Add the ability to controll password-peppering for Synapse

Closes Github issue #5
2018-09-07 15:01:38 +03:00
parent 6d6a6412fa
commit b52d91e180
3 changed files with 10 additions and 2 deletions
--- a/roles/matrix-server/defaults/main.yml
+++ b/roles/matrix-server/defaults/main.yml
@ -68,6 +68,9 @@ matrix_synapse_rc_message_burst_count: 10.0
 # (things like number of users, number of messages sent, uptime, load, etc.)
 matrix_synapse_report_stats: false

+# Controls password-peppering for Matrix Synapse. Not to be changed after initial setup.
+matrix_synapse_password_config_pepper: ""
+
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@ -538,7 +538,7 @@ password_config:
   enabled: true
   # Uncomment and change to a secret random string for extra security.
   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   #pepper: ""
+   pepper: "{{ matrix_synapse_password_config_pepper }}"