ansible/roles/synapse/tasks/generate_secret.yml

---
- name: Set full file path
  set_fact:
    secret_file_path: "{{ matrix_synapse_secrets_path }}/{{ secret.file }}"

- name: Check if secret exists
  stat:
    path: "{{ secret_file_path }}"
  register: secret_file_stat

- name: Generate random string
  copy:
    content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=42') }}"
    dest: "{{ secret_file_path }}"
    owner: synapse
    group: synapse
    mode: "0600"
  when:
    - not secret_file_stat.stat.exists
# TODO: This below is a dirty hack and should be properly revisited
- name: Retrieve secret
  slurp:
    src: "{{ secret_file_path }}"
  register: secret_var

- name: Set secret.var fact
  set_fact: { "{{ secret.var }}": "{{ secret_var }}" }
add requirements file,hosts.ini and README 2019-09-24 09:19:03 +00:00			`---`
			`- name: Set full file path`
			`set_fact:`
			`secret_file_path: "{{ matrix_synapse_secrets_path }}/{{ secret.file }}"`

			`- name: Check if secret exists`
			`stat:`
			`path: "{{ secret_file_path }}"`
			`register: secret_file_stat`

			`- name: Generate random string`
			`copy:`
			`content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=42') }}"`
			`dest: "{{ secret_file_path }}"`
			`owner: synapse`
			`group: synapse`
			`mode: "0600"`
			`when:`
			`- not secret_file_stat.stat.exists`
			`# TODO: This below is a dirty hack and should be properly revisited`
			`- name: Retrieve secret`
			`slurp:`
			`src: "{{ secret_file_path }}"`
			`register: secret_var`

			`- name: Set secret.var fact`
			`set_fact: { "{{ secret.var }}": "{{ secret_var }}" }`