ansible-collection-famedly-.../tasks/crypto.yml
2019-02-12 02:58:16 +01:00

37 lines
1,010 B
YAML

---
- name: Create signing key
shell: >
/opt/synapse/env/bin/python -c "
from signedjson import key;
with open('{{ matrix_synapse_signing_key_path }}','w') as file:
key.write_signing_keys(file, [key.generate_signing_key('first')]);
"
args:
creates: "{{ matrix_synapse_signing_key_path }}"
become: true
become_user: synapse
notify:
- "restart synapse"
- name: create DH parameters
openssl_dhparam:
path: "{{ matrix_synapse_dh_path }}"
owner: synapse
- name: Write server's certificate and private key
block:
- name: Write certificate
copy:
content: "{{ matrix_synapse_tls_cert }}"
dest: "{{ matrix_synapse_tls_cert_path }}"
owner: synapse
group: synapse
mode: "0644"
- name: Write keyfile
copy:
content: "{{ matrix_synapse_tls_key }}"
dest: "{{ matrix_synapse_tls_key_path }}"
owner: synapse
group: synapse
mode: "0600"
when: not matrix_synapse_skip_ssl