matrix-docker-ansible-deploy/docs/configuring-playbook-shared-secret-auth.md
Suguru Hirahara 6b87d1aa7d
Edit docs: consistent instructions to generate passphrases or secrets with pwgen
This commit replaces instructions to create passwords, passphrases, or secrets with common ones.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-12-22 17:53:14 +09:00

1.9 KiB

Setting up the Shared Secret Auth password provider module (optional, advanced)

The playbook can install and configure matrix-synapse-shared-secret-auth for you.

See the project's documentation to learn what it does and why it might be useful to you.

Adjusting the playbook configuration

Add the following configuration to your inventory/host_vars/matrix.example.com/vars.yml file:

matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true

# Generate a strong shared secret here. You can create one with a command like `pwgen -s 64 1`.
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE

Authenticating only using a password provider

If you wish for users to authenticate only against configured password providers (like this one), without consulting Synapse's local database, feel free to disable it:

matrix_synapse_password_config_localdb_enabled: false

Installing

After configuring the playbook, run it with playbook tags as below:

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

The shortcut commands with the just program are also available: just install-all or just setup-all

just install-all is useful for maintaining your setup quickly (2x-5x faster than just setup-all) when its components remain unchanged. If you adjust your vars.yml to remove other components, you'd need to run just setup-all, or these components will still remain installed. Note these shortcuts run the ensure-matrix-users-created tag too.