From 945c4b503c4b069570b2e0610834ae2979aab5c7 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 30 Aug 2025 12:37:00 +0200 Subject: [PATCH 01/40] Add unicode_normalization option to MAS password config The MAS docs recommend this option for migrated Synapse passwords to work: https://element-hq.github.io/matrix-authentication-service/setup/migration.html#local-passwords --- group_vars/matrix_servers | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8f2f24620..28ce4b142 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -666,6 +666,7 @@ matrix_authentication_service_config_passwords_schemes: - version: 1 secret: "{{ matrix_synapse_password_config_pepper }}" algorithm: bcrypt + unicode_normalization: true - version: 2 algorithm: argon2id From 1efc2fb7bac6ad3ede7de2d782620eb5edead0a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 31 Aug 2025 12:41:44 +0000 Subject: [PATCH 02/40] Update ajbura/cinny Docker tag to v4.10.0 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index bc799710b..a6d45b4c1 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v4.9.1 +matrix_client_cinny_version: v4.10.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}" matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}" From 83165d77faa80c2e17e7fc29bd853028fdd473ed Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Sep 2025 09:27:48 +0300 Subject: [PATCH 03/40] Keep mautrix-telegram registration namespace config in sync with `matrix_mautrix_telegram_username_template` & `matrix_mautrix_telegram_alias_template` Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4539 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1493 and d166a90514b3e737f4526b097835a1d042dbceb9 --- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 2cfc50322..09d1a3008 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -230,12 +230,12 @@ matrix_mautrix_telegram_registration_yaml: | namespaces: users: - exclusive: true - regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' + regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' - exclusive: true regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' aliases: - exclusive: true - regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' + regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} url: {{ matrix_mautrix_telegram_appservice_address }} From eb8bc55dfef0752010b82d9926d506587d58d8a7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+aine-etke@users.noreply.github.com> Date: Tue, 2 Sep 2025 15:19:37 +0100 Subject: [PATCH 04/40] FluffyChat v2.1.1 --- roles/custom/matrix-client-fluffychat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-fluffychat/defaults/main.yml b/roles/custom/matrix-client-fluffychat/defaults/main.yml index 797242607..133816181 100644 --- a/roles/custom/matrix-client-fluffychat/defaults/main.yml +++ b/roles/custom/matrix-client-fluffychat/defaults/main.yml @@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}" # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web -matrix_client_fluffychat_version: v2.1.0 +matrix_client_fluffychat_version: v2.1.1 matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}" matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}" matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}" From 2253fc4d4593f93b4dac5092251c2c394e604cc7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+aine-etke@users.noreply.github.com> Date: Tue, 2 Sep 2025 18:26:57 +0100 Subject: [PATCH 05/40] Synapse Admin v0.11.1-etke46 --- roles/custom/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 013a97d6b..a419234f4 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git" # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin -matrix_synapse_admin_version: v0.11.1-etke45 +matrix_synapse_admin_version: v0.11.1-etke46 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}" matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}" From 5951437e15bbd81b055341978555a915d89d5692 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 00:34:52 +0000 Subject: [PATCH 06/40] Update dependency docker to v7.5.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 80552c189..4f729fdc4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -10,7 +10,7 @@ version: v0.4.0-0 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.5.1 + version: 7.5.2 name: docker - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a From c6b66d93b73fbe1e72a0db455de79c38e78fc468 Mon Sep 17 00:00:00 2001 From: Aine <97398200+aine-etke@users.noreply.github.com> Date: Wed, 3 Sep 2025 12:54:32 +0100 Subject: [PATCH 07/40] Synapse Admin v0.11.1-etke47 --- roles/custom/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index a419234f4..3d50841f1 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git" # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin -matrix_synapse_admin_version: v0.11.1-etke46 +matrix_synapse_admin_version: v0.11.1-etke47 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}" matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}" From 21766eba946d3bd1d1b37771eaed9d047fb74e07 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 09:31:16 +0000 Subject: [PATCH 08/40] Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.9.3 --- roles/custom/matrix-alertmanager-receiver/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml index 5029a343d..0749c48e2 100644 --- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml +++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml @@ -11,7 +11,7 @@ matrix_alertmanager_receiver_enabled: true # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver -matrix_alertmanager_receiver_version: 2025.8.27 +matrix_alertmanager_receiver_version: 2025.9.3 matrix_alertmanager_receiver_scheme: https From 153fd1f68f9a93bc56f006bb08809c29002a1594 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Sep 2025 15:20:08 +0300 Subject: [PATCH 09/40] Adjust Ansible version requirements information Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4542 --- docs/ansible.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 95f5c3056..454824bd2 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -20,10 +20,13 @@ To manually check which version of Ansible you're on, run: `ansible --version`. For the **best experience**, we recommend getting the **latest version of Ansible available**. -We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`). +We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`). If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker). +> [!WARNING] +> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory. + ## Upgrading Ansible Depending on your distribution, you may be able to upgrade Ansible in a few different ways: From b62b5c3659cc40f5caaef72f6cf0457a7c297ba5 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 3 Sep 2025 16:15:08 +0100 Subject: [PATCH 10/40] Synapse Admin - use correct restrictBaseUrl data type by default --- roles/custom/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 3d50841f1..756eb253a 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -197,7 +197,7 @@ matrix_synapse_admin_configuration: "{{ matrix_synapse_admin_configuration_defau # Controls the restrictBaseUrl configuration setting, which, if defined, # restricts the homeserver(s), so that the user can no longer define a homeserver manually during login. -matrix_synapse_admin_config_restrictBaseUrl: "{{ [matrix_homeserver_url] }}" # noqa var-naming +matrix_synapse_admin_config_restrictBaseUrl: "{{ matrix_homeserver_url }}" # noqa var-naming # Controls the menu configuration setting, which, if defined, adds new menu items to the Synapse Admin UI. # The format is a list of objects, where each object has the following keys: From 28deb25810ee93e5090d46c94172adbfdb8181cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:38:39 +0000 Subject: [PATCH 11/40] Update dependency docker to v7.5.3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4f729fdc4..c95784c1d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -10,7 +10,7 @@ version: v0.4.0-0 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 7.5.2 + version: 7.5.3 name: docker - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a From 814d3acc42f231e4c914eb7c43498166f6189d9d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 05:09:42 +0000 Subject: [PATCH 12/40] Update actions/stale action to v10 --- .github/workflows/close-stale-issues.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml index 13da4f81a..78df98cf9 100644 --- a/.github/workflows/close-stale-issues.yml +++ b/.github/workflows/close-stale-issues.yml @@ -19,7 +19,7 @@ jobs: if: github.repository == 'spantaleev/matrix-docker-ansible-deploy' runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@v10 with: ###################################################################### # Issues/PRs From ac063d062960e4d23c91f7aded22157020e91403 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 04:12:20 +0000 Subject: [PATCH 13/40] Update dependency etherpad to v2.4.2-1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c95784c1d..bc683cf97 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.4.2-0 + version: v2.4.2-1 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.98.1-r0-2-1 From de212a2211f32887c41ea722e24d22bf4866eeeb Mon Sep 17 00:00:00 2001 From: Travis Wichert Date: Wed, 3 Sep 2025 17:46:21 +0000 Subject: [PATCH 14/40] Add bot:prefix: to template --- .../matrix-bot-matrix-registration-bot/templates/config.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 index b76ee9824..c5738594d 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2 @@ -10,6 +10,7 @@ bot: server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} + prefix: {{ matrix_bot_matrix_registration_bot_bot_prefix|to_json }} api: # API endpoint of the registration tokens From 9354fa253e28fc493ff04e9b7b40bf15e4fc6218 Mon Sep 17 00:00:00 2001 From: Travis Wichert Date: Wed, 3 Sep 2025 17:50:17 +0000 Subject: [PATCH 15/40] Add bot command prefix default to main.yml --- .../matrix-bot-matrix-registration-bot/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index c26848c73..889ad62c8 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -43,6 +43,9 @@ matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_regist # The bot's password (can also be used to login via a client like Element Web) matrix_bot_matrix_registration_bot_bot_password: '' +# Optional bot command prefix +matrix_bot_matrix_registration_bot_bot_prefix: "" + # Homeserver base URL matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}" From cd6e9843e1411f85e91137b7a71f0c51bbd235e9 Mon Sep 17 00:00:00 2001 From: Travis Wichert Date: Wed, 3 Sep 2025 18:08:24 +0000 Subject: [PATCH 16/40] Add bot command prefix to documentation --- docs/configuring-playbook-bot-matrix-registration-bot.