diff --git a/docs/configuring-playbook-rest-auth.md b/docs/configuring-playbook-rest-auth.md index e393b4f52..e320ca491 100644 --- a/docs/configuring-playbook-rest-auth.md +++ b/docs/configuring-playbook-rest-auth.md @@ -1,6 +1,6 @@ # Setting up the REST authentication password provider module -The playbook can now install and configure [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth) for you. +The playbook can install and configure [matrix-synapse-rest-auth](https://github.com/kamax-io/matrix-synapse-rest-auth) for you. See that project's documentation to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-shared-secret-auth.md b/docs/configuring-playbook-shared-secret-auth.md new file mode 100644 index 000000000..df5eddd87 --- /dev/null +++ b/docs/configuring-playbook-shared-secret-auth.md @@ -0,0 +1,12 @@ +# Setting up the Shared Secret Auth password provider module + +The playbook can install and configure [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) for you. + +See that project's documentation to learn what it does and why it might be useful to you. + +If you decide that you'd like to let this playbook install it for you, you need some configuration like this: + +```yaml +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE +``` \ No newline at end of file diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 2daf57673..0f7f0e510 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -33,4 +33,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional) -- [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional) \ No newline at end of file +- [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional) + +- [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional) \ No newline at end of file diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index e8ab727aa..13408d520 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -84,6 +84,12 @@ matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: f matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false +# Enable this to activate the Shared Secret Auth password provider module. +# See: https://github.com/devture/matrix-synapse-shared-secret-auth +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" + matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres" matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d" diff --git a/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml b/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml index f96a5ce0c..4f8bd7eef 100644 --- a/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml +++ b/roles/matrix-server/tasks/setup_synapse_ext_shared_secret_auth.yml @@ -4,6 +4,11 @@ # Tasks related to setting up matrix-synapse-shared-secret-auth # +- name: Fail if Shared Secret Auth enabled, but no secret set + fail: + msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" + when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled and matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" + - name: Download matrix-synapse-shared-secret-auth get_url: url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"