diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 059b9d36..f3340094 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -59,8 +59,19 @@ - name: Generate Appservice IRC passkey if it doesn't exist shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + become: true + become_user: "{{ matrix_user_username }}" when: "not irc_passkey_file.stat.exists" +# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay. +# Fix it. +- name: (Migration) Ensure Appservice IRC passkey permissions are okay + file: + path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + # Ideally, we'd like to generate the final registration.yaml file by ourselves. # # However, the IRC bridge supports multiple servers, which leads to multiple