overmind
/
matrix-docker-ansible-deploy
miroir de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Bifurcation 0
Code Tickets 0 Versions 0 Wiki Activité
Matrix Docker Ansible eploy
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
11303 Révisions
17 Branches
110 MiB
 
 
Aborescence: 2c2b58cefc
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '2c2b58cefc'
${ noResults }
matrix-docker-ansible-deploy/i18n/translation-templates/docs/configuring-playbook-tuwune...

270 lignes
17 KiB
Brut Annotations Historique 

  1. # SOME DESCRIPTIVE TITLE.

  2. # Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members

  3. # This file is distributed under the same license as the matrix-docker-ansible-deploy package.

  4. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.

  5. #

  6. #, fuzzy

  7. msgid ""

  8. msgstr ""

  9. "Project-Id-Version: matrix-docker-ansible-deploy \n"

  10. "Report-Msgid-Bugs-To: \n"

  11. "POT-Creation-Date: 2026-05-09 06:50+0000\n"

  12. "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"

  13. "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"

  14. "Language-Team: LANGUAGE <LL@li.org>\n"

  15. "MIME-Version: 1.0\n"

  16. "Content-Type: text/plain; charset=UTF-8\n"

  17. "Content-Transfer-Encoding: 8bit\n"

  18. 

  19. #: ../../../docs/configuring-playbook-tuwunel.md:8

  20. msgid "Configuring Tuwunel (optional)"

  21. msgstr ""

  22. 

  23. #: ../../../docs/configuring-playbook-tuwunel.md:10

  24. msgid "The playbook can install and configure the [Tuwunel](https://matrix-construct.github.io/tuwunel/) Matrix homeserver for you."

  25. msgstr ""

  26. 

  27. #: ../../../docs/configuring-playbook-tuwunel.md:12

  28. msgid "Tuwunel is a featureful homeserver written entirely in Rust, intended as a scalable, low-cost, enterprise-ready alternative to Synapse that fully implements the [Matrix specification](https://spec.matrix.org/latest/) for all but the most niche uses. It is the official successor to [conduwuit](configuring-playbook-conduwuit.md), is now sponsored by the government of Switzerland 🇨🇭 (where it is currently deployed for citizens), and is used by a number of organisations with a vested interest in its continued development. See the project's [documentation](https://matrix-construct.github.io/tuwunel/) for further background."

  29. msgstr ""

  30. 

  31. #: ../../../docs/configuring-playbook-tuwunel.md:14

  32. msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."

  33. msgstr ""

  34. 

  35. #: ../../../docs/configuring-playbook-tuwunel.md:16

  36. msgid "[!WARNING]"

  37. msgstr ""

  38. 

  39. #: ../../../docs/configuring-playbook-tuwunel.md:17

  40. msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse → Tuwunel). Proceed below only if you're OK with starting over, or you're dealing with a server on a new domain name which hasn't participated in the Matrix federation yet. The one exception is migrating from conduwuit; see [Migrating from conduwuit](#migrating-from-conduwuit)."

  41. msgstr ""

  42. 

  43. #: ../../../docs/configuring-playbook-tuwunel.md:18

  44. msgid "**Homeserver implementations other than Synapse may not be fully functional** with every part of this playbook. Make yourself familiar with the trade-offs before proceeding."

  45. msgstr ""

  46. 

  47. #: ../../../docs/configuring-playbook-tuwunel.md:20

  48. msgid "Adjusting the playbook configuration"

  49. msgstr ""

  50. 

  51. #: ../../../docs/configuring-playbook-tuwunel.md:22

  52. msgid "To use Tuwunel, set the following on `inventory/host_vars/matrix.example.com/vars.yml`:"

  53. msgstr ""

  54. 

  55. #: ../../../docs/configuring-playbook-tuwunel.md:36

  56. msgid "The first user account that registers becomes a server admin and is automatically invited to the admin room. See [Creating the first user account](#creating-the-first-user-account) below for the bootstrap procedure."

  57. msgstr ""

  58. 

