# SOME DESCRIPTIVE TITLE. # Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community # members # This file is distributed under the same license as the # matrix-docker-ansible-deploy package. # FIRST AUTHOR , 2024. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: matrix-docker-ansible-deploy \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-12-16 12:05+0900\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: jp\n" "Language-Team: jp \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.16.0\n" #: ../../../docs/configuring-playbook-user-verification-service.md:1 msgid "Setting up Matrix User Verification Service (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:3 msgid "" "**[Matrix User Verification Service](https://github.com/matrix-org" "/matrix-user-verification-service) (hereafter: UVS) can only be installed" " after Matrix services are installed and running.** If you're just " "installing Matrix services for the first time, please continue with the " "[Configuration](configuring-playbook.md) / [Installation](installing.md) " "flow and come back here later." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:5 msgid "" "Currently, the main purpose of this role is to allow Jitsi to " "authenticate Matrix users and check if they are authorized to join a " "conference. Please refer to the documentation of the [Matrix User " "Verification Service](https://github.com/matrix-org/matrix-user-" "verification-service) to understand how it works." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:7 msgid "" "**Note**: enabling Matrix User Verification Service, means that the " "`openid` API endpoints will be exposed on the Matrix Federation port " "(usually `8448`), even if [federation](configuring-playbook-" "federation.md) is disabled." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:9 msgid "" "If the Jitsi server is also configured by this playbook, all plugging of " "variables and secrets is handled in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:11 msgid "" "__Some general concepts of UVS may be helpful to understand the rest, so " "here they are:__" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:13 msgid "UVS can be used to verify two claims:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:15 msgid "(A) Whether a given OpenID token is valid for a given server and" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:16 msgid "" "(B) whether a user is member of a given room and the corresponding " "PowerLevel" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:18 msgid "" "Verifying an OpenID token ID done by finding the corresponding Homeserver" " via '.well-known/matrix/server' for the given domain. The configured " "`matrix_user_verification_service_uvs_homeserver_url` does **not** factor" " into this. By default, this playbook only checks against " "`matrix_server_fqn_matrix`. Therefore, the request will be made against " "the public openid API for `matrix_server_fqn_matrix`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:20 msgid "" "Verifying RoomMembership and PowerLevel is done against " "`matrix_user_verification_service_uvs_homeserver_url` which is by default" " done via the docker network. UVS will verify the validity of the token " "beforehand though." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:22 msgid "Prerequisites" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:24 msgid "" "In order to use UVS, an admin token for the configured homeserver must be" " supplied. For now this means configuring Synapse and creating the token " "before installing UVS." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:26 msgid "Enable" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:28 msgid "" "To enable Matrix User Verification Service, add the following " "configuration to your `inventory/host_vars/matrix.example.com/vars.yml` " "file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:34 msgid "Configuration" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:36 msgid "" "The only required configuration variable is " "`matrix_user_verification_service_uvs_access_token` (see below)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:38 msgid "" "For a list of all configuration options see the role defaults [`roles" "/matrix-user-verification-service/defaults/main.yml`](../roles/custom" "/matrix-user-verification-service/defaults/main.yml). But be aware of all" " the plugging happening in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:40 msgid "" "In the default configuration, the UVS Server is only reachable via the " "docker network, which is fine if e.g. Jitsi is also running in a " "container on the host. However, it is possible to expose UVS via setting " "`matrix_user_verification_service_container_http_host_bind_port`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:42 msgid "Access token" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:44 msgid "" "The Synapse Access Token is used to verify RoomMembership and PowerLevel " "against `matrix_user_verification_service_uvs_homeserver_url`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:46 msgid "" "We recommend that you create a dedicated Matrix user for uvs (`uvs` is a " "good username). Follow our [Registering users](registering-users.md) " "guide to register a user with administration privileges." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:48 msgid "" "You are required to specify an access token (belonging to this new user) " "for UVS to work. To get an access token for the UVS user, you can follow " "the documentation on [how to do obtain an access token](obtaining-access-" "tokens.md)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:50 msgid "" "**Access tokens are sensitive information. Do not include them in any bug" " reports, messages, or logs. Do not share the access token with anyone.**" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:56 msgid "(Optional) Custom Auth Token" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:58 msgid "" "It is possible to set an API Auth Token to restrict access to the UVS. If" " this is enabled, anyone making a request to UVS must provide it via the " "header \"Authorization: Bearer TOKEN\"" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:60 msgid "" "By default, the token will be derived from " "`matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:62 msgid "" "To set your own Token, add the following configuration to your `vars.yml`" " file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:68 msgid "" "In case Jitsi is also managed by this playbook and 'matrix' " "authentication in Jitsi is enabled, this collection will automatically " "configure Jitsi to use the configured auth token." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:70 msgid "(Optional) Disable Auth" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:72 msgid "" "Authorization is enabled by default. To disable it, add the following " "configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:78 msgid "(Optional) Federation" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:80 msgid "" "In theory (however currently untested), UVS can handle federation. To " "enable it, add the following configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:86 msgid "" "This will instruct UVS to verify the OpenID token against any domain " "given in a request. Homeserver discovery is done via '.well-" "known/matrix/server' of the given domain." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:88 msgid "Installing" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:90 msgid "" "After these variables have been set, run the playbook with [playbook tags" "](playbook-tags.md) as below to restart UVS:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:96 msgid "" "The shortcut commands with the [`just` program](just.md) are also " "available: `just run-tags setup-matrix-user-verification-service,start` " "or `just setup-all`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:98 msgid "" "`just run-tags setup-matrix-user-verification-service,start` is useful " "for maintaining your setup quickly when its components remain unchanged. " "If you adjust your `vars.yml` to remove other components, you'd need to " "run `just setup-all`, or these components will still remain installed. " "Note `just setup-all` runs the `ensure-matrix-users-created` tag too." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:100 msgid "Logging" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:102 msgid "The configuration variable `UVS_LOG_LEVEL` can be set to:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:103 msgid "warning" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:104 msgid "info" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:105 msgid "debug" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:107 msgid "TLS Certificate Checking" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:109 msgid "" "If the Matrix Homeserver does not provide a valid TLS certificate, UVS " "will fail with the following error message:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:111 msgid "message: 'No response received: [object Object]'," msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:113 msgid "This also applies to self-signed and let's encrypt staging certificates." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:115 msgid "" "To disable certificate validation altogether (INSECURE! Not suitable for " "production use!) set: `NODE_TLS_REJECT_UNAUTHORIZED=0`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:117 msgid "" "Alternatively, it is possible to inject your own CA certificates into the" " container by mounting a PEM file with additional trusted CAs into the " "container and pointing the `NODE_EXTRA_CA_CERTS` environment variable to " "it." msgstr ""