Add matrix_synapse_uid, matrix_synapse_gid and matrix_synapse_username

group_vars/matrix_servers

@@ -3071,6 +3071,10 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo
 
 matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
 
+matrix_synapse_username: "{{ matrix_user_username }}"
+matrix_synapse_uid: "{{ matrix_user_uid }}"
+matrix_synapse_gid: "{{ matrix_user_gid }}"
+
 matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 # When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.

roles/custom/matrix-synapse/defaults/main.yml

@@ -4,6 +4,10 @@
 
 matrix_synapse_enabled: true
 
+matrix_synapse_username: ''
+matrix_synapse_uid: ''
+matrix_synapse_gid: ''
+
 matrix_synapse_container_image_self_build: false
 matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git"
 

roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml

@@ -6,8 +6,8 @@
     dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
     force: true
     mode: 0440
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   register: result
   retries: "{{ devture_playbook_help_geturl_retries_count }}"
   delay: "{{ devture_playbook_help_geturl_retries_delay }}"

roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml

@@ -11,7 +11,7 @@
     version: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version }}"
     dest: "{{ matrix_synapse_ext_path }}/mjolnir"
   become: true
-  become_user: "{{ matrix_user_username }}"
+  become_user: "{{ matrix_synapse_username }}"
 
 - ansible.builtin.set_fact:
     matrix_synapse_spam_checker: >

roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -11,8 +11,8 @@
     dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
     force: true
     mode: 0440
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   register: result
   retries: "{{ devture_playbook_help_geturl_retries_count }}"
   delay: "{{ devture_playbook_help_geturl_retries_delay }}"

roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml

@@ -12,8 +12,8 @@
     path: "{{ item }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   with_items:
     - "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
     - "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}"

roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -16,8 +16,8 @@
     dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
     force: true
     mode: 0440
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   register: result
   retries: "{{ devture_playbook_help_geturl_retries_count }}"
   delay: "{{ devture_playbook_help_geturl_retries_delay }}"

roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml

@@ -16,7 +16,7 @@
     version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}"
     dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
   become: true
-  become_user: "{{ matrix_user_username }}"
+  become_user: "{{ matrix_synapse_username }}"
 
 - ansible.builtin.set_fact:
     matrix_synapse_modules: >

roles/custom/matrix-synapse/tasks/goofys/setup_install.yml

@@ -27,8 +27,8 @@
     path: "{{ matrix_s3_media_store_path }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   when: "not local_path_matrix_s3_media_store_path_stat.failed and not local_path_matrix_s3_media_store_path_stat.stat.exists"
 
 - name: Ensure goofys environment variables file created

roles/custom/matrix-synapse/tasks/import_media_store.yml

@@ -66,8 +66,8 @@
 - name: Ensure media store permissions are correct (generic case)
   ansible.builtin.file:
     path: "{{ matrix_synapse_media_store_path }}"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
     recurse: true
   when: "not matrix_s3_media_store_enabled | bool"
 

roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml

@@ -7,7 +7,7 @@
   ansible.builtin.set_fact:
     matrix_synapse_rust_synapse_compress_state_compress_room_command: >-
       {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
+      --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
       --cap-drop=ALL
       --network={{ matrix_docker_network }}
       --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work

roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml

@@ -39,8 +39,8 @@
     path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
 
 - name: Ensure rust-synapse-compress-state image is pulled
   community.docker.docker_image:

roles/custom/matrix-synapse/tasks/setup_install.yml

@@ -5,8 +5,8 @@
     path: "{{ item.path }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   with_items:
     - {path: "{{ matrix_synapse_config_dir_path }}", when: true}
     - {path: "{{ matrix_synapse_ext_path }}", when: true}

roles/custom/matrix-synapse/tasks/synapse/setup_install.yml

@@ -14,8 +14,8 @@
     path: "{{ matrix_synapse_media_store_path }}"
     state: directory
     mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
   when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
 
 - when: "matrix_synapse_container_image_self_build | bool"
@@ -27,7 +27,7 @@
         version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
         force: "yes"
       become: true
-      become_user: "{{ matrix_user_username }}"
+      become_user: "{{ matrix_synapse_username }}"
       register: matrix_synapse_git_pull_results
 
     - name: Check if Synapse Docker image exists
@@ -68,8 +68,8 @@
       ansible.builtin.template:
         src: "{{ role_path }}/templates/synapse/customizations/Dockerfile.j2"
         dest: "{{ matrix_synapse_customized_docker_src_files_path }}/Dockerfile"
-        owner: "{{ matrix_user_username }}"
-        group: "{{ matrix_user_groupname }}"
+        owner: "{{ matrix_synapse_uid }}"
+        group: "{{ matrix_synapse_gid }}"
         mode: 0640
 
     - name: Ensure customized Docker image for Synapse is built
@@ -98,7 +98,7 @@
     docker run
     --rm
     --name=matrix-config
-    --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
+    --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
     --cap-drop=ALL
     --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
     -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
@@ -113,8 +113,8 @@
     content: "{{ matrix_synapse_configuration | to_nice_yaml(indent=2, width=999999) }}"
     dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
     mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
 
 - name: Ensure Synapse log config installed
   ansible.builtin.template:
@@ -143,7 +143,7 @@
   ansible.builtin.template:
     src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2"
     dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
     mode: 0644
   when: matrix_synapse_metrics_proxying_enabled | bool

roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml

@@ -10,8 +10,8 @@
     src: "{{ role_path }}/templates/synapse/worker.yaml.j2"
     dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}"
     mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
+    owner: "{{ matrix_synapse_uid }}"
+    group: "{{ matrix_synapse_gid }}"
 
 - name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }}
   ansible.builtin.template:

roles/custom/matrix-synapse/tasks/validate_config.yml

@@ -6,11 +6,15 @@
       You need to define a required configuration setting (`{{ item }}`) for using Synapse.
   when: "vars[item] == ''"
   with_items:
-    - "matrix_synapse_macaroon_secret_key"
-    - "matrix_synapse_database_host"
-    - "matrix_synapse_database_user"
-    - "matrix_synapse_database_password"
-    - "matrix_synapse_database_database"
+    - matrix_synapse_username
+    - matrix_synapse_uid
+    - matrix_synapse_gid
+    - matrix_synapse_container_network
+    - matrix_synapse_macaroon_secret_key
+    - matrix_synapse_database_host
+    - matrix_synapse_database_user
+    - matrix_synapse_database_password
+    - matrix_synapse_database_database
 
 - name: Fail if asking for more than 1 instance of single-instance workers
   ansible.builtin.fail:

roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2

@@ -13,7 +13,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm %n
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name %n \
 			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
 			--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
 			--mount type=bind,src=/etc/group,dst=/etc/group,ro \
 			--mount type=bind,src={{ matrix_s3_media_store_path }},dst=/s3,bind-propagation=shared \

roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2

@@ -18,7 +18,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name={{ matrix_synapse_worker_container_name }} \
 			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \

roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2

@@ -34,7 +34,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name=matrix-synapse \
 			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \