Merge branch 'master' into docker

2024-11-10 05:34:16 +00:00 · 2019-02-17 22:53:27 +01:00 · 2019-02-17 22:53:27 +01:00 · 8f4f26bcb4
commit 8f4f26bcb4
parent b5f805f22c 0e7a31b0e1
6 changed files with 19 additions and 35 deletions
--- a/README.md
+++ b/README.md
@ -25,24 +25,18 @@ The following should be present on the target system
 | **matrix_synapse_pg_pass** | __string__ | postgresql user's password |
 | **matrix_synapse_pg_db** | __string__ | postgresql database |
 | **matrix_synapse_macaroon_secret_key** | __string__ | matrix's macaroon key (make sure not to change it!) |
+| **matrix_synapse_registration_secret** | __string__ | matrix's registration secret |

 ### Optional Variables

 | Name | Value | Description |
 | :--- | :--- | :---  |
 | matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) | 
-| matrix_synapse_tls_cert_path  | "/opt/synapse/tls/{{ matrix_server_name }}.crt" |
-| matrix_synapse_tls_key_path | "/opt/synapse/tls/{{ matrix_server_name }}.key" |
 | matrix_synapse_dh_path | "/opt/synapse/tls/{{ matrix_server_name }}.dh" |
 | matrix_synapse_baseurl | "https://{{ matrix_server_name }}" |
-| matrix_synapse_media_store_path | "/opt/synapse/media_store" |
-| matrix_synapse_uploads_path | "/opt/synapse/uploads" |
-| matrix_synapse_registration_secret | "{{ matrix_registration_secret }}" |
 | matrix_synapse_signing_key_path | "/opt/synapse/ssl/{{ matrix_server_name }}.signing.key" |
 | matrix_synapse_version | "v0.99.1.1" |
 | matrix_synapse_log_days_keep | 30 |
-| matrix_synapse_skip_tls | false |
-| matrix_synapse_registration_secret | _randomly generated_ |
 | matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
 | matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,8 +2,6 @@
 matrix_synapse_extra_config: {}
 matrix_synapse_deployment_method: pip
 matrix_synapse_supervision_method: systemd
-matrix_synapse_tls_cert_path: "/opt/synapse/tls/{{ matrix_server_name }}.crt"
-matrix_synapse_tls_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.key"
 matrix_synapse_dh_path: "/opt/synapse/tls/{{ matrix_server_name }}.dh"
 matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
 matrix_synapse_signing_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.signing.key"
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -1,14 +1,4 @@
 ---
- name: Generate registration secret
-  block:
-    - command: /usr/bin/pwgen -sn 84 1
-      register: pwgen
-      delegate_to: localhost
-      become: false
-    - set_fact:
-        matrix_synapse_registration_secret: "{{ pwgen.stdout }}"
-  when: matrix_synapse_registration_secret is not defined
-  
 - name: create user
  user:
    name: synapse
--- a/tasks/crypto.yml
+++ b/tasks/crypto.yml
@ -5,30 +5,28 @@

 - name: Create signing key
  matrix_signing_key:
-    path: "{{ matrix_synapse_signing_key_path }}" 
+    path: "{{ matrix_synapse_config.signing_key_path }}"
  notify:
    - "restart matrix-synapse"

- name: create DH parameters
-  openssl_dhparam:
-    path: "{{ matrix_synapse_dh_path }}"
-    size: 2048
-    owner: synapse
-
 - name: Write server's certificate and private key
  block:
+    - name: create DH parameters
+      openssl_dhparam:
+        path: "{{ matrix_synapse_dh_path }}"
+        owner: synapse
    - name: Write certificate
      copy:
        content: "{{ matrix_synapse_tls_cert }}"
-        dest: "{{ matrix_synapse_tls_cert_path }}"
+        dest: "{{ matrix_synapse_config.tls_certificate_path }}"
        owner: synapse
        group: synapse
        mode: "0644"
    - name: Write keyfile
      copy:
        content: "{{ matrix_synapse_tls_key }}"
-        dest: "{{ matrix_synapse_tls_key_path }}"
+        dest: "{{ matrix_synapse_config.tls_private_key_path }}"
        owner: synapse
        group: synapse
        mode: "0600"
-  when: not matrix_synapse_skip_tls
+  when: not matrix_synapse_config.no_tls
--- a/tests/test-pip.yml
+++ b/tests/test-pip.yml
@ -18,10 +18,12 @@
          value: "*"
    - role: matrix-ansible-synapse
      matrix_server_name: localhost
-      matrix_synapse_skip_tls: true
      matrix_synapse_report_stats: false
      matrix_synapse_pg_host: localhost
      matrix_synapse_pg_user: "{{ dbuser }}"
      matrix_synapse_pg_pass: "{{ dbpw }}"
      matrix_synapse_pg_db: "{{ dbname }}"
      matrix_synapse_macaroon_secret_key: "THIS_IS_TOTALLY_SECRET_1337_L33T_HaxXxOR"
+      matrix_synapse_registration_secret: "ahphae6shuighahxaf9weeBahHieCh8woo6agh6UGh"
+      matrix_synapse_extra_config:
+        no_tls: true
--- a/vars/main.yml
+++ b/vars/main.yml
@ -2,15 +2,15 @@
 matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}"
 matrix_synapse_base_config:
  server_name: "{{ matrix_server_name }}"
-  tls_certificate_path: "{{ matrix_synapse_skip_tls | ternary(None,matrix_synapse_tls_cert) }}"
-  tls_private_key_path: "{{ matrix_synapse_skip_tls | ternary(None,matrix_synapse_tls_key) }}"
+  tls_certificate_path: "/opt/synapse/tls/{{ matrix_server_name }}.crt"
+  tls_private_key_path: "/opt/synapse/tls/{{ matrix_server_name }}.key"
  acme:
    enabled: false 
    url: https://acme-v01.api.letsencrypt.org/directory
    port: 80
    bind_addresses: ['::', '0.0.0.0']
    reprovision_threshold: 30
-  no_tls: "{{ matrix_synapse_skip_tls }}" 
+  no_tls: false
  tls_fingerprints: []
  pid_file: "/opt/synapse/synapse.pid"
  soft_file_limit: 0
@ -21,7 +21,7 @@ matrix_synapse_base_config:
        - '::'
        - '0.0.0.0'
      type: http
-      tls: "{{ not matrix_synapse_skip_tls }}" 
+      tls: true
      x_forwarded: false
      resources:
        - names: [client]
@ -30,7 +30,9 @@ matrix_synapse_base_config:
          compress: false
    - port: 8008
      tls: false
-      bind_addresses: ['::', '0.0.0.0']
+      bind_addresses:
+        - '::'
+        - '0.0.0.0'
      type: http
      x_forwarded: false
      resources: