From 5d7c5d122d51d573a41b0e06f13c7458b9b2d06f Mon Sep 17 00:00:00 2001 From: IUCCA <33322841+IUCCA@users.noreply.github.com> Date: Fri, 29 Jul 2022 07:28:25 +0200 Subject: [PATCH] Added option to add env variables to mautrix signal daemon container (#1882) * Auto trust new signal identities from signald doku: when a remote key changes, set trust level to TRUSTED_UNVERIFIED instead of UNTRUSTED I find it much more convenient when new identities are automatically recognized as trusted, as the process to do that manually is cumbersome. Should this the default behavior, or should i add an option to configure this behavior? * Added option to trust new signal identities * Using env file * Renamed variable * Corrected typo * Use fully-qualified Ansible module name * removed option trust_new_keys Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 7 +++++++ .../matrix-bridge-mautrix-signal/tasks/setup_install.yml | 9 +++++++++ roles/matrix-bridge-mautrix-signal/templates/env.j2 | 1 + .../systemd/matrix-mautrix-signal-daemon.service.j2 | 1 + 4 files changed, 18 insertions(+) create mode 100644 roles/matrix-bridge-mautrix-signal/templates/env.j2 diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 161fa8924..bdef7fa53 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -143,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG' matrix_mautrix_signal_bridge_encryption_allow: false matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" + +# Additional environment variables to pass to the Signal Daemon container +# +# Example: +# matrix_mautrix_signal_daemon_environment_variables_extension: | +# SIGNALD_TRUST_NEW_KEYS=true +matrix_mautrix_signal_daemon_environment_variables_extension: '' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 3a7ad508d..cfc704a82 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -92,6 +92,15 @@ - "{{ matrix_mautrix_signal_daemon_path }}/attachments" - "{{ matrix_mautrix_signal_daemon_path }}/data" + +- name: Ensure mautrix-signal-daemon environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_mautrix_signal_daemon_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + - name: Ensure mautrix-signal config.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/matrix-bridge-mautrix-signal/templates/env.j2 new file mode 100644 index 000000000..f5357ed2a --- /dev/null +++ b/roles/matrix-bridge-mautrix-signal/templates/env.j2 @@ -0,0 +1 @@ +{{ matrix_mautrix_signal_daemon_environment_variables_extension }} diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index d6be37e98..31e68ea9b 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -34,6 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si # We can't use `--read-only` for this bridge. ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ + --env-file={{ matrix_mautrix_signal_daemon_path }}/env \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \