Add Matrix to NethForge #7723
Description
Matrix should be added to NethForge. It could be used as a chat module for NethVoice.
Proposed solution
Add all needed features to the app and publish to NethForge.
Alternative solutions
Use mattermost or ejabberd as NethVoice chat module
Additional context
What needs to be added to the Matrix app:
-
Secrets & configuration management
- Avoid hardcoded secrets (README already flags synapse-secret). Implement secure secret storage patterns (Kubernetes secrets / Vault / module secret store) and document them.
- Provide examples and migration steps for operators to rotate/recreate secrets.
-
Production-grade persistence and migrations
- Replace Sqlite with Postgres for Synapse (and Dex if currently using Sqlite). Provide migration scripts and guidance.
-
Identity provider completeness
- Add Dex AD-specific configuration and test coverage for Active Directory along with LDAP (which is already implemented)
- Enable password grants con Dex to allow remote authentication from command line https://dexidp.io/docs/configuration/oauth2/
- Export additional LDAP attributes (preferred username, groups) to Synapse claims; add group-to-role mapping if needed.
- Implement configurable claim mapping and collision resolution policies for SSO.
-
Operator-only SSO configuration and mapping (this can be pushed to a future release, but we should take it into account during implementation)
- Implement non-UI operator configuration for external OIDC providers (Authentik/other) and a clear mapping strategy from claims to Matrix localpart/displayname.
-
Clients selection and defaults
- Make Element optional and ensure default Element configuration allows direct access to the local homeserver (and disables registration/remote defaults).
- Add Cinny as alternative client. Keep client choice configurable in the module.
-
Clone / Move / Backup / Restore
- Define backup & restore for DB, media store, homeserver config, registration and E2E keys (including guidance for encrypted backups of E2E keys).
- Implement Clone / Move
-
UI module enhancements
- NS8 UI needs fields for: synapse domain(s), element domain, Let’s Encrypt toggle and email, user domain selection, client selection (None/Element/Cinny), SSO enabled flag (operator-only), and backup/restore + clone controls.
-
Tests, CI, and QA
- Integrate Robot Framework tests (and lightweight smoke tests) into CI: start module, run health checks, LDAP login, OIDC login, basic messaging, backup/restore smoke.
- Add unit/integration checks for configuration validation and secret handling.
- Produce a QA playbook for manual release verification.
-
Deployment images and registry
- Ensure build-images.sh and imageroot produce reproducible images and that a release pipeline pushes tagged images to GHCR (or chosen registry) with stable tags for Forge compatibility.
-
Documentation and operator guides
- Expand README into an operator guide: install, configure (dex LDAP/AD examples), enable external SSO, backup/restore, clone/import, client options, troubleshooting, and security notes about E2E keys.
- Add a manual page
-
Internationalization / translations
- README references Weblate. Ensure UI strings are prepared and connected to Weblate
-
Versioning and dependency pinning
- Pin Synapse, Dex, Element (or Cinny) versions and document upgrade path. Add compatibility notes for NS8 and dependencies.
- Configure renovate
See also
Thanks to @gsanchietti for the work on the app.