diff --git a/docs/deploying/docker-compose.for-traefik.yml b/docs/deploying/docker-compose.for-traefik.yml index 366f6999..3b2c8787 100644 --- a/docs/deploying/docker-compose.for-traefik.yml +++ b/docs/deploying/docker-compose.for-traefik.yml @@ -1,48 +1,48 @@ -# conduwuit - Behind Traefik Reverse Proxy +# tuwunel - Behind Traefik Reverse Proxy services: homeserver: ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image, ### then you are ready to go. - image: girlbossceo/conduwuit:latest + image: jevolk/tuwunel:latest restart: unless-stopped volumes: - - db:/var/lib/conduwuit - #- ./conduwuit.toml:/etc/conduwuit.toml + - db:/var/lib/tuwunel + #- ./tuwunel.toml:/etc/tuwunel.toml networks: - proxy environment: - CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS - CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit - CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label - CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB - CONDUWUIT_ALLOW_REGISTRATION: 'true' - CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. - #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' - CONDUWUIT_ALLOW_FEDERATION: 'true' - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true' - CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]' - #CONDUWUIT_LOG: warn,state_res=warn - CONDUWUIT_ADDRESS: 0.0.0.0 - #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above + TUWUNEL_SERVER_NAME: your.server.name.example # EDIT THIS + TUWUNEL_DATABASE_PATH: /var/lib/tuwunel + TUWUNEL_PORT: 6167 # should match the loadbalancer traefik label + TUWUNEL_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB + TUWUNEL_ALLOW_REGISTRATION: 'true' + TUWUNEL_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. + #TUWUNEL_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' + TUWUNEL_ALLOW_FEDERATION: 'true' + TUWUNEL_ALLOW_CHECK_FOR_UPDATES: 'true' + TUWUNEL_TRUSTED_SERVERS: '["matrix.org"]' + #TUWUNEL_LOG: warn,state_res=warn + TUWUNEL_ADDRESS: 0.0.0.0 + #TUWUNEL_CONFIG: '/etc/tuwunel.toml' # Uncomment if you mapped config toml above - # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN - # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate + # We need some way to serve the client and server .well-known json. The simplest way is via the TUWUNEL_WELL_KNOWN + # variable / config option, there are multiple ways to do this, e.g. in the tuwunel.toml file, and in a seperate # see the override file for more information about delegation - CONDUWUIT_WELL_KNOWN: | + TUWUNEL_WELL_KNOWN: | { client=https://your.server.name.example, server=your.server.name.example:443 } #cpuset: "0-4" # Uncomment to limit to specific CPU cores - ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it + ulimits: # tuwunel uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it nofile: soft: 1048567 hard: 1048567 ### Uncomment if you want to use your own Element-Web App. ### Note: You need to provide a config.json for Element and you also need a second - ### Domain or Subdomain for the communication between Element and conduwuit + ### Domain or Subdomain for the communication between Element and tuwunel ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md # element-web: # image: vectorim/element-web:latest diff --git a/docs/deploying/docker-compose.override.yml b/docs/deploying/docker-compose.override.yml index a343eeee..83c3158e 100644 --- a/docs/deploying/docker-compose.override.yml +++ b/docs/deploying/docker-compose.override.yml @@ -1,4 +1,4 @@ -# conduwuit - Traefik Reverse Proxy Labels +# tuwunel - Traefik Reverse Proxy Labels services: homeserver: @@ -6,17 +6,17 @@ services: - "traefik.enable=true" - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network - - "traefik.http.routers.to-conduwuit.rule=Host(`.`)" # Change to the address on which conduwuit is hosted - - "traefik.http.routers.to-conduwuit.tls=true" - - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt" - - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker" - - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167" + - "traefik.http.routers.to-tuwunel.rule=Host(`.