Matrix: Difference between revisions
imported>Pacien add Quaternion to the list of clients |
imported>Symphorien add turn server example |
||
| Line 29: | Line 29: | ||
Currently, only the reference Matrix homeserver [https://matrix.org/docs/projects/server/synapse Synapse] is [https://nixos.org/nixos/packages.html?attr=matrix-synapse packaged] for NixOS. It has an associated module exposing the [https://nixos.org/nixos/options.html#services.matrix-synapse services.matrix-synapse.* options]. See [https://nixos.org/nixos/manual/index.html#module-services-matrix-synapse the NixOS manual entry] for a complete configuration example. | Currently, only the reference Matrix homeserver [https://matrix.org/docs/projects/server/synapse Synapse] is [https://nixos.org/nixos/packages.html?attr=matrix-synapse packaged] for NixOS. It has an associated module exposing the [https://nixos.org/nixos/options.html#services.matrix-synapse services.matrix-synapse.* options]. See [https://nixos.org/nixos/manual/index.html#module-services-matrix-synapse the NixOS manual entry] for a complete configuration example. | ||
===== Coturn with Synapse ===== | |||
For WebRTC calls to work when both callers are behind a NAT, you need to provide a turn server for clients to use. Here is an example configuration, inspired from [https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/templates/turnserver.conf.j2 this configuration file]. | |||
<syntaxhighlight lang="nix"> | |||
{config, pkgs, lib, ...}: { | |||
# enable coturn | |||
services.coturn = rec { | |||
enable = true; | |||
no-cli = true; | |||
no-tcp-relay = true; | |||
min-port = 49000; | |||
max-port = 50000; | |||
use-auth-secret = true; | |||
static-auth-secret = "will be world readable for local users :("; | |||
realm = "turn.example.com"; | |||
cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; | |||
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; | |||
extraConfig = '' | |||
# for debugging | |||
verbose | |||
# ban private IP ranges | |||
denied-peer-ip=10.0.0.0-10.255.255.255 | |||
denied-peer-ip=192.168.0.0-192.168.255.255 | |||
denied-peer-ip=172.16.0.0-172.31.255.255 | |||
denied-peer-ip=127.0.0.0-127.255.255.255 | |||
denied-peer-ip=224.0.0.0-224.255.255.255 | |||
denied-peer-ip=255.255.255.255-255.255.255.255 | |||
''; | |||
}; | |||
# open the firewall | |||
networking.firewall = { | |||
interfaces.enp2s0 = let | |||
range = with config.services.coturn; [ { | |||
from = min-port; | |||
to = max-port; | |||
} ]; | |||
in | |||
{ | |||
allowedUDPPortRanges = range; | |||
allowedUDPPorts = [ 3478 ]; | |||
allowedTCPPortRanges = range; | |||
allowedTCPPorts = [ 3478 ]; | |||
}; | |||
}; | |||
# get a certificate | |||
security.acme.certs.${config.services.coturn.realm} = { | |||
/* insert here the right configuration to obtain a certificate */ | |||
postRun = "systemctl restart coturn.service"; | |||
user = "turnserver"; | |||
group = "turnserver"; | |||
}; | |||
# configure synapse to point users to coturn | |||
services.matrix-synapse = with config.services.coturn; { | |||
turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; | |||
turn_shared_secret = static-auth-secret; | |||
turn_user_lifetime = "1h"; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
=== Application services (a.k.a. bridges) === | === Application services (a.k.a. bridges) === | ||
Revision as of 15:10, 30 December 2019
Matrix defines a set of open APIs for decentralised communication, suitable for securely publishing, persisting and subscribing to data over a global open federation of servers with no single point of control. Uses include Instant Messaging (IM), Voice over IP (VoIP) signalling, Internet of Things (IoT) communication, and bridging together existing communication silos - providing the basis of a new open real-time communication ecosystem.
Clients
Desktop clients
A few Matrix desktop clients are packaged for NixOS.
A Pidgin / libpurple plugin is also available.
Web clients
There is also a web version of Riot which can be served using a web server. See the NixOS manual entry.
Servers
Homeservers
Synapse
Currently, only the reference Matrix homeserver Synapse is packaged for NixOS. It has an associated module exposing the services.matrix-synapse.* options. See the NixOS manual entry for a complete configuration example.
Coturn with Synapse
For WebRTC calls to work when both callers are behind a NAT, you need to provide a turn server for clients to use. Here is an example configuration, inspired from this configuration file.
{config, pkgs, lib, ...}: {
# enable coturn
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "will be world readable for local users :(";
realm = "turn.example.com";
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=224.0.0.0-224.255.255.255
denied-peer-ip=255.255.255.255-255.255.255.255
'';
};
# open the firewall
networking.firewall = {
interfaces.enp2s0 = let
range = with config.services.coturn; [ {
from = min-port;
to = max-port;
} ];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ 3478 ];
};
};
# get a certificate
security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */
postRun = "systemctl restart coturn.service";
user = "turnserver";
group = "turnserver";
};
# configure synapse to point users to coturn
services.matrix-synapse = with config.services.coturn; {
turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
turn_shared_secret = static-auth-secret;
turn_user_lifetime = "1h";
};
}
Application services (a.k.a. bridges)
mautrix-telegram
Packaged as mautrix-telegram. Module still a WIP.
mautrix-whatsapp
Packaged as mautrix-whatsapp. Module still a WIP.
matrix-appservice-irc
Package and module still a WIP.
matrix-appservice-discord
Package and module still a WIP.