Move synapse-auto-compressor Postgres argument to an environment variable
This provides an additional security benefit. The password won't leak in the process list anymore.
This commit is contained in:
parent
26d5719df4
commit
328d0d8a5f
|
@ -5,18 +5,19 @@
|
||||||
|
|
||||||
matrix_synapse_auto_compressor_enabled: true
|
matrix_synapse_auto_compressor_enabled: true
|
||||||
|
|
||||||
|
matrix_synapse_auto_compressor_version: v0.1.3
|
||||||
|
|
||||||
|
matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor"
|
||||||
|
matrix_synapse_auto_compressor_container_src_files_path: "{{ matrix_synapse_auto_compressor_base_path }}/container-src"
|
||||||
|
|
||||||
matrix_synapse_auto_compressor_container_image_self_build: false
|
matrix_synapse_auto_compressor_container_image_self_build: false
|
||||||
matrix_synapse_auto_compressor_container_repo: "https://gitlab.com/etke.cc/rust-synapse-compress-state.git"
|
matrix_synapse_auto_compressor_container_repo: "https://gitlab.com/etke.cc/rust-synapse-compress-state.git"
|
||||||
matrix_synapse_auto_compressor_container_repo_version: "{{ 'main' if matrix_synapse_auto_compressor_version == 'latest' else matrix_synapse_auto_compressor_version }}"
|
matrix_synapse_auto_compressor_container_repo_version: "{{ 'main' if matrix_synapse_auto_compressor_version == 'latest' else matrix_synapse_auto_compressor_version }}"
|
||||||
matrix_synapse_auto_compressor_container_src_files_path: "{{ matrix_synapse_auto_compressor_base_path }}"
|
|
||||||
|
|
||||||
matrix_synapse_auto_compressor_version: v0.1.3
|
|
||||||
matrix_synapse_auto_compressor_container_image: "{{ matrix_synapse_auto_compressor_container_image_name_prefix }}etke.cc/rust-synapse-compress-state:{{ matrix_synapse_auto_compressor_version }}"
|
matrix_synapse_auto_compressor_container_image: "{{ matrix_synapse_auto_compressor_container_image_name_prefix }}etke.cc/rust-synapse-compress-state:{{ matrix_synapse_auto_compressor_version }}"
|
||||||
matrix_synapse_auto_compressor_container_image_name_prefix: "{{ 'localhost/' if matrix_synapse_auto_compressor_container_image_self_build else 'registry.gitlab.com/' }}"
|
matrix_synapse_auto_compressor_container_image_name_prefix: "{{ 'localhost/' if matrix_synapse_auto_compressor_container_image_self_build else 'registry.gitlab.com/' }}"
|
||||||
matrix_synapse_auto_compressor_container_image_force_pull: "{{ matrix_synapse_auto_compressor_container_image.endswith(':latest') }}"
|
matrix_synapse_auto_compressor_container_image_force_pull: "{{ matrix_synapse_auto_compressor_container_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor"
|
|
||||||
|
|
||||||
# The base container network. It will be auto-created by this role if it doesn't exist already.
|
# The base container network. It will be auto-created by this role if it doesn't exist already.
|
||||||
matrix_synapse_auto_compressor_container_network: matrix-synapse-auto-compressor
|
matrix_synapse_auto_compressor_container_network: matrix-synapse-auto-compressor
|
||||||
|
|
||||||
|
@ -57,4 +58,7 @@ matrix_synapse_auto_compressor_chunk_size: 500
|
||||||
# The higher this number is set to, the longer the compressor will run for.
|
# The higher this number is set to, the longer the compressor will run for.
|
||||||
matrix_synapse_auto_compressor_chunks_to_compress: 100
|
matrix_synapse_auto_compressor_chunks_to_compress: 100
|
||||||
|
|
||||||
matrix_synapse_auto_compressor_command: "synapse_auto_compressor -p {{ matrix_synapse_auto_compressor_synapse_database }} -c {{ matrix_synapse_auto_compressor_chunk_size }} -n {{ matrix_synapse_auto_compressor_chunks_to_compress }}"
|
matrix_synapse_auto_compressor_command: "synapse_auto_compressor -p $POSTGRES_LOCATION -c {{ matrix_synapse_auto_compressor_chunk_size }} -n {{ matrix_synapse_auto_compressor_chunks_to_compress }}"
|
||||||
|
|
||||||
|
# Controls the POSTGRES_LOCATION environment variable
|
||||||
|
matrix_synapse_auto_compressor_environment_variable_postgres_location: "{{ matrix_synapse_auto_compressor_synapse_database }}"
|
||||||
|
|
|
@ -1,12 +1,26 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure synapse-auto-compressor paths exist
|
- name: Ensure synapse-auto-compressor paths exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ matrix_synapse_auto_compressor_container_src_files_path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0750
|
mode: 0750
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
when: matrix_synapse_auto_compressor_container_image_self_build | bool
|
when: item.when | bool
|
||||||
|
with_items:
|
||||||
|
- path: "{{ matrix_synapse_auto_compressor_base_path }}"
|
||||||
|
when: true
|
||||||
|
- path: "{{ matrix_synapse_auto_compressor_container_src_files_path }}"
|
||||||
|
when: "{{ matrix_synapse_auto_compressor_container_image_self_build }}"
|
||||||
|
|
||||||
|
- name: Ensure synapse-auto-compressor labels installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/env.j2"
|
||||||
|
dest: "{{ matrix_synapse_auto_compressor_base_path }}/env"
|
||||||
|
mode: 0640
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
- name: Ensure synapse-auto-compressor image is pulled
|
- name: Ensure synapse-auto-compressor image is pulled
|
||||||
community.docker.docker_image:
|
community.docker.docker_image:
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
POSTGRES_LOCATION={{ matrix_synapse_auto_compressor_environment_variable_postgres_location }}
|
|
@ -24,11 +24,13 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||||
--read-only \
|
--read-only \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--network={{ matrix_synapse_auto_compressor_container_network }} \
|
--network={{ matrix_synapse_auto_compressor_container_network }} \
|
||||||
|
--env-file={{ matrix_synapse_auto_compressor_base_path }}/env \
|
||||||
|
--entrypoint=/bin/sh \
|
||||||
{% for arg in matrix_synapse_auto_compressor_container_extra_arguments %}
|
{% for arg in matrix_synapse_auto_compressor_container_extra_arguments %}
|
||||||
{{ arg }} \
|
{{ arg }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_synapse_auto_compressor_container_image }} \
|
{{ matrix_synapse_auto_compressor_container_image }} \
|
||||||
{{ matrix_synapse_auto_compressor_command }}
|
-c '{{ matrix_synapse_auto_compressor_command }}'
|
||||||
|
|
||||||
{% for network in matrix_synapse_auto_compressor_container_additional_networks %}
|
{% for network in matrix_synapse_auto_compressor_container_additional_networks %}
|
||||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-auto-compressor
|
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-auto-compressor
|
||||||
|
|
Loading…
Reference in a new issue