# SOME DESCRIPTIVE TITLE. # Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community # members # This file is distributed under the same license as the # matrix-docker-ansible-deploy package. # FIRST AUTHOR , 2024. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: matrix-docker-ansible-deploy \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-12-20 09:53+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: jp\n" "Language-Team: jp \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.16.0\n" #: ../../../docs/configuring-playbook-user-verification-service.md:1 msgid "Setting up Matrix User Verification Service (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:3 msgid "" "**[Matrix User Verification Service](https://github.com/matrix-org" "/matrix-user-verification-service) (hereafter: UVS) can only be installed" " after Matrix services are installed and running.** If you're just " "installing Matrix services for the first time, please continue with the " "[Configuration](configuring-playbook.md) / [Installation](installing.md) " "flow and come back here later." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:5 msgid "" "Currently, the main purpose of this role is to allow Jitsi to " "authenticate Matrix users and check if they are authorized to join a " "conference. Please refer to the documentation of the [Matrix User " "Verification Service](https://github.com/matrix-org/matrix-user-" "verification-service) to understand how it works." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:7 msgid "" "**Note**: enabling Matrix User Verification Service, means that the " "`openid` API endpoints will be exposed on the Matrix Federation port " "(usually `8448`), even if [federation](configuring-playbook-" "federation.md) is disabled." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:9 msgid "" "If the Jitsi server is also configured by this playbook, all plugging of " "variables and secrets is handled in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:11 msgid "" "__Some general concepts of UVS may be helpful to understand the rest, so " "here they are:__" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:13 msgid "UVS can be used to verify two claims:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:15 msgid "(A) Whether a given OpenID token is valid for a given server and" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:16 msgid "" "(B) whether a user is member of a given room and the corresponding " "PowerLevel" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:18 msgid "" "Verifying an OpenID token ID done by finding the corresponding Homeserver" " via '.well-known/matrix/server' for the given domain. The configured " "`matrix_user_verification_service_uvs_homeserver_url` does **not** factor" " into this. By default, this playbook only checks against " "`matrix_server_fqn_matrix`. Therefore, the request will be made against " "the public openid API for `matrix_server_fqn_matrix`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:20 msgid "" "Verifying RoomMembership and PowerLevel is done against " "`matrix_user_verification_service_uvs_homeserver_url` which is by default" " done via the docker network. UVS will verify the validity of the token " "beforehand though." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:22 msgid "Prerequisites" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:24 msgid "" "In order to use UVS, an admin token for the configured homeserver must be" " supplied. For now this means configuring Synapse and creating the token " "before installing UVS." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:26 msgid "Enable" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:28 msgid "" "To enable Matrix User Verification Service, add the following " "configuration to your `inventory/host_vars/matrix.example.com/vars.yml` " "file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:34 msgid "Configuration" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:36 msgid "" "The only required configuration variable is " "`matrix_user_verification_service_uvs_access_token` (see below)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:38 msgid "" "For a list of all configuration options see the role defaults [`roles" "/matrix-user-verification-service/defaults/main.yml`](../roles/custom" "/matrix-user-verification-service/defaults/main.yml). But be aware of all" " the plugging happening in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:40 msgid "" "In the default configuration, the UVS Server is only reachable via the " "docker network, which is fine if e.g. Jitsi is also running in a " "container on the host. However, it is possible to expose UVS via setting " "`matrix_user_verification_service_container_http_host_bind_port`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:42 msgid "Access token" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:44 msgid "" "The Synapse Access Token is used to verify RoomMembership and PowerLevel " "against `matrix_user_verification_service_uvs_homeserver_url`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:46 msgid "" "We recommend that you create a dedicated Matrix user for uvs (`uvs` is a " "good username). Follow our [Registering users](registering-users.md) " "guide to register a user with administration privileges." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:48 msgid "" "You are required to specify an access token (belonging to this new user) " "for UVS to work. To get an access token for the UVS user, you can follow " "the documentation on [how to do obtain an access token](obtaining-access-" "tokens.md)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:50 msgid "" "**Access tokens are sensitive information. Do not include them in any bug" " reports, messages, or logs. Do not share the access token with anyone.**" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:56 msgid "(Optional) Custom Auth Token" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:58 msgid "" "It is possible to set an API Auth Token to restrict access to the UVS. If" " this is enabled, anyone making a request to UVS must provide it via the " "header \"Authorization: Bearer TOKEN\"" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:60 msgid "" "By default, the token will be derived from " "`matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:62 msgid "" "To set your own Token, add the following configuration to your `vars.yml`" " file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:68 msgid "" "In case Jitsi is also managed by this playbook and 'matrix' " "authentication in Jitsi is enabled, this collection will automatically " "configure Jitsi to use the configured auth token." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:70 msgid "(Optional) Disable Auth" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:72 msgid "" "Authorization is enabled by default. To disable it, add the following " "configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:78 msgid "(Optional) Federation" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:80 msgid "" "In theory (however currently untested), UVS can handle federation. To " "enable it, add the following configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:86 msgid "" "This will instruct UVS to verify the OpenID token against any domain " "given in a request. Homeserver discovery is done via '.well-" "known/matrix/server' of the given domain." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:88 msgid "Installing" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:90 msgid "" "After configuring the playbook, run it with [playbook tags](playbook-" "tags.md) as below:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:97 msgid "" "The shortcut commands with the [`just` program](just.md) are also " "available: `just install-service matrix-user-verification-service` or " "`just setup-all`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:99 msgid "" "`just install-service matrix-user-verification-service` is useful for " "maintaining your setup quickly when its components remain unchanged. If " "you adjust your `vars.yml` to remove other components, you'd need to run " "`just setup-all`, or these components will still remain installed. Note " "`just setup-all` runs the `ensure-matrix-users-created` tag too." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:101 msgid "Logging" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:103 msgid "The configuration variable `UVS_LOG_LEVEL` can be set to:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:104 msgid "warning" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:105 msgid "info" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:106 msgid "debug" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:108 msgid "TLS Certificate Checking" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:110 msgid "" "If the Matrix Homeserver does not provide a valid TLS certificate, UVS " "will fail with the following error message:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:112 msgid "message: 'No response received: [object Object]'," msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:114 msgid "This also applies to self-signed and let's encrypt staging certificates." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:116 msgid "" "To disable certificate validation altogether (INSECURE! Not suitable for " "production use!) set: `NODE_TLS_REJECT_UNAUTHORIZED=0`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:118 msgid "" "Alternatively, it is possible to inject your own CA certificates into the" " container by mounting a PEM file with additional trusted CAs into the " "container and pointing the `NODE_EXTRA_CA_CERTS` environment variable to " "it." msgstr "" #~ msgid "" #~ "After these variables have been set, " #~ "run the playbook with [playbook tags" #~ "](playbook-tags.md) as below to restart " #~ "UVS:" #~ msgstr "" #~ msgid "" #~ "The shortcut commands with the [`just`" #~ " program](just.md) are also available: " #~ "`just run-tags setup-matrix-user-" #~ "verification-service,start` or `just setup-" #~ "all`" #~ msgstr "" #~ msgid "" #~ "`just run-tags setup-matrix-user-" #~ "verification-service,start` is useful for " #~ "maintaining your setup quickly when its" #~ " components remain unchanged. If you " #~ "adjust your `vars.yml` to remove other" #~ " components, you'd need to run `just" #~ " setup-all`, or these components will" #~ " still remain installed. Note `just " #~ "setup-all` runs the `ensure-matrix-" #~ "users-created` tag too." #~ msgstr ""