sync with previous repo

roles/matrix-postgres/templates/env-postgres-psql.j2

@@ -0,0 +1,4 @@
+#jinja2: lstrip_blocks: "True"
+PGUSER={{ matrix_postgres_connection_username }}
+PGPASSWORD={{ matrix_postgres_connection_password }}
+PGDATABASE={{ matrix_postgres_db_name }}

roles/matrix-postgres/templates/env-postgres-server.j2

@@ -0,0 +1,7 @@
+#jinja2: lstrip_blocks: "True"
+POSTGRES_USER={{ matrix_postgres_connection_username }}
+POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
+POSTGRES_DB={{ matrix_postgres_db_name }}
+# Synapse refuses to run if collation is not C.
+# See https://github.com/matrix-org/synapse/issues/6722
+POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8

roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2

@@ -0,0 +1,19 @@
+-- `CREATE USER` does not support `IF NOT EXISTS`, so we use this workaround to prevent an error and raise a notice instead.
+-- Seen here: https://stackoverflow.com/a/49858797
+DO $$
+BEGIN
+  CREATE USER "{{ additional_db.username }}";
+  EXCEPTION WHEN DUPLICATE_OBJECT THEN
+  RAISE NOTICE 'not creating user "{{ additional_db.username }}", since it already exists';
+END
+$$;
+
+-- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
+-- TODO - we should escape quotes in the password.
+ALTER ROLE "{{ additional_db.username }}" PASSWORD '{{ additional_db.password }}';
+
+-- This will generate an error on subsequent execution
+CREATE DATABASE "{{ additional_db.name }}" WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER "{{ additional_db.username }}";
+
+-- This is useful for changing the database owner subsequently
+ALTER DATABASE "{{ additional_db.name }}" OWNER TO "{{ additional_db.username }}";

roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2

@@ -0,0 +1,41 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Postgres server
+After=docker.service
+Requires=docker.service
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
+			--tmpfs=/run/postgresql:rw,noexec,nosuid,size=100m \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_postgres_container_postgres_bind_port %}
+			-p {{ matrix_postgres_container_postgres_bind_port }}:5432 \
+			{% endif %}
+			--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
+			--mount type=bind,src={{ matrix_postgres_data_path }},dst=/var/lib/postgresql/data \
+			--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
+			{% for arg in matrix_postgres_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_postgres_docker_image_to_use }} \
+			postgres {{ matrix_postgres_process_extra_arguments|join(' ') }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-postgres
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2

@@ -0,0 +1,19 @@
+#jinja2: lstrip_blocks: "True"
+#!/bin/bash
+
+if [ $# -ne 2 ]; then
+	echo "Usage: "$0" <username> <0/1>"
+	echo "Usage: 0 = non-admin"
+	echo "Usage: 1 = admin"
+	exit 1
+fi
+
+docker run \
+	-it \
+	--rm \
+	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+	--cap-drop=ALL \
+	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
+	--network {{ matrix_docker_network }} \
+	{{ matrix_postgres_docker_image_to_use }} \
+	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"

roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2

@@ -0,0 +1,13 @@
+#jinja2: lstrip_blocks: "True"
+#!/bin/bash
+
+docker run \
+	-it \
+	--rm \
+	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+	--cap-drop=ALL \
+	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
+	--network {{ matrix_docker_network }} \
+	{{ matrix_postgres_docker_image_to_use }} \
+	psql -h {{ matrix_postgres_connection_hostname }} \
+	"$@"

roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2

@@ -0,0 +1,16 @@
+#jinja2: lstrip_blocks: "True"
+#!/bin/bash
+
+if [ $# -ne 2 ]; then
+	echo "Usage: "$0" <username> <password_hash>"
+	exit 1
+fi
+
+docker run \
+	--rm \
+	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+	--cap-drop=ALL \
+	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
+	--network {{ matrix_docker_network }} \
+	{{ matrix_postgres_docker_image_to_use }} \
+	psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"