# SOME DESCRIPTIVE TITLE. # Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community # members # This file is distributed under the same license as the # matrix-docker-ansible-deploy package. # FIRST AUTHOR , 2024. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: matrix-docker-ansible-deploy \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2025-01-27 09:54+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: bg\n" "Language-Team: bg \n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.16.0\n" #: ../../../docs/configuring-playbook-user-verification-service.md:1 msgid "Setting up Matrix User Verification Service (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:3 msgid "The playbook can install and configure [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) (hereafter: UVS) for you." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:5 msgid "See the project's [documentation](https://github.com/matrix-org/matrix-user-verification-service/blob/master/README.md) to learn what it does and why it might be useful to you." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:7 msgid "Currently, the main purpose of this role is to allow Jitsi to authenticate Matrix users and check if they are authorized to join a conference. If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:9 msgid "What does it do?" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:11 msgid "UVS can be used to verify two claims:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:13 msgid "(A) Whether a given OpenID token is valid for a given server and" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:14 msgid "(B) whether a user is member of a given room and the corresponding PowerLevel" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:16 msgid "Verifying an OpenID token ID done by finding the corresponding Homeserver via `/.well-known/matrix/server` for the given domain. The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this. By default, this playbook only checks against `matrix_server_fqn_matrix`. Therefore, the request will be made against the public `openid` API for `matrix_server_fqn_matrix`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:18 msgid "Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network. UVS will verify the validity of the token beforehand though." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:20 msgid "Prerequisites" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:22 msgid "Open Matrix Federation port" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:24 msgid "Enabling the UVS service will automatically reconfigure your Synapse homeserver to expose the `openid` API endpoints on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. If you enable the component, make sure that the port is accessible." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:26 msgid "Install Matrix services" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:28 msgid "UVS can only be installed after Matrix services are installed and running. If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) and come back here later." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:30 msgid "Register a dedicated Matrix user (optional, recommended)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:32 msgid "We recommend that you create a dedicated Matrix user for uvs (`uvs` is a good username). **Because UVS requires an access token as an admin user, that user needs to be an admin.**" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:34 msgid "Generate a strong password for the user. You can create one with a command like `pwgen -s 64 1`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:36 msgid "You can use the playbook to [register a new user](registering-users.md):" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:42 msgid "Obtain an access token" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:44 msgid "UVS requires an access token as an admin user to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:46 msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:49 msgid "Adjusting the playbook configuration" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:51 msgid "To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token)." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:59 msgid "In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host. However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:61 msgid "Custom Auth Token (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:63 msgid "It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header `Authorization: Bearer YOUR_TOKEN_HERE`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:65 msgid "By default, the token (`YOUR_TOKEN_HERE`) will be derived from `matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:67 msgid "To set your own token, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_TOKEN_HERE` with your own." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:73 msgid "If a Jitsi instance is also managed by this playbook and [`matrix` authentication](configuring-playbook-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) is enabled there, this collection will automatically configure Jitsi to use the configured auth token." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:75 msgid "Disable Authorization (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:77 msgid "Authorization is enabled by default. To disable it, add the following configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:83 msgid "Federation (optional)" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:85 msgid "In theory (however currently untested), UVS can handle federation. To enable it, add the following configuration to your `vars.yml` file:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:91 msgid "This will instruct UVS to verify the OpenID token against any domain given in a request. Homeserver discovery is done via `.well-known/matrix/server` of the given domain." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:93 msgid "Extending the configuration" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:95 msgid "There are some additional things you may wish to configure about the component." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:97 msgid "Take a look at:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:99 msgid "`roles/custom/matrix-user-verification-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:101 msgid "Installing" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:103 msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:110 msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-service matrix-user-verification-service` or `just setup-all`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:112 msgid "`just install-service matrix-user-verification-service` is useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note `just setup-all` runs the `ensure-matrix-users-created` tag too." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:114 msgid "Troubleshooting" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:116 msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-user-verification-service`." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:118 msgid "Increase logging verbosity" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:120 msgid "The default logging level for this component is `info`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:127 msgid "TLS Certificate Checking" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:129 msgid "If the Matrix Homeserver does not provide a valid TLS certificate, UVS will fail with the following error message:" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:131 msgid "message: 'No response received: [object Object]'," msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:133 msgid "This also applies to self-signed and Let's Encrypt staging certificates." msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:135 msgid "To disable certificate validation altogether (INSECURE! Not suitable for production use!) set: `NODE_TLS_REJECT_UNAUTHORIZED=0`" msgstr "" #: ../../../docs/configuring-playbook-user-verification-service.md:137 msgid "Alternatively, it is possible to inject your own CA certificates into the container by mounting a PEM file with additional trusted CAs into the container and pointing the `NODE_EXTRA_CA_CERTS` environment variable to it." msgstr ""