`)" # Change to the address on which tuwunel is hosted + - "traefik.http.routers.to-tuwunel.tls=true" + - "traefik.http.routers.to-tuwunel.tls.certresolver=letsencrypt" + - "traefik.http.routers.to-tuwunel.middlewares=cors-headers@docker" + - "traefik.http.services.to_tuwunel.loadbalancer.server.port=6167" - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*" - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization" - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS" - # If you want to have your account on , but host conduwuit on a subdomain, + # If you want to have your account on , but host tuwunel on a subdomain, # you can let it only handle the well known file on that domain instead #- "traefik.http.routers.to-matrix-wellknown.rule=Host(``) && PathPrefix(`/.well-known/matrix`)" #- "traefik.http.routers.to-matrix-wellknown.tls=true" diff --git a/docs/deploying/docker-compose.with-caddy.yml b/docs/deploying/docker-compose.with-caddy.yml index 431cf2d4..318440b3 100644 --- a/docs/deploying/docker-compose.with-caddy.yml +++ b/docs/deploying/docker-compose.with-caddy.yml @@ -1,6 +1,6 @@ services: caddy: - # This compose file uses caddy-docker-proxy as the reverse proxy for conduwuit! + # This compose file uses caddy-docker-proxy as the reverse proxy for tuwunel! # For more info, visit https://github.com/lucaslorentz/caddy-docker-proxy image: lucaslorentz/caddy-docker-proxy:ci-alpine ports: @@ -20,27 +20,27 @@ services: caddy.1_respond: /.well-known/matrix/client {"m.server":{"base_url":"https://matrix.example.com"},"m.homeserver":{"base_url":"https://matrix.example.com"},"org.matrix.msc3575.proxy":{"url":"https://matrix.example.com"}} homeserver: - ### If you already built the conduwuit image with 'docker build' or want to use a registry image, + ### If you already built the tuwunel image with 'docker build' or want to use a registry image, ### then you are ready to go. - image: girlbossceo/conduwuit:latest + image: jevolk/tuwunel:latest restart: unless-stopped volumes: - - db:/var/lib/conduwuit - #- ./conduwuit.toml:/etc/conduwuit.toml + - db:/var/lib/tuwunel + #- ./tuwunel.toml:/etc/tuwunel.toml environment: - CONDUWUIT_SERVER_NAME: example.com # EDIT THIS - CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit - CONDUWUIT_PORT: 6167 - CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB - CONDUWUIT_ALLOW_REGISTRATION: 'true' - CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. - #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' - CONDUWUIT_ALLOW_FEDERATION: 'true' - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true' - CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]' - #CONDUWUIT_LOG: warn,state_res=warn - CONDUWUIT_ADDRESS: 0.0.0.0 - #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above + TUWUNEL_SERVER_NAME: example.com # EDIT THIS + TUWUNEL_DATABASE_PATH: /var/lib/tuwunel + TUWUNEL_PORT: 6167 + TUWUNEL_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB + TUWUNEL_ALLOW_REGISTRATION: 'true' + TUWUNEL_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. + #TUWUNEL_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' + TUWUNEL_ALLOW_FEDERATION: 'true' + TUWUNEL_ALLOW_CHECK_FOR_UPDATES: 'true' + TUWUNEL_TRUSTED_SERVERS: '["matrix.org"]' + #TUWUNEL_LOG: warn,state_res=warn + TUWUNEL_ADDRESS: 0.0.0.0 + #TUWUNEL_CONFIG: '/etc/tuwunel.toml' # Uncomment if you mapped config toml above networks: - caddy labels: diff --git a/docs/deploying/docker-compose.with-traefik.yml b/docs/deploying/docker-compose.with-traefik.yml index 89118c74..c2484545 100644 --- a/docs/deploying/docker-compose.with-traefik.yml +++ b/docs/deploying/docker-compose.with-traefik.yml @@ -1,56 +1,56 @@ -# conduwuit - Behind Traefik Reverse Proxy +# tuwunel - Behind Traefik Reverse Proxy services: homeserver: - ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image, + ### If you already built the tuwunel image with 'docker build' or want to use the Docker Hub image, ### then you are ready to go. - image: girlbossceo/conduwuit:latest + image: jevolk/tuwunel:latest restart: unless-stopped volumes: - - db:/var/lib/conduwuit - #- ./conduwuit.toml:/etc/conduwuit.toml + - db:/var/lib/tuwunel + #- ./tuwunel.toml:/etc/tuwunel.toml networks: - proxy environment: - CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS - CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]' - CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this - CONDUWUIT_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server - #CONDUWUIT_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read - CONDUWUIT_ADDRESS: 0.0.0.0 - CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it - CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit - #CONDUWUIT_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above - ### Uncomment and change values as desired, note that conduwuit has plenty of config options, so you should check out the example example config too + TUWUNEL_SERVER_NAME: your.server.name.example # EDIT THIS + TUWUNEL_TRUSTED_SERVERS: '["matrix.org"]' + TUWUNEL_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this + TUWUNEL_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server + #TUWUNEL_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read + TUWUNEL_ADDRESS: 0.0.0.0 + TUWUNEL_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it + TUWUNEL_DATABASE_PATH: /var/lib/tuwunel + #TUWUNEL_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above + ### Uncomment and change values as desired, note that tuwunel has plenty of config options, so you should check out the example example config too # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging - # CONDUWUIT_LOG: info # default is: "warn,state_res=warn" - # CONDUWUIT_ALLOW_ENCRYPTION: 'true' - # CONDUWUIT_ALLOW_FEDERATION: 'true' - # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true' - # CONDUWUIT_ALLOW_INCOMING_PRESENCE: true - # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true - # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true - # CONDUWUIT_WORKERS: 10 - # CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB - # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧" + # TUWUNEL_LOG: info # default is: "warn,state_res=warn" + # TUWUNEL_ALLOW_ENCRYPTION: 'true' + # TUWUNEL_ALLOW_FEDERATION: 'true' + # TUWUNEL_ALLOW_CHECK_FOR_UPDATES: 'true' + # TUWUNEL_ALLOW_INCOMING_PRESENCE: true + # TUWUNEL_ALLOW_OUTGOING_PRESENCE: true + # TUWUNEL_ALLOW_LOCAL_PRESENCE: true + # TUWUNEL_WORKERS: 10 + # TUWUNEL_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB + # TUWUNEL_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧" - # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN - # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a seperate + # We need some way to serve the client and server .well-known json. The simplest way is via the TUWUNEL_WELL_KNOWN + # variable / config option, there are multiple ways to do this, e.g. in the tuwunel.toml file, and in a seperate # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included - CONDUWUIT_WELL_KNOWN: | + TUWUNEL_WELL_KNOWN: | { client=https://your.server.name.example, server=your.server.name.example:443 } #cpuset: "0-4" # Uncomment to limit to specific CPU cores - ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it + ulimits: # tuwunel uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it nofile: soft: 1048567 hard: 1048567 ### Uncomment if you want to use your own Element-Web App. ### Note: You need to provide a config.json for Element and you also need a second - ### Domain or Subdomain for the communication between Element and conduwuit + ### Domain or Subdomain for the communication between Element and tuwunel ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md # element-web: # image: vectorim/element-web:latest diff --git a/docs/deploying/docker-compose.yml b/docs/deploying/docker-compose.yml index ca33b5f5..589da424 100644 --- a/docs/deploying/docker-compose.yml +++ b/docs/deploying/docker-compose.yml @@ -1,34 +1,34 @@ -# conduwuit +# tuwunel services: homeserver: - ### If you already built the conduwuit image with 'docker build' or want to use a registry image, + ### If you already built the tuwunel image with 'docker build' or want to use a registry image, ### then you are ready to go. - image: girlbossceo/conduwuit:latest + image: jevolk/tuwunel:latest restart: unless-stopped ports: - 8448:6167 volumes: - - db:/var/lib/conduwuit - #- ./conduwuit.toml:/etc/conduwuit.toml + - db:/var/lib/tuwunel + #- ./tuwunel.toml:/etc/tuwunel.toml environment: - CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS - CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit - CONDUWUIT_PORT: 6167 - CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB - CONDUWUIT_ALLOW_REGISTRATION: 'true' - CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. - #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' - CONDUWUIT_ALLOW_FEDERATION: 'true' - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true' - CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]' - #CONDUWUIT_LOG: warn,state_res=warn - CONDUWUIT_ADDRESS: 0.0.0.0 - #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above + TUWUNEL_SERVER_NAME: your.server.name # EDIT THIS + TUWUNEL_DATABASE_PATH: /var/lib/tuwunel + TUWUNEL_PORT: 6167 + TUWUNEL_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB + TUWUNEL_ALLOW_REGISTRATION: 'true' + TUWUNEL_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed. + #TUWUNEL_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true' + TUWUNEL_ALLOW_FEDERATION: 