From 998e9ce65571eb5dff2aeffe3e1f1930882425e9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jan 2024 10:22:20 +0200 Subject: [PATCH] Revert "Auto-generate matrix_bot_matrix_registration_bot_bot_password via group vars" This reverts commit bf95ad2235962c155f127f4d75f5a3cced18d60a. This was a bad idea. It's better to have people manually define the password. Otherwise, `matrix_homeserver_generic_secret_key` changing some day in the future would break the bot and one would have to figure out how to reset its password manually. Using an explicit password is more stable. --- docs/configuring-playbook-bot-matrix-registration-bot.md | 5 ++++- group_vars/matrix_servers | 1 - .../matrix-bot-matrix-registration-bot/defaults/main.yml | 1 + .../tasks/validate_config.yml | 4 ++-- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index 938dd36db..30a9a1a78 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -21,6 +21,9 @@ matrix_bot_matrix_registration_bot_enabled: true # To use a different username, uncomment & adjust the variable below: # matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT + # Enables registration matrix_synapse_enable_registration: true @@ -28,7 +31,7 @@ matrix_synapse_enable_registration: true matrix_synapse_registration_requires_token: true ``` -The bot's user account will be created automatically. +The bot account will be created automatically. ## Installing diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8210882d5..42ca31f00 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1714,7 +1714,6 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_bot_matrix_registration_bot_bot_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'registration.bot', rounds=655555) | to_uuid }}" ###################################################################### # diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index 32b23a03b..512306e95 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -22,6 +22,7 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" + # The bot's password (can also be used to login via a client like element) matrix_bot_matrix_registration_bot_bot_password: '' diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index f961fb40e..b7a475639 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -1,6 +1,6 @@ --- -- name: Fail if required matrix-registration-bot settings not defined +- name: Fail if required settings not defined ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). @@ -8,7 +8,7 @@ with_items: - "matrix_bot_matrix_registration_bot_bot_password" -- name: (Deprecation) Catch and report old matrix-registration-bot settings +- name: (Deprecation) Catch and report old settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot.