Bläddra i källkod
Update docs/configuring-playbook-user-verification-service.md: move the section for obtaining an access token up
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>pull/3904/head
Suguru Hirahara
1 år sedan
Ingen känd nyckel hittad för denna signaturen i databasen
GPG-nyckel ID: E4F9743DAB4B7B75
1 ändrade filer med 9 tillägg och 15 borttagningar
Unifierad Vy
Diff Options
+ 9
- 15
docs/configuring-playbook-user-verification-service.md
Visa fil
| @@ -41,34 +41,28 @@ You can use the playbook to [register a new user](registering-users.md): | |||||
| ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=uvs password=PASSWORD_FOR_THE_USER admin=yes' --tags=register-user | ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=uvs password=PASSWORD_FOR_THE_USER admin=yes' --tags=register-user | ||||
| ``` | ``` | ||||
| ### Obtain an access token | |||||
| UVS requires an access token as an admin user to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). | |||||
| ⚠️ **Warning**: Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone. | |||||
| ## Adjusting the playbook configuration | ## Adjusting the playbook configuration | ||||
| To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: | |||||
| To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token). | |||||
| ```yaml | ```yaml | ||||
| matrix_user_verification_service_enabled: true | matrix_user_verification_service_enabled: true | ||||
| matrix_user_verification_service_uvs_access_token: "ACCESS_TOKEN_HERE" | |||||
| ``` | ``` | ||||
| ## Configuration | ## Configuration | ||||
| The only required configuration variable is `matrix_user_verification_service_uvs_access_token` (see below). | |||||
| For a list of all configuration options see the role defaults [`roles/matrix-user-verification-service/defaults/main.yml`](../roles/custom/matrix-user-verification-service/defaults/main.yml). But be aware of all the plugging happening in `group_vars/matrix_servers`. | For a list of all configuration options see the role defaults [`roles/matrix-user-verification-service/defaults/main.yml`](../roles/custom/matrix-user-verification-service/defaults/main.yml). But be aware of all the plugging happening in `group_vars/matrix_servers`. | ||||
| In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host. However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`. | In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host. However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`. | ||||
| ### Obtain an access token | |||||
| The Synapse Access Token is used to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. | |||||
| You are required to specify an access token (belonging to this new user) for UVS to work. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). | |||||
| ⚠️ **Warning**: Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone. | |||||
| ```yaml | |||||
| matrix_user_verification_service_uvs_access_token: "ACCESS_TOKEN_HERE" | |||||
| ``` | |||||
| ### Custom Auth Token (optional) | ### Custom Auth Token (optional) | ||||
| It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header "Authorization: Bearer TOKEN" | It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header "Authorization: Bearer TOKEN" | ||||