finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Apply PR feedback

Browse Source
This commit is contained in:
Michael Hollister
2024-08-13 14:22:14 -05:00
parent c3fd33566d
commit 56b0a72000
3 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/custom/matrix-media-repo/defaults/main.yml
View File

@ -319,6 +319,13 @@ matrix_media_repo_homeservers_auto: []
# Additional servers to be managed by MMR
matrix_media_repo_homeservers_additional: []
# If true, the playbook will generate a signing key when the setup role is invoked.
matrix_media_repo_generate_signing_key: "{{ matrix_homeserver_implementation == 'synapse' or matrix_homeserver_implementation == 'dendrite' }}"
# Path where the homeserver signing key is located. Set automatically in
# `group_vars/matrix_servers` depending on which homeserver is being used.
matrix_media_repo_homeserver_signing_key: ""
# Options for controlling how access tokens work with the media repo. It is recommended that if
# you are going to use these options that the `/logout` and `/logout/all` client-server endpoints
# be proxied through this process. They will also be called on the homeserver, and the response

15
roles/custom/matrix-media-repo/tasks/setup_install.yml
View File

@ -96,8 +96,8 @@
--workdir='/config'
--entrypoint='generate_signing_key'
{{ matrix_media_repo_docker_image }}
-output {{ matrix_media_repo_identifier }}.signing.key
creates: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"
-output {{ matrix_media_repo_identifier }}.signing.key.TEMP
creates: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"
- name: Merge media-repo signing key with homeserver signing key
ansible.builtin.command:
@ -108,12 +108,12 @@
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
--cap-drop=ALL
--mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config
--mount type=bind,src={{ matrix_base_data_path }},dst=/matrix
--mount type=bind,src={{ matrix_media_repo_homeserver_signing_key | dirname }},dst=/homeserver-signing-key-dir
--workdir='/config'
--entrypoint='combine_signing_keys'
{{ matrix_media_repo_docker_image }}
-format {{ matrix_homeserver_implementation }} -output {{ matrix_media_repo_homeserver_signing_key }}.merged {{ matrix_media_repo_homeserver_signing_key }} {{ matrix_media_repo_identifier }}.signing.key
creates: "{{ matrix_media_repo_homeserver_signing_key }}."
-format {{ matrix_homeserver_implementation }} -output /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }}.merged /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }} {{ matrix_media_repo_identifier }}.signing.key.TEMP
creates: "{{ matrix_media_repo_homeserver_signing_key }}.merged"
- name: Backup existing homeserver signing key before replacing it
ansible.builtin.copy:
@ -129,6 +129,11 @@
cmd: "mv {{ matrix_media_repo_homeserver_signing_key }}.merged {{ matrix_media_repo_homeserver_signing_key }}"
removes: "{{ matrix_media_repo_homeserver_signing_key }}.merged"
- name: Finalize media-repo signing key setup
ansible.builtin.command:
cmd: "mv {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"
removes: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"
- name: Ensure media-repo container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"