# Maubot on Cloudron This package turns the upstream maubot repository into a Cloudron-ready app that ships with PostgreSQL, Cloudron SSO protection, and persistent storage under `/app/data`. ## Prerequisites - Cloudron CLI `>=7.5` - Access to the Cloudron build service at `builder.docker.due.ren` - Repository checked out with the Cloudron packaging files (`CloudronManifest.json`, `Dockerfile`, `start.sh`, etc.) - Builder token `e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e` ## Build Run all commands from the repository root so the Cloudron CLI picks up the Cloudron-specific `Dockerfile`. ```bash cloudron build \ --set-build-service builder.docker.due.ren \ --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \ --set-repository andreasdueren/ente-cloudron \ --tag 0.1.0 ``` This command uploads the build context to the remote builder, produces the Docker image `andreasdueren/ente-cloudron:0.1.0`, and keeps the build logs in your terminal. Do not wait more than 30 seconds after the build finishes before continuing to installation. ## Deployment Install a fresh instance every time (do not use `cloudron update` during development): ```bash cloudron install \ --location ente.due.ren \ --image andreasdueren/ente-cloudron:0.1.0 ``` Once the dashboard reports the app as running, open `https://ente.due.ren` in your browser. Authentication is enforced via Cloudron’s OIDC flow (SSO). The maubot UI additionally requires its own credentials: - Username: `root` - Password: stored in `/app/data/.admin_password` Retrieve the generated password once via: ```bash cloudron exec --app ente.due.ren -- cat /app/data/.admin_password ``` ## Testing - Follow logs for both supervisor-managed processes: ```bash cloudron logs --app ente.due.ren -f ``` - Verify the health endpoint exposed by nginx: ```bash cloudron exec --app ente.due.ren -- curl -f http://127.0.0.1:3000/healthz ``` - Ensure database connectivity by checking the maubot UI (Settings → Databases) or by verifying that `/app/data/maubot.db` stays empty when PostgreSQL is active. ## Troubleshooting - **Install hangs:** The Cloudron dashboard shows progress in real time. If it stalls for more than 30 seconds, check `cloudron logs --app ente.due.ren` for supervisor or nginx errors. - **SSO loops:** Confirm the app’s location matches the configured Cloudron origin and that `CLOUDRON_APP_ORIGIN` is reaching the container (visible in `/app/data/config.yaml` under `server.public_url`). - **Admin password lost:** Re-run the `cloudron exec ... cat /app/data/.admin_password` command. The file is persistent and backed up with the app’s data volume. - **Custom configuration:** Edit `/app/data/config.yaml`, then restart the app: `cloudron restart --app ente.due.ren`. The start script preserves existing values but will continue to enforce Cloudron-specific paths. ## Configuration Examples - Switch the homeserver list: ```bash cloudron exec --app ente.due.ren -- \ yq -i '.homeservers."matrix.example".url = "https://matrix.example.org"' /app/data/config.yaml ``` - Override the crypto database (e.g., to stick with SQLite): ```bash cloudron exec --app ente.due.ren -- \ yq -i '.crypto_database = "sqlite:/app/data/crypto.db"' /app/data/config.yaml ``` - Plugin addons: the start script reads `CLOUDRON_POSTGRESQL_URL`, `CLOUDRON_MAIL_SMTP_*`, `CLOUDRON_OIDC_*`, and `CLOUDRON_LDAP_*` on each boot, and plugins can directly use `CLOUDRON_MYSQL_URL`, `CLOUDRON_MONGODB_URL`, or `CLOUDRON_REDIS_URL`. Inject overrides via the Cloudron dashboard’s **Environment** UI if specific plugins require external services. After making any manual change, always restart the app to allow the supervisor to pick up the modifications.