add option matrix_signing_key to deploy existings signing key

defaults/main.yml

@@ -120,6 +120,8 @@ matrix_url_preview_max_spider_size: 10M
 matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV"
 matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF"
 
+# @var matrix_signing_key: $ "_unset_"
+
 matrix_tls_enabled: False
 matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
 matrix_tls_dhparam_size: 2048

tasks/install.yml

@@ -40,8 +40,15 @@
         virtualenv_command: /usr/bin/python3 -m venv
       when: matrix_ldap_auth_enabled | bool
 
-    - name: Create signing key
-      shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\""
+    - name: Deploy existing signing key
+      copy:
+        content: "{{ matrix_signing_key }}"
+        dest: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
+        mode: 0600
+      whem: matrix_signing_key is defined
+
+    - name: Create new signing key if not provided
+      shell: '{{ matrix_base_dir }}/env/bin/python -c "from signedjson import key; file = open(''{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key'',''w''); key.write_signing_keys(file, [key.generate_signing_key(''first'')]); file.close()"'
       args:
         creates: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
       notify: __matrix_restart
@@ -59,7 +66,7 @@
   become_user: "{{ matrix_user }}"
 
 - block:
-    - name: Copy systemd unit file
+    - name: Deploy systemd unit file
       template:
         src: "etc/systemd/system/matrix.service.j2"
         dest: "/etc/systemd/system/matrix.service"