Merge remote-tracking branch 'github/master'

CHANGELOG.md

@@ -1,3 +1,32 @@
+# 2020-07-22
+
+## Synapse Admin support
+
+The playbook can now help you set up [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin).
+
+See our [Setting up Synapse Admin](docs/configuring-playbook-synapse-admin.md) documentation to get started.
+
+
+# 2020-07-20
+
+## matrix-reminder-bot support
+
+The playbook can now help you set up [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot).
+
+See our [Setting up matrix-reminder-bot](docs/configuring-playbook-bot-matrix-reminder-bot.md) documentation to get started.
+
+
+# 2020-07-17
+
+## (Compatibility Break) Riot is now Element
+
+As per the official announcement, [Riot has been rebraned to Element](https://element.io/blog/welcome-to-element/).
+
+The playbook follows suit. Existing installations have a few options for how to handle this.
+
+See our [Migrating to Element](docs/configuring-playbook-riot-web.md#migrating-to-element) documentation page for more details.
+
+
 # 2020-07-03
 
 ## Steam bridging support via mx-puppet-steam

README.md

@@ -16,9 +16,9 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
 
-- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Riot web UI
+- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
 
-- (optional, default) a [Riot](https://riot.im/) web UI, which is configured to connect to your own Synapse server by default
+- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
 
 - (optional, default) an [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server
 
@@ -68,6 +68,10 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform
 
+- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms
+
+- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server
+
 Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
 
 **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
@@ -99,6 +103,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
 
 - this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
 
+- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
+
 
 ## Installation
 
@@ -120,7 +126,7 @@ This playbook sets up your server using the following Docker images:
 
 - [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
 
-- [vectorim/riot-web](https://hub.docker.com/r/vectorim/riot-web/) - the [Riot.im](https://about.riot.im/) web client (optional)
+- [vectorim/riot-web](https://hub.docker.com/r/vectorim/riot-web/) - the [Element](https://element.io/) web client (optional)
 
 - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
 
@@ -178,6 +184,10 @@ This playbook sets up your server using the following Docker images:
 
 - [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
 
+- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
+
+- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
+
 
 ## Deficiencies
 

docs/README.md

@@ -10,6 +10,14 @@
 
 - [Installing](installing.md)
 
+- **Importing data from another Synapse server installation**
+
+  - [Importing an existing SQLite database (from another installation)](importing-sqlite.md) (optional)
+
+  - [Importing an existing Postgres database (from another installation)](importing-postgres.md) (optional)
+
+  - [Importing `media_store` data files from an existing installation](importing-media-store.md) (optional)
+
 - [Registering users](registering-users.md)
 
 - [Updating users passwords](updating-users-passwords.md)

docs/configuring-dns.md

@@ -21,21 +21,21 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
 | Type  | Host                         | Priority | Weight | Port | Target                 |
 | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
 | A     | `matrix`                     | -        | -      | -    | `matrix-server-IP`     |
-| CNAME | `riot`                       | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `element`                    | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `dimension` (*)              | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `jitsi` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
 | SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
 
 
-DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records.
+DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records. Also be mindful as to how long it will take for the DNS records to propagate.
 
 
 ## Subdomains setup
 
-As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
+As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
 
-The `riot.<your-domain>` subdomain is necessary, because this playbook installs the Riot web client for you.
-If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `riot.<your-domain>` DNS record.
+The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/riot-web) web client for you.
+If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
 
 The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
 

docs/configuring-playbook-base-domain-serving.md

@@ -14,7 +14,7 @@ Usually, there are 2 options:
 
 This documentation page tells you how to do the latter. With some easy changes, we make it possible to serve the base domain from the Matrix server via the integrated webserver (`matrix-nginx-proxy`).
 
-Just **adjust your DNS records**, so that your base domain is pointed to the Matrix server's IP address **and use the following configuration**:
+Just **adjust your DNS records**, so that your base domain is pointed to the Matrix server's IP address (using a DNS `A` record) **and then use the following configuration**:
 
 ```yaml
 matrix_nginx_proxy_base_domain_serving_enabled: true

docs/configuring-playbook-bot-matrix-reminder-bot.md

@@ -0,0 +1,59 @@
+# Setting up matrix-reminder-bot (optional)
+
+The playbook can install and configure [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for you.
+
+It's a bot you can use to **schedule one-off & recurring reminders and alarms**.
+
+See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.
+
+
+## Registering the bot user
+
+By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`.
+
+(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable).
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_matrix_reminder_bot_enabled: true
+
+# Adjust this to whatever password you chose when registering the bot user
+matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT
+
+# Adjust this to your timezone
+matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To use the bot, start a chat with `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
+You can also add the bot to any existing Matrix room (`/invite @bot.matrix-reminder-bot:DOMAIN`).
+
+Basic usage is like this: `!remindme in 2 minutes; This is a test`
+
+Send `!help commands` to the room to see the bot's help menu for additional commands.
+
+You can also refer to the upstream [Usage documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage).

docs/configuring-playbook-client-element.md

@@ -0,0 +1,41 @@
+# Configuring Element (optional)
+
+By default, this playbook installs the [Element](https://github.com/vector-im/riot-web) Matrix client web application.
+If that's okay, you can skip this document.
+
+
+## Disabling Element
+
+If you'd like for the playbook to not install (or to uninstall the previously installed Element), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_client_element_enabled: false
+```
+
+
+## Configuring Element settings
+
+The playbook provides some customization variables you could use to change Element's settings.
+
+Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
+
+**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
+
+Alternatively, **if there is no pre-defined variable** for an Element setting you wish to change:
+
+- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.
+
+- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
+
+- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
+
+
+## Themes
+
+To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting.
+
+Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).
+
+If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
+
+Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.

docs/configuring-playbook-dimension.md

@@ -21,7 +21,7 @@ matrix_dimension_enabled: true
 
 ## Define admin users
 
-These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Riot and clicking the settings icon.
+These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon.
 Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
 ```yaml
@@ -37,15 +37,27 @@ We recommend that you create a dedicated Matrix user for Dimension (`dimension`
 Follow our [Registering users](registering-users.md) guide to learn how to register **a regular (non-admin) user**.
 
 You are required to specify an access token (belonging to this new user) for Dimension to work.
-To get an access token for the Dimension user, follow these steps:
+To get an access token for the Dimension user, you can follow one of two options:
+*Through an interactive login*:
 
-1. In a private browsing session (incognito window), open Riot.
+1. In a private browsing session (incognito window), open Element.
 2. Log in with the `dimension` user and its password.
 1. Set the display name and avatar, if required.
 2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
 3. Copy the highlighted text to your configuration.
 4. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work.
 
+*With CURL* 
+
+```
+curl -X POST --header 'Content-Type: application/json' -d '{
+    "identifier": { "type": "m.id.user", "user": "YourDimensionUsername" },
+    "password": "YourDimensionPassword",
+    "type": "m.login.password"
+}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
+```
+*Change the "YourDimensionUser/Pass" URL accordigly*
+
 **Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**
 
 Add access token to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
@@ -70,7 +82,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 
 By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](./configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance. Currently there is no way to configure this via the playbook, see [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
 
-In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In riot-web, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
+In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In Element, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
 
 
 ## Additional features

docs/configuring-playbook-jitsi.md

@@ -1,6 +1,6 @@
 # Jitsi
 
-The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
+The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Element](configuring-playbook-client-element.md).
 
 Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
 
@@ -144,13 +144,13 @@ Run this command for each user you would like to create, replacing `<USERNAME>`
 
 You can use the self-hosted Jitsi server in multiple ways:
 
-- **by adding a widget to a room via riot-web** (the one configured by the playbook at `https://riot.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
+- **by adding a widget to a room via Element** (the one configured by the playbook at `https://element.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
 
 - **by adding a widget to a room via the Dimension Integration Manager**. You'll have to point the widget to your own Jitsi server manually. See our [Dimension](./configuring-playbook-dimension.md) documentation page for more details. Naturally, Dimension would need to be installed first (the playbook doesn't install it by default).
 
 - **directly (without any Matrix integration)**. Just go to `https://jitsi.DOMAIN`
 
-**Note**: Riot apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
+**Note**: Element apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
 
 
 ## Troubleshooting

docs/configuring-playbook-ma1sd.md

@@ -90,6 +90,22 @@ matrix_ma1sd_configuration_extension_yaml: |
             number: '+<msisdn-number>'
 ```
 
+## Example: Open Registration for every Domain
+
+If you want to open registration for any domain, you have to setup the allowed domains with ma1sd's `blacklist` and `whitelist`. The default behavior when neither the `blacklist`, nor the `whitelist` match, is to allow registration. Beware: you can't block toplevel domains (aka `.xy`) because the internal architecture of ma1sd doesn't allow that.
+
+```yaml
+matrix_ma1sd_configuration_extension_yaml: |
+  register:
+    policy:
+      allowed: true
+      threepid:
+        email:
+          domain:
+            blacklist: ~
+            whitelist: ~
+```
+
 ## Troubleshooting
 
 If email address validation emails sent by ma1sd are not reaching you, you should look into [Adjusting email-sending settings](configuring-playbook-email.md).

docs/configuring-playbook-own-webserver.md

@@ -113,7 +113,7 @@ With this, nginx would still be in use, but it would not bother with anything SS
 All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).
 
 You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
-The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `riot.DOMAIN` and `dimension.DOMAIN` are optional).
+The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN` and `dimension.DOMAIN` are optional).
 
 ### Sample configuration for running behind Traefik 2.0
 
@@ -144,7 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
   - '--label "traefik.enable=true"'
 
   # The Nginx proxy container will receive traffic from these subdomains
-  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'
+  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`)"'
 
   # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@@ -172,7 +172,7 @@ matrix_synapse_container_extra_arguments:
   - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
 ```
 
-This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `riot.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
+This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
 
 Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:
 

docs/configuring-playbook-riot-web.md

@@ -1,40 +1,39 @@
 # Configuring Riot-web (optional)
 
-By default, this playbook installs the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
-If that's okay, you can skip this document.
+By default, this playbook **used to install** the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
 
+Riot has since been [renamed to Element](https://element.io/blog/welcome-to-element/).
 
-## Disabling riot-web
+- to learn more about Element and its configuration, see our dedicated [Configuring Element](configuring-playbook-client-element.md) documentation page
+- to learn how to migrate from Riot to Element, see [Migrating to Element](#migrating-to-element) below
 
-If you'd like for the playbook to not install (or to uninstall the previously installed riot-web), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
-```yaml
-matrix_riot_web_enabled: false
-```
+## Migrating to Element
 
-## Configuring riot-web settings
+### Migrating your custom settings
 
-The playbook provides some customization variables you could use to change riot-web's settings.
+If you have custom `matrix_riot_web_` variables in your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, you'll need to rename them (`matrix_riot_web_` -> `matrix_client_element_`).
 
-Their defaults are defined in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml) and they ultimately end up in the generated `/matrix/riot-web/config.json` file (on the server). This file is generated from the [`roles/matrix-riot-web/templates/config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2) template.
+Some other playbook variables (but not all) with `riot` in their name are also renamed. The playbook checks and warns if you are using the old name for some commonly used ones.
 
-**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
 
-Alternatively, **if there is no pre-defined variable** for a riot-web setting you wish to change:
+### Domain migration
 
-- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of riot-web's various settings that rarely get used.
+We used to set up Riot at the `riot.DOMAIN` domain. The playbook now sets up Element at `element.DOMAIN` by default.
 
-- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2)) by making use of the `matrix_riot_web_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
+There are a few options for handling this:
 
-- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_riot_web_configuration_default` (or `matrix_riot_web_configuration`). You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
+- (**avoiding changes** - using the old `riot.DOMAIN` domain and avoiding DNS changes) -- to keep using `riot.DOMAIN` instead of `element.DOMAIN`, override the domain at which the playbook serves Element: `matrix_server_fqn_element: "riot.{{ matrix_domain }}"`
 
+- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case. If so, you may also wish to remove old SSL certificates (`rm -rf /matrix/ssl/config/live/riot.DOMAIN`) and renewal configuration (`rm -f /matrix/ssl/config/renewal/riot.DOMAIN.conf`), so that `certbot` would stop trying to renew them.
 
-## Themes
+- (**embracing changes and transitioning smoothly** - using both `element.DOMAIN` and `riot.DOMAIN`) - to serve Element at the new domain (`element.DOMAIN`) and to also have `riot.DOMAIN` redirect there - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)) and enable Riot to Element redirection (`matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`).
 
-To change the look of riot-web, you can define your own themes manually by using the `matrix_riot_web_settingDefaults_custom_themes` setting.
 
-Or better yet, you can automatically pull it all themes provided by the [aaronraimist/riot-web-themes](https://github.com/aaronraimist/riot-web-themes) project by simply flipping a flag (`matrix_riot_web_themes_enabled: true`).
+### Re-running the playbook
 
-If you make your own theme, we encourage you to submit it to the **aaronraimist/riot-web-themes** project, so that the whole community could easily enjoy it.
+As always, after making the necessary DNS and configuration adjustments, re-run the playbook to apply the changes:
 
-Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```

docs/configuring-playbook-ssl-certificates.md

@@ -1,6 +1,6 @@
 # Adjusting SSL certificate retrieval (optional, advanced)
 
-By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `riot.<your-domain>`)
+By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
 
 Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
 They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
@@ -42,7 +42,7 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
 - `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
 - `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
 
-where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
+where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
 
 
 ## Not bothering with SSL certificates
@@ -62,7 +62,8 @@ The playbook tries to be smart about the certificates it will obtain for you.
 
 By default, it obtains certificates for:
 - `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
-- possibly for `riot.<your-domain>`, unless you have disabled the Riot component using `matrix_riot_web_enabled: false`
+- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
+- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
 - possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
 - possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
 
@@ -70,12 +71,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
 To do that, simply define your own custom configuration like this:
 
 ```yaml
-# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Riot, Dimension).
+# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
 # In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
 # Adding any other additional domains (hosted on the same machine) is possible.
 matrix_ssl_domains_to_obtain_certificates_for:
   - '{{ matrix_server_fqn_matrix }}'
-  - '{{ matrix_server_fqn_riot }}'
+  - '{{ matrix_server_fqn_element }}'
   - '{{ matrix_server_fqn_dimension }}'
   - '{{ matrix_domain }}'
 ```

docs/configuring-playbook-synapse-admin.md

@@ -0,0 +1,62 @@
+# Setting up Synapse Admin (optional)
+
+The playbook can install and configure [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) for you.
+
+It's a web UI tool you can use to **administrate users and rooms on your Matrix server**.
+
+See the project's [documentation](https://github.com/Awesome-Technologies/synapse-admin) to learn what it does and why it might be useful to you.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_synapse_admin_enabled: true
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+After installation, Synapse Admin will be accessible at: `https://matrix.DOMAIN/synapse-admin/`
+
+To use Synapse Admin, you need to have [registered at least one administrator account](registering-users.md) on your server.
+
+The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`
+
+### Sample configuration for running behind Traefik 2.0
+
+Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy.
+
+This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md).
+
+```yaml
+# Don't bind any HTTP or federation port to the host
+# (Traefik will proxy directly into the containers)
+matrix_synapse_admin_container_http_host_bind_port: ""
+
+matrix_synapse_admin_container_extra_arguments:
+    # May be unnecessary depending on Traefik config, but can't hurt
+    - '--label "traefik.enable=true"'
+
+    # The Synapse Admin container will only receive traffic from this subdomain and path
+    - '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"'
+
+    # (Define your entrypoint)
+    - '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"'
+
+    # (The 'default' certificate resolver must be defined in Traefik config)
+    - '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"'
+
+    # The Synapse Admin container uses port 80 by default
+    - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
+```

docs/configuring-playbook-synapse.md

@@ -16,3 +16,8 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
 - or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
 
 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
+
+
+## Synapse Admin
+
+Certain Synapse administration tasks (managing users and rooms, etc.) can be performed via a web user-interace, if you install [Synapse Admin](configuring-playbook-synapse-admin.md).

docs/configuring-playbook.md

@@ -38,7 +38,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Configuring Synapse](configuring-playbook-synapse.md) (optional)
 
-- [Configuring Riot-web](configuring-playbook-riot-web.md) (optional)
+- [Configuring Element](configuring-playbook-client-element.md) (optional)
 
 - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
 
@@ -68,6 +68,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 ### Authentication and user-related
 
+- [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional)
+
 - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional, advanced)
 
 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)
@@ -112,3 +114,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
 
 - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional)
+
+
+### Bots
+
+- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional)

docs/configuring-well-known.md

@@ -6,7 +6,7 @@ There are 2 types of well-known service discovery that Matrix makes use of:
 
 - (important) **Federation Server discovery** (`/.well-known/matrix/server`) -- assists other servers in the Matrix network with finding your server. Without a proper configuration, your server will effectively not be part of the Matrix network. Learn more in [Introduction to Federation Server Discovery](#introduction-to-federation-server-discovery)
 
-- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Riot), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
+- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Element), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
 
 
 ## Introduction to Federation Server Discovery
@@ -59,7 +59,7 @@ All you need to do is:
 
 - copy `/.well-known/matrix/server` and `/.well-known/matrix/client` from the Matrix server (e.g. `matrix.example.com`) to your base domain's server (`example.com`). You can find these files in the `/matrix/static-files/.well-known/matrix` directory on the Matrix server. They are also accessible on URLs like this: `https://matrix.example.com/.well-known/matrix/server` (same for `client`).
 
-- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Riot) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
+- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Element) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
 
 This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server.
 It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.

docs/maintenance-synapse.md

@@ -13,6 +13,7 @@ Table of contents:
 		- [Vacuuming Postgres](#vacuuming-postgres)
 	- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
 	- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
+	- [Browse and manipulate the database](#browse-and-manipulate-the-database)
 
 - [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands
 
@@ -56,7 +57,7 @@ If [purging unused and unreachable data](#purging-unused-data-with-synapse-janit
 
 Synapse provides a [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) that you can use to purge on a per-room basis.
 
-To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like riot-web).
+To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
 Alternatively, you can log in and obtain a new access token like this:
 
 ```

docs/registering-users.md

@@ -16,7 +16,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
-**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
+**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
 
 -----
 
@@ -25,7 +25,7 @@ If you've just installed Matrix, **to finalize the installation process**, it's
 -----
 
 
-## Adding/Removing Administrator privileges to an existing user.  
+## Adding/Removing Administrator privileges to an existing user.
 
 The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
 
@@ -35,3 +35,8 @@ The script `/usr/local/bin/matrix-change-user-admin-status` may be used to chang
 ```
 /usr/local/bin/matrix-change-user-admin-status <username> <0/1>
 ```
+
+
+## Managing users via a Web UI
+
+To manage users more easily (via a web user-interace), you can install [Synapse Admin](configuring-playbook-synapse-admin.md).

docs/self-building.md

@@ -11,7 +11,7 @@ To make use of self-building, you don't need to do anything besides change your
 Note that **not all components support self-building yet**.
 List of roles where self-building the Docker image is currently possible:
 - `matrix-synapse`
-- `matrix-riot-web`
+- `matrix-client-element`
 - `matrix-coturn`
 - `matrix-ma1sd`
 - `matrix-mailer`

docs/updating-users-passwords.md

@@ -10,7 +10,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
-**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
+**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
 
 
 ## Option 2 (if you are using an external Postgres server):
@@ -34,9 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
 
 Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
 
-This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* 
+This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
 
-If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). 
+If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
 
 ### Example:
 To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:

examples/apache/matrix-riot-web.conf → examples/apache/matrix-client-element.conf

@@ -1,8 +1,8 @@
-# This is a sample file demonstrating how to set up reverse-proxy for riot.DOMAIN.
-# If you're not using Riot (`matrix_riot_web_enabled: false`), you won't need this.
+# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
+# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.
 
 <VirtualHost *:80>
-	ServerName riot.DOMAIN
+	ServerName element.DOMAIN
 
 	ProxyVia On
 
@@ -13,17 +13,17 @@
 		ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
 	</Location>
 
-	Redirect permanent / https://riot.DOMAIN/
+	Redirect permanent / https://element.DOMAIN/
 </VirtualHost>
 
 <VirtualHost *:443>
-	ServerName riot.DOMAIN
+	ServerName element.DOMAIN
 
 	SSLEngine On
 
 	# If you manage SSL certificates by yourself, these paths will differ.
-	SSLCertificateFile /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem
-	SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
+	SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
+	SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem
 
 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
@@ -36,6 +36,6 @@
 	ProxyPass / http://127.0.0.1:8765/
 	ProxyPassReverse / http://127.0.0.1:8765/
 
-	ErrorLog ${APACHE_LOG_DIR}/riot.DOMAIN-error.log
-	CustomLog ${APACHE_LOG_DIR}/riot.DOMAIN-access.log combined
+	ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
+	CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
 </VirtualHost>

examples/caddy/matrix-client-element

@@ -0,0 +1,8 @@
+https://element.DOMAIN {
+	# These might differ if you are supplying your own certificates
+	tls /matrix/ssl/config/live/element.DOMAIN/fullchain.pem /matrix/ssl/config/live/element.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8765 {
+		transparent
+	}
+}

examples/caddy/matrix-riot-web

@@ -1,8 +0,0 @@
-https://riot.DOMAIN {
-	# These might differ if you are supplying your own certificates
-	tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
-
-	proxy / http://127.0.0.1:8765 {
-		transparent
-	}
-}

examples/haproxy/haproxy.cfg

@@ -39,7 +39,7 @@ frontend https-frontend
     # HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
     # cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
     bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
-    #bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
+    #bind *:443 ssl crt /etc/haproxy/certs/element.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
     reqadd X-Forwarded-Proto:\ https
     option httplog
     option http-server-close
@@ -60,10 +60,10 @@ frontend https-frontend
     acl synapse_admin path -i -m beg /_synapse/admin
     # Send to :8008
     use_backend matrix-main if matrix_path or synapse_admin
-    # riot.example.com
-    acl riot_domain hdr_dom(host) -i riot.example.com
+    # element.example.com
+    acl element_domain hdr_dom(host) -i element.example.com
     # Send to 8765
-    use_backend riot if riot_domain 
+    use_backend element if element_domain
     # If nothing else match, just send to default matrix backend
     use_backend matrix-main if matrix_domain
     #default_backend matrix-main
@@ -86,12 +86,12 @@ backend synapse
 
 backend nginx-static
      capture request header origin len 128
-     http-response add-header Access-Control-Allow-Origin * 
+     http-response add-header Access-Control-Allow-Origin *
      rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
      rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
      rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization  if { capture.req.hdr(0) -m found }
      server nginx 127.0.0.1:40888 check
 
-backend riot
-     server riot 127.0.0.1:8765 check
+backend element
+     server element 127.0.0.1:8765 check
 

group_vars/matrix_servers

@@ -516,6 +516,23 @@ matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 #
 ######################################################################
 
+
+######################################################################
+#
+# matrix-bot-matrix-reminder-bot
+#
+######################################################################
+
+# We don't enable bots by default.
+matrix_bot_matrix_reminder_bot_enabled: false
+
+######################################################################
+#
+# /matrix-bot-matrix-reminder-bot
+#
+######################################################################
+
+
 ######################################################################
 #
 # matrix-corporal
@@ -755,7 +772,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:4
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
 
 matrix_nginx_proxy_proxy_matrix_enabled: true
-matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
+matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
 matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 
@@ -792,14 +809,16 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
     +
     (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
     +
-    (['matrix-riot-web.service'] if matrix_riot_web_enabled else [])
+    (['matrix-client-element.service'] if matrix_client_element_enabled else [])
   }}
 
 matrix_ssl_domains_to_obtain_certificates_for: |
   {{
     ([matrix_server_fqn_matrix])
     +
-    ([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
+    ([matrix_server_fqn_element] if matrix_client_element_enabled else [])
+    +
+    ([matrix_nginx_proxy_proxy_riot_compat_redirect_hostname] if matrix_nginx_proxy_proxy_riot_compat_redirect_enabled else [])
     +
     ([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
     +
@@ -847,48 +866,48 @@ matrix_postgres_db_name: "homeserver"
 
 ######################################################################
 #
-# matrix-riot-web
+# matrix-client-element
 #
 ######################################################################
 
-# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
+# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
-matrix_riot_web_enabled: true
+matrix_client_element_enabled: true
 
-matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
-# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
+# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
-# the riot-web HTTP port to the local host.
-matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
+# the Element HTTP port to the local host.
+matrix_client_element_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
 
-matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
-matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
+matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
+matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
 
 # Use Dimension if enabled, otherwise fall back to Scalar
-matrix_riot_web_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
-matrix_riot_web_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
-matrix_riot_web_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
-matrix_riot_web_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
+matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
+matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
+matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
+matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
 
-matrix_riot_web_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
+matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
 
-matrix_riot_web_registration_enabled: "{{ matrix_synapse_enable_registration }}"
+matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
 
-matrix_riot_web_enable_presence_by_hs_url: |
+matrix_client_element_enable_presence_by_hs_url: |
   {{
     none
     if matrix_synapse_use_presence
-    else {matrix_riot_web_default_hs_url: false}
+    else {matrix_client_element_default_hs_url: false}
   }}
 
-matrix_riot_web_welcome_user_id: ~
+matrix_client_element_welcome_user_id: ~
 
-matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
+matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
 
 ######################################################################
 #
-# /matrix-riot-web
+# /matrix-client-element
 #
 ######################################################################
 
@@ -992,3 +1011,24 @@ matrix_synapse_systemd_wanted_services_list: |
 # /matrix-synapse
 #
 ######################################################################
+
+
+
+######################################################################
+#
+# matrix-synapse-admin
+#
+######################################################################
+
+matrix_synapse_admin_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse Admin over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# Synapse Admin's HTTP port to the local host.
+matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
+
+######################################################################
+#
+# /matrix-synapse-admin
+#
+######################################################################

roles/matrix-base/defaults/main.yml

@@ -8,12 +8,12 @@
 matrix_domain: ~
 
 # This is where your data lives and what we set up.
-# This and the Riot FQN (see below) are expected to be on the same server.
+# This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
 
-# This is where you access the web UI from and what we set up here.
+# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
 # This and the Matrix FQN (see above) are expected to be on the same server.
-matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
+matrix_server_fqn_element: "element.{{ matrix_domain }}"
 
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
@@ -58,12 +58,12 @@ matrix_integration_manager_rest_url: ~
 matrix_integration_manager_ui_url: ~
 
 # The domain name where a Jitsi server is self-hosted.
-# If set, `/.well-known/matrix/client` will suggest Riot clients to use that Jitsi server.
+# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
 matrix_riot_jitsi_preferredDomain: ''
 
-# Controls whether Riot should use End-to-End Encryption by default.
-# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
+# Controls whether Element should use End-to-End Encryption by default.
+# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
 matrix_riot_e2ee_default: true
 

roles/matrix-base/tasks/sanity_check.yml

@@ -25,7 +25,8 @@
     - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
     - {'old': 'hostname_identity', 'new': 'matrix_domain'}
     - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
-    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
+    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
 
 - name: Fail if required variables are undefined
   fail:
@@ -33,7 +34,7 @@
   with_items:
     - matrix_domain
     - matrix_server_fqn_matrix
-    - matrix_server_fqn_riot
+    - matrix_server_fqn_element
   when: "item not in vars or vars[item] is none"
 
 - name: Fail if uppercase domain used
@@ -42,7 +43,7 @@
   with_items:
     - "{{ matrix_domain }}"
     - "{{ matrix_server_fqn_matrix }}"
-    - "{{ matrix_server_fqn_riot }}"
+    - "{{ matrix_server_fqn_element }}"
   when: "item != item|lower"
 
 - name: Fail if using python2 on Archlinux

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -5,6 +5,7 @@
     name:
       - apt-transport-https
       - ca-certificates
+      - gnupg
     state: present
     update_cache: yes
 

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -0,0 +1,64 @@
+# matrix-reminder-bot is a bot for one-off and recurring reminders
+# See: https://github.com/anoadragon453/matrix-reminder-bot
+
+matrix_bot_matrix_reminder_bot_enabled: true
+
+matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0"
+matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
+
+matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
+matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config"
+matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data"
+matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store"
+
+# A list of extra arguments to pass to the container
+matrix_bot_matrix_reminder_bot_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-matrix-reminder-bot.service depends on
+matrix_bot_matrix_reminder_bot_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-matrix-reminder-bot.service wants
+matrix_bot_matrix_reminder_bot_systemd_wanted_services_list: []
+
+
+# The bot's username. This user needs to be created manually beforehand.
+# Also see `matrix_bot_matrix_reminder_bot_user_password`.
+matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: "bot.matrix-reminder-bot"
+
+matrix_bot_matrix_reminder_bot_matrix_user_id: '@{{ matrix_bot_matrix_reminder_bot_matrix_user_id_localpart }}:{{ matrix_domain }}'
+
+# The password that the bot uses to authenticate.
+matrix_bot_matrix_reminder_bot_matrix_user_password: ''
+
+matrix_bot_matrix_reminder_bot_matrix_homeserver_url: 'http://matrix-synapse:8008'
+
+# The timezone to use when creating reminders.
+# Examples: 'Europe/London', 'Etc/UTC'
+matrix_bot_matrix_reminder_bot_reminders_timezone: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_bot_matrix_reminder_bot_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_bot_matrix_reminder_bot_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_bot_matrix_reminder_bot_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_bot_matrix_reminder_bot_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_bot_matrix_reminder_bot_configuration_yaml`.
+  #
+  # Example configuration extension follows:
+  #
+  # matrix:
+  #   device_name: My-Reminder-Bot
+
+matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`.
+matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml|from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}"

roles/matrix-bot-matrix-reminder-bot/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot'] }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool

roles/matrix-bot-matrix-reminder-bot/tasks/main.yml

@@ -0,0 +1,14 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-matrix-reminder-bot
+
+- import_tasks: "{{ role_path }}/tasks/setup.yml"
+  tags:
+    - setup-all
+    - setup-bot-matrix-reminder-bot

roles/matrix-bot-matrix-reminder-bot/tasks/setup.yml

@@ -0,0 +1,88 @@
+---
+
+#
+# Tasks related to setting up matrix-reminder-bot
+#
+
+- name: Ensure matrix-reminder-bot paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true }
+    - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true }
+    - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true }
+  when: matrix_bot_matrix_reminder_bot_enabled|bool and item.when
+
+- name: Ensure matrix-reminder-bot image is pulled
+  docker_image:
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure matrix-reminder-bot config installed
+  copy:
+    content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure matrix-matrix-reminder-bot.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
+    mode: 0644
+  register: matrix_bot_matrix_reminder_bot_systemd_service_result
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-matrix-reminder-bot.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of matrix-reminder-bot (if it was previously enabled)
+#
+
+- name: Check existence of matrix-matrix-reminder-bot service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-matrix-reminder-bot.service"
+  register: matrix_bot_matrix_reminder_bot_service_stat
+
+- name: Ensure matrix-matrix-reminder-bot is stopped
+  service:
+    name: matrix-matrix-reminder-bot
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure matrix-matrix-reminder-bot.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-matrix-reminder-bot.service"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-matrix-reminder-bot.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure Matrix matrix-reminder-bot paths don't exist
+  file:
+    path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool"
+
+- name: Ensure matrix-reminder-bot Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool"

roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_matrix_reminder_bot_matrix_user_password"
+    - "matrix_bot_matrix_reminder_bot_reminders_timezone"

roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2

@@ -0,0 +1,50 @@
+# The string to prefix bot commands with
+command_prefix: "!"
+
+# Options for connecting to the bot's Matrix account
+matrix:
+  # The Matrix User ID of the bot account
+  user_id: {{ matrix_bot_matrix_reminder_bot_matrix_user_id|to_json }}
+  # Matrix account password
+  user_password: {{ matrix_bot_matrix_reminder_bot_matrix_user_password|to_json }}
+  # The public URL at which the homeserver's Client-Server API can be accessed
+  homeserver_url: {{ matrix_bot_matrix_reminder_bot_matrix_homeserver_url }}
+  # The device ID that is a **non pre-existing** device
+  # If this device ID already exists, messages will be dropped silently in
+  # encrypted rooms
+  device_id: REMINDER
+  # What to name the logged in device
+  device_name: Reminder Bot
+
+storage:
+  # The database connection string
+  # For SQLite3, this would look like:
+  #     database: "sqlite://bot.db"
+  # For Postgres, this would look like:
+  #     database: "postgres://username:password@localhost/dbname?sslmode=disable"
+  #database: "postgres://matrix-reminder-bot:remindme@localhost/matrix-reminder-bot?sslmode=disable"
+  database: "sqlite:///data/bot.db"
+  # The path to a directory for internal bot storage
+  # containing encryption keys, sync tokens, etc.
+  store_path: "/data/store"
+
+reminders:
+  # Uncomment to set a default timezone that will be used when creating reminders.
+  # If not set, UTC will be used
+  timezone: {{ matrix_bot_matrix_reminder_bot_reminders_timezone }}
+
+# Logging setup
+logging:
+  # Logging level
+  # Allowed levels are 'INFO', 'WARNING', 'ERROR', 'DEBUG' where DEBUG is most verbose
+  level: INFO
+  # Configure logging to a file
+  file_logging:
+    # Whether logging to a file is enabled
+    enabled: false
+    # The path to the file to log to. May be relative or absolute
+    filepath: /data/bot.log
+  # Configure logging to the console (stdout/stderr)
+  console_logging:
+    # Whether console logging is enabled
+    enabled: true

roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2

@@ -0,0 +1,40 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=matrix-reminder-bot
+{% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_bot_matrix_reminder_bot_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			-e 'TZ={{ matrix_bot_matrix_reminder_bot_reminders_timezone }}' \
+			-v {{ matrix_bot_matrix_reminder_bot_config_path }}:/config:ro \
+			-v {{ matrix_bot_matrix_reminder_bot_data_path }}:/data:rw \
+			--entrypoint=/bin/sh \
+			{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
+			-c "matrix-reminder-bot /config/config.yaml"
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-bot-matrix-reminder-bot
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -4,7 +4,7 @@
 matrix_mautrix_telegram_enabled: true
 
 # See: https://mau.dev/tulir/mautrix-telegram/container_registry
-matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.1"
+matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.2"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -145,7 +145,7 @@ bridge:
     # Set to false to disable link previews in messages sent to Telegram.
     telegram_link_preview: true
     # Use inline images instead of a separate message for the caption.
-    # N.B. Inline images are not supported on all clients (e.g. Riot iOS).
+    # N.B. Inline images are not supported on all clients (e.g. Element iOS).
     inline_images: false
     # Maximum size of image in megabytes before sending to Telegram as a document.
     image_as_file_size: 10

roles/matrix-client-element/defaults/main.yml

@@ -0,0 +1,122 @@
+matrix_client_element_enabled: true
+
+matrix_client_element_container_image_self_build: false
+
+matrix_client_element_docker_image: "vectorim/riot-web:v1.7.2"
+matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
+
+matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
+matrix_client_element_docker_src_files_path: "{{ matrix_client_element_data_path }}/docker-src"
+
+# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
+matrix_client_element_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_client_element_container_extra_arguments: []
+
+# List of systemd services that matrix-client-element.service depends on
+matrix_client_element_systemd_required_services_list: ['docker.service']
+
+# Element config.json customizations
+matrix_client_element_default_server_name: "{{ matrix_domain }}"
+matrix_client_element_default_hs_url: ""
+matrix_client_element_default_is_url: ~
+matrix_client_element_disable_custom_urls: true
+matrix_client_element_disable_guests: true
+matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
+matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
+matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
+matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
+matrix_client_element_permalinkPrefix: "https://matrix.to"
+# Element public room directory server(s)
+matrix_client_element_roomdir_servers: ['matrix.org']
+matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
+# Branding of Element
+matrix_client_element_brand: "Element"
+
+# URL to Logo on welcome page
+matrix_client_element_welcome_logo: "welcome/images/logo.svg"
+
+# URL of link on welcome image
+matrix_client_element_welcome_logo_link: "https://element.io"
+
+matrix_client_element_welcome_headline: "_t('Welcome to Element')"
+matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
+
+# Links, shown in footer of welcome page:
+# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
+matrix_client_element_branding_authFooterLinks: ~
+
+# URL to image, shown during Login
+matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}"
+
+# URL to Wallpaper, shown in background of welcome page
+matrix_client_element_branding_welcomeBackgroundUrl: ~
+
+# By default, there's no Element homepage (when logged in). If you wish to have one,
+# point this to a `home.html` template file on your local filesystem.
+matrix_client_element_embedded_pages_home_path: ~
+
+matrix_client_element_jitsi_preferredDomain: ''
+
+# Controls whether the self-check feature should validate SSL certificates.
+matrix_client_element_self_check_validate_certificates: true
+
+# don't show the registration button on welcome page
+matrix_client_element_registration_enabled: false
+
+# Controls whether presence will be enabled
+matrix_client_element_enable_presence_by_hs_url: ~
+
+# Controls whether custom Element themes will be installed.
+# When enabled, all themes found in the `matrix_client_element_themes_repository_url` repository
+# will be installed and enabled automatically.
+matrix_client_element_themes_enabled: false
+matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes
+
+# Controls the default theme
+matrix_client_element_default_theme: 'light'
+
+# Controls the `settingsDefault.custom_themes` setting of the Element configuration.
+# You can use this setting to define custom themes.
+#
+# Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
+# If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
+#
+# Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
+matrix_client_element_settingDefaults_custom_themes: []
+
+# Default Element configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_client_element_configuration_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
+
+# Your custom JSON configuration for Element should go to `matrix_client_element_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_client_element_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_client_element_configuration_default`.
+#
+# Example configuration extension follows:
+#
+# matrix_client_element_configuration_extension_json: |
+#  {
+#  "disable_3pid_login": true,
+#  "disable_login_language_selector": true
+#  }
+matrix_client_element_configuration_extension_json: '{}'
+
+matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json|from_json if matrix_client_element_configuration_extension_json|from_json is mapping else {} }}"
+
+# Holds the final Element configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
+matrix_client_element_configuration: "{{ matrix_client_element_configuration_default|combine(matrix_client_element_configuration_extension, recursive=True) }}"

roles/matrix-riot-web/tasks/init.yml → roles/matrix-client-element/tasks/init.yml

@@ -1,10 +1,10 @@
 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
-  when: matrix_riot_web_enabled|bool
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
+  when: matrix_client_element_enabled|bool
 
 # ansible lower than 2.8, does not support docker_image build parameters
 # for self buildig it is explicitly needed, so we rather fail here
 - name: Fail if running on Ansible lower than 2.8 and trying self building
   fail:
-    msg: "To self build Riot Web image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_riot_web_container_image_self_build"
+    msg: "To self build the Element image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build"

roles/matrix-client-element/tasks/main.yml

@@ -0,0 +1,34 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_client_element_enabled|bool"
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/setup.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/self_check.yml"
+  delegate_to: 127.0.0.1
+  become: false
+  when: "run_self_check|bool and matrix_client_element_enabled|bool"
+  tags:
+    - self-check

roles/matrix-client-element/tasks/migrate_riot_web.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Check existence of matrix-riot-web.service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
+  register: matrix_client_riot_web_service_stat
+  when: "matrix_client_element_enabled|bool"
+
+- name: Ensure matrix-riot-web is stopped
+  service:
+    name: matrix-riot-web
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
+
+- name: Ensure matrix-riot-web.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
+    state: absent
+  when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-riot-web.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists"
+
+- name: Check existence of /matrix/riot-web
+  stat:
+    path: "/matrix/riot-web"
+  register: matrix_client_riot_web_dir_stat
+  when: "matrix_client_element_enabled|bool"
+
+- name: Relocate /matrix/riot-web to /matrix/client-element
+  command: "mv /matrix/riot-web /matrix/client-element"
+  when: "matrix_client_element_enabled|bool and matrix_client_riot_web_dir_stat.stat.exists"

roles/matrix-client-element/tasks/prepare_themes.yml

@@ -0,0 +1,48 @@
+---
+
+#
+# Tasks related to setting up Element themes
+#
+
+- block:
+  - name: Ensure Element themes repository is pulled
+    git:
+      repo: "{{ matrix_client_element_themes_repository_url }}"
