Update rendered example
This commit is contained in:
parent
184889b74f
commit
c01f0a466f
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
vault write /database/roles/matrix-synapse \
|
vault write database/roles/matrix-synapse \
|
||||||
db_name="postgres" \
|
db_name="postgres" \
|
||||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||||
GRANT \"matrix-synapse\" TO \"{{name}}\"; \
|
GRANT \"matrix-synapse\" TO \"{{name}}\"; \
|
||||||
|
|
|
@ -95,7 +95,7 @@ job "matrix" {
|
||||||
user = 1053
|
user = 1053
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "danielberteaud/wait-for:24.2-1"
|
image = "danielberteaud/wait-for:24.3-1"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
pids_limit = 20
|
pids_limit = 20
|
||||||
}
|
}
|
||||||
|
@ -170,9 +170,9 @@ database:
|
||||||
args:
|
args:
|
||||||
database: matrix-synapse
|
database: matrix-synapse
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
password: '{{ with secret "/database/creds/matrix-synapse" }}{{ .Data.password }}{{ end }}'
|
password: '{{ with secret "database/creds/matrix-synapse" }}{{ .Data.password }}{{ end }}'
|
||||||
port: "5432"
|
port: "5432"
|
||||||
user: '{{ with secret "/database/creds/matrix-synapse" }}{{ .Data.username }}{{ end }}'
|
user: '{{ with secret "database/creds/matrix-synapse" }}{{ .Data.username }}{{ end }}'
|
||||||
name: psycopg2
|
name: psycopg2
|
||||||
default_identity_server: https://matrix.org
|
default_identity_server: https://matrix.org
|
||||||
delete_stale_devices_after: 180d
|
delete_stale_devices_after: 180d
|
||||||
|
@ -185,7 +185,7 @@ email:
|
||||||
smtp_host: 127.0.0.1
|
smtp_host: 127.0.0.1
|
||||||
smtp_port: 25
|
smtp_port: 25
|
||||||
forgotten_room_retention_period: 15d
|
forgotten_room_retention_period: 15d
|
||||||
form_secret: '{{- with secret "/kv/service/matrix" }}{{ .Data.data.form_secret }}{{ end }}'
|
form_secret: '{{- with secret "kv/service/matrix" }}{{ .Data.data.form_secret }}{{ end }}'
|
||||||
listeners:
|
listeners:
|
||||||
- path: /alloc/tmp/synapse.sock
|
- path: /alloc/tmp/synapse.sock
|
||||||
resources:
|
resources:
|
||||||
|
@ -195,7 +195,7 @@ listeners:
|
||||||
- federation
|
- federation
|
||||||
type: http
|
type: http
|
||||||
log_config: /secrets/logging.conf
|
log_config: /secrets/logging.conf
|
||||||
macaroon_secret_key: '{{- with secret "/kv/service/matrix" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
|
macaroon_secret_key: '{{- with secret "kv/service/matrix" }}{{ .Data.data.macaroon_secret_key }}{{ end }}'
|
||||||
max_avatar_size: 4M
|
max_avatar_size: 4M
|
||||||
media_retention:
|
media_retention:
|
||||||
local_media_lifetime: 730d
|
local_media_lifetime: 730d
|
||||||
|
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
||||||
# vim: syntax=sh
|
# vim: syntax=sh
|
||||||
|
|
||||||
export LC_ALL=C
|
export LC_ALL=C
|
||||||
VAULT_KV_PATH=/kv/service/matrix
|
VAULT_KV_PATH=kv/service/matrix
|
||||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||||
vault kv put ${VAULT_KV_PATH} \
|
vault kv put ${VAULT_KV_PATH} \
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
path "/kv/data/service/matrix" {
|
path "kv/data/service/matrix" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
path "/database/creds/matrix-synapse" {
|
path "database/creds/matrix-synapse" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user