Merge branch 'master' into bye-bye-nginx-proxy

2 лет назад · 377fce5855
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,21 @@
 # 2024-01-05

 ## matrix-mailer has been replaced by the exim-relay external role

 We're continuing our effort to make [the playbook use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things), so as to avoid doing everything ourselves and to facilitate code re-use.

 The `matrix-mailer` role has been moved to its own repository ([ansible-role-exim-relay](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay)) that this playbook now includes.

 To migrate:

 - pull the playbook changes, as usual
 - update your roles (run `just roles` or `make roles`)
 - update your `vars.yml`, renaming `matrix_mailer`-prefixed variables to `exim_relay`-prefixed ones (e.g. `matrix_mailer_sender_address` -> `exim_relay_sender_address`). If you find none, it means you're using the default configuration and your migraiton job is even simpler.
 - re-run the playbook (`install-all` or `setup-all`)

 The playbook will take care of stopping the old `matrix-mailer` systemd service, relocating its directory and restarting it under the new name (`matrix-exim-relay.service`).


 # 2024-01-02

 ## mautrix-signal now powered by the new Go-based bridge
--- a/docs/configuring-playbook-email.md
+++ b/docs/configuring-playbook-email.md
@@ -5,9 +5,9 @@ By default, this playbook sets up an [Exim](https://www.exim.org/) email server
 The email server would attempt to deliver emails directly to their final destination.
 This may or may not work, depending on your domain configuration (SPF settings, etc.)

 By default, emails are sent from `matrix@<your-domain-name>` (as specified by the `matrix_mailer_sender_address` playbook variable).
 By default, emails are sent from `matrix@<your-domain-name>` (as specified by the `exim_relay_sender_address` playbook variable).

 **Note**: If you are using a Google Cloud instance, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so you need to relay email through another SMTP server as described below.   
 **Note**: If you are using a Google Cloud instance, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so you need to relay email through another SMTP server as described below.


 ## Firewall settings
@@ -21,35 +21,35 @@ If you'd like to relay email through another SMTP server, feel free to redefine
 Example:

 ```yaml
 matrix_mailer_sender_address: "another.sender@example.com"
 matrix_mailer_relay_use: true
 matrix_mailer_relay_host_name: "mail.example.com"
 matrix_mailer_relay_host_port: 587
 matrix_mailer_relay_auth: true
 matrix_mailer_relay_auth_username: "another.sender@example.com"
 matrix_mailer_relay_auth_password: "some-password"
 exim_relay_sender_address: "another.sender@example.com"
 exim_relay_relay_use: true
 exim_relay_relay_host_name: "mail.example.com"
 exim_relay_relay_host_port: 587
 exim_relay_relay_auth: true
 exim_relay_relay_auth_username: "another.sender@example.com"
 exim_relay_relay_auth_password: "some-password"
 ```

 **Note**: only the secure submission protocol (using `STARTTLS`, usually on port `587`) is supported. **SMTPS** (encrypted SMTP, usually on port `465`) **is not supported**.


 ### Configuations for sending emails using Sendgrid
 An easy and free SMTP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`.
 An easy and free SMTP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `exim_relay_sender_address`.

 The only other thing you need to change is the `matrix_mailer_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`.
 The only other thing you need to change is the `exim_relay_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`.

 Note that the `matrix_mailer_relay_auth_username` is literally the string `apikey`, it's always the same for Sendgrid.
 Note that the `exim_relay_relay_auth_username` is literally the string `apikey`, it's always the same for Sendgrid.

 ```yaml
 matrix_mailer_sender_address: "arbitrary@email.com"
 matrix_mailer_relay_use: true
 matrix_mailer_relay_host_name: "smtp.sendgrid.net"
 matrix_mailer_relay_host_port: 587
 matrix_mailer_relay_auth: true
 matrix_mailer_relay_auth_username: "apikey"
 matrix_mailer_relay_auth_password: "<your api key password>" 
 exim_relay_sender_address: "arbitrary@email.com"
 exim_relay_relay_use: true
 exim_relay_relay_host_name: "smtp.sendgrid.net"
 exim_relay_relay_host_port: 587
 exim_relay_relay_auth: true
 exim_relay_relay_auth_username: "apikey"
 exim_relay_relay_auth_password: "<your api key password>"
 ```

 ## Troubleshooting

 If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs: `journalctl -f -u matrix-mailer`.
 If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs: `journalctl -f -u matrix-exim-relay`.
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -285,7 +285,7 @@ You can disable some not-so-important services to save on memory.
 matrix_ma1sd_enabled: false

 # Disabling this will prevent email-notifications and other such things from working.
 matrix_mailer_enabled: false
 exim_relay_enabled: false

 # You can also disable this to save more RAM,
 # at the expense of audio/video calls being unreliable.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -353,7 +353,7 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
    +
    ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else [])
    ([{'name': (exim_relay_identifier ~ '.service'), 'priority': 2000, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
    +
    ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'nginx-proxy', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
    +
@@ -2721,24 +2721,38 @@ matrix_ldap_registration_proxy_enabled: false
 #
 ######################################################################

 ######################################################################
 #
 # matrix-mailer
 #
 ######################################################################

 # By default, this playbook sets up an exim mailer server (running in a container).
 # This is so that Synapse can send email reminders for unread messages.
 # Other services (like ma1sd), also use the mailer.
 matrix_mailer_enabled: true
 ########################################################################
 #                                                                      #
 # exim-relay                                                           #
 #                                                                      #
 ########################################################################

 matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
 # We set up an Exim email relay by default.
 # This is so that the homeserver and various other services can send emails through it.
 # To completely disable this service, use: `exim_relay_enabled: false`

 exim_relay_identifier: "matrix-exim-relay"

 exim_relay_base_path: "{{ matrix_base_data_path }}/exim-relay"

 exim_relay_uid: "{{ matrix_user_uid }}"
 exim_relay_gid: "{{ matrix_user_gid }}"

 exim_relay_container_network: "{{ matrix_docker_network }}"

 exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"

 exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"

 exim_relay_sender_address: "matrix@{{ matrix_domain }}"

 ########################################################################
 #                                                                      #
 # /exim-relay                                                          #
 #                                                                      #
 ########################################################################

 ######################################################################
 #
 # /matrix-mailer
 #
 ######################################################################

 ######################################################################
 #
@@ -2779,7 +2793,7 @@ matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix
 matrix_ma1sd_dns_overwrite_homeserver_client_value: "{{ matrix_homeserver_container_url }}"

 # By default, we send mail through the `matrix-mailer` service.
 matrix_ma1sd_threepid_medium_email_identity_from: "{{ matrix_mailer_sender_address }}"
 matrix_ma1sd_threepid_medium_email_identity_from: "{{ exim_relay_sender_address }}"
 matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "matrix-mailer"
 matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025
 matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0
@@ -2797,7 +2811,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
    +
    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
    +
    (['matrix-mailer.service'] if matrix_mailer_enabled else [])
    ([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
  }}

 # Postgres is the default, except if not using internal Postgres server
@@ -3818,11 +3832,11 @@ matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_
 # If someone instals Prometheus via the playbook, they most likely wish to monitor Synapse.
 matrix_synapse_metrics_enabled: "{{ prometheus_enabled }}"

 matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}"
 matrix_synapse_email_smtp_host: "matrix-mailer"
 matrix_synapse_email_enabled: "{{ exim_relay_enabled }}"
 matrix_synapse_email_smtp_host: "{{ exim_relay_identifier }}"
 matrix_synapse_email_smtp_port: 8025
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
 matrix_synapse_email_notif_from: "Matrix <{{ exim_relay_sender_address }}>"

 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.
@@ -3862,7 +3876,7 @@ matrix_synapse_systemd_wanted_services_list_auto: |
  {{
    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
    +
    (['matrix-mailer.service'] if matrix_mailer_enabled else [])
    ([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
  }}