+      dest: "{{ role_path }}/files/scratchpad/themes"
+
+  - name: Find all Element theme files
+    find:
+      paths: "{{ role_path }}/files/scratchpad/themes"
+      patterns: "*.json"
+      recurse: true
+    register: matrix_client_element_theme_file_list
+
+  - name: Read Element theme
+    slurp:
+      path: "{{ item.path }}"
+    register: "matrix_client_element_theme_file_contents"
+    with_items: "{{ matrix_client_element_theme_file_list.files }}"
+
+  - name: Load Element theme
+    set_fact:
+     matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
+    with_items: "{{ matrix_client_element_theme_file_contents.results }}"
+
+  run_once: true
+  delegate_to: 127.0.0.1
+  become: false
+  when: matrix_client_element_themes_enabled|bool
+
+
+#
+# Tasks related to getting rid of Element themes (if it was previously enabled)
+#
+
+- name: Ensure Element themes repository is removed
+  file:
+    path: "{{ role_path }}/files/scratchpad/themes"
+    state: absent
+  run_once: true
+  delegate_to: 127.0.0.1
+  become: false
+  when: "not matrix_client_element_themes_enabled|bool"

roles/matrix-client-element/tasks/self_check.yml

@@ -0,0 +1,22 @@
+---
+
+- set_fact:
+    matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json"
+
+- name: Check Element
+  uri:
+    url: "{{ matrix_client_element_url_endpoint_public }}"
+    follow_redirects: none
+    validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}"
+  register: matrix_client_element_self_check_result
+  check_mode: no
+  ignore_errors: true
+
+- name: Fail if Element not working
+  fail:
+    msg: "Failed checking Element is up at `{{ matrix_server_fqn_element }}` (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`). Is Element running? Is port 443 open in your firewall? Full error: {{ matrix_client_element_self_check_result }}"
+  when: "matrix_client_element_self_check_result.failed or 'json' not in matrix_client_element_self_check_result"
+
+- name: Report working Element
+  debug:
+    msg: "Element at `{{ matrix_server_fqn_element }}` is working (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`)"

roles/matrix-client-element/tasks/setup.yml

@@ -0,0 +1,127 @@
+---
+
+#
+# Tasks related to setting up Element
+#
+
+- name: Ensure Element paths exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_client_element_data_path }}", when: true }
+    - { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" }
+  when: matrix_client_element_enabled|bool and item.when
+
+- name: Ensure Element Docker image is pulled
+  docker_image:
+    name: "{{ matrix_client_element_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}"
+  when: matrix_client_element_enabled|bool and not matrix_client_element_container_image_self_build
+
+- name: Ensure Element repository is present on self-build
+  git:
+    repo: https://github.com/vector-im/riot-web.git
+    dest: "{{ matrix_client_element_docker_src_files_path }}"
+    version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
+
+- name: Ensure Element Docker image is built
+  docker_image:
+    name: "{{ matrix_client_element_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_client_element_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
+
+- name: Ensure Element configuration installed
+  copy:
+    content: "{{ matrix_client_element_configuration|to_nice_json }}"
+    dest: "{{ matrix_client_element_data_path }}/config.json"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_client_element_enabled|bool
+
+- name: Ensure Element config files installed
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
+    - {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
+    - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
+  when: "matrix_client_element_enabled|bool and item.src is not none"
+
+- name: Ensure Element config files removed
+  file:
+    path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
+    state: absent
+  with_items:
+    - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
+  when: "matrix_client_element_enabled|bool and item.src is none"
+
+- name: Ensure matrix-client-element.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-client-element.service"
+    mode: 0644
+  register: matrix_client_element_systemd_service_result
+  when: matrix_client_element_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-client-element.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_client_element_enabled and matrix_client_element_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of Element (if it was previously enabled)
+#
+
+- name: Check existence of matrix-client-element.service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-client-element.service"
+  register: matrix_client_element_service_stat
+  when: "not matrix_client_element_enabled|bool"
+
+- name: Ensure matrix-client-element is stopped
+  service:
+    name: matrix-client-element
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
+
+- name: Ensure matrix-client-element.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-client-element.service"
+    state: absent
+  when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-client-element.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
+
+- name: Ensure Element paths doesn't exist
+  file:
+    path: "{{ matrix_client_element_data_path }}"
+    state: absent
+  when: "not matrix_client_element_enabled|bool"
+
+- name: Ensure Element Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_client_element_docker_image }}"
+    state: absent
+  when: "not matrix_client_element_enabled|bool"

roles/matrix-client-element/tasks/validate_config.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Fail if required Element settings not defined
+  fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`) for using Element.
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_client_element_default_hs_url"
+
+- name: (Deprecation) Catch and report riot-web variables
+  fail:
+    msg: >-
+      Riot has been renamed to Element (https://element.io/blog/welcome-to-element/).
+      The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
+      Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
+      Also note that DNS configuration changes may be necessary.
+  when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
+  with_items:
+    - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'}

roles/matrix-client-element/templates/config.json.j2

@@ -0,0 +1,45 @@
+{
+	"default_server_config": {
+		"m.homeserver": {
+			"base_url": {{ matrix_client_element_default_hs_url|string|to_json }},
+			"server_name": {{ matrix_client_element_default_server_name|string|to_json }}
+		},
+		"m.identity_server": {
+			"base_url": {{ matrix_client_element_default_is_url|string|to_json }}
+		}
+	},
+	"settingDefaults": {
+		"custom_themes": {{ matrix_client_element_settingDefaults_custom_themes|to_json }}
+	},
+	"default_theme": {{ matrix_client_element_default_theme|string|to_json }},
+	"permalinkPrefix": {{ matrix_client_element_permalinkPrefix|string|to_json }},
+	"disable_custom_urls": {{ matrix_client_element_disable_custom_urls|to_json }},
+	"disable_guests": {{ matrix_client_element_disable_guests|to_json }},
+	"brand": {{ matrix_client_element_brand|to_json }},
+	"integrations_ui_url": {{ matrix_client_element_integrations_ui_url|string|to_json }},
+	"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
+	"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
+	"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
+	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
+	"enableLabs": true,
+	"roomDirectory": {
+		"servers": {{ matrix_client_element_roomdir_servers|to_json }}
+	},
+	"welcomeUserId": {{ matrix_client_element_welcome_user_id|to_json }},
+	{% if matrix_client_element_enable_presence_by_hs_url is not none %}
+		"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url|to_json }},
+	{% endif %}
+	"embeddedPages": {
+		"homeUrl": {{ matrix_client_element_embedded_pages_home_url|string|to_json }}
+	},
+	{% if matrix_client_element_jitsi_preferredDomain %}
+	"jitsi": {
+        "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
+    },
+	{% endif %}
+	"branding": {
+		"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
+		"authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl|to_json }},
+		"welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl|to_json }}
+	}
+}

roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2

@@ -0,0 +1,43 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Element server
+{% for service in matrix_client_element_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_client_element_container_http_host_bind_port %}
+			-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
+			{% endif %}
+			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
+			-v {{ matrix_client_element_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
+			-v {{ matrix_client_element_data_path }}/config.json:/app/config.json:ro \
+			-v {{ matrix_client_element_data_path }}/config.json:/app/config.{{ matrix_server_fqn_element }}.json:ro \
+			{% if matrix_client_element_embedded_pages_home_path is not none %}
+			-v {{ matrix_client_element_data_path }}/home.html:/app/home.html:ro \
+			{% endif %}
+			-v {{ matrix_client_element_data_path }}/welcome.html:/app/welcome.html:ro \
+			{% for arg in matrix_client_element_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_client_element_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-client-element
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-client-element
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-client-element
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-riot-web/templates/welcome.html.j2 → roles/matrix-client-element/templates/welcome.html.j2

@@ -153,23 +153,23 @@ h1::after {
 </style>
 
 <div class="mx_Parent">
-    <a href="{{ matrix_riot_web_welcome_logo_link }}" target="_blank" rel="noopener">
-        <img src="{{ matrix_riot_web_welcome_logo }}" alt="" class="mx_Logo"/>
+    <a href="{{ matrix_client_element_welcome_logo_link }}" target="_blank" rel="noopener">
+        <img src="{{ matrix_client_element_welcome_logo }}" alt="" class="mx_Logo"/>
     </a>
-    <h1 class="mx_Header_title">{{ matrix_riot_web_welcome_headline }}</h1>
-    <h4 class="mx_Header_subtitle">{{ matrix_riot_web_welcome_text }}</h4>
+    <h1 class="mx_Header_title">{{ matrix_client_element_welcome_headline }}</h1>
+    <h4 class="mx_Header_subtitle">{{ matrix_client_element_welcome_text }}</h4>
     <div class="mx_ButtonGroup">
         <div class="mx_ButtonRow">
             <a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
                 <div class="mx_ButtonLabel">_t("Sign In")</div>
             </a>
-{% if matrix_riot_web_registration_enabled %}
+{% if matrix_client_element_registration_enabled %}
             <a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
                 <div class="mx_ButtonLabel">_t("Create Account")</div>
             </a>
 {% endif %}
         </div>
-{% if matrix_riot_web_disable_guests != true %}
+{% if matrix_client_element_disable_guests != true %}
         <!-- The comments below are meant to be used by Ansible as a quick way
              to strip out the marked content when desired.
              See https://github.com/vector-im/riot-web/issues/8622.

roles/matrix-client-element/vars/main.yml

@@ -0,0 +1,3 @@
+---
+
+matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"

roles/matrix-common-after/tasks/start.yml

@@ -1,21 +1,23 @@
 ---
 
-- name: Ensure systemd reloaded
+- name: Ensure systemd is reloaded
   service:
     daemon_reload: yes
 
-- name: Ensure Matrix services stopped
+- name: Ensure Matrix services are stopped
   service:
     name: "{{ item }}"
     state: stopped
   with_items: "{{ matrix_systemd_services_list }}"
+  when: not ansible_check_mode
 
-- name: Ensure Matrix services started
+- name: Ensure Matrix services are started
   service:
     name: "{{ item }}"
     enabled: yes
     state: started
   with_items: "{{ matrix_systemd_services_list }}"
+  when: not ansible_check_mode
 
 # If we check service state immediately, we may succeed,
 # because it takes some time for the service to attempt to start and actually fail.

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -13,7 +13,7 @@
     group: "{{ matrix_user_groupname }}"
   with_items:
     - { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
-  when: matrix_riot_web_enabled|bool and item.when
+  when: matrix_coturn_enabled|bool and item.when
 
 - name: Ensure Coturn image is pulled
   docker_image:

roles/matrix-dimension/templates/config.yaml.j2

@@ -31,7 +31,7 @@ homeserver:
   accessToken: "{{ matrix_dimension_access_token }}"
 
 # These users can modify the integrations this Dimension supports.
-# To access the admin interface, open Dimension in Riot and click the settings icon.
+# To access the admin interface, open Dimension in Element and click the settings icon.
 admins: {{ matrix_dimension_admins|to_json }}
 
 # IPs and CIDR ranges listed here will be blocked from being widgets.

roles/matrix-jitsi/defaults/main.yml

@@ -49,7 +49,7 @@ matrix_jitsi_jibri_xmpp_password: ''
 matrix_jitsi_jibri_recorder_user: recorder
 matrix_jitsi_jibri_recorder_password: ''
 
-matrix_jitsi_container_image_tag: "stable-4627-1"
+matrix_jitsi_container_image_tag: "stable-4857"
 
 matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"

roles/matrix-ma1sd/defaults/main.yml

@@ -11,7 +11,8 @@ matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
 matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
 
 matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
-matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src"
+# We need the docker src directory to be named ma1sd. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/588
+matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1sd"
 matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
 matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"
 
@@ -82,6 +83,9 @@ matrix_ma1sd_verbose_logging: false
 matrix_ma1sd_v1_enabled: true
 matrix_ma1sd_v2_enabled: true
 
+# Fix for missing 3PIDS bug
+matrix_ma1sd_hashing_enabled: true
+
 # Default ma1sd configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-ma1sd/tasks/setup_ma1sd.yml

@@ -54,13 +54,20 @@
     git:
       repo: https://github.com/ma1uta/ma1sd.git
       dest: "{{ matrix_ma1sd_docker_src_files_path }}"
-      version: "v{{ matrix_ma1sd_docker_image.split(':')[1] }}"
