titan-iac/services/comms/NOTES.md

# services/comms/NOTES.md

Purpose: Matrix + Element + LiveKit stack for Othrys (live.bstein.dev).

Core flow
- Matrix Authentication Service (MAS) handles login/SSO and issues Matrix access tokens.
- Synapse is the homeserver; MAS fronts login, Synapse serves client/server APIs.
- Element Web provides the main UI; Element Call embeds LiveKit for group video.
- LiveKit handles SFU media; Coturn provides TURN for NAT traversal.
- matrix-guest-register provides guest accounts + guest sessions (no Keycloak).

Operational jobs
- mas-db-ensure-job: ensures MAS database role/database + secret in comms.
- comms-secrets-ensure-job: creates runtime secrets (TURN, LiveKit, Synapse, atlasbot).
- synapse-signingkey-ensure-job: ensures Synapse signing key secret.
- synapse-seeder-admin-ensure-job: ensures Synapse admin user exists.
- synapse-user-seed-job: seeds atlasbot + othrys-seeder users/passwords.
- mas-local-users-ensure-job: ensures MAS local users exist (seeder/bot).
- seed-othrys-room: (suspended) creates Othrys + joins locals.
- reset-othrys-room: one-off room reset + pin invite.
- pin-othrys-invite: (suspended) pin invite message if missing.
- guest-name-randomizer: renames numeric/guest users to adj-noun names.
- bstein-force-leave: one-off room leave cleanup.

Manual re-runs
- Bump the job name suffix (e.g., reset-othrys-room-9) to re-run a one-off job.
- Unsuspend a CronJob only when needed; re-suspend after completion.

Ports
- Traefik (HTTPS) via LB on 192.168.22.9.
- Coturn LB on 192.168.22.5 (3478/5349 + UDP range).
- LiveKit LB on 192.168.22.6 (7880/7881/7882/7883).
comms: tidy stack and guest naming 2026-01-08 05:34:03 -03:00			`# services/comms/NOTES.md`

			`Purpose: Matrix + Element + LiveKit stack for Othrys (live.bstein.dev).`

			`Core flow`
			`- Matrix Authentication Service (MAS) handles login/SSO and issues Matrix access tokens.`
			`- Synapse is the homeserver; MAS fronts login, Synapse serves client/server APIs.`
			`- Element Web provides the main UI; Element Call embeds LiveKit for group video.`
			`- LiveKit handles SFU media; Coturn provides TURN for NAT traversal.`
			`- matrix-guest-register provides guest accounts + guest sessions (no Keycloak).`

			`Operational jobs`
			`- mas-db-ensure-job: ensures MAS database role/database + secret in comms.`
			`- comms-secrets-ensure-job: creates runtime secrets (TURN, LiveKit, Synapse, atlasbot).`
			`- synapse-signingkey-ensure-job: ensures Synapse signing key secret.`
			`- synapse-seeder-admin-ensure-job: ensures Synapse admin user exists.`
			`- synapse-user-seed-job: seeds atlasbot + othrys-seeder users/passwords.`
			`- mas-local-users-ensure-job: ensures MAS local users exist (seeder/bot).`
			`- seed-othrys-room: (suspended) creates Othrys + joins locals.`
			`- reset-othrys-room: one-off room reset + pin invite.`
			`- pin-othrys-invite: (suspended) pin invite message if missing.`
			`- guest-name-randomizer: renames numeric/guest users to adj-noun names.`
			`- bstein-force-leave: one-off room leave cleanup.`

			`Manual re-runs`
			`- Bump the job name suffix (e.g., reset-othrys-room-9) to re-run a one-off job.`
			`- Unsuspend a CronJob only when needed; re-suspend after completion.`

			`Ports`
			`- Traefik (HTTPS) via LB on 192.168.22.9.`
			`- Coturn LB on 192.168.22.5 (3478/5349 + UDP range).`
			`- LiveKit LB on 192.168.22.6 (7880/7881/7882/7883).`