Use "password" for additional Postgres databases, not "pass"

Being more explicit sounds better.
This commit is contained in:
Slavi Pantaleev 2020-12-14 00:43:03 +02:00
parent 3a037a5993
commit 46a4034d3e
4 changed files with 19 additions and 19 deletions

View File

@ -894,77 +894,77 @@ matrix_postgres_additional_databases: |
([{
'name': 'matrix_appservice_discord',
'username': 'matrix_appservice_discord',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_discord.db.secret') | string,
}] if matrix_appservice_discord_enabled else [])
+ ([{
'name': 'matrix_appservice_slack',
'username': 'matrix_appservice_slack',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_slack.db.secret') | string,
}] if matrix_appservice_slack_enabled else [])
+ ([{
'name': 'matrix_appservice_irc',
'username': 'matrix_appservice_irc',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'app_irc.db.secret') | string,
}] if matrix_appservice_irc_enabled else [])
+ ([{
'name': 'mautrix_bridge_facebook',
'username': 'mautrix_bridge_facebook',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_facebook.db.secret') | string,
}] if matrix_mautrix_facebook_enabled else [])
+ ([{
'name': 'mautrix_bridge_hangouts',
'username': 'mautrix_bridge_hangouts',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_hangouts.db.secret') | string,
}] if matrix_mautrix_hangouts_enabled else [])
+ ([{
'name': 'mautrix_bridge_telegram',
'username': 'mautrix_bridge_telegram',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_telegram.db.secret') | string,
}] if matrix_mautrix_telegram_enabled else [])
+ ([{
'name': 'mautrix_bridge_whatsapp',
'username': 'mautrix_bridge_whatsapp',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mautrix_whatsapp.db.secret') | string,
}] if matrix_mautrix_whatsapp_enabled else [])
+ ([{
'name': 'matrix_bridge_sms',
'username': 'matrix_bridge_sms',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'bridge_sms.db.secret') | string,
}] if matrix_sms_bridge_enabled else [])
+ ([{
'name': 'matrix_puppet_skype',
'username': 'matrix_puppet_skype',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_skype.db.secret') | string,
}] if matrix_mx_puppet_skype_enabled else [])
+ ([{
'name': 'matrix_puppet_slack',
'username': 'matrix_puppet_slack',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_slack.db.secret') | string,
}] if matrix_mx_puppet_slack_enabled else [])
+ ([{
'name': 'matrix_puppet_twitter',
'username': 'matrix_puppet_twitter',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_twitter.db.secret') | string,
}] if matrix_mx_puppet_twitter_enabled else [])
+ ([{
'name': 'matrix_puppet_instagram',
'username': 'matrix_puppet_instagram',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_insta.db.secret') | string,
}] if matrix_mx_puppet_instagram_enabled else [])
+ ([{
'name': 'matrix_puppet_discord',
'username': 'matrix_puppet_discord',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_puppet.db.secret') | string,
}] if matrix_mx_puppet_discord_enabled else [])
+ ([{
'name': 'matrix_puppet_steam',
'username': 'matrix_puppet_steam',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mx_steam.db.secret') | string,
}] if matrix_mx_puppet_steam_enabled else [])
+ ([{
'name': 'matrix_dimension',
'username': 'matrix_dimension',
'pass': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string
'password': matrix_synapse_macaroon_secret_key | password_hash('sha512', 'dimension.db.secret') | string,
}] if matrix_dimension_enabled else [])
}}

View File

@ -37,8 +37,8 @@ matrix_postgres_container_postgres_bind_port: ""
# matrix_postgres_additional_databases:
# - name: matrix_appservice_discord
# username: matrix_appservice_discord
# pass: some_password
# password: some_password
# - name: matrix_appservice_slack
# username: matrix_appservice_slack
# pass: some_password
# password: some_password
matrix_postgres_additional_databases: []

View File

@ -6,7 +6,7 @@
fail:
msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}"
when: "item not in additional_db"
with_items: "{{ ['name', 'username', 'pass'] }}"
with_items: "{{ ['name', 'username', 'password'] }}"
# The SQL statements that we'll run against Postgres are stored in a file that others can't read.
# This file will be mounted into the container and fed to Postgres.

View File

@ -10,7 +10,7 @@ $$;
-- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
-- TODO - we should escape quotes in the password.
ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.pass }}';
ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';
-- This will generate an error on subsequent execution
CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};