 # Synapse workers (used for parallel load-scaling) need Redis for IPC.
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,7 +4,7 @@
  version: v1.0.0-3
  name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
  version: v1.2.7-1.8.5-2
  version: v1.2.7-1.8.6-0
  name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
  version: v0.1.1-3
@@ -18,6 +18,9 @@
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
  version: v1.9.6-0
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
  version: v4.97-r0-0-0
  name: exim_relay
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
  version: v10.2.3-0
  name: grafana
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -79,7 +79,7 @@
    name: "{{ matrix_bot_buscarron_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_bot_buscarron_docker_src_files_path }}"
--- a/roles/custom/matrix-bot-chatgpt/tasks/install.yml
+++ b/roles/custom/matrix-bot-chatgpt/tasks/install.yml
@@ -50,7 +50,7 @@
        name: "{{ matrix_bot_chatgpt_container_image }}"
        source: build
        force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
          path: "{{ matrix_bot_chatgpt_container_src_path }}"
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -102,7 +102,7 @@
    name: "{{ matrix_bot_honoroit_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_self_build.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -49,7 +49,7 @@
    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -69,7 +69,7 @@
    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_git_pull_results.changed }}"
    build:
      dockerfile: docker/Dockerfile
      path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
--- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
@@ -72,7 +72,7 @@
    name: "{{ matrix_bot_postmoogle_docker_image }}"
    source: build
    force_source: "{{ matrix_bot_postmoogle_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_postmoogle_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_bot_postmoogle_docker_src_files_path }}"
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -160,6 +160,8 @@ matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_ena
 matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
 matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"

 matrix_mautrix_signal_bridge_personal_filtering_spaces: true

 # On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
 # Setting this to false fixed the issue.
 matrix_mautrix_signal_bridge_restricted_rooms: true
--- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -111,7 +111,7 @@ bridge:

    # Should the bridge create a space for each logged-in user and add bridged rooms to it?
    # Users who logged in before turning this on should run `!signal sync-space` to create and fill the space for the first time.
    personal_filtering_spaces: false
    personal_filtering_spaces: {{ matrix_mautrix_signal_bridge_personal_filtering_spaces | to_json }}
    # Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal?
    delivery_receipts: false
    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
--- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml
+++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml
@@ -58,7 +58,7 @@
    name: "{{ matrix_cactus_comments_docker_image }}"
    source: build
    force_source: "{{ matrix_cactus_comments_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_cactus_comments_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_cactus_comments_docker_src_files_path }}"
--- a/roles/custom/matrix-mailer/defaults/main.yml
+++ b/roles/custom/matrix-mailer/defaults/main.yml
@@ -1,35 +0,0 @@
 ---
 # Project source code URL: https://github.com/devture/exim-relay

 matrix_mailer_enabled: true

 matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"

 matrix_mailer_container_image_self_build: false
 matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"

 # renovate: datasource=docker depName=devture/exim-relay versioning=semver
 matrix_mailer_version: 4.97-r0-0
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

 # The user/group that the container runs with.
 # These match the `exim` user/group within the container image.
 matrix_mailer_container_user_uid: 100
 matrix_mailer_container_user_gid: 101

 # A list of extra arguments to pass to the container
 matrix_mailer_container_extra_arguments: []

 matrix_mailer_hostname: "{{ matrix_server_fqn_matrix }}"

 matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
 matrix_mailer_relay_use: false
 matrix_mailer_relay_host_name: "mail.example.com"
 matrix_mailer_relay_host_port: 587
 matrix_mailer_relay_auth: false
 matrix_mailer_relay_auth_username: ""
 matrix_mailer_relay_auth_password: ""
--- a/roles/custom/matrix-mailer/tasks/main.yml
+++ b/roles/custom/matrix-mailer/tasks/main.yml
@@ -1,17 +0,0 @@
 ---

