misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[fix] role:synapse:auth

Browse source
This commit is contained in:
roydfalk 2024-03-20 00:47:45 +01:00
parent 81bef7dd44
commit aefe805a10
2 changed files with 21 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ansible/roles/synapse/defaults/main.json
View file

@ -13,12 +13,12 @@
"var_synapse_federation_whitelist": [], "var_synapse_federation_whitelist": [],
"var_synapse_password_strict_policy": true, "var_synapse_password_strict_policy": true,
"var_synapse_registration_shared_secret": "REPLACE_ME", "var_synapse_registration_shared_secret": "REPLACE_ME",
"var_synapse_oidc_enable": false, "var_synapse_authentication_kind": "internal",
"var_synapse_oidc_provider_id": "external_auth", "var_synapse_authentication_data_authelia_provider_id": "authelia",
"var_synapse_oidc_provider_name": "external auth", "var_synapse_authentication_data_authelia_provider_name": "Authelia",
"var_synapse_oidc_client_id": "synapse", "var_synapse_authentication_data_authelia_client_id": "synapse",
"var_synapse_oidc_client_secret": "REPLACE_ME", "var_synapse_authentication_data_authelia_client_secret": "REPLACE_ME",
"var_synapse_oidc_issuer_url": "https://auth.example.org", "var_synapse_authentication_data_authelia_url_base": "https://authelia.example.org",
"var_synapse_smtp_host": "smtp.example.org", "var_synapse_smtp_host": "smtp.example.org",
"var_synapse_smtp_port": 587, "var_synapse_smtp_port": 587,
"var_synapse_smtp_username": "synapse@smtp.example.org", "var_synapse_smtp_username": "synapse@smtp.example.org",

30
ansible/roles/synapse/templates/homeserver.yaml.j2
View file

@ -91,29 +91,29 @@ recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
registration_shared_secret: "{{var_synapse_registration_shared_secret}}" registration_shared_secret: "{{var_synapse_registration_shared_secret}}"
{% endif %} {% endif %}
{% if var_synapse_oidc_enable %}
enable_registration: false
enable_registration_without_verification: false
{% else %}
enable_registration: true
enable_registration_without_verification: true
{% endif %}
oidc_config: oidc_config:
user_mapping_provider: user_mapping_provider:
config: config:
# NOT an Ansible variable # NOT an Ansible variable
localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}" localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
{% if var_synapse_oidc_enable %} {% if var_synapse_authentication_kind == 'internal' %}
enable_registration: true
enable_registration_without_verification: true
{% endif %}
{% if var_synapse_authentication_kind == 'authelia' %}
enable_registration: false
enable_registration_without_verification: false
oidc_providers: oidc_providers:
- idp_id: "{{var_synapse_oidc_provider_id}}" - idp_id: "{{var_synapse_authentication_data_authelia_provider_id}}"
idp_name: "{{var_synapse_oidc_provider_name}}" idp_name: "{{var_synapse_authentication_data_authelia_provider_name}}"
# idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI" idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
discover: true discover: true
issuer: "{{var_synapse_oidc_issuer_url}}" issuer: "{{var_synapse_authentication_data_authelia_url_base}}"
client_id: "{{var_synapse_oidc_client_id}}" client_id: "{{var_synapse_authentication_data_authelia_client_id}}"
client_secret: "{{var_synapse_oidc_client_secret}}" client_secret: "{{var_synapse_authentication_data_authelia_client_secret}}"
scopes: ["openid", "profile", "email"] scopes: ["openid", "profile", "email"]
allow_existing_users: true allow_existing_users: true
user_mapping_provider: user_mapping_provider: