2024-12-20 07:37:38 +00:00
|
|
|
|
# SOME DESCRIPTIVE TITLE.
|
|
|
|
|
# Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community
|
|
|
|
|
# members
|
|
|
|
|
# This file is distributed under the same license as the
|
|
|
|
|
# matrix-docker-ansible-deploy package.
|
|
|
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
|
|
|
|
|
#
|
|
|
|
|
#, fuzzy
|
|
|
|
|
msgid ""
|
|
|
|
|
msgstr ""
|
|
|
|
|
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
|
|
|
|
"Report-Msgid-Bugs-To: \n"
|
2024-12-20 07:54:28 +00:00
|
|
|
|
"POT-Creation-Date: 2024-12-20 09:53+0200\n"
|
2024-12-20 07:37:38 +00:00
|
|
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
|
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
|
|
|
"Language: jp\n"
|
|
|
|
|
"Language-Team: jp <LL@li.org>\n"
|
|
|
|
|
"MIME-Version: 1.0\n"
|
|
|
|
|
"Content-Type: text/plain; charset=utf-8\n"
|
|
|
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
|
"Generated-By: Babel 2.16.0\n"
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:1
|
|
|
|
|
msgid "Setting up ma1sd Identity Server (optional)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:3
|
|
|
|
|
msgid ""
|
|
|
|
|
"**⚠️Note**: ma1sd itself has also been unmaintained for years (the latest"
|
|
|
|
|
" commit and release being from 2021). The role of identity servers in the"
|
|
|
|
|
" Matrix specification also has an uncertain future. **We recommend not "
|
|
|
|
|
"bothering with installing it unless it's the only way you can do what you"
|
|
|
|
|
" need to do**. For example, certain things like LDAP integration can also"
|
|
|
|
|
" be implemented via [the LDAP provider module for Synapse](./configuring-"
|
|
|
|
|
"playbook-ldap-auth.md)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:5
|
|
|
|
|
msgid ""
|
|
|
|
|
"The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) "
|
|
|
|
|
"Identity Server for you. It is a fork of [mxisd](https://github.com"
|
|
|
|
|
"/kamax-io/mxisd) which was pronounced end of life 2019-06-21."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:7
|
|
|
|
|
msgid ""
|
|
|
|
|
"ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone "
|
|
|
|
|
"numbers) and some [enhanced "
|
|
|
|
|
"features](https://github.com/ma1uta/ma1sd/#features). It is private by "
|
|
|
|
|
"default, potentially at the expense of user discoverability."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:9
|
|
|
|
|
msgid ""
|
2024-12-20 07:54:28 +00:00
|
|
|
|
"See the project's "
|
|
|
|
|
"[documentation](https://github.com/ma1uta/ma1sd/blob/master/README.md) to"
|
|
|
|
|
" learn what it does and why it might be useful to you."
|
2024-12-20 07:37:38 +00:00
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:11
|
|
|
|
|
msgid ""
|
|
|
|
|
"**Note**: enabling ma1sd, means that the `openid` API endpoints will be "
|
|
|
|
|
"exposed on the Matrix Federation port (usually `8448`), even if "
|
|
|
|
|
"[federation](configuring-playbook-federation.md) is disabled. It's "
|
|
|
|
|
"something to be aware of, especially in terms of firewall whitelisting "
|
|
|
|
|
"(make sure port `8448` is accessible)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:13
|
|
|
|
|
msgid "Adjusting DNS records"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:15
|
|
|
|
|
msgid ""
|
|
|
|
|
"To make the ma1sd Identity Server enable its federation features, set up "
|
|
|
|
|
"a SRV record that looks like this:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:17
|
|
|
|
|
msgid "Name: `_matrix-identity._tcp` (use this text as-is)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:18
|
|
|
|
|
msgid ""
|
|
|
|
|
"Content: `10 0 443 matrix.example.com` (replace `example.com` with your "
|
|
|
|
|
"own)"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:20
|
|
|
|
|
msgid ""
|
|
|
|
|
"See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-"
|
|
|
|
|
"and-your-privacy#choices-are-never-easy) for information on the privacy "
|
|
|
|
|
"implications of setting up this SRV record."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:22
|
|
|
|
|
msgid ""
|
|
|
|
|
"**Note**: This `_matrix-identity._tcp` SRV record for the identity server"
|
|
|
|
|
" is different from the `_matrix._tcp` that can be used for Synapse "
|
|
|
|
|
"delegation. See [howto-server-delegation.md](howto-server-delegation.md) "
|
|
|
|
|
"for more information about delegation."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:24
|
|
|
|
|
msgid "Adjusting the playbook configuration"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:26
|
|
|
|
|
msgid ""
|
|
|
|
|
"To enable ma1sd, add the following configuration to your "
|
|
|
|
|
