From e9169a0b951160f6f4d201042685c11e1d8c7bc5 Mon Sep 17 00:00:00 2001
From: IUCCA <prof.profi@t-online.de>
Date: Sun, 17 Jul 2022 19:01:46 +0200
Subject: [PATCH] Added option to trust new signal identities

---
 roles/matrix-bridge-mautrix-signal/defaults/main.yml          | 4 ++++
 .../templates/systemd/matrix-mautrix-signal-daemon.service.j2 | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
index 3ed92dbcb..565fdbf6d 100644
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -130,6 +130,10 @@ matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configu
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`.
 matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml|from_yaml|combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}"
 
+# Prevents the puppet from breaking when the signal security nuber changes.
+# The new security nuber will marked as trusted_unverified if this is set to true
+matrix_mautrix_signal_deamon_trust_new_security_nuber: false
+
 matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}"
 
 matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"
diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
index 9e348b485..e71bd76a3 100644
--- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
@@ -34,7 +34,9 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si
 # We can't use `--read-only` for this bridge.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
 			--log-driver=none \
+            {% if matrix_mautrix_signal_deamon_trust_new_security_nuber %}
 			--env SIGNALD_TRUST_NEW_KEYS=true \
+            {% endif %}
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \