More env vars for the homeserver.yaml generate script Docker

[progonkpa]

Description:

I'm automating docker-compose matrix deploy.
I generate homeserver.yaml with the docker run ... generate command from readme (added at the bottom of this post).
The supported env vars don't cut it so I went ahead trying to solve that by manipulating the generated homeserver.yaml.

The problem I'm having is the generated homeserver.yaml is not writable.
The owner of the file has rw and shows up as 991 while group is lp.
The only remedy I found is switching to root which I don't want.

Contrary to what the title suggests, a quicker solution might be dealing with these permissions, but I don't know how.
I passed current host user and group as input to the container to no avail.
Does anybody know how to fix these permission issues?

If not, can you add more supported -e parameters?

All values I want to replace are vars/tags with this syntax ${var} in de code below.

vars/tags with this syntax ${var}

modules:

server_name: "${SYNAPSE_SERVER_NAME}"

pid_file: /data/homeserver.pid

presence:

  presence_router:

listeners:

  - port: 8008
    tls: false
    type: http
    x_forwarded: true

    resources:
      - names: [client, federation]
        compress: false

limit_remote_rooms:

retention:

caches:

  per_cache_factors:

database:
  name: psycopg2
  args:
    user: ${DB_USER}
    password: ${DB_PASSWORD}
    database: synapse
    host: ${DB_HOST}
    port: 5432
    cp_min: 5
    cp_max: 10

log_config: "/data/${SYNAPSE_SERVER_NAME}.log.config"

media_store_path: "/data/media_store"

url_preview_accept_language:

enable_registration: ${SYNAPSE_ENABLE_REGISTRATION}

account_threepid_delegates:

metrics_flags:

report_stats: ${SYNAPSE_REPORT_STATS}

room_prejoin_state:

signing_key_path: "/data/${SYNAPSE_SERVER_NAME}.signing.key"

old_signing_keys:

trusted_key_servers:
  - server_name: "matrix.org"

command:

docker run -it --rm \
    -v "$root_dir"/synapse:/data \
    -e SYNAPSE_SERVER_NAME=domain.com \
    -e SYNAPSE_REPORT_STATS=no \
    matrixdotorg/synapse:latest generate

[erikjohnston]

The only remedy I found is switching to root which I don't want.

Can you explain why you don't want to do this? To be clear you should only need to be root/use sudo to edit the file manually, Synapse does not need to run as root as it only ever reads from the file. You should only need to edit it very rarely as well.

[progonkpa]

@erikjohnston Well, the automation completely works as a regular user, except on this matter the script requires root permissions.

It's not a disaster, just unfortunate.

[reivilibre]

We would probably accept a sensible PR that adds new optional environment variables, if that option appeals to you.

Alternatively, since you're trying to automate this, you could potentially generate the configuration file yourself with your own template and then mount it in to the container.

[richvdh]

I'm afraid we've taken a pretty hard line on more environment variables for the configuration - see #5518 (comment) for the background here. I'd resist calls to add env vars back in.

In short, if you're trying to automate generating a config file, then using the generate command is the wrong way to do so. As @reivilibre says the best bet is just to create your own config file from outside the container.

[progonkpa]

@richvdh Indeed, my solution was, config file templates with placeholders and substitute them with envsubst in a bash script. Works great.

[richvdh]

glad you've found a solution. Sounds like we can close this.