  59. #: ../../../docs/configuring-playbook-tuwunel.md:38

  60. msgid "Wiring done for you"

  61. msgstr ""

  62. 

  63. #: ../../../docs/configuring-playbook-tuwunel.md:40

  64. msgid "When `matrix_homeserver_implementation: tuwunel` is set, the playbook automatically integrates Tuwunel with the rest of your stack:"

  65. msgstr ""

  66. 

  67. #: ../../../docs/configuring-playbook-tuwunel.md:42

  68. msgid "**Federation.** Toggled by `matrix_homeserver_federation_enabled`. The federation virtual host (port 8448 in the default setup) is wired up via Traefik labels."

  69. msgstr ""

  70. 

  71. #: ../../../docs/configuring-playbook-tuwunel.md:43

  72. msgid "**Well-known.** `matrix_tuwunel_config_well_known_client` is set to your public homeserver URL whenever SSL is enabled. Matrix clients use this for delegated-domain server discovery; identity-provider entries below can also omit their `callback_url`, since Tuwunel derives `<well-known>/_matrix/client/unstable/login/sso/callback/<client_id>` automatically."

  73. msgstr ""

  74. 

  75. #: ../../../docs/configuring-playbook-tuwunel.md:44

  76. msgid "**Element Call / MatrixRTC.** When the [LiveKit JWT service](configuring-playbook-matrix-rtc.md) is enabled, Tuwunel publishes its public URL through `.well-known/matrix/client` per [MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)."

  77. msgstr ""

  78. 

  79. #: ../../../docs/configuring-playbook-tuwunel.md:45

  80. msgid "**Legacy calls (TURN).** When [Coturn](configuring-playbook-turn.md) is enabled, its URIs and shared secret (or username/password, depending on `coturn_authentication_method`) are wired automatically."

  81. msgstr ""

  82. 

  83. #: ../../../docs/configuring-playbook-tuwunel.md:47

  84. msgid "Extending the configuration"

  85. msgstr ""

  86. 

  87. #: ../../../docs/configuring-playbook-tuwunel.md:49

  88. msgid "Tuwunel exposes a large configuration surface. The role surfaces commonly used options as Ansible variables under `matrix_tuwunel_config_*`. See [`roles/custom/matrix-tuwunel/defaults/main.yml`](../roles/custom/matrix-tuwunel/defaults/main.yml) for the complete list, and [`roles/custom/matrix-tuwunel/templates/tuwunel.toml.j2`](../roles/custom/matrix-tuwunel/templates/tuwunel.toml.j2) for the rendered configuration."

  89. msgstr ""

  90. 

  91. #: ../../../docs/configuring-playbook-tuwunel.md:51

  92. msgid "For options that aren't surfaced as a dedicated variable, [environment variables](https://matrix-construct.github.io/tuwunel/configuration.html#environment-variables) are the recommended override mechanism. They take priority over the rendered TOML, are scoped to the running container, and require no template patching:"

  93. msgstr ""

  94. 

  95. #: ../../../docs/configuring-playbook-tuwunel.md:59

  96. msgid "Keys nested under a TOML section use `__` (double underscore) to descend, e.g. `TUWUNEL_WELL_KNOWN__SERVER`. User-named sections become path segments too: `TUWUNEL_STORAGE_PROVIDER__ARCHIVE__S3__URL` overrides the `url` field of the `archive` storage provider in the example below."

  97. msgstr ""

  98. 

  99. #: ../../../docs/configuring-playbook-tuwunel.md:61

  100. msgid "If you need wholesale control of the configuration file, copy [`roles/custom/matrix-tuwunel/templates/tuwunel.toml.j2`](../roles/custom/matrix-tuwunel/templates/tuwunel.toml.j2) into your inventory and point `matrix_tuwunel_template_tuwunel_config` at your copy."

  101. msgstr ""

  102. 

  103. #: ../../../docs/configuring-playbook-tuwunel.md:63

  104. msgid "The container image published as `:latest` is built with `io_uring`, `jemalloc`, LDAP, blurhashing, URL preview, sentry telemetry, and zstd compression all enabled, so most opt-in features are simply a configuration toggle away."

  105. msgstr ""

  106. 

  107. #: ../../../docs/configuring-playbook-tuwunel.md:65

  108. msgid "Identity providers (OAuth2 / OIDC)"

  109. msgstr ""

  110. 

  111. #: ../../../docs/configuring-playbook-tuwunel.md:67

  112. msgid "Configure one or more `[[global.identity_provider]]` entries via a list. Each entry maps directly to Tuwunel's [identity-provider fields](https://matrix-construct.github.io/tuwunel/authentication/providers.html); only the fields you set are emitted. GitHub, GitLab, and Google have built-in `issuer_url` defaults so a `client_id` plus `client_secret` is enough; for any other `brand` (Apple, Facebook, Keycloak, MAS, Twitter, etc.) you must supply `issuer_url` explicitly:"

  113. msgstr ""

  114. 

  115. #: ../../../docs/configuring-playbook-tuwunel.md:82

  116. msgid "Self-hosted providers must supply both `client_id` and `issuer_url`. Set `trusted: true` only on providers you operate yourself; trusting a public provider (GitHub, Google, etc.) is an account-takeover risk."

  117. msgstr ""

  118. 

  119. #: ../../../docs/configuring-playbook-tuwunel.md:84

  120. msgid "LDAP"

  121. msgstr ""

  122. 

  123. #: ../../../docs/configuring-playbook-tuwunel.md:86

  124. msgid "Tuwunel can authenticate `m.login.password` requests against an LDAP directory and, in search-then-bind mode, keep admin status in sync with directory membership. The shipped image already includes the `ldap` build feature."

  125. msgstr ""

  126. 

  127. #: ../../../docs/configuring-playbook-tuwunel.md:97

  128. msgid "[!NOTE] `bind_password_file` is read **inside the container**. The role bind-mounts `/matrix/tuwunel/config` to `/etc/tuwunel` (read-only) and `/matrix/tuwunel/data` to `/var/lib/tuwunel`. To make the file available at the path above, drop it on the host at `/matrix/tuwunel/config/ldap.pw` (owned by `matrix:matrix`) before running the playbook; the role does not template secret files for you."

  129. msgstr ""

  130. 

  131. #: ../../../docs/configuring-playbook-tuwunel.md:100

  132. msgid "For direct-bind, anonymous-search, and admin-sync details, see [LDAP authentication](https://matrix-construct.github.io/tuwunel/authentication/ldap.html)."

  133. msgstr ""

  134. 

  135. #: ../../../docs/configuring-playbook-tuwunel.md:102

  136. msgid "JWT login"

  137. msgstr ""

  138. 

  139. #: ../../../docs/configuring-playbook-tuwunel.md:104

  140. msgid "Tuwunel can accept signed JSON Web Tokens both as a login flow and as a User-Interactive Authentication step:"

  141. msgstr ""

  142. 

  143. #: ../../../docs/configuring-playbook-tuwunel.md:115

  144. msgid "The defaults match Synapse's `experimental_features.jwt_config` semantics, so a key + algorithm port should authenticate the same set of tokens. See [Enterprise JWT](https://matrix-construct.github.io/tuwunel/authentication/jwt.html) for the full reference, including the asymmetric (ECDSA / EdDSA) formats and the operator-controlled UIAA override flow."

  145. msgstr ""

  146. 

  147. #: ../../../docs/configuring-playbook-tuwunel.md:117

  148. msgid "Media storage providers"

  149. msgstr ""

  150. 

  151. #: ../../../docs/configuring-playbook-tuwunel.md:119

  152. msgid "Each entry becomes a `[global.storage_provider.<id>.<kind>]` block. `kind` is `local` or `s3`; the remaining keys map directly to the fields documented in [Storage providers](https://matrix-construct.github.io/tuwunel/media/storage.html):"

  153. msgstr ""

  154. 

  155. #: ../../../docs/configuring-playbook-tuwunel.md:136

  156. msgid "The S3 backend ships with native multipart upload, so no goofys/rclone sidecar is required. MinIO, Cloudflare R2, and DigitalOcean Spaces all work; set `endpoint` and `use_vhost_request: false` as appropriate."

