From 37e1aa126986aa295c6a77f79d2c8da8592c1172 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
Date: Wed, 31 Aug 2022 20:02:33 +0200
Subject: [PATCH] matrix: Start turnserver with User=root

Otherwise it can't open our letsencrypt certs. It will setuid to
`turnserver` itself.
---
 roles/matrix/files/turnserver.service.d | 2 ++
 roles/matrix/tasks/main.yml             | 5 +++++
 2 files changed, 7 insertions(+)
 create mode 100644 roles/matrix/files/turnserver.service.d

diff --git a/roles/matrix/files/turnserver.service.d b/roles/matrix/files/turnserver.service.d
new file mode 100644
index 000000000..a79dbb6e8
--- /dev/null
+++ b/roles/matrix/files/turnserver.service.d
@@ -0,0 +1,2 @@
+[Service]
+User=root
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 18445c9e3..291c69230 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -292,6 +292,11 @@
   notify:
     - Restart matrix-appservice-irc
 
+- name: Install turnserver unit snippet
+  copy: src=turnserver.service.d dest=/etc/systemd/system/turnserver.service.d/override.conf owner=root group=root mode=0644
+  notify:
+    - Restart turnserver
+
 - name: Enable synapse units
   service: name={{ item }} enabled=yes
   with_items:
-- 
GitLab