mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2026-07-04 06:10:26 +03:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 15e3d0b1a1 | |||
| 53ad97417d | |||
| 704cbd5655 | |||
| 6542ef8b3c | |||
| e43bbfb44d | |||
| 143babe55c | |||
| bb77d89d2e | |||
| a0d056d160 | |||
| 2d5b5ff7ef | |||
| 8c87f68d5b |
@@ -166,7 +166,14 @@ matrix_tuwunel_config_prevent_media_downloads_from:
|
||||
- 'heavy\.example\.com$'
|
||||
```
|
||||
|
||||
Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating; that lives in room state and needs no playbook configuration.
|
||||
Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating. The policy itself lives in room state, but enforcement is opt-in at the server level:
|
||||
|
||||
```yaml
|
||||
matrix_tuwunel_config_enable_policy_servers: true
|
||||
matrix_tuwunel_config_policy_server_request_timeout: 5
|
||||
```
|
||||
|
||||
When enabled, rooms with a valid `m.room.policy` state event have outgoing events signed by the configured policy server before federation. Transient network or timeout failures fail open (with a warn log), so a policy-server outage will not silently take the room offline.
|
||||
|
||||
### Default room version
|
||||
|
||||
|
||||
@@ -8,9 +8,9 @@ idna==3.13
|
||||
imagesize==2.0.0
|
||||
Jinja2==3.1.6
|
||||
linkify-it-py==2.1.0
|
||||
markdown-it-py==4.1.0
|
||||
markdown-it-py==4.2.0
|
||||
MarkupSafe==3.0.3
|
||||
mdit-py-plugins==0.5.0
|
||||
mdit-py-plugins==0.6.0
|
||||
mdurl==0.1.2
|
||||
myst-parser==5.0.0
|
||||
packaging==26.2
|
||||
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
|
||||
sphinxcontrib-serializinghtml==2.0.0
|
||||
tabulate==0.10.0
|
||||
uc-micro-py==2.0.0
|
||||
urllib3==2.6.3
|
||||
urllib3==2.7.0
|
||||
|
||||
@@ -8,7 +8,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2026-05-07 11:16+0000\n"
|
||||
"POT-Creation-Date: 2026-05-09 06:50+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
@@ -185,81 +185,85 @@ msgid "Tuwunel accepts regular-expression patterns at every level of remote-serv
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:169
|
||||
msgid "Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating; that lives in room state and needs no playbook configuration."
|
||||
msgid "Tuwunel additionally implements [MSC4284 policy servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) for room-level federation gating. The policy itself lives in room state, but enforcement is opt-in at the server level:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:171
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:176
|
||||
msgid "When enabled, rooms with a valid `m.room.policy` state event have outgoing events signed by the configured policy server before federation. Transient network or timeout failures fail open (with a warn log), so a policy-server outage will not silently take the room offline."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:178
|
||||
msgid "Default room version"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:173
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:180
|
||||
msgid "The role sets `default_room_version: '12'`, so newly created rooms default to Matrix [room version 12](https://github.com/matrix-org/matrix-spec-proposals/pull/4289) (\"Hydra\"). Override `matrix_tuwunel_config_default_room_version` if you need an earlier version for client compatibility."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:175
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:182
|
||||
msgid "Creating the first user account"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:177
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:184
|
||||
msgid "Unlike Synapse and Dendrite, Tuwunel does not register users from the command line or via the playbook. On first startup it logs a one-time-use registration token to its journal:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:184
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:191
|
||||
msgid "Use the token to create your first account from any client that supports token-gated registration (e.g. [Element Web](configuring-playbook-client-element-web.md)). The account is auto-promoted to admin and invited to the admin room together with the `@conduit:<server_name>` server bot. The bot keeps the legacy `conduit` localpart due to the project's lineage from Conduit."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:186
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:193
|
||||
msgid "Configuring bridges and appservices"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:188
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:195
|
||||
msgid "The playbook does not auto-register appservices for Tuwunel. After your bridge has produced its `registration.yaml` (e.g. `/matrix/mautrix-signal/bridge/registration.yaml`), register it manually by sending the contents to the admin room, prefixed with `!admin appservices register` and wrapped in a fenced code block:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:209
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:216
|
||||
msgid "Registrations stored this way are persisted in the database and survive restarts. Re-running the command with the same `id` replaces the existing entry. See [Application services](https://matrix-construct.github.io/tuwunel/appservices.html) for the full reference and admin commands."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:211
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:218
|
||||
msgid "Migrating from conduwuit"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:213
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:220
|
||||
msgid "Tuwunel is a \"binary swap\" for conduwuit; it reads conduwuit's RocksDB layout directly, so migration is a data move, not an export/import."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:215
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:222
|
||||
msgid "Set `matrix_homeserver_implementation: tuwunel` on `vars.yml` and remove any `matrix_conduwuit_*` overrides."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:216
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:223
|
||||
msgid "Run a full installation so that the new service is created and the old one removed (e.g. `just setup-all`)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:217
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:224
|
||||
msgid "Run `just run-tags tuwunel-migrate-from-conduwuit`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:219
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:226
|
||||
msgid "The migration stops `matrix-conduwuit.service`, copies `/matrix/conduwuit` into `/matrix/tuwunel`, renames the config file, and starts `matrix-tuwunel.service`. The freshly generated tuwunel data directory is preserved alongside as `/matrix/tuwunel_old` until you remove it manually."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:221
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:228
|
||||
msgid "[!CAUTION] Migrating from any other Conduit derivative (Conduit itself, Continuwuity, or any other fork) is **not supported** and will corrupt your database. All Conduit forks share the same linear database version with no awareness of each other; switching between them produces unrecoverable damage. See the [upstream migration table](https://matrix-construct.github.io/tuwunel/#migrating-to-tuwunel)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:224
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:231
|
||||
msgid "Troubleshooting"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:226
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:233
|
||||
msgid "As with all other services, the logs are available via [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html):"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:232
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:239
|
||||
msgid "Logging verbosity is controlled by `matrix_tuwunel_config_log` in [`tracing-subscriber` env-filter syntax](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html). The default (`info,state_res=warn`) is reasonable for production; for debugging, try `debug` or scope it tighter, e.g. `info,tuwunel_service::sending=debug`."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:234
|
||||
#: ../../../docs/configuring-playbook-tuwunel.md:241
|
||||
msgid "For RocksDB-level issues, online backups, and offline backup procedures, see the [Tuwunel maintenance guide](https://matrix-construct.github.io/tuwunel/maintenance.html). For protocol-compliance state across MSCs, the spec, and Complement, the project's [compliance dashboard](https://matrix-construct.github.io/tuwunel/development/compliance.html) is the authoritative tracker."
|
||||
msgstr ""
|
||||
|
||||
+1
-1
@@ -27,7 +27,7 @@
|
||||
version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
|
||||
name: docker_sdk_for_python
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
|
||||
version: v2.7.3-0
|
||||
version: v2.7.2-1
|
||||
name: etherpad
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
|
||||
version: v4.99.1-r0-2-1
|
||||
|
||||
@@ -13,7 +13,7 @@ matrix_continuwuity_enabled: true
|
||||
matrix_continuwuity_hostname: ''
|
||||
|
||||
# renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity
|
||||
matrix_continuwuity_version: v0.5.8
|
||||
matrix_continuwuity_version: v0.5.9
|
||||
|
||||
matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}"
|
||||
matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}"
|
||||
|
||||
@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
|
||||
matrix_synapse_github_org_and_repo: element-hq/synapse
|
||||
|
||||
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
|
||||
matrix_synapse_version: v1.152.0
|
||||
matrix_synapse_version: v1.152.1
|
||||
|
||||
matrix_synapse_username: ''
|
||||
matrix_synapse_uid: ''
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
@@ -13,7 +13,7 @@ matrix_tuwunel_enabled: true
|
||||
matrix_tuwunel_hostname: ''
|
||||
|
||||
# renovate: datasource=docker depName=ghcr.io/matrix-construct/tuwunel
|
||||
matrix_tuwunel_version: v1.6.1
|
||||
matrix_tuwunel_version: v1.6.2
|
||||
|
||||
matrix_tuwunel_container_image: "{{ matrix_tuwunel_container_image_registry_prefix }}matrix-construct/tuwunel:{{ matrix_tuwunel_container_image_tag }}"
|
||||
matrix_tuwunel_container_image_tag: "{{ matrix_tuwunel_version }}"
|
||||
@@ -177,6 +177,18 @@ matrix_tuwunel_config_forbidden_remote_server_names: []
|
||||
matrix_tuwunel_config_forbidden_remote_room_directory_server_names: []
|
||||
matrix_tuwunel_config_prevent_media_downloads_from: []
|
||||
|
||||
# MSC4284 policy server enforcement.
|
||||
# When enabled, rooms with a valid `m.room.policy` state event will have
|
||||
# outgoing events signed by the configured policy server before federation.
|
||||
# Refusal aborts the local request; transient network or timeout failures
|
||||
# fail open with a warn log so a policy-server outage does not silently
|
||||
# take the room offline.
|
||||
matrix_tuwunel_config_enable_policy_servers: false
|
||||
|
||||
# Timeout (in seconds) for outbound `/sign` calls and inbound
|
||||
# signature-fetches against a room's policy server.
|
||||
matrix_tuwunel_config_policy_server_request_timeout: 5
|
||||
|
||||
# Outgoing presence is heavy on CPU and network and almost no clients use it. Off by default.
|
||||
matrix_tuwunel_config_allow_outgoing_presence: false
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{#
|
||||
SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{#
|
||||
SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#}
|
||||
@@ -57,6 +57,9 @@ forbidden_remote_room_directory_server_names = {{ matrix_tuwunel_config_forbidde
|
||||
prevent_media_downloads_from = {{ matrix_tuwunel_config_prevent_media_downloads_from | to_json }}
|
||||
{% endif %}
|
||||
|
||||
enable_policy_servers = {{ matrix_tuwunel_config_enable_policy_servers | to_json }}
|
||||
policy_server_request_timeout = {{ matrix_tuwunel_config_policy_server_request_timeout }}
|
||||
|
||||
allow_outgoing_presence = {{ matrix_tuwunel_config_allow_outgoing_presence | to_json }}
|
||||
|
||||
{% if matrix_tuwunel_config_url_preview_domain_contains_allowlist | length > 0 %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# SPDX-FileCopyrightText: 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2025 - 2026 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
||||
Reference in New Issue
Block a user