Initial commit: EifelDC - Discord-like Matrix chat platform

Includes server (Rust/Axum API proxy with voice management),
Tauri desktop client with Svelte UI, bot-sdk, Docker infra
(Synapse, PostgreSQL, Coturn, Nginx), and CI/CD pipeline.

infra/scripts/generate-certs.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+INFRA_DIR="$(dirname "$SCRIPT_DIR")"
+CERT_DIR="${INFRA_DIR}/certs"
+DOMAIN="${1:-eifeldc.local}"
+
+echo "=== Generating self-signed SSL certificate for ${DOMAIN} ==="
+
+rm -rf "${CERT_DIR}"
+mkdir -p "${CERT_DIR}/live/${DOMAIN}"
+mkdir -p "${CERT_DIR}/archive"
+
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout "${CERT_DIR}/live/${DOMAIN}/privkey.pem" \
+    -out "${CERT_DIR}/live/${DOMAIN}/fullchain.pem" \
+    -subj "/CN=${DOMAIN}" \
+    -addext "subjectAltName=DNS:${DOMAIN},DNS:localhost,IP:127.0.0.1"
+
+cp "${CERT_DIR}/live/${DOMAIN}/fullchain.pem" "${CERT_DIR}/live/${DOMAIN}/cert.pem"
+
+cp "${CERT_DIR}/live/${DOMAIN}/fullchain.pem" "${CERT_DIR}/archive/${DOMAIN}-fullchain.pem"
+cp "${CERT_DIR}/live/${DOMAIN}/privkey.pem" "${CERT_DIR}/archive/${DOMAIN}-privkey.pem"
+
+echo ""
+echo "Certificates generated:"
+echo "  Cert: ${CERT_DIR}/live/${DOMAIN}/fullchain.pem"
+echo "  Key:  ${CERT_DIR}/live/${DOMAIN}/privkey.pem"
+echo ""
+echo "For Docker deployment, copy certs to the nginx-certs volume:"
+echo "  docker volume inspect infra_nginx-certs"
+echo "  sudo cp -r ${CERT_DIR}/live/${DOMAIN}/* <volume_mountpoint>/live/${DOMAIN}/"
+echo ""
+echo "Or for local dev, update nginx config to point to ${CERT_DIR}/live/${DOMAIN}/"