overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy


			
				
					
						
						
							
							# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:8
msgid "Setting up Matrix Authentication Service (optional)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:10
msgid "The playbook can install and configure [Matrix Authentication Service](https://github.com/element-hq/matrix-authentication-service/) (MAS) — a service operating alongside your existing [Synapse](./configuring-playbook-synapse.md) homeserver and providing [better authentication, session management and permissions in Matrix](https://matrix.org/blog/2023/09/better-auth/)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:12
msgid "Matrix Authentication Service is an implementation of [MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and still work in progress, tracked at the [areweoidcyet.com](https://areweoidcyet.com/) website."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:14
msgid "**Before going through with starting to use Matrix Authentication Service**, make sure to read:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:16
msgid "the [Reasons to use Matrix Authentication Service](#reasons-to-use-matrix-authentication-service) section below"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:17
msgid "the [Expectations](#expectations) section below"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:18
msgid "the [FAQ section on areweoidcyet.com](https://areweoidcyet.com/#faqs)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:20
msgid "**If you've already been using Synapse** and have user accounts in its database, you can [migrate to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:22
msgid "Reasons to use Matrix Authentication Service"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:24
msgid "You may be wondering whether you should make the switch to Matrix Authentication Service (MAS) or keep using your existing authentication flow via Synapse (password-based or [OIDC](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)-enabled)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:26
msgid "Matrix Authentication Service is **still an experimental service** and **not a default** for this Ansible playbook."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:28
msgid "The [Expectations](#expectations) section contains a list of what works and what doesn't (**some services don't work with MAS yet**), as well as the **relative irreversability** of the migration process."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:30
msgid "Below, we'll try to **highlight some potential reasons for switching** to Matrix Authentication Service:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:32
msgid "To use SSO in [Element X](https://element.io/blog/element-x-ignition/). The old [Synapse OIDC](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on) login flow is only supported in old Element clients and will not be supported in Element X. Element X will only support the new SSO-based login flow provided by MAS, so if you want to use SSO with Element X, you will need to switch to MAS."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:34
msgid "To help drive adoption of the \"Next-generation auth for Matrix\" by switching to what's ultimately coming anyway"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:36
msgid "To help discover (and potentially fix) MAS integration issues with this Ansible playbook"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:38
msgid "To help discover (and potentially fix) MAS integration issues with various other Matrix components (bridges, bots, clients, etc.)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:40
msgid "To reap some of the security benefits that Matrix Authentication Service offers, as outlined in the [Better authentication, session management and permissions in Matrix](https://matrix.org/blog/2023/09/better-auth/) article."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:42
msgid "Prerequisites"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:44
msgid "⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:46
msgid "❌ **disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:48
msgid "Expectations"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:50
msgid "This section details what you can expect when switching to the Matrix Authentication Service (MAS)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:52
msgid "❌ **Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:54
msgid "❌ Certain **tools like [Synapse Admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. Synapse Admin already supports OIDC auth, browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which Synapse Admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:56
msgid "❌ **Some services experience issues when authenticating via MAS**:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:58
msgid "[Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:60
msgid "[Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:62
msgid "cannot initialize matrix bot error=\"olm account is marked as shared, keys seem to have disappeared from the server\""
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:64
msgid "❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:66
msgid "⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:68
msgid "⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:70
msgid "⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:72
msgid "⚠️ A [compatibility layer](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#set-up-the-compatibility-layer) is installed — all `/_matrix/client/*/login` (etc.) requests will be routed to MAS instead of going to the homeserver. This is done both publicly (e.g. `https://matrix.example.com/_matrix/client/*/login`) and on the internal Traefik entrypoint (e.g. `https://matrix-traefik:8008/_matrix/client/*/login`) which helps addon services reach the homeserver's Client-Server API. You typically don't need to do anything to make this work, but it's good to be aware of it, especially if you have a [custom webserver setup](./configuring-playbook-own-webserver.md)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:74
msgid "✅ Your **existing login sessions will continue to work** (you won't get logged out). Migration will require a bit of manual work and minutes of downtime, but it's not too bad."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:76
msgid "✅ Various clients ([Cinny](./configuring-playbook-client-cinny.md), [Element Web](./configuring-playbook-client-element-web.md), Element X, FluffyChat) will be able to use the **new SSO-based login flow** provided by Matrix Authentication Service"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:78
