Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Sébastien Luttringer
infrastructure
Commits
f185ead1
Commit
f185ead1
authored
Jun 07, 2018
by
Florian Pritz
Browse files
Improve group vars vault usage for matrix
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
3ebeffe6
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
group_vars/all/vault_matrix.yml
View file @
f185ead1
This diff is collapsed.
Click to expand it.
roles/matrix/tasks/main.yml
View file @
f185ead1
...
...
@@ -96,7 +96,7 @@
-
name
:
install federation certificate
copy
:
content
:
'
{{
matrix_secrets[matrix_server_name].federation_crt
}}'
content
:
'
{{
vault_
matrix_secrets[matrix_server_name].federation_crt
}}'
dest
:
/etc/synapse/{{ matrix_server_name }}.tls.crt
owner
:
root
group
:
root
...
...
@@ -104,7 +104,7 @@
-
name
:
install federation key
copy
:
content
:
'
{{
matrix_secrets[matrix_server_name].federation_key
}}'
content
:
'
{{
vault_
matrix_secrets[matrix_server_name].federation_key
}}'
dest
:
/etc/synapse/{{ matrix_server_name }}.tls.key
owner
:
root
group
:
synapse
...
...
@@ -112,7 +112,7 @@
-
name
:
install signing key
copy
:
content
:
'
{{
matrix_secrets[matrix_server_name].signing_key
}}'
content
:
'
{{
vault_
matrix_secrets[matrix_server_name].signing_key
}}'
dest
:
/etc/synapse/{{ matrix_server_name }}.signing.key
owner
:
root
group
:
synapse
...
...
@@ -120,7 +120,7 @@
-
name
:
install ircpass key
copy
:
content
:
'
{{
matrix_secrets[matrix_server_name].ircpass_key
}}'
content
:
'
{{
vault_
matrix_secrets[matrix_server_name].ircpass_key
}}'
dest
:
/etc/synapse/{{ matrix_server_name }}.ircpass.key
owner
:
root
group
:
synapse
...
...
roles/matrix/templates/appservice-registration-irc.yaml.j2
View file @
f185ead1
id: {{ matrix_secrets[matrix_server_name].irc_appservice_id }}
hs_token: {{ matrix_secrets[matrix_server_name].irc_hs_token }}
as_token: {{ matrix_secrets[matrix_server_name].irc_as_token }}
id: {{
vault_
matrix_secrets[matrix_server_name].irc_appservice_id }}
hs_token: {{
vault_
matrix_secrets[matrix_server_name].irc_hs_token }}
as_token: {{
vault_
matrix_secrets[matrix_server_name].irc_as_token }}
namespaces:
users:
{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
{% for network in
vault_
matrix_secrets[matrix_server_name].irc_networks.values() %}
- exclusive: true
regex: '@{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
{% endfor %}
aliases:
{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
{% for network in
vault_
matrix_secrets[matrix_server_name].irc_networks.values() %}
- exclusive: true
regex: '#{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
{% endfor %}
rooms:
{% for room in matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
{% for room in
vault_
matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
- exclusive: false
regex: '{{ room | regex_escape() }}'
{% endfor %}
...
...
roles/matrix/templates/homeserver.yaml.j2
View file @
f185ead1
...
...
@@ -337,7 +337,7 @@ enable_registration: False
# If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled.
registration_shared_secret
:
'
{{
matrix_secrets[matrix_server_name].registration_shared_secret
}}'
registration_shared_secret
:
'
{{
vault_
matrix_secrets[matrix_server_name].registration_shared_secret
}}'
# Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash.
...
...
@@ -377,7 +377,7 @@ room_invite_state_types:
app_service_config_files
:
[
'
/etc/synapse/appservice-registration-irc.yaml'
]
macaroon_secret_key
:
'
{{
matrix_secrets[matrix_server_name].macaroon_secret_key
}}'
macaroon_secret_key
:
'
{{
vault_
matrix_secrets[matrix_server_name].macaroon_secret_key
}}'
# Used to enable access token expiration.
expire_access_token
:
False
...
...
@@ -447,7 +447,7 @@ password_config:
enabled
:
true
# Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
pepper
:
'
{{
matrix_secrets[matrix_server_name].pepper
}}'
pepper
:
'
{{
vault_
matrix_secrets[matrix_server_name].pepper
}}'
...
...
roles/matrix/templates/irc-bridge.yaml.j2
View file @
f185ead1
...
...
@@ -30,7 +30,7 @@ homeserver:
# Configuration specific to the IRC service
ircService:
servers:
{% for address, settings in matrix_secrets[matrix_server_name].irc_networks.items() %}
{% for address, settings in
vault_
matrix_secrets[matrix_server_name].irc_networks.items() %}
# The address of the server to connect to.
'{{ address }}':
# A human-readable short name. This is used to label IRC status rooms
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment