Wording: change collection -> playbook
This commit is contained in:
parent
42e4e50f5b
commit
94830b582b
@ -7,7 +7,7 @@ Currently, the main purpose of this role is to allow Jitsi to authenticate matri
|
|||||||
|
|
||||||
**Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled.
|
**Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled.
|
||||||
|
|
||||||
If the Jitsi server is also configured by this collection, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
|
If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
|
||||||
|
|
||||||
__Some general concepts of UVS may be helpful to understand the rest, so here they are:__
|
__Some general concepts of UVS may be helpful to understand the rest, so here they are:__
|
||||||
|
|
||||||
@ -18,7 +18,7 @@ UVS can be used to verify two claims:
|
|||||||
|
|
||||||
Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain.
|
Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain.
|
||||||
The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this.
|
The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this.
|
||||||
By default, this collection only checks against `matrix_server_fqn_matrix`.
|
By default, this playbook only checks against `matrix_server_fqn_matrix`.
|
||||||
Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`.
|
Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`.
|
||||||
|
|
||||||
Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network.
|
Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network.
|
||||||
@ -74,7 +74,7 @@ To set your own Token, simply put the following in your host_vars.
|
|||||||
matrix_user_verification_service_uvs_auth_token: "TOKEN"
|
matrix_user_verification_service_uvs_auth_token: "TOKEN"
|
||||||
```
|
```
|
||||||
|
|
||||||
In case Jitsi is also managed by this collection and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
|
In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
|
||||||
|
|
||||||
### (Optional) Federation
|
### (Optional) Federation
|
||||||
|
|
||||||
|
@ -3207,15 +3207,15 @@ matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matr
|
|||||||
# URL exposed in the docker network
|
# URL exposed in the docker network
|
||||||
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
|
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
|
||||||
|
|
||||||
# Set the homeserver URL to the container name if synapse is managed by this collection
|
# Set the homeserver URL to the container name if synapse is managed by this playbook
|
||||||
matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}"
|
matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}"
|
||||||
# If synapse is managed by this collection, we will connect via docker network, which is a private ip.
|
# If synapse is managed by this playbook, we will connect via docker network, which is a private ip.
|
||||||
# Therefore we need to disable IP checks
|
# Therefore we need to disable IP checks
|
||||||
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
|
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
|
||||||
|
|
||||||
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
|
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
|
||||||
|
|
||||||
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this collection.
|
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
|
||||||
# This is not the homeserverURL, but rather the domain in the matrix "user ID"
|
# This is not the homeserverURL, but rather the domain in the matrix "user ID"
|
||||||
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
|
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
|
||||||
matrix_user_verification_service_uvs_log_level: warning
|
matrix_user_verification_service_uvs_log_level: warning
|
||||||
|
Loading…
Reference in New Issue
Block a user