msgid "✅ The **old login flow** (called `m.login.password`) **will still continue to work**, so clients (old Element Web, etc.) and bridges/bots that don't support the new OIDC-based login flow will still work"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:80
msgid "✅ [Registering users](./registering-users.md) via **the playbook's `register-user` tag remains unchanged**. The playbook automatically does the right thing regardless of homeserver implementation (Synapse, Dendrite, etc.) and whether MAS is enabled or not. When MAS is enabled, the playbook will forward user-registration requests to MAS. Registering users via the command-line is no longer done via the `/matrix/synapse/bin/register` script, but via `/matrix/matrix-authentication-service/bin/register-user`."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:82
msgid "✅ Users that are prepared by the playbook (for bots, bridges, etc.) will continue to be registered automatically as expected. The playbook automatically does the right thing regardless of homeserver implementation (Synapse, Dendrite, etc.) and whether MAS is enabled or not. When MAS is enabled, the playbook will forward user-registration requests to MAS."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:84
msgid "Installation flows"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:86
msgid "New homeserver"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:88
msgid "For new homeservers (which don't have any users in their Synapse database yet), follow the [Adjusting the playbook configuration](#adjusting-the-playbook-configuration) instructions and then proceed with [Installing](#installing)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:90
msgid "Existing homeserver"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:92
msgid "Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:94
msgid "For existing Synapse homeservers:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:96
msgid "when following the [Adjusting the playbook configuration](#adjusting-the-playbook-configuration) instructions, make sure to **disable the integration between Synapse and MAS** by **uncommenting** the `matrix_authentication_service_migration_in_progress: true` line as described in the [Marking an existing homeserver for migration](#marking-an-existing-homeserver-for-migration) section below."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:98
msgid "then follow the [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) instructions to perform the installation and migration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:100
msgid "Adjusting DNS records (optional)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:102
msgid "By default, this playbook installs the Matrix Authentication Service on the `matrix.` subdomain, at the `/auth` path (https://matrix.example.com/auth). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:104
msgid "If you wish to adjust it, see the section [below](#adjusting-the-matrix-authentication-service-url-optional) for details about DNS configuration."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:106
msgid "Adjusting the playbook configuration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:108
msgid "To enable Matrix Authentication Service, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:122
msgid "In the sub-sections that follow, we'll cover some additional configuration options that you may wish to adjust."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:124
msgid "There are many other configuration options available. Consult the [`defaults/main.yml` file](../roles/custom/matrix-authentication-service/defaults/main.yml) in the [matrix-authentication-service role](../roles/custom/matrix-authentication-service/) to discover them."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:126
msgid "Adjusting the Matrix Authentication Service URL (optional)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:128
msgid "By tweaking the `matrix_authentication_service_hostname` and `matrix_authentication_service_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:130
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:157
msgid "Example additional configuration for your `vars.yml` file:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:138
msgid "If you've changed the default hostname, you may need to create a CNAME record for the Matrix Authentication Service domain (`auth.example.com`), which targets `matrix.example.com`."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:140
msgid "When setting, replace `example.com` with your own."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:142
msgid "Marking an existing homeserver for migration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:144
msgid "The [configuration above](#adjusting-the-playbook-configuration) instructs existing users wishing to migrate to add `matrix_authentication_service_migration_in_progress: true` to their configuration."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:146
msgid "This is done temporarily. The migration steps are described in more detail in the [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) section below."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:148
msgid "Upstream OAuth2 configuration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:150
msgid "To make Matrix Authentication Service delegate to an existing upstream OAuth 2.0/OIDC provider, you can use its [`upstream_oauth2.providers` setting](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2providers)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:152
msgid "The playbook exposes a `matrix_authentication_service_config_upstream_oauth2_providers` variable for controlling this setting."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:273
msgid "💡 Refer to the [`upstream_oauth2.providers` setting](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2providers) for the most up-to-date schema and example for providers. The value shown above here may be out of date."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:275
msgid "⚠️ The syntax for existing [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on) is slightly different, so you will need to adjust your configuration when switching from Synapse OIDC to MAS upstream OAuth2."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:277
msgid "⚠️ When [migrating an existing homeserver](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) which contains OIDC-sourced users, you will need to:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:279