'true' + TUWUNEL_ALLOW_CHECK_FOR_UPDATES: 'true' + TUWUNEL_TRUSTED_SERVERS: '["matrix.org"]' + #TUWUNEL_LOG: warn,state_res=warn + TUWUNEL_ADDRESS: 0.0.0.0 + #TUWUNEL_CONFIG: '/etc/tuwunel.toml' # Uncomment if you mapped config toml above # ### Uncomment if you want to use your own Element-Web App. ### Note: You need to provide a config.json for Element and you also need a second - ### Domain or Subdomain for the communication between Element and conduwuit + ### Domain or Subdomain for the communication between Element and tuwunel ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md # element-web: # image: vectorim/element-web:latest diff --git a/docs/deploying/docker.md b/docs/deploying/docker.md index bdbfb59c..9c46e2a8 100644 --- a/docs/deploying/docker.md +++ b/docs/deploying/docker.md @@ -1,31 +1,31 @@ -# conduwuit for Docker +# tuwunel for Docker ## Docker -To run conduwuit with Docker you can either build the image yourself or pull it +To run tuwunel with Docker you can either build the image yourself or pull it from a registry. ### Use a registry -OCI images for conduwuit are available in the registries listed below. +OCI images for tuwunel are available in the registries listed below. | Registry | Image | Size | Notes | | --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- | -| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:latest][gh] | ![Image Size][shield-latest] | Stable latest tagged image. | -| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:latest][gl] | ![Image Size][shield-latest] | Stable latest tagged image. | -| Docker Hub | [docker.io/girlbossceo/conduwuit:latest][dh] | ![Image Size][shield-latest] | Stable latest tagged image. | -| GitHub Registry | [ghcr.io/girlbossceo/conduwuit:main][gh] | ![Image Size][shield-main] | Stable main branch. | -| GitLab Registry | [registry.gitlab.com/conduwuit/conduwuit:main][gl] | ![Image Size][shield-main] | Stable main branch. | -| Docker Hub | [docker.io/girlbossceo/conduwuit:main][dh] | ![Image Size][shield-main] | Stable main branch. | +| GitHub Registry | [ghcr.io/jevolk/tuwunel:latest][gh] | ![Image Size][shield-latest] | Stable latest tagged image. | +| GitLab Registry | [registry.gitlab.com/tuwunel/tuwunel:latest][gl] | ![Image Size][shield-latest] | Stable latest tagged image. | +| Docker Hub | [docker.io/jevolk/tuwunel:latest][dh] | ![Image Size][shield-latest] | Stable latest tagged image. | +| GitHub Registry | [ghcr.io/jevolk/tuwunel:main][gh] | ![Image Size][shield-main] | Stable main branch. | +| GitLab Registry | [registry.gitlab.com/tuwunel/tuwunel:main][gl] | ![Image Size][shield-main] | Stable main branch. | +| Docker Hub | [docker.io/jevolk/tuwunel:main][dh] | ![Image Size][shield-main] | Stable main branch. | -[dh]: https://hub.docker.com/r/girlbossceo/conduwuit -[gh]: https://github.com/girlbossceo/conduwuit/pkgs/container/conduwuit -[gl]: https://gitlab.com/conduwuit/conduwuit/container_registry/6369729 -[shield-latest]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/latest -[shield-main]: https://img.shields.io/docker/image-size/girlbossceo/conduwuit/main +[dh]: https://hub.docker.com/r/jevolk/tuwunel +[gh]: https://github.com/jevolk/tuwunel/pkgs/container/tuwunel +[gl]: https://gitlab.com/tuwunel/tuwunel/container_registry/6369729 +[shield-latest]: https://img.shields.io/docker/image-size/jevolk/tuwunel/latest +[shield-main]: https://img.shields.io/docker/image-size/jevolk/tuwunel/main OCI image `.tar.gz` files are also hosted directly at when uploaded by CI with a -commit hash/revision or a tagged release: +commit hash/revision or a tagged release: Use @@ -41,22 +41,22 @@ When you have the image you can simply run it with ```bash docker run -d -p 8448:6167 \ - -v db:/var/lib/conduwuit/ \ - -e CONDUWUIT_SERVER_NAME="your.server.name" \ - -e CONDUWUIT_ALLOW_REGISTRATION=false \ - --name conduwuit $LINK + -v db:/var/lib/tuwunel/ \ + -e tuwunel_SERVER_NAME="your.server.name" \ + -e tuwunel_ALLOW_REGISTRATION=false \ + --name tuwunel $LINK ``` or you can use [docker compose](#docker-compose). The `-d` flag lets the container run in detached mode. You may supply an -optional `conduwuit.toml` config file, the example config can be found +optional `tuwunel.toml` config file, the example config can be found [here](../configuration/examples.md). You can pass in different env vars to -change config values on the fly. You can even configure conduwuit completely by +change config values on the fly. You can even configure tuwunel completely by using env vars. For an overview of possible