You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
5 years ago
|
---
|
||
|
|
- name: Deploy main config file
|
||
|
|
template: src=homeserver.yaml.j2 dest={{ synapse_root_dir }}/etc/homeserver.yaml group={{ synapse_user }} mode=640
|
||
|
|
notify: restart synapse
|
||
|
|
tags: matrix
|
||
|
|
|
||
|
|
- name: Deploy logging config file
|
||
|
|
template: src=logging.conf.j2 dest={{ synapse_root_dir }}/etc/logging.conf
|
||
|
|
notify: restart synapse
|
||
|
|
tags: matrix
|
||
|
|
|
||
|
|
- name: Generate certificates
|
||
|
|
command: "{{ synapse_root_dir }}/bin/python3 -m synapse.app.homeserver --generate-keys -c {{ synapse_root_dir }}/etc/homeserver.yaml"
|
||
|
|
args:
|
||
|
|
creates: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.signing.key"
|
||
|
|
tags: matrix
|
||
|
|
|
||
|
|
- name: List sensitive files
|
||
|
|
stat: path={{ synapse_root_dir }}/etc/{{ item }}
|
||
|
|
register: synapse_sensitive_files
|
||
|
|
with_items:
|
||
|
|
- "{{ synapse_server_name }}.tls.key"
|
||
|
|
- "{{ synapse_server_name }}.signing.key"
|
||
|
|
tags: matrix
|
||
|
|
|
||
|
|
- name: Restrict permissions on sensitive files
|
||
|
|
file: path={{ synapse_root_dir }}/etc/{{ item.item }} mode=640 group={{ synapse_user }}
|
||
|
|
with_items: "{{ synapse_sensitive_files.results }}"
|
||
|
|
when: item.stat.exists
|
||
|
|
tags: matrix
|
||
|
|
|