Merge branch 'master' into polychat-appservice

CHANGELOG.md

@@ -1,3 +1,59 @@
+# 2024-03-26
+
+## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis
+
+**TLDR**: if the playbook used installed Redis as a dependency for you before, it will now replace it with [KeyDB](https://docs.keydb.dev/) (a drop-in alternative) due to [Redis having changed its license](https://redis.com/blog/redis-adopts-dual-source-available-licensing/).
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now uses [KeyDB](https://docs.keydb.dev/) (a drop-in alternative for Redis), instead of [Redis](https://redis.io/).
+
+The playbook used to install Redis (and now installs KeyDB in its place) if services have a need for it ([enabling worker support for Synapse](docs/configuring-playbook-synapse.md#load-balancing-with-workers), [enabling Hookshot encryption](docs/configuring-playbook-bridge-hookshot.md#end-to-bridge-encryption), etc.) or if you explicitly enabled the service (`redis_enabled: true` or `keydb_enabled: true`).
+
+This change is provoked by the fact that [Redis is now "source available"](https://redis.com/blog/redis-adopts-dual-source-available-licensing/). According to the Limitations of [the new license](https://redis.com/legal/rsalv2-agreement/) (as best as we understand them, given that we're not lawyers), using Redis in the playbook (even in a commercial FOSS service like [etke.cc](https://etke.cc/)) does not violate the new Redis license. That said, we'd rather neither risk it, nor endorse shady licenses and products that pretend to be free-software. Another high-quality alternative to Redis seems to be [Dragonfly](https://www.dragonflydb.io/), but the [Dragonfly license](https://github.com/dragonflydb/dragonfly?tab=License-1-ov-file#readme) is no better than Redis's.
+
+Next time your run the playbook (via the `setup-all` tag), **Redis will be automatically uninstalled and replaced with KeyDB**. Some Synapse downtime may occur while the switch happens.
+
+Users on `arm32` should be aware that there's **neither a prebuilt `arm32` container image for KeyDB**, nor the KeyDB role supports self-building yet. Users on this architecture likely don't run Synapse with workers, etc., so they're likely in no need of KeyDB (or Redis). If Redis is necessary in an `arm32` deployment, disabling KeyDB and making the playbook fall back to Redis is possible (see below).
+
+**The playbook still supports Redis** and you can keep using Redis (for now) if you'd like, by adding this additional configuration to your `vars.yml` file:
+
+```yml
+# Explicitly disable KeyDB, which will auto-enable Redis
+# if the playbook requires it as a dependency for its operation.
+keydb_enabled: false
+```
+
+
+
+# 2024-03-24
+
+## Initial work on IPv6 support
+
+Thanks to [Tilo Spannagel](https://github.com/tilosp), the playbook can now enable IPv6 for container networks for various components (roles) via [the `devture_systemd_docker_base_ipv6_enabled` variable](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L14-L31).
+
+It should be noted that:
+
+- Matrix roles (`roles/custom/matrix-*`) respect this variable, but external roles (those defined in `requirements.yml` and installed via `just roles`) do not respect it yet. Additional work is necessary
+- changing the variable subsequently may not change existing container networks. Refer to [these instructions](https://github.com/devture/com.devture.ansible.role.systemd_docker_base/blob/c11a526bb8e318b42eb52055056377bb31154f13/defaults/main.yml#L26-L30)
+- this is all very new and untested
+
+## Pantalaimon support
+
+Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install the [Pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you. It's already possible to integrate it with [Draupnir](docs/configuring-playbook-bot-draupnir.md) to allow it to work in E2EE rooms - see our Draupnir docs for details.
+
+See our [Setting up Pantalaimon](docs/configuring-playbook-pantalaimon.md) documentation to get started.
+
+
+# 2024-03-05
+
+## Support for Draupnir-for-all
+
+Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) (aka multi-instance Draupnir running in appservice mode).
+
+This is an alternative to [running Draupnir in bot mode](./docs/configuring-playbook-bot-draupnir.md), which is still supported by the playbook.
+
+The documentation page for [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) contains more information on how to install it.
+
+
 # 2024-02-19
 
 ## Support for bridging to Facebook/Messenger via the new mautrix-meta bridge

README.md

@@ -172,6 +172,7 @@ Various services that don't fit any other category.
 | [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) |
 | [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) |
 | [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) |
+| [Pantalaimon](https://github.com/matrix-org/pantalaimon) | x | An E2EE aware proxy daemon | [Link](docs/configuring-playbook-pantalaimon.md) |
 
 
 ## Installation

docs/configuring-playbook-appservice-draupnir-for-all.md

@@ -0,0 +1,100 @@
+# Setting up Draupnir for All/D4A (optional)
+
+The playbook can install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool for you in appservice mode.
+
+Appservice mode can be used together with the regular [Draupnir bot](configuring-playbook-bot-draupnir.md) or independently. Details about the differences between the 2 modes are described below.
+
+
+## Draupnir Appservice mode compared to Draupnir bot mode
+
+The administrative functions for managing the appservice are alpha quality and very limited. However, the experience of using an appservice-provisioned Draupnir is on par with the experience of using Draupnir from bot mode except in the case of avatar customisation as described later on in this document.
+
+Draupnir for all is the way to go if you need more than 1 Draupnir instance, but you don't need access to Synapse Admin features as they are not accessible through Draupnir for All (Even though the commands do show up in help).
+
+Draupnir for all in the playbook is rate-limit-exempt automatically as its appservice configuration file does not specify any rate limits.
+
+Normal Draupnir does come with the benefit of access to Synapse Admin features. You are also able to more easily customise your normal Draupnir than D4A as D4A even on the branch with the Avatar command (To be Upstreamed to Mainline Draupnir) that command is clunky as it requires the use of things like Element devtools. In normal draupnir this is a quick operation where you login to Draupnir with a normal client and set Avatar and Display name normally.
+
+Draupnir for all does not support external tooling like [MRU](https://mru.rory.gay) as it can't access Draupnir's user account.
+
+
+## Installation
+
+### 1. Create a main management room.
+
+The playbook does not create a management room for your Main Draupnir. This task you have to do on your own.
+
+The management room has to be given an alias and be public when you are setting up the bot for the first time as the bot does not differentiate between invites
+and invites to the management room.
+
+This management room is used to control who has access to your D4A deployment. The room stores this data inside of the control room state so your bot must have sufficient powerlevel to send custom state events. This is default 50 or moderator as Element calls this powerlevel.
+
+As noted in the Draupnir install instructions the control room is sensitive. The following is said about the control room in the Draupnir install instructions.
+>Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
+
+### 2. Give your main management room an alias.
+
+Give the room from step 1 an alias. This alias can be anything you want and its recommended for increased security during the setup phase of the bot that you make this alias be a random string. You can give your room a secondary human readable alias when it has been locked down after setup phase.
+
+### 3. Adjusting the playbook configuration.
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
+
+You must replace `ALIAS_FROM_STEP_2_GOES_HERE` with the alias you created in step 2.
+
+```yaml
+matrix_appservice_draupnir_for_all_enabled: true
+
+matrix_appservice_draupnir_for_all_master_control_room_alias: "ALIAS_FROM_STEP_2_GOES_HERE"
+```
+
+### 4. Installing
+
+After configuring the playbook, run the [installation](installing.md) command:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:matrix-homeserver-domain` you have succesfully installed Draupnir for All and can now start using it.
+
+The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for allis almost identical to Draupnir bot mode.
+
+### 1. Granting Users the ability to use D4A
+
+Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
+
+The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))
+
+To allow users or whole homeservers you type /plain @draupnir-main:matrix-homeserver-domain allow `target` and target can be either a MXID or a wildcard like `@*:example.com` to allow all users on example.com to register. We use /plain to force the client to not attempt to mess with this command as it can break Wildcard commands especially.
+
+### 2. How to provision a D4A once you are allowed to.
+
+Open a DM with @draupnir-main:matrix-homeserver-domain and if using Element send a message into this DM to finalise creating it. The bot will reject this invite and you will shortly get invited to the Draupnir control room for your newly provisioned Draupnir. From here its just a normal Draupnir experience.
+
+Congratulations if you made it all the way here because you now have a fully working Draupnir for all deployment.
+
+### Configuration of D4A
+
+You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for more configuration documentation. Please note that the playbook ships a full copy of the example config that does transfer to provisioned draupnirs in the production-bots.yaml.j2 file in the template directory of the role.
+
+Please note that Config extension does not affect the appservices config as this config is not extensible in current Draupnir anyways. Config extension instead touches the config passed to the Draupnirs that your Appservice creates. So for example below makes all provisioned Draupnirs protect all joined rooms.
+
+You can configure additional options by adding the `matrix_appservice_draupnir_for_all_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
+
+For example to change draupnir's `protectAllJoinedRooms` option to `true` you would add the following to your `vars.yml` file.
+
+```yaml
+matrix_appservice_draupnir_for_all_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_appservice_draupnir_for_all_yaml`.
+  protectAllJoinedRooms: true
+```

docs/configuring-playbook-bot-draupnir.md

@@ -4,6 +4,9 @@ The playbook can install and configure the [draupnir](https://github.com/the-dra
 
 See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you.
 