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index dc468ec04..706ea5991 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -37,6 +37,10 @@ matrix_synapse_enable_registration: true # Restrict registration to users with a token matrix_synapse_registration_requires_token: true + +# Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace. +# Example: "!regbot " +matrix_bot_matrix_registration_bot_bot_prefix: "" ``` The bot account will be created automatically. From 9357eebbf1c1859ef3f17d9111c8c46a27529f56 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Sep 2025 18:17:50 +0300 Subject: [PATCH 17/40] Upgrade Postgres (v17.6-0 -> v17.6-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index bc683cf97..70956be0a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - version: v17.6-0 + version: v17.6-1 name: postgres - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git version: v17-8 From ab6f091f5f26d554e18dd8cded8df4d87d4fc4da Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 15:18:33 +0000 Subject: [PATCH 18/40] Update pre-commit hook fsfe/reuse-tool to v5.1.0 --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 28fb6f681..5b3cdce8a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,6 +21,6 @@ repos: - id: codespell args: ["--skip=*.po,*.pot,i18n/"] - repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook - rev: v5.0.2 + rev: v5.1.0 hooks: - id: reuse From 62cef9375e5becba736cd395c011a80c47a74976 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 08:50:57 +0000 Subject: [PATCH 19/40] Update dependency etherpad to v2.4.2-2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 70956be0a..2533b501f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.4.2-1 + version: v2.4.2-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.98.1-r0-2-1 From b85f7c61ddee90812a4d833aced0a00ef36ccf5d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 18:32:10 +0000 Subject: [PATCH 20/40] Update pre-commit hook fsfe/reuse-tool to v5.1.1 --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5b3cdce8a..45fc03d7d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,6 +21,6 @@ repos: - id: codespell args: ["--skip=*.po,*.pot,i18n/"] - repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook - rev: v5.1.0 + rev: v5.1.1 hooks: - id: reuse From 48c08f62fbeb8edbef1f70b6c884d45afe713807 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 18:32:15 +0000 Subject: [PATCH 21/40] Update dependency etherpad to v2.5.0-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2533b501f..2484b030b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.4.2-2 + version: v2.5.0-0 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.98.1-r0-2-1 From 46a416e678e9ff22b331819f931f02611726faed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 21:08:09 +0000 Subject: [PATCH 22/40] Update dependency livekit_server to v1.9.1-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2484b030b..c2351b8e3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -28,7 +28,7 @@ version: v10431-2 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - version: v1.9.0-5 + version: v1.9.1-0 name: livekit_server - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git version: v2.14.0-1 From 39efe79417105d32f1925280db6b6ed1fc687532 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Sep 2025 07:21:53 +0300 Subject: [PATCH 23/40] Make `matrix_synapse_admin_config_asManagedUsers_auto` respect `matrix_mautrix_telegram_username_template` Related to: - 83165d77faa80c2e17e7fc29bd853028fdd473ed - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1493 - d166a90514b3e737f4526b097835a1d042dbceb9 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4550 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 28ce4b142..1efb7855b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5231,7 +5231,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: | + ([ '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', - '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', + '^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$', ] if matrix_mautrix_telegram_enabled else []) + ([ From 3daf14d6959fdb961af99ee81d18a230330dce96 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Sep 2025 07:54:14 +0300 Subject: [PATCH 24/40] Add Ansible variables to control the `async_media` settings in (mautrix) bridges Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4549 --- .../matrix-bridge-appservice-kakaotalk/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml | 3 +++ .../matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-discord/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-instagram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-meta-messenger/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-slack/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-wechat/defaults/main.yml | 3 +++ roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 | 2 +- 28 files changed, 56 insertions(+), 14 deletions(-) diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index 81492df14..8a25b6205 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -57,6 +57,9 @@ matrix_appservice_kakaotalk_command_prefix: "!kt" matrix_appservice_kakaotalk_homeserver_address: "" matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_appservice_kakaotalk_homeserver_async_media: false matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 709a59934..0f76a976b 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_appservice_kakaotalk_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index ad5d6cdee..5fc9a2c40 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -37,6 +37,9 @@ matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_pa matrix_beeper_linkedin_homeserver_address: "" matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_beeper_linkedin_homeserver_async_media: false matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index d99cecd88..2213b1fde 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_beeper_linkedin_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml index a0c8dd620..561a5c046 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml @@ -28,6 +28,9 @@ matrix_mautrix_bluesky_data_path: "{{ matrix_mautrix_bluesky_base_path }}/data" matrix_mautrix_bluesky_docker_src_files_path: "{{ matrix_mautrix_bluesky_base_path }}/docker-src" matrix_mautrix_bluesky_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_bluesky_homeserver_async_media: false matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340' diff --git a/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 index c9a6455c9..03ea60d2d 100644 --- a/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2 @@ -164,7 +164,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_bluesky_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 98fb03555..f202510bb 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -36,6 +36,9 @@ matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" matrix_mautrix_discord_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_discord_homeserver_async_media: false matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index 11a344d65..061cc3c82 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -16,7 +16,7 @@ homeserver: # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_discord_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 74640ba3e..0468d92d5 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -37,6 +37,9 @@ matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_ matrix_mautrix_facebook_command_prefix: "!fb" matrix_mautrix_facebook_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_facebook_homeserver_async_media: false matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' # Whether or not the public-facing endpoints should be enabled (web-based login) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 7c899b3d4..8e3a6f2db 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -14,7 +14,7 @@ homeserver: asmux: false # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_mautrix_facebook_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 7d74adfa6..d1196b29a 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -33,6 +33,9 @@ matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/da matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src" matrix_mautrix_gmessages_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_gmessages_homeserver_async_media: false matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 index cd102eebd..0f72c1f42 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -168,7 +168,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_gmessages_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml index db1af3dcf..cc78fbc0d 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml @@ -116,6 +116,9 @@ matrix_mautrix_meta_instagram_database_sslmode: disable matrix_mautrix_meta_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_meta_instagram_database_username }}:{{ matrix_mautrix_meta_instagram_database_password }}@{{ matrix_mautrix_meta_instagram_database_hostname }}:{{ matrix_mautrix_meta_instagram_database_port }}/{{ matrix_mautrix_meta_instagram_database_name }}?sslmode={{ matrix_mautrix_meta_instagram_database_sslmode }}' matrix_mautrix_meta_instagram_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_meta_instagram_homeserver_async_media: false matrix_mautrix_meta_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_meta_instagram_homeserver_token: '' diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 index 71c358f66..06f7f2080 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2 @@ -181,7 +181,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_meta_instagram_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml index ceac48c16..646476807 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml @@ -117,6 +117,9 @@ matrix_mautrix_meta_messenger_database_connection_string: 'postgres://{{ matrix_ matrix_mautrix_meta_messenger_homeserver_address: "" matrix_mautrix_meta_messenger_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_meta_messenger_homeserver_async_media: false matrix_mautrix_meta_messenger_homeserver_token: '' matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 index 04733ab7f..055268aaf 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2 @@ -181,7 +181,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_meta_messenger_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 95d1bb796..e4a77a5ed 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -42,6 +42,9 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_mautrix_signal_base_path matrix_mautrix_signal_homeserver_address: "" matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_signal_homeserver_async_media: false matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080" matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 461ac8490..f4ca2d83d 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -159,7 +159,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_signal_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 62409e791..71af1d915 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -32,6 +32,9 @@ matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path } matrix_mautrix_slack_homeserver_address: "" matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_slack_homeserver_async_media: false matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080" matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index 2f832b839..30ea0b349 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -197,7 +197,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_slack_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 09d1a3008..5d19bab12 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -79,6 +79,9 @@ matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix matrix_mautrix_telegram_homeserver_address: "" matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_telegram_homeserver_async_media: false matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}' diff --git a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 834a8fa56..f0b52729d 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -21,7 +21,7 @@ homeserver: message_send_checkpoint_endpoint: null # Whether asynchronous uploads via MSC2246 should be enabled for media. # Requires a media repo that supports MSC2246. - async_media: false + async_media: {{ matrix_mautrix_telegram_homeserver_async_media | to_json }} # Application service host/registration related details # Changing these values requires regeneration of the registration. diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index d6cc0efc5..a7b055f1b 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -36,6 +36,9 @@ matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data" matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src" matrix_mautrix_twitter_homeserver_address: "" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_twitter_homeserver_async_media: false matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 32b67b8cb..146043cbd 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -164,7 +164,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_twitter_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9cffcdc75..1d9609c08 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -44,6 +44,9 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_ matrix_mautrix_whatsapp_homeserver_address: "" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_mautrix_whatsapp_homeserver_async_media: false matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 35c6edb58..e7187abd4 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -255,7 +255,7 @@ homeserver: # The bridge will use the appservice as_token to authorize requests. message_send_checkpoint_endpoint: # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_mautrix_whatsapp_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, diff --git a/roles/custom/matrix-bridge-wechat/defaults/main.yml b/roles/custom/matrix-bridge-wechat/defaults/main.yml index 635b04ccb..cd0e660b6 100644 --- a/roles/custom/matrix-bridge-wechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-wechat/defaults/main.yml @@ -47,6 +47,9 @@ matrix_wechat_agent_container_src_files_path: "{{ matrix_wechat_base_path }}/age matrix_wechat_homeserver_address: "" matrix_wechat_homeserver_domain: "{{ matrix_domain }}" +# Whether asynchronous uploads via MSC2246 should be enabled for media. +# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). +matrix_wechat_homeserver_async_media: false matrix_wechat_appservice_address: 'http://matrix-wechat:8080' matrix_wechat_container_network: "" diff --git a/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 index 5850ee283..86330ed48 100644 --- a/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-wechat/templates/config.yaml.j2 @@ -16,7 +16,7 @@ homeserver: # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false + async_media: {{ matrix_wechat_homeserver_async_media | to_json }} # Should the bridge use a websocket for connecting to the homeserver? # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, From 60ab080147dd54c3b1d010af4f310cae71889c67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Sep 2025 08:09:15 +0300 Subject: [PATCH 25/40] Use async media for bridges on Synapse Related to 3daf14d6959fdb961af99ee81d18a230330dce96 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4549 Other homeserver implementations (not just Synapse) may also support MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246) and may also be eligible. For now, it's only enabled for Synapse. --- group_vars/matrix_servers | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1efb7855b..71ba3dfdd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -987,6 +987,8 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" +matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" @@ -1036,6 +1038,8 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}" +matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |- {{ ({ @@ -1156,6 +1160,8 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}" matrix_mautrix_bluesky_double_puppet_secrets_auto: |- @@ -1225,6 +1231,8 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}" +matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}" matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1291,6 +1299,8 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}" +matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_slack_double_puppet_secrets_auto: |- {{ { @@ -1364,6 +1374,8 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_ matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_facebook_appservice_public_enabled: true matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}" matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}" @@ -1584,6 +1596,8 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_double_puppet_secrets_auto: |- @@ -1662,6 +1676,8 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}" +matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |- {{ { @@ -1738,6 +1754,8 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}" +matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |- {{ { @@ -1823,6 +1841,8 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |- {{ ({ @@ -1899,6 +1919,8 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}" matrix_mautrix_twitter_double_puppet_secrets_auto: |- @@ -1971,6 +1993,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_gmessages_double_puppet_secrets_auto: |- {{ { @@ -2089,6 +2113,8 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}" +matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" @@ -2150,6 +2176,8 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" + matrix_mautrix_whatsapp_double_puppet_secrets_auto: |- {{ { From fedb5a8cb0b9f8711e40efae6990ebd417d77d42 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 12:50:45 +0000 Subject: [PATCH 26/40] Update dependency container_socket_proxy to v0.4.1-0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c2351b8e3..1a20a1c17 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,7 +7,7 @@ version: v1.4.1-1.9.14-2 name: backup_borg - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - version: v0.4.0-0 + version: v0.4.1-0 name: container_socket_proxy - src: git+https://github.com/geerlingguy/ansible-role-docker version: 7.5.3 From 3ea0a10947bf0fe672ba25dfdd2efa104062f52a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Sep 2025 08:25:34 +0300 Subject: [PATCH 27/40] Upgrade Etherpad (v2.5.0-0 -> v2.5.