Slavi Pantaleev
5 лет назад
5 измененных файлов: 34 добавлений и 8 удалений
-
+14 -3docs/configuring-playbook-matrix-corporal.md
-
+3 -0group_vars/matrix_servers
-
+8 -2roles/matrix-corporal/defaults/main.yml
-
+1 -1roles/matrix-corporal/tasks/validate_config.yml
-
+8 -2roles/matrix-corporal/templates/config.json.j2
+ 14
- 3
docs/configuring-playbook-matrix-corporal.md
Просмотреть файл
| @@ -11,7 +11,9 @@ The playbook can install and configure [matrix-corporal](https://github.com/devt | |||||
| In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment. | In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment. | ||||
| See that project's documentation to learn what it does and why it might be useful to you. | See that project's documentation to learn what it does and why it might be useful to you. | ||||
| If you decide that you'd like to let this playbook install it for you, you'd need to also [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md). | |||||
| If you decide that you'd like to let this playbook install it for you, you'd need to also: | |||||
| - (required) [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) | |||||
| - (optional, but encouraged) [set up the REST authentication password provider module](configuring-playbook-rest-auth.md) | |||||
| ## Playbook configuration | ## Playbook configuration | ||||
| @@ -24,6 +26,15 @@ You would then need some configuration like this: | |||||
| matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true | matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true | ||||
| matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE | matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE | ||||
| # When matrix-corporal is acting as the primary authentication provider, | |||||
| # you need to set up the REST authentication password provider module | |||||
| # to make Interactive User Authentication work. | |||||
| # This is necessary for certain user actions (like E2EE, device management, etc). | |||||
| # | |||||
| # See configuring-playbook-rest-auth.md | |||||
| matrix_synapse_ext_password_provider_rest_auth_enabled: true | |||||
| matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-corporal:41080/_matrix/corporal" | |||||
| matrix_corporal_enabled: true | matrix_corporal_enabled: true | ||||
| matrix_corporal_policy_provider_config: | | matrix_corporal_policy_provider_config: | | ||||
| @@ -40,9 +51,9 @@ matrix_corporal_policy_provider_config: | | |||||
| matrix_corporal_http_api_enabled: true | matrix_corporal_http_api_enabled: true | ||||
| matrix_corporal_http_api_auth_token: "AUTH_TOKEN_HERE" | matrix_corporal_http_api_auth_token: "AUTH_TOKEN_HERE" | ||||
| # If you need to change the reconciliator user's id from the default (matrix-corporal).. | |||||
| # If you need to change matrix-corporal's user id from the default (matrix-corporal). | |||||
| # In any case, you need to make sure this Matrix user is created on your server. | # In any case, you need to make sure this Matrix user is created on your server. | ||||
| matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" | |||||
| matrix_corporal_corporal_user_id_local_part: "matrix-corporal" | |||||
| # Because Corporal peridoically performs lots of user logins from the same IP, | # Because Corporal peridoically performs lots of user logins from the same IP, | ||||
| # you may need raise Synapse's ratelimits. | # you may need raise Synapse's ratelimits. | ||||
+ 3
- 0
group_vars/matrix_servers
Просмотреть файл
| @@ -674,6 +674,9 @@ matrix_corporal_matrix_homeserver_api_endpoint: "http://matrix-synapse:8008" | |||||
| matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" | matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" | ||||
| # This is only useful if there's REST auth provider to make use of it. | |||||
| matrix_corporal_http_gateway_internal_rest_auth_enabled: "{{ matrix_synapse_ext_password_provider_rest_auth_enabled }}" | |||||
| matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}" | matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}" | ||||
| ###################################################################### | ###################################################################### | ||||
+ 8
- 2
roles/matrix-corporal/defaults/main.yml
Просмотреть файл
| @@ -24,7 +24,7 @@ matrix_corporal_systemd_required_services_list: ['docker.service'] | |||||
| matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" | matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" | ||||
| matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else 'docker.io/' }}" | matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else 'docker.io/' }}" | ||||
| matrix_corporal_docker_image_tag: "1.11.0" | |||||
| matrix_corporal_docker_image_tag: "2.0.0" | |||||
| matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" | matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" | ||||
| matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" | matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" | ||||
| @@ -50,10 +50,16 @@ matrix_corporal_matrix_registration_shared_secret: "" | |||||
| matrix_corporal_matrix_timeout_milliseconds: 45000 | matrix_corporal_matrix_timeout_milliseconds: 45000 | ||||
| matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 | matrix_corporal_reconciliation_retry_interval_milliseconds: 30000 | ||||
| matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal" | |||||
| matrix_corporal_corporal_user_id_local_part: "matrix-corporal" | |||||
| matrix_corporal_http_gateway_timeout_milliseconds: 60000 | matrix_corporal_http_gateway_timeout_milliseconds: 60000 | ||||
| # If enabled, matrix-corporal exposes a `POST /_matrix/corporal/_matrix-internal/identity/v1/check_credentials` API | |||||
| # on the gateway (Client-Server API) server. | |||||
| # This API can then be used together with the REST Auth password provider by pointing it to matrix-corporal (e.g. `http://matrix-corporal:41080/_matrix/corporal`). | |||||
| # Doing so allows Interactive Authentication to work. | |||||
| matrix_corporal_http_gateway_internal_rest_auth_enabled: false | |||||
| matrix_corporal_http_api_enabled: false | matrix_corporal_http_api_enabled: false | ||||
| matrix_corporal_http_api_auth_token: "" | matrix_corporal_http_api_auth_token: "" | ||||
| matrix_corporal_http_api_timeout_milliseconds: 15000 | matrix_corporal_http_api_timeout_milliseconds: 15000 | ||||
+ 1
- 1
roles/matrix-corporal/tasks/validate_config.yml
Просмотреть файл
| @@ -16,7 +16,6 @@ | |||||
| msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" | msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" | ||||
| when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" | when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" | ||||
| - name: (Deprecation) Catch and report renamed corporal variables | - name: (Deprecation) Catch and report renamed corporal variables | ||||
| fail: | fail: | ||||
| msg: >- | msg: >- | ||||
| @@ -25,3 +24,4 @@ | |||||
| when: "item.old in vars" | when: "item.old in vars" | ||||
| with_items: | with_items: | ||||
| - {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'} | - {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'} | ||||
| - {'old': 'matrix_corporal_reconciliation_user_id_local_part', 'new': 'matrix_corporal_corporal_user_id_local_part'} | |||||
+ 8
- 2
roles/matrix-corporal/templates/config.json.j2
Просмотреть файл
| @@ -7,14 +7,20 @@ | |||||
| "TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }} | "TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }} | ||||
| }, | }, | ||||
| "Corporal": { | |||||
| "UserId": "@{{ matrix_corporal_corporal_user_id_local_part }}:{{ matrix_domain }}" | |||||
| }, | |||||
| "Reconciliation": { | "Reconciliation": { | ||||
| "UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}", | |||||
| "RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }} | "RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }} | ||||
| }, | }, | ||||
| "HttpGateway": { | "HttpGateway": { | ||||
| "ListenAddress": "0.0.0.0:41080", | "ListenAddress": "0.0.0.0:41080", | ||||
| "TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }} | |||||
| "TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }}, | |||||
| "InternalRESTAuth": { | |||||
| "Enabled": {{ matrix_corporal_http_gateway_internal_rest_auth_enabled|to_json }} | |||||
| } | |||||
| }, | }, | ||||
| "HttpApi": { | "HttpApi": { | ||||