mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 04:50:40 +01:00 
			
		
		
		
	
		
			
				
	
	
		
			210 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			210 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # SOME DESCRIPTIVE TITLE.
 | ||
| # Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community members
 | ||
| # This file is distributed under the same license as the matrix-docker-ansible-deploy package.
 | ||
| # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 | ||
| #
 | ||
| #, fuzzy
 | ||
| msgid ""
 | ||
| msgstr ""
 | ||
| "Project-Id-Version: matrix-docker-ansible-deploy \n"
 | ||
| "Report-Msgid-Bugs-To: \n"
 | ||
| "POT-Creation-Date: 2024-12-20 09:53+0200\n"
 | ||
| "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 | ||
| "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 | ||
| "Language-Team: LANGUAGE <LL@li.org>\n"
 | ||
| "MIME-Version: 1.0\n"
 | ||
| "Content-Type: text/plain; charset=UTF-8\n"
 | ||
| "Content-Transfer-Encoding: 8bit\n"
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:1
 | ||
| msgid "Setting up ma1sd Identity Server (optional)"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:3
 | ||
| msgid "**⚠️Note**: ma1sd itself has also been unmaintained for years (the latest commit and release being from 2021). The role of identity servers in the Matrix specification also has an uncertain future. **We recommend not bothering with installing it unless it's the only way you can do what you need to do**. For example, certain things like LDAP integration can also be implemented via [the LDAP provider module for Synapse](./configuring-playbook-ldap-auth.md)."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:5
 | ||
| msgid "The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. It is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:7
 | ||
| msgid "ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). It is private by default, potentially at the expense of user discoverability."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:9
 | ||
| msgid "See the project's [documentation](https://github.com/ma1uta/ma1sd/blob/master/README.md) to learn what it does and why it might be useful to you."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:11
 | ||
| msgid "**Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible)."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:13
 | ||
| msgid "Adjusting DNS records"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:15
 | ||
| msgid "To make the ma1sd Identity Server enable its federation features, set up a SRV record that looks like this:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:17
 | ||
| msgid "Name: `_matrix-identity._tcp` (use this text as-is)"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:18
 | ||
| msgid "Content: `10 0 443 matrix.example.com` (replace `example.com` with your own)"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:20
 | ||
| msgid "See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:22
 | ||
| msgid "**Note**: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:24
 | ||
| msgid "Adjusting the playbook configuration"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:26
 | ||
| msgid "To enable ma1sd, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:32
 | ||
| msgid "Matrix.org lookup forwarding"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:34
 | ||
| msgid "To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information)."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:36
 | ||
| msgid "Enabling this is discouraged and you'd better [learn more](https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups) before proceeding."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:38
 | ||
| msgid "To enable matrix.org forwarding, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:44
 | ||
| msgid "Additional features"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:46
 | ||
| msgid "What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:48
 | ||
| msgid "A few variables can be toggled in this playbook to alter the ma1sd configuration that gets generated."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:50
 | ||
| msgid "Still, ma1sd can do much more. You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more details and configuration options."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:52
 | ||
| msgid "To use a more custom configuration, you can define a `matrix_ma1sd_configuration_extension_yaml` string variable and put your configuration in it. To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) of the ma1sd component."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:54
 | ||
| msgid "Customizing email templates"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:56
 | ||
| msgid "If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables (in the `roles/custom/matrix-ma1sd/defaults/main.yml` file."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:58
 | ||
| msgid "ma1sd-controlled Registration"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:60
 | ||
| msgid "To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md) feature of ma1sd, you can make use of the following variables:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:62
 | ||
| msgid "`matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:64
 | ||
| msgid "`matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring-captcha.md) documentation."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:66
 | ||
| msgid "`matrix_synapse_registrations_require_3pid` - a list of 3pid types (among `'email'`, `'msisdn'`) required by the Synapse server for registering"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:68
 | ||
| msgid "variables prefixed with `matrix_ma1sd_container_labels_` (e.g. `matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled`) - to configure the Traefik reverse-proxy to capture and send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:70
 | ||
| msgid "`matrix_ma1sd_configuration_extension_yaml` - to configure ma1sd as required. See the [Registration feature's docs](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md) for inspiration. Also see the [Additional features](#additional-features) section below to learn more about how to use `matrix_ma1sd_configuration_extension_yaml`."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:72
 | ||
| msgid "**Note**: For this to work, either the homeserver needs to [federate](configuring-playbook-federation.md) or the `openid` APIs need to exposed on the federation port. When federation is disabled and ma1sd is enabled, we automatically expose the `openid` APIs (only!) on the federation port. Make sure the federation port (usually `https://matrix.example.com:8448`) is whitelisted in your firewall (even if you don't actually use/need federation)."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:74
 | ||
| msgid "Authentication"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:76
 | ||
| msgid "[Authentication](https://github.com/ma1uta/ma1sd/blob/master/docs/features/authentication.md) provides the possibility to use your own [Identity Stores](https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md) (for example LDAP) to authenticate users on your Homeserver."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:78
 | ||
| msgid "To enable authentication against an LDAP server, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:98
 | ||
| msgid "Example: SMS verification"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:100
 | ||
| msgid "If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:114
 | ||
| msgid "Example: Open Registration for every Domain"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:116
 | ||
| msgid "If you want to open registration for any domain, you have to setup the allowed domains with ma1sd's `blacklist` and `whitelist`. The default behavior when neither the `blacklist`, nor the `whitelist` match, is to allow registration. Beware: you can't block toplevel domains (aka `.xy`) because the internal architecture of ma1sd doesn't allow that."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:130
 | ||
| msgid "Installing"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:132
 | ||
| msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:139
 | ||
| msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:141
 | ||
| msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:143
 | ||
| msgid "Troubleshooting"
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:145
 | ||
| msgid "If email address validation emails sent by ma1sd are not reaching you, you should look into [Adjusting email-sending settings](configuring-playbook-email.md)."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:147
 | ||
| msgid "If you'd like additional logging information, temporarily enable verbose logging for ma1sd."
 | ||
| msgstr ""
 | ||
| 
 | ||
| #: ../../../docs/configuring-playbook-ma1sd.md:149
 | ||
| msgid "To enable it, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
 | ||
| msgstr ""
 |