diff --git a/README.md b/README.md index cbf5150..7d9dab5 100644 --- a/README.md +++ b/README.md @@ -25,24 +25,18 @@ The following should be present on the target system | **matrix_synapse_pg_pass** | __string__ | postgresql user's password | | **matrix_synapse_pg_db** | __string__ | postgresql database | | **matrix_synapse_macaroon_secret_key** | __string__ | matrix's macaroon key (make sure not to change it!) | +| **matrix_synapse_registration_secret** | __string__ | matrix's registration secret | ### Optional Variables | Name | Value | Description | | :--- | :--- | :--- | | matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) | -| matrix_synapse_tls_cert_path | "/opt/synapse/tls/{{ matrix_server_name }}.crt" | -| matrix_synapse_tls_key_path | "/opt/synapse/tls/{{ matrix_server_name }}.key" | | matrix_synapse_dh_path | "/opt/synapse/tls/{{ matrix_server_name }}.dh" | | matrix_synapse_baseurl | "https://{{ matrix_server_name }}" | -| matrix_synapse_media_store_path | "/opt/synapse/media_store" | -| matrix_synapse_uploads_path | "/opt/synapse/uploads" | -| matrix_synapse_registration_secret | "{{ matrix_registration_secret }}" | | matrix_synapse_signing_key_path | "/opt/synapse/ssl/{{ matrix_server_name }}.signing.key" | | matrix_synapse_version | "v0.99.1.1" | | matrix_synapse_log_days_keep | 30 | -| matrix_synapse_skip_tls | false | -| matrix_synapse_registration_secret | _randomly generated_ | | matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) | | matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) | diff --git a/defaults/main.yml b/defaults/main.yml index 83b6d07..a95c8dc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,8 +2,6 @@ matrix_synapse_extra_config: {} matrix_synapse_deployment_method: pip matrix_synapse_supervision_method: systemd -matrix_synapse_tls_cert_path: "/opt/synapse/tls/{{ matrix_server_name }}.crt" -matrix_synapse_tls_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.key" matrix_synapse_dh_path: "/opt/synapse/tls/{{ matrix_server_name }}.dh" matrix_synapse_baseurl: "https://{{ matrix_server_name }}" matrix_synapse_signing_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.signing.key" diff --git a/tasks/configure.yml b/tasks/configure.yml index 091697a..35612a1 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,14 +1,4 @@ --- -- name: Generate registration secret - block: - - command: /usr/bin/pwgen -sn 84 1 - register: pwgen - delegate_to: localhost - become: false - - set_fact: - matrix_synapse_registration_secret: "{{ pwgen.stdout }}" - when: matrix_synapse_registration_secret is not defined - - name: create user user: name: synapse diff --git a/tasks/crypto.yml b/tasks/crypto.yml index 2d5098b..63eb7ad 100644 --- a/tasks/crypto.yml +++ b/tasks/crypto.yml @@ -5,30 +5,28 @@ - name: Create signing key matrix_signing_key: - path: "{{ matrix_synapse_signing_key_path }}" + path: "{{ matrix_synapse_config.signing_key_path }}" notify: - "restart matrix-synapse" -- name: create DH parameters - openssl_dhparam: - path: "{{ matrix_synapse_dh_path }}" - size: 2048 - owner: synapse - - name: Write server's certificate and private key block: + - name: create DH parameters + openssl_dhparam: + path: "{{ matrix_synapse_dh_path }}" + owner: synapse - name: Write certificate copy: content: "{{ matrix_synapse_tls_cert }}" - dest: "{{ matrix_synapse_tls_cert_path }}" + dest: "{{ matrix_synapse_config.tls_certificate_path }}" owner: synapse group: synapse mode: "0644" - name: Write keyfile copy: content: "{{ matrix_synapse_tls_key }}" - dest: "{{ matrix_synapse_tls_key_path }}" + dest: "{{ matrix_synapse_config.tls_private_key_path }}" owner: synapse group: synapse mode: "0600" - when: not matrix_synapse_skip_tls + when: not matrix_synapse_config.no_tls diff --git a/tests/test-pip.yml b/tests/test-pip.yml index ed8dcd6..d9e8ba2 100644 --- a/tests/test-pip.yml +++ b/tests/test-pip.yml @@ -18,10 +18,12 @@ value: "*" - role: matrix-ansible-synapse matrix_server_name: localhost - matrix_synapse_skip_tls: true matrix_synapse_report_stats: false matrix_synapse_pg_host: localhost matrix_synapse_pg_user: "{{ dbuser }}" matrix_synapse_pg_pass: "{{ dbpw }}" matrix_synapse_pg_db: "{{ dbname }}" matrix_synapse_macaroon_secret_key: "THIS_IS_TOTALLY_SECRET_1337_L33T_HaxXxOR" + matrix_synapse_registration_secret: "ahphae6shuighahxaf9weeBahHieCh8woo6agh6UGh" + matrix_synapse_extra_config: + no_tls: true diff --git a/vars/main.yml b/vars/main.yml index 41298c2..057c379 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -2,15 +2,15 @@ matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}" matrix_synapse_base_config: server_name: "{{ matrix_server_name }}" - tls_certificate_path: "{{ matrix_synapse_skip_tls | ternary(None,matrix_synapse_tls_cert) }}" - tls_private_key_path: "{{ matrix_synapse_skip_tls | ternary(None,matrix_synapse_tls_key) }}" + tls_certificate_path: "/opt/synapse/tls/{{ matrix_server_name }}.crt" + tls_private_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.key" acme: enabled: false url: https://acme-v01.api.letsencrypt.org/directory port: 80 bind_addresses: ['::', '0.0.0.0'] reprovision_threshold: 30 - no_tls: "{{ matrix_synapse_skip_tls }}" + no_tls: false tls_fingerprints: [] pid_file: "/opt/synapse/synapse.pid" soft_file_limit: 0 @@ -21,7 +21,7 @@ matrix_synapse_base_config: - '::' - '0.0.0.0' type: http - tls: "{{ not matrix_synapse_skip_tls }}" + tls: true x_forwarded: false resources: - names: [client] @@ -30,7 +30,9 @@ matrix_synapse_base_config: compress: false - port: 8008 tls: false - bind_addresses: ['::', '0.0.0.0'] + bind_addresses: + - '::' + - '0.0.0.0' type: http x_forwarded: false resources: