Using env file

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -130,9 +130,9 @@ matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configu
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`.
 matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}"
 
-# Prevents the puppet from breaking when the signal security nuber changes.
-# The new security nuber will marked as trusted_unverified if this is set to true
-matrix_mautrix_signal_deamon_trust_new_security_nuber: false
+# Prevents the puppet from breaking when the signal safety number changes.
+# The new safety number will be marked as trusted_unverified if this is set to true
+matrix_mautrix_signal_deamon_trust_new_safety_number: false
 
 matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}"
 
@@ -143,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG'
 matrix_mautrix_signal_bridge_encryption_allow: false
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+
+# Additional environment variables to pass to the Signal Deamon container
+#
+# Example:
+# matrix_mautrix_signal_deamon_environment_variables_extension: |
+#   SIGNALD_TRUST_ALL_KEYS=true
+matrix_mautrix_signal_deamon_environment_variables_extension: ''

roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml

@@ -90,6 +90,15 @@
     - "{{ matrix_mautrix_signal_daemon_path }}/attachments"
     - "{{ matrix_mautrix_signal_daemon_path }}/data"
 
+
+- name: Ensure mautrix-signal-daemon environment variables file created
+  template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_mautrix_signal_daemon_path }}/env"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0644
+
 - name: Ensure mautrix-signal config.yaml installed
   copy:
     content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}"

roles/matrix-bridge-mautrix-signal/templates/env.j2

@@ -0,0 +1,2 @@
+SIGNALD_TRUST_NEW_KEYS={{ matrix_mautrix_signal_deamon_trust_new_safety_number }}
+{{ matrix_mautrix_signal_deamon_environment_variables_extension }}

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2

@@ -34,9 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si
 # We can't use `--read-only` for this bridge.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
 			--log-driver=none \
-            {% if matrix_mautrix_signal_deamon_trust_new_security_nuber %}
-			--env SIGNALD_TRUST_NEW_KEYS=true \
-            {% endif %}
+            --env-file={{ matrix_mautrix_signal_daemon_path }}/env \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \