From 6ca9d5ebd987134bd4ae9878e787a8d462c8fe83 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Sun, 19 Jan 2025 16:27:38 +0900 Subject: [PATCH] Update docs for Draupnir and Mjolnir: add the instruction to run the playbook before the instruction to run the curl command It is necessary to run the playbook to apply the configuration so that the curl command, which is described below, can be successfully executed. Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-bot-draupnir.md | 8 +++++++- docs/configuring-playbook-bot-mjolnir.md | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index bd9ef3f1a..a985e93b4 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -90,6 +90,12 @@ To expose the APIs publicly, add the following configuration to your `vars.yml` matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true ``` +Then, run the playbook with the following command to apply the configuration to the server *without starting the systemd services*: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all +``` + **Notes**: - Access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). @@ -102,7 +108,7 @@ Manual access to Synapse's Admin APIs requires an access token for a homeserver #### Run the `curl` command -After obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting. +After applying the configuration to the server and obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting. Before running it, make sure to replace: - `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index ffae03cee..855782b15 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -38,6 +38,12 @@ To expose the APIs publicly, add the following configuration to your `inventory/ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true ``` +Then, run the playbook with the following command to apply the configuration to the server *without starting the systemd services*: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all +``` + **Notes**: - Access to the APIs is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, doing so is not recommended for additional security. See [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). @@ -52,7 +58,7 @@ If you have made Mjolnir an admin, you can just use the Mjolnir token. #### Run the `curl` command -After obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting. +After applying the configuration to the server and obtaining the access token for the admin account, run the following command on systems that ship curl to discharge rate limiting. Before running it, make sure to replace: - `ADMIN_ACCESS_TOKEN_HERE` with the access token of the admin account