Merge pull request #1402 from borisrunakov/matrix-synapse-container-client-api-port

make 8008 configurable
4 лет назад · 6bbc2054b8
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -19,9 +19,9 @@ matrix_container_global_registry_prefix: "docker.io/"
 matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 # If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:8008'.
 # If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'.
 # This is because we explicitly disable them for the main Synapse process.
 matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:8008' }}"
 matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string }}"
 ######################################################################
 #
@@ -113,6 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx
 matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
 matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
 matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
@@ -151,6 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr
 matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}"
 matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
 matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}"
@@ -567,6 +569,7 @@ matrix_sms_bridge_systemd_required_services_list: |
 matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}"
 matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
 matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
 ######################################################################
@@ -1216,6 +1219,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 # ma1sd's web-server port.
 matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}"
 # We enable Synapse integration via its Postgres database by default.
 # When using another Identity store, you might wish to disable this and define
 # your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
@@ -1308,6 +1312,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1
 # Settings controlling matrix-synapse-proxy.conf
 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
@@ -1722,7 +1729,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m
 # you can expose Synapse's ports to the host.
 #
 # For exposing the Matrix Client API's port (plain HTTP) to the local host.
 matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
 matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}"
 #
 # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
 matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}"
--- a/roles/matrix-awx/scripts/matrix_build_room_list.py
+++ b/roles/matrix-awx/scripts/matrix_build_room_list.py
@@ -5,10 +5,11 @@ import json
 janitor_token = sys.argv[1]
 synapse_container_ip = sys.argv[2]
 synapse_container_port = sys.argv[3]
 # collect total amount of rooms
 rooms_raw_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms'
 rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms'
 rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token}
 rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header)
 rooms_raw_python = json.loads(rooms_raw.text)
@@ -19,7 +20,7 @@ total_rooms = rooms_raw_python["total_rooms"]
 room_list_file = open("/tmp/room_list_complete.json", "w")
 for i in range(0, total_rooms, 100):
  rooms_inc_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms?from=' + str(i)
  rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i)
  rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header)
  room_list_file.write(rooms_inc.text)
--- a/roles/matrix-awx/tasks/purge_database_build_list.yml
+++ b/roles/matrix-awx/tasks/purge_database_build_list.yml
@@ -2,9 +2,9 @@
 - name: Collect entire room list into stdout
  shell: |
    curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}'
    curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/rooms?from={{ item }}'
  register: awx_rooms_output
 - name: Print stdout to file
  delegate_to: 127.0.0.1
  shell: |
--- a/roles/matrix-awx/tasks/purge_database_events.yml
+++ b/roles/matrix-awx/tasks/purge_database_events.yml
@@ -2,11 +2,11 @@
 - name: Purge all rooms with more then N events
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
  register: awx_purge_command
 - name: Print output of purge command
  debug: 
  debug:
    msg: "{{ awx_purge_command.stdout }}"
 - name: Pause for 5 seconds to let Synapse breathe
--- a/roles/matrix-awx/tasks/purge_database_main.yml
+++ b/roles/matrix-awx/tasks/purge_database_main.yml
@@ -31,7 +31,7 @@
 - name: Collect access token for janitor user
  shell: |
    curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
    curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
  register: awx_janitors_token
  no_log: True
@@ -47,7 +47,7 @@
 - name: Run build_room_list.py script
  shell: |
    runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }}
    runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }}
  register: awx_rooms_total
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
@@ -69,7 +69,7 @@
  shell: |
    jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
 - name: Count number of rooms with no local users
