From e8cb043cf2efd04fa7c322f21f6d3c156b69756c Mon Sep 17 00:00:00 2001
From: "n.simonov" <n.simonov@scalablesolutions.io>
Date: Tue, 26 Aug 2025 22:10:29 +0500
Subject: [PATCH] add ssl cert

---
 host_vars/matrix.homedungeon.xyz/vars.yml | 44 +++++++++++
 ssl/cert.pem                              | 89 ++++++++++++++++++++++
 ssl/privkey.pem                           | 90 +++++++++++++++++++++++
 3 files changed, 223 insertions(+)
 create mode 100644 ssl/cert.pem
 create mode 100644 ssl/privkey.pem

diff --git a/host_vars/matrix.homedungeon.xyz/vars.yml b/host_vars/matrix.homedungeon.xyz/vars.yml
index 562035c..0ac4056 100644
--- a/host_vars/matrix.homedungeon.xyz/vars.yml
+++ b/host_vars/matrix.homedungeon.xyz/vars.yml
@@ -68,3 +68,47 @@ postgres_connection_password: '{{ vault.postgres_connection_password }}'
 # Example: `matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
 #
 # matrix_coturn_turn_external_ip_address: ''
+
+# Disable ACME / Let's Encrypt support.
+traefik_config_certificatesResolvers_acme_enabled: false
+
+# Disabling ACME support (above) automatically disables the SSL directory to be created.
+# Force-enable it to be created with this configuration, because we'll add our certificate files there.
+traefik_ssl_dir_enabled: true
+
+# Tell Traefik to load our custom SSL key pair by extending provider configuration.
+# The key pair files are created below, in `aux_file_definitions`.
+# Note that the `/ssl/…` path is an **in-container path**, not a path on the host (like `/matrix/traefik/ssl`). Do not change it!
+traefik_provider_configuration_extension_yaml:
+  tls:
+    certificates:
+      - certFile: /ssl/cert.pem
+        keyFile: /ssl/privkey.pem
+    stores:
+      default:
+        defaultCertificate:
+          certFile: /ssl/cert.pem
+          keyFile: /ssl/privkey.pem
+
+# Use the aux role to create our custom files on the server.
+# If you'd like to do this manually, remove this `aux_file_definitions` variable.
+aux_file_definitions:
+  # Create the privkey.pem file on the server by
+  # uploading a file from the computer where Ansible is running.
+  - dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
+    src: inventory/ssl/privkey.pem
+    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
+    # Mind the indentation level (indented with two white space characters).
+    # content: |
+    #   FILE CONTENT
+    #   HERE
+
+  # Create the cert.pem file on the server
+  # uploading a file from the computer where Ansible is running.
+  - dest: "{{ traefik_ssl_dir_path }}/cert.pem"
+    src: inventory/ssl/cert.pem
+    # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
+    # Mind the indentation level (indented with two white space characters).
+    # content: |
+    #   FILE CONTENT
+    #   HERE
diff --git a/ssl/cert.pem b/ssl/cert.pem
new file mode 100644
index 0000000..3f6da2d
--- /dev/null
+++ b/ssl/cert.pem
@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+62383733366335303963303832613139666138333338653635303963663166336638653735373336
+3335636231666432633530393139333336333862343436330a663462366432306365383065356333
+31313065323066646239396463653663366237303231643832396166303863396364633865306337
+6531633636613530640a336565373365353765333533306565363165346135303732636337316230
+65353165613363393833376439356236643761343836323833323361373131303361386161386433
+64386664656234303734646261333934613730613032306133663666393134656333323635306563
+65373562383661366466646534373065373733393763393565653965646235373262343836313066
+33663064616132623632356464313830303737616664636162646366323563613133663430313630
+30623165393861353166393032363437373861396365373933313138653733623733356364323432
+39643538303965333237353133343262373264663535613763633735336538633833356130346335
+35316633346330643232353236393763633364316564323764623661613234643264616338336366
+32346436666435646564626639646262336264643264646166313439646333636630646330306339
+62656564663339613261653437313662373137373531623638343065353533326563616664386638
+33323263383463383932653062633963356637316133383732333836623134623137343433656163
+62663333356339396434626638336135363239663732306562616430356336393633393839323564
+39653761643830653630396138626431613366363636636431323466656333353338316435393162
+32613262656136356139383435346164356635393835316237333639333532366531353534386232
+32363261636632373963306633343665363635303833376334663037356266626465343733333766
+39353835366563363462373161353364316638376664303630333663316261366365653664333531
+33353735383439623932666134396164333663613735333235366339373438343938373066373261
+31336132623933383335373732313266666635316236633964346439343737363238663434373333
+38663136383964323431633462396135373739663832356166343538326666376631383038303765
+61366430646161383363343161666630373163663739333631366461386166613164353430363531
+65306130623433626534633862333238656563346437643132653232336232653931613337316533
+66623937346239373037663531663734363065326431356162306263383736356437613439623964
+62383832333131376164396430303964646365323166313534623265626564666263303733346439
+37333764656331383166653664343664386332396237653761373832303534643637373865643435
+64343065373939653262353232356336616564396163326231306564616236666434353334336166
+66613332356165643532313533316261613164303936343239326636303435396430646166373830
+33643962353966653039633930306330373165656161356139313965313530306534303333353431
+65613563633263663063333830326137373030666530383534323839323530306432343336636235
+32323566376163376134343136343863626132653136653431636236303165363561343765613039
+61626336656632313733383332323763386532653735636364633834376139666464613235363931
+61383463643539633963313438326563316665373863656465613232373233316137326534373630
+34363466633230313063333335363564316438323437636331643338326536316135643135366664
+63653239346131346535366266316465383031333838373763366336643764363431333563383163
+63393239346662626461363033643834396230656164306634363230333561333530323436653366
+32646239396564633833643433316536353833653734346630633761326234323363393532383635
+33343330643633386164623862366630333835663162666630386435663262316237313264633130
+35383034303335343934336465313539393237366530373265336139343930366439643939633437
+65363561303536616263306131346366386539656363636234623735356130343630326365663230
+62653036663061646139396335316530376238316662393963353435653362323939353537366366
+34663533393261623533376338653436373934363462356339336237353662666631646232336165
+61633362383832373135376536613431616461303930383461383331386532353465373163383232
+66353466336539366532613638623432306433306466613666636465333664376561356664333836
+61346461616231643431313936643064316530316338643136616565643564303331313834396365
+36396235666264393633623563376530376261616637316261653131623561303731333831383737
+64613736323464366637363234323761393362313435633433396339383565306263393930396433
+37333866323337336335323430626466663834343036383438386339653339353461366537353735
+39343265343161316361353463373336323531653261313062623166326534336339376261353661
+61393436626535393534366539373233643834356633616537633831656566656631373636353563
+64343332376661653032313832376362343930303933386437353835333964393765386233663665
+65333737633539363736343463616562663132323666386164323633643064313933363733393435
+35643134613739366534346166303861393236376336316135616135623336396333646165343763
+65393463346332643932373962383565656533626362323363393861636234373264666137346534
+64323465653938353961346264373964663632613831636365616263376661646434373433653866
+31613539303864663861323762613533366465373937373035346138326633323236663463613330
+63613964643036356362666664633664633734333339376631666336646135373339336635333537
