commit db84a1224b92e7ee92cab27f3d83b66474657f5e · krasovs.ky/homelab

+2 -3

configs/containers/systemd/matrix/matrix-postgres.container.tftpl

···

       8
       8
        
       

     

       9
       9
        
       User=1000:1000

     

       10
       10
        
       

     

       11
       11
       -
       Environment=POSTGRES_USER=synapse

     

       12
       12
       -
       Environment=POSTGRES_DB=synapse

     

       13
       11
        
       Environment=POSTGRES_INITDB_ARGS="--encoding=UTF-8 --lc-collate=C --lc-ctype=C"

     

       14
       14
       -
       Secret=synapse-postgres-password,type=env,target=POSTGRES_PASSWORD

     

       12
       12
       +
       Secret=matrix-postgres-password,type=env,target=POSTGRES_PASSWORD

     

       15
       13
        
       

     

       16
       14
        
       Label="glance.parent=matrix"

     

       17
       15
        
       Label="glance.name=Postgres"

     
···

       20
       18
        
       HealthCmd=pg_isready --dbname="$$${POSTGRES_DB}" --username="$$${POSTGRES_USER}" || exit 1;

     

       21
       19
        
       HealthStartupInterval=5s

     

       22
       20
        
       

     

       21
       21
       +
       Volume=%E/matrix/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh:Z

     

       23
       22
        
       Volume=/var/mnt/docker/app_data/matrix/postgres:/var/lib/postgresql/data:Z

     

       24
       23
        
       

     

       25
       24
        
       Pod=matrix.pod

+20

configs/matrix/init-db.sh

···

       1
       1
       +
       #!/usr/bin/env bash

     

       2
       2
       +
       set -e

     

       3
       3
       +
       

     

       4
       4
       +
       psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL

     

       5
       5
       +
       	CREATE USER synapse WITH PASSWORD '${secrets.synapse_postgres_password}';

     

       6
       6
       +
         CREATE DATABASE synapse;

     

       7
       7
       +
         GRANT ALL PRIVILEGES ON DATABASE synapse TO synapse;

     

       8
       8
       +
       

     

       9
       9
       +
         CREATE USER mas WITH PASSWORD '${secrets.matrix_authentication_service_postgres_password}';

     

       10
       10
       +
         CREATE DATABASE mas;

     

       11
       11
       +
         GRANT ALL PRIVILEGES ON DATABASE mas TO mas;

     

       12
       12
       +
       EOSQL

     

       13
       13
       +
       

     

       14
       14
       +
       psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname synapse <<-EOSQL

     

       15
       15
       +
         GRANT ALL ON SCHEMA public TO synapse;

     

       16
       16
       +
       EOSQL

     

       17
       17
       +
       

     

       18
       18
       +
       psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname mas <<-EOSQL

     

       19
       19
       +
         GRANT ALL ON SCHEMA public TO mas;

     

       20
       20
       +
       EOSQL

+1 -1

configs/matrix/mas.yaml.tftpl

···

       28
       28
        
         - ::1/128

     

       29
       29
        
       

     

       30
       30
        
       database:

     

       31
       31
       -
         uri: "postgresql://synapse:${secrets.synapse_postgres_password}@matrix-postgres/mas"

     

       31
       31
       +
         uri: "postgresql://mas:${secrets.matrix_authentication_service_postgres_password}@matrix-postgres/mas"

     

       32
       32
        
         max_connections: 10

     

       33
       33
        
         min_connections: 0

     

       34
       34
        
         connect_timeout: 30

+4

fcos.tf

···

       29
       29
        
       data "bitwarden_secret" "synapse_oidc_client_secret" {

     

       30
       30
        
         id = var.containers_secret_config.synapse_oidc_client_secret

     

       31
       31
        
       }

     

       32
       32
       +
       data "bitwarden_secret" "matrix_authentication_service_postgres_password" {

     

       33
       33
       +
         id = var.containers_secret_config.matrix_authentication_service_postgres_password

     

       34
       34
       +
       }

     

       32
       35
        
       data "bitwarden_secret" "matrix_authentication_service_secret" {

     

       33
       36
        
         id = var.containers_secret_config.matrix_authentication_service_secret

     

       34
       37
        
       }

     
···

       73
       76
        
             synapse_macaroon_secret_key : data.bitwarden_secret.synapse_macaroon_secret_key.value

     

       74
       77
        
             synapse_form_secret : data.bitwarden_secret.synapse_form_secret.value

     

       75
       78
        
             synapse_oidc_client_secret : data.bitwarden_secret.synapse_oidc_client_secret.value

     

       79
       79
       +
             matrix_authentication_service_postgres_password : data.bitwarden_secret.matrix_authentication_service_postgres_password.value

     

       76
       80
        
             matrix_authentication_service_secret : data.bitwarden_secret.matrix_authentication_service_secret.value

     

       77
       81
        
             matrix_authentication_service_secrets_encryption : data.bitwarden_secret.matrix_authentication_service_secrets_encryption.value

     

       78
       82
        
             matrix_authentication_service_secrets_rsa_key : data.bitwarden_secret.matrix_authentication_service_secrets_rsa_key.value

+2

variables.tf

···

       72
       72
        
           simplex_xftp_pass                                   = "c6feec9d-2622-4322-acbf-b338013f79e9"

     

       73
       73
        
           tuwunel_registration_token                          = "92e470e2-c88e-43d3-ae0c-b3570039c4c9"

     

       74
       74
        
           coturn_turn_shared_secret                           = "5b69585c-03e8-454f-94e0-b357000002d4"

     

       75
       75
       +
           matrix_postgres_password                            = "d2ea9e75-f3bc-4e3d-a07c-b37b0147a20a"

     

       75
       76
        
           synapse_postgres_password                           = "2209bd8d-f6a7-43e0-afa8-b37a00bbfd2c"

     

       76
       77
        
           synapse_registration_shared_secret                  = "9dab9863-5dac-4748-a1fc-b37a0145f7f1"

     

       77
       78
        
           synapse_macaroon_secret_key                         = "cfa20ae3-8103-46be-a129-b37a014627aa"

     
···

       79
       80
        
           synapse_oidc_client_secret                          = "6e0f179f-631c-480c-b9ec-b37a0146e95c"

     

       80
       81
        
           matrix_rtc_livekit_key                              = "5c336187-6139-413b-bbf1-b37a01588b03"

     

       81
       82
        
           matrix_rtc_livekit_secret                           = "a24e0995-d297-4c23-849f-b37a0158a5d4"

     

       83
       83
       +
           matrix_authentication_service_postgres_password     = "d2ea9e75-f3bc-4e3d-a07c-b37b0147a20a"

     

       82
       84
        
           matrix_authentication_service_secret                = "bcaa7f79-c9fc-4448-9c79-b37a016954f5"

     

       83
       85
        
           matrix_authentication_service_secrets_encryption    = "012d8da3-3f7c-471a-b9cb-b37b0001dc1b"

     

       84
       86
        
           matrix_authentication_service_secrets_rsa_key       = "c2c1d0d3-1c80-4c36-961e-b37b000049ca"