feat(matrix): add self-hosted Matrix infrastructure for GDPR compliance

Add complete Matrix/Synapse setup as Telegram bot alternative: Docker configuration: - Synapse homeserver (port 8008) with PostgreSQL backend - Element Web client (port 8087) with ManaCore branding - DSGVO-compliant data retention policies (1-365 days) - Prometheus metrics endpoint for monitoring Config files: - docker/matrix/homeserver.yaml - Synapse configuration - docker/matrix/log.config.yaml - Logging with rotation - docker/matrix/element-config.json - Element Web settings Scripts & docs: - scripts/mac-mini/setup-matrix.sh - One-time initialization - Updated health-check.sh with Matrix services - Updated MAC_MINI_SERVER.md with Matrix documentation https://claude.ai/code/session_01E3r5aFW3YLAhEJfsL2ryhv
2026-05-17 21:29:40 +02:00 · 2026-01-28 00:20:12 +00:00 · 2026-01-28 00:20:12 +00:00 · 3aa9e8608d
commit 3aa9e8608d
parent 28637dffc2
7 changed files with 490 additions and 0 deletions
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@ -748,6 +748,61 @@ services:
      retries: 3
      start_period: 40s

+  # ============================================
+  # Matrix Synapse (Homeserver) - DSGVO-konform
+  # ============================================
+
+  synapse:
+    image: matrixdotorg/synapse:latest
+    container_name: manacore-synapse
+    restart: always
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
+      TZ: Europe/Berlin
+      # Secrets (override in .env)
+      SYNAPSE_DB_PASSWORD: ${SYNAPSE_DB_PASSWORD:-synapse-secure-password}
+      SYNAPSE_PASSWORD_PEPPER: ${SYNAPSE_PASSWORD_PEPPER:-change-me-pepper}
+      SYNAPSE_FORM_SECRET: ${SYNAPSE_FORM_SECRET:-change-me-form-secret}
+      SYNAPSE_MACAROON_SECRET: ${SYNAPSE_MACAROON_SECRET:-change-me-macaroon-secret}
+      SYNAPSE_REGISTRATION_SECRET: ${SYNAPSE_REGISTRATION_SECRET:-change-me-registration-secret}
+    volumes:
+      - ./docker/matrix/homeserver.yaml:/data/homeserver.yaml:ro
+      - ./docker/matrix/log.config.yaml:/data/log.config.yaml:ro
+      - synapse_data:/data
+    ports:
+      - "8008:8008"
+      - "9000:9000"
+    healthcheck:
+      test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+  # ============================================
+  # Element Web (Matrix Client)
+  # ============================================
+
+  element-web:
+    image: vectorim/element-web:latest
+    container_name: manacore-element
+    restart: always
+    depends_on:
+      synapse:
+        condition: service_healthy
+    volumes:
+      - ./docker/matrix/element-config.json:/app/config.json:ro
+    ports:
+      - "8087:80"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
  # ============================================
  # Auto-Update (Watchtower)
  # ============================================
@ -786,3 +841,5 @@ volumes:
    name: manacore-grafana
  n8n_data:
    name: manacore-n8n
+  synapse_data:
+    name: manacore-synapse