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1a20a1c17..ec090e754 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.5.0-0 + version: v2.5.0-1 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.98.1-r0-2-1 From 841e2f7c4e748e2dce68b1e3c52b7b9ce3e1f80d Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 8 Sep 2025 10:52:34 +0100 Subject: [PATCH 28/40] add new Synapse Admin config options --- group_vars/matrix_servers | 2 ++ roles/custom/matrix-synapse-admin/defaults/main.yml | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 71ba3dfdd..db1f0ca8d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -5124,6 +5124,8 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" +matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}" + matrix_synapse_admin_config_asManagedUsers_auto: | {{ ([ diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 756eb253a..f2709afa0 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -166,6 +166,8 @@ matrix_synapse_admin_path_prefix: /synapse-admin # This is unlike what it does when looking up YAML template files (no automatic parsing there). matrix_synapse_admin_configuration_default: restrictBaseUrl: "{{ matrix_synapse_admin_config_restrictBaseUrl }}" + externalAuthProvider: "{{ matrix_synapse_admin_config_externalAuthProvider }}" + corsCredentials: "{{ matrix_synapse_admin_config_corsCredentials }}" asManagedUsers: "{{ matrix_synapse_admin_config_asManagedUsers }}" menu: "{{ matrix_synapse_admin_config_menu }}" @@ -199,6 +201,15 @@ matrix_synapse_admin_configuration: "{{ matrix_synapse_admin_configuration_defau # restricts the homeserver(s), so that the user can no longer define a homeserver manually during login. matrix_synapse_admin_config_restrictBaseUrl: "{{ matrix_homeserver_url }}" # noqa var-naming +# Controls the externalAuthProvider configuration setting, which, if defined, +# enables a special compatibility mode that works better for external auth providers like LDAP, MAS, etc. +matrix_synapse_admin_config_externalAuthProvider: false # noqa var-naming + +# Controls the corsCredentials configuration setting, which, if defined, +# allows including credentials (cookies, authorization headers, or TLS client certificates) in requests +# ref: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials +matrix_synapse_admin_config_corsCredentials: "same-origin" # noqa var-naming + # Controls the menu configuration setting, which, if defined, adds new menu items to the Synapse Admin UI. # The format is a list of objects, where each object has the following keys: # - `label` (string): The label of the menu item. From 14b65ed7ed04ed5d4519be9739c1fc9ea1b5349f Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 8 Sep 2025 11:36:55 +0100 Subject: [PATCH 29/40] fix etherpad role --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ec090e754..60dd859dd 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ version: 129c8590e106b83e6f4c259649a613c6279e937a name: docker_sdk_for_python - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - version: v2.5.0-1 + version: v2.5.0-2 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git version: v4.98.1-r0-2-1 From beb8e6d5f9b2cc82521edf81e815f22e1b1b3809 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Sep 2025 15:39:02 +0300 Subject: [PATCH 30/40] Upgrade baibot (v1.7.6 -> v1.8.0) --- roles/custom/matrix-bot-baibot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-baibot/defaults/main.yml b/roles/custom/matrix-bot-baibot/defaults/main.yml index d7ffcb4b5..38a2428e5 100644 --- a/roles/custom/matrix-bot-baibot/defaults/main.yml +++ b/roles/custom/matrix-bot-baibot/defaults/main.yml @@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" # renovate: datasource=docker depName=ghcr.io/etkecc/baibot -matrix_bot_baibot_version: v1.7.6 +matrix_bot_baibot_version: v1.8.0 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" From f5b1ba57ebab5470d9b5f5760aecdbdad18b3f48 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 02:26:52 +0000 Subject: [PATCH 31/40] Update joseluisq/static-web-server Docker tag to v2.38.1 --- roles/custom/matrix-cactus-comments-client/defaults/main.yml | 2 +- roles/custom/matrix-static-files/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml index dd03d0d4d..d24318d34 100644 --- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas matrix_cactus_comments_client_public_path_file_permissions: "0644" # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_cactus_comments_client_version: 2.38.0 +matrix_cactus_comments_client_version: 2.38.1 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}" diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 3afa7197a..127f006df 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -13,7 +13,7 @@ matrix_static_files_enabled: true matrix_static_files_identifier: matrix-static-files # renovate: datasource=docker depName=joseluisq/static-web-server -matrix_static_files_version: 2.38.0 +matrix_static_files_version: 2.38.1 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}" matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config" From cab01be63c53495393bc5b28fb42819b43ed48a5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Sep 2025 08:58:44 +0300 Subject: [PATCH 32/40] Upgrade Postgres (v17.6-1 -> v17.6-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 60dd859dd..1f50d80d3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - version: v17.6-1 + version: v17.6-2 name: postgres - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git version: v17-8 From a22d2cc2bf0faae453d7ff3c9257f14efe42aa75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Sep 2025 09:56:33 +0300 Subject: [PATCH 33/40] Upgrade Postgres (v17.6-2 -> v17.6-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1f50d80d3..64ed4b148 100644 --- a/requirements.yml +++ b/requirements.yml @@ -43,7 +43,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - version: v17.6-2 + version: v17.6-3 name: postgres - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git version: v17-8 From a444d45f1ea344cbe587995f2d26c2a0424bd7b2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 12:41:05 +0000 Subject: [PATCH 34/40] Update ghcr.io/element-hq/matrix-authentication-service Docker tag to v1.2.0 --- roles/custom/matrix-authentication-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-authentication-service/defaults/main.yml b/roles/custom/matrix-authentication-service/defaults/main.yml index 6af2a0387..9bfb4a5fe 100644 --- a/roles/custom/matrix-authentication-service/defaults/main.yml +++ b/roles/custom/matrix-authentication-service/defaults/main.yml @@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service -matrix_authentication_service_version: 1.1.0 +matrix_authentication_service_version: 1.2.0 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" From aa58c5cfd6bbd27a46a248ff4cb95f0a154d8032 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 12:40:59 +0000 Subject: [PATCH 35/40] Update dependency ntfy to v2.14.0-2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 64ed4b148..17979ecde 100644 --- a/requirements.yml +++ b/requirements.yml @@ -31,7 +31,7 @@ version: v1.9.1-0 name: livekit_server - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - version: v2.14.0-1 + version: v2.14.0-2 name: ntfy - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 7663e3114513e56f28d3ed762059b445c678a71a From a008665ad52502aab118aac2789843f6a3a85e51 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Sep 2025 14:31:26 +0000 Subject: [PATCH 36/40] Update ghcr.io/element-hq/synapse Docker tag to v1.138.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ed04bc398..fda6832b3 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.137.0 +matrix_synapse_version: v1.138.0 matrix_synapse_username: '' matrix_synapse_uid: '' From facdde367f33d91d89f9d8d25479f60d40f2d8fa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 10 Sep 2025 06:42:17 +0300 Subject: [PATCH 37/40] Upgrade Traefik (v3.5.1-0 -> v3.5.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 17979ecde..98b580345 100644 --- a/requirements.yml +++ b/requirements.yml @@ -67,7 +67,7 @@ version: v1.1.0-0 name: timesync - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git - version: v3.5.1-0 + version: v3.5.2-0 name: traefik - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git version: v2.10.0-2 From 051d77e54187ba4799033bd520eb2ca745f113b0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 06:14:52 +0000 Subject: [PATCH 38/40] Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.9.10 --- roles/custom/matrix-alertmanager-receiver/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml index 0749c48e2..e1b920435 100644 --- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml +++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml @@ -11,7 +11,7 @@ matrix_alertmanager_receiver_enabled: true # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver -matrix_alertmanager_receiver_version: 2025.9.3 +matrix_alertmanager_receiver_version: 2025.9.10 matrix_alertmanager_receiver_scheme: https From 840ad0171fff67986b8639adac6e7fd716b0f29f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 13:39:05 +0000 Subject: [PATCH 39/40] Update ghcr.io/element-hq/element-web Docker tag to v1.11.111 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 05d7beb90..800394d8e 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=ghcr.io/element-hq/element-web -matrix_client_element_version: v1.11.110 +matrix_client_element_version: v1.11.111 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}" From 071b5789f2f5ea7f47c2504e44c752adc02a5c41 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 10 Sep 2025 16:38:42 +0100 Subject: [PATCH 40/40] add matrix_synapse_user_directory_exclude_remote_users var --- roles/custom/matrix-synapse/defaults/main.yml | 1 + .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 3 +++ 2 files changed, 4 insertions(+) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index fda6832b3..8431caaea 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -565,6 +565,7 @@ matrix_synapse_include_profile_data_on_invite: true # User search behaviour matrix_synapse_user_directory_search_all_users: false matrix_synapse_user_directory_prefer_local_users: false +matrix_synapse_user_directory_exclude_remote_users: false # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 938d38f48..0eb99c29c 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2646,6 +2646,9 @@ user_directory: # prefer_local_users: {{ matrix_synapse_user_directory_prefer_local_users | to_json }} + # If set to true, the search will only return local users. Defaults to false. + exclude_remote_users: {{ matrix_synapse_user_directory_exclude_remote_users | to_json }} + # User Consent configuration #