This document is a tutorial for preparing Synology DSM for the installation of the Matrix Docker Ansible Deploy project. It is intended for users who are already familiar with DSM, SSH, and Matrix Docker Ansible Deploy project. Please ensure you understand each step before executing commands or making configuration changes.
Control Panel
> Terminal & SNMP
> Enable SSH service
Control Panel
> User & User Group
> Enable user home service
Container Manager
from Package Center
Web Station
(may not be needed).matrix
. Control Panel
> Login Portal
> Advanced
> Reverse Proxy
Below is one of the examples
HTTPS
element.example.com
443
HTTP
localhost
81
Control Panel
> Task Scheduler
> Create
> Trigered Task
Bootup_Matrix(Free Text)
root
boot-up
mount --make-shared /volume1
ln -s /usr/local/lib/systemd/system/pkg-ContainerManager-dockerd.service /etc/systemd/system/docker.service
systemctl daemon-reload
Shutdown_Matrix(Free Text)
root
Shutdown
rm /etc/systemd/system/docker.service
mkdir ~/path/to/your/project/folder
cd ~/path/to/your/project/folder
requests
package
# create virtual environment
python -m venv ./myenv
# activate created environment
source ./myenv/bin/activate
# (optional) you don't have to upgrade your pip
python -m pip install --upgrade pip
pip install requests==2.31.0
3. Create docker service alias. If you don't remove this symbolic link, DSM will prompt you to repair Container Manager every time DSM restarts. That's why we need to create `Shutdown` scheduler task to remove link and rebuild it during `Bootup`.
```Shell
sudo ln -s /usr/local/lib/systemd/system/pkg-ContainerManager-dockerd.service /usr/local/lib/systemd/system/docker.service
sudo systemctl daemon-reload
# checking service status, you should be able to see it running.
sudo systemctl status docker
# please execute below code to remove the link if you want.
# sudo rm /usr/local/lib/systemd/system/docker.service
Mount Volume for matrix-synapse.service
sudo mount --make-shared /volume1
check the user id and group id for matrix
user
id matrix
# The output will be: uid=1027(matrix) gid=100(users) groups=100(users),65536(matrix)
# 1027 is the uid and 65536 is the gid
Add custom ansible python interpreter (absolute path of your python) to your hosts file.
# Below command is used for SSH key authentication and reference only.
matrix.<domain> ansible_host=<your-dsm-ip> ansible_ssh_user=<dsm-ssh-user> ansible_python_interpreter=/absolute-path-to-your-python-virtual-env/bin/python ansible_sudo_pass='your-password'
Modified your vars.yml
file accordingly. The reverse proxy configuration provided has been tested and works. Only change it if you know what you are doing.
# Synology Tailored Parameters:
# please change based on your actual username and path.
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
matrix_user_uid: 1027
matrix_user_gid: 65536
matrix_base_data_path: "/volume2/docker/matrix"
# don't change this. And it only works on DSM7
devture_systemd_docker_base_host_command_docker: "/usr/local/bin/docker"
devture_timesync_ntpd_service: "chronyd"
matrix_playbook_docker_installation_enabled: false
# Ensure that public urls use https
matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.0.1:8449'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# Or, if you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interfaces:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition above
# - uncomment and adjust the line below
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Likewise (to `devture_traefik_container_web_host_bind_port` above),
# if your reverse-proxy runs on another machine, consider changing the `host_bind_port` setting below.
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
# config:
# forwardedHeaders:
# insecure: true
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
ansible-playbook -i inventory/hosts setup.yml --tags=stop
### Create Matrix user
Don't know why I can't create the user from the Ansible playbook. I didn't pay too much attention on troubleshooting the issue. Below is the command I used to create any Matrix user.
```Shell
# Please execute it from DSM SSH session
sudo docker exec -it matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u your_user_name -p your_password