Added option to add env variables to mautrix signal daemon container (#1882)

* Auto trust new signal identities from signald doku: when a remote key changes, set trust level to TRUSTED_UNVERIFIED instead of UNTRUSTED I find it much more convenient when new identities are automatically recognized as trusted, as the process to do that manually is cumbersome. Should this the default behavior, or should i add an option to configure this behavior? * Added option to trust new signal identities * Using env file * Renamed variable * Corrected typo * Use fully-qualified Ansible module name * removed option trust_new_keys Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2024-11-06 10:47:32 +01:00 · 2022-07-29 07:28:25 +02:00 · 2022-07-29 07:28:25 +02:00 · 5d7c5d122d
commit 5d7c5d122d
parent 9d10d5543b
4 changed files with 18 additions and 0 deletions
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@ -143,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG'
 matrix_mautrix_signal_bridge_encryption_allow: false
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+
+# Additional environment variables to pass to the Signal Daemon container
+#
+# Example:
+# matrix_mautrix_signal_daemon_environment_variables_extension: |
+#   SIGNALD_TRUST_NEW_KEYS=true
+matrix_mautrix_signal_daemon_environment_variables_extension: ''
--- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@ -92,6 +92,15 @@
    - "{{ matrix_mautrix_signal_daemon_path }}/attachments"
    - "{{ matrix_mautrix_signal_daemon_path }}/data"

+
+- name: Ensure mautrix-signal-daemon environment variables file created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_mautrix_signal_daemon_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+
 - name: Ensure mautrix-signal config.yaml installed
  ansible.builtin.copy:
    content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}"
--- a/roles/matrix-bridge-mautrix-signal/templates/env.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/env.j2
@ -0,0 +1 @@
+{{ matrix_mautrix_signal_daemon_environment_variables_extension }}
--- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
@ -34,6 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si
 # We can't use `--read-only` for this bridge.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
 			--log-driver=none \
+            --env-file={{ matrix_mautrix_signal_daemon_path }}/env \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
				`@ -0,0 +1 @@`
				`{{ matrix_mautrix_signal_daemon_environment_variables_extension }}`