mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-10-20 12:46:16 +00:00
8005557061
Running with a user (like `matrix:matrix`) fails if Etherpad is enabled, because `/matrix/etherpad` is owned by `matrix_etherpad_user_uid`/`matrix_etherpad_user_gid` (`5001:5001`). The `matrix` user can't acccess the Etherpad directory for this reason and Borgmatic fails when trying to make a backup. There may be other things under `/matrix` which similarly use non-`matrix:matrix` permissions. Another workaround might have been to add `/matrix/etherpad` (and potentially other things) to `matrix_backup_borg_location_exclude_patterns`, but: - that means Etherpad won't be backed up - not great - only excluding Etherpad may not be enough. There may be other files we need to exclude as well --- Running with `root` is still not enough though. We need at least the `CAP_DAC_OVERRIDE` capability, or we won't be able to read the `/etc/borgmatic.d/config.yaml` configuration file (owned by `matrix:matrix` with `0640` permissions). --- Additionally, it seems like the backup process tries to write to at least a few directories: - `/root/.borgmatic` - `/root/.ssh` - `/root/.config` > [Errno 30] Read-only file system: '/root/.borgmatic' > Error while creating a backup. > /etc/borgmatic.d/config.yaml: Error running configuration file We either need to stop mounting the container filesystem as readonly (remove `--read-only`) or to allow writing via a `tmpfs`. I've gone the `tmpfs` route which seems to work. In any case, the mounted source directories (`matrix_backup_borg_location_source_directories`) are read-only regardless, so our actual source files are protected from unintentional changes. |
||
---|---|---|
.. | ||
matrix_playbook_migration/tasks | ||
matrix-aux | ||
matrix-backup-borg | ||
matrix-base | ||
matrix-bot-buscarron | ||
matrix-bot-go-neb | ||
matrix-bot-honoroit | ||
matrix-bot-matrix-registration-bot | ||
matrix-bot-matrix-reminder-bot | ||
matrix-bot-maubot | ||
matrix-bot-mjolnir | ||
matrix-bot-postmoogle | ||
matrix-bridge-appservice-discord | ||
matrix-bridge-appservice-irc | ||
matrix-bridge-appservice-kakaotalk | ||
matrix-bridge-appservice-slack | ||
matrix-bridge-appservice-webhooks | ||
matrix-bridge-beeper-linkedin | ||
matrix-bridge-go-skype-bridge | ||
matrix-bridge-heisenbridge | ||
matrix-bridge-hookshot | ||
matrix-bridge-mautrix-discord | ||
matrix-bridge-mautrix-facebook | ||
matrix-bridge-mautrix-googlechat | ||
matrix-bridge-mautrix-hangouts | ||
matrix-bridge-mautrix-instagram | ||
matrix-bridge-mautrix-signal | ||
matrix-bridge-mautrix-telegram | ||
matrix-bridge-mautrix-twitter | ||
matrix-bridge-mautrix-whatsapp | ||
matrix-bridge-mx-puppet-discord | ||
matrix-bridge-mx-puppet-groupme | ||
matrix-bridge-mx-puppet-instagram | ||
matrix-bridge-mx-puppet-slack | ||
matrix-bridge-mx-puppet-steam | ||
matrix-bridge-mx-puppet-twitter | ||
matrix-bridge-sms | ||
matrix-cactus-comments | ||
matrix-client-cinny | ||
matrix-client-element | ||
matrix-client-hydrogen | ||
matrix-common-after/tasks | ||
matrix-conduit | ||
matrix-corporal | ||
matrix-coturn | ||
matrix-dendrite | ||
matrix-dimension | ||
matrix-dynamic-dns | ||
matrix-email2matrix | ||
matrix-etherpad | ||
matrix-grafana | ||
matrix-jitsi | ||
matrix-ldap-registration-proxy | ||
matrix-ma1sd | ||
matrix-mailer | ||
matrix-nginx-proxy | ||
matrix-ntfy | ||
matrix-prometheus | ||
matrix-prometheus-node-exporter | ||
matrix-prometheus-postgres-exporter | ||
matrix-redis | ||
matrix-registration | ||
matrix-sygnal | ||
matrix-synapse | ||
matrix-synapse-admin | ||
matrix-synapse-reverse-proxy-companion | ||
matrix-user-creator |