WIP: postgres: create databases for all services

If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
spantaleev · Nov 29, 2020 · 31d2f2c · 31d2f2c
1 parent e0d7d5f
commit 31d2f2c
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 0 deletions.
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
@@ -886,6 +886,70 @@ matrix_postgres_connection_username: "synapse"
 matrix_postgres_connection_password: "synapse-password"
 matrix_postgres_db_name: "homeserver"
 
+matrix_postgres_additional_databases: |
+  {{
+    ([{
+      name:'matrix_appservice_discord',
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string
+    }] if matrix_appservice_discord_enabled else [])
+    + ([{
+      name: 'matrix_appservice_slack'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string
+    }] if matrix_appservice_slack_enabled else [])
+    + ([{
+      name: 'matrix_appservice_irc'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string
+    }] if matrix_appservice_irc_enabled else [])
+    + ([{
+'mautrix-bridge-facebook'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string
+    }] if matrix_mautrix_facebook_enabled else [])
+    + ([{
+      name: 'mautrix_bridge_hangouts'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string
+    }] if matrix_mautrix_hangouts_enabled else [])
+    + ([{
+      name: 'mautrix_bridge_telegram'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string
+    }] if matrix_mautrix_telegram_enabled else [])
+    + ([{
+      name: 'mautrix_bridge_whatsapp'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string
+    }] if matrix_mautrix_whatsapp_enabled else [])
+    + ([{
+      name: 'matrix_bridge_sms'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string
+    }] if matrix_sms_bridge_enabled else [])
+    + ([{
+      name: 'matrix_puppet_skype'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string
+    }] if matrix_mx_puppet_skype_enabled else [])
+    + ([{
+      name: 'matrix_puppet_slack'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string
+    }] if matrix_mx_puppet_slack_enabled else [])
+    + ([{
+      name: 'matrix_puppet_twitter'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string
+    }] if matrix_mx_puppet_twitter_enabled else [])
+    + ([{
+      name: 'matrix_puppet_instagram'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string
+    ] if matrix_mx_puppet_instagram_enabled else [])
+    + ([{
+      name: 'matrix_puppet_discord'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string
+    }] if matrix_mx_puppet_discord_enabled else [])
+    + ([{
+      name: 'matrix_puppet_steam'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string
+    }] if matrix_mx_puppet_steam_enabled else [])
+    + ([{
+      name: 'matrix_dimension'
+      pass: matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string
+    }] if matrix_dimension_enabled else [])
+  }}
+
 ######################################################################
 #
 # /matrix-postgres

diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml
@@ -162,3 +162,33 @@
     - matrix-change-user-admin-status
     - matrix-postgres-update-user-password-hash
   when: "not matrix_postgres_enabled|bool"
+
+# Create additional databases
+- name: Retrieve IP of postgres container
+  shell: "docker inspect matrix-postgres | jq -r '.[0].NetworkSettings.Networks.{{ matrix_docker_network }}.IPAddress'"
+  register: matirx_postgres_container_ip
+
+- name: Create additional users in postgres
+  postgresql_user:
+    name: "{{ item.name }}"
+    password: "{{ item.pass }}"
+    login_host: "{{ matrx_postgres_container_ip.stdout }}"
+    login_port: 5432
+    login_user: "{{ matrix_postgres_connection_username }}"
+    login_password: "{{ matrix_postgres_connection_password }}"
+    login_db: "{{ matrix_postgres_db_name }}"
+  loop: matrix_postgres_additional_databases
+  when: matrix_postgres_enabed|bool
+
+- name: Create additional users in postgres
+  postgresql_db:
+    name: "{{ item.name }}"
+    owner: "{{ item.name }}"
+    lc_ctype: 'C'
+    lc_collate: 'C'
+    login_host: "{{ matrx_postgres_container_ip.stdout }}"
+    login_port: 5432
+    login_user: "{{ matrix_postgres_connection_username }}"
+    login_password: "{{ matrix_postgres_connection_password }}"
+  loop: matrix_postgres_additional_databases
+  when: matrix_postgres_enabled|bool