Switch mautrix-slack double-puppeting method (shared secret auth -> appservice-double-puppet)
Since upgrading mautrix-slack (and pinning to v0.1.0) in e4b54c37fe
,
we expect double-puppeting to require the new appservice double-puppeting method.
This commit switches the mautrix-slack bridge to it.
This commit is contained in:
parent
999f2bf8dd
commit
1722e4bd83
@ -47,9 +47,9 @@ Take a look at:
|
||||
|
||||
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
|
||||
|
||||
#### Method 1: automatically, by enabling Shared Secret Auth
|
||||
#### Method 1: automatically, by enabling Appservice Double Puppet
|
||||
|
||||
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
|
||||
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
|
||||
|
||||
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
|
||||
|
||||
|
@ -1047,7 +1047,14 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener
|
||||
matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
|
||||
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
|
||||
|
||||
matrix_mautrix_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
matrix_mautrix_slack_double_puppet_secrets_auto: |-
|
||||
{{
|
||||
{
|
||||
matrix_mautrix_slack_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
|
||||
}
|
||||
if matrix_appservice_double_puppet_enabled
|
||||
else {}
|
||||
}}
|
||||
|
||||
# Postgres is the default, except if not using internal Postgres server
|
||||
matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
||||
|
@ -94,14 +94,9 @@ matrix_mautrix_slack_appservice_database_uri: "{{
|
||||
}[matrix_mautrix_slack_database_engine]
|
||||
}}"
|
||||
|
||||
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||
matrix_mautrix_slack_login_shared_secret: ''
|
||||
matrix_mautrix_slack_bridge_login_shared_secret_map:
|
||||
"{{ {matrix_mautrix_slack_homeserver_domain: matrix_mautrix_slack_login_shared_secret} if matrix_mautrix_slack_login_shared_secret else {} }}"
|
||||
|
||||
# Servers to always allow double puppeting from
|
||||
matrix_mautrix_slack_bridge_double_puppet_server_map:
|
||||
"{{ matrix_mautrix_slack_homeserver_domain : matrix_mautrix_slack_homeserver_address }}"
|
||||
matrix_mautrix_slack_double_puppet_secrets: "{{ matrix_mautrix_slack_double_puppet_secrets_auto | combine(matrix_mautrix_slack_double_puppet_secrets_custom) }}"
|
||||
matrix_mautrix_slack_double_puppet_secrets_auto: {}
|
||||
matrix_mautrix_slack_double_puppet_secrets_custom: {}
|
||||
|
||||
# Default mautrix-slack configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
|
@ -20,3 +20,14 @@
|
||||
To resolve the conflict, make one of these components use a different username.
|
||||
Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
|
||||
We recommend that you change the username for the newly-added (and yet unused) component.
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_mautrix_slack_login_shared_secret', 'new': '<removed>'}
|
||||
- {'old': 'matrix_mautrix_slack_bridge_login_shared_secret_map', 'new': '<superseded by matrix_mautrix_slack_double_puppet_secrets>'}
|
||||
- {'old': 'matrix_mautrix_slack_bridge_double_puppet_server_map', 'new': '<removed>'}
|
||||
|
@ -351,15 +351,14 @@ backfill:
|
||||
double_puppet:
|
||||
# Servers to always allow double puppeting from.
|
||||
# This is only for other servers and should NOT contain the server the bridge is on.
|
||||
servers:
|
||||
"{{ matrix_mautrix_slack_homeserver_domain }}": {{ matrix_mautrix_slack_homeserver_address }}
|
||||
servers: {}
|
||||
# Whether to allow client API URL discovery for other servers. When using this option,
|
||||
# users on other servers can use double puppeting even if their server URLs aren't
|
||||
# explicitly added to the servers map above.
|
||||
allow_discovery: false
|
||||
# Shared secrets for automatic double puppeting.
|
||||
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
|
||||
secrets: {{ matrix_mautrix_slack_bridge_login_shared_secret_map | to_json }}
|
||||
secrets: {{ matrix_mautrix_slack_double_puppet_secrets | to_json }}
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user