matrix-docker-ansible-deploy/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

---

- name: Fail if Shared Secret Auth secret not set
  fail:
    msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
  when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"

- name: Fail if no Shared Secret Auth login types enabled
  fail:
    msg: "Shared Secret Auth is enabled, but none of the login types are"
  when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"

- name: Download matrix-synapse-shared-secret-auth
  get_url:
    url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
    dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
    force: true
    mode: 0440
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  register: result
  retries: "{{ matrix_geturl_retries_count }}"
  delay: "{{ matrix_geturl_retries_delay }}"
  until: result is not failed

- set_fact:
    matrix_synapse_modules: |
      {{
        matrix_synapse_modules|default([])
        +
        [
          {
            "module": "shared_secret_authenticator.SharedSecretAuthProvider",
            "config": matrix_synapse_ext_password_provider_shared_secret_config
          }
        ]
      }}

    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]

    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}
Split Synapse extension tasks into install/uninstall files 6 years ago			`---`

			`- name: Fail if Shared Secret Auth secret not set`
			`fail:`
			`msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"`
			`when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"`

Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2) For now, we disable the new `com.devture.shared_secret_auth` login type by default, because it causes problems with Element: https://github.com/vector-im/element-web/issues/19605 This also becomes the first module to use the new Synapse module system that got introduced in Synapse v1.46.0. Despite these upgrades, things should remain functionally identical as far as bridges, matrix-corporal or other consumers are concerned. 3 years ago			`- name: Fail if no Shared Secret Auth login types enabled`
			`fail:`
			`msg: "Shared Secret Auth is enabled, but none of the login types are"`
			`when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"`

Split Synapse extension tasks into install/uninstall files 6 years ago			`- name: Download matrix-synapse-shared-secret-auth`
			`get_url:`
			`url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"`
			`dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"`
			`force: true`
			`mode: 0440`
			`owner: "{{ matrix_user_username }}"`
Allow the matrix user username and groupname to be configured separately No migration steps should be required. 5 years ago			`group: "{{ matrix_user_groupname }}"`
add retires to all get_url actions 3 years ago			`register: result`
			`retries: "{{ matrix_geturl_retries_count }}"`
			`delay: "{{ matrix_geturl_retries_delay }}"`
			`until: result is not failed`
Split Synapse extension tasks into install/uninstall files 6 years ago
			`- set_fact:`
Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2) For now, we disable the new `com.devture.shared_secret_auth` login type by default, because it causes problems with Element: https://github.com/vector-im/element-web/issues/19605 This also becomes the first module to use the new Synapse module system that got introduced in Synapse v1.46.0. Despite these upgrades, things should remain functionally identical as far as bridges, matrix-corporal or other consumers are concerned. 3 years ago			`matrix_synapse_modules: \|`
			`{{`
			`matrix_synapse_modules\|default([])`
			`+`
			`[`
			`{`
			`"module": "shared_secret_authenticator.SharedSecretAuthProvider",`
			`"config": matrix_synapse_ext_password_provider_shared_secret_config`
			`}`
			`]`
			`}}`
Split Synapse extension tasks into install/uninstall files 6 years ago
Prefer --mount instead of -v for mounting volumes This doesn't replace all usage of `-v`, but it's a start. People sometimes troubleshoot by deleting files (especially bridge config files). Restarting Synapse with a missing registration.yaml file for a given bridge, causes the `-v /something/registration.yaml:/something/registration.yaml:ro` option to force-create `/something/registration.yaml` as a directory. When a path that's provided to the `-v` option is missing, Docker auto-creates that path as a directory. This causes more breakage and confusion later on. We'd rather fail, instead of magically creating directories. Using `--mount`, instead of `-v` is the solution to this. From Docker's documentation: > When you use --mount with type=bind, the host-path must refer to an existing path on the host. > The path will not be created for you and the service will fail with an error if the path does not exist. 6 years ago			`matrix_synapse_container_extra_arguments: >`
			`{{ matrix_synapse_container_extra_arguments\|default([]) }}`
Split Synapse extension tasks into install/uninstall files 6 years ago			`+`
Replace constructs appending elements with variables to matrix_synapse_container_extra_arguments. Fixes issue https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/304 5 years ago			`["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]`
Split Synapse extension tasks into install/uninstall files 6 years ago
			`matrix_synapse_additional_loggers: >`
			`{{ matrix_synapse_additional_loggers }}`
			`+`
			`{{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}`