This release adds opt-in server-level enforcement of MSC4284 policy
servers via two new `[global]` keys: `enable_policy_servers` and
`policy_server_request_timeout`. Surface both as Ansible variables
matching tuwunel's upstream defaults (off, 5s timeout) and refresh the
docs section that previously claimed MSC4284 needed no playbook
configuration.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5213.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Tuwunel is a Matrix homeserver maintained by the matrix-construct
organisation. See https://matrix-construct.github.io/tuwunel/.
The rendered TOML emits only keys exposed as Ansible variables; the
rest fall back to tuwunel's upstream defaults. Anything not surfaced
can be set via the TUWUNEL_* env extension or by overriding the
template path.
Popular features Tuwunel adds variables for:
- OAuth2/OIDC identity providers (a list of `[[global.identity_provider]]`
blocks; brand-aware defaults for Google, GitHub, Keycloak, MAS, etc)
- LDAP and JWT authentication
- Media storage providers (native local and S3 with multipart upload)
- RocksDB tuning (compression, direct_io, parallelism, online backups)
- Native TLS dual-protocol mode
- Blurhashing, Sentry crash reporting
Auto-wired from existing playbook globals: well-known client URL,
TURN/coturn, MatrixRTC LiveKit URL, federation.
The `tuwunel-migrate-from-conduwuit` tag performs a binary-swap
migration. Migration from any other Conduit derivative is unsupported
and would corrupt the database.
Signed-off-by: Jason Volk <jason@zemos.net>
