iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-01-31 08:53:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

Generate key

Browse Source
This commit is contained in:
Thom Wiggers
2025-05-07 21:08:40 +02:00
parent 801292f1b2
commit 168d5bea93
2 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@@ -128,6 +128,41 @@
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_name }}"
- name: Check if an authenticated media signing key exists
ansible.builtin.stat:
path: "{{ matrix_appservice_irc_data_path }}/auth-media.jwk"
register: matrix_appservice_irc_stat_auth_media_key
- when: not matrix_appservice_irc_stat_auth_media_key.stat.exists
block:
- name: Generate IRC appservice signing key for authenticated media
community.docker.docker_container:
name: "create-auth-media-jwk-key"
image: "{{ matrix_appservice_irc_docker_image }}"
cleanup: yes
network_mode: none
entrypoint: "/usr/local/bin/node"
command: >
-e "const webcrypto = require('node:crypto');
async function main() {
const key = await webcrypto.subtle.generateKey({
name: 'HMAC',
hash: 'SHA-512',
}, true, ['sign', 'verify']);
console.log(JSON.stringify(await webcrypto.subtle.exportKey('jwk', key), undefined, 4));
}
main().then(() => process.exit(0)).catch(err => { throw err });"
detach: false
register: matrix_appservice_irc_jwk_result
- name: Write auth media signing key to file
ansible.builtin.copy:
content: "{{ matrix_appservice_irc_jwk_result.container.Output }}"
dest: "{{ matrix_appservice_irc_data_path }}/auth-media.jwk"
mode: "0644"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. # In the past, we used to generate the passkey.pem file with root, so permissions may not be okay.
# Fix it. # Fix it.
- name: (Migration) Ensure Appservice IRC passkey permissions are okay - name: (Migration) Ensure Appservice IRC passkey permissions are okay

8
roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2
View File

@@ -137,13 +137,13 @@ ircService:
mediaProxy: mediaProxy:
# To generate a .jwk file: # To generate a .jwk file:
# $ node src/generate-signing-key.js > signingkey.jwk # $ node src/generate-signing-key.js > signingkey.jwk
signingKeyPath: "signingkey.jwk" signingKeyPath: "/data/auth-media.jwk"
# How long should the generated URLs be valid for # How long should the generated URLs be valid for
ttlSeconds: 3600 ttlSeconds: 604800
# The port for the media proxy to listen on # The port for the media proxy to listen on
bindPort: 11111 bindPort: {{ matrix_media_repo_port | to_json }}
# The publically accessible URL to the media proxy # The publically accessible URL to the media proxy
publicUrl: "https://irc.bridge/media" publicUrl: "{{ matrix_appservice_irc_homeserver_media_url }}"
# Options here are generally only applicable to large-scale bridges and may have # Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file. # consequences greater than other options in this configuration file.