nl"
|
|
}'
|
|
|
|
#herstarten hookshot
|
|
|
|
#transformationFunction in state-event schrijven:
|
|
|
|
curl -k -X PUT -H "Authorization: Bearer $ACCESS_TOKEN" -H "Content-Type: application/json" "https://matrix-lp.allarddcs.nl/_matrix/client/r0/rooms/!BPcyrRUfYdBJrFVdlV:matrix-lp.allarddcs.nl/state/uk.half-shot.matrix-hookshot.generic.hook/generic-1" -d @harbor-webhook.json
|