From 02e1789a967fbd594b6cfb6a7a31782e8cae6967 Mon Sep 17 00:00:00 2001
From: IUCCA <prof.profi@t-online.de>
Date: Mon, 18 Jul 2022 14:41:50 +0200
Subject: [PATCH] Using env file

---
 .../matrix-bridge-mautrix-signal/defaults/main.yml  | 13 ++++++++++---
 .../tasks/setup_install.yml                         |  9 +++++++++
 roles/matrix-bridge-mautrix-signal/templates/env.j2 |  2 ++
 .../systemd/matrix-mautrix-signal-daemon.service.j2 |  4 +---
 4 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 roles/matrix-bridge-mautrix-signal/templates/env.j2

diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
index 565fdbf6d..47c68e043 100644
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -130,9 +130,9 @@ matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configu
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`.
 matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}"
 
-# Prevents the puppet from breaking when the signal security nuber changes.
-# The new security nuber will marked as trusted_unverified if this is set to true
-matrix_mautrix_signal_deamon_trust_new_security_nuber: false
+# Prevents the puppet from breaking when the signal safety number changes.
+# The new safety number will be marked as trusted_unverified if this is set to true
+matrix_mautrix_signal_deamon_trust_new_safety_number: false
 
 matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}"
 
@@ -143,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG'
 matrix_mautrix_signal_bridge_encryption_allow: false
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+
+# Additional environment variables to pass to the Signal Deamon container
+#
+# Example:
+# matrix_mautrix_signal_deamon_environment_variables_extension: |
+#   SIGNALD_TRUST_ALL_KEYS=true
+matrix_mautrix_signal_deamon_environment_variables_extension: ''
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
index 06f77348b..be3f54025 100644
--- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@@ -90,6 +90,15 @@
     - "{{ matrix_mautrix_signal_daemon_path }}/attachments"
     - "{{ matrix_mautrix_signal_daemon_path }}/data"
 
+
+- name: Ensure mautrix-signal-daemon environment variables file created
+  template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_mautrix_signal_daemon_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+
 - name: Ensure mautrix-signal config.yaml installed
   copy:
     content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}"
diff --git a/roles/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/matrix-bridge-mautrix-signal/templates/env.j2
new file mode 100644
index 000000000..7ffa22eb9
--- /dev/null
+++ b/roles/matrix-bridge-mautrix-signal/templates/env.j2
@@ -0,0 +1,2 @@
+SIGNALD_TRUST_NEW_KEYS={{ matrix_mautrix_signal_deamon_trust_new_safety_number }}
+{{ matrix_mautrix_signal_deamon_environment_variables_extension }}
diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
index e71bd76a3..31e68ea9b 100644
--- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
@@ -34,9 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si
 # We can't use `--read-only` for this bridge.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
 			--log-driver=none \
-            {% if matrix_mautrix_signal_deamon_trust_new_security_nuber %}
-			--env SIGNALD_TRUST_NEW_KEYS=true \
-            {% endif %}
+            --env-file={{ matrix_mautrix_signal_daemon_path }}/env \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \