mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-31 15:27:56 +01:00
230 lines
12 KiB
Plaintext
230 lines
12 KiB
Plaintext
# SOME DESCRIPTIVE TITLE.
|
|
# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
|
|
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
#, fuzzy
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2025-01-27 09:54+0200\n"
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:1
|
|
msgid "Setting up Matrix User Verification Service (optional)"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:3
|
|
msgid "The playbook can install and configure [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) (hereafter: UVS) for you."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:5
|
|
msgid "See the project's [documentation](https://github.com/matrix-org/matrix-user-verification-service/blob/master/README.md) to learn what it does and why it might be useful to you."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:7
|
|
msgid "Currently, the main purpose of this role is to allow Jitsi to authenticate Matrix users and check if they are authorized to join a conference. If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:9
|
|
msgid "What does it do?"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:11
|
|
msgid "UVS can be used to verify two claims:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:13
|
|
msgid "(A) Whether a given OpenID token is valid for a given server and"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:14
|
|
msgid "(B) whether a user is member of a given room and the corresponding PowerLevel"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:16
|
|
msgid "Verifying an OpenID token ID done by finding the corresponding Homeserver via `/.well-known/matrix/server` for the given domain. The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this. By default, this playbook only checks against `matrix_server_fqn_matrix`. Therefore, the request will be made against the public `openid` API for `matrix_server_fqn_matrix`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:18
|
|
msgid "Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network. UVS will verify the validity of the token beforehand though."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:20
|
|
msgid "Prerequisites"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:22
|
|
msgid "Open Matrix Federation port"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:24
|
|
msgid "Enabling the UVS service will automatically reconfigure your Synapse homeserver to expose the `openid` API endpoints on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. If you enable the component, make sure that the port is accessible."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:26
|
|
msgid "Install Matrix services"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:28
|
|
msgid "UVS can only be installed after Matrix services are installed and running. If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) and come back here later."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:30
|
|
msgid "Register a dedicated Matrix user (optional, recommended)"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:32
|
|
msgid "We recommend that you create a dedicated Matrix user for uvs (`uvs` is a good username). **Because UVS requires an access token as an admin user, that user needs to be an admin.**"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:34
|
|
msgid "Generate a strong password for the user. You can create one with a command like `pwgen -s 64 1`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:36
|
|
msgid "You can use the playbook to [register a new user](registering-users.md):"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:42
|
|
msgid "Obtain an access token"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:44
|
|
msgid "UVS requires an access token as an admin user to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md)."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:46
|
|
msgid "[!WARNING] Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:49
|
|
msgid "Adjusting the playbook configuration"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:51
|
|
msgid "To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token)."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:59
|
|
msgid "In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host. However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:61
|
|
msgid "Custom Auth Token (optional)"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:63
|
|
msgid "It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header `Authorization: Bearer YOUR_TOKEN_HERE`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:65
|
|
msgid "By default, the token (`YOUR_TOKEN_HERE`) will be derived from `matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:67
|
|
msgid "To set your own token, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_TOKEN_HERE` with your own."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:73
|
|
msgid "If a Jitsi instance is also managed by this playbook and [`matrix` authentication](configuring-playbook-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) is enabled there, this collection will automatically configure Jitsi to use the configured auth token."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:75
|
|
msgid "Disable Authorization (optional)"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:77
|
|
msgid "Authorization is enabled by default. To disable it, add the following configuration to your `vars.yml` file:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:83
|
|
msgid "Federation (optional)"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:85
|
|
msgid "In theory (however currently untested), UVS can handle federation. To enable it, add the following configuration to your `vars.yml` file:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:91
|
|
msgid "This will instruct UVS to verify the OpenID token against any domain given in a request. Homeserver discovery is done via `.well-known/matrix/server` of the given domain."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:93
|
|
msgid "Extending the configuration"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:95
|
|
msgid "There are some additional things you may wish to configure about the component."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:97
|
|
msgid "Take a look at:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:99
|
|
msgid "`roles/custom/matrix-user-verification-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:101
|
|
msgid "Installing"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:103
|
|
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:110
|
|
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-service matrix-user-verification-service` or `just setup-all`"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:112
|
|
msgid "`just install-service matrix-user-verification-service` is useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note `just setup-all` runs the `ensure-matrix-users-created` tag too."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:114
|
|
msgid "Troubleshooting"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:116
|
|
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-user-verification-service`."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:118
|
|
msgid "Increase logging verbosity"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:120
|
|
msgid "The default logging level for this component is `info`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:127
|
|
msgid "TLS Certificate Checking"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:129
|
|
msgid "If the Matrix Homeserver does not provide a valid TLS certificate, UVS will fail with the following error message:"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:131
|
|
msgid "message: 'No response received: [object Object]',"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:133
|
|
msgid "This also applies to self-signed and Let's Encrypt staging certificates."
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:135
|
|
msgid "To disable certificate validation altogether (INSECURE! Not suitable for production use!) set: `NODE_TLS_REJECT_UNAUTHORIZED=0`"
|
|
msgstr ""
|
|
|
|
#: ../../../docs/configuring-playbook-user-verification-service.md:137
|
|
msgid "Alternatively, it is possible to inject your own CA certificates into the container by mounting a PEM file with additional trusted CAs into the container and pointing the `NODE_EXTRA_CA_CERTS` environment variable to it."
|
|
msgstr ""
|