====== Matrix - 2. Testinstallation ======

==== Basis Server Security ====
  * IPv4: 88.99.87.88 
  * IPv6: 2a01:4f8:c17:b5ca::1
  * create admin user, change ssh port, deny root to logon only allow admi
  * make admin sudo and exec rights: usermod -a -G sudo  admin && chsh -s /bin/bash admin
  * Logon with admin:
 <code>
  sudo apt update && sudo apt upgrade -y
  sudo apt install -y git htop mc vnstat vnstati
  sudo apt install ufw
  sudo ufw allow 10022
  sudo ufw enable
  sudo ufw status verbose
 </code>
  
  * [Install nginx and adjust Firewall](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-debian-10)
 <code>
  sudo apt update
  sudo apt install nginx
  sudo ufw app list
  sudo ufw allow 'Nginx HTTP'
  sudo ufw allow 'Nginx HTTPS'
 </code>
  * check Nginx+ firewall
 <code>
  sudo ufw status
  systemctl status nginx
  ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
 </code>
  * Test: Logon via Browser to IP

==== Ngnix ====
  * Configure Nginx
 <code>
  cd /etc/nginx/sites-available
  sudo nano matrix.sternenlabor.de
  sudo nano chat.sternenlabor.de
  cd /etc/nginx/sites-enabled
  sudo ln -s ../sites-available/matrix.sternenlabor.de matrix.sternenlabor.de
  sudo ln -s ../sites-available/chat.sternenlabor.de chat.sternenlabor.de
  service nginx reload

 </code>

==== Matrix ====  
  * Install and configure Matrix
 <code>
    sudo apt install -y lsb-release wget apt-transport-https
    sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
    echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/matrix-org.list
    sudo apt update
    sudo apt install -y matrix-synapse-py3      # Server name matrix.sternenlabor.de
    sudo apt install -y python3-certbot-nginx
    sudo certbot --nginx -d matrix.sternenlabor.de -m kontakt@sternenlabor.de
    cd /etc/matrix-synapse/
    sudo nano homeserver.yaml
      enable_registration: true  
      domain: matrix.sternenlabor.de    
    sudo systemctl restart matrix-synapse
 </code>

==== Element ====  
  * Install & Configure Element
 <code>   
  cd /var/www
  sudo mkdir chat.sternenlabor.de
  cd /var/www/chat.sternenlabor.de
  sudo wget https://github.com/vector-im/element-web/releases/download/v1.7.22/element-v1.7.22.tar.gz
  sudo tar -zxvf element-v1.7.22.tar.gz
  sudo ln -s element-v1.7.22 element
  sudo certbot --nginx -d chat.sternenlabor.de -m kontakt@sternenlabor.de
  cd /var/www/chat.sternenlabor.de/element
  sudo cp config.sample.json config.json
  sudo nano config.json
      "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.sternenlabor.de",                                                                                         "server_name": "sternenlabor.de"                                                                                                                                                        },
  service nginx reload
 </code>
  
==== Postgres ====  
  * Postgres installation and configuration
 <code> 
  sudo apt install -y postgresql libpq5
  sudo -u postgres bash   # --> **PW: ******
  psql
    CREATE DATABASE synapse ENCODING 'UTF8'  LC_COLLATE='C' LC_CTYPE='C' template=template0  OWNER synapse_user;
 </code>
  * Test
      * List databases: `\l`   - ok
      * Connect to database `\c synapse`   -ok
      * List tables `\dt`   - ok, no tables yet
  * find `hba_file.conf`
    * `sudo -u postgres bash`
    * `psql -t -P format=unaligned -c 'show hba_file';`
    * --> `/etc/postgresql/11/main/pg_hba.conf`
  * `nano /etc/postgresql/11/main/pg_hba.conf`
    * add: `host    synapse     synapse_user    ::1/128     md5` 
  * sudo nano /etc/matrix-synapse/homeserver.yaml
      database:
        name: psycopg2
        args:
          user: synapse_user
          password: ************
          database: synapse
          host: localhost
          cp_min: 5
          cp_max: 10
  * sudo systemctl restart matrix-synapse    
  
  
    + sudo ufw allow 8448
  + sudo nano /var/www/chat.sternenlabor.de/element/config.json
     "disable_custom_urls": true,    
     "brand": "Sternenlabor Matrix",   
     "defaultCountryCode": "DE",  
     "roomDirectory": {
        "servers": [
            "matrix.sternenlabor.de",
            "matrix.eigenbaukombinat.de",
            "matrix.fablabchemnitz.de",
            "matrix.org"
        ]
     "jitsi": {
        "preferredDomain": "videochat.sternenlabor.de"    
  + sudo service nginx reload
  + sudo nano /etc/matrix-synapse/homeserver.yaml
    enable_group_creation = true


+ Metrics
  + configure Synapse
  + `sudo nano /etc/matrix-synapse/homeserver.yaml` --> add listener and enable metrics
    enable_metrics: true  
    listeners:
      - type: metrics
        port: 9000
        bind_addresses:
          - '0.0.0.0'
  + `systemctl restart matrix-synapse`
  + sudo ufw allow 9000     # -> metrics port
  + Test: http://88.99.87.88:9000/_synapse/metrics
  
  + ToDo next: 
    + Metrics Aktivieren
    + Federation
    + Branding 
    + Finuetuning Matrix, Element, Postgress
    + Security: Captcha, Fail2Ban
    + Prometheus auf dedizierter Server oder später auf CloudServer
    + Idee für später: LoadBalancer einrichten und DB auf Volume verschieben,