mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-24 09:03:24 +00:00
* Add docs/quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add description about keeping the playbook and services up-to-date
Also: move descriptions about difference between the playbook tags (setup-all and install-all) and about the just "recipe" from installing.md to maintenance-upgrading-services.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Replace <your-username> with YOUR_USERNAME_HERE
This is a common expression and should avoid misunderstanding that `<` and `>` would need to be included
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Replace <your-password> with YOUR_PASSWORD_HERE
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Change the link to 'Quick start' on the breadcrumbs from README.md to quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add a link to quick-start.md on the "Getting started" section
Since I am not quite sure whether the link to prerequisites.md should be replaced in favor of this link, this commit leaves it as it is for now.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add a link to quick-start.md on docs/README.md
Since I am not quite sure whether the link to prerequisites.md should be replaced in favor of this link, this commit leaves it as it is for now.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add note about using "example.com" as an example domain
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Remove backticks from command examples to register a user
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Apply suggestions from code review
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Improve notes for instruction to create a user account
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add details about delegation to installing.md and quick-start.md
Some information is omitted on quick-start.md in favor of installing.md to keep the quick start guide simple.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/quick-start.md: add the breadcrumb header
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Edit docs/quick-start.md: run the setup command with install-all by default
Refer docs/maintenance-upgrading-services.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Revert "Update docs/quick-start.md: add the breadcrumb header"
This reverts commit 9a6e1cf14c
.
As the quick start guide is standalone.
* Update docs/quick-start.md: add headers inside the install section
These headers should make it perfectly clear that there are two steps to be done to install with the playbook
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update quick-start.md
* Update docs/registering-users.md: notes for manual user registeration
Copy the same notes from quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Reword some things in quick start
* Add alternative to `just roles`
* Update docs/configuring-dns.md: sync with docs/quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/quick-start.md: add a link to docs/registering-users.md for an instruction to add user accounts
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/registering-users.md and docs/updating-users-passwords.md: remove "your" from username and password placeholders
These documentations, unlike docs/installing.md and docs/quick-start.md, describe how to handle users (registering them or changing their passwords), some of whom are yours, while others are not.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/installing.md: add "your" to make it clear that it is "your" account that is going to be created
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/installing.md and docs/quick-start.md: mention "make roles"
This commit adds mentions to "make roles" and a note about the preference of ansible-playbook commands over the just "recipes".
quick-start.md intends to be referred by those who have never used the playbook to set up a server, so it is safer to regard that it is not clear to them what exactly the just "recipes" are made of, ie. it takes some time and experience until someone understands simplicity of them. For beginners, I believe that we should prefer the basics over simplicity, from the educational point of view.
If someone feels tired of using the same command repetitively, then the person will have been already well accustomed to the way how the playbook works and how the server is supposed to be maintained, and the person is "qualified" to use the just "recipes", and should be able to use them with confidence, distinguishing the playbook tags from the "recipes", for example, from "just install-all" and "ansible-playbook -i inventory/hosts setup.yml --tags=install-all". Such level of familiarity and experience should not be expected on the quick start guide.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update instructions to update Ansible roles
Also: move the detailed explanation about "just roles" from installing.md to maintenance-upgrading-services.md
TBD: create a dedicated documentation for the "just" program and the concept of its "recipe" (shortcut of commands)
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add a note about cases to create multiple accounts/users
Since one of the quick start guide's goals is to set up an own user account, this commit adds the note about creating multiple accounts/users to installing.md and registering-users.md only. It should be fine as registering-users.md is linked from quick-start.md
Also:
- On installing.md and quick-start.md, change instruction from what encourages to select "admin=yes" or "admin=no" to what encourages to use "admin=yes", since your user account will be the sole user on the server, as long as you set up the server by following the documentation
- Remove the link to registering-users.md from quick-start.md as the documentation is already linked above, under the header of the section
- Sync docs/installing.md with other documentation
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Remove a line about setting "admin=yes" to reduce the amount of information
Because quick-start.md is getting longer with much information, it removes the note in favor of the linked registering-users.md documentation. The note is available on installing.md as well, and details about adding user accounts for other people can (and should) be checked on those documentations.
Also, this commit edits lines above these notes to make it clear that your user account will be an administrator of the server.
With this commit, the amount of the information about adding user accounts will be: registering-users.md > installing.md > quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Fix a broken anchor link on docs/installing.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Replace repetitive information about upgrading with an anchor link to docs/maintenance-upgrading-services.md
Because details to update/upgrade the Matrix services is not necessary for quick start and the amount of information should be reduced from the viewpoint of maintainability, this commit removes details to update/upgrade from quick-start.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/quick-start.md: add a note about keeping it tidy and simple
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/maintenance-checking-services.md and docs/quick-start.md: add instruction to use federation tester against the base domain
Per Slavi's suggestion.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/installing.md and docs/quick-start.md: replace commands to finalize the installation
Per Slavi's suggestion.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Clarify install-matrix-static-files to avoid confusion with install-all; Minor consistency improvements
---------
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
149 lines
8.2 KiB
Markdown
149 lines
8.2 KiB
Markdown
# Registering users
|
|
|
|
This documentation page tells you how to create user accounts on your Matrix server.
|
|
|
|
Table of contents:
|
|
|
|
- [Registering users](#registering-users)
|
|
- [Registering users manually](#registering-users-manually)
|
|
- [Managing users via a Web UI](#managing-users-via-a-web-ui)
|
|
- [Letting certain users register on your private server](#letting-certain-users-register-on-your-private-server)
|
|
- [Enabling public user registration](#enabling-public-user-registration)
|
|
- [Adding/Removing Administrator privileges to an existing user](#addingremoving-administrator-privileges-to-an-existing-user)
|
|
|
|
|
|
## Registering users manually
|
|
|
|
**Notes**:
|
|
- Make sure to adjust `USERNAME_HERE` and `PASSWORD_HERE`
|
|
- For `USERNAME_HERE`, use a plain username like `john`, not a full identifier (`@user:example.com`)
|
|
- Use `admin=yes` or `admin=no` depending on whether you wish to make the user an administrator of the Matrix server
|
|
|
|
After registering a user (using one of the methods below), **you can log in with that user** via the [Element Web](configuring-playbook-client-element-web.md) service that this playbook has installed for you at a URL like this: `https://element.example.com/`.
|
|
|
|
### Registering users via the Ansible playbook
|
|
|
|
It's best to register users via the Ansible playbook, because it works regardless of homeserver implementation (Synapse, Dendrite, etc) or usage of [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) (MAS).
|
|
|
|
To register a user via this Ansible playbook:
|
|
|
|
```sh
|
|
just register-user USERNAME_HERE PASSWORD_HERE <admin access: yes or no>
|
|
|
|
# Example: `just register-user john secret-password yes`
|
|
```
|
|
|
|
**or** by invoking `ansible-playbook` manually:
|
|
|
|
```sh
|
|
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=USERNAME_HERE password=PASSWORD_HERE admin=<yes|no>' --tags=register-user
|
|
|
|
# Example: ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=john password=secret-password admin=yes' --tags=register-user
|
|
```
|
|
|
|
Feel free to register as many users (for friends, family, etc.) as you want. Still, perhaps you should grant full administrative access to your user account only (with `admin=yes`), and others should be created with `admin=no`.
|
|
|
|
⚠️ **Warning**: If you're registering users against Matrix Authentication Service, do note that it [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information.
