DoESLiverpool / somebody-should

A place to document practices on the wiki and collect issues/suggestions/to-do items for the physical space at DoES Liverpool
31 stars 11 forks source link

Set up a matrix server for the space #1509

Open MatthewCroughan opened 4 years ago

MatthewCroughan commented 4 years ago

If DoES should own its own cloud infrastructure as laid out in #18, I think a good thing to set up is a Matrix server for chatting. @Half-Shot and I discussed during maker-night tonight that we would not mind maintaining one running dendrite as the matrix server, and element-web as the frontend.

To do this, @johnmckerrell or @amcewen need to enact the following DNS changes for the doesliverpool.com domain:

A -> matrix.doesliverpool.com -> 95.216.177.99
CNAME -> chat.doesliverpool.com -> matrix.doesliverpool.com
MatthewCroughan commented 4 years ago

95.216.177.99 is a Hetzner floating IP that points to the following machine on Hetzner. This is part of a project folder that I have set up, that I am invoiced for. If anybody would like to be added to the Hetzner doesliverpool project, let me know the email you've signed up to Hetzner with.

image

Half-Shot commented 4 years ago

Had a chat last night and recommended we go with Synapse, as it: 1) has better support for scaling up 2) has all the features, even if it's a bit slower than Dendrite.

I also want to find out if anyone has any opinions about what they would look for in a collaboration software before we rush ahead with this. The system we are proposing is Matrix, which is essentially running your own Slack except that it support E2E encryption, and federates (so like email, you can talk to people on other instances).

EDIT:

I've found out that there is an existing Slack community. This could be good because we can easily bridge Matrix to Slack using https://github.com/matrix-org/matrix-appservice-slack/, which would allow folks who want to use one or the other without splitting people apart.

jcgruenhage commented 4 years ago

Hey there, just chiming in as someone who has experience on running matrix for a hackspace. We've been using matrix at Entropia e.V for close to 2 years now, and people have been using it more and more all the time. In the beginning we had some trouble with techies setting up their browsers weirdly (disabling all local storage and indexeddb and stuff like that), but the experience for most people has been pretty smooth.

Onboarding is a bit difficult, because we don't want public registration. Currently, we just give people accounts when they ask for them, manually registering them via SSH. I'm planning to write a tool that generates invite links and uses Synapses Admin API in the background to do the registering. If you're interested in that, I can ping you once that exists.

As for the CX11 instance you have there: If your users join big rooms, that might become problematic. @Half-Shot will know how to prevent that. We're using those same CX11 instances at work (Famedly GmbH), they are enough if there's not much federation traffic, but if you join bigger rooms with many servers, it'll be too small. Those instances are pretty trivial to scale up, so you can just start with a CX11 and scale up later if it becomes laggy.

As for deployment: We're using the synapse and element roles from the famedly.matrix ansible collection (source, galaxy) to deploy all the customer deployments at work, and also the deployment at Entropia. The Entropia deployment is on VM on a dedicated server at Hetzner (2 cores, 6GB mem), the work deployments are on Hetzner Cloud instances between CX11 and CX31.

If you have any questions, feel free to reach out!

jcgruenhage commented 4 years ago

Oh, forgot something! I'm also involved with a room of matrix admins in lots of other hackspaces in the CCC, and there's hacklab.fi, which loads of Finnish hackspaces use. In other words: There's way more hackspaces with positive experiences with matrix, which are still running it.

notorious-gay commented 4 years ago

Just as a +1 to this, I'd love to switch over to matrix as slack runs like a heap of flaming garbage on my system :P We could easily bridge this to the IRC channel as well (IIRC there's one somewhere), although the Hetzner address may not work for this as I know most IRC hosts blocked their entire ASN years back. Not sure if that's still the case though!