+This documentation page is about installing Draupnir in bot mode. As an alternative, you can run a multi-instance Draupnir deployment by installing [Draupnir in appservice mode](./configuring-playbook-appservice-draupnir-for-all.md) (called Draupnir-for-all) instead.
+
+
 If your migrating from Mjolnir skip to step 5b.
 
 ## 1. Register the bot account
@@ -40,14 +43,57 @@ The following command works on semi up to date Windows 10 installs and All Windo
 
 ## 4. Create a management room
 
-Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
+Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room.
+
+If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below).
 
 Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`.
 
 Finally invite the `@bot.draupnir:DOMAIN` account you created earlier into the room.
 
 
-## 5a. Adjusting the playbook configuration
+## 5. Adjusting the playbook configuration
+
+Decide whether you want Draupnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Draupnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md).
+
+### 5a. Configuration with E2EE support
+
+When using Pantalaimon, Draupnir will log in to its bot account itself through Pantalaimon, so configure its username and password.
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
+
+```yaml
+# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md
+matrix_pantalaimon_enabled: true
+
+# Enable Draupnir
+matrix_bot_draupnir_enabled: true
+
+# Tell Draupnir to use Pantalaimon
+matrix_bot_draupnir_pantalaimon_use: true
+
+# User name and password for the bot. Required when using Pantalaimon.
+matrix_bot_draupnir_pantalaimon_username: "DRAUPNIR_USERNAME_FROM_STEP_1"
+matrix_bot_draupnir_pantalaimon_password: ### you should create a secure password for the bot account
+
+matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
+```
+
+The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Draupnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`:
+
+```yaml
+# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API).
+# Set this to the pantalaimon URL if you're using that.
+matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
+
+# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
+# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
+```
+
+### 5b. Configuration without E2EE support
+
+When NOT using Pantalaimon, Draupnir does not log in by itself and you must give it an access token for its bot account.
 
 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
 
@@ -61,7 +107,7 @@ matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE"
 matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
 ```
 
-## 5b. Migrating from Mjolnir (Only required if migrating.)
+### 5c. Migrating from Mjolnir (Only required if migrating.)
 
 Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable mjolnir if you're doing migration.
 That is all you need to do due to that Draupnir can complete migration on its own.

docs/configuring-playbook-bot-mjolnir.md

@@ -37,7 +37,9 @@ The following command works on semi up to date Windows 10 installs and All Windo
 
 ## 4. Create a management room
 
-Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
+Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room.
+
+If you make the management room encrypted (E2EE), then you MUST enable and use Pantalaimon (see below).
 
 Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`.
 
@@ -46,6 +48,47 @@ Finally invite the `@bot.mjolnir:DOMAIN` account you created earlier into the ro
 
 ## 5. Adjusting the playbook configuration
 
+Decide whether you want Mjolnir to be capable of operating in end-to-end encrypted (E2EE) rooms. This includes the management room and the moderated rooms. To support E2EE, Mjolnir needs to [use Pantalaimon](configuring-playbook-pantalaimon.md).
+
+### 5a. Configuration with E2EE support
+
+When using Pantalaimon, Mjolnir will log in to its bot account itself through Pantalaimon, so configure its username and password.
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
+
+```yaml
+# Enable Pantalaimon. See docs/configuring-playbook-pantalaimon.md
+matrix_pantalaimon_enabled: true
+
+# Enable Mjolnir
+matrix_bot_mjolnir_enabled: true
+
+# Tell Mjolnir to use Pantalaimon
+matrix_bot_mjolnir_pantalaimon_use: true
+
+# User name and password for the bot. Required when using Pantalaimon.
+matrix_bot_mjolnir_pantalaimon_username: "MJOLNIR_USERNAME_FROM_STEP_1"
+matrix_bot_mjolnir_pantalaimon_password: ### you should create a secure password for the bot account
+
+matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
+```
+
+The playbook's `group_vars` will configure other required settings. If using this role separately without the playbook, you also need to configure the two URLs that Mjolnir uses to reach the homeserver, one through Pantalaimon and one "raw". This example is taken from the playbook's `group_vars`:
+
+```yaml
+# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API).
+# Set this to the pantalaimon URL if you're using that.
+matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
+
+# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/),
+# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
+```
+
+### 5b. Configuration without E2EE support
+
+When NOT using Pantalaimon, Mjolnir does not log in by itself and you must give it an access token for its bot account.
+
 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
 
 You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values.

docs/configuring-playbook-bridge-mautrix-meta-instagram.md

@@ -56,7 +56,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin
 You may redefine `matrix_mautrix_meta_instagram_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_instagram_bridge_permissions_custom` like this:
 
 ```yaml
-matrix_mautrix_meta_instagram_bridge_permissions_custom: |
+matrix_mautrix_meta_instagram_bridge_permissions_custom:
   '@YOUR_USERNAME:YOUR_DOMAIN': admin
 ```
 

docs/configuring-playbook-bridge-mautrix-meta-messenger.md

@@ -9,9 +9,9 @@ This documentation page only deals with the bridge's ability to bridge to Facebo
 
 ## Migrating from the old mautrix-facebook bridge
 
-If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, you may wish to get rid of it first.
+If you've been using the [mautrix-facebook](./configuring-playbook-bridge-mautrix-facebook.md) bridge, it's possible to migrate the database using [instructions from the bridge documentation](https://docs.mau.fi/bridges/go/meta/facebook-migration.html) (advanced).
 
-To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`).
+Then you may wish to get rid of the Facebook bridge. To do so, send a `clean-rooms` command to the management room with the old bridge bot (`@facebookbot:YOUR_DOMAIN`).
 
 This would give you a list of portals and groups of portals you may purge. Proceed with sending commands like `clean recommended`, etc.
 
@@ -67,7 +67,7 @@ If you don't define the `matrix_admin` in your configuration (e.g. `matrix_admin
 You may redefine `matrix_mautrix_meta_messenger_bridge_permissions_default` any way you see fit, or add extra permissions using `matrix_mautrix_meta_messenger_bridge_permissions_custom` like this:
 
 ```yaml
-matrix_mautrix_meta_messenger_bridge_permissions_custom: |
+matrix_mautrix_meta_messenger_bridge_permissions_custom:
   '@YOUR_USERNAME:YOUR_DOMAIN': admin
 ```
 

docs/configuring-playbook-client-schildichat.md

@@ -2,7 +2,7 @@
 
 By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application.
 
-**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk!
+**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2024-02-26), SchildiChat is 22 releases behind (it being based on element-web `v1.11.36`, while element-web is now on `v1.11.58`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk!
 
 
 ## Enabling SchildiChat

docs/configuring-playbook-federation.md

@@ -54,7 +54,6 @@ matrix_synapse_reverse_proxy_companion_federation_api_enabled: false
 
 Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection.
 
-**NOTE**: this approach hasn't been tested with the new Traefik-only setup that the playbook started using in 2024-01. It may not work.
 
 The following changes in the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
 

docs/configuring-playbook-mautrix-bridges.md

@@ -40,16 +40,14 @@ Encryption support is off by default. If you would like to enable encryption, ad
 
 ```yaml
 matrix_bridges_encryption_enabled: true
+matrix_bridges_encryption_default: true
 ```
 
 **Alternatively**, for a specific bridge:
 
 ```yaml
-matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
-  bridge:
-    encryption:
-      allow: true
-      default: true
+matrix_mautrix_SERVICENAME_bridge_encryption_enabled: true
+matrix_mautrix_SERVICENAME_bridge_encryption_default: true
 ```
 
 ## relay mode

docs/configuring-playbook-pantalaimon.md

@@ -0,0 +1,21 @@
+# Setting up pantalaimon (optional)
+
+The playbook can install and configure the [pantalaimon](https://github.com/matrix-org/pantalaimon) E2EE aware proxy daemon for you.
+
+See the project's [documentation](https://github.com/matrix-org/pantalaimon) to learn what it does and why it might be useful to you.
+
+This role exposes Pantalaimon's API only within the container network, so bots and clients installed on the same machine can use it. In particular the [Draupnir](configuring-playbook-bot-draupnir.md) and [Mjolnir](configuring-playbook-bot-mjolnir.md) roles (and possibly others) can use it.
+
+## 1. Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
+
+```yaml
+matrix_pantalaimon_enabled: true
+```
+
+The default configuration should suffice. For advanced configuration, you can override the variables documented in the role's [defaults](../roles/custom/matrix-pantalaimon/defaults/main.yml).
+
+## 2. Installing
+
+After configuring the playbook, run the [installation](installing.md) command.

docs/configuring-playbook.md

@@ -105,7 +105,9 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)
 
-- [Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced)
+- [Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (optional, advanced)
+
+- [Setting up Pantalaimon (E2EE aware proxy daemon)](configuring-playbook-pantalaimon.md) (optional, advanced)
 
 
 ### Bridging other networks
@@ -195,6 +197,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Draupnir](configuring-playbook-bot-draupnir.md) - a moderation tool/bot, forked from Mjolnir and maintained by its former leader developer (optional)
 
+- [Setting up Draupnir for all](configuring-playbook-appservice-draupnir-for-all.md) - like the [Draupnir bot](configuring-playbook-bot-draupnir.md) mentioned above, but running in appservice mode and supporting multiple instances (optional)
+
 - [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional)
 
 

docs/self-building.md

@@ -40,6 +40,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `matrix-bot-matrix-reminder-bot`
 - `matrix-bot-maubot`
 - `matrix-email2matrix`
+- `matrix-pantalaimon`
 
 Adding self-building support to other roles is welcome. Feel free to contribute!
 

group_vars/matrix_servers

@@ -71,6 +71,8 @@ matrix_homeserver_container_extra_arguments_auto: |
   {{
     (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
     +
+    (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else [])
+    +
     (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
@@ -140,6 +142,8 @@ matrix_homeserver_app_service_config_files_auto: |
   {{
     (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
     +
+    (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else [])
+    +
     (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
     +
     (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
@@ -274,6 +278,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
     +
+    ([{'name': 'matrix-appservice-draupnir-for-all.service', 'priority': 4000, 'groups': ['matrix', 'bridges', 'draupnir-for-all', 'appservice-draupnir-for-all']}] if matrix_appservice_draupnir_for_all_enabled else [])
+    +
     ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
     +
     ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
@@ -402,6 +408,10 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else [])
     +
+    ([{'name': (keydb_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'keydb']}] if keydb_enabled else [])
+    +
+    ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
+    +
     ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration', 'matrix-registration']}] if matrix_registration_enabled else [])
     +
     ([{'name': 'matrix-sliding-sync.service', 'priority': 1500, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
@@ -473,6 +483,27 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d
 ######################################################################
 
 
+########################################################################
+#                                                                      #
+# geerlingguy/ansible-role-docker                                      #
+#                                                                      #
+########################################################################
+
+docker_daemon_options: |
+  {{
+    {
+      'experimental': devture_systemd_docker_base_ipv6_enabled,
+      'ip6tables': devture_systemd_docker_base_ipv6_enabled,
+    }
+  }}
+
+########################################################################
+#                                                                      #
+# /geerlingguy/ansible-role-docker                                     #
+#                                                                      #
+########################################################################
+
+
 ######################################################################
 #
 # matrix-base
@@ -1891,12 +1922,14 @@ matrix_hookshot_systemd_wanted_services_list: |
     matrix_addons_homeserver_systemd_services_list
     +
     ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
+    +
+    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
   }}
 
 # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
 # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
 # because connectivity is still potentially troublesome and is to be investigated.
-matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else '' }}"
+matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
 
 matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
 
@@ -1907,6 +1940,8 @@ matrix_hookshot_container_additional_networks_auto: |
       +
       ([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
       +
+      ([keydb_container_network] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
+      +
       ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
     ) | unique
   }}
@@ -2667,6 +2702,8 @@ matrix_bot_mjolnir_enabled: false
 matrix_bot_mjolnir_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
+    +
+    (['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else [])
   }}
 
 matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
@@ -2678,12 +2715,15 @@ matrix_bot_mjolnir_container_additional_networks_auto: |-
     ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
   }}
 
+matrix_bot_mjolnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_mjolnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
+matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
 ######################################################################
 #
 # /matrix-bot-mjolnir
 #
 ######################################################################
 
+
 ######################################################################
 #
 # matrix-bot-draupnir
@@ -2696,6 +2736,8 @@ matrix_bot_draupnir_enabled: false
 matrix_bot_draupnir_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
+    +
+    (['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else [])
   }}
 
 matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -2707,6 +2749,9 @@ matrix_bot_draupnir_container_additional_networks_auto: |-
     ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
   }}
 
+matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
+matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
+
 ######################################################################
 #
 # /matrix-bot-draupnir
@@ -2714,6 +2759,74 @@ matrix_bot_draupnir_container_additional_networks_auto: |-
 ######################################################################
 
 
+######################################################################
+#
+# matrix-appservice-draupnir-for-all
+#
+######################################################################
+
+# We don't enable bots by default.
+matrix_appservice_draupnir_for_all_enabled: false
+
+matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: |
+  {{
+    matrix_addons_homeserver_systemd_services_list
+    +
+    ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else [])
+  }}
+
+matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
+matrix_appservice_draupnir_for_all_container_network: "{{ matrix_addons_container_network }}"
+
+matrix_appservice_draupnir_for_all_container_additional_networks_auto: |-
+  {{
+    (
+      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+      +
+      ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != devture_postgres_container_network) else [])
+    ) | unique
+  }}
+
+matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}"
+matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_appservice_draupnir_for_all_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}"
+
+######################################################################
+#
+# /matrix-appservice-draupnir-for-all
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-pantalaimon
+#
+######################################################################
+
+matrix_pantalaimon_enabled: false
+
+matrix_pantalaimon_systemd_required_services_list_auto: |
+  {{
+    matrix_addons_homeserver_systemd_services_list
+  }}
+
+matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}"
+
+matrix_pantalaimon_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+
+matrix_pantalaimon_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
+
+######################################################################
+#
+# /matrix-pantalaimon
+#
+######################################################################
+
+
 ######################################################################
 #
 # etke/backup_borg
@@ -3599,6 +3712,12 @@ devture_postgres_managed_databases_auto: |
       'password': matrix_appservice_discord_database_password,
     }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else [])
     +
+    ([{
+      'name': matrix_appservice_draupnir_for_all_database_name,
+      'username': matrix_appservice_draupnir_for_all_database_username,
+      'password': matrix_appservice_draupnir_for_all_database_password,
+    }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else [])
+    +
     ([{
       'name': matrix_appservice_slack_database_name,
       'username': matrix_appservice_slack_database_username,
@@ -3901,7 +4020,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
 #
 ######################################################################
 
-redis_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
+redis_enabled: "{{ not keydb_enabled and (matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled)) }}"
 
 redis_identifier: matrix-redis
 
@@ -3912,7 +4031,37 @@ redis_base_path: "{{ matrix_base_data_path }}/redis"
 
 ######################################################################
 #
-# /etle/redis
+# /etke/redis
+#
+######################################################################
+
+######################################################################
+#
+# keydb
+#
+######################################################################
+
+keydb_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_experimental_encryption_enabled) }}"
+
+keydb_identifier: matrix-keydb
+
+keydb_uid: "{{ matrix_user_uid }}"
+keydb_gid: "{{ matrix_user_gid }}"
+
+keydb_base_path: "{{ matrix_base_data_path }}/keydb"
+
+keydb_arch: |-
+  {{
+    ({
+      'amd64': 'x86_64',
+      'arm32': 'arm32',
+      'arm64': 'arm64',
+    })[matrix_architecture]
+  }}
+
+######################################################################
+#
+# keydb
 #
 ######################################################################
 
@@ -3959,8 +4108,6 @@ matrix_client_element_enable_presence_by_hs_url: |
     else {matrix_client_element_default_hs_url: false}
   }}
 
-matrix_client_element_welcome_user_id: ~
-
 matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 
 ######################################################################
@@ -4072,8 +4219,6 @@ matrix_client_schildichat_enable_presence_by_hs_url: |
     else {matrix_client_schildichat_default_hs_url: false}
   }}
 
-matrix_client_schildichat_welcome_user_id: ~
-
 matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 
 ######################################################################
@@ -4123,6 +4268,8 @@ matrix_synapse_container_additional_networks_auto: |
       +
       ([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
       +
+      ([keydb_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
+      +
       ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
       +
       ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
@@ -4205,6 +4352,8 @@ matrix_synapse_systemd_required_services_list_auto: |
     +
     ([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
     +
+    ([keydb_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == keydb_identifier else [])
+    +
     (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
   }}
 
@@ -4216,9 +4365,9 @@ matrix_synapse_systemd_wanted_services_list_auto: |
   }}
 
 # Synapse workers (used for parallel load-scaling) need Redis for IPC.
-matrix_synapse_redis_enabled: "{{ redis_enabled }}"
-matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else '' }}"
-matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else '' }}"
+matrix_synapse_redis_enabled: "{{ redis_enabled or keydb_enabled }}"
+matrix_synapse_redis_host: "{{ redis_identifier if redis_enabled else (keydb_identifier if keydb_enabled else '') }}"
+matrix_synapse_redis_password: "{{ redis_connection_password if redis_enabled else (keydb_connection_password if keydb_enabled else '') }}"
 
 matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
 matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"

requirements.yml

@@ -4,7 +4,7 @@
   version: v1.0.0-3
   name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.7-1.8.6-0
+  version: v1.2.8-1.8.9-0
   name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
   version: v0.1.1-3
@@ -16,19 +16,22 @@
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v1.9.6-0
+  version: v2.0.1-2
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.97-r0-0-1
+  version: v4.97-r0-0-3
   name: exim_relay
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.3.1-2
+  version: v10.4.1-0
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v9258-0
+  version: v9364-1
   name: jitsi
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
+  version: v6.3.4-1
+  name: keydb
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
-  version: v2.8.0-1
+  version: v2.10.0-0
   name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: 201c939eed363de269a83ba29784fc3244846048
@@ -43,10 +46,10 @@
   version: v16.1-6
   name: postgres
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
-  version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5
+  version: 046004a8cb9946979b72ce81c2526c8033ea8067
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.50.0-0
+  version: v2.51.0-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
   version: v1.7.0-3
@@ -55,10 +58,10 @@
   version: v0.14.0-4
   name: prometheus_postgres_exporter
 - src: git+https://gitlab.com/etke.cc/roles/redis.git
-  version: v7.2.3-2
+  version: v7.2.4-0
   name: redis
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
-  version: v1.0.0-2
+  version: v1.1.0-0
   name: systemd_docker_base
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: v1.0.0-4
@@ -67,7 +70,7 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v2.11.0-0
+  version: v2.11.0-4
   name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
   version: v2.8.3-1

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -0,0 +1,103 @@
+---
+# A moderation tool for Matrix
+# Project source code URL: https://github.com/the-draupnir-project/Draupnir
+
+matrix_appservice_draupnir_for_all_enabled: true
+
+# renovate: datasource=docker depName=gnuxie/draupnir
+matrix_appservice_draupnir_for_all_version: "1.87.0"
+
+matrix_appservice_draupnir_for_all_container_image_self_build: false
+matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
+
+matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
+matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
+
+matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
+matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config"
+matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data"
+matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
+
+matrix_appservice_draupnir_for_all_container_network: ""
+
+matrix_appservice_draupnir_for_all_container_additional_networks: "{{ matrix_appservice_draupnir_for_all_container_additional_networks_auto + matrix_appservice_draupnir_for_all_container_additional_networks_custom }}"
+matrix_appservice_draupnir_for_all_container_additional_networks_auto: []
+matrix_appservice_draupnir_for_all_container_additional_networks_custom: []
+
+# A list of extra arguments to pass to the container
+matrix_appservice_draupnir_for_all_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-draupnir.service depends on
+matrix_appservice_draupnir_for_all_systemd_required_services_list: "{{ matrix_appservice_draupnir_for_all_systemd_required_services_list_default + matrix_appservice_draupnir_for_all_systemd_required_services_list_auto + matrix_appservice_draupnir_for_all_systemd_required_services_list_custom }}"
+matrix_appservice_draupnir_for_all_systemd_required_services_list_default: ['docker.service']
+matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: []
+matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: []
+
+# List of systemd services that matrix-bot-draupnir.service wants
+matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
+
+# The room ID where people can use the bot. The bot has no access controls, so
+# anyone in this room can use the bot - secure your room!
+# This should be a room alias - not a matrix.to URL.
+# Note: draupnir is fairly verbose - expect a lot of messages from it.
+# This room is diffrent for Appservice Mode compared to normal mode.
+# In Appservice mode it provides functions like user management.
+matrix_appservice_draupnir_for_all_master_control_room_alias: ""
+
+# Placeholder Remenant of the fact that Cat belived Master Control Room to be separated from Access Control Policy List.
+# The alias of the Policy list used to control who can provision a bot for them selfs.
+# This should be a room alias - not a matrix.to URL.
+# matrix_appservice_draupnir_for_all_management_policy_list_alias: ""
+
+matrix_appservice_draupnir_for_all_database_username: matrix_appservice_draupnir_for_all
+matrix_appservice_draupnir_for_all_database_password: 'some-passsword'
+matrix_appservice_draupnir_for_all_database_hostname: ''
+matrix_appservice_draupnir_for_all_database_port: 5432
+matrix_appservice_draupnir_for_all_database_name: matrix_appservice_draupnir_for_all
+matrix_appservice_draupnir_for_all_database_sslmode: disable
+
+matrix_appservice_draupnir_for_all_appservice_port: "9001"
+matrix_appservice_draupnir_for_all_appservice_url: 'http://matrix-appservice-draupnir-for-all'
+
+matrix_appservice_draupnir_for_all_database_connection_string: 'postgresql://{{ matrix_appservice_draupnir_for_all_database_username }}:{{ matrix_appservice_draupnir_for_all_database_password }}@{{ matrix_appservice_draupnir_for_all_database_hostname }}:{{ matrix_appservice_draupnir_for_all_database_port }}/{{ matrix_appservice_draupnir_for_all_database_name }}?sslmode={{ matrix_appservice_draupnir_for_all_database_sslmode }}'
+
+matrix_appservice_draupnir_for_all_user_prefix: "draupnir_"
+
+matrix_appservice_draupnir_for_all_registration_yaml: |
+  id: "draupnir-for-all"
+  as_token: "{{ matrix_appservice_draupnir_for_all_appservice_token }}"
+  hs_token: "{{ matrix_appservice_draupnir_for_all_homeserver_token }}"
+  url: "{{ matrix_appservice_draupnir_for_all_appservice_url }}:{{ matrix_appservice_draupnir_for_all_appservice_port }}"
+  sender_localpart: draupnir-main
+  namespaces:
+    users:
+    - exclusive: true
+      regex: '@{{ matrix_appservice_draupnir_for_all_user_prefix }}*'
+  rate_limited: false
+
+matrix_appservice_draupnir_for_all_registration: "{{ matrix_appservice_draupnir_for_all_registration_yaml | from_yaml }}"
+matrix_appservice_draupnir_for_all_configuration_appservice: "{{ lookup('template', 'templates/production-appservice.yaml.j2') | from_yaml }}"
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_appservice_draupnir_for_all_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+
+matrix_appservice_draupnir_for_all_configuration_yaml: "{{ lookup('template', 'templates/production-bots.yaml.j2') }}"
+
+matrix_appservice_draupnir_for_all_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_appservice_draupnir_for_all_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_appservice_draupnir_for_all_configuration_yaml`.
+
+matrix_appservice_draupnir_for_all_configuration_extension: "{{ matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml if matrix_appservice_draupnir_for_all_configuration_extension_yaml | from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_appservice_draupnir_for_all_configuration_yaml`.
+matrix_appservice_draupnir_for_all_configuration: "{{ matrix_appservice_draupnir_for_all_configuration_yaml | from_yaml | combine(matrix_appservice_draupnir_for_all_configuration_extension, recursive=True) }}"

roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- tags:
+    - setup-all
+    - setup-appservice-draupnir-for-all
+    - install-all
+    - install-appservice-draupnir-for-all
+  block:
+    - when: matrix_appservice_draupnir_for_all_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_appservice_draupnir_for_all_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-appservice-draupnir-for-all
+  block:
+    - when: not matrix_appservice_draupnir_for_all_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml

@@ -0,0 +1,96 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_appservice_draupnir_for_all_requires_restart: false
+
+- name: Ensure matrix-appservice-draupnir-for-all paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true}
+    - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true}
+    - {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true}
+    - {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
+  when: "item.when | bool"
+
+- name: Ensure draupnir Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}"
+  when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure draupnir repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
+    version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
+  register: matrix_appservice_draupnir_for_all_git_pull_results
+  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
+
+- name: Ensure draupnir Docker image is built
+  community.docker.docker_image:
+    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
+    source: build
+    force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
+      pull: true
+  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
+
+- name: Ensure matrix-appservice-draupnir-for-all appservice config installed
+  ansible.builtin.copy:
+    content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-draupnir-for-all bot config installed
+  ansible.builtin.copy:
+    content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed
+  ansible.builtin.copy:
+    content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-appservice-draupnir-for-all container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_appservice_draupnir_for_all_container_network }}"
+    driver: bridge
+
+- name: Ensure matrix-appservice-draupnir-for-all.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-appservice-draupnir-for-all.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service"
+    mode: 0644
+  register: matrix_appservice_draupnir_for_all_systemd_service_result
+
+- name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary
+  ansible.builtin.service:
+    name: "matrix-appservice-draupnir-for-all.service"
+    state: restarted
+    daemon_reload: true
+  when: "matrix_appservice_draupnir_for_all_requires_restart | bool"

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-appservice-draupnir-for-all service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service"
+  register: matrix_bot_draupnir_service_stat
+
+- when: matrix_bot_draupnir_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-appservice-draupnir-for-all is stopped
+      ansible.builtin.service:
+        name: matrix-appservice-draupnir-for-all
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-appservice-draupnir-for-all.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service"
+        state: absent
+
+    - name: Ensure matrix-appservice-draupnir-for-all paths don't exist
+      ansible.builtin.file:
+        path: "{{ matrix_bot_draupnir_base_path }}"
+        state: absent

roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Fail if required matrix-bot-draupnir variables are undefined
+  ansible.builtin.fail:
+    msg: "The `{{ item }}` variable must be defined and have a non-null value."
+  with_items:
+    - "matrix_appservice_draupnir_for_all_master_control_room_alias"
+    - "matrix_bot_draupnir_container_network"
+  when: "vars[item] == '' or vars[item] is none"

roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2

@@ -0,0 +1,18 @@
+homeserver:
+  # The Matrix server name, this will be the name of the server in your matrix id.
+  domain: "{{ matrix_domain }}"
+  # The url for the appservice to call the client server API from.
+  url: "{{ matrix_homeserver_url }}"
+
+# Database configuration for storing which Mjolnirs have been provisioned.
+db:
+  engine: "postgres"
+  connectionString: "{{ matrix_appservice_draupnir_for_all_database_connection_string }}"
+
+# A room you have created that scopes who can access the appservice.
+# See docs/access_control.md
+adminRoom: "{{ matrix_appservice_draupnir_for_all_master_control_room_alias }}"
+
+# This is a web api that the widget connects to in order to interact with the appservice.
+webAPI:
+  port: 9000

roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2

@@ -0,0 +1,83 @@
+# The log level of terminal (or container) output,
+# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
+#
+# This should be at INFO or DEBUG in order to get support for Draupnir problems.
+logLevel: "INFO"
+
+# Whether or not Draupnir should synchronize policy lists immediately after startup.
+# Equivalent to running '!draupnir sync'.
+syncOnStartup: true
+
+# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
+# Equivalent to running `!draupnir verify`.
+verifyPermissionsOnStartup: true
+
+# Whether Draupnir should check member lists quicker (by using a different endpoint),
+# keep in mind that enabling this will miss invited (but not joined) users.
+#
+# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
+fasterMembershipChecks: false
+
+# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
+#
+# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
+# it will also remove the user's messages automatically.
+#
+# Typically this is useful to avoid having to give two commands to the bot.
+# Advanced: Use asterisks to have the reason match using "globs"
+# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").
+#
+# See here for more info: https://www.digitalocean.com/community/tools/glob
+# Note: Keep in mind that glob is NOT regex!
+automaticallyRedactForReasons:
+  - "spam"
+  - "advertising"
+
+# Whether or not to add all joined rooms to the "protected rooms" list
+# (excluding the management room and watched policy list rooms, see below).
+#
+# Note that this effectively makes the protectedRooms and associated commands useless
+# for regular rooms.
+#
+# Note: the management room is *excluded* from this condition.
+# Explicitly add it as a protected room to protect it.
+#
+# Note: Ban list rooms the bot is watching but didn't create will not be protected.
+# Explicitly add these rooms as a protected room list if you want them protected.
+protectAllJoinedRooms: false
+
+# Increase this delay to have Draupnir wait longer between two consecutive backgrounded
+# operations. The total duration of operations will be longer, but the homeserver won't
+# be affected as much. Conversely, decrease this delay to have Draupnir chain operations
+# faster. The total duration of operations will generally be shorter, but the performance
+# of the homeserver may be more impacted.
+backgroundDelayMS: 500
+
+# Misc options for command handling and commands
+commands:
+  # Whether or not the `!draupnir` prefix is necessary to submit commands.
+  #
+  # If `true`, will allow commands like `!ban`, `!help`, etc.
+  #
+  # Note: Draupnir can also be pinged by display name instead of having to use
+  # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
+  # will address only my_moderator_bot.
+  allowNoPrefix: false
+
+  # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
+  additionalPrefixes:
+    - "draupnir-bot"
+    - "draupnir_bot"
+    - "draupnir"
+
+  # Whether or not commands with a wildcard (*) will require an additional `--force` argument
+  # in the command to be able to be submitted.
+  confirmWildcardBan: true
+
+  # The default reasons to be prompted with if the reason is missing from a ban command.
+  ban:
+    defaultReasons: 
+      - "spam"
+      - "brigading"
+      - "harassment"
+      - "disagreement"

roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2

@@ -0,0 +1,48 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Draupnir for All appservice
+{% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_appservice_draupnir_for_all_systemd_required_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-appservice-draupnir-for-all \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_appservice_draupnir_for_all_container_network }} \
+			--mount type=bind,src={{ matrix_appservice_draupnir_for_all_config_path }},dst=/data/config,ro \
+			--mount type=bind,src={{ matrix_appservice_draupnir_for_all_data_path }},dst=/data \
+			{% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_appservice_draupnir_for_all_docker_image }} \
+			appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml
+
+{% for network in matrix_appservice_draupnir_for_all_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-appservice-draupnir-for-all
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-draupnir-for-all
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-appservice-draupnir-for-all
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-base/defaults/main.yml

@@ -16,6 +16,9 @@ matrix_admin: ''
 # Global var to enable/disable encryption across all bridges with encryption support
 matrix_bridges_encryption_enabled: false
 
+# Global var to make encryption default/optional across all bridges with encryption support
+matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"
+
 # Global var to enable/disable relay mode across all bridges with relay mode support
 matrix_bridges_relay_enabled: false
 

roles/custom/matrix-bot-buscarron/tasks/setup_install.yml

@@ -94,6 +94,7 @@
 
 - name: Ensure buscarron container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_buscarron_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-chatgpt/tasks/install.yml

@@ -58,6 +58,7 @@
 
 - name: Ensure chatgpt container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_chatgpt_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -5,7 +5,7 @@
 matrix_bot_draupnir_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v1.86.2"
+matrix_bot_draupnir_version: "v1.87.0"
 
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -37,15 +37,34 @@ matrix_bot_draupnir_systemd_required_services_list_custom: []
 # List of systemd services that matrix-bot-draupnir.service wants
 matrix_bot_draupnir_systemd_wanted_services_list: []
 
-# The access token for the bot user
+# Whether Draupnir should talk to the homeserver through Pantalaimon
+# If true, then other variables must be provided including pointing
+# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL.
+matrix_bot_draupnir_pantalaimon_use: false
+
+# The access token for the bot user. Required when NOT using Pantalaimon.
+# (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.)
 matrix_bot_draupnir_access_token: ""
 
+# User name and password for the bot. Required when using Pantalaimon.
+# (Otherwise provide `matrix_bot_draupnir_access_token` instead.)
+matrix_bot_draupnir_pantalaimon_username: ""
+matrix_bot_draupnir_pantalaimon_password: ""
+
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
-# Note: draupnir is fairly verbose - expect a lot of messages from it.
+# Note: Draupnir is fairly verbose - expect a lot of messages from it.
 matrix_bot_draupnir_management_room: ""
 
+# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API).
+# Set this to the pantalaimon URL if you're using that.
+matrix_bot_draupnir_homeserver_url: ""
+
+# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
+# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+matrix_bot_draupnir_raw_homeserver_url: ""
+
 # Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot.
 # This setting is described the following way in the Configuration.
 #

roles/custom/matrix-bot-draupnir/tasks/setup_install.yml

@@ -61,6 +61,7 @@
 
 - name: Ensure matrix-bot-draupnir container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_draupnir_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-draupnir/tasks/validate_config.yml

@@ -2,9 +2,20 @@
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
   ansible.builtin.fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value."
+    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
   with_items:
-    - "matrix_bot_draupnir_access_token"
-    - "matrix_bot_draupnir_management_room"
-    - "matrix_bot_draupnir_container_network"
-  when: "vars[item] == '' or vars[item] is none"
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_management_room', when: true}
+    - {'name': 'matrix_bot_draupnir_container_network', when: true}
+    - {'name': 'matrix_bot_draupnir_homeserver_url', when: true}
+    - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true}
+    - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+  when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
+
+- name: Fail if inappropriate variables are defined
+  ansible.builtin.fail:
+    msg: "The `{{ item.name }}` variable must be undefined or have a null value."
+  with_items:
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+  when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -1,32 +1,34 @@
 # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
 # set this to the pantalaimon URL if you're using that.
-homeserverUrl: "{{ matrix_homeserver_url }}"
+homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
 
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
 # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-rawHomeserverUrl: "{{ matrix_homeserver_url }}"
+rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}
 
 # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
-accessToken: "{{ matrix_bot_draupnir_access_token }}"
+accessToken: {{ matrix_bot_draupnir_access_token | to_json }}
 
+{% if matrix_bot_draupnir_pantalaimon_use %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
-#pantalaimon:
-#  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
-#  # set to `true` if you're using pantalaimon.
-#  #
-#  # Be sure to point homeserverUrl to the pantalaimon instance.
-#  #
-#  # Draupnir will log in using the given username and password once,
-#  # then store the resulting access token in a file under dataPath.
-#  use: false
-#
-#  # The username to login with.
-#  username: draupnir
-#
-#  # The password Draupnir will login with.
-#  #
-#  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
-#  password: your_password
+pantalaimon:
+  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
+  # set to `true` if you're using pantalaimon.
+  #
+  # Be sure to point homeserverUrl to the pantalaimon instance.
+  #
+  # Draupnir will log in using the given username and password once,
+  # then store the resulting access token in a file under dataPath.
+  use: true
+
+  # The username to login with.
+  username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }}
+
+  # The password Draupnir will login with.
+  #
+  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
+  password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }}
+{% endif %}
 
 # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
@@ -49,7 +51,7 @@ recordIgnoredInvites: false
 #
 # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
 # (see verboseLogging to adjust this a bit.)
-managementRoom: "{{ matrix_bot_draupnir_management_room }}"
+managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}
 
 # Deprecated and will be removed in a future version.
 # Running with verboseLogging is unsupported.
@@ -77,7 +79,7 @@ noop: false
 
 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
-disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}"
+disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}
 
 # Whether Draupnir should check member lists quicker (by using a different endpoint),
 # keep in mind that enabling this will miss invited (but not joined) users.
@@ -161,7 +163,7 @@ commands:
 
   # The default reasons to be prompted with if the reason is missing from a ban command.
   ban:
-    defaultReasons: 
+    defaultReasons:
       - "spam"
       - "brigading"
       - "harassment"

roles/custom/matrix-bot-go-neb/tasks/install.yml

@@ -45,6 +45,7 @@
 
 - name: Ensure go-neb container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_go_neb_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-honoroit/tasks/setup_install.yml

@@ -111,6 +111,7 @@
 
 - name: Ensure honoroit container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_honoroit_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml

@@ -58,6 +58,7 @@
 
 - name: Ensure matrix-registration-bot container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_matrix_registration_bot_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml

@@ -86,6 +86,7 @@
 
 - name: Ensure matrix-reminder-bot container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_matrix_reminder_bot_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-maubot/tasks/setup_install.yml

@@ -72,6 +72,7 @@
 
 - name: Ensure maubot container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_maubot_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-mjolnir/defaults/main.yml

@@ -37,15 +37,34 @@ matrix_bot_mjolnir_systemd_required_services_list_custom: []
 # List of systemd services that matrix-bot-mjolnir.service wants
 matrix_bot_mjolnir_systemd_wanted_services_list: []
 
-# The access token for the bot user
+# Whether Mjolnir should talk to the homeserver through Pantalaimon
+# If true, then other variables must be provided including pointing
+# `matrix_bot_mjolnir_homeserver_url` to the Pantalaimon URL.
+matrix_bot_mjolnir_pantalaimon_use: false
+
+# The access token for the bot user. Required when NOT using Pantalaimon.
+# (Otherwise provide `matrix_bot_mjolnir_pantalaimon_username` and `matrix_bot_mjolnir_pantalaimon_password` instead.)
 matrix_bot_mjolnir_access_token: ""
 
+# User name and password for the bot. Required when using Pantalaimon.
+# (Otherwise provide `matrix_bot_mjolnir_access_token` instead.)
+matrix_bot_mjolnir_pantalaimon_username: ""
+matrix_bot_mjolnir_pantalaimon_password: ""
+
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
 # Note: Mjolnir is fairly verbose - expect a lot of messages from it.
 matrix_bot_mjolnir_management_room: ""
 
+# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API).
+# Set this to the pantalaimon URL if you're using that.
+matrix_bot_mjolnir_homeserver_url: ""
+
+# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/),
+# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+matrix_bot_mjolnir_raw_homeserver_url: ""
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml

@@ -61,6 +61,7 @@
 
 - name: Ensure matrix-bot-mjolnir container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_mjolnir_container_network }}"
     driver: bridge
 

roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml

@@ -1,9 +1,21 @@
 ---
 
-- name: Fail if required variables are undefined
+- name: Fail if required matrix-bot-mjolnir variables are undefined
   ansible.builtin.fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value."
+    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
   with_items:
-    - "matrix_bot_mjolnir_access_token"
-    - "matrix_bot_mjolnir_management_room"
-  when: "vars[item] == '' or vars[item] is none"
+    - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ not matrix_bot_mjolnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_mjolnir_management_room', when: true}
+    - {'name': 'matrix_bot_mjolnir_container_network', when: true}
+    - {'name': 'matrix_bot_mjolnir_homeserver_url', when: true}
+    - {'name': 'matrix_bot_mjolnir_raw_homeserver_url', when: true}
+    - {'name': 'matrix_bot_mjolnir_pantalaimon_username', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_mjolnir_pantalaimon_password', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
+  when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
+
+- name: Fail if inappropriate variables are defined
+  ansible.builtin.fail:
+    msg: "The `{{ item.name }}` variable must be undefined or have a null value."
+  with_items:
+    - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
+  when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"

roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2

@@ -1,32 +1,34 @@
 # Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API),
 # set this to the pantalaimon URL if you're using that.
-homeserverUrl: "{{ matrix_homeserver_url }}"
+homeserverUrl: {{ matrix_bot_mjolnir_homeserver_url | to_json }}
 
 # Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/),
 # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-rawHomeserverUrl: "{{ matrix_homeserver_url }}"
+rawHomeserverUrl: {{ matrix_bot_mjolnir_raw_homeserver_url | to_json }}
 
 # Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false.
-accessToken: "{{ matrix_bot_mjolnir_access_token }}"
+accessToken: {{ matrix_bot_mjolnir_access_token | to_json }}
 
+{% if matrix_bot_mjolnir_pantalaimon_use %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
-#pantalaimon:
-#  # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver,
-#  # set to `true` if you're using pantalaimon.
-#  #
-#  # Be sure to point homeserverUrl to the pantalaimon instance.
-#  #
-#  # Mjolnir will log in using the given username and password once,
-#  # then store the resulting access token in a file under dataPath.
-#  use: false
-#
-#  # The username to login with.
-#  username: mjolnir
-#
-#  # The password Mjolnir will login with.
-#  #
-#  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
-#  password: your_password
+pantalaimon:
+  # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver,
+  # set to `true` if you're using pantalaimon.
+  #
+  # Be sure to point homeserverUrl to the pantalaimon instance.
+  #
+  # Mjolnir will log in using the given username and password once,
+  # then store the resulting access token in a file under dataPath.
+  use: true
+
+  # The username to login with.
+  username: {{ matrix_bot_mjolnir_pantalaimon_username | to_json }}
+
+  # The password Mjolnir will login with.
+  #
+  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
+  password: {{ matrix_bot_mjolnir_pantalaimon_password | to_json }}
+{% endif %}
 
 # The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
@@ -49,7 +51,7 @@ recordIgnoredInvites: false
 #
 # Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room.
 # (see verboseLogging to adjust this a bit.)
-managementRoom: "{{ matrix_bot_mjolnir_management_room }}"
+managementRoom: {{ matrix_bot_mjolnir_management_room | to_json }}
 