+31333865633165396139663731323463656263656665326364323230393530393333623834313361
+64663262663235356339356261336430396633333964316337313838613766653634313263396536
+65666632616234643339383736323438373037633333613365663965396630636563656135386364
+62623136303230306333303765393435616664373330393230636633663663323238616330636436
+62633132303166663963646636303834366333303863386238313835323934316133633837376531
+63653963383565373364663130323737306334306139373935316662333639346664333531393534
+32666365346635376561393736376538343334666233623062623639653534373633363234663763
+36653331373034643838653336383631363962666138626236346332363964346166386530653531
+61316564666434616263613066643638616265613464373763303663386563333563383433373335
+32623335396561666433383331366265353138626232346530386665363738343464623130656331
+33396564623062643163333165373562343237363037626236343766363836663438393462376133
+33666366633165636434343635396566643038343561366238323365316232323462373864366532
+39643964396338643838306637633037633038316265323631613366373666373966613764366437
+35623436346334393539306363316432643831643066613164373961373161306136613964656236
+32373866366264643337343936313062373134383062303139356464333035383766653666626536
+39323933613538666139663963366431613532633264313666626365373961376131333534353033
+65353439656334313461376232396165353537306639616433623733656164636261616234353638
+35333635326634303937313762646139643932396563333936323030616464323863363836323063
+37316431653736393532333537316363323261626464356461653337643132383431346361386331
+34383335303062643565623432313038626166343632656461363965663166623736636165353661
+64666166363338623930376435373638373832633365653661353933383236333233626264613338
+34303566343633333565373437333433306636393235653832396265623638666132356632653035
+36383036656137316431663164303965336630336139316434343865653538373965383130373466
+31623831386431613764643163336664363333336539636663326666393566333766633634656663
+38393235313536613136383938376237393235623537636131663261316436616636336464386535
+64663761623131666530333737393162346464333839623865383566386433363035326130643261
+33303137323533383464633736383437336532353962383162646634346264643861356530386461
+34313734653764303364333932643061366362353166353536666362366639653838323265313430
+62613064653132616235616130313462646339363834653838356630353830386630663962313263
+30326664626661363931
diff --git a/ssl/privkey.pem b/ssl/privkey.pem
new file mode 100644
index 0000000..c2b70f8
--- /dev/null
+++ b/ssl/privkey.pem
@@ -0,0 +1,90 @@
+$ANSIBLE_VAULT;1.1;AES256
+62613831636432316364653631356532613732373262663335346465376232653830626262363835
+6664663565336433613535633965373534323539343432340a346439353336346364326632376562
+34306533356534373432666162313933316432326166326135353439323037356432323030373563
+6538343462653966630a353731613966303761633539363537626661656661643439393938356636
+35613438613765666330346363393030323064643066306135353233356139396435303564656163
+61663363393838313933373666616262303362656534666630616334653537316130373831643434
+62346337393662636363386635656339636638386330323037383333663761643964666561383438
+65656165626536666664393831396131353232343664393566336630626239616164313562396636
+35326234313233343531333466386462653538386631393530353031363536323366663037313937
+65363061383036626364623932363238343463303837323137663863353433383262343263646133
+30663736393736336536646565623438646262653565383031633664366631356464386634643836
+63643139613234326163626136303233613630343235366436336639353434343166353766646364
+39326534633632303736663837646530363731376466393762366530356265376265663338666231
+31623462623761326234626235623931636565653934316464616138356532666137333239653630
+34356663663230613262363937306630636134366165613666646233643030336165326564343161
+62323834323064393831356339623839643435613263376164353030386132643333666535366463
+39393936663833626466663262323239343231643337313035393732633061313839333062643765
+65306130316362623164333531323334313530333135616231343136656231616239616538613539
+37663162343932306562356633366239333963656339343038383836343762393163633761643166
+36326166353662316566323830653466343533663434323630313035653834643261396430396661
+34396539393261333732646561383833646135313466313862613564306562633263333335366132
+63383133336232653533363361343239623336386538363164363266643337393061666266393135
+30626135306561616330353134613061633931656639656638666537613333633764333962303838
+38356266633766663964333133303137336132326361643938626437303631626662626239653663
+66663037313730626434353936303562333430333434323164653835313531653138663264653038
+31343831613735613038626562386237633064323933643965373734653862656133633365633664
+38666265313666643431363532646430313462646163343061346531346465646332356466333362
+38306630616235343637613365353064316638333134653962376461386434373137373166383433
+33616231383138326565346164336165626661323465393762613564663437623764313564393337
