mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2026-05-10 09:14:36 +00:00
c111008d25
Tuwunel is a Matrix homeserver maintained by the matrix-construct organisation. See https://matrix-construct.github.io/tuwunel/. The rendered TOML emits only keys exposed as Ansible variables; the rest fall back to tuwunel's upstream defaults. Anything not surfaced can be set via the TUWUNEL_* env extension or by overriding the template path. Popular features Tuwunel adds variables for: - OAuth2/OIDC identity providers (a list of `[[global.identity_provider]]` blocks; brand-aware defaults for Google, GitHub, Keycloak, MAS, etc) - LDAP and JWT authentication - Media storage providers (native local and S3 with multipart upload) - RocksDB tuning (compression, direct_io, parallelism, online backups) - Native TLS dual-protocol mode - Blurhashing, Sentry crash reporting Auto-wired from existing playbook globals: well-known client URL, TURN/coturn, MatrixRTC LiveKit URL, federation. The `tuwunel-migrate-from-conduwuit` tag performs a binary-swap migration. Migration from any other Conduit derivative is unsupported and would corrupt the database. Signed-off-by: Jason Volk <jason@zemos.net>
56 lines
2.6 KiB
Django/Jinja
56 lines
2.6 KiB
Django/Jinja
#jinja2: lstrip_blocks: True
|
|
[Unit]
|
|
Description=Tuwunel Matrix homeserver
|
|
{% for service in matrix_tuwunel_systemd_required_services_list %}
|
|
Requires={{ service }}
|
|
After={{ service }}
|
|
{% endfor %}
|
|
{% for service in matrix_tuwunel_systemd_wanted_services_list %}
|
|
Wants={{ service }}
|
|
{% endfor %}
|
|
|
|
[Service]
|
|
Type=simple
|
|
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-tuwunel 2>/dev/null || true'
|
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-tuwunel 2>/dev/null || true'
|
|
|
|
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
|
--rm \
|
|
--name=matrix-tuwunel \
|
|
--log-driver=none \
|
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
--cap-drop=ALL \
|
|
--read-only \
|
|
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_tuwunel_tmp_directory_size_mb }}m \
|
|
--network={{ matrix_tuwunel_container_network }} \
|
|
--env-file={{ matrix_tuwunel_base_path }}/env \
|
|
--env TUWUNEL_CONFIG=/etc/tuwunel/tuwunel.toml \
|
|
--label-file={{ matrix_tuwunel_base_path }}/labels \
|
|
--mount type=bind,src={{ matrix_tuwunel_data_path }},dst=/var/lib/tuwunel \
|
|
--mount type=bind,src={{ matrix_tuwunel_config_path }},dst=/etc/tuwunel,ro \
|
|
{% for arg in matrix_tuwunel_container_extra_arguments %}
|
|
{{ arg }} \
|
|
{% endfor %}
|
|
{{ matrix_tuwunel_container_image }}
|
|
|
|
{% for network in matrix_tuwunel_container_additional_networks %}
|
|
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-tuwunel
|
|
{% endfor %}
|
|
|
|
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-tuwunel
|
|
|
|
{% if matrix_tuwunel_systemd_service_post_start_delay_seconds != 0 %}
|
|
ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_tuwunel_systemd_service_post_start_delay_seconds }}
|
|
{% endif %}
|
|
|
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-tuwunel 2>/dev/null || true'
|
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-tuwunel 2>/dev/null || true'
|
|
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-tuwunel /bin/sh -c 'kill -HUP 1'
|
|
Restart=always
|
|
RestartSec=30
|
|
SyslogIdentifier=matrix-tuwunel
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|