"`inventory/host_vars/matrix.example.com/vars.yml` file:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:32
|
|
|
|
|
msgid "Matrix.org lookup forwarding"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:34
|
|
|
|
|
msgid ""
|
|
|
|
|
"To ensure maximum discovery, you can make your identity server also "
|
|
|
|
|
"forward lookups to the central matrix.org Identity server (at the cost of"
|
|
|
|
|
" potentially leaking all your contacts information)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:36
|
|
|
|
|
msgid ""
|
|
|
|
|
"Enabling this is discouraged and you'd better [learn "
|
|
|
|
|
"more](https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups)"
|
|
|
|
|
" before proceeding."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:38
|
|
|
|
|
msgid ""
|
|
|
|
|
"To enable matrix.org forwarding, add the following configuration to your "
|
|
|
|
|
"`inventory/host_vars/matrix.example.com/vars.yml` file:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:44
|
|
|
|
|
msgid "Additional features"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:46
|
|
|
|
|
msgid ""
|
|
|
|
|
"What this playbook configures for your is some bare minimum Identity "
|
|
|
|
|
"Server functionality, so that you won't need to rely on external 3rd "
|
|
|
|
|
"party services."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:48
|
|
|
|
|
msgid ""
|
|
|
|
|
"A few variables can be toggled in this playbook to alter the ma1sd "
|
|
|
|
|
"configuration that gets generated."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:50
|
|
|
|
|
msgid ""
|
|
|
|
|
"Still, ma1sd can do much more. You can refer to the [ma1sd "
|
|
|
|
|
"website](https://github.com/ma1uta/ma1sd) for more details and "
|
|
|
|
|
"configuration options."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:52
|
|
|
|
|
msgid ""
|
|
|
|
|
"To use a more custom configuration, you can define a "
|
|
|
|
|
"`matrix_ma1sd_configuration_extension_yaml` string variable and put your "
|
|
|
|
|
"configuration in it. To learn more about how to do this, refer to the "
|
|
|
|
|
"information about `matrix_ma1sd_configuration_extension_yaml` in the "
|
|
|
|
|
"[default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) "
|
|
|
|
|
"of the ma1sd component."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:54
|
|
|
|
|
msgid "Customizing email templates"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:56
|
|
|
|
|
msgid ""
|
|
|
|
|
"If you'd like to change the default email templates used by ma1sd, take a"
|
|
|
|
|
" look at the `matrix_ma1sd_threepid_medium_email_custom_` variables (in "
|
|
|
|
|
"the `roles/custom/matrix-ma1sd/defaults/main.yml` file."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:58
|
|
|
|
|
msgid "ma1sd-controlled Registration"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:60
|
|
|
|
|
msgid ""
|
|
|
|
|
"To use the "
|
|
|
|
|
"[Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md)"
|
|
|
|
|
" feature of ma1sd, you can make use of the following variables:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:62
|
|
|
|
|
msgid ""
|
|
|
|
|
"`matrix_synapse_enable_registration` - to enable user-initiated "
|
|
|
|
|
"registration in Synapse"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:64
|
|
|
|
|
msgid ""
|
|
|
|
|
"`matrix_synapse_enable_registration_captcha` - to validate registering "
|
|
|
|
|
"users using reCAPTCHA, as described in the [enabling reCAPTCHA"
|
|
|
|
|
"](configuring-captcha.md) documentation."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:66
|
|
|
|
|
msgid ""
|
|
|
|
|
"`matrix_synapse_registrations_require_3pid` - a list of 3pid types (among"
|
|
|
|
|
" `'email'`, `'msisdn'`) required by the Synapse server for registering"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:68
|
|
|
|
|
msgid ""
|
|
|
|
|
"variables prefixed with `matrix_ma1sd_container_labels_` (e.g. "
|
|
|
|
|
"`matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled`) "
|
|
|
|
|
"- to configure the Traefik reverse-proxy to capture and send registration"
|
|
|
|
|
" requests to ma1sd (instead of Synapse), so it can apply its additional "
|
|
|
|
|
"functionality"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:70
|
|
|
|
|
msgid ""
|
|
|
|
|
"`matrix_ma1sd_configuration_extension_yaml` - to configure ma1sd as "
|
|
|
|
|
"required. See the [Registration feature's "
|
|
|
|
|
"docs](https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md)"
|
|
|
|
|
" for inspiration. Also see the [Additional features](#additional-"
|
|
|
|
|
"features) section below to learn more about how to use "
|
|
|
|
|