Let me know once we have something rolling and I'll connect up my clients :D

Half-Shot commented 4 years ago

@GlitchShtick Hey (I also maintain the matrix.org irc bridges & matrix-appservice-irc project)

If the irc channel is on freenode / oftc or one of the big ones we can likely use an existing bridge which would get around that issue. If not, I have connections with a few providers so we can get exemptions.

notorious-gay commented 4 years ago

Oh ace! Let me see if I can dig up the info, I don't use the IRC myself but I'm almost 100% sure I've seen one mentioned in the wiki or website.

johnmckerrell commented 4 years ago

It's freenode/#doesliverpool but gets even less traffic than the slack at the moment! (Now posting from the right GitHub account)

notorious-gay commented 4 years ago

Beat me to it! Just found it on the site, looks like it's not mentioned on the contact page that it only gets minimal use. I'll raise an issue after work, only a minor thing but will stop people seeing the lack of people in the channel and thinking we're no longer active. :+1:

amcewen commented 4 years ago

Two things:

  1. Currently this moves us further away from #18, not closer to it.
  2. What's the user need? (And how isn't that covered by the existing Slack, and how is anyone proposing resolving that? I'm against us having multiple places/services that serve basically the same function)
Half-Shot commented 4 years ago

So from matrix you could reach that by joining #freenode_#doesliverpool:matrix.org

Half-Shot commented 4 years ago

@amcewen So I think this directly addresses 1 because this would enable us to run our own service rather than relying on Slack to provide us a service. We could run this on a box in the space, or on a VPS, and give people access as needed. It's open source, so we can hack on it if need be.

To answer point 2:

These are the benefits off the top of my head. Some might matter more than others but I think everyone can find one thing in there that they would like.

jcgruenhage commented 4 years ago

One minor note: E2EE and bridges don't work together, so you have to choose between "secure, no data handed to third parties" and "not alienating people on other platforms". You could of course go with a hybrid approach, with some public channels bridged on all platforms, and some more sensitive channels, which are only on matrix, but with E2EE.

MatthewCroughan commented 4 years ago

@jcgruenhage

Onboarding is a bit difficult, because we don't want public registration.

I think we could enable public registration for a bit. If not, we can let people into Matrix the same way they get onto Github. Maybe people also get a Matrix account as part of their first issue and joining the space.

As for the CX11 instance you have there: If your users join big rooms, that might become problematic.

Hah! This is a problem even on my own instance which only serves me. My hope was that dendrite solves some of that. So maybe we should use it, if we're going to bridge everyone. Either way, I've just upgraded the node to a CX21.

@amcewen

Currently this moves us further away from #18, not closer to it.

I disagree, can you explain this a bit more? Setting up our own services moves us further away from it? How?

What's the user need? (And how isn't that covered by the existing Slack, and how is anyone proposing resolving that? I'm against us having multiple places/services that serve basically the same function)

We set it up, if people don't use it, then we shut it down. There's no harm in experimenting. I know @ajlennon has a matrix client installed on his phone, is a member of the AstralShip (who would also be able to join our room in a federated manner with THEIR matrix instance). It's yet another way to meet interesting people and encounter new situations.

MatthewCroughan commented 4 years ago

Additionally, as @Half-Shot has commented, the IoT functionality is a lot of fun. Bot building is simpler than on any other platform, with the possible exception of IRC (which normal people don't typically want to use). Slack will not be around forever. Discord will not be around forever. They will change their APIs in frustrating ways that discourage the building of applications for hackers like us.

As an example, it would be trivial to have a bot @coffeebot:doesliverpool.com as a member of our room. And why not the room of the @astralship so that they can also see whether the coffee is warm or hot when typing coffeebot status or something like this? Nobody would bother making such services for Discord or Slack because of the maintenance required keeping up to date with their proprietary, complex and constantly changing APIs.

MatthewCroughan commented 4 years ago

@amcewen I see the topic of #18 is

We should move to a model where DoES has its own hosting, etc. so more people can update things (and in case anyone gets run over by a bus).

I understand what you're saying. So can one of the @DoESLiverpool/directors set up a Hetzner account and set up a project named doesliverpool, buy a CX21 with backups enabled with a floating IP, giving @Half-Shot and I access to it. Then enact the DNS changes I've proposed in the opening comment of this issue?

