Store maubot configuration separately from data

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894 Because the configuration file is now mounted as readonly and maubot tries to update it on start, we get this warning: > Failed to create tempfile to write updated config to disk: [Errno 30] Read-only file system: '/config/tmpfa8vcb3y.yaml' It doesn't seem to cause issues though. Because the configuration is no longer overwritten on every bot start, each next Ansible run should no longer overwrite it again and report a "changed" task.
2022-07-20 12:48:12 +03:00
parent d1649ff67b
commit 46ced6134c
2 changed files with 6 additions and 4 deletions
--- a/roles/matrix-bot-maubot/tasks/setup_install.yml
+++ b/roles/matrix-bot-maubot/tasks/setup_install.yml
@@ -9,6 +9,7 @@
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {path: "{{ matrix_bot_maubot_base_path }}", when: true}
+    - {path: "{{ matrix_bot_maubot_config_path }}", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true}
@@ -19,7 +20,7 @@
 - name: Ensure maubot configuration file created
  ansible.builtin.template:
    src: "{{ role_path }}/templates/config/config.yaml.j2"
-    dest: "{{ matrix_bot_maubot_data_path }}/config.yaml"
+    dest: "{{ matrix_bot_maubot_config_path }}/config.yaml"
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
    mode: "u=rwx"
--- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
+++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
@@ -21,16 +21,17 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--read-only \
 			--cap-drop=ALL \
-			-v {{ matrix_bot_maubot_data_path }}:/data:z \
+			--mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \
+			--mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \
 			{% for arg in matrix_bot_maubot_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			--network={{ matrix_docker_network }} \
-            {% if matrix_bot_maubot_management_interface_http_bind_port | bool %}
+            {% if matrix_bot_maubot_management_interface_http_bind_port %}
            -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:29316
            {% endif %}
 			{{ matrix_bot_maubot_docker_image }} \
- 			python3 -m maubot -c /data/config.yaml
+ 			python3 -m maubot -c /config/config.yaml

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true'