Generate secrets for Matrix

2020-06-22 04:08:03 -05:00 · 2020-06-22 04:08:03 -05:00 · e766baf63d
commit e766baf63d
parent 46e0dff885
2 changed files with 17 additions and 0 deletions
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -19,6 +19,7 @@
          - awscli
          - net-tools
          - openssh-server
+          - pwgen
          - python3-apt
          - vim
    - name: Copy system configs
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -56,4 +56,20 @@
        - { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
        - { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
      notify: restart synapse
+    - name: Check for secrets
+      stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
+      register: p
+    - name: Generate secrets
+      block:
+        - name: Generate registration_shared_secret
+          command: pwgen 32 1
+          register: matrix_reg_secret
+        - name: Template out shared_secrets.yaml
+          template:
+            src: "shared-secrets.yaml"
+            dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
+            mode: "0640"
+            owner: "matrix-synapse"
+            group: "root"
+      when: not p.stat.exists
  become: yes