From 14d982c1ea50a15094abed00c25f3744baaf139a Mon Sep 17 00:00:00 2001
From: Benjamin Blacher <privat@benjaminblacher.com>
Date: Mon, 27 Oct 2025 14:46:02 +0100
Subject: [PATCH] Add self-signing for steam-bridge

---
 roles/custom/matrix-bridge-steam/defaults/main.yml        | 1 +
 roles/custom/matrix-bridge-steam/templates/config.yaml.j2 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/roles/custom/matrix-bridge-steam/defaults/main.yml b/roles/custom/matrix-bridge-steam/defaults/main.yml
index 068f9e10d..cce9beda8 100644
--- a/roles/custom/matrix-bridge-steam/defaults/main.yml
+++ b/roles/custom/matrix-bridge-steam/defaults/main.yml
@@ -32,6 +32,7 @@ matrix_steam_bridge_appservice_address: "http://matrix-steam-bridge:{{ matrix_st
 matrix_steam_bridge_appservice_port: "8080"
 
 matrix_steam_bridge_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+matrix_steam_bridge_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
 
 # A public address that external services can use to reach this appservice
 matrix_steam_bridge_appservice_public_address: "https://{{ matrix_server_fqn_matrix }}"
diff --git a/roles/custom/matrix-bridge-steam/templates/config.yaml.j2 b/roles/custom/matrix-bridge-steam/templates/config.yaml.j2
index 079bac84c..cd4473599 100644
--- a/roles/custom/matrix-bridge-steam/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-steam/templates/config.yaml.j2
@@ -376,6 +376,9 @@ encryption:
     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
     # Changing this option requires updating the appservice registration file.
     msc4190: {{ matrix_steam_bridge_msc4190_enabled | to_json }}
+    # Whether to enable self-signing for bridges (Only the bridge bot uses this for now)
+    # Requires msc4190 to replace keys on reset
+    self_sign: {{ matrix_steam_bridge_self_sign_enabled | to_json }}
     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
     # You must use a client that supports requesting keys from other users to use this feature.
     allow_key_sharing: {{ matrix_steam_bridge_bridge_encryption_key_sharing_allow | to_json }}