From 09f9dddf576115ea30550fa0a9e6929cfe72d307 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Wed, 6 Nov 2024 17:45:54 +0000 Subject: [PATCH] unbreak mount permissions on linux --- .env-sample | 4 ++++ compose.yml | 16 ++++++++++++++++ data/element-call/config.json | 0 data/element-web/config.json | 0 data/livekit/config.yaml | 0 data/mas/.gitkeep | 0 data/nginx/ssl/rootCA.pem | 0 data/postgres/.gitkeep | 0 data/synapse/.gitkeep | 0 9 files changed, 20 insertions(+) create mode 100644 data/element-call/config.json create mode 100644 data/element-web/config.json create mode 100644 data/livekit/config.yaml create mode 100644 data/mas/.gitkeep create mode 100644 data/nginx/ssl/rootCA.pem create mode 100644 data/postgres/.gitkeep create mode 100644 data/synapse/.gitkeep diff --git a/.env-sample b/.env-sample index 2e3bafc..5910e7e 100644 --- a/.env-sample +++ b/.env-sample @@ -7,6 +7,10 @@ # n.b. SECRETS_* env variables get pulled in on demand from files in ./secrets +# XXX: how do we interpolate this in? +USER_ID= +GROUP_ID= + VOLUME_PATH=. DOMAIN=example.com HOMESERVER_FQDN=matrix.$DOMAIN diff --git a/compose.yml b/compose.yml index 01f55e3..06ab9cc 100644 --- a/compose.yml +++ b/compose.yml @@ -1,4 +1,5 @@ # FIXME: define a frontend & backend network, and only expose backend services to the frontend (nginx) + networks: backend: @@ -18,6 +19,7 @@ services: # dependencies for optionally generating default configs + secrets generate-synapse-secrets: image: ghcr.io/element-hq/synapse:latest + user: $USER_ID:$GROUP_ID restart: "no" volumes: - ${VOLUME_PATH}/data/synapse:/data:rw @@ -33,6 +35,7 @@ services: generate-mas-secrets: restart: "no" image: ghcr.io/element-hq/matrix-authentication-service:latest + user: $USER_ID:$GROUP_ID volumes: - ${VOLUME_PATH}/data/mas:/data:rw # FIXME: stop this regenerating a spurious default config every time @@ -42,6 +45,7 @@ services: # dependency for templating /data-template into /data (having extracted any secrets from any default generated configs) init: build: init + user: $USER_ID:$GROUP_ID restart: "no" volumes: - ${VOLUME_PATH}/secrets:/secrets @@ -58,6 +62,7 @@ services: nginx: image: nginx:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped ports: - "80:80" @@ -99,6 +104,7 @@ services: postgres: image: postgres:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped volumes: - ${VOLUME_PATH}/data/postgres:/var/lib/postgresql/data:rw @@ -123,6 +129,7 @@ services: redis: image: redis:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped # healthcheck: # test: ["CMD-SHELL", "redis-cli ping | grep PONG"] @@ -134,6 +141,7 @@ services: synapse: image: ghcr.io/element-hq/synapse:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped volumes: - ${VOLUME_PATH}/data/synapse:/data:rw @@ -157,6 +165,7 @@ services: synapse-generic-worker-1: image: ghcr.io/element-hq/synapse:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-generic-worker-1.yaml"] healthcheck: @@ -182,6 +191,7 @@ services: synapse-federation-sender-1: image: ghcr.io/element-hq/synapse:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-federation-sender-1.yaml"] healthcheck: @@ -202,6 +212,7 @@ services: mas: image: ghcr.io/element-hq/matrix-authentication-service:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped # ports: # - 8083:8080 @@ -221,6 +232,7 @@ services: # as a basic local MTA mailhog: image: mailhog/mailhog:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped ports: - 8025:8025 @@ -230,6 +242,7 @@ services: element-web: image: vectorim/element-web:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped # ports: # - 8080:80 @@ -248,6 +261,7 @@ services: element-call: image: ghcr.io/element-hq/element-call + user: $USER_ID:$GROUP_ID restart: unless-stopped # ports: # - 8082:80 @@ -261,6 +275,7 @@ services: livekit: image: livekit/livekit-server:latest + user: $USER_ID:$GROUP_ID restart: unless-stopped volumes: - ${VOLUME_PATH}/data/livekit/config.yaml:/etc/livekit.yaml @@ -295,6 +310,7 @@ services: FROM alpine:latest RUN apk update && apk add bash COPY --from=builder /lk-jwt-service / + user: $USER_ID:$GROUP_ID restart: unless-stopped volumes: - ${VOLUME_PATH}/data/nginx/ssl/rootCA.pem:/etc/ssl/certs/ca-certificates.crt diff --git a/data/element-call/config.json b/data/element-call/config.json new file mode 100644 index 0000000..e69de29 diff --git a/data/element-web/config.json b/data/element-web/config.json new file mode 100644 index 0000000..e69de29 diff --git a/data/livekit/config.yaml b/data/livekit/config.yaml new file mode 100644 index 0000000..e69de29 diff --git a/data/mas/.gitkeep b/data/mas/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/data/nginx/ssl/rootCA.pem b/data/nginx/ssl/rootCA.pem new file mode 100644 index 0000000..e69de29 diff --git a/data/postgres/.gitkeep b/data/postgres/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/data/synapse/.gitkeep b/data/synapse/.gitkeep new file mode 100644 index 0000000..e69de29