fix: template secret, skip _FILE dance

2021-12-12 23:25:42 +01:00 · 2021-12-12 23:25:42 +01:00 · a5f9105613
parent b2a29da9a3
commit a5f9105613
3 changed files with 12 additions and 59 deletions
--- a/compose.yml
+++ b/compose.yml
@ -11,7 +11,6 @@ services:
    environment:
      - LETSENCRYPT_HOST=${DOMAIN}
      - SYNAPSE_ADMIN_EMAIL
-      - SYNAPSE_DB_PASSWORD_FILE=/run/secrets/db_password
      - SYNAPSE_REPORT_STATS=no
      - SYNAPSE_SERVER_NAME=${DOMAIN}
      - VIRTUAL_HOST=${DOMAIN}
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,29 +1,3 @@
 #!/bin/bash

-set -e
-
-file_env() {
-   local var="$1"
-   local fileVar="${var}_FILE"
-   local def="${2:-}"
-
-   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-      exit 1
-   fi
-
-   local val="$def"
-
-   if [ "${!var:-}" ]; then
-      val="${!var}"
-   elif [ "${!fileVar:-}" ]; then
-      val="$(< "${!fileVar}")"
-   fi
-
-   export "$var"="$val"
-   unset "$fileVar"
-}
-
-file_env "POSTGRES_DB_PASSWORD"
-
 /start.py
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@ -42,7 +42,7 @@ modules:
 # lowercase and may contain an explicit port.
 # Examples: matrix.org, localhost:8080
 #
-server_name: "foo.com"
+server_name: "{{ env "DOMAIN" }}"

 # When running as a daemon, the file to store the pid in
 #
@ -67,7 +67,7 @@ pid_file: /data/homeserver.pid
 #
 # Defaults to 'https://<server_name>/'.
 #
-#public_baseurl: https://example.com/
+public_baseurl: https://{{ env "DOMAIN" }}/

 # Uncomment the following to tell other servers to send federation traffic on
 # port 443.
@ -363,7 +363,7 @@ manhole_settings:

 # How to reach the server admin, used in ResourceLimitError
 #
-#admin_contact: 'mailto:admin@server.com'
+admin_contact: 'mailto:{{ env "ADMIN_EMAIL" }}'

 # Global blocking
 #
@ -751,37 +751,17 @@ caches:
 #   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
 #   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
 #   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
-#
-#
-# Example SQLite configuration:
-#
-#database:
-#  name: sqlite3
-#  args:
-#    database: /path/to/homeserver.db
-#
-#
-# Example Postgres configuration:
-#
-#database:
-#  name: psycopg2
-#  txn_limit: 10000
-#  args:
-#    user: synapse_user
-#    password: secretpassword
-#    database: synapse
-#    host: localhost
-#    port: 5432
-#    cp_min: 5
-#    cp_max: 10
-#
-# For more information on using Synapse with Postgres,
-# see https://matrix-org.github.io/synapse/latest/postgres.html.
-#
 database:
-  name: sqlite3
+  name: psycopg2
+  txn_limit: 10000
  args:
-    database: /data/homeserver.db
+    user: synapse
+    password: {{ env "db_password" }}
+    database: synapse
+    host: db
+    port: 5432
+    cp_min: 5
+    cp_max: 10


 ## Logging ##