From 65991de61c6a7e102ffb077dcfca87a6ec6d61d3 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Tue, 11 Jan 2022 01:30:57 +0100 Subject: [PATCH] update hookshot private key file mechanism --- docs/configuring-playbook-bridge-hookshot.md | 6 ++++-- roles/matrix-bridge-hookshot/defaults/main.yml | 3 ++- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++++++ roles/matrix-bridge-hookshot/templates/config.yml.j2 | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 2ad5154b..0dfdfd50 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -11,8 +11,10 @@ Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -4. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. +3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Before running the playbook, you need to copy that file to `/roles/matrix-bridge-hookshot/files/github-key.pem` so the playbook can install it for you. +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. +5. Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. + The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`. diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 33f439d6..36dd361e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -35,7 +35,8 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # https://half-shot.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' -matrix_hookshot_github_private_key: '' +# manually copy the generated and downloaded GitHub private key to /roles/matrix-bridge-hookshot/files/github-key.pem +matrix_hookshot_github_private_key: 'github-key.pem' matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # you need to configure oauth settings only when you have enabled oauth (optional) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 4892fa58..271dacba 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -47,6 +47,14 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure hookshot github private key file installed if github is enabled + copy: + src: github-key.pem + dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key }}" + mode: 0600 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-hookshot.service installed template: src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index c188611c..702245c3 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -15,7 +15,7 @@ github: # Authentication for the GitHub App. # id: {{ matrix_hookshot_github_appid }} - privateKeyFile: {{ matrix_hookshot_github_private_key }} + privateKeyFile: /data/{{ matrix_hookshot_github_private_key }} webhook: # Webhook settings for the GitHub app. #