"`matrix_ma1sd_configuration_extension_yaml`."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:72
|
|
|
|
|
msgid ""
|
|
|
|
|
"**Note**: For this to work, either the homeserver needs to [federate"
|
|
|
|
|
"](configuring-playbook-federation.md) or the `openid` APIs need to "
|
|
|
|
|
"exposed on the federation port. When federation is disabled and ma1sd is "
|
|
|
|
|
"enabled, we automatically expose the `openid` APIs (only!) on the "
|
|
|
|
|
"federation port. Make sure the federation port (usually "
|
|
|
|
|
"`https://matrix.example.com:8448`) is whitelisted in your firewall (even "
|
|
|
|
|
"if you don't actually use/need federation)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:74
|
|
|
|
|
msgid "Authentication"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:76
|
|
|
|
|
msgid ""
|
|
|
|
|
"[Authentication](https://github.com/ma1uta/ma1sd/blob/master/docs/features/authentication.md)"
|
|
|
|
|
" provides the possibility to use your own [Identity "
|
|
|
|
|
"Stores](https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md)"
|
|
|
|
|
" (for example LDAP) to authenticate users on your Homeserver."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:78
|
|
|
|
|
msgid ""
|
|
|
|
|
"To enable authentication against an LDAP server, add the following "
|
|
|
|
|
"configuration to your `inventory/host_vars/matrix.example.com/vars.yml` "
|
|
|
|
|
"file:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:98
|
|
|
|
|
msgid "Example: SMS verification"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:100
|
|
|
|
|
msgid ""
|
|
|
|
|
"If your use case requires mobile verification, it is quite simple to "
|
|
|
|
|
"integrate ma1sd with [Twilio](https://www.twilio.com/), an online "
|
|
|
|
|
"telephony services gateway. Their prices are reasonable for low-volume "
|
|
|
|
|
"projects and integration can be done with the following configuration:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:114
|
|
|
|
|
msgid "Example: Open Registration for every Domain"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:116
|
|
|
|
|
msgid ""
|
|
|
|
|
"If you want to open registration for any domain, you have to setup the "
|
|
|
|
|
"allowed domains with ma1sd's `blacklist` and `whitelist`. The default "
|
|
|
|
|
"behavior when neither the `blacklist`, nor the `whitelist` match, is to "
|
|
|
|
|
"allow registration. Beware: you can't block toplevel domains (aka `.xy`) "
|
|
|
|
|
"because the internal architecture of ma1sd doesn't allow that."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:130
|
|
|
|
|
msgid "Installing"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:132
|
|
|
|
|
msgid ""
|
|
|
|
|
"After configuring the playbook, run it with [playbook tags](playbook-"
|
|
|
|
|
"tags.md) as below:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:139
|
|
|
|
|
msgid ""
|
|
|
|
|
"The shortcut commands with the [`just` program](just.md) are also "
|
|
|
|
|
"available: `just install-all` or `just setup-all`"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:141
|
|
|
|
|
msgid ""
|
|
|
|
|
"`just install-all` is useful for maintaining your setup quickly ([2x-5x "
|
|
|
|
|
"faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-"
|
|
|
|
|
"runtime) than `just setup-all`) when its components remain unchanged. If "
|
|
|
|
|
"you adjust your `vars.yml` to remove other components, you'd need to run "
|
|
|
|
|
"`just setup-all`, or these components will still remain installed. Note "
|
|
|
|
|
"these shortcuts run the `ensure-matrix-users-created` tag too."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:143
|
|
|
|
|
msgid "Troubleshooting"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:145
|
|
|
|
|
msgid ""
|
|
|
|
|
"If email address validation emails sent by ma1sd are not reaching you, "
|
|
|
|
|
"you should look into [Adjusting email-sending settings](configuring-"
|
|
|
|
|
"playbook-email.md)."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:147
|
|
|
|
|
msgid ""
|
|
|
|
|
"If you'd like additional logging information, temporarily enable verbose "
|
|
|
|
|
"logging for ma1sd."
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
|
|
#: ../../../docs/configuring-playbook-ma1sd.md:149
|
|
|
|
|
msgid ""
|
|
|
|
|
"To enable it, add the following configuration to your "
|
|
|
|
|
"`inventory/host_vars/matrix.example.com/vars.yml` file:"
|
|
|
|
|
msgstr ""
|
|
|
|
|
|
2024-12-20 07:54:28 +00:00
|
|
|
|
#~ msgid ""
|
|
|
|
|
#~ "See the project's "
|
|
|
|
|
#~ "[documentation](https://github.com/ma1uta/ma1sd) to learn"
|
|
|
|
|
#~ " what it does and why it might"
|
|
|
|
|
#~ " be useful to you."
|
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|