configure dhparam

2019-01-19 03:27:47 +01:00 · 2019-01-19 03:27:47 +01:00 · ccab1f89fb
parent 48f3f66afd
commit ccab1f89fb
3 changed files with 10 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -92,6 +92,8 @@ matrix_open_ports:
    state: present

 matrix_tls_enabled: False
+matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
+matrix_tls_dhparam_size: 2048
 matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
 matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
 matrix_tls_cert_source: mycert.pem
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -8,6 +8,7 @@
        group: "{{ matrix_group }}"
        recurse: True
      with_items:
+        - "{{ matrix_tls_dhparam_path | dirname }}"
        - "{{ matrix_tls_cert_path | dirname }}"
        - "{{ matrix_tls_key_path | dirname }}"
  become: True
@ -24,5 +25,11 @@
        - { src: "{{ matrix_tls_cert_source }}", dest: '{{ matrix_tls_cert_path }}', mode: '0750' }
      loop_control:
        label: "{{ item.dest }}"
+
+    - name: Create Diffie-Hellman Parameter
+      openssl_dhparam:
+        path: "{{ matrix_tls_dhparam_path }}"
+        size: "{{ matrix_tls_dhparam_size }}"
+      when: matrix_tls_dhparam_path is defined
  become: True
  become_user: "{{ matrix_user }}"
--- a/templates/opt/matrix/config/homeserver.yml.j2
+++ b/templates/opt/matrix/config/homeserver.yml.j2
@ -9,7 +9,7 @@
 {% if matrix_tls_enabled %}
 tls_certificate_path: "{{ matrix_tls_cert_path }}"
 tls_private_key_path: "{{ matrix_tls_key_path }}"
-#tls_dh_params_path: "{{ matrix_conf_dir }}/matrix.example.com.tls.dh"
+tls_dh_params_path: "{{ matrix_tls_dhparam_path }}"
 no_tls: False
 {% else %}
 no_tls: True