  delegate_to: 127.0.0.1
  shell: |
@@ -84,7 +84,7 @@
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
 - name: Purge all rooms with no local users
  include_tasks: purge_database_no_local.yml 
  include_tasks: purge_database_no_local.yml
  loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
@@ -116,7 +116,7 @@
  no_log: True
 - name: Purge all rooms with more then N users
  include_tasks: purge_database_users.yml 
  include_tasks: purge_database_users.yml
  loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
  when: awx_purge_mode.find("Number of users [slower]") != -1
@@ -141,7 +141,7 @@
  no_log: True
 - name: Purge all rooms with more then N events
  include_tasks: purge_database_events.yml 
  include_tasks: purge_database_events.yml
  loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
  when: awx_purge_mode.find("Number of events [slower]") != -1
@@ -171,7 +171,7 @@
    wait: yes
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes 
    validate_certs: yes
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
 - name: Revert 'Deploy/Update a Server' job template
@@ -237,7 +237,7 @@
    wait: yes
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: yes 
    validate_certs: yes
  when: (awx_purge_mode.find("Perform final shrink") != -1)
 - name: Revert 'Deploy/Update a Server' job template
@@ -272,7 +272,7 @@
  when: (awx_purge_mode.find("Perform final shrink") != -1)
  no_log: True
 - name: Print total number of rooms processed 
 - name: Print total number of rooms processed
  debug:
    msg: '{{ awx_rooms_total.stdout }}'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
--- a/roles/matrix-awx/tasks/purge_database_no_local.yml
+++ b/roles/matrix-awx/tasks/purge_database_no_local.yml
@@ -2,11 +2,11 @@
 - name: Purge all rooms with no local users
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room'
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room'
  register: awx_purge_command
 - name: Print output of purge command
  debug: 
  debug:
    msg: "{{ awx_purge_command.stdout }}"
 - name: Pause for 5 seconds to let Synapse breathe
--- a/roles/matrix-awx/tasks/purge_database_users.yml
+++ b/roles/matrix-awx/tasks/purge_database_users.yml
@@ -2,11 +2,11 @@
 - name: Purge all rooms with more then N users
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
  register: awx_purge_command
 - name: Print output of purge command
  debug: 
  debug:
    msg: "{{ awx_purge_command.stdout }}"
 - name: Pause for 5 seconds to let Synapse breathe
--- a/roles/matrix-awx/tasks/purge_media_local.yml
+++ b/roles/matrix-awx/tasks/purge_media_local.yml
@@ -7,11 +7,11 @@
 - name: Purge local media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
  register: awx_purge_command
 - name: Print output of purge command
  debug: 
  debug:
    msg: "{{ awx_purge_command.stdout }}"
 - name: Pause for 5 seconds to let Synapse breathe
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@@ -9,7 +9,7 @@
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
  no_log: True
 - name: Ensure curl and jq intalled on target machine
  apt:
    pkg:
@@ -23,7 +23,7 @@
 - name: Collect access token for janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
  register: awx_janitors_token
  no_log: True
@@ -31,7 +31,7 @@
  delegate_to: 127.0.0.1
  shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
  register: awx_purge_dates
 - name: Calculate initial size of local media repository
  shell: du -sh /matrix/synapse/storage/media-store/local*
  register: awx_local_media_size_before
@@ -47,12 +47,12 @@
  no_log: True
 - name: Purge local media with loop
  include_tasks: purge_media_local.yml 
  include_tasks: purge_media_local.yml
  loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
  when: awx_purge_media_type == "Local Media"
 - name: Purge remote media with loop
  include_tasks: purge_media_remote.yml 
  include_tasks: purge_media_remote.yml
  loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
  when: awx_purge_media_type == "Remote Media"
--- a/roles/matrix-awx/tasks/purge_media_remote.yml
+++ b/roles/matrix-awx/tasks/purge_media_remote.yml
@@ -7,11 +7,11 @@
 - name: Purge remote media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
  register: awx_purge_command
 - name: Print output of purge command
  debug: 
  debug:
    msg: "{{ awx_purge_command.stdout }}"
 - name: Pause for 5 seconds to let Synapse breathe
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@@ -91,7 +91,7 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 # Specifies where the homeserver is on the container network.
 # Where this is depends on whether there's a reverse-proxy in front of it, etc.
 # This likely gets overriden elsewhere.
 matrix_homeserver_container_url: "http://matrix-synapse:8008"
 matrix_homeserver_container_url: ""
 matrix_identity_server_url: ~
--- a/roles/matrix-base/tasks/validate_config.yml
+++ b/roles/matrix-base/tasks/validate_config.yml
@@ -0,0 +1,9 @@
 ---
 - name: Fail if required Matrix Base settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`) for using this playbook.
  when: "vars[item] == ''"
  with_items:
    - "matrix_homeserver_container_url"
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003
 matrix_appservice_slack_container_http_host_bind_port: ''
 matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
 matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008"
 matrix_appservice_slack_homeserver_url: ""
 matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}"
 matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack'
@@ -82,7 +82,7 @@ matrix_appservice_slack_configuration_extension_yaml: |
    # Optional
    #matrix_admin_room: "!aBcDeF:matrix.org"
    #homeserver:
    #    url: http://localhost:8008
    #    url: http://localhost:{{ matrix_synapse_container_client_api_port }}
    #    server_name: my.server
    # Optional
    #tls:
--- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml
@@ -8,5 +8,6 @@
  with_items:
    - "matrix_appservice_slack_control_room_id"
    - "matrix_appservice_slack_appservice_token"
    - "matrix_appservice_slack_homeserver_url"
    - "matrix_appservice_slack_homeserver_token"
    - "matrix_appservice_slack_id_token"
--- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
@@ -36,7 +36,7 @@ matrix_appservice_webhooks_matrix_port: 6789
 matrix_appservice_webhooks_container_http_host_bind_port: ''
 matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
 matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008"
 matrix_appservice_webhooks_homeserver_url: ""
 matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
 matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'
--- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
@@ -7,6 +7,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_appservice_webhooks_appservice_token"
    - "matrix_appservice_webhooks_homeserver_url"
    - "matrix_appservice_webhooks_homeserver_token"
    - "matrix_appservice_webhooks_id_token"
    - "matrix_appservice_webhooks_api_secret"
--- a/roles/matrix-bridge-sms/defaults/main.yml
+++ b/roles/matrix-bridge-sms/defaults/main.yml
@@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: []
 matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
 matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
 matrix_sms_bridge_homeserver_port: '8008'
 matrix_sms_bridge_homeserver_port: ""
 matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
 matrix_sms_bridge_default_room: ''
--- a/roles/matrix-bridge-sms/tasks/validate_config.yml
+++ b/roles/matrix-bridge-sms/tasks/validate_config.yml
@@ -7,6 +7,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_sms_bridge_appservice_token"
    - "matrix_sms_bridge_homeserver_port"
    - "matrix_sms_bridge_homeserver_token"
    - "matrix_sms_bridge_default_region"
    - "matrix_sms_bridge_default_timezone"
--- a/roles/matrix-corporal/defaults/main.yml
+++ b/roles/matrix-corporal/defaults/main.yml
@@ -36,7 +36,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
 matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
 # Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008").
 # Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}").
 # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
 matrix_corporal_matrix_homeserver_api_endpoint: ""
--- a/roles/matrix-ma1sd/defaults/main.yml
+++ b/roles/matrix-ma1sd/defaults/main.yml
@@ -83,7 +83,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""
 # so that ma1sd can rewrite the original URL to one that would reach the homeserver.
 matrix_ma1sd_dns_overwrite_enabled: false
 matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
 matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
 matrix_ma1sd_dns_overwrite_homeserver_client_value: ""
 # Override the default session templates
 # To use this, fill in the template variables with the full desired template as a multi-line YAML variable
--- a/roles/matrix-ma1sd/tasks/validate_config.yml
+++ b/roles/matrix-ma1sd/tasks/validate_config.yml
@@ -46,6 +46,7 @@
  when: "vars[item] == ''"
  with_items:
    - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host"
    - "matrix_ma1sd_dns_overwrite_homeserver_client_value"
 - name: (Deprecation) Catch and report renamed ma1sd variables
  fail:
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -197,8 +197,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-pr
 matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080"
 # The addresses where the Matrix Client API is, when using Synapse.
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:8008"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: ""
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: ""
 # This needs to be equal or higher than the maximum upload size accepted by Synapse.
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50
--- a/roles/matrix-nginx-proxy/tasks/validate_config.yml
+++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml
@@ -45,5 +45,7 @@
        - "matrix_ssl_lets_encrypt_support_email"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container"
        - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container"
        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"
        - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"
      when: "vars[item] == '' or vars[item] is none"
  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -27,11 +27,13 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
 matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
 matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
 matrix_synapse_container_client_api_port: 8008
 matrix_synapse_container_federation_api_tls_port: 8448
 matrix_synapse_container_federation_api_plain_port: 8048
 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).
 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/{{ matrix_synapse_container_client_api_port }} in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
 matrix_synapse_container_client_api_host_bind_port: ''
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -289,7 +289,7 @@ listeners:
  # Unsecure HTTP listener (Client API): for when matrix traffic passes through a reverse proxy
  # that unwraps TLS.
  - port: 8008
  - port: {{ matrix_synapse_container_client_api_port|to_json }}
    tls: false
    bind_addresses: ['::']
    type: http
--- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
+++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
@@ -40,7 +40,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_synapse_container_client_api_host_bind_port %}
 			-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
 			-p {{ matrix_synapse_container_client_api_host_bind_port }}:{{ matrix_synapse_container_client_api_port }} \
 			{% endif %}
 			{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %}
 			-p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \
--- a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2
+++ b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2
@@ -11,7 +11,7 @@ password=$2
 admin=$3
 if [ "$admin" -eq "1" ]; then
 	docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:8008
 	docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:{{ matrix_synapse_container_client_api_port }}
 else
 	docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:8008
 	docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:{{ matrix_synapse_container_client_api_port }}
 fi
--- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2
@@ -38,7 +38,7 @@ worker_listeners:
 {% endif %}
 {% if matrix_synapse_worker_details.type == 'frontend_proxy' %}
 worker_main_http_uri: http://matrix-synapse:8008
 worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}
 {% endif %}
 worker_daemonize: false
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -319,7 +319,7 @@ matrix_synapse_workers_frontend_proxy_endpoints:
  # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration
  # file. For example:
  #     worker_main_http_uri: http://127.0.0.1:8008
  #     worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }}
 matrix_synapse_workers_avail_list:
  - appservice