mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-01-30 20:05:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:41309799b6df41e0085e948ab59e226f5cbf3658
Branches Tags
mirror:master
mirror:renovate/zeratax-matrix-registration-0.x
mirror:synapse-cache-tuning
mirror:HarHarLinks/hookshot-encryption
...
compare: mirror:97740ec800491d8c2f8658f7ed6ecc21b02fbc7c
Branches Tags
mirror:master
mirror:renovate/zeratax-matrix-registration-0.x
mirror:synapse-cache-tuning
mirror:HarHarLinks/hookshot-encryption

3 Commits
41309799b6 ... 97740ec800

Author SHA1 Message Date
Suguru Hirahara
97740ec800
Update docs/configuring-playbook-ma1sd.md: move instruction to configure DNS settings up 
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2024-11-21 17:40:22 +09:00
Suguru Hirahara
27ce92f179
Update configuring-playbook-ma1sd.md: adjust to follow other examples such as on configuring-playbook-bridge-appservice-webhooks.md 
This commit:

- Move the note about installing to the top
- Add warning emoji (⚠️: U+26A0 FE0F)
- Use a common expression to discourage installing

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2024-11-21 17:38:33 +09:00
Suguru Hirahara
53130c6dfb
Update docs/configuring-playbook-ma1sd.md 
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2024-11-21 16:30:50 +09:00
1 changed files with 12 additions and 10 deletions
Show Stats Expand all files Collapse all files

22
docs/configuring-playbook-ma1sd.md
View File

@ -1,5 +1,7 @@
# Setting up ma1sd Identity Server (optional) # Setting up ma1sd Identity Server (optional)
**⚠Note**: ma1sd itself has also been unmaintained for years (the latest commit and release being from 2021). The role of identity servers in the Matrix specification also has an uncertain future. **We recommend not bothering with installing it unless it's the only way you can do what you need to do**. For example, certain things like LDAP integration can also be implemented via [the LDAP provider module for Synapse](./configuring-playbook-ldap-auth.md).
The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. It is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21. The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. It is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.
ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). It is private by default, potentially at the expense of user discoverability. ma1sd is used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). It is private by default, potentially at the expense of user discoverability.
@ -8,6 +10,16 @@ See the project's [documentation](https://github.com/ma1uta/ma1sd) to learn what
**Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). **Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).
## Adjusting DNS records
To make the ma1sd Identity Server enable its federation features, set up an SRV record that looks like this:
- Name: `_matrix-identity._tcp` (use this text as-is)
- Content: `10 0 443 matrix.example.com` (replace `example.com` with your own)
See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
**Note**: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
## Adjusting the playbook configuration ## Adjusting the playbook configuration
To enable ma1sd, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: To enable ma1sd, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
@ -116,16 +128,6 @@ matrix_ma1sd_configuration_extension_yaml: |
whitelist: ~ whitelist: ~
``` ```
## Adjusting DNS records
To make the ma1sd Identity Server enable its federation features, set up an SRV record that looks like this:
- Name: `_matrix-identity._tcp` (use this text as-is)
- Content: `10 0 443 matrix.example.com` (replace `example.com` with your own)
See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record.
**Note**: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
## Installing ## Installing
After configuring the playbook, run the [installation](installing.md) command: `just install-all` or `just setup-all` After configuring the playbook, run the [installation](installing.md) command: `just install-all` or `just setup-all`