matrix-docker-ansible-deploy/roles/custom
Slavi Pantaleev 8005557061 Give backup-borg container more permissions to perform the backup
Running with a user (like `matrix:matrix`) fails if Etherpad is enabled,
because `/matrix/etherpad` is owned by `matrix_etherpad_user_uid`/`matrix_etherpad_user_gid` (`5001:5001`).

The `matrix` user can't acccess the Etherpad directory for this reason
and Borgmatic fails when trying to make a backup.

There may be other things under `/matrix` which similarly use
non-`matrix:matrix` permissions.

Another workaround might have been to add `/matrix/etherpad` (and
potentially other things) to `matrix_backup_borg_location_exclude_patterns`, but:

- that means Etherpad won't be backed up - not great
- only excluding Etherpad may not be enough. There may be other files we
  need to exclude as well

---

Running with `root` is still not enough though.

We need at least the `CAP_DAC_OVERRIDE` capability, or we won't be able to read the
`/etc/borgmatic.d/config.yaml` configuration file (owned by
`matrix:matrix` with `0640` permissions).

---

Additionally, it seems like the backup process tries to write to at least a few directories:
- `/root/.borgmatic`
- `/root/.ssh`
- `/root/.config`

> [Errno 30] Read-only file system: '/root/.borgmatic'
> Error while creating a backup.
> /etc/borgmatic.d/config.yaml: Error running configuration file

We either need to stop mounting the container filesystem as readonly
(remove `--read-only`) or to allow writing via a `tmpfs`.

I've gone the `tmpfs` route which seems to work.

In any case, the mounted source directories (`matrix_backup_borg_location_source_directories`)
are read-only regardless, so our actual source files are protected from unintentional changes.
2022-12-05 15:42:57 +02:00
..
matrix_playbook_migration/tasks Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup 2022-11-30 11:01:19 +02:00
matrix-aux Add install-* tags for quicker runs 2022-11-25 16:02:51 +02:00
matrix-backup-borg Give backup-borg container more permissions to perform the backup 2022-12-05 15:42:57 +02:00
matrix-base /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew 2022-11-27 09:53:23 +02:00
matrix-bot-buscarron Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bot-go-neb Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bot-honoroit Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bot-matrix-registration-bot Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bot-matrix-reminder-bot Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bot-maubot Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bot-mjolnir Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bot-postmoogle Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-appservice-discord Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-appservice-irc Replace import_role calls with include_role calls 2022-11-27 11:27:01 +02:00
matrix-bridge-appservice-kakaotalk Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-appservice-slack Upgrade appservice-slack (2.0.1 -> 2.0.2) 2022-12-01 23:30:09 +02:00
matrix-bridge-appservice-webhooks Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-beeper-linkedin Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-go-skype-bridge Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-heisenbridge Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-hookshot Upgrade Hookshot (2.4.0 -> 2.5.0) 2022-12-02 19:15:04 +02:00
matrix-bridge-mautrix-discord Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mautrix-facebook Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mautrix-googlechat Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mautrix-hangouts Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mautrix-instagram Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-mautrix-signal Upgrade mautrix-signal (v0.4.1 -> v0.4.2) 2022-12-03 15:37:17 +02:00
matrix-bridge-mautrix-telegram Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mautrix-twitter Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-bridge-mautrix-whatsapp Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-discord Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-groupme Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-instagram Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-slack Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-steam Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-mx-puppet-twitter Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-bridge-sms Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-cactus-comments Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-client-cinny Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-client-element Fix Element self-building by switching to docker-buildx 2022-12-05 10:02:54 +02:00
matrix-client-hydrogen Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-common-after/tasks Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00
matrix-conduit Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-corporal Optimize uninstall tasks a bit 2022-11-25 17:28:57 +02:00
matrix-coturn Upgrade Coturn (4.6.0 -> 4.6.1) 2022-12-05 09:46:11 +02:00
matrix-dendrite update dendrite 2022-11-29 11:58:00 -05:00
matrix-dimension Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-dynamic-dns Upgrade ddclient (v3.10.0-ls105 -> v3.10.0-ls106) 2022-11-29 08:20:36 +02:00
matrix-email2matrix Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-etherpad Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-grafana Upgrade Grafana (9.3.0 -> 9.3.1) 2022-12-01 23:29:33 +02:00
matrix-jitsi Replace import_role calls with include_role calls 2022-11-27 11:27:01 +02:00
matrix-ldap-registration-proxy Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-ma1sd Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-mailer Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-nginx-proxy Upgrade Certbot (v1.31.0 -> v2.0.0) and switch to new default key type (ecdsa) 2022-11-28 09:24:25 +02:00
matrix-ntfy Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-prometheus Update prometheus 2.40.4 -> 2.40.5 2022-12-01 15:16:33 +00:00
matrix-prometheus-node-exporter Upgrade prometheus-node-exporter (v1.4.0 -> v1.5.0) 2022-11-30 08:32:29 +02:00
matrix-prometheus-postgres-exporter Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
matrix-redis Add install-* tags for quicker runs 2022-11-25 16:02:51 +02:00
matrix-registration Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
matrix-sygnal Optimize initial installation by not reloading systemd after each .service install 2022-11-27 10:02:45 +02:00
matrix-synapse Make use of matrix_synapse_ext_s3_storage_provider_data_path in a few more places 2022-12-04 10:17:55 +02:00
matrix-synapse-admin Optimize uninstall tasks a bit 2022-11-25 17:28:57 +02:00
matrix-synapse-reverse-proxy-companion Optimize uninstall tasks a bit 2022-11-25 17:28:57 +02:00
matrix-user-creator Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00