|
|
|
|
### Registering users manually for Synapse
|
|
|
|
If you're using the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default), you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
|
|
|
|
```sh
|
|
/matrix/synapse/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
|
|
|
|
# Example: `/matrix/synapse/bin/register-user john secret-password 1`
|
|
```
|
|
|
|
### Registering users manually for Dendrite
|
|
|
|
If you're using the [Dendrite](./configuring-playbook-dendrite.md) homeserver implementation, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
|
|
|
|
```sh
|
|
/matrix/dendrite/bin/create-account USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
|
|
|
|
# Example: `/matrix/dendrite/bin/create-account john secret-password 1`
|
|
```
|
|
|
|
### Registering users manually for Matrix Authentication Service
|
|
|
|
If you're using the [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) and your existing homeserver (most likely [Synapse](./configuring-playbook-synapse.md)) is delegating authentication to it, you can register users via the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#install-matrix-server-and-services)):
|
|
|
|
```sh
|
|
/matrix/matrix-authentication-service/bin/register-user USERNAME_HERE PASSWORD_HERE <admin access: 0 or 1>
|
|
|
|
# Example: `/matrix/matrix-authentication-service/bin/register-user john secret-password 1`
|
|
```
|
|
|
|
This `register-user` script actually invokes the `mas-cli manage register-user` command under the hood. If you'd like more control over the registration process, consider invoking the `mas-cli` command directly:
|
|
|
|
```sh
|
|
/matrix/matrix-authentication-service/bin/mas-cli manage register-user --help
|
|
```
|
|
|
|
⚠️ **Warning**: Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user. Upon a user's first login, they will be asked to confirm their email address. This requires that email sending is [configured](./configuring-playbook-email.md). You can also consult the [Working around email deliverability issues](./configuring-playbook-matrix-authentication-service.md#working-around-email-deliverability-issues) section for more information.
|
|
|
|
|
|
## Managing users via a Web UI
|
|
|
|
To manage users more easily (via a web user-interace), you can install [Synapse Admin](configuring-playbook-synapse-admin.md).
|
|
|
|
⚠️ **Warning**: If you're using [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), note that user management via synapse-admin is not fully working yet. See the [Expectations](configuring-playbook-matrix-authentication-service.md#expectations) section for more information.
|
|
|
|
|
|
## Letting certain users register on your private server
|
|
|
|
If you'd rather **keep your server private** (public registration closed, as is the default), and **let certain people create accounts by themselves** (instead of creating user accounts manually like this), consider installing and making use of [matrix-registration](configuring-playbook-matrix-registration.md).
|
|
|
|
|
|
## Enabling public user registration
|
|
|
|
To **open up user registration publicly** (usually **not recommended**), add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
|
|
|
|
For Synapse:
|
|
|
|
```yaml
|
|
matrix_synapse_enable_registration: true
|
|
```
|
|
|
|
For Dendrite:
|
|
|
|
```yaml
|
|
matrix_dendrite_client_api_registration_disabled: false
|
|
```
|
|
|
|
After configuring the playbook, run the [installation](installing.md) command: `just install-all` or `just setup-all`
|
|
|
|
If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md).
|
|
|
|
|
|
## Adding/Removing Administrator privileges to an existing user
|
|
|
|
### Adding/Removing Administrator privileges to an existing user in Synapse
|
|
|
|
To change the admin privileges for a user in Synapse's local database, you need to run an SQL query like this against the `synapse` database:
|
|
|
|
```sql
|
|
UPDATE users SET admin=ADMIN_VALUE WHERE name = '@USER:example.com';
|
|
```
|
|
|
|
where:
|
|
|
|
- `ADMIN_VALUE` being either `0` (regular user) or `1` (admin)
|
|
- `USER` and `example.com` pointing to a valid user on your server
|
|
|
|
If you're using the integrated Postgres server and not an [external Postgres server](configuring-playbook-external-postgres.md), you can launch a Postgres into the `synapse` database by:
|
|
|
|
- running `/matrix/postgres/bin/cli` - to launch [`psql`](https://www.postgresql.org/docs/current/app-psql.html)
|
|
- running `\c synapse` - to change to the `synapse` database
|
|
|
|
You can then proceed to run the query above.
|
|
|
|
**Note**: directly modifying the raw data of Synapse (or any other software) could cause the software to break. You've been warned!
|
|
|
|
### Adding/Removing Administrator privileges to an existing user in Matrix Authentication Service
|
|
|
|
Promoting/demoting a user in Matrix Authentication Service cannot currently (2024-10-19) be done via the [`mas-cli` Management tool](./configuring-playbook-matrix-authentication-service.md#management).
|
|
|
|
You can do it via the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html)'s `POST /api/admin/v1/users/{id}/set-admin` endpoint.
|