+      version: "{{ matrix_ma1sd_docker_image.split(':')[1].split('-')[0] }}"
       force: "yes"
 
   - name: Ensure ma1sd Docker image is built
     shell: "./gradlew dockerBuild"
     args:
       chdir: "{{ matrix_ma1sd_docker_src_files_path }}"
+
+  - name: Ensure ma1sd Docker image is tagged correctly
+    docker_image:
+      name: "{{ matrix_ma1sd_docker_image.split('-')[0] }}"
+      repository: "{{ matrix_ma1sd_docker_image }}"
+      force_tag: yes
+      source: local
   when: "matrix_ma1sd_enabled|bool and matrix_ma1sd_container_image_self_build"
 
 - name: Ensure ma1sd config installed

roles/matrix-ma1sd/templates/ma1sd.yaml.j2

@@ -63,6 +63,19 @@ threepid:
           {% endif %}
 {% endif %}
 
+{% if matrix_ma1sd_hashing_enabled %}
+hashing:
+  enabled: true # enable or disable the hash lookup MSC2140 (default is false)
+  pepperLength: 20 # length of the pepper value (default is 20)
+  rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating
+  hashStorageType: sql # or `in_memory` where the hashes will be stored
+  algorithms:
+    - none   # the same as v1 bulk lookup
+    - sha256 # hash the 3PID and pepper.
+  delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s)
+  requests: 10 
+{% endif %}
+
 synapseSql:
   enabled: {{ matrix_ma1sd_synapsesql_enabled }}
   type: {{ matrix_ma1sd_synapsesql_type }}

roles/matrix-nginx-proxy/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # that is frequently out of date.
-matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
+matrix_nginx_proxy_docker_image: "nginx:1.19.1-alpine"
 matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
 
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@@ -94,8 +94,12 @@ matrix_nginx_proxy_base_domain_homepage_template: |-
 
 
 # Controls whether proxying the riot domain should be done.
-matrix_nginx_proxy_proxy_riot_enabled: false
-matrix_nginx_proxy_proxy_riot_hostname: "{{ matrix_server_fqn_riot }}"
+matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: false
+matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }}"
+
+# Controls whether proxying the Element domain should be done.
+matrix_nginx_proxy_proxy_element_enabled: false
+matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"
 
 # Controls whether proxying the matrix domain should be done.
 matrix_nginx_proxy_proxy_matrix_enabled: false
@@ -162,23 +166,26 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
 # A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
 matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
 
-# A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
+# A list of strings containing additional configuration blocks to add to Riot's server configuration.
 matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
 
-# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
+# A list of strings containing additional configuration blocks to add to Element's server configuration.
+matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: []
+
+# A list of strings containing additional configuration blocks to add to Dimension's server configuration.
 matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
 
-# A list of strings containing additional configuration blocks to add to the jitsi's server configuration.
+# A list of strings containing additional configuration blocks to add to Jitsi's server configuration.
 matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
 
-# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
+# A list of strings containing additional configuration blocks to add to the base domain server configuration.
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
 
 # Specifies when to reload the matrix-nginx-proxy service so that
 # a new SSL certificate could go into effect.
 matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
 
-# Specifies which SSL protocols to use when serving Riot and Synapse
+# Specifies which SSL protocols to use when serving all the various vhosts
 matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
 
 # Controls whether the self-check feature should validate SSL certificates.
@@ -204,7 +211,7 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
 # obeying the following hierarchy:
 # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
 # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
-# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_riot`).
+# where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_element`).
 #
 # The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
 # It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
@@ -220,7 +227,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.6.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -52,12 +52,19 @@
     mode: 0644
   when: matrix_nginx_proxy_proxy_matrix_enabled|bool
 
+- name: Ensure Matrix nginx-proxy configuration for Element domain exists
+  template:
+    src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
+    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
+    mode: 0644
+  when: matrix_nginx_proxy_proxy_element_enabled|bool
+
 - name: Ensure Matrix nginx-proxy configuration for riot domain exists
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
     mode: 0644
-  when: matrix_nginx_proxy_proxy_riot_enabled|bool
+  when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for dimension domain exists
   template:
@@ -162,7 +169,7 @@
   file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
     state: absent
-  when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
+  when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
   file:

roles/matrix-nginx-proxy/tasks/validate_config.yml

@@ -9,6 +9,9 @@
   with_items:
     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
+    # People who configured this to disable Riot, would now wish to be disabling Element.
+    # We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
+    - {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
 
 - name: Fail on unknown matrix_ssl_retrieval_method
   fail:

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2

@@ -0,0 +1,76 @@
+#jinja2: lstrip_blocks: "True"
+
+{% macro render_vhost_directives() %}
+	gzip on;
+	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Content-Type-Options nosniff;
+	add_header X-Frame-Options SAMEORIGIN;	
+	{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
+		{{- configuration_block }}
+	{% endfor %}
+
+	location / {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "matrix-client-element:8080";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://127.0.0.1:8765;
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+	}
+{% endmacro %}
+
+server {
+	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
+
+	server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	{% if matrix_nginx_proxy_https_enabled %}
+		location /.well-known/acme-challenge {
+			{% if matrix_nginx_proxy_enabled %}
+				{# Use the embedded DNS resolver in Docker containers to discover the service #}
+				resolver 127.0.0.11 valid=5s;
+				set $backend "matrix-certbot:8080";
+				proxy_pass http://$backend;
+			{% else %}
+				{# Generic configuration for use outside of our container setup #}
+				proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
+			{% endif %}
+		}
+
+		location / {
+			return 301 https://$http_host$request_uri;
+		}
+	{% else %}
+		{{ render_vhost_directives() }}
+	{% endif %}
+}
+
+{% if matrix_nginx_proxy_https_enabled %}
+server {
+	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+
+	server_name {{ matrix_nginx_proxy_proxy_element_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/fullchain.pem;
+	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/privkey.pem;
+	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+	{{ render_vhost_directives() }}
+}
+{% endif %}

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2

@@ -3,6 +3,8 @@
 {% macro render_vhost_directives() %}
 	gzip on;
 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Content-Type-Options nosniff;
 {% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
 	{{- configuration_block }}
 {% endfor %}

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2

@@ -3,6 +3,9 @@
 {% macro render_vhost_directives() %}
 	gzip on;
 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Content-Type-Options nosniff;
+	add_header X-Frame-Options SAMEORIGIN;
 {% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
 	{{- configuration_block }}
 {% endfor %}

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2

@@ -1,32 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 
 {% macro render_vhost_directives() %}
-	gzip on;
-	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
 	{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}
 
 	location / {
-		{% if matrix_nginx_proxy_enabled %}
-			{# Use the embedded DNS resolver in Docker containers to discover the service #}
-			resolver 127.0.0.11 valid=5s;
-			set $backend "matrix-riot-web:8080";
-			proxy_pass http://$backend;
-		{% else %}
-			{# Generic configuration for use outside of our container setup #}
-			proxy_pass http://127.0.0.1:8765;
-		{% endif %}
-
-		proxy_set_header Host $host;
-		proxy_set_header X-Forwarded-For $remote_addr;
+		return 301 https://{{ matrix_nginx_proxy_proxy_element_hostname }}$request_uri;
 	}
 {% endmacro %}
 
 server {
 	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
 
-	server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
+	server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
 
 	server_tokens off;
 	root /dev/null;
@@ -57,13 +44,13 @@ server {
 	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
 	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
 
-	server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
+	server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }};
 
 	server_tokens off;
 	root /dev/null;
 
-	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/fullchain.pem;
-	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_hostname }}/privkey.pem;
+	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/fullchain.pem;
+	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}/privkey.pem;
 	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2

@@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: "True"
 # The default is aligned to the CPU's cache size,
-# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
+# which can sometimes be too low to handle our 2 vhosts (Synapse and Element).
 #
 # Thus, we ensure a larger bucket size value is used.
 server_names_hash_bucket_size 64;

roles/matrix-riot-web/defaults/main.yml

@@ -1,122 +0,0 @@
-matrix_riot_web_enabled: true
-
-matrix_riot_web_container_image_self_build: false
-
-matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7"
-matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
-
-matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
-matrix_riot_web_docker_src_files_path: "{{ matrix_riot_web_data_path }}/docker-src"
-
-# Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container).
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
-matrix_riot_web_container_http_host_bind_port: ''
-
-# A list of extra arguments to pass to the container
-matrix_riot_web_container_extra_arguments: []
-
-# List of systemd services that matrix-riot-web.service depends on
-matrix_riot_web_systemd_required_services_list: ['docker.service']
-
-# Riot config.json customizations
-matrix_riot_web_default_server_name: "{{ matrix_domain }}"
-matrix_riot_web_default_hs_url: ""
-matrix_riot_web_default_is_url: ~
-matrix_riot_web_disable_custom_urls: true
-matrix_riot_web_disable_guests: true
-matrix_riot_web_integrations_ui_url: "https://scalar.vector.im/"
-matrix_riot_web_integrations_rest_url: "https://scalar.vector.im/api"
-matrix_riot_web_integrations_widgets_urls: ["https://scalar.vector.im/api"]
-matrix_riot_web_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
-matrix_riot_web_permalinkPrefix: "https://matrix.to"
-# Riot public room directory server(s)
-matrix_riot_web_roomdir_servers: ['matrix.org']
-matrix_riot_web_welcome_user_id: "@riot-bot:matrix.org"
-# Branding of riot web
-matrix_riot_web_brand: "Riot"
-
-# URL to Logo on welcome page
-matrix_riot_web_welcome_logo: "welcome/images/logo.svg"
-
-# URL of link on welcome image
-matrix_riot_web_welcome_logo_link: "https://riot.im"
-
-matrix_riot_web_welcome_headline: "_t('Welcome to Riot.im')"
-matrix_riot_web_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
-
-# Links, shown in footer of welcome page:
-# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
-matrix_riot_web_branding_authFooterLinks: ~
-
-# URL to image, shown during Login
-matrix_riot_web_branding_authHeaderLogoUrl: "{{ matrix_riot_web_welcome_logo }}"
-
-# URL to Wallpaper, shown in background of welcome page
-matrix_riot_web_branding_welcomeBackgroundUrl: ~
-
-# By default, there's no Riot homepage (when logged in). If you wish to have one,
-# point this to a `home.html` template file on your local filesystem.
-matrix_riot_web_embedded_pages_home_path: ~
-
-matrix_riot_web_jitsi_preferredDomain: ''
-
-# Controls whether the self-check feature should validate SSL certificates.
-matrix_riot_web_self_check_validate_certificates: true
-
-# don't show the registration button on welcome page
-matrix_riot_web_registration_enabled: false
-
-# Controls whether Riot shows the presence features
-matrix_riot_web_enable_presence_by_hs_url: ~
-
-# Controls whether custom riot-web themes will be installed.
-# When enabled, all themes found in the `matrix_riot_web_themes_repository_url` repository
-# will be installed and enabled automatically.
-matrix_riot_web_themes_enabled: false
-matrix_riot_web_themes_repository_url: https://github.com/aaronraimist/riot-web-themes
-
-# Controls the default riot-web theme
-matrix_riot_web_default_theme: 'light'
-
-# Controls the `settingsDefault.custom_themes` setting of the riot-web configuration.
-# You can use this setting to define custom themes.
-#
-# Also, look at `matrix_riot_web_themes_enabled` for a way to pull in a bunch of custom themes automatically.
-# If you define your own themes here and set `matrix_riot_web_themes_enabled: true`, your themes will be preserved as well.
-#
-# Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
-matrix_riot_web_settingDefaults_custom_themes: []
-
-# Default riot-web configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_riot_web_configuration_extension_json`)
-# or completely replace this variable with your own template.
-#
-# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
-# This is unlike what it does when looking up YAML template files (no automatic parsing there).
-matrix_riot_web_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
-
-# Your custom JSON configuration for riot-web should go to `matrix_riot_web_configuration_extension_json`.
-# This configuration extends the default starting configuration (`matrix_riot_web_configuration_default`).
-#
-# You can override individual variables from the default configuration, or introduce new ones.
-#
-# If you need something more special, you can take full control by
-# completely redefining `matrix_riot_web_configuration_default`.
-#
-# Example configuration extension follows:
-#
-# matrix_riot_web_configuration_extension_json: |
-#  {
-#  "disable_3pid_login": true,
-#  "disable_login_language_selector": true
-#  }
-matrix_riot_web_configuration_extension_json: '{}'
-
-matrix_riot_web_configuration_extension: "{{ matrix_riot_web_configuration_extension_json|from_json if matrix_riot_web_configuration_extension_json|from_json is mapping else {} }}"
-
-# Holds the final riot-web configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_riot_web_configuration_default`.
-matrix_riot_web_configuration: "{{ matrix_riot_web_configuration_default|combine(matrix_riot_web_configuration_extension, recursive=True) }}"

roles/matrix-riot-web/tasks/main.yml

@@ -1,28 +0,0 @@
-- import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
-- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup|bool and matrix_riot_web_enabled|bool"
-  tags:
-    - setup-all
-    - setup-riot-web
-
-- import_tasks: "{{ role_path }}/tasks/prepare_riot_web_themes.yml"
-  when: run_setup|bool
-  tags:
-    - setup-all
-    - setup-riot-web
-
-- import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml"
-  when: run_setup|bool
-  tags:
-    - setup-all
-    - setup-riot-web
-
-- import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "run_self_check|bool and matrix_riot_web_enabled|bool"
-  tags:
-    - self-check

roles/matrix-riot-web/tasks/prepare_riot_web_themes.yml

@@ -1,48 +0,0 @@
----
-
-#
-# Tasks related to setting up riot-web themes
-#
-
-- block:
-  - name: Ensure riot-web themes repository is pulled
-    git:
-      repo: "{{ matrix_riot_web_themes_repository_url }}"
-      dest: "{{ role_path }}/files/scratchpad/riot-web-themes"
-
-  - name: Find all riot-web theme files
-    find:
-      paths: "{{ role_path }}/files/scratchpad/riot-web-themes"
-      patterns: "*.json"
-      recurse: true
-    register: matrix_riot_web_theme_file_list
-
-  - name: Read riot-web theme
-    slurp:
-      path: "{{ item.path }}"
-    register: "matrix_riot_web_theme_file_contents"
-    with_items: "{{ matrix_riot_web_theme_file_list.files }}"
-
-  - name: Load riot-web theme
-    set_fact:
-     matrix_riot_web_settingDefaults_custom_themes: "{{ matrix_riot_web_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"
-    with_items: "{{ matrix_riot_web_theme_file_contents.results }}"
-
-  run_once: true
-  delegate_to: 127.0.0.1
-  become: false
-  when: matrix_riot_web_themes_enabled|bool
-
-
-# #
-# # Tasks related to getting rid of riot-web themes (if it was previously enabled)
-# #
-
-- name: Ensure riot-web themes repository is removed
-  file:
-    path: "{{ role_path }}/files/scratchpad/riot-web-themes"
-    state: absent
-  run_once: true
-  delegate_to: 127.0.0.1
-  become: false
-  when: "not matrix_riot_web_themes_enabled|bool"

roles/matrix-riot-web/tasks/self_check_riot_web.yml

@@ -1,22 +0,0 @@
----
-
-- set_fact:
-    riot_web_url_endpoint_public: "https://{{ matrix_server_fqn_riot }}/config.json"
-
-- name: Check riot-web
-  uri:
-    url: "{{ riot_web_url_endpoint_public }}"
-    follow_redirects: none
-    validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
-  register: result_riot_web
-  check_mode: no
-  ignore_errors: true
-
-- name: Fail if riot-web not working
-  fail:
-    msg: "Failed checking riot-web is up at `{{ matrix_server_fqn_riot }}` (checked endpoint: `{{ riot_web_url_endpoint_public }}`). Is Riot running? Is port 443 open in your firewall? Full error: {{ result_riot_web }}"
-  when: "result_riot_web.failed or 'json' not in result_riot_web"
-
-- name: Report working riot-web
-  debug:
-    msg: "riot-web at `{{ matrix_server_fqn_riot }}` is working (checked endpoint: `{{ riot_web_url_endpoint_public }}`)"

roles/matrix-riot-web/tasks/setup_riot_web.yml

@@ -1,127 +0,0 @@
----
-
-#
-# Tasks related to setting up riot-web
-#
-
-- name: Ensure Matrix riot-web path exists
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - { path: "{{ matrix_riot_web_data_path }}", when: true }
-    - { path: "{{ matrix_riot_web_docker_src_files_path }}", when: "{{ matrix_riot_web_container_image_self_build }}" }
-  when: matrix_riot_web_enabled|bool and item.when
-
-- name: Ensure riot-web Docker image is pulled
-  docker_image:
-    name: "{{ matrix_riot_web_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_riot_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_riot_web_docker_image_force_pull }}"
-  when: matrix_riot_web_enabled|bool and not matrix_riot_web_container_image_self_build
-
-- name: Ensure Riot Web repository is present on self-build
-  git:
-    repo: https://github.com/vector-im/riot-web.git
-    dest: "{{ matrix_riot_web_docker_src_files_path }}"
-    version: "{{ matrix_riot_web_docker_image.split(':')[1] }}"
-    force: "yes"
-  when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
-
-- name: Ensure Riot Web Docker image is built
-  docker_image:
-    name: "{{ matrix_riot_web_docker_image }}"
-    source: build
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_riot_web_docker_src_files_path }}"
-      pull: yes
-  when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
-
-- name: Ensure Matrix riot-web configuration installed
-  copy:
-    content: "{{ matrix_riot_web_configuration|to_nice_json }}"
-    dest: "{{ matrix_riot_web_data_path }}/config.json"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  when: matrix_riot_web_enabled|bool
-
-- name: Ensure Matrix riot-web config files installed
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
-    - {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
-    - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
-  when: "matrix_riot_web_enabled|bool and item.src is not none"
-
-- name: Ensure Matrix riot-web config files removed
-  file:
-    path: "{{ matrix_riot_web_data_path }}/{{ item.name }}"
-    state: absent
-  with_items:
-    - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
-  when: "matrix_riot_web_enabled|bool and item.src is none"
-
-- name: Ensure matrix-riot-web.service installed
-  template:
-    src: "{{ role_path }}/templates/systemd/matrix-riot-web.service.j2"
-    dest: "{{ matrix_systemd_path }}/matrix-riot-web.service"
-    mode: 0644
-  register: matrix_riot_web_systemd_service_result
-  when: matrix_riot_web_enabled|bool
-
-- name: Ensure systemd reloaded after matrix-riot-web.service installation
-  service:
-    daemon_reload: yes
-  when: "matrix_riot_web_enabled and matrix_riot_web_systemd_service_result.changed"
-
-#
-# Tasks related to getting rid of riot-web (if it was previously enabled)
-#
-
-- name: Check existence of matrix-riot-web service
-  stat:
-    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
-  register: matrix_riot_web_service_stat
-  when: "not matrix_riot_web_enabled|bool"
-
-- name: Ensure matrix-riot-web is stopped
-  service:
-    name: matrix-riot-web
-    state: stopped
-    daemon_reload: yes
-  register: stopping_result
-  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
-
-- name: Ensure matrix-riot-web.service doesn't exist
-  file:
-    path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
-    state: absent
-  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-riot-web.service removal
-  service:
-    daemon_reload: yes
-  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
-
-- name: Ensure Matrix riot-web paths doesn't exist
-  file:
-    path: "{{ matrix_riot_web_data_path }}"
-    state: absent
-  when: "not matrix_riot_web_enabled|bool"
-
-- name: Ensure riot-web Docker image doesn't exist
-  docker_image:
-    name: "{{ matrix_riot_web_docker_image }}"
-    state: absent
-  when: "not matrix_riot_web_enabled|bool"

roles/matrix-riot-web/tasks/validate_config.yml

@@ -1,23 +0,0 @@
----
-
-- name: Fail if required riot-web settings not defined
-  fail:
-    msg: >
-      You need to define a required configuration setting (`{{ item }}`) for using riot-web.
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_riot_web_default_hs_url"
-
-- name: (Deprecation) Catch and report renamed riot-web variables
-  fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "item.old in vars"
-  with_items:
-    - {'old': 'matrix_riot_web_homepage_template', 'new': 'matrix_riot_web_embedded_pages_home_path'}
-    - {'old': 'matrix_riot_web_homepage_template_general', 'new': '<removed>'}
-    - {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'}
-    - {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'}
-    - {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'}
-    - {'old': 'matrix_riot_web_container_expose_port', 'new': '<superseded by matrix_riot_web_container_http_host_bind_port>'}

roles/matrix-riot-web/templates/config.json.j2

@@ -1,45 +0,0 @@
-{
-	"default_server_config": {
-		"m.homeserver": {
-			"base_url": {{ matrix_riot_web_default_hs_url|string|to_json }},
-			"server_name": {{ matrix_riot_web_default_server_name|string|to_json }}
-		},
-		"m.identity_server": {
-			"base_url": {{ matrix_riot_web_default_is_url|string|to_json }}
-		}
-	},
-	"settingDefaults": {
-		"custom_themes": {{ matrix_riot_web_settingDefaults_custom_themes|to_json }}
-	},
-	"default_theme": {{ matrix_riot_web_default_theme|string|to_json }},
-	"permalinkPrefix": {{ matrix_riot_web_permalinkPrefix|string|to_json }},
-	"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
-	"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
-	"brand": {{ matrix_riot_web_brand|to_json }},
-	"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|string|to_json }},
-	"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|string|to_json }},
-	"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
-	"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|string|to_json }},
-	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
-	"enableLabs": true,
-	"roomDirectory": {
-		"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
-	},
-	"welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }},
-	{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
-		"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
-	{% endif %}
-	"embeddedPages": {
-		"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
-	},
-	{% if matrix_riot_web_jitsi_preferredDomain %}
-	"jitsi": {
-        "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}
-    },
-	{% endif %}
-	"branding": {
-		"authFooterLinks": {{ matrix_riot_web_branding_authFooterLinks|to_json }},
-		"authHeaderLogoUrl": {{ matrix_riot_web_branding_authHeaderLogoUrl|to_json }},
-		"welcomeBackgroundUrl": {{ matrix_riot_web_branding_welcomeBackgroundUrl|to_json }}
-	}
-}

roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2

@@ -1,43 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=Matrix riot-web server
-{% for service in matrix_riot_web_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-
-[Service]
-Type=simple
-ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
-ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
-
-ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--network={{ matrix_docker_network }} \
-			{% if matrix_riot_web_container_http_host_bind_port %}
-			-p {{ matrix_riot_web_container_http_host_bind_port }}:8080 \
-			{% endif %}
-			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-			-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
-			-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
-			{% if matrix_riot_web_embedded_pages_home_path is not none %}
-			-v {{ matrix_riot_web_data_path }}/home.html:/app/home.html:ro \
-			{% endif %}
-			-v {{ matrix_riot_web_data_path }}/welcome.html:/app/welcome.html:ro \
-			{% for arg in matrix_riot_web_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_riot_web_docker_image }}
-
-ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
-ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-riot-web
-
-[Install]
-WantedBy=multi-user.target

roles/matrix-riot-web/vars/main.yml

@@ -1,3 +0,0 @@
----
-
-matrix_riot_web_embedded_pages_home_url: "{{ ('' if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}"

roles/matrix-synapse-admin/defaults/main.yml

@@ -0,0 +1,25 @@
+# matrix-synapse-admin is a web UI for mananging the Synapse Matrix server
+# See: https://github.com/Awesome-Technologies/synapse-admin
+
+matrix_synapse_admin_enabled: true
+
+matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1"
+matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
+
+# A list of extra arguments to pass to the container
+matrix_synapse_admin_container_extra_arguments: []
+
+# List of systemd services that matrix-synapse-admin.service depends on
+matrix_synapse_admin_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-synapse-admin.service wants
+matrix_synapse_admin_systemd_wanted_services_list: []
+
+# Controls whether the matrix-synapse-admin container exposes its HTTP port (tcp/80 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8766"), or empty string to not expose.
+matrix_synapse_admin_container_http_host_bind_port: ''
+
+# The path at which Synapse Admin will be exposed on `matrix.DOMAIN`
+# (only applies when matrix-nginx-proxy is used).
+matrix_synapse_admin_public_endpoint: /synapse-admin

roles/matrix-synapse-admin/tasks/init.yml

@@ -0,0 +1,52 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin'] }}"
+  when: matrix_synapse_admin_enabled|bool
+
+- block:
+  - name: Fail if matrix-nginx-proxy role already executed
+    fail:
+      msg: >-
+        Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
+        but it's pointless since the matrix-nginx-proxy role had already executed.
+        To fix this, please change the order of roles in your plabook,
+        so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
+    when: matrix_nginx_proxy_role_executed|default(False)|bool
+
+  - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
+    set_fact:
+      matrix_synapse_admin_matrix_nginx_proxy_configuration: |
+        rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ $scheme://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
+
+        location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
+        {% if matrix_nginx_proxy_enabled|default(False) %}
+          {# Use the embedded DNS resolver in Docker containers to discover the service #}
+          resolver 127.0.0.11 valid=5s;
+          set $backend "matrix-synapse-admin:80";
+          proxy_pass http://$backend/$1;
+        {% else %}
+          {# Generic configuration for use outside of our container setup #}
+          proxy_pass http://127.0.0.1:8766/$1;
+        {% endif %}
+        }
+
+  - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
+    set_fact:
+      matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+        {{
+          matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+          +
+          [matrix_synapse_admin_matrix_nginx_proxy_configuration]
+        }}
+  tags:
+    - always
+  when: matrix_synapse_admin_enabled|bool
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  debug:
+    msg: >-
+      NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
+      URL endpoint to the matrix-synapse-admin container.
+      You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
+  when: "matrix_synapse_admin_enabled|bool and matrix_nginx_proxy_enabled is not defined"

roles/matrix-synapse-admin/tasks/main.yml

@@ -0,0 +1,8 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup.yml"
+  tags:
+    - setup-all
+    - setup-synapse-admin

roles/matrix-synapse-admin/tasks/setup.yml

@@ -0,0 +1,60 @@
+---
+
+#
+# Tasks related to setting up matrix-synapse-admin
+#
+
+- name: Ensure matrix-synapse-admin image is pulled
+  docker_image:
+    name: "{{ matrix_synapse_admin_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}"
+  when: matrix_synapse_admin_enabled|bool
+
+- name: Ensure matrix-synapse-admin.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-synapse-admin.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service"
+    mode: 0644
+  register: matrix_synapse_admin_systemd_service_result
+  when: matrix_synapse_admin_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-synapse-admin.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of matrix-synapse-admin (if it was previously enabled)
+#
+
+- name: Check existence of matrix-synapse-admin service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service"
+  register: matrix_synapse_admin_service_stat
+
+- name: Ensure matrix-synapse-admin is stopped
+  service:
+    name: matrix-synapse-admin
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists"
+
+- name: Ensure matrix-synapse-admin.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service"
+    state: absent
+  when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-synapse-admin.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists"
+
+- name: Ensure matrix-synapse-admin Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_synapse_admin_docker_image }}"
+    state: absent
+  when: "not matrix_synapse_admin_enabled|bool"

roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2

@@ -0,0 +1,40 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=matrix-synapse-admin
+{% for service in matrix_synapse_admin_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_synapse_admin_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse-admin
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse-admin
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \
+			--log-driver=none \
+			--cap-drop=ALL \
+			--cap-add=CHOWN \
+			--cap-add=NET_BIND_SERVICE \
+			--cap-add=SETUID \
+			--cap-add=SETGID \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_synapse_admin_container_http_host_bind_port %}
+			-p {{ matrix_synapse_admin_container_http_host_bind_port }}:80 \
+			{% endif %}
+			{% for arg in matrix_synapse_admin_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_synapse_admin_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse-admin
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse-admin
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-synapse-admin
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-synapse/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_synapse_enabled: true
 
 matrix_synapse_container_image_self_build: false
 
-matrix_synapse_docker_image: "matrixdotorg/synapse:v1.17.0"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v1.18.0"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -289,7 +289,7 @@ matrix_synapse_email_smtp_host: ""
 matrix_synapse_email_smtp_port: 587
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
-matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"
+matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
 
 
 # Enable this to activate the REST auth password provider module.

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -89,7 +89,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
 #gc_thresholds: [700, 10, 10]
 
 # Set the limit on the returned events in the timeline in the get
-# and sync operations. The default value is -1, means no upper limit.
+# and sync operations. The default value is 100. -1 means no upper limit.
+#
+# Uncomment the following to increase the limit to 5000.
 #
 #filter_timeline_limit: 5000
 
@@ -105,41 +107,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
 #
 #enable_search: false
 
-# Restrict federation to the following whitelist of domains.
-# N.B. we recommend also firewalling your federation listener to limit
-# inbound federation traffic as early as possible, rather than relying
-# purely on this application-layer restriction.  If not specified, the
-# default is to whitelist everything.
-#
-#federation_domain_whitelist:
-#  - lon.example.com
-#  - nyc.example.com
-#  - syd.example.com
-{% if matrix_synapse_federation_domain_whitelist is not none %}
-{# Cannot use `|to_nice_yaml` here, as an empty list does not get serialized properly by it. #}
-federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
-{% endif %}
-
-# Prevent federation requests from being sent to the following
-# blacklist IP address CIDR ranges. If this option is not specified, or
-# specified with an empty list, no ip range blacklist will be enforced.
-#
-# As of Synapse v1.4.0 this option also affects any outbound requests to identity
-# servers provided by user input.
-#
-# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
-# listed here, since they correspond to unroutable addresses.)
-#
-federation_ip_range_blacklist:
-  - '127.0.0.0/8'
-  - '10.0.0.0/8'
-  - '172.16.0.0/12'
-  - '192.168.0.0/16'
-  - '100.64.0.0/10'
-  - '169.254.0.0/16'
-  - '::1/128'
-  - 'fe80::/64'
-  - 'fc00::/7'
 
 # List of ports that Synapse should listen on, their purpose and their
 # configuration.
@@ -169,7 +136,7 @@ federation_ip_range_blacklist:
 #       names: a list of names of HTTP resources. See below for a list of
 #           valid resource names.
 #
-#       compress: set to true to enable HTTP comression for this resource.
+#       compress: set to true to enable HTTP compression for this resource.
 #
 #   additional_resources: Only valid for an 'http' listener. A map of
 #        additional endpoints which should be loaded via dynamic modules.
@@ -610,6 +577,43 @@ acme:
 
 
 
+# Restrict federation to the following whitelist of domains.
+# N.B. we recommend also firewalling your federation listener to limit
+# inbound federation traffic as early as possible, rather than relying
+# purely on this application-layer restriction.  If not specified, the
+# default is to whitelist everything.
+#
+#federation_domain_whitelist:
+#  - lon.example.com
+#  - nyc.example.com
+#  - syd.example.com
+{% if matrix_synapse_federation_domain_whitelist is not none %}
+{# Cannot use `|to_nice_yaml` here, as an empty list does not get serialized properly by it. #}
+federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
+{% endif %}
+
+# Prevent federation requests from being sent to the following
+# blacklist IP address CIDR ranges. If this option is not specified, or
+# specified with an empty list, no ip range blacklist will be enforced.
+#
+# As of Synapse v1.4.0 this option also affects any outbound requests to identity
+# servers provided by user input.
+#
+# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+# listed here, since they correspond to unroutable addresses.)
+#
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
+
 ## Caching ##
 
 # Caching can be configured through the following options.
@@ -1788,6 +1792,9 @@ sso:
 # Each JSON Web Token needs to contain a "sub" (subject) claim, which is
 # used as the localpart of the mxid.
 #
+# Additionally, the expiration time ("exp"), not before time ("nbf"),
+# and issued at ("iat") claims are validated if present.
+#
 # Note that this is a non-standard login type and client support is
 # expected to be non-existant.
 #
@@ -1879,8 +1886,8 @@ email:
   #notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
   notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
 
-  # app_name defines the default value for '%(app)s' in notif_from. It
-  # defaults to 'Matrix'.
+  # app_name defines the default value for '%(app)s' in notif_from and email
+  # subjects. It defaults to 'Matrix'.
   #
   #app_name: my_branded_matrix_server
   app_name: Matrix
@@ -1946,6 +1953,73 @@ email:
   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
   #
   #template_dir: "res/templates"
+
+  # Subjects to use when sending emails from Synapse.
+  #
+  # The placeholder '%(app)s' will be replaced with the value of the 'app_name'
+  # setting above, or by a value dictated by the Matrix client application.
+  #
+  # If a subject isn't overridden in this configuration file, the value used as
+  # its example will be used.
+  #
+  #subjects:
+
+    # Subjects for notification emails.
+    #
+    # On top of the '%(app)s' placeholder, these can use the following
+    # placeholders:
+    #
+    #   * '%(person)s', which will be replaced by the display name of the user(s)
+    #      that sent the message(s), e.g. "Alice and Bob".
+    #   * '%(room)s', which will be replaced by the name of the room the
+    #      message(s) have been sent to, e.g. "My super room".
+    #
+    # See the example provided for each setting to see which placeholder can be
+    # used and how to use them.
+    #
+    # Subject to use to notify about one message from one or more user(s) in a
+    # room which has a name.
+    #message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
+    #
+    # Subject to use to notify about one message from one or more user(s) in a
+    # room which doesn't have a name.
+    #message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
+    #
+    # Subject to use to notify about multiple messages from one or more users in
+    # a room which doesn't have a name.
+    #messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
+    #
+    # Subject to use to notify about multiple messages in a room which has a
+    # name.
+    #messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
+    #
+    # Subject to use to notify about multiple messages in multiple rooms.
+    #messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
+    #
+    # Subject to use to notify about multiple messages from multiple persons in
+    # multiple rooms. This is similar to the setting above except it's used when
+    # the room in which the notification was triggered has no name.
+    #messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
+    #
+    # Subject to use to notify about an invite to a room which has a name.
+    #invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
+    #
+    # Subject to use to notify about an invite to a room which doesn't have a
+    # name.
+    #invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
+
+    # Subject for emails related to account administration.
+    #
+    # On top of the '%(app)s' placeholder, these one can use the
+    # '%(server_name)s' placeholder, which will be replaced by the value of the
+    # 'server_name' setting in your Synapse configuration.
+    #
+    # Subject to use when sending a password reset email.
+    #password_reset: "[%(server_name)s] Password reset"
+    #
+    # Subject to use when sending a verification email to assert an address's
+    # ownership.
+    #email_validation: "[%(server_name)s] Validate your email"
 {% endif %}
 
 # Password providers allow homeserver administrators to integrate
@@ -2303,4 +2377,57 @@ opentracing:
     #    false
 
 
+## Workers ##
+
+# Disables sending of outbound federation transactions on the main process.
+# Uncomment if using a federation sender worker.
+#
+#send_federation: false
+
+# It is possible to run multiple federation sender workers, in which case the
+# work is balanced across them.
+#
+# This configuration must be shared between all federation sender workers, and if
+# changed all federation sender workers must be stopped at the same time and then
+# started, to ensure that all instances are running with the same config (otherwise
+# events may be dropped).
+#
+#federation_sender_instances:
+#  - federation_sender1
+
+# When using workers this should be a map from `worker_name` to the
+# HTTP replication listener of the worker, if configured.
+#
+#instance_map:
+#  worker1:
+#    host: localhost
+#    port: 8034
+
+# Experimental: When using workers you can define which workers should
+# handle event persistence and typing notifications. Any worker
+# specified here must also be in the `instance_map`.
+#
+#stream_writers:
+#  events: worker1
+#  typing: worker1
+
+
+# Configuration for Redis when using workers. This *must* be enabled when
+# using workers (unless using old style direct TCP configuration).
+#
+redis:
+  # Uncomment the below to enable Redis support.
+  #
+  #enabled: true
+
+  # Optional host and port to use to connect to redis. Defaults to
+  # localhost and 6379
+  #
+  #host: localhost
+  #port: 6379
+
+  # Optional password if configured on the Redis instance
+  #
+  #password: <secret_password>
+
 # vim:ft=yaml

setup.yml

@@ -23,8 +23,10 @@
     - matrix-bridge-mx-puppet-twitter
     - matrix-bridge-mx-puppet-instagram
     - matrix-bridge-sms
+    - matrix-bot-matrix-reminder-bot
     - matrix-synapse
-    - matrix-riot-web
+    - matrix-synapse-admin
+    - matrix-client-element
     - matrix-jitsi
     - matrix-ma1sd
     - matrix-dimension