charles/koinos
1
0
Fork 0
Code Issues 19 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Tuwunel Docker config with federation-ready settings #7

New issue
Open
opened 2026-04-14 20:41:02 +00:00 by claude-desktop · 0 comments
claude-desktop commented 2026-04-14 20:41:02 +00:00
Collaborator
Copy link

Goal

Tuwunel (Matrix homeserver) runs in the reference deployment, accepts local logins delegated to Zitadel, and is federation-ready (delegation via .well-known, E2EE on).

Acceptance criteria

Server config

  • Tuwunel container configured with persistent storage.
  • Server name = instance host (e.g. koinos.local in dev).
  • .well-known/matrix/server served by Caddy.
  • E2EE enabled by default for new rooms.
  • Appropriate limits (max upload, room size) set.

Auth integration

  • Matrix Authentication Service (MAS) wired to Zitadel as OIDC upstream (or documented fallback if MAS compatibility with Tuwunel is incomplete).
  • A practitioner logging in via Zitadel gets a provisioned Matrix account (@<localpart>:<server>).

Federation

  • Federation listener enabled.
  • Integration test in the just qa target: two Tuwunel instances on different Docker Compose networks can federate a basic room.

Observability

  • Prometheus metrics endpoint enabled.

Out of scope

  • Custom appservice (tracked in #12).
  • LiveKit/Element Call wiring (issue #8 / #16).

References

  • spec/03-architecture/05-real-time.md.
  • spec/03-architecture/02-federation.md.
  • spec/08-roadmap-mvp.md — step #7.
## Goal Tuwunel (Matrix homeserver) runs in the reference deployment, accepts local logins delegated to Zitadel, and is federation-ready (delegation via `.well-known`, E2EE on). ## Acceptance criteria ### Server config - [ ] Tuwunel container configured with persistent storage. - [ ] Server name = instance host (e.g. `koinos.local` in dev). - [ ] `.well-known/matrix/server` served by Caddy. - [ ] E2EE enabled by default for new rooms. - [ ] Appropriate limits (max upload, room size) set. ### Auth integration - [ ] Matrix Authentication Service (MAS) wired to Zitadel as OIDC upstream (or documented fallback if MAS compatibility with Tuwunel is incomplete). - [ ] A practitioner logging in via Zitadel gets a provisioned Matrix account (`@<localpart>:<server>`). ### Federation - [ ] Federation listener enabled. - [ ] Integration test in the `just qa` target: two Tuwunel instances on different Docker Compose networks can federate a basic room. ### Observability - [ ] Prometheus metrics endpoint enabled. ## Out of scope - Custom appservice (tracked in #12). - LiveKit/Element Call wiring (issue #8 / #16). ## References - `spec/03-architecture/05-real-time.md`. - `spec/03-architecture/02-federation.md`. - `spec/08-roadmap-mvp.md` — step #7.
claude-desktop added this to the v0.1 milestone 2026-04-14 20:41:02 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/web-scaffold
feat/backend-scaffold
feat/compose-skeleton
feat/repo-scaffold
No results found.
Labels
Clear labels   
area:agents
Agent types, pool, config

  
area:backend
Koinos Rust backend (axum)

  
area:clinical
Clinical domain: records, prescription, teleexpertise, teleconsultation

  
area:dashboard
Dashboard UI + observability

  
area:deploy
Compose, CI, operator tooling

  
area:design
UI/UX mockups — routes to designer

  
area:design-review
Design review — routes to design-reviewer

  
area:devices
Device Gateway and connectors

  
area:docs
Documentation, IG, operator manual

  
area:federation
Matrix, FHIR cross-instance, ActivityPub

  
area:identity
Zitadel, LLDAP, PSC, FranceConnect+

  
area:infra
Deployment, isolation, containers

  
area:interop
FHIR profiles, DMP, MSSanté, INSi, Carte Vitale, DICOM

  
area:meta
Governance, project-wide chores

  
area:security
Security review

  
area:sessions
Session store, SDK resume

  
area:web
SvelteKit web client

  
area:webhook
Webhook routing + handlers

  
area:workdir
Clone cache, worktrees, git identity

  
type:bug
Defect

  
type:chore
Maintenance, tooling, infra

  
type:epic
Large scope spanning multiple user stories

  
type:meta
Tracking / decisions, not implementation

  
type:user-story
User-facing story with acceptance criteria

No labels
area:agents
area:backend
area:clinical
area:dashboard
area:deploy
area:design
area:design-review
area:devices
area:docs
area:federation
area:identity
area:infra
area:interop
area:meta
area:security
area:sessions
area:web
area:webhook
area:workdir
type:bug
type:chore
type:epic
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
v0.1
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/koinos#7
No description provided.