 - tags:
    - setup-all
    - setup-mailer
    - install-all
    - install-mailer
  block:
    - when: matrix_mailer_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"

 - tags:
    - setup-all
    - setup-mailer
  block:
    - when: not matrix_mailer_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
--- a/roles/custom/matrix-mailer/tasks/setup_install.yml
+++ b/roles/custom/matrix-mailer/tasks/setup_install.yml
@@ -1,60 +0,0 @@
 ---

 - name: Ensure mailer base path exists
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {path: "{{ matrix_mailer_base_path }}", when: true}
    - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"}
  when: item.when | bool

 - name: Ensure mailer environment variables file created
  ansible.builtin.template:
    src: "{{ role_path }}/templates/env-mailer.j2"
    dest: "{{ matrix_mailer_base_path }}/env-mailer"
    mode: 0640

 - name: Ensure exim-relay repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
    dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
    version: "{{ matrix_mailer_container_image_self_build_version }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_username }}"
  register: matrix_mailer_git_pull_results
  when: matrix_mailer_container_image_self_build | bool

 - name: Ensure exim-relay Docker image is built
  community.docker.docker_image:
    name: "{{ matrix_mailer_docker_image }}"
    source: build
    force_source: "{{ matrix_mailer_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
      pull: true
  when: matrix_mailer_container_image_self_build | bool

 - name: Ensure exim-relay image is pulled
  community.docker.docker_image:
    name: "{{ matrix_mailer_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
  when: "not matrix_mailer_container_image_self_build | bool"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

 - name: Ensure matrix-mailer.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
    mode: 0644
--- a/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml
@@ -1,25 +0,0 @@
 ---

 - name: Check existence of matrix-mailer service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
  register: matrix_mailer_service_stat

 - when: matrix_mailer_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-mailer is stopped
      ansible.builtin.service:
        name: matrix-mailer
        state: stopped
        enabled: false
        daemon_reload: true

    - name: Ensure matrix-mailer.service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
        state: absent

    - name: Ensure Matrix mailer path doesn't exist
      ansible.builtin.file:
        path: "{{ matrix_mailer_base_path }}"
        state: absent
--- a/roles/custom/matrix-mailer/templates/env-mailer.j2
+++ b/roles/custom/matrix-mailer/templates/env-mailer.j2
@@ -1,9 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 {% if matrix_mailer_relay_use %}
 SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port }}
 {% endif %}
 {% if matrix_mailer_relay_auth %}
 SMTP_USERNAME={{ matrix_mailer_relay_auth_username }}
 SMTP_PASSWORD={{ matrix_mailer_relay_auth_password }}
 {% endif %}
 HOSTNAME={{ matrix_mailer_hostname }}
--- a/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2
+++ b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2
@@ -1,37 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix mailer
 After=docker.service
 Requires=docker.service
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true'

 # --hostname gives us a friendlier hostname than the default.
 # The real hostname is passed via a `HOSTNAME` environment variable though.
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mailer \
 			--log-driver=none \
 			--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_mailer_base_path }}/env-mailer \
 			--hostname=matrix-mailer \
 			{% for arg in matrix_mailer_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mailer_docker_image }}

 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mailer 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mailer

 [Install]
 WantedBy=multi-user.target
--- a/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml
@@ -7,7 +7,7 @@
 # The Traefik role itself (running later) will then ensure this data is up-to-date and will set up the new systemd service.