 # Whether Mjolnir should log a lot more messages in the room,
 # mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room.

roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml

@@ -81,6 +81,7 @@
 
 - name: Ensure postmoogle container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_postmoogle_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -106,6 +106,7 @@
 
 - name: Ensure matrix-appservice-discord container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_appservice_discord_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -190,6 +190,7 @@
 
 - name: Ensure matrix-appservice-irc container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_appservice_irc_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml

@@ -130,7 +130,7 @@ matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
 
 # End-to-bridge encryption configuration
 matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
+matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 
 # Specifies the default log level for all bridge loggers.
 matrix_appservice_kakaotalk_logging_level: WARNING

roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml

@@ -99,6 +99,7 @@
 
 - name: Ensure matrix-appservice-kakaotalk container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_appservice_kakaotalk_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml

@@ -84,6 +84,7 @@
 
 - name: Ensure matrix-appservice-slack container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_appservice_slack_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml

@@ -83,6 +83,7 @@
 
 - name: Ensure matrix-appservice-webhooks container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_appservice_webhooks_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -96,7 +96,7 @@ matrix_beeper_linkedin_logging_level: WARNING
 
 # Enable End-to-bridge encryption
 matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
+matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
 
 # Default beeper-linkedin configuration template which covers the generic use case.

roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml

@@ -85,6 +85,7 @@
 
 - name: Ensure beeper-linkedin container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_beeper_linkedin_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml

@@ -98,7 +98,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map:
 
 # Enable End-to-bridge encryption
 matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
+matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 
 # Minimum severity of journal log messages.
 # Options: debug, info, warn, error, fatal

roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml

@@ -128,6 +128,7 @@
 
 - name: Ensure matrix-go-skype-bridge container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_go_skype_bridge_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml

@@ -31,6 +31,7 @@
 
 - name: Ensure heisenbridge container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_heisenbridge_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml

@@ -109,6 +109,7 @@
 
 - name: Ensure matrix-hookshot container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_hookshot_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -151,7 +151,7 @@ matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yam
 
 # Enable End-to-bridge encryption
 matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
+matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
 
 # On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.

roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml

@@ -95,6 +95,7 @@
 
 - name: Ensure mautrix-discord container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_discord_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -203,5 +203,5 @@ matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_y
 
 # Enable End-to-bridge encryption
 matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
+matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -125,6 +125,7 @@
 
 - name: Ensure matrix-mautrix-facebook container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_facebook_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.2.4
+matrix_mautrix_gmessages_version: v0.3.0
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -139,7 +139,7 @@ matrix_mautrix_gmessages_bridge_login_shared_secret_map:
 
 # Enable End-to-bridge encryption
 matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
+matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
 
 matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true

roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml

@@ -144,6 +144,7 @@
 
 - name: Ensure matrix-mautrix-gmessages container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_gmessages_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -191,4 +191,4 @@ matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registrati
 
 # Enable End-to-bridge encryption
 matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}"
+matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"

roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml

@@ -125,6 +125,7 @@
 
 - name: Ensure matrix-mautrix-googlechat container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_googlechat_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -187,4 +187,4 @@ matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_y
 
 # Enable End-to-bridge encryption
 matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}"
+matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"

roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml

@@ -125,6 +125,7 @@
 
 - name: Ensure matrix-mautrix-hangouts container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_hangouts_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -174,5 +174,5 @@ matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration
 
 # Enable End-to-bridge encryption
 matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
+matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml

@@ -77,6 +77,7 @@
 
 - name: Ensure matrix-mautrix-instagram container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_instagram_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.1.0
+matrix_mautrix_meta_instagram_version: v0.2.0
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -23,8 +23,10 @@ matrix_mautrix_meta_instagram_container_src_files_path: "{{ matrix_mautrix_meta_
 matrix_mautrix_meta_instagram_container_image_self_build: false
 matrix_mautrix_meta_instagram_container_image_self_build_repo: "https://github.com/mautrix/meta.git"
 
-matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_version }}"
+matrix_mautrix_meta_instagram_container_image: "{{ matrix_mautrix_meta_instagram_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_instagram_container_image_tag }}"
 matrix_mautrix_meta_instagram_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_instagram_container_image_self_build else 'dock.mau.dev/' }}"
+# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`).
+matrix_mautrix_meta_instagram_container_image_tag: "{{ matrix_mautrix_meta_instagram_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_instagram_version | length == 40) else '' }}"
 matrix_mautrix_meta_instagram_container_image_force_pull: "{{ matrix_mautrix_meta_instagram_container_image.endswith(':latest') }}"
 
 matrix_mautrix_meta_instagram_container_network: ""
@@ -179,7 +181,17 @@ matrix_mautrix_meta_instagram_bridge_username_prefix: |-
 # Changing this may require that you change the regex in the appservice.
 matrix_mautrix_meta_instagram_bridge_username_template: "{{ matrix_mautrix_meta_instagram_bridge_username_prefix + '{{.}}' }}"
 
-matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}'
+matrix_mautrix_meta_instagram_bridge_displayname_suffix: |-
+  {{
+    ({
+      'facebook': '(FB)',
+      'facebook-tor': '(FB)',
+      'messenger': '(FB)',
+      'instagram': '(IG)',
+    })[matrix_mautrix_meta_instagram_meta_mode]
+  }}
+
+matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}'
 
 # The prefix for commands. Only required in non-management rooms.
 # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`):
@@ -191,9 +203,13 @@ matrix_mautrix_meta_instagram_bridge_command_prefix: default
 # If false, created portal rooms will never be federated.
 matrix_mautrix_meta_instagram_bridge_federate_rooms: true
 
+# Should the bridge create a space for each logged-in user and add bridged rooms to it?
+# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
+matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces: true
+
 # Enable End-to-bridge encryption
 matrix_mautrix_meta_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}"
+matrix_mautrix_meta_instagram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_instagram_bridge_encryption_allow }}"
 matrix_mautrix_meta_instagram_bridge_encryption_appservice: false
 matrix_mautrix_meta_instagram_bridge_encryption_require: false
@@ -266,5 +282,6 @@ matrix_mautrix_meta_instagram_registration_yaml: |
   url: {{ matrix_mautrix_meta_instagram_appservice_address }}
   sender_localpart: _bot_{{ matrix_mautrix_meta_instagram_appservice_username }}
   rate_limited: false
+  de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_meta_instagram_registration: "{{ matrix_mautrix_meta_instagram_registration_yaml | from_yaml }}"

roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml

@@ -104,6 +104,7 @@
 
 - name: Ensure mautrix-meta-instagram container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_meta_instagram_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2

@@ -124,7 +124,7 @@ bridge:
 
     # Should the bridge create a space for each logged-in user and add bridged rooms to it?
     # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
-    personal_filtering_spaces: false
+    personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
     # Should Matrix m.notice-type messages be bridged?
     bridge_notices: true
     # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.1.0
+matrix_mautrix_meta_messenger_version: v0.2.0
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -23,8 +23,10 @@ matrix_mautrix_meta_messenger_container_src_files_path: "{{ matrix_mautrix_meta_
 matrix_mautrix_meta_messenger_container_image_self_build: false
 matrix_mautrix_meta_messenger_container_image_self_build_repo: "https://github.com/mautrix/meta.git"
 
-matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_version }}"
+matrix_mautrix_meta_messenger_container_image: "{{ matrix_mautrix_meta_messenger_container_image_name_prefix }}mautrix/meta:{{ matrix_mautrix_meta_messenger_container_image_tag }}"
 matrix_mautrix_meta_messenger_container_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_meta_messenger_container_image_self_build else 'dock.mau.dev/' }}"
+# Prebuilt container images for specific commit hashes are tagged with an architecture suffix (e.g. `HASH-amd64`).
+matrix_mautrix_meta_messenger_container_image_tag: "{{ matrix_mautrix_meta_messenger_version }}{{ ('-' ~ matrix_architecture) if (matrix_mautrix_meta_messenger_version | length == 40) else '' }}"
 matrix_mautrix_meta_messenger_container_image_force_pull: "{{ matrix_mautrix_meta_messenger_container_image.endswith(':latest') }}"
 
