Use config file for cleaner more secure usage

roles/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -13,6 +13,7 @@ matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matri
 
 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
 matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
+matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data"
 
 matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
 matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"

roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml

@@ -9,13 +9,14 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
+    - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
     - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
   when: "item.when|bool"
 
-- name: Ensure matrix-registration-bot environment variables file created
+- name: Ensure matrix-registration-bot configuration file created
   template:
-    src: "{{ role_path }}/templates/env.j2"
-    dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/env"
+    src: "{{ role_path }}/templates/config/config.yml.j2"
+    dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml"
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
     mode: 0640

roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2

@@ -0,0 +1,12 @@
+bot:
+  server: "{{ matrix_bot_matrix_registration_bot_bot_server }}"
+  username: "{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}"
+  access_token: "{{ matrix_bot_matrix_registration_bot_api_token }}"
+api:
+  # API endpoint of the registration tokens
+  base_url: '{{ matrix_bot_matrix_registration_bot_api_base_url }}'
+  # Access token of an administrator on the server
+  token: "{{ matrix_bot_matrix_registration_bot_matrix_admin_token }}"
+logging:
+  level: "{{ matrix_bot_matrix_registration_bot_logging_level }}"
+

roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2

@@ -19,6 +19,11 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \
 			--log-driver=none \
 			--cap-drop=ALL \
+			-e "CONFIG_PATH=/config/config.yml" \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--read-only \
+			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
+			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_bot_matrix_registration_bot_config_path }}/env \
 			{{ matrix_bot_matrix_registration_bot_docker_image }}