finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not hardcode sslmode=disable to Postgres connection strings - make it configurable

Browse Source 
This is backward-compatible with what we had before. We're not changing
the SSL mode - just making it configurable.

Most components are defaulting to `sslmode=disable`, while some
(`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all.

We're making sslmode configurable, because certain external Postgres
servers may be configured to require SSL encryption.
In such cases `sslmode=disable` does not work and needs to be changed to
`sslmode=require` or something else (`verify-ca`, `verify-full`, etc).
This commit is contained in:
Slavi Pantaleev
2023-08-22 19:38:11 +03:00
parent 21dbabb734
commit 6427397486
22 changed files with 50 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/custom/matrix-dendrite/defaults/main.yml
View File

@ -156,6 +156,7 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:
matrix_dendrite_database_hostname: ""
matrix_dendrite_database_user: "dendrite"
matrix_dendrite_database_password: "itsasecret"
matrix_dendrite_database_sslmode: disable
matrix_dendrite_federation_api_database: "dendrite_federationapi"
matrix_dendrite_key_server_database: "dendrite_keyserver"
matrix_dendrite_media_api_database: "dendrite_mediaapi"