Wording: change collection -> playbook

This commit is contained in:
jakicoll 2023-02-06 11:58:50 +01:00
parent 42e4e50f5b
commit 94830b582b
2 changed files with 6 additions and 6 deletions

View file

@ -7,7 +7,7 @@ Currently, the main purpose of this role is to allow Jitsi to authenticate matri
**Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. **Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled.
If the Jitsi server is also configured by this collection, all plugging of variables and secrets is handled in `group_vars/matrix_servers`. If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
__Some general concepts of UVS may be helpful to understand the rest, so here they are:__ __Some general concepts of UVS may be helpful to understand the rest, so here they are:__
@ -18,7 +18,7 @@ UVS can be used to verify two claims:
Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain. Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain.
The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this. The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this.
By default, this collection only checks against `matrix_server_fqn_matrix`. By default, this playbook only checks against `matrix_server_fqn_matrix`.
Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`. Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`.
Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network. Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network.
@ -74,7 +74,7 @@ To set your own Token, simply put the following in your host_vars.
matrix_user_verification_service_uvs_auth_token: "TOKEN" matrix_user_verification_service_uvs_auth_token: "TOKEN"
``` ```
In case Jitsi is also managed by this collection and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token. In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
### (Optional) Federation ### (Optional) Federation

View file

@ -3207,15 +3207,15 @@ matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matr
# URL exposed in the docker network # URL exposed in the docker network
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000" matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
# Set the homeserver URL to the container name if synapse is managed by this collection # Set the homeserver URL to the container name if synapse is managed by this playbook
matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}" matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}"
# If synapse is managed by this collection, we will connect via docker network, which is a private ip. # If synapse is managed by this playbook, we will connect via docker network, which is a private ip.
# Therefore we need to disable IP checks # Therefore we need to disable IP checks
matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}" matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}"
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}" matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this collection. # Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
# This is not the homeserverURL, but rather the domain in the matrix "user ID" # This is not the homeserverURL, but rather the domain in the matrix "user ID"
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}" matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
matrix_user_verification_service_uvs_log_level: warning matrix_user_verification_service_uvs_log_level: warning