2023-01-04 13:45:37 +01:00
|
|
|
---
|
2024-10-31 17:26:33 +01:00
|
|
|
|
|
|
|
# matrix-user-verification-service - Service to verify details of a user based on an Open ID token
|
|
|
|
# Project source code URL: https://github.com/matrix-org/matrix-user-verification-service
|
|
|
|
|
2023-01-04 13:45:37 +01:00
|
|
|
# Set this to the display name for ansible used in Output e.g. fail_msg
|
|
|
|
matrix_user_verification_service_ansible_name: "Matrix User Verification Service"
|
|
|
|
|
|
|
|
# Enable by default. This is overwritten in provided group vars.
|
|
|
|
matrix_user_verification_service_enabled: true
|
|
|
|
|
2023-11-07 20:35:24 +01:00
|
|
|
matrix_user_verification_service_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
|
|
|
matrix_user_verification_service_container_image_self_build_repo: "https://github.com/matrix-org/matrix-user-verification-service"
|
|
|
|
matrix_user_verification_service_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_user_verification_service_version }}"
|
|
|
|
|
2023-01-04 13:45:37 +01:00
|
|
|
# Fix version tag
|
2023-10-06 14:14:03 +02:00
|
|
|
# renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service
|
2023-10-17 08:30:16 +02:00
|
|
|
matrix_user_verification_service_version: "v3.0.0"
|
2023-01-04 13:45:37 +01:00
|
|
|
|
|
|
|
# Paths
|
|
|
|
matrix_user_verification_service_base_path: "{{ matrix_base_data_path }}/user-verification-service"
|
|
|
|
matrix_user_verification_service_config_path: "{{ matrix_user_verification_service_base_path }}/config"
|
|
|
|
matrix_user_verification_service_config_env_file: "{{ matrix_user_verification_service_config_path }}/.env"
|
2023-11-07 20:35:24 +01:00
|
|
|
matrix_user_verification_service_docker_src_files_path: "{{ matrix_user_verification_service_base_path }}/docker-src"
|
2023-01-04 13:45:37 +01:00
|
|
|
|
|
|
|
# Docker
|
2023-02-06 12:57:20 +01:00
|
|
|
matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_global_registry_prefix }}"
|
2023-01-04 13:45:37 +01:00
|
|
|
matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service:{{ matrix_user_verification_service_version }}"
|
|
|
|
matrix_user_verification_service_docker_image_force_pull: "{{ matrix_user_verification_service_docker_image.endswith(':latest') }}"
|
|
|
|
|
2023-07-28 16:26:05 +02:00
|
|
|
# The base container network. It will be auto-created by this role if it doesn't exist already.
|
2024-01-13 16:31:03 +01:00
|
|
|
matrix_user_verification_service_container_network: ""
|
2023-07-28 16:26:05 +02:00
|
|
|
|
|
|
|
# A list of additional container networks that the container would be connected to.
|
|
|
|
# The role does not create these networks, so make sure they already exist.
|
|
|
|
# Use this to expose this container to another reverse proxy, which runs in a different container network.
|
|
|
|
matrix_user_verification_service_container_additional_networks: []
|
|
|
|
|
2023-01-04 13:45:37 +01:00
|
|
|
matrix_user_verification_service_container_name: "matrix-user-verification-service"
|
2023-02-06 16:15:06 +01:00
|
|
|
# This will be set in group vars
|
|
|
|
matrix_user_verification_service_container_http_host_bind_port: ''
|
2023-01-04 13:45:37 +01:00
|
|
|
matrix_user_verification_service_container_extra_arguments: []
|
|
|
|
# Systemd
|
|
|
|
matrix_user_verification_service_systemd_required_services_list: []
|
|
|
|
matrix_user_verification_service_systemd_wanted_services_list: []
|
|
|
|
matrix_user_verification_service_systemd_service_basename: "matrix-user-verification-service"
|
|
|
|
matrix_user_verification_service_systemd_service_name: "{{ matrix_user_verification_service_systemd_service_basename }}.service"
|
|
|
|
|
|
|
|
# Matrix User Verification Service Configuration
|
|
|
|
## REQUIRED
|
|
|
|
|
|
|
|
# Homeserver client API admin token (synapse only)- Required for the service to verify room membership
|
2023-02-10 18:39:15 +01:00
|
|
|
matrix_user_verification_service_uvs_access_token: ''
|
2023-01-04 13:45:37 +01:00
|
|
|
|
|
|
|
# homeserver client api url
|
2024-01-07 16:04:23 +01:00
|
|
|
matrix_user_verification_service_uvs_homeserver_url: ""
|
2023-01-04 13:45:37 +01:00
|
|
|
# disable check for non private ip range of homeserver. e.g. set to `true` if your homeserver domain resolves to a private ip.
|
|
|
|
matrix_user_verification_service_uvs_disable_ip_blacklist: false
|
|
|
|
|
|
|
|
## OPTIONAL
|
|
|
|
|
2023-02-06 15:59:32 +01:00
|
|
|
# Require an Auth-Token with API calls. If set to false, UVS will reply to any API call.
|
|
|
|
# The Auth-Token is defined via: matrix_user_verification_service_uvs_auth_token
|
|
|
|
matrix_user_verification_service_uvs_require_auth: true
|
2023-01-04 13:45:37 +01:00
|
|
|
# Auth token to protect the API
|
2023-02-06 15:59:32 +01:00
|
|
|
# If enabled any calls to the provided API endpoints need have the header "Authorization: Bearer TOKEN".
|
|
|
|
# A Token will be derived from matrix_homeserver_generic_secret_key in group_vars/matrix_servers
|
|
|
|
matrix_user_verification_service_uvs_auth_token: ''
|
2023-01-04 13:45:37 +01:00
|
|
|
|
2023-02-06 15:19:58 +01:00
|
|
|
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
|
2023-02-06 15:59:32 +01:00
|
|
|
matrix_user_verification_service_uvs_pin_openid_verify_server_name: true
|
|
|
|
# Matrix server name to verify OpenID tokens against.
|
2024-10-18 16:28:00 +02:00
|
|
|
# This is not the homeserverURL, but rather the domain in the Matrix "user ID"
|
2023-02-06 15:19:58 +01:00
|
|
|
# UVS can also be instructed to verify against the Matrix server name passed in the token, to enable set to ""
|
|
|
|
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
|
2023-01-04 13:45:37 +01:00
|
|
|
|
2023-02-06 15:19:58 +01:00
|
|
|
# Log level
|
2023-01-04 13:45:37 +01:00
|
|
|
# See choices here: https://github.com/winstonjs/winston#logging-levels
|
2023-02-06 15:19:58 +01:00
|
|
|
matrix_user_verification_service_uvs_log_level: info
|