 matrix_mautrix_meta_messenger_container_network: ""
@@ -179,7 +181,17 @@ matrix_mautrix_meta_messenger_bridge_username_prefix: |-
 # Changing this may require that you change the regex in the appservice.
 matrix_mautrix_meta_messenger_bridge_username_template: "{{ matrix_mautrix_meta_messenger_bridge_username_prefix + '{{.}}' }}"
 
-matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}'
+matrix_mautrix_meta_messenger_bridge_displayname_suffix: |-
+  {{
+    ({
+      'facebook': '(FB)',
+      'facebook-tor': '(FB)',
+      'messenger': '(FB)',
+      'instagram': '(IG)',
+    })[matrix_mautrix_meta_messenger_meta_mode]
+  }}
+
+matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}'
 
 # The prefix for commands. Only required in non-management rooms.
 # If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`):
@@ -191,9 +203,13 @@ matrix_mautrix_meta_messenger_bridge_command_prefix: default
 # If false, created portal rooms will never be federated.
 matrix_mautrix_meta_messenger_bridge_federate_rooms: true
 
+# Should the bridge create a space for each logged-in user and add bridged rooms to it?
+# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
+matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces: true
+
 # Enable End-to-bridge encryption
 matrix_mautrix_meta_messenger_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}"
+matrix_mautrix_meta_messenger_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_mautrix_meta_messenger_bridge_encryption_allow }}"
 matrix_mautrix_meta_messenger_bridge_encryption_appservice: false
 matrix_mautrix_meta_messenger_bridge_encryption_require: false
@@ -266,5 +282,6 @@ matrix_mautrix_meta_messenger_registration_yaml: |
   url: {{ matrix_mautrix_meta_messenger_appservice_address }}
   sender_localpart: _bot_{{ matrix_mautrix_meta_messenger_appservice_username }}
   rate_limited: false
+  de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_meta_messenger_registration: "{{ matrix_mautrix_meta_messenger_registration_yaml | from_yaml }}"

roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml

@@ -104,6 +104,7 @@
 
 - name: Ensure mautrix-meta-messenger container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_meta_messenger_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2

@@ -124,7 +124,7 @@ bridge:
 
     # Should the bridge create a space for each logged-in user and add bridged rooms to it?
     # Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
-    personal_filtering_spaces: false
+    personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
     # Should Matrix m.notice-type messages be bridged?
     bridge_notices: true
     # Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.5.0
+matrix_mautrix_signal_version: v0.5.1
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@@ -196,7 +196,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml
 
 # Enable End-to-bridge encryption
 matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 
 matrix_mautrix_signal_bridge_personal_filtering_spaces: true

roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml

@@ -138,6 +138,7 @@
 
 - name: Ensure matrix-mautrix-signal container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_signal_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml

@@ -145,5 +145,5 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml |
 
 # Enable End-to-bridge encryption
 matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
+matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml

@@ -95,6 +95,7 @@
 
 - name: Ensure matrix-mautrix-slack container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_slack_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -234,5 +234,5 @@ matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
 
 # Enable End-to-bridge encryption
 matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
+matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -150,6 +150,7 @@
 
 - name: Ensure matrix-mautrix-telegram container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_telegram_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -169,5 +169,5 @@ matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yam
 
 # Enable End-to-bridge encryption
 matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
+matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"

roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml

@@ -79,6 +79,7 @@
 
 - name: Ensure matrix-mautrix-twitter container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_twitter_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.10.5
+matrix_mautrix_whatsapp_version: v0.10.6
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -141,7 +141,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
 
 # Enable End-to-bridge encryption
 matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
-matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
+matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 
 matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -138,6 +138,7 @@
 
 - name: Ensure matrix-mautrix-whatsapp container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_whatsapp_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml

@@ -93,6 +93,7 @@
 
 - name: Ensure mautrix-wsproxy container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mautrix_wsproxy_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml

@@ -114,6 +114,7 @@
 
 - name: Ensure mx-puppet-discord container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_discord_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml

@@ -115,6 +115,7 @@
 
 - name: Ensure mx-puppet-groupme container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_groupme_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml

@@ -94,6 +94,7 @@
 
 - name: Ensure mx-puppet-instagram container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_instagram_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml

@@ -125,6 +125,7 @@
 
 - name: Ensure mx-puppet-slack container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_slack_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml

@@ -115,6 +115,7 @@
 
 - name: Ensure mx-puppet-steam container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_steam_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml

@@ -125,6 +125,7 @@
 
 - name: Ensure mx-puppet-twitter container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_mx_puppet_twitter_container_network }}"
     driver: bridge
 

roles/custom/matrix-bridge-sms/defaults/main.yml

@@ -5,7 +5,7 @@
 matrix_sms_bridge_enabled: true
 
 # renovate: datasource=docker depName=folivonet/matrix-sms-bridge
-matrix_sms_bridge_version: 0.5.8
+matrix_sms_bridge_version: 0.5.9
 matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}"
 
 matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"

roles/custom/matrix-bridge-sms/tasks/setup_install.yml

@@ -48,6 +48,7 @@
 
 - name: Ensure matrix-sms-bridge container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_sms_bridge_container_network }}"
     driver: bridge
 

roles/custom/matrix-cactus-comments-client/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.27.0
+matrix_cactus_comments_client_version: 2.28.0
 
 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"

roles/custom/matrix-cactus-comments-client/tasks/install.yml

@@ -73,6 +73,7 @@
 
 - name: Ensure matrix-cactus-comments-client container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_cactus_comments_client_container_network }}"
     driver: bridge
 

roles/custom/matrix-client-cinny/tasks/setup_install.yml

@@ -66,6 +66,7 @@
 
 - name: Ensure Cinny container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_client_cinny_container_network }}"
     driver: bridge
 

roles/custom/matrix-client-element/defaults/main.yml

@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=vectorim/element-web
-matrix_client_element_version: v1.11.58
+matrix_client_element_version: v1.11.63
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -151,7 +151,6 @@ matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/su
 matrix_client_element_show_lab_settings: true  # noqa var-naming
 # Element public room directory server(s)
 matrix_client_element_room_directory_servers: ['matrix.org']
-matrix_client_element_welcome_user_id: ~
 # Branding of Element
 matrix_client_element_brand: "Element"
 

roles/custom/matrix-client-element/tasks/setup_install.yml

@@ -100,6 +100,7 @@
 
 - name: Ensure Element container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_client_element_container_network }}"
     driver: bridge
 

roles/custom/matrix-client-element/tasks/validate_config.yml

@@ -43,6 +43,7 @@
     - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'}
     - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'}
     - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'}
+    - {'old': 'matrix_client_element_welcome_user_id', 'new': '<removed>'}
 
 - when: matrix_client_element_container_labels_traefik_enabled | bool
   block:

roles/custom/matrix-client-element/templates/config.json.j2

@@ -26,7 +26,6 @@
 	"room_directory": {
 		"servers": {{ matrix_client_element_room_directory_servers | to_json }}
 	},
-	"welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }},
 	{% if matrix_client_element_enable_presence_by_hs_url is not none %}
 		"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }},
 	{% endif %}

roles/custom/matrix-client-hydrogen/tasks/setup_install.yml

@@ -78,6 +78,7 @@
 
 - name: Ensure Hydrogen container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_client_hydrogen_container_network }}"
     driver: bridge
 

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_client_schildichat_enabled: true
 matrix_client_schildichat_container_image_self_build: false
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/schildichat-web
-matrix_client_schildichat_version: v1.11.30-sc.2
+matrix_client_schildichat_version: v1.11.36-sc.3
 matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}"
 matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}"
@@ -145,7 +145,6 @@ matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreport
 matrix_client_schildichat_show_lab_settings: true  # noqa var-naming
 # schildichat public room directory server(s)
 matrix_client_schildichat_room_directory_servers: ['matrix.org']
-matrix_client_schildichat_welcome_user_id: ~
 # Branding of schildichat
 matrix_client_schildichat_brand: "schildichat"
 

roles/custom/matrix-client-schildichat/tasks/setup_install.yml

@@ -99,6 +99,7 @@
 
 - name: Ensure schildichat container network is created
   community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_client_schildichat_container_network }}"
     driver: bridge
 

roles/custom/matrix-client-schildichat/tasks/validate_config.yml

@@ -1,5 +1,14 @@
 ---
 
+- name: (Deprecation) Catch and report renamed Schildichat settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_client_schildichat_welcome_user_id', 'new': '<removed>'}
+
 - name: Fail if required schildichat settings not defined
   ansible.builtin.fail:
     msg: >