+64353637316234663664373262633332383861376365303239336464326365626564626264336666
+36666239353964316362633131356462336539613939326132333565386132323565383034376530
+64393662306235396532623432323866653935323736616436633936323463646566646565383434
+31313737666466343165656437656635666564353434356362316337633765393139376461663264
+66666265303636613437373730313061333065666436343732326561363634663161323636663331
+38303262383134653138616438626565353462346333613730323031306132396430626466343537
+31663431666561613062366439613737323236306131313561363733613065383830626432313065
+39316336316432353737386239613866616135333066333161633064323161656266343034373163
+62393538663366376232643630313439663764626361316165323633356434663562646438326662
+63376236633336643632383866396562376563346439373664663466656361636663336339623365
+39613236396636383034313537656130386234666665313834656533393337643965323630383364
+64663737343633363039383838616531356437643563333736313365643037353434393264666263
+62376361653165666663626131366534666263326634336634346537636530623466363730343461
+63363163326564396333373936356138383235363935343265306565663632303136376364356637
+65643464643938323338313161613335343031343431343966346630333633363831646234373763
+31656332636238613431623836323039336566326138376230363465616134353664386564666365
+61306364343538306336616165663636633533653038353764633130623863633032303031386438
+39376266353766333931383965303033393131356531383866393536333463643064356431396433
+35393463383863306332363537653435623336633432316638653831303636306564373364313462
+39643763323137343334303865343533646164616562383364666137623537623336363361623664
+63383866613463333065303838393263626237313430333837376465643865393938393238373833
+65646464396438313166626133383230373561313139313336396631333937366366366139356330
+32643563616631326332626636333763336466323835396439323235376232663231373662646633
+61366133663162326530646662346163356565646662376163616435343538633464356661323666
+37333031363136353037323537353237633532636564663838313132386631663833373466643331
+38376231613231633238356237646465343032333036333364383232646634663731663136316135
+34646337653636343435373038313835643139336338396366353438663034666330643633313561
+36613365373432396231613261646439653966623464336164623931306637666563396563623462
+61656465653236373065313162303364306339373965636235623439623932383038633038303332
+64653334323537373336303865386462373931633039316265363461626261346666346333313732
+31393633353833613233626265633831636338356639663930396530666239646437393739343834
+34323136333961643833383639356431343538326337653462353535393538666230623161363736
+35396163613365373134326134363432666533303736613636393561616564363766633764323961
+39363136613838373739303435613837643532303432656665333430396564323865393564643437
+36613562643433326631663261383536313732356461643766383632613534313932333032653039
+65373430376364393435623639346336613966386262346131303433633065316263386236383634
+63343362333265613032353532636630616432323263366562366465366538303233616261336535
+61373463343866323266343161383038626636613135306432303439336438613235613438313963
+30343934653232346631613935643365643037333634636161373233393964626662376232323532
+62386166373932666234636361623565343338316333353035343935393230653735646438653536
+38636363616161303434313135653162393035666563393334393762623031373665333666356161
+64343335303434303264396130386563323233663631336235656332386463313832656533633962
+62373831636537373932363466663836393733626561306331323565343630323335633232303766
+33646134346564323663366266306662396331386263636461643933663038346436303061303564
+63376662323461643638623865316237326537633438346463366138666138343339633466363039
+30366638363633663761393736653961393339333037373634333133393839346636636236303834
+66316162393335326339643536623037623136303538383262663132373134373337653839333730
+36663238363961613665343362383662626264653833373637613937653263653531633735646330
+65303434613661653937303035646365343035303536346361376537653466306137363935663139
+33303036376163316539663330373839633330323530653464383234653535363636356330303535
+61303661353261306635626634633931343266353031653966643638396333613266326532393337
+66396631323134333862366565353864623438383539353130313564313032396336353635663634
+61616639623631336363636134643039393466343963316631653861663438613166616364353738
+31353439306436316132393766643636646666643864633639336234346365653033653766633130
+62343632383564326463306461303435366433333036386633613836663032623137623739343863
+37666634386330613032663162653061396663373633633264636439613836666466363263366465
+30633266616232616332336238383062643066623535356164326530356665363639663536363461
+32666336333535306265353137386530623439343531643833326238643434626234373430623030
+66663639373065643633353538383839316264346532336161666563663833613365633439613931
+64346436643065306331383064353034333633356233316631313665656435633139