msgid "[Configure upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:280
msgid "go through the [migrating an existing homeserver](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) process"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:281
msgid "remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:283
msgid "Extending the configuration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:285
msgid "There are some additional things you may wish to configure about the component."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:287
msgid "Take a look at:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:289
msgid "`roles/custom/matrix-authentication-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:290
msgid "`roles/custom/matrix-authentication-service/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_authentication_service_configuration_extension_yaml` variable"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:292
msgid "Installing"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:294
msgid "Now that you've [adjusted the playbook configuration](#adjusting-the-playbook-configuration) and [your DNS records](#adjusting-dns-records), you can run the playbook with [playbook tags](playbook-tags.md) as below:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:301
msgid "**Notes**:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:303
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:305
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:307
msgid "If you're in the process of migrating an existing Synapse homeserver to MAS, you should now follow the rest of the steps in the [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) guide."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:309
msgid "💡 After installation, you should [verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:311
msgid "Migrating an existing Synapse homeserver to Matrix Authentication Service"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:313
msgid "Our migration guide is loosely based on the upstream [Migrating an existing homeserver](https://element-hq.github.io/matrix-authentication-service/setup/migration.html) guide."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:315
msgid "Migration is done via a sub-command called `syn2mas`, which the playbook could run for you (in a container)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:317
msgid "The installation + migration steps are like this:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:319
msgid "[Adjust your configuration](#adjusting-the-playbook-configuration) to **disable the integration between the homeserver and MAS**. This is done by **uncommenting** the `matrix_authentication_service_migration_in_progress: true` line."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:321
msgid "Perform the initial [installation](#installing). At this point:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:323
msgid "Matrix Authentication Service will be installed. Its database will be empty, so it cannot validate existing access tokens or authentication users yet."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:325
msgid "The homeserver will still continue to use its local database for validating existing access tokens."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:327
msgid "Various [compatibility layer URLs](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#set-up-the-compatibility-layer) are not yet installed. New login sessions will still be forwarded to the homeserver, which is capable of completing them."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:329
msgid "The `matrix-user-creator` role would be suppressed, so that it doesn't automatically attempt to create users (for bots, etc.) in the MAS database. These user accounts likely already exist in Synapse's user database and could be migrated over (via syn2mas, as per the steps below), so creating them in the MAS database would have been unnecessary and potentially problematic (conflicts during the syn2mas migration)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:331
msgid "Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration command does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:333
msgid "[Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:335
msgid "[Adjust your configuration](#adjusting-the-playbook-configuration) again, to:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:337
msgid "remove the `matrix_authentication_service_migration_in_progress: false` line"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:339
msgid "if you had been using [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:341
msgid "Perform the [installation](#installing) again. At this point:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:343
msgid "The homeserver will start delegating authentication to MAS."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:345
msgid "The compatibility layer URLs will be installed. New login sessions will be completed by MAS."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:347
msgid "[Verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:349
msgid "Migrate your data from Synapse to Matrix Authentication Service using syn2mas"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:351
msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:353
msgid "Configuring syn2mas"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:355
msgid "If you're using [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to [Configuring upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:357
msgid "If you only have local (non-OIDC) users in your Synapse database, you can likely run `syn2mas` as-is (without doing additional configuration changes)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:359
msgid "When you're done with potentially configuring `syn2mas`, proceed to doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:361
msgid "Configuring upstream OIDC provider mapping for syn2mas"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:363
msgid "Since Matrix Authentication Service v0.16.0 (which replaced the standalone `syn2mas` tool with a `mas-cli syn2mas` sub-command), OIDC configuration (mapping from your old OIDC configuration to your new one, etc) is meant to be configured in the Matrix Authentication Service configuration (via `matrix_authentication_service_config_upstream_oauth2_providers`) as a `synapse_idp_id` property for each provider."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:365
msgid "You can refer to the [Map any upstream SSO providers](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers) section of the MAS documentation for figuring out how to set the `synapse_idp_id` value in `matrix_authentication_service_config_upstream_oauth2_providers` correctly."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:367
msgid "Performing a syn2mas dry-run"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:369
msgid "Having [configured syn2mas](#configuring-syn2mas), we recommend doing a [dry-run](https://en.wikipedia.org/wiki/Dry_run_(testing)) first to verify that everything will work out as expected."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:371
msgid "A dry-run would not cause downtime, because it avoids stopping Synapse."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:373
msgid "To perform a dry-run, run:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:379
msgid "Observe the command output (especially the last line of the the syn2mas output). If you are confident that the migration will work out as expected, you can proceed with a [real migration](#performing-a-real-syn2mas-migration)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:381
msgid "Performing a real syn2mas migration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:383
msgid "Before performing a real migration make sure:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:385
msgid "you've familiarized yourself with the [expectations](#expectations)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:387
msgid "you've performed a Postgres backup, just in case"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:389
msgid "you're aware of the irreversibility of the migration process without disruption after users have created new login sessions via the new MAS setup"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:391
msgid "you've [configured syn2mas](#configuring-syn2mas), especially if you've used [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:393
msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and don't see any issues in its output"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:395
msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
msgid "Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. \"Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again.\")."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:403
msgid "Verify that Matrix Authentication Service is installed correctly"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:405
msgid "After [installation](#installing), run the `doctor` subcommand of the [`mas-cli` command-line tool](https://element-hq.github.io/matrix-authentication-service/reference/cli/index.html) to verify that MAS is installed correctly."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407
msgid "You can do it:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:409
msgid "either via the Ansible playbook's `matrix-authentication-service-mas-cli-doctor` tag: `just run-tags matrix-authentication-service-mas-cli-doctor`"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:411
msgid "or by running the `mas-cli` script on the server (which invokes the `mas-cli` tool inside a container): `/matrix/matrix-authentication-service/bin/mas-cli doctor`"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:413
msgid "If successful, you should see some output that looks like this:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:425
msgid "Usage"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:427
msgid "Management"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:429
msgid "You can use the [`mas-cli` command-line tool](https://element-hq.github.io/matrix-authentication-service/reference/cli/index.html) (exposed via the `/matrix/matrix-authentication-service/bin/mas-cli` script) to perform administrative tasks against MAS."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:431
msgid "This documentation page already mentions:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:433
msgid "the `mas-cli doctor` sub-command in the [Verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly) section, which you can run via the CLI and via the Ansible playbook's `matrix-authentication-service-mas-cli-doctor` tag"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:435
msgid "the `mas-cli manage register-user` sub-command in the [Registering users](./registering-users.md) documentation"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:437
msgid "There are other sub-commands available. Run `/matrix/matrix-authentication-service/bin/mas-cli` to get an overview."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:439
msgid "User registration"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:441
msgid "After Matrix Authentication Service is [installed](#installing), users need to be managed there (unless you're managing them in an [upstream OAuth2 provider](#upstream-oauth2-configuration))."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:443
msgid "You can register users new users as described in the [Registering users](./registering-users.md) documentation (via `mas-cli manage register-user` or the Ansible playbook's `register-user` tag)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:445
msgid "Working around email deliverability issues"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:447
msgid "Matrix Authentication Service only sends emails when:"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:449
msgid "it verifies email addresses for users who are self-registering with a password"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:451
msgid "a user tries to add an email to their account"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:453
msgid "If Matrix Authentication Service tries to send an email and it fails because [your email-sending configuration](./configuring-playbook-email.md) is not working, you may need to work around email deliverability."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:455
msgid "If email delivery is not working, **you can retrieve the email verification code from the Matrix Authentication Service's logs** (`journalctl -fu matrix-authentication-service`)."
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:457
msgid "Alternatively, you can use the [`mas-cli` management tool](#management) to manually verify email addresses for users. Example: `/matrix/matrix-authentication-service/bin/mas-cli manage verify-email some.username email@example.com`"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:459
msgid "Troubleshooting"
msgstr ""

#: ../../../docs/configuring-playbook-matrix-authentication-service.md:461
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-authentication-service`."
msgstr ""