  157. msgstr ""

  158. 

  159. #: ../../../docs/configuring-playbook-tuwunel.md:138

  160. msgid "[!NOTE] Local provider paths must live under `/var/lib/tuwunel` (the container's data mount, persisted on the host at `/matrix/tuwunel/data`), or you must mount the target directory into the container yourself via `matrix_tuwunel_container_extra_arguments`. The container otherwise runs read-only."

  161. msgstr ""

  162. 

  163. #: ../../../docs/configuring-playbook-tuwunel.md:141

  164. msgid "RocksDB and cache tuning"

  165. msgstr ""

  166. 

  167. #: ../../../docs/configuring-playbook-tuwunel.md:143

  168. msgid "Tuwunel embeds RocksDB. The defaults (`rocksdb_compression_algo: zstd`) suit most deployments. For high-throughput servers you may want to enable direct I/O, raise parallelism, and bump the cache modifier:"

  169. msgstr ""

  170. 

  171. #: ../../../docs/configuring-playbook-tuwunel.md:152

  172. msgid "If you run on ZFS, the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html#zfs) lists the dataset properties (`recordsize`, `primarycache`, `compression`, `atime`, `logbias`) and config flags (`rocksdb_direct_io`, `rocksdb_allow_fallocate`) you need to adjust to avoid severe write amplification."

  173. msgstr ""

  174. 

  175. #: ../../../docs/configuring-playbook-tuwunel.md:154

  176. msgid "To enable Sentry crash reporting, set `matrix_tuwunel_config_sentry_enabled: true`."

  177. msgstr ""

  178. 

  179. #: ../../../docs/configuring-playbook-tuwunel.md:156

  180. msgid "Federation gating"

  181. msgstr ""

  182. 

  183. #: ../../../docs/configuring-playbook-tuwunel.md:158

  184. msgid "Tuwunel accepts regular-expression patterns at every level of remote-server filtering:"

  185. msgstr ""

  186. 

  187. #: ../../../docs/configuring-playbook-tuwunel.md:169

  188. msgid "Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating. The policy itself lives in room state, but enforcement is opt-in at the server level:"

  189. msgstr ""

  190. 

  191. #: ../../../docs/configuring-playbook-tuwunel.md:176

  192. msgid "When enabled, rooms with a valid `m.room.policy` state event have outgoing events signed by the configured policy server before federation. Transient network or timeout failures fail open (with a warn log), so a policy-server outage will not silently take the room offline."

  193. msgstr ""

  194. 

  195. #: ../../../docs/configuring-playbook-tuwunel.md:178

  196. msgid "Default room version"

  197. msgstr ""

  198. 

  199. #: ../../../docs/configuring-playbook-tuwunel.md:180

  200. msgid "The role sets `default_room_version: '12'`, so newly created rooms default to Matrix [room version 12](https://github.com/matrix-org/matrix-spec-proposals/pull/4289) (\"Hydra\"). Override `matrix_tuwunel_config_default_room_version` if you need an earlier version for client compatibility."

  201. msgstr ""

  202. 

  203. #: ../../../docs/configuring-playbook-tuwunel.md:182

  204. msgid "Creating the first user account"

  205. msgstr ""

  206. 

  207. #: ../../../docs/configuring-playbook-tuwunel.md:184

  208. msgid "Unlike Synapse and Dendrite, Tuwunel does not register users from the command line or via the playbook. On first startup it logs a one-time-use registration token to its journal:"

  209. msgstr ""

  210. 

  211. #: ../../../docs/configuring-playbook-tuwunel.md:191

  212. msgid "Use the token to create your first account from any client that supports token-gated registration (e.g. [Element Web](configuring-playbook-client-element-web.md)). The account is auto-promoted to admin and invited to the admin room together with the `@conduit:<server_name>` server bot. The bot keeps the legacy `conduit` localpart due to the project's lineage from Conduit."

  213. msgstr ""

  214. 

