From 00bedc54ed4465e933fa5086e1d4d40a8a6d34fd Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Mon, 5 Apr 2021 17:05:39 +0200 Subject: [PATCH] add option matrix_signing_key to deploy existings signing key --- defaults/main.yml | 2 ++ tasks/install.yml | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 64aa45c..190b328 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -120,6 +120,8 @@ matrix_url_preview_max_spider_size: 10M matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV" matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF" +# @var matrix_signing_key: $ "_unset_" + matrix_tls_enabled: False matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem" matrix_tls_dhparam_size: 2048 diff --git a/tasks/install.yml b/tasks/install.yml index cdaa762..0755d68 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -40,8 +40,15 @@ virtualenv_command: /usr/bin/python3 -m venv when: matrix_ldap_auth_enabled | bool - - name: Create signing key - shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\"" + - name: Deploy existing signing key + copy: + content: "{{ matrix_signing_key }}" + dest: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key" + mode: 0600 + whem: matrix_signing_key is defined + + - name: Create new signing key if not provided + shell: '{{ matrix_base_dir }}/env/bin/python -c "from signedjson import key; file = open(''{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key'',''w''); key.write_signing_keys(file, [key.generate_signing_key(''first'')]); file.close()"' args: creates: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key" notify: __matrix_restart @@ -59,7 +66,7 @@ become_user: "{{ matrix_user }}" - block: - - name: Copy systemd unit file + - name: Deploy systemd unit file template: src: "etc/systemd/system/matrix.service.j2" dest: "/etc/systemd/system/matrix.service"