feat(matrix): add self-hosted Matrix infrastructure for GDPR compliance

Add complete Matrix/Synapse setup as Telegram bot alternative:

Docker configuration:
- Synapse homeserver (port 8008) with PostgreSQL backend
- Element Web client (port 8087) with ManaCore branding
- DSGVO-compliant data retention policies (1-365 days)
- Prometheus metrics endpoint for monitoring

Config files:
- docker/matrix/homeserver.yaml - Synapse configuration
- docker/matrix/log.config.yaml - Logging with rotation
- docker/matrix/element-config.json - Element Web settings

Scripts & docs:
- scripts/mac-mini/setup-matrix.sh - One-time initialization
- Updated health-check.sh with Matrix services
- Updated MAC_MINI_SERVER.md with Matrix documentation

https://claude.ai/code/session_01E3r5aFW3YLAhEJfsL2ryhv

docker/matrix/element-config.json

@@ -0,0 +1,47 @@
+{
+  "default_server_config": {
+    "m.homeserver": {
+      "base_url": "https://matrix.mana.how",
+      "server_name": "mana.how"
+    },
+    "m.identity_server": {
+      "base_url": ""
+    }
+  },
+  "brand": "ManaCore Chat",
+  "integrations_ui_url": "",
+  "integrations_rest_url": "",
+  "integrations_widgets_urls": [],
+  "disable_guests": true,
+  "disable_3pid_login": true,
+  "default_country_code": "DE",
+  "show_labs_settings": false,
+  "features": {
+    "feature_video_rooms": true,
+    "feature_group_calls": true,
+    "feature_thread": true
+  },
+  "room_directory": {
+    "servers": ["mana.how"]
+  },
+  "setting_defaults": {
+    "breadcrumbs": true,
+    "custom_themes": []
+  },
+  "default_theme": "dark",
+  "permalink_prefix": "https://element.mana.how",
+  "terms_and_conditions_links": [],
+  "privacy_policy_url": "https://mana.how/privacy",
+  "sso_redirect_options": {
+    "immediate": false
+  },
+  "posthog": {
+    "disabled": true
+  },
+  "sentry": {
+    "disabled": true
+  },
+  "bug_report_endpoint_url": "",
+  "help_url": "https://mana.how/help",
+  "help_encryption_url": "https://element.io/help#encryption"
+}

docker/matrix/homeserver.yaml

@@ -0,0 +1,190 @@
+# ManaCore Matrix Synapse Configuration
+# Documentation: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
+
+server_name: "mana.how"
+pid_file: /data/homeserver.pid
+public_baseurl: https://matrix.mana.how/
+
+# ============================================
+# Listeners
+# ============================================
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+
+# ============================================
+# Database (PostgreSQL)
+# ============================================
+
+database:
+  name: psycopg2
+  txn_limit: 10000
+  args:
+    user: synapse
+    password: "${SYNAPSE_DB_PASSWORD:-synapse-secure-password}"
+    database: matrix
+    host: postgres
+    port: 5432
+    cp_min: 5
+    cp_max: 10
+
+# ============================================
+# Logging
+# ============================================
+
+log_config: "/data/log.config.yaml"
+
+# ============================================
+# Media Storage
+# ============================================
+
+media_store_path: /data/media_store
+max_upload_size: 50M
+url_preview_enabled: true
+url_preview_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '192.0.0.0/24'
+  - '169.254.0.0/16'
+  - '198.18.0.0/15'
+  - '192.0.2.0/24'
+  - '198.51.100.0/24'
+  - '203.0.113.0/24'
+  - '224.0.0.0/4'
+  - '::1/128'
+  - 'fe80::/10'
+  - 'fc00::/7'
+  - '2001:db8::/32'
+  - 'ff00::/8'
+  - 'fec0::/10'
+
+# ============================================
+# Registration & Authentication
+# ============================================
+
+enable_registration: false
+enable_registration_without_verification: false
+
+# Password config
+password_config:
+  enabled: true
+  localdb_enabled: true
+  pepper: "${SYNAPSE_PASSWORD_PEPPER:-change-me-pepper}"
+
+# Session lifetime
+session_lifetime: 24h
+refresh_token_lifetime: 168h
+
+# ============================================
+# Rate Limiting
+# ============================================
+
+rc_message:
+  per_second: 5
+  burst_count: 20
+
+rc_registration:
+  per_second: 0.5
+  burst_count: 5
+
+rc_login:
+  address:
+    per_second: 0.5
+    burst_count: 5
+  account:
+    per_second: 0.5
+    burst_count: 5
+  failed_attempts:
+    per_second: 0.5
+    burst_count: 5
+
+# ============================================
+# Federation
+# ============================================
+
+# Allow federation with other Matrix servers
+federation_domain_whitelist: []
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+
+# ============================================
+# DSGVO / Data Retention
+# ============================================
+
+retention:
+  enabled: true
+  default_policy:
+    min_lifetime: 1d
+    max_lifetime: 365d
+  allowed_lifetime_min: 1d
+  allowed_lifetime_max: 365d
+  purge_jobs:
+    - longest_max_lifetime: 3d
+      interval: 12h
+    - shortest_max_lifetime: 365d
+      interval: 1d
+
+# Forgotten room retention
+forgotten_room_retention_period: 7d
+
+# ============================================
+# Security
+# ============================================
+
+signing_key_path: "/data/signing.key"
+
+form_secret: "${SYNAPSE_FORM_SECRET:-change-me-form-secret}"
+macaroon_secret_key: "${SYNAPSE_MACAROON_SECRET:-change-me-macaroon-secret}"
+registration_shared_secret: "${SYNAPSE_REGISTRATION_SECRET:-change-me-registration-secret}"
+
+# ============================================
+# Application Services (for Bots)
+# ============================================
+
+app_service_config_files: []
+
+# ============================================
+# Metrics & Telemetry
+# ============================================
+
+report_stats: false
+enable_metrics: true
+metrics_port: 9000
+
+# ============================================
+# Caching
+# ============================================
+
+caches:
+  global_factor: 0.5
+  per_cache_factors: {}
+  expire_caches: true
+  cache_entry_ttl: 30m
+
+# ============================================
+# Background Tasks
+# ============================================
+
+run_background_tasks_on: synapse
+
+# ============================================
+# Email (optional, for password reset)
+# ============================================
+
+# email:
+#   smtp_host: smtp-relay.brevo.com
+#   smtp_port: 587
+#   smtp_user: "${SMTP_USER}"
+#   smtp_pass: "${SMTP_PASSWORD}"
+#   require_transport_security: true
+#   notif_from: "ManaCore Matrix <noreply@mana.how>"

docker/matrix/log.config.yaml

@@ -0,0 +1,34 @@
+# Synapse Logging Configuration
+
+version: 1
+
+formatters:
+  precise:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    stream: 'ext://sys.stdout'
+
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: precise
+    filename: /data/logs/homeserver.log
+    when: midnight
+    backupCount: 7
+    encoding: utf8
+
+loggers:
+  synapse.storage.SQL:
+    level: WARNING
+
+  synapse.access.http.8008:
+    level: WARNING
+
+root:
+  level: INFO
+  handlers: [console, file]
+
+disable_existing_loggers: false