diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03ce5c7b5..6f9fe2aaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,45 @@
+# 2022-06-09
+
+## Running Ansible in a container can now happen on the Matrix server itself
+
+If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself).
+
+
+# 2022-05-31
+
+## Synapse v1.60 upgrade may cause trouble and require manual intervention
+
+Synapse v1.60 will try to add a new unique index to `state_group_edges` upon startup and could fail if your database is corrupted.
+
+We haven't observed this problem yet, but [the Synapse v1.60.0 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.60.0/docs/upgrade.md#adding-a-new-unique-index-to-state_group_edges-could-fail-if-your-database-is-corrupted) mention it, so we're giving you a heads up here in case you're unlucky.
+
+**If Synapse fails to start** after your next playbook run, you'll need to:
+
+- SSH into the Matrix server
+- launch `/usr/local/bin/matrix-postgres-cli`
+- switch to the `synapse` database: `\c synapse`
+- run the following SQL query:
+
+```sql
+BEGIN;
+DELETE FROM state_group_edges WHERE (ctid, state_group, prev_state_group) IN (
+ SELECT row_id, state_group, prev_state_group
+ FROM (
+ SELECT
+ ctid AS row_id,
+ MIN(ctid) OVER (PARTITION BY state_group, prev_state_group) AS min_row_id,
+ state_group,
+ prev_state_group
+ FROM state_group_edges
+ ) AS t1
+ WHERE row_id <> min_row_id
+);
+COMMIT;
+```
+
+You could then restart services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
+
+
# 2022-04-25
## buscarron bot support
diff --git a/docs/ansible.md b/docs/ansible.md
index 50cf83ed3..bd1fe9273 100644
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff
- by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
-- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
+- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`).
If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path.
@@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting
## Using Ansible via Docker
-Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
+Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
-Here's a sample command to get you started (run this from the playbook's directory):
+This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.
+
+There are 2 ways to go about it:
+
+- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
+- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)
+
+
+### Running Ansible in a container on the Matrix server itself
+
+To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
+Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
+
+- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
+- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
+
+Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
+
+You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
+Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`
+
+Run this from the playbook's directory:
+
+```bash
+docker run -it --rm \
+--privileged \
+--pid=host \
+-w /work \
+-v `pwd`:/work \
+--entrypoint=/bin/sh \
+docker.io/devture/ansible:2.13.0-r0
+```
+
+Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
+The `/work` directory contains the playbook's code.
+
+You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
+
+
+### Running Ansible in a container on another computer (not the Matrix server)
+
+Run this from the playbook's directory:
```bash
docker run -it --rm \
@@ -51,7 +92,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
-docker.io/devture/ansible:2.11.6-r1
+docker.io/devture/ansible:2.13.0-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
-You can execute `ansible-playbook` commands as per normal now.
+You can execute `ansible-playbook ...` commands as per normal now.
-### If you don't use SSH keys for authentication
+#### If you don't use SSH keys for authentication
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md
index 208ce4e6b..f47f24c0e 100644
--- a/docs/configuring-playbook-bridge-hookshot.md
+++ b/docs/configuring-playbook-bridge-hookshot.md
@@ -4,19 +4,19 @@ The playbook can install and configure [matrix-hookshot](https://github.com/matr
Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.
-See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
+See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/latest/hookshot.html) to learn what it does in detail and why it might be useful to you.
Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.
## Setup Instructions
-Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
+Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.
1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
-5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
+5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
@@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| listener | default path | variable | used as |
|---|---|---|---|
-| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. |
+| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md
index b0240d3f9..2b4b07ff2 100644
--- a/docs/configuring-playbook-matrix-registration.md
+++ b/docs/configuring-playbook-matrix-registration.md
@@ -2,6 +2,8 @@
The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you.
+**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.
+
> matrix-registration is a simple python application to have a token based matrix registration.
Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.
diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md
index 27a4001cf..9a519343b 100644
--- a/docs/configuring-well-known.md
+++ b/docs/configuring-well-known.md
@@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W
If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS.
