[mod] role:synapse:mas als authentication-Variante

[fix] role:mas
2024-10-17 18:35:04 +02:00 · 2024-10-17 18:34:40 +02:00
5 changed files with 49 additions and 2 deletions
--- a/roles/mas/tasks/main.json
+++ b/roles/mas/tasks/main.json
@ -56,7 +56,7 @@
 		"become": true,
 		"become_user": "{{var_mas_user}}",
 		"ansible.builtin.template": {
-			"src": "config-main.yaml.j2",
+			"src": "config-main.json.j2",
 			"dest": "{{var_mas_directory}}/conf.d/base.yaml"
 		}
 	},
--- a/roles/synapse/defaults/main.json
+++ b/roles/synapse/defaults/main.json
@ -20,6 +20,12 @@
 	"var_synapse_authentication_data_authelia_client_id": "synapse",
 	"var_synapse_authentication_data_authelia_client_secret": "REPLACE_ME",
 	"var_synapse_authentication_data_authelia_url_base": "https://authelia.example.org",
+	"var_synapse_authentication_data_mas_url_base": "http://localhost:2839",
+	"var_synapse_authentication_data_mas_client_id": "synapse",
+	"var_synapse_authentication_data_mas_client_secret": "REPLACE_ME",
+	"var_synapse_authentication_data_mas_admin_token": "REPLACE_ME",
+	"var_synapse_authentication_data_mas_provider_id": "mas",
+	"var_synapse_authentication_data_mas_provider_name": "MAS",
 	"var_synapse_smtp_host": "smtp.example.org",
 	"var_synapse_smtp_port": 587,
 	"var_synapse_smtp_username": "synapse@smtp.example.org",
--- a/roles/synapse/info.md
+++ b/roles/synapse/info.md
@ -9,3 +9,4 @@ Zur Einrichtung des [matrix.org](https://matrix.org/)-Servers Synapse
 - [GitHub-Repository](https://github.com/matrix-org/synapse)
 - [Configuration Manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html)
 - [Dokumentation | PostgreSQL](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)
+- [MAS-Dokumentation | Homeserver configuration](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html)
--- a/roles/synapse/templates/homeserver.yaml.j2
+++ b/roles/synapse/templates/homeserver.yaml.j2
@ -126,6 +126,21 @@ oidc_providers:
        email_template: "{{"{{"}} user.email {{"}}"}}"
 {% endif %}

+{% if var_synapse_authentication_kind == 'mas' %}
+enable_registration: false
+enable_registration_without_verification: false
+
+experimental_features:
+  msc3861:
+    enabled: true
+    issuer: "{{var_synapse_authentication_data_mas_url_base}}"
+    client_auth_method: client_secret_basic
+    client_id: "{{var_synapse_authentication_data_mas_client_id}}"
+    client_secret: "{{var_synapse_authentication_data_mas_client_secret}}"
+    admin_token: "{{var_synapse_authentication_data_mas_admin_token}}"
+    account_management_url: "{{var_synapse_authentication_data_mas_url_base}}/account"
+{% endif %}
+
 account_validity:

 bcrypt_rounds: 12
--- a/roles/synapse/vardef.json
+++ b/roles/synapse/vardef.json
@ -71,7 +71,8 @@
 		"mandatory": false,
 		"options": [
 			"internal",
-			"authelia"
+			"authelia",
+			"mas"
 		]
 	},
 	"authentication_data_authelia_provider_id": {
@ -94,6 +95,30 @@
 		"type": "string",
 		"mandatory": false
 	},
+	"authentication_data_mas_url_base": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_mas_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_mas_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_mas_admin_token": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_mas_provider_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_mas_provider_name": {
+		"type": "string",
+		"mandatory": false
+	},
 	"smtp_host": {
 		"type": "string",
 		"mandatory": false
Author	SHA1	Message	Date
Christian Fraß	9f833de139	[mod] role:synapse:mas als authentication-Variante	2024-10-17 18:35:04 +02:00
Christian Fraß	ecbbc24580	[fix] role:mas	2024-10-17 18:34:40 +02:00