Prefer --mount instead of -v for mounting volumes

This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.

docs/howto-server-delegation.md

@@ -89,10 +89,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/
 If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:
 
 ```yaml
-matrix_nginx_proxy_container_additional_volumes:
-  - src: /some/path/on/the/host
-    dst: /some/path/inside/the/container
-    options: ro
+matrix_synapse_container_extra_arguments:
+  - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
 ```
 
 You then refer to them (for `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate` and `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key`) by using `/some/path/inside/the/container`.
@@ -118,10 +116,8 @@ Make sure to reload/restart your webserver once in a while, so that newer certif
 To do that, make sure the certificate files are mounted into the Synapse container:
 
 ```yaml
-matrix_synapse_container_additional_volumes:
-  - src: /some/path/on/the/host
-    dst: /some/path/inside/the/container
-    options: ro
+matrix_synapse_container_extra_arguments:
+  - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
 ```
 
 You can then tell Synapse to serve Federation traffic over TLS on `tcp/8448`:

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -61,9 +61,6 @@
     -l discord_bot
   when: "not appservice_discord_registration_file.stat.exists"
 
-- set_fact:
-    matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml'
-
 - name: Check if a matrix-appservice-discord invite_link file exists
   stat:
     path: "{{ matrix_appservice_discord_base_path }}/invite_link"
@@ -82,12 +79,12 @@
 
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes|default([]) }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }}
 
     matrix_synapse_app_service_config_files: >
       {{ matrix_synapse_app_service_config_files|default([]) }}
       +
-      {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json  }}
+      {{ ["/matrix-appservice-discord-registration.yaml"] }}

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -70,20 +70,17 @@
     -l irc_bot
   when: "not appservice_irc_registration_file.stat.exists"
 
-- set_fact:
-    matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml'
-
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes|default([]) }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
 
     matrix_synapse_app_service_config_files: >
       {{ matrix_synapse_app_service_config_files|default([]) }}
       +
-      {{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json  }}
+      {{ ["/matrix-appservice-irc-registration.yaml"] }}
 
 - name: Ensure IRC configuration directory permissions are correct
   file:

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -65,17 +65,14 @@
       python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
   when: "not mautrix_facebook_registration_file_stat.stat.exists"
 
-- set_fact:
-    matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
-
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes|default([]) }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_mautrix_facebook_base_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }}
 
     matrix_synapse_app_service_config_files: >
       {{ matrix_synapse_app_service_config_files|default([]) }}
       +
-      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json  }}
+      {{ ["/matrix-mautrix-facebook-registration.yaml"] }}

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -76,20 +76,17 @@
       python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
   when: "not mautrix_telegram_registration_file_stat.stat.exists"
 
-- set_fact:
-    matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
-
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes|default([]) }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_mautrix_telegram_base_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }}
 
     matrix_synapse_app_service_config_files: >
       {{ matrix_synapse_app_service_config_files|default([]) }}
       +
-      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json  }}
+      {{ ["/matrix-mautrix-telegram-registration.yaml"] }}
 
 - block:
   - name: Fail if matrix-nginx-proxy role already executed

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -65,17 +65,14 @@
       /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
   when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
 
-- set_fact:
-    matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
-
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes|default([]) }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
 
     matrix_synapse_app_service_config_files: >
       {{ matrix_synapse_app_service_config_files|default([]) }}
       +
-      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json  }}
+      {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}

roles/matrix-synapse/defaults/main.yml

@@ -170,6 +170,11 @@ matrix_synapse_federation_domain_whitelist: ~
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
+#
+# Note: internally, this uses the `-v` flag for mounting the specified volumes.
+# It's better (safer) to use the `--mount` flag for mounting volumes.
+# To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`.
+# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
 matrix_synapse_container_additional_volumes: []
 
 # A list of additional loggers to register in synapse.log.config.
@@ -179,7 +184,7 @@ matrix_synapse_additional_loggers: []
 
 # A list of appservice config files (in-container filesystem paths).
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
-# You may wish to use this together with `matrix_synapse_container_additional_volumes`.
+# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
 matrix_synapse_app_service_config_files: []
 
 # This is set dynamically during execution depending on whether

roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml

@@ -1,8 +1,6 @@
 - set_fact:
     matrix_synapse_password_providers_enabled: true
-  when: matrix_synapse_ext_password_provider_ldap_enabled|bool
 
-- set_fact:
     matrix_synapse_additional_loggers: >
       {{ matrix_synapse_additional_loggers }}
       +

roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -17,13 +17,11 @@
 - set_fact:
     matrix_synapse_password_providers_enabled: true
 
-- set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }}
 
-- set_fact:
     matrix_synapse_additional_loggers: >
       {{ matrix_synapse_additional_loggers }}
       +

roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -17,13 +17,11 @@
 - set_fact:
     matrix_synapse_password_providers_enabled: true
 
-- set_fact:
-    matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
       +
-      {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }}
+      {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }}
 
-- set_fact:
     matrix_synapse_additional_loggers: >
       {{ matrix_synapse_additional_loggers }}
       +