 # It only makes sense to migrate if the identifier or path are different than the default (what we were using before).
 - when: "devture_traefik_identifier != 'devture-postgres' or devture_traefik_base_path != '/devture-traefik'"
 - when: "devture_traefik_identifier != 'devture-traefik' or devture_traefik_base_path != '/devture-traefik'"
  block:
    - name: Check existence of devture-traefik.service systemd service
      ansible.builtin.stat:
--- a/roles/custom/matrix_playbook_migration/tasks/main.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -27,6 +27,12 @@
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_matrix_static_files_well_known.yml"

 - tags:
    - setup-all
    - install-all
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_matrix_static_files_well_known.yml"

 - when: devture_traefik_enabled | bool
  tags:
    - setup-all
--- a/roles/custom/matrix_playbook_migration/tasks/migrate_matrix_mailer.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/migrate_matrix_mailer.yml
@@ -0,0 +1,39 @@
 ---

 # This migrates the mailer from the old path (`/matrix/mailer`) to the new path (`/matrix/exim-relay`, controlled by `exim_relay_base_path`),
 # and from the old hardcoded systemd service name (`matrix-mailer.service`) to the new one (`matrix-exim-relay.service`, controlled by `exim_relay_identifier`).
 #
 # Here, we merely disable (and stop) the old systemd service and relocate the base directory path (`/matrix/mailer`).
 # The exim-relay role itself (running later) will then ensure this data is up-to-date and will set up the new systemd service.

 # It only makes sense to migrate if the identifier or path are different than the default (what we were using before).
 - name: Check existence of matrix-mailer.service systemd service
  ansible.builtin.stat:
    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
  register: matrix_mailer_service_stat

 - when: matrix_mailer_service_stat.stat.exists | bool
  block:
    - name: Ensure matrix-mailer.service systemd service is stopped
      ansible.builtin.systemd:
        name: matrix-mailer
        state: stopped
        enabled: false
        daemon_reload: true

    - name: Ensure matrix-mailer directory relocated
      ansible.builtin.command:
        cmd: "mv {{ matrix_base_data_path }}/mailer {{ exim_relay_base_path }}"
        creates: "{{ exim_relay_base_path }}"
        removes: "{{ matrix_base_data_path }}"

    # Remove legacy env-mailer file (named `env` in the new role)
    - name: Ensure old exim-relay environment variables file is deleted
      ansible.builtin.file:
        path: "{{ exim_relay_base_path }}/env-mailer"
        state: absent

    - name: Ensure matrix-mailer.service systemd service doesn't exist
      ansible.builtin.file:
        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service"
        state: absent
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -59,6 +59,9 @@
    - {'old': 'matrix_prosody_jitsi_max_participants', 'new': 'jitsi_prosody_max_participants'}
    - {'old': 'jitsi_require_well_known', 'new': 'jitsi_web_well_known_element_jitsi_enabled'}
    - {'old': 'jitsi_wellknown_element_jitsi_json', 'new': 'jitsi_web_well_known_element_jitsi_json'}
    - {'old': 'exim_relay_docker_image', 'new': 'exim_relay_container_image'}
    - {'old': 'exim_relay_docker_image_name_prefix', 'new': 'exim_relay_container_image_name_prefix'}
    - {'old': 'exim_relay_docker_image_force_pull', 'new': 'exim_relay_container_image_force_pull'}

    - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_enabled', 'new': 'matrix_metrics_exposure_enabled'}
    - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled', 'new': 'matrix_metrics_exposure_http_basic_auth_enabled'}
@@ -106,6 +109,17 @@
      The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }}
  when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict"

 - name: (Deprecation) Catch and report matrix_mailer_ variables
  ansible.builtin.fail:
    msg: |-
      The matrix-mailer role in the playbook has been replaced with the exim-relay role (https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay).
      The new role is pretty much the same, but uses differently named variables.

      Please change your configuration (vars.yml) to rename all `matrix_mailer`-prefixed variables (`matrix_mailer_*` -> `exim_relay_*`).

      The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_mailer_.*') | map (attribute='key') | join(', ') }}
  when: "vars | dict2items | selectattr('key', 'match', 'matrix_mailer_.*') | list | items2dict"

 - when: matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled | bool
  block:
    - ansible.builtin.set_fact:
--- a/setup.yml
+++ b/setup.yml
@@ -40,7 +40,7 @@

    - custom/matrix-base
    - custom/matrix-dynamic-dns
    - custom/matrix-mailer
    - galaxy/exim_relay

    - role: galaxy/postgres