ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit cd759364fa6cfea70f3b705788899f20b64be151
parent ba1f7608865cdd82a294cf86802087a645641c8a
Author: Isa <hi@f2k1.de>
Date: Sat, 12 Jun 2021 23:14:52 +0200

configuration/f2k1de/matrix.yml: put ansible vault encrypted secrets in an extra section so they get properly decrypted

1 file changed, 34 insertions(+), 27 deletions(-)
M
configuration/f2k1de/matrix.yml
|
61
++++++++++++++++++++++++++++++++++---------------------------
diff --git a/configuration/f2k1de/matrix.yml b/configuration/f2k1de/matrix.yml
@@ -47,6 +47,37 @@ system:
         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161
         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local
 
+secrets: 
+  synapse:
+    registration_shared_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30323431313734313633616137313161666664323131376432303866653030353763353061336363
+          6561643162353166643061623063643261373461613462390a653935613438376335633435353765
+          34313039666239333435396138313833306532383736613235323832633761386461656232396632
+          3232373435353731390a643732633063613335393163356338323861336530306466366637303533
+          66656635396465616665623063313335353331663062346665376266633034333462653565393831
+          65646438323564623966653436663034363139353665613838616139303538656431346631626630
+          306166303465306562636261626462323636
+    macaroon_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65643935663437343933636637336437666262616634663130306132366237616335663436646564
+          6333623132663235313330373266643864366638616466390a383634323261323261653935626233
+          64363665663863653332613333383565646633643037383365303637323263353932623738666130
+          3237373737306262300a326464643935666533306138613861353533383630383337363433313436
+          33363966343766633963613932343965313031646632396265346664353761393663616332636338
+          39653031663433343162393532333163383532326166396139613636343665626232316135326266
+          373236363232306534373564316461396162
+    form_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35373339343138313837383839333761666466663734626631646330666666386639383664306137
+          6636303535633766653839353164353862343435613362300a633866333962623331633231376564
+          39363665373737326334326134616638613265303561376338393834376339373434656565383462
+          3135333335656437310a623530376137656161663735653365333032313566346136623166636330
+          34626263316539306634383835363935386264306131383238613165653838633166396634303335
+          35373337633466336236363062636639626439353633303635326565373364366530623139386161
+          333937373064356461356662363235363036
+
+
 network:
   nftables:
     enable: true

@@ -160,33 +191,9 @@ services:
       signing_key_path: "/var/lib/synapse/homeserver.signing.key"
       key_refresh_interval: "1d"
       redaction_retention_period: 7
-      registration_shared_secret: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          30323431313734313633616137313161666664323131376432303866653030353763353061336363
-          6561643162353166643061623063643261373461613462390a653935613438376335633435353765
-          34313039666239333435396138313833306532383736613235323832633761386461656232396632
-          3232373435353731390a643732633063613335393163356338323861336530306466366637303533
-          66656635396465616665623063313335353331663062346665376266633034333462653565393831
-          65646438323564623966653436663034363139353665613838616139303538656431346631626630
-          306166303465306562636261626462323636
-      macaroon_secret_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          65643935663437343933636637336437666262616634663130306132366237616335663436646564
-          6333623132663235313330373266643864366638616466390a383634323261323261653935626233
-          64363665663863653332613333383565646633643037383365303637323263353932623738666130
-          3237373737306262300a326464643935666533306138613861353533383630383337363433313436
-          33363966343766633963613932343965313031646632396265346664353761393663616332636338
-          39653031663433343162393532333163383532326166396139613636343665626232316135326266
-          373236363232306534373564316461396162
-      form_secret: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35373339343138313837383839333761666466663734626631646330666666386639383664306137
-          6636303535633766653839353164353862343435613362300a633866333962623331633231376564
-          39363665373737326334326134616638613265303561376338393834376339373434656565383462
-          3135333335656437310a623530376137656161663735653365333032313566346136623166636330
-          34626263316539306634383835363935386264306131383238613165653838633166396634303335
-          35373337633466336236363062636639626439353633303635326565373364366530623139386161
-          333937373064356461356662363235363036
+      registration_shared_secret: "{{ secrets.synapse.registration_shared_secret }}"
+      macaroon_secret_key: "{{ secrets.synapse.macaroon_secret_key }}"
+      form_secret: "{{ secrets.synapse.form_secret }}"
       perspectives:
         servers:
           "matrix.org":