Add Cloudron packaging for Maubot

maubot-src/CLOUDRON.md

@@ -0,0 +1,74 @@
+# Maubot on Cloudron
+
+This package turns the upstream maubot repository into a Cloudron-ready app that ships with PostgreSQL, Cloudron SSO protection, and persistent storage under `/app/data`.
+
+## Prerequisites
+- Cloudron CLI `>=7.5`
+- Access to the Cloudron build service at `builder.docker.due.ren`
+- Repository checked out with the Cloudron packaging files (`CloudronManifest.json`, `Dockerfile`, `start.sh`, etc.)
+- Builder token `e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e`
+
+## Build
+Run all commands from the repository root so the Cloudron CLI picks up the Cloudron-specific `Dockerfile`.
+
+```bash
+cloudron build \
+  --set-build-service builder.docker.due.ren \
+  --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \
+  --set-repository andreasdueren/ente-cloudron \
+  --tag 0.1.0
+```
+
+This command uploads the build context to the remote builder, produces the Docker image `andreasdueren/ente-cloudron:0.1.0`, and keeps the build logs in your terminal. Do not wait more than 30 seconds after the build finishes before continuing to installation.
+
+## Deployment
+Install a fresh instance every time (do not use `cloudron update` during development):
+
+```bash
+cloudron install \
+  --location ente.due.ren \
+  --image andreasdueren/ente-cloudron:0.1.0
+```
+
+Once the dashboard reports the app as running, open `https://ente.due.ren` in your browser. Authentication is enforced via Cloudron’s OIDC flow (SSO). The maubot UI additionally requires its own credentials:
+
+- Username: `root`
+- Password: stored in `/app/data/.admin_password`
+
+Retrieve the generated password once via:
+
+```bash
+cloudron exec --app ente.due.ren -- cat /app/data/.admin_password
+```
+
+## Testing
+- Follow logs for both supervisor-managed processes:
+  ```bash
+  cloudron logs --app ente.due.ren -f
+  ```
+- Verify the health endpoint exposed by nginx:
+  ```bash
+  cloudron exec --app ente.due.ren -- curl -f http://127.0.0.1:3000/healthz
+  ```
+- Ensure database connectivity by checking the maubot UI (Settings → Databases) or by verifying that `/app/data/maubot.db` stays empty when PostgreSQL is active.
+
+## Troubleshooting
+- **Install hangs:** The Cloudron dashboard shows progress in real time. If it stalls for more than 30 seconds, check `cloudron logs --app ente.due.ren` for supervisor or nginx errors.
+- **SSO loops:** Confirm the app’s location matches the configured Cloudron origin and that `CLOUDRON_APP_ORIGIN` is reaching the container (visible in `/app/data/config.yaml` under `server.public_url`).
+- **Admin password lost:** Re-run the `cloudron exec ... cat /app/data/.admin_password` command. The file is persistent and backed up with the app’s data volume.
+- **Custom configuration:** Edit `/app/data/config.yaml`, then restart the app: `cloudron restart --app ente.due.ren`. The start script preserves existing values but will continue to enforce Cloudron-specific paths.
+
+## Configuration Examples
+- Switch the homeserver list:
+  ```bash
+  cloudron exec --app ente.due.ren -- \
+    yq -i '.homeservers."matrix.example".url = "https://matrix.example.org"' /app/data/config.yaml
+  ```
+- Override the crypto database (e.g., to stick with SQLite):
+  ```bash
+  cloudron exec --app ente.due.ren -- \
+    yq -i '.crypto_database = "sqlite:/app/data/crypto.db"' /app/data/config.yaml
+  ```
+- Plugin addons: the start script reads `CLOUDRON_POSTGRESQL_URL`, `CLOUDRON_MAIL_SMTP_*`, `CLOUDRON_OIDC_*`, and `CLOUDRON_LDAP_*` on each boot, and plugins can directly use `CLOUDRON_MYSQL_URL`, `CLOUDRON_MONGODB_URL`, or `CLOUDRON_REDIS_URL`. Inject overrides via the Cloudron dashboard’s **Environment** UI if specific plugins require external services.
+
+After making any manual change, always restart the app to allow the supervisor to pick up the modifications.