aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--inventory-example/group_vars/all/synapse.yml1
-rw-r--r--inventory-example/group_vars/all/vault.yml1
-rw-r--r--roles/synapse/README.md3
-rw-r--r--roles/synapse/tasks/main.yml14
4 files changed, 13 insertions, 6 deletions
diff --git a/inventory-example/group_vars/all/synapse.yml b/inventory-example/group_vars/all/synapse.yml
index ac3b4d5..823cdb8 100644
--- a/inventory-example/group_vars/all/synapse.yml
+++ b/inventory-example/group_vars/all/synapse.yml
@@ -1,6 +1,7 @@
synapse_registration_shared_secret: '{{ vault_synapse_registration_shared_secret }}'
synapse_macaroon_secret_key: '{{ vault_synapse_macaroon_secret_key }}'
synapse_form_secret: '{{ vault_synapse_form_secret }}'
+synapse_signing_key: '{{ vault_synapse_signing_key }}'
synapse_sysaccount_password: '{{ vault_synapse_sysaccount_password }}'
synapse_domain: example.com
diff --git a/inventory-example/group_vars/all/vault.yml b/inventory-example/group_vars/all/vault.yml
index 18b57bb..c177ee5 100644
--- a/inventory-example/group_vars/all/vault.yml
+++ b/inventory-example/group_vars/all/vault.yml
@@ -129,6 +129,7 @@ vault_rspamd_dkim_keys: # generate with `rspamadm dkim_keygen`
vault_synapse_sysaccount_password: changeme
vault_synapse_registration_shared_secret: changeme
vault_synapse_macaroon_secret_key: changeme
+vault_synapse_signing_key: changeme
vault_synapse_form_secret: changeme
diff --git a/roles/synapse/README.md b/roles/synapse/README.md
index 7e6255e..19cec2c 100644
--- a/roles/synapse/README.md
+++ b/roles/synapse/README.md
@@ -18,6 +18,8 @@ If your Matrix domain differs from the public hostname of your synapse server
in order to federate with other instances. See the [sample webserver playbook](../../playbooks/webserver_public_example.yml)
for an example of how to do this.
+The secrets can be generated using `python -m synapse.app.homeserver --generate-config`.
+
Variables
---------
@@ -44,6 +46,7 @@ Variable | Default
`synapse_registration_shared_secret` |   | Secret passphrase to allow registration even when disabled (optional)
`synapse_macaroon_secret_key` |   | Secret signing key for various tokens (required)
`synapse_form_secret` |   | Secret key for various form HMACs (required)
+`synapse_signing_key` |   | Signing key (required)
`synapse_turn_host` | `{{ coturn_realm }}` | TURN server hostname
`synapse_turn_secret` | `{{ coturn_auth_secret }}` | TURN server shared secret
`synapse_enable_email_notifications` | yes | Enable email notifications
diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml
index febe3c6..b8140c4 100644
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@@ -31,18 +31,20 @@
dest: '{{ synapse_home }}/{{ item }}'
owner: '{{ synapse_user }}'
group: '{{ synapse_user }}'
- mode: 0600
+ mode: 0644
notify: restart synapse
loop:
- homeserver.yaml
- logging.config
- name: generate signing key
- shell:
- cmd: >-
- source {{ synapse_venv }}/bin/activate &&
- python -m synapse.app.homeserver --config-path {{ synapse_home }}/homeserver.yaml --generate-keys
- creates: '{{ synapse_home }}/{{ synapse_domain }}.signing.key'
+ copy:
+ content: |
+ {{ synapse_signing_key }}
+ dest: '{{ synapse_home }}/{{ synapse_domain }}.signing.key'
+ owner: '{{ synapse_user }}'
+ group: '{{ synapse_user }}'
+ mode: 0644
become: yes
become_user: '{{ synapse_user }}'
generated by cgit (git 2.34.1) at 2024-09-18 21:49:29 -0400