From 26d5719df414d26f3af8470cac5a36d1f3e65eed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 12 Mar 2023 10:01:51 +0200 Subject: [PATCH] Make matrix-synapse-auto-compressor live in its own container network It will, additionally, be connected to the devture-postgres network, if devture-postgres is enabled. --- group_vars/matrix_servers | 5 +++++ .../defaults/main.yml | 8 ++++++++ .../tasks/install.yml | 5 +++++ .../matrix-synapse-auto-compressor.service.j2 | 13 +++++++++++-- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5712b0378..c96b34a79 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3338,6 +3338,11 @@ matrix_synapse_auto_compressor_enabled: false matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_synapse_auto_compressor_container_additional_networks: | + {{ + ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_auto_compressor_container_network else []) + }} + matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}" matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}" matrix_synapse_auto_compressor_database_hostname: "{{ matrix_synapse_database_host if matrix_synapse_enabled else '' }}" diff --git a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml index 8de4097e2..0649392d2 100644 --- a/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml +++ b/roles/custom/matrix-synapse-auto-compressor/defaults/main.yml @@ -17,6 +17,14 @@ matrix_synapse_auto_compressor_container_image_force_pull: "{{ matrix_synapse_au matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor" +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_synapse_auto_compressor_container_network: matrix-synapse-auto-compressor + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_synapse_auto_compressor_container_additional_networks: [] + # A list of extra arguments to pass to the container matrix_synapse_auto_compressor_container_extra_arguments: [] diff --git a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml index ec825b133..6f4524bbc 100644 --- a/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml +++ b/roles/custom/matrix-synapse-auto-compressor/tasks/install.yml @@ -43,6 +43,11 @@ pull: true when: "matrix_synapse_auto_compressor_container_image_self_build | bool" +- name: Ensure matrix-synapse-auto-compressor container network is created + community.general.docker_network: + name: "{{ matrix_synapse_auto_compressor_container_network }}" + driver: bridge + - name: Ensure matrix-synapse-auto-compressor systemd service and timer are installed ansible.builtin.template: src: "{{ role_path }}/templates/matrix-synapse-auto-compressor.{{ item }}.j2" diff --git a/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 b/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 index 02aef84b3..e769438d1 100644 --- a/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 +++ b/roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.service.j2 @@ -15,18 +15,27 @@ Type=oneshot Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-auto-compressor 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-auto-compressor 2>/dev/null || true' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-synapse-auto-compressor \ + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-synapse-auto-compressor \ --log-driver=none \ --cap-drop=ALL \ --read-only \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_synapse_auto_compressor_container_network }} \ {% for arg in matrix_synapse_auto_compressor_container_extra_arguments %} {{ arg }} \ {% endfor %} {{ matrix_synapse_auto_compressor_container_image }} \ {{ matrix_synapse_auto_compressor_command }} +{% for network in matrix_synapse_auto_compressor_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-auto-compressor +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-auto-compressor + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-auto-compressor 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-auto-compressor 2>/dev/null || true' SyslogIdentifier=matrix-synapse-auto-compressor