diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-06-13 08:13:15 -0400 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-06-13 08:13:15 -0400 |
| commit | a98964d36976c5f4a68ebf109457dafeca9a4dce (patch) | |
| tree | 94d2c37c59811b854ffdf295bc092dd86e3a6009 /roles/synapse | |
| parent | 5dbc4ad82641264ff62bf5026cfc9dd13d79489e (diff) | |
| download | selfhosted-a98964d36976c5f4a68ebf109457dafeca9a4dce.tar.gz selfhosted-a98964d36976c5f4a68ebf109457dafeca9a4dce.zip | |
synapse: store signing key in host_vars
Diffstat (limited to 'roles/synapse')
| -rw-r--r-- | roles/synapse/README.md | 3 | ||||
| -rw-r--r-- | roles/synapse/tasks/main.yml | 14 |
2 files changed, 11 insertions, 6 deletions
diff --git a/roles/synapse/README.md b/roles/synapse/README.md index 7e6255e..19cec2c 100644 --- a/roles/synapse/README.md +++ b/roles/synapse/README.md @@ -18,6 +18,8 @@ If your Matrix domain differs from the public hostname of your synapse server in order to federate with other instances. See the [sample webserver playbook](../../playbooks/webserver_public_example.yml) for an example of how to do this. +The secrets can be generated using `python -m synapse.app.homeserver --generate-config`. + Variables --------- @@ -44,6 +46,7 @@ Variable | Default `synapse_registration_shared_secret` | | Secret passphrase to allow registration even when disabled (optional) `synapse_macaroon_secret_key` | | Secret signing key for various tokens (required) `synapse_form_secret` | | Secret key for various form HMACs (required) +`synapse_signing_key` | | Signing key (required) `synapse_turn_host` | `{{ coturn_realm }}` | TURN server hostname `synapse_turn_secret` | `{{ coturn_auth_secret }}` | TURN server shared secret `synapse_enable_email_notifications` | yes | Enable email notifications diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml index febe3c6..b8140c4 100644 --- a/roles/synapse/tasks/main.yml +++ b/roles/synapse/tasks/main.yml @@ -31,18 +31,20 @@ dest: '{{ synapse_home }}/{{ item }}' owner: '{{ synapse_user }}' group: '{{ synapse_user }}' - mode: 0600 + mode: 0644 notify: restart synapse loop: - homeserver.yaml - logging.config - name: generate signing key - shell: - cmd: >- - source {{ synapse_venv }}/bin/activate && - python -m synapse.app.homeserver --config-path {{ synapse_home }}/homeserver.yaml --generate-keys - creates: '{{ synapse_home }}/{{ synapse_domain }}.signing.key' + copy: + content: | + {{ synapse_signing_key }} + dest: '{{ synapse_home }}/{{ synapse_domain }}.signing.key' + owner: '{{ synapse_user }}' + group: '{{ synapse_user }}' + mode: 0644 become: yes become_user: '{{ synapse_user }}' |