Skip to content

Commit

Permalink
WIP: postgres: create databases for all services
Browse files Browse the repository at this point in the history
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
  • Loading branch information
jdreichmann committed Dec 10, 2020
1 parent d08b277 commit 16145a1
Show file tree
Hide file tree
Showing 3 changed files with 95 additions and 1 deletion.
64 changes: 64 additions & 0 deletions group_vars/matrix_servers
Original file line number Diff line number Diff line change
Expand Up @@ -889,6 +889,70 @@ matrix_postgres_connection_username: "synapse"
matrix_postgres_connection_password: "synapse-password"
matrix_postgres_db_name: "homeserver"

matrix_postgres_additional_databases: |
{{
([{
name:'matrix_appservice_discord',
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string
}] if matrix_appservice_discord_enabled else [])
+ ([{
name: 'matrix_appservice_slack'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string
}] if matrix_appservice_slack_enabled else [])
+ ([{
name: 'matrix_appservice_irc'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string
}] if matrix_appservice_irc_enabled else [])
+ ([{
'mautrix-bridge-facebook'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string
}] if matrix_mautrix_facebook_enabled else [])
+ ([{
name: 'mautrix_bridge_hangouts'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string
}] if matrix_mautrix_hangouts_enabled else [])
+ ([{
name: 'mautrix_bridge_telegram'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string
}] if matrix_mautrix_telegram_enabled else [])
+ ([{
name: 'mautrix_bridge_whatsapp'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string
}] if matrix_mautrix_whatsapp_enabled else [])
+ ([{
name: 'matrix_bridge_sms'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string
}] if matrix_sms_bridge_enabled else [])
+ ([{
name: 'matrix_puppet_skype'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string
}] if matrix_mx_puppet_skype_enabled else [])
+ ([{
name: 'matrix_puppet_slack'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string
}] if matrix_mx_puppet_slack_enabled else [])
+ ([{
name: 'matrix_puppet_twitter'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string
}] if matrix_mx_puppet_twitter_enabled else [])
+ ([{
name: 'matrix_puppet_instagram'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string
] if matrix_mx_puppet_instagram_enabled else [])
+ ([{
name: 'matrix_puppet_discord'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string
}] if matrix_mx_puppet_discord_enabled else [])
+ ([{
name: 'matrix_puppet_steam'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string
}] if matrix_mx_puppet_steam_enabled else [])
+ ([{
name: 'matrix_dimension'
pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string
}] if matrix_dimension_enabled else [])
}}

######################################################################
#
# /matrix-postgres
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ appservice:
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-telegram.db
database: postgres://mautrix_bridge_telegram:{{ matrix_addtional_databases | selectattr('name', 'equalto', 'matrix_bridge_telegram') | map(attribute='pass' | first ) }}@{{ matrix_postgres_connection_hostname }}/mautrix_bridge_telegram

# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
Expand Down
30 changes: 30 additions & 0 deletions roles/matrix-postgres/tasks/setup_postgres.yml
Original file line number Diff line number Diff line change
Expand Up @@ -162,3 +162,33 @@
- matrix-change-user-admin-status
- matrix-postgres-update-user-password-hash
when: "not matrix_postgres_enabled|bool"

# Create additional databases
- name: Retrieve IP of postgres container
shell: "docker inspect matrix-postgres | jq -r '.[0].NetworkSettings.Networks.{{ matrix_docker_network }}.IPAddress'"
register: matirx_postgres_container_ip

- name: Create additional users in postgres
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.pass }}"
login_host: "{{ matrx_postgres_container_ip.stdout }}"
login_port: 5432
login_user: "{{ matrix_postgres_connection_username }}"
login_password: "{{ matrix_postgres_connection_password }}"
login_db: "{{ matrix_postgres_db_name }}"
loop: matrix_postgres_additional_databases
when: matrix_postgres_enabed|bool

- name: Create additional users in postgres
postgresql_db:
name: "{{ item.name }}"
owner: "{{ item.name }}"
lc_ctype: 'C'
lc_collate: 'C'
login_host: "{{ matrx_postgres_container_ip.stdout }}"
login_port: 5432
login_user: "{{ matrix_postgres_connection_username }}"
login_password: "{{ matrix_postgres_connection_password }}"
loop: matrix_postgres_additional_databases
when: matrix_postgres_enabled|bool

0 comments on commit 16145a1

Please sign in to comment.