Derive secrets from matrix_homeserver_generic_secret_key, not matrix_synapse_macaroon_secret_key

We're trying to move away from implementation-specific variables,
hoping for a clean (implementation-neutral) examples/vars.yml file.

roles/matrix-base/defaults/main.yml

@@ -16,6 +16,9 @@ matrix_domain: ~
 # The homeserver implementation of an existing server cannot be changed without data loss.
 matrix_homeserver_implementation: synapse
 
+# This contains a secret, which is used for generating various other secrets later on.
+matrix_homeserver_generic_secret_key: ''
+
 # This is where your data lives and what we set up.
 # This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"

roles/matrix-base/tasks/sanity_check.yml

@@ -33,14 +33,25 @@
     - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
     - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
 
+# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
+- name: Fail if matrix_homeserver_generic_secret_key is undefined
+  fail:
+    msg: |
+      The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
+
+      If you're seeing this error on an existing homeserver installation, you can fix it easily this error by adding
+      `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`
+      to your vars.yml file. Using another secret for the new variable is also possible and shouldn't cause any trouble.
+  when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
+
 - name: Fail if required variables are undefined
   fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value"
+    msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
   with_items:
-    - matrix_domain
-    - matrix_server_fqn_matrix
-    - matrix_server_fqn_element
-  when: "item not in vars or vars[item] is none"
+    - {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"}
+    - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"}
+    - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"}
+  when: "item.value is none or item.value == ''"
 
 - name: Fail if uppercase domain used
   fail:

roles/matrix-dendrite/defaults/main.yml

@@ -63,8 +63,6 @@ matrix_dendrite_systemd_wanted_services_list: []
 # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
 matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
 
-# A secret used to derive various other secrets
-matrix_dendrite_generic_secret_key: ''
 matrix_dendrite_registration_shared_secret: ''
 matrix_dendrite_allow_guest_access: false
 

roles/matrix-dendrite/tasks/validate_config.yml

@@ -5,7 +5,6 @@
       You need to define a required configuration setting (`{{ item }}`) for using Dendrite.
   when: "vars[item] == ''"
   with_items:
-    - "matrix_dendrite_generic_secret_key"
     - "matrix_dendrite_registration_shared_secret"
 
 - name: (Deprecation) Catch and report renamed settings