Once that's done, DoES will have this service on their account, and it'll be identical to what we've so far setup. Just a few buttons to click to get into this state. Maybe #18 is not desirable in this context, since it means we have to annoy the 3 directors more than just asking for a DNS change to do this? Something to think about.

jcgruenhage commented 4 years ago

@MatthewCroughan

I think we could enable public registration for a bit. If not, we can let people into Matrix the same way they get onto Github. Maybe people also get a Matrix account as part of their first issue and joining the space.

That could be a bad idea, because there's been some abuse in the past, where people scraped the network for servers with open registration and created accounts for spam, but that might've become better.

Hah! This is a problem even on my own instance which only serves me. My hope was that dendrite solves some of that. So maybe we should use it, if we're going to bridge everyone. Either way, I've just upgraded the node to a CX21.

The number of users is nearly irrelevant as a metric, it's more about the amount of traffic it handles in total, which depends more on the rooms it's joined and their size.

MatthewCroughan commented 4 years ago

The number of users is nearly irrelevant as a metric, it's more about the amount of traffic it handles in total, which depends more on the rooms it's joined and their size.

@jcgruenhage Yes, even sending a message in a well peered room makes the CPU scream as it talks to everyone's homeserver.

That could be a bad idea

Yeah, let's not do that. We can however enable guest access. Might it also be possible to let people sign in with oauth, via services they already have accounts on like github/google ?

johnmckerrell commented 4 years ago

No we are not renting a server so that you can try something out when we already have a free service (or two) that no-one uses.

For the record I’m also somewhat against people registering @doesliverpool.com addresses as that could come across as being an official spokesperson. I registered does.social and used it for mastodon for a time but that’s expired and is fairly expensive, maybe as a community we can discuss our options and come up with something that would work.

John

On 23 Oct 2020, at 15:57, MatthewCroughan notifications@github.com wrote:

The number of users is nearly irrelevant as a metric, it's more about the amount of traffic it handles in total, which depends more on the rooms it's joined and their size.

@jcgruenhage https://github.com/jcgruenhage Yes, even sending a message in a well peered room makes the CPU scream as it talks to everyone's homeserver.

That could be a bad idea

Yeah, let's not do that. We can however enable guest access. Might it also be possible to let people sign in with oauth, via services they already have accounts on like github/google ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/DoESLiverpool/somebody-should/issues/1509#issuecomment-715394249, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAGU2YP5SEFXCFWYNKWT3TSMGKXLANCNFSM4S3XAQYA.

MatthewCroughan commented 4 years ago

@johnmckerrell

No we are not renting a server so that you can try something out

Well can I offer to pay for the service? You've put me in an impossible position of being unable to fulfill #18 if you do not allow me to pay for the service. And arguably me paying for it is also antithetical to the opening message of #18.

For the record I’m also somewhat against people registering @doesliverpool.com addresses as that could come across as being an official spokesperson.

I don't think that's true, or the nature of Matrix. They are not email addresses. They will come across as members of the space, just like how Github showing people as members of the DoESLiverpool organization doesn't give people the impression that they are official spokespersons of DoES at all.

MatthewCroughan commented 4 years ago

@johnmckerrell To add, I found out earlier that doesliverpool.chat would be available, it'd cost £2.25/month, basically the same price as Hetzner's cheapest VPS. Same conundrum as your doesliverpool.social idea. I think it's a bit silly to have to pay more only to have the subdomain we would choose flip flop between the left and right of the url, (subdomain vs tld) e.g social.does vs does.social or chat.does vs does.chat.

MatthewCroughan commented 4 years ago

Are we going anywhere with this? Is the answer no?

Half-Shot commented 4 years ago

+1 seems like we've not reached a decision here?

MatthewCroughan commented 3 years ago

It's freenode/#doesliverpool but gets even less traffic than the slack at the moment! (Now posting from the right GitHub account)

Now that Freenode is dead, would you like to do something cool here, or is the response still empty?

MatthewCroughan commented 3 years ago

Matrix just got a round of funding in the order of $30 million. https://matrix.org/blog/2021/07/27/element-raises-30-m-to-boost-matrix