From 50c1e9d695490d59d3b8b6234b44e69e6c48640c Mon Sep 17 00:00:00 2001 From: Paul N <92150859+stift-n2@users.noreply.github.com> Date: Mon, 6 Feb 2023 13:14:34 +0100 Subject: [PATCH] Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. --- docs/configuring-playbook-user-verification-service.md | 2 +- group_vars/matrix_servers | 2 -- roles/custom/matrix-user-verification-service/defaults/main.yml | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-user-verification-service.md b/docs/configuring-playbook-user-verification-service.md index d6468b54..82e4e84e 100644 --- a/docs/configuring-playbook-user-verification-service.md +++ b/docs/configuring-playbook-user-verification-service.md @@ -49,7 +49,7 @@ However, it is possible to expose UVS via setting `matrix_user_verification_serv ### Access token -The Synapse Access Token is used to verify RoomMembership and PowerLevel against the configured homeserver_url (which is plugged in group_vars). +The Synapse Access Token is used to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. We recommend that you create a dedicated Matrix user for uvs (`uvs` is a good username). Follow our [Registering users](registering-users.md) guide to register a user with administration privileges. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0a6ae4f3..8cd9baa9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3207,8 +3207,6 @@ matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matr # URL exposed in the docker network matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000" -# Set the homeserver URL to the container name if synapse is managed by this playbook -matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}" # We connect via the container network (private IPs), so we need to disable IP checks matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}" diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index fd174394..2b2cbcb2 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -37,7 +37,7 @@ matrix_user_verification_service_systemd_service_name: "{{ matrix_user_verificat # matrix_user_verification_service_uvs_access_token: # homeserver client api url -# matrix_user_verification_service_uvs_homeserver_url: "" +matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url }}" # disable check for non private ip range of homeserver. e.g. set to `true` if your homeserver domain resolves to a private ip. matrix_user_verification_service_uvs_disable_ip_blacklist: false