Start appservice-irc as non-root
This commit is contained in:
parent
c9e2086f19
commit
f6de3fd668
@ -54,6 +54,8 @@
|
|||||||
- name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
|
- name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
|
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
-v {{ matrix_appservice_irc_base_path }}:/data:z
|
-v {{ matrix_appservice_irc_base_path }}:/data:z
|
||||||
{{ matrix_appservice_irc_docker_image }}
|
{{ matrix_appservice_irc_docker_image }}
|
||||||
node app.js
|
node app.js
|
||||||
@ -82,6 +84,15 @@
|
|||||||
{{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json }}
|
{{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json }}
|
||||||
when: "matrix_appservice_irc_enabled"
|
when: "matrix_appservice_irc_enabled"
|
||||||
|
|
||||||
|
- name: Ensure IRC configuration directory permissions are correct
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_appservice_irc_base_path }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
recurse: true
|
||||||
|
when: "matrix_appservice_irc_enabled"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Tasks related to getting rid of matrix-appservice-irc (if it was previously enabled)
|
# Tasks related to getting rid of matrix-appservice-irc (if it was previously enabled)
|
||||||
#
|
#
|
||||||
|
@ -11,7 +11,8 @@ ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
|
|||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
-e "UID={{ matrix_user_uid }}" -e "GID={{ matrix_user_gid }}" \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_appservice_irc_container_expose_client_server_api_port %}
|
{% if matrix_appservice_irc_container_expose_client_server_api_port %}
|
||||||
-p 127.0.0.1:9999:9999 \
|
-p 127.0.0.1:9999:9999 \
|
||||||
|
Loading…
Reference in New Issue
Block a user