  215. #: ../../../docs/configuring-playbook-tuwunel.md:193

  216. msgid "Configuring bridges and appservices"

  217. msgstr ""

  218. 

  219. #: ../../../docs/configuring-playbook-tuwunel.md:195

  220. msgid "The playbook does not auto-register appservices for Tuwunel. After your bridge has produced its `registration.yaml` (e.g. `/matrix/mautrix-signal/bridge/registration.yaml`), register it manually by sending the contents to the admin room, prefixed with `!admin appservices register` and wrapped in a fenced code block:"

  221. msgstr ""

  222. 

  223. #: ../../../docs/configuring-playbook-tuwunel.md:216

  224. msgid "Registrations stored this way are persisted in the database and survive restarts. Re-running the command with the same `id` replaces the existing entry. See [Application services](https://matrix-construct.github.io/tuwunel/appservices.html) for the full reference and admin commands."

  225. msgstr ""

  226. 

  227. #: ../../../docs/configuring-playbook-tuwunel.md:218

  228. msgid "Migrating from conduwuit"

  229. msgstr ""

  230. 

  231. #: ../../../docs/configuring-playbook-tuwunel.md:220

  232. msgid "Tuwunel is a \"binary swap\" for conduwuit; it reads conduwuit's RocksDB layout directly, so migration is a data move, not an export/import."

  233. msgstr ""

  234. 

  235. #: ../../../docs/configuring-playbook-tuwunel.md:222

  236. msgid "Set `matrix_homeserver_implementation: tuwunel` on `vars.yml` and remove any `matrix_conduwuit_*` overrides."

  237. msgstr ""

  238. 

  239. #: ../../../docs/configuring-playbook-tuwunel.md:223

  240. msgid "Run a full installation so that the new service is created and the old one removed (e.g. `just setup-all`)."

  241. msgstr ""

  242. 

  243. #: ../../../docs/configuring-playbook-tuwunel.md:224

  244. msgid "Run `just run-tags tuwunel-migrate-from-conduwuit`."

  245. msgstr ""

  246. 

  247. #: ../../../docs/configuring-playbook-tuwunel.md:226

  248. msgid "The migration stops `matrix-conduwuit.service`, copies `/matrix/conduwuit` into `/matrix/tuwunel`, renames the config file, and starts `matrix-tuwunel.service`. The freshly generated tuwunel data directory is preserved alongside as `/matrix/tuwunel_old` until you remove it manually."

  249. msgstr ""

  250. 

  251. #: ../../../docs/configuring-playbook-tuwunel.md:228

  252. msgid "[!CAUTION] Migrating from any other Conduit derivative (Conduit itself, Continuwuity, or any other fork) is **not supported** and will corrupt your database. All Conduit forks share the same linear database version with no awareness of each other; switching between them produces unrecoverable damage. See the [upstream migration table](https://matrix-construct.github.io/tuwunel/#migrating-to-tuwunel)."

  253. msgstr ""

  254. 

  255. #: ../../../docs/configuring-playbook-tuwunel.md:231

  256. msgid "Troubleshooting"

  257. msgstr ""

  258. 

  259. #: ../../../docs/configuring-playbook-tuwunel.md:233

  260. msgid "As with all other services, the logs are available via [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html):"

  261. msgstr ""

  262. 

  263. #: ../../../docs/configuring-playbook-tuwunel.md:239

  264. msgid "Logging verbosity is controlled by `matrix_tuwunel_config_log` in [`tracing-subscriber` env-filter syntax](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html). The default (`info,state_res=warn`) is reasonable for production; for debugging, try `debug` or scope it tighter, e.g. `info,tuwunel_service::sending=debug`."

  265. msgstr ""

  266. 

  267. #: ../../../docs/configuring-playbook-tuwunel.md:241

  268. msgid "For RocksDB-level issues, online backups, and offline backup procedures, see the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html). For protocol-compliance state across MSCs, the spec, and Complement, the project's [compliance dashboard](https://matrix-construct.github.io/tuwunel/development/compliance.html) is the authoritative tracker."

  269. msgstr ""