values, please take a look at the [`docker-compose.yml`](docker-compose.yml) file. -If you just want to test conduwuit for a short time, you can use the `--rm` +If you just want to test tuwunel for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it. @@ -91,32 +91,7 @@ docker network create caddy After that, you can rename it so it matches `docker-compose.yml` and spin up the containers! -Additional info about deploying conduwuit can be found [here](generic.md). - -### Build - -Official conduwuit images are built using Nix's -[`buildLayeredImage`][nix-buildlayeredimage]. This ensures all OCI images are -repeatable and reproducible by anyone, keeps the images lightweight, and can be -built offline. - -This also ensures portability of our images because `buildLayeredImage` builds -OCI images, not Docker images, and works with other container software. - -The OCI images are OS-less with only a very minimal environment of the `tini` -init system, CA certificates, and the conduwuit binary. This does mean there is -not a shell, but in theory you can get a shell by adding the necessary layers -to the layered image. However it's very unlikely you will need a shell for any -real troubleshooting. - -The flake file for the OCI image definition is at [`nix/pkgs/oci-image/default.nix`][oci-image-def]. - -To build an OCI image using Nix, the following outputs can be built: -- `nix build -L .#oci-image` (default features, x86_64 glibc) -- `nix build -L .#oci-image-x86_64-linux-musl` (default features, x86_64 musl) -- `nix build -L .#oci-image-aarch64-linux-musl` (default features, aarch64 musl) -- `nix build -L .#oci-image-x86_64-linux-musl-all-features` (all features, x86_64 musl) -- `nix build -L .#oci-image-aarch64-linux-musl-all-features` (all features, aarch64 musl) +Additional info about deploying tuwunel can be found [here](generic.md). ### Run @@ -130,6 +105,30 @@ docker compose up -d > **Note:** Don't forget to modify and adjust the compose file to your needs. +### Nix build + +Tuwunel's Nix images are built using [`buildLayeredImage`][nix-buildlayeredimage]. +This ensures all OCI images are repeatable and reproducible by anyone, keeps the +images lightweight, and can be built offline. + +This also ensures portability of our images because `buildLayeredImage` builds +OCI images, not Docker images, and works with other container software. + +The OCI images are OS-less with only a very minimal environment of the `tini` +init system, CA certificates, and the tuwunel binary. This does mean there is +not a shell, but in theory you can get a shell by adding the necessary layers +to the layered image. However it's very unlikely you will need a shell for any +real troubleshooting. + +The flake file for the OCI image definition is at [`nix/pkgs/oci-image/default.nix`][oci-image-def]. + +To build an OCI image using Nix, the following outputs can be built: +- `nix build -L .#oci-image` (default features, x86_64 glibc) +- `nix build -L .#oci-image-x86_64-linux-musl` (default features, x86_64 musl) +- `nix build -L .#oci-image-aarch64-linux-musl` (default features, aarch64 musl) +- `nix build -L .#oci-image-x86_64-linux-musl-all-features` (all features, x86_64 musl) +- `nix build -L .#oci-image-aarch64-linux-musl-all-features` (all features, aarch64 musl) + ### Use Traefik as Proxy As a container user, you probably know about Traefik. It is a easy to use @@ -138,10 +137,10 @@ web. With the two provided files, [`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or [`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and [`docker-compose.override.yml`](docker-compose.override.yml), it is equally easy -to deploy and use conduwuit, with a little caveat. If you already took a look at +to deploy and use tuwunel, with a little caveat. If you already took a look at the files, then you should have seen the `well-known` service, and that is the little caveat. Traefik is simply a proxy and loadbalancer and is not able to -serve any kind of content, but for conduwuit to federate, we need to either +serve any kind of content, but for tuwunel to federate, we need to either expose ports `443` and `8448` or serve two endpoints `.well-known/matrix/client` and `.well-known/matrix/server`. @@ -153,4 +152,4 @@ those two files. See the [TURN](../turn.md) page. [nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage -[oci-image-def]: https://github.com/girlbossceo/conduwuit/blob/main/nix/pkgs/oci-image/default.nix +[oci-image-def]: https://github.com/jevolk/tuwunel/blob/main/nix/pkgs/oci-image/default.nix