Commit f185ead1 authored by Florian Pritz's avatar Florian Pritz
Browse files

Improve group vars vault usage for matrix


Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent 3ebeffe6
This diff is collapsed.
......@@ -96,7 +96,7 @@
- name: install federation certificate
copy:
content: '{{ matrix_secrets[matrix_server_name].federation_crt }}'
content: '{{ vault_matrix_secrets[matrix_server_name].federation_crt }}'
dest: /etc/synapse/{{ matrix_server_name }}.tls.crt
owner: root
group: root
......@@ -104,7 +104,7 @@
- name: install federation key
copy:
content: '{{ matrix_secrets[matrix_server_name].federation_key }}'
content: '{{ vault_matrix_secrets[matrix_server_name].federation_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.tls.key
owner: root
group: synapse
......@@ -112,7 +112,7 @@
- name: install signing key
copy:
content: '{{ matrix_secrets[matrix_server_name].signing_key }}'
content: '{{ vault_matrix_secrets[matrix_server_name].signing_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.signing.key
owner: root
group: synapse
......@@ -120,7 +120,7 @@
- name: install ircpass key
copy:
content: '{{ matrix_secrets[matrix_server_name].ircpass_key }}'
content: '{{ vault_matrix_secrets[matrix_server_name].ircpass_key }}'
dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
owner: root
group: synapse
......
id: {{ matrix_secrets[matrix_server_name].irc_appservice_id }}
hs_token: {{ matrix_secrets[matrix_server_name].irc_hs_token }}
as_token: {{ matrix_secrets[matrix_server_name].irc_as_token }}
id: {{ vault_matrix_secrets[matrix_server_name].irc_appservice_id }}
hs_token: {{ vault_matrix_secrets[matrix_server_name].irc_hs_token }}
as_token: {{ vault_matrix_secrets[matrix_server_name].irc_as_token }}
namespaces:
users:
{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
{% for network in vault_matrix_secrets[matrix_server_name].irc_networks.values() %}
- exclusive: true
regex: '@{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
{% endfor %}
aliases:
{% for network in matrix_secrets[matrix_server_name].irc_networks.values() %}
{% for network in vault_matrix_secrets[matrix_server_name].irc_networks.values() %}
- exclusive: true
regex: '#{{ network.name | regex_escape() }}_.*:{{ matrix_server_name | regex_escape() }}'
{% endfor %}
rooms:
{% for room in matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
{% for room in vault_matrix_secrets[matrix_server_name] | json_query("irc_networks.*[].mappings.*[][]") %}
- exclusive: false
regex: '{{ room | regex_escape() }}'
{% endfor %}
......
......@@ -337,7 +337,7 @@ enable_registration: False
# If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled.
registration_shared_secret: '{{ matrix_secrets[matrix_server_name].registration_shared_secret }}'
registration_shared_secret: '{{ vault_matrix_secrets[matrix_server_name].registration_shared_secret }}'
# Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash.
......@@ -377,7 +377,7 @@ room_invite_state_types:
app_service_config_files: ['/etc/synapse/appservice-registration-irc.yaml']
macaroon_secret_key: '{{ matrix_secrets[matrix_server_name].macaroon_secret_key }}'
macaroon_secret_key: '{{ vault_matrix_secrets[matrix_server_name].macaroon_secret_key }}'
# Used to enable access token expiration.
expire_access_token: False
......@@ -447,7 +447,7 @@ password_config:
enabled: true
# Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
pepper: '{{ matrix_secrets[matrix_server_name].pepper }}'
pepper: '{{ vault_matrix_secrets[matrix_server_name].pepper }}'
......
......@@ -30,7 +30,7 @@ homeserver:
# Configuration specific to the IRC service
ircService:
servers:
{% for address, settings in matrix_secrets[matrix_server_name].irc_networks.items() %}
{% for address, settings in vault_matrix_secrets[matrix_server_name].irc_networks.items() %}
# The address of the server to connect to.
'{{ address }}':
# A human-readable short name. This is used to label IRC status rooms
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment