mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 17:43:23 +00:00 
			
		
		
		
	Do not install the ma1sd identity server by default
As mentioned in the changelog, this is a breaking change.
This commit is contained in:
		| @@ -62,11 +62,11 @@ The `cinny.<your-domain>` subdomain may be necessary, because this playbook coul | ||||
|  | ||||
| ## `_matrix-identity._tcp` SRV record setup | ||||
|  | ||||
| To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this: | ||||
| To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: | ||||
| - Name: `_matrix-identity._tcp` (use this text as-is) | ||||
| - Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own) | ||||
|  | ||||
| This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. | ||||
| This is an optional feature for the optionally-installed [ma1sd service](configuring-playbook-ma1sd.md). See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. | ||||
|  | ||||
| Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. | ||||
|  | ||||
|   | ||||
| @@ -1,24 +1,22 @@ | ||||
| # Adjusting ma1sd Identity Server configuration (optional) | ||||
|  | ||||
| By default, this playbook configures an [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. | ||||
| The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. | ||||
|  | ||||
| ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). | ||||
|  | ||||
| This server is private by default, potentially at the expense of user discoverability. | ||||
|  | ||||
| *ma1sd is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.* | ||||
|  | ||||
| **Note**: enabling ma1sd (which is also the default), means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). | ||||
| **Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). | ||||
|  | ||||
|  | ||||
| ## Disabling ma1sd | ||||
|  | ||||
| ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). | ||||
|  | ||||
| If you'd like for the playbook to not install ma1sd (or to uninstall it if it was previously installed), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
| To enable ma1sd, use the following additional configuration in your `vars.yml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_ma1sd_enabled: false | ||||
| matrix_ma1sd_enabled: true | ||||
| ``` | ||||
|  | ||||
|  | ||||
| ## Matrix.org lookup forwarding | ||||
|  | ||||
| To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information). | ||||
|   | ||||
| @@ -47,8 +47,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins | ||||
|  | ||||
| - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) | ||||
|  | ||||
| - [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md) (optional) | ||||
|  | ||||
| - [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) (optional, advanced) | ||||
|  | ||||
| - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) | ||||
| @@ -69,11 +67,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins | ||||
| - [Adjusting email-sending settings](configuring-playbook-email.md) (optional) | ||||
|  | ||||
| - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional) | ||||
|  | ||||
| - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) | ||||
|  | ||||
|  | ||||
| ### Authentication and user-related | ||||
|  | ||||
| - [Setting up an ma1sd Identity Server](configuring-playbook-ma1sd.md) (optional) | ||||
|  | ||||
| - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional) | ||||
|  | ||||
| - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (optional) | ||||
|   | ||||
| @@ -15,8 +15,6 @@ These services are enabled and used by default, but you can turn them off, if yo | ||||
|  | ||||
| - [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional) | ||||
|  | ||||
| - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) | ||||
|  | ||||
| - [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional) | ||||
|  | ||||
| - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) | ||||
| @@ -30,6 +28,8 @@ These services are enabled and used by default, but you can turn them off, if yo | ||||
|  | ||||
| These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later): | ||||
|  | ||||
| - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) | ||||
|  | ||||
| - [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) | ||||
|  | ||||
| - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user