synapse: add /certs import support

2024-02-29 10:58:17 +09:00 · 2024-02-29 10:58:17 +09:00 · 27b5b87bad
parent ef281b0321
commit 27b5b87bad
3 changed files with 27 additions and 0 deletions
--- a/ansible/roles/synapse/files/basedir/docker-compose.yaml
+++ b/ansible/roles/synapse/files/basedir/docker-compose.yaml
@ -6,6 +6,10 @@ services:
      - /mnt/synapse_data:/data
      - ./config:/config
      - /mnt/logs/synapse:/logs
+      - /etc/pki/ca-trust/source/anchors/:/certs
+      - ./start.sh:/start.sh
+    entrypoint:
+      - /start.sh
    command:
      - run
      - --config-path=/config/homeserver.yaml
@ -14,6 +18,8 @@ services:

  synapse-worker-generic:
    image: matrixdotorg/synapse:${SYNAPSE_VERSION}
+    entrypoint:
+      - /start.sh
    command:
      - run
      - "--config-path=/config/homeserver.yaml"
@ -22,6 +28,8 @@ services:
      - /mnt/synapse_data:/data
      - ./config:/config
      - /mnt/logs/synapse:/logs
+      - /etc/pki/ca-trust/source/anchors/:/certs
+      - ./start.sh:/start.sh
    environment:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
@ -31,6 +39,8 @@ services:

  synapse-worker-sync:
    image: matrixdotorg/synapse:${SYNAPSE_VERSION}
+    entrypoint:
+      - /start.sh
    command:
      - run
      - "--config-path=/config/homeserver.yaml"
@ -39,6 +49,8 @@ services:
      - /mnt/synapse_data:/data
      - ./config:/config
      - /mnt/logs/synapse:/logs
+      - /etc/pki/ca-trust/source/anchors/:/certs
+      - ./start.sh:/start.sh
    environment:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
@ -48,6 +60,8 @@ services:

  synapse-worker-federation:
    image: matrixdotorg/synapse:${SYNAPSE_VERSION}
+    entrypoint:
+      - /start.sh
    command:
      - run
      - "--config-path=/config/homeserver.yaml"
@ -56,6 +70,8 @@ services:
      - /mnt/synapse_data:/data
      - ./config:/config
      - /mnt/logs/synapse:/logs
+      - /etc/pki/ca-trust/source/anchors/:/certs
+      - ./start.sh:/start.sh
    environment:
      SYNAPSE_WORKER: synapse.app.generic_worker
    depends_on:
--- a/ansible/roles/synapse/files/basedir/start.sh
+++ b/ansible/roles/synapse/files/basedir/start.sh
@ -4,3 +4,7 @@ cnt=$(ls -1 /certs 2>/dev/null|wc -l)

 if [ $cnt -gt 0 ]; then
    cp /certs/* /usr/local/share/ca-certificates
+    update-ca-certificates
+fi
+
+/start.py "$@"
--- a/ansible/roles/synapse/tasks/main.yml
+++ b/ansible/roles/synapse/tasks/main.yml
@ -6,6 +6,13 @@
    mode: '0644'
  tags:
    - files
+- name: Make start.sh executable
+  ansible.builtin.file:
+    path: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/start.sh
+    owner: "{{ ansible_user }}"
+    mode: '0755'
+  tags:
+    - files
 - name: Create nginx dir
  ansible.builtin.file:
    path: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/nginx