Improve group vars vault usage for matrix

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Improve group vars vault usage for matrix
Signed-off-by: Florian Pritz <bluewind@xinu.at>
f185ead1 · Florian Pritz · 3ebeffe6 · f185ead1 · f185ead1 · f185ead1
Commit f185ead1 authored Jun 07, 2018 by Florian Pritz
--- a/group_vars/all/vault_matrix.yml
+++ b/group_vars/all/vault_matrix.yml
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -96,7 +96,7 @@

 - name: install federation certificate
  copy:
-    content: '{{ matrix_secrets[matrix_server_name].federation_crt }}'
+    content: '{{ vault_matrix_secrets[matrix_server_name].federation_crt }}'
    dest: /etc/synapse/{{ matrix_server_name }}.tls.crt
    owner: root
    group: root
@@ -104,7 +104,7 @@

 - name: install federation key
  copy:
-    content: '{{ matrix_secrets[matrix_server_name].federation_key }}'
+    content: '{{ vault_matrix_secrets[matrix_server_name].federation_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.tls.key
    owner: root
    group: synapse
@@ -112,7 +112,7 @@

 - name: install signing key
  copy:
-    content: '{{ matrix_secrets[matrix_server_name].signing_key }}'
+    content: '{{ vault_matrix_secrets[matrix_server_name].signing_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.signing.key
    owner: root
    group: synapse
@@ -120,7 +120,7 @@

 - name: install ircpass key
  copy:
-    content: '{{ matrix_secrets[matrix_server_name].ircpass_key }}'
+    content: '{{ vault_matrix_secrets[matrix_server_name].ircpass_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
    owner: root
    group: synapse

--- a/roles/matrix/templates/appservice-registration-irc.yaml.j2
+++ b/roles/matrix/templates/appservice-registration-irc.yaml.j2
-id: {{ matrix_secrets[matrix_server_name].irc_appservice_id }}
-hs_token: {{ matrix_secrets[matrix_server_name].irc_hs_token }}
-as_token: {{ matrix_secrets[matrix_server_name].irc_as_token }}
+id: {{ vault_matrix_secrets[matrix_server_name].irc_appservice_id }}
+hs_token: {{ vault_matrix_secrets[matrix_server_name].irc_hs_token }}
+as_token: {{ vault_matrix_secrets[matrix_server_name].irc_as_token }}
 namespaces:

  users:
-{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
+{% for network in vault_matrix_secrets[matrix_server_name].irc_networks.values() %}
    - exclusive: true
      regex: '@{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
 {% endfor %}

  aliases:
-{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
+{% for network in vault_matrix_secrets[matrix_server_name].irc_networks.values() %}
    - exclusive: true
      regex: '#{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
 {% endfor %}

  rooms:
-{% for room in matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
+{% for room in vault_matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
    - exclusive: false
      regex: '{{ room | regex_escape() }}'
 {% endfor %}

--- a/roles/matrix/templates/homeserver.yaml.j2
+++ b/roles/matrix/templates/homeserver.yaml.j2
@@ -337,7 +337,7 @@ enable_registration: False

 # If set, allows registration by anyone who also has the shared
 # secret, even if registration is otherwise disabled.
-registration_shared_secret: '{{ matrix_secrets[matrix_server_name].registration_shared_secret }}'
+registration_shared_secret: '{{ vault_matrix_secrets[matrix_server_name].registration_shared_secret }}'

 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@@ -377,7 +377,7 @@ room_invite_state_types:
 app_service_config_files: ['/etc/synapse/appservice-registration-irc.yaml']


-macaroon_secret_key: '{{ matrix_secrets[matrix_server_name].macaroon_secret_key }}'
+macaroon_secret_key: '{{ vault_matrix_secrets[matrix_server_name].macaroon_secret_key }}'

 # Used to enable access token expiration.
 expire_access_token: False
@@ -447,7 +447,7 @@ password_config:
   enabled: true
   # Uncomment and change to a secret random string for extra security.
   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   pepper: '{{ matrix_secrets[matrix_server_name].pepper }}'
+   pepper: '{{ vault_matrix_secrets[matrix_server_name].pepper }}'




--- a/roles/matrix/templates/irc-bridge.yaml.j2
+++ b/roles/matrix/templates/irc-bridge.yaml.j2
@@ -30,7 +30,7 @@ homeserver:
 # Configuration specific to the IRC service
 ircService:
  servers:
-{% for address, settings in matrix_secrets[matrix_server_name].irc_networks.items() %}
+{% for address, settings in vault_matrix_secrets[matrix_server_name].irc_networks.items() %}
    # The address of the server to connect to.
    '{{ address }}':
      # A human-readable short name. This is used to label IRC status rooms