ansible-collection-famedly-.../tasks/crypto.yml

---
- name: Create signing key
  shell: >
    /opt/synapse/env/bin/python -c "
    from signedjson import key;
    with open('{{ matrix_synapse_signing_key_path }}','w') as file:
      key.write_signing_keys(file, [key.generate_signing_key('first')]);
    "
  args:
    creates: "{{ matrix_synapse_signing_key_path }}" 
  become: true
  become_user: synapse
  notify:
    - "restart synapse"

- name: create DH parameters
  openssl_dhparam:
    path: "{{ matrix_synapse_dh_path }}"
    owner: synapse

- name: Write server's certificate and private key
  block:
    - name: Write certificate
      copy:
        content: "{{ matrix_synapse_tls_cert }}"
        dest: "{{ matrix_synapse_tls_cert_path }}"
        owner: synapse
        group: synapse
        mode: "0644"
    - name: Write keyfile
      copy:
        content: "{{ matrix_synapse_tls_key }}"
        dest: "{{ matrix_synapse_tls_key_path }}"
        owner: synapse
        group: synapse
        mode: "0600"
  when: not matrix_synapse_skip_tls
Extract letsencrypt operations to a separate play 2018-12-02 22:25:20 +00:00			`---`
Use the builtin openssl dhparam module instead of the openssl command 2018-12-03 22:28:34 +00:00			`- name: Create signing key`
			`shell: >`
			`/opt/synapse/env/bin/python -c "`
			`from signedjson import key;`
Rename ssl.yml to crypto.yml 2019-02-12 01:38:17 +00:00			`with open('{{ matrix_synapse_signing_key_path }}','w') as file:`
Use the builtin openssl dhparam module instead of the openssl command 2018-12-03 22:28:34 +00:00			`key.write_signing_keys(file, [key.generate_signing_key('first')]);`
			`"`
Extract letsencrypt operations to a separate play 2018-12-02 22:25:20 +00:00			`args:`
Rename ssl.yml to crypto.yml 2019-02-12 01:38:17 +00:00			`creates: "{{ matrix_synapse_signing_key_path }}"`
Extract letsencrypt operations to a separate play 2018-12-02 22:25:20 +00:00			`become: true`
Use the builtin openssl dhparam module instead of the openssl command 2018-12-03 22:28:34 +00:00			`become_user: synapse`
			`notify:`
			`- "restart synapse"`

			`- name: create DH parameters`
			`openssl_dhparam:`
Rename ssl.yml to crypto.yml 2019-02-12 01:38:17 +00:00			`path: "{{ matrix_synapse_dh_path }}"`
Use the builtin openssl dhparam module instead of the openssl command 2018-12-03 22:28:34 +00:00			`owner: synapse`

Write the tls certificate and private key to a file 2019-02-12 01:58:16 +00:00			`- name: Write server's certificate and private key`
			`block:`
			`- name: Write certificate`
			`copy:`
			`content: "{{ matrix_synapse_tls_cert }}"`
			`dest: "{{ matrix_synapse_tls_cert_path }}"`
			`owner: synapse`
			`group: synapse`
			`mode: "0644"`
			`- name: Write keyfile`
			`copy:`
			`content: "{{ matrix_synapse_tls_key }}"`
			`dest: "{{ matrix_synapse_tls_key_path }}"`
			`owner: synapse`
			`group: synapse`
			`mode: "0600"`
Use tls in place of ssl 2019-02-14 23:25:35 +00:00			`when: not matrix_synapse_skip_tls`