ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity

Wording: change collection -> playbook

This commit is contained in:
jakicoll 2023-02-06 11:58:50 +01:00
parent 42e4e50f5b
commit 94830b582b
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/configuring-playbook-user-verification-service.md
View File

@ -7,7 +7,7 @@ Currently, the main purpose of this role is to allow Jitsi to authenticate matri
**Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled.
If the Jitsi server is also configured by this collection, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
__Some general concepts of UVS may be helpful to understand the rest, so here they are:__
@ -18,7 +18,7 @@ UVS can be used to verify two claims:
Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain.
The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this.
By default, this collection only checks against `matrix_server_fqn_matrix`.
By default, this playbook only checks against `matrix_server_fqn_matrix`.
Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`.
Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network.
@ -74,7 +74,7 @@ To set your own Token, simply put the following in your host_vars.
matrix_user_verification_service_uvs_auth_token: "TOKEN"
```
In case Jitsi is also managed by this collection and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
### (Optional) Federation

6
group_vars/matrix_servers
View File

@ -3207,15 +3207,15 @@ matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matr
# URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
# Set the homeserver URL to the container name if synapse is managed by this collection
# Set the homeserver URL to the container name if synapse is managed by this playbook
matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}"
# If synapse is managed by this collection, we will connect via docker network, which is a private ip.
# If synapse is managed by this playbook, we will connect via docker network, which is a private ip.
# Therefore we need to disable IP checks
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this collection.
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
# This is not the homeserverURL, but rather the domain in the matrix "user ID"
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
matrix_user_verification_service_uvs_log_level: warning