-To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
+To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them.
You have 3 options when it comes to installing the files on the base domain's server:
@@ -98,16 +98,15 @@ server {
}
```
-**For Apache**, it would be something like this:
+**For Apache2**, it would be something like this:
```apache
ServerName DOMAIN
SSLProxyEngine on
-
- ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
-
+ ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
+ ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
# other configuration
@@ -116,8 +115,22 @@ server {
**For Caddy 2**, it would be something like this:
```caddy
-reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN {
- header_up Host {http.reverse_proxy.upstream.hostport}
+DOMAIN.com {
+ @wellknown {
+ path /.well-known/matrix/*:x
+ }
+
+ handle @wellknown {
+ reverse_proxy https://matrix.DOMAIN.com {
+ header_up Host {http.reverse_proxy.upstream.hostport}
+ }
+ }
+ # Configration for the base domain goes here
+ # handle {
+ # header -Server
+ # encode zstd gzip
+ # reverse_proxy localhost:4020
+ # }
}
```
diff --git a/docs/prerequisites.md b/docs/prerequisites.md
index 0da1c7157..1ed4befea 100644
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
+- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
+
- An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
- Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)).
diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile
index 6370cb015..162e539e5 100644
--- a/examples/caddy2/Caddyfile
+++ b/examples/caddy2/Caddyfile
@@ -214,3 +214,21 @@ element.DOMAIN.tld {
# }
# }
#}
+#DOMAIN.com {
+# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
+# @wellknown {
+# path /.well-known/matrix/*
+# }
+#
+# handle @wellknown {
+# reverse_proxy https://matrix.DOMAIN.com {
+# header_up Host {http.reverse_proxy.upstream.hostport}
+# }
+# }
+# # Configration for the base domain goes here
+# # handle {
+# # header -Server
+# # encode zstd gzip
+# # reverse_proxy localhost:4020
+# # }
+#}
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 653a14fee..460feadfc 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1498,7 +1498,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
}[matrix_homeserver_implementation]|int
}}
-matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}"
matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"
diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml
index 96e8ef91a..c2b44fa11 100644
--- a/roles/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/matrix-bot-buscarron/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false
matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
-matrix_bot_buscarron_version: v1.0.0
+matrix_bot_buscarron_version: v1.1.0
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: []
# spam email addresses
matrix_bot_buscarron_spam_emails: []
+# Ban duration in hours
+matrix_bot_buscarron_ban_duration: 24
+
+# Banlist size
+matrix_bot_buscarron_ban_size: 10000
+
+# Postmark token (confirmation emails)
+matrix_bot_buscarron_pm_token:
+
+# Postmark sender signature
+matrix_bot_buscarron_pm_from:
+
+# Postmark confirmation email's reply-to
+matrix_bot_buscarron_pm_replyto:
+
# Additional environment variables to pass to the buscarron container
#
# Example:
diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2
index c833f27be..876072e17 100644
--- a/roles/matrix-bot-buscarron/templates/env.j2
+++ b/roles/matrix-bot-buscarron/templates/env.j2
@@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
+BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
+BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
+BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
+BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
+BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
{% set forms = [] %}
{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
+BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}
+BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }}
{% endfor %}
BUSCARRON_LIST={{ forms|join(" ") }}
diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml
index 9e7cf2b5c..292de0bf4 100644
--- a/roles/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/matrix-bot-honoroit/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
-matrix_bot_honoroit_version: v0.9.7
+matrix_bot_honoroit_version: v0.9.9
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: ''
# Log level
matrix_bot_honoroit_loglevel: ''
+# Disable encryption
+matrix_bot_honoroit_noencryption: false
+
# Max items in cache
matrix_bot_honoroit_cachesize: ''
diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2
index 7f1eef5b8..de8b9d848 100644
--- a/roles/matrix-bot-honoroit/templates/env.j2
+++ b/roles/matrix-bot-honoroit/templates/env.j2
@@ -8,6 +8,7 @@ HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
+HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml
index 0093576cc..dd2483794 100644
--- a/roles/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/matrix-bot-mjolnir/defaults/main.yml
@@ -4,7 +4,7 @@
matrix_bot_mjolnir_enabled: true
-matrix_bot_mjolnir_version: "v1.4.1"
+matrix_bot_mjolnir_version: "v1.4.2"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml
index e16a69796..a53112ad7 100644
--- a/roles/matrix-bridge-appservice-discord/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml
@@ -14,12 +14,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-appservice-discord-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-appservice-discord-registration.yaml"]
+ }}
when: matrix_appservice_discord_enabled|bool
diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml
index 5e1814121..a35144f05 100644
--- a/roles/matrix-bridge-appservice-irc/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml
@@ -21,12 +21,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-appservice-irc-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-appservice-irc-registration.yaml"]
+ }}
when: matrix_appservice_irc_enabled|bool
diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml
index e303f8340..ae3f55df6 100644
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false
matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
-matrix_appservice_slack_version: release-1.10.0
+matrix_appservice_slack_version: release-1.11.0
matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml
index 8cbc71821..c83318171 100644
--- a/roles/matrix-bridge-appservice-slack/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml
@@ -21,14 +21,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-appservice-slack-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-appservice-slack-registration.yaml"]
+ }}
when: matrix_appservice_slack_enabled|bool
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
index b888c51f1..370b835d6 100644
--- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -14,14 +14,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-appservice-webhooks-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-appservice-webhooks-registration.yaml"]
+ }}
when: matrix_appservice_webhooks_enabled|bool
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
index 977db9252..64057301f 100644
--- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
+++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml
@@ -7,12 +7,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-beeper-linkedin-registration.yaml"]
+ }}
when: matrix_beeper_linkedin_enabled|bool
diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml
index 96ab33821..dfbddd426 100644
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -4,7 +4,7 @@
matrix_heisenbridge_enabled: true
-matrix_heisenbridge_version: 1.12.0
+matrix_heisenbridge_version: 1.13.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/matrix-bridge-heisenbridge/tasks/init.yml
index a66d7199d..ef3efb761 100644
--- a/roles/matrix-bridge-heisenbridge/tasks/init.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml
@@ -14,12 +14,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/heisenbridge-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/heisenbridge-registration.yaml"]
+ }}
when: matrix_heisenbridge_enabled|bool
diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml
index 45807ba9c..3a2d5bc94 100644
--- a/roles/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/matrix-bridge-hookshot/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
-matrix_hookshot_version: 1.5.0
+matrix_hookshot_version: 1.7.3
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false
matrix_hookshot_generic_user_id_prefix: '_webhooks_'
+matrix_hookshot_feeds_enabled: false
+# polling interval in seconds
+matrix_hookshot_feeds_interval: 600
+
+
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_provisioning_port: 9002
matrix_hookshot_provisioning_secret: ''
diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml
index 384f6d3be..14bbcbb32 100644
--- a/roles/matrix-bridge-hookshot/tasks/init.yml
+++ b/roles/matrix-bridge-hookshot/tasks/init.yml
@@ -14,14 +14,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/hookshot-registration.yml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/hookshot-registration.yml"]
+ }}
when: matrix_hookshot_enabled|bool
- block:
diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2
index c17715097..6fbce7709 100644
--- a/roles/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2
@@ -78,6 +78,13 @@ generic:
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
{% endif %}
+{% if matrix_hookshot_feeds_enabled %}
+feeds:
+ # (Optional) Configure this to enable RSS/Atom feed support
+ #
+ enabled: {{ matrix_hookshot_feeds_enabled }}
+ pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }}
+{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
provisioning:
# (Optional) Provisioning API for integration managers
diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
index 200e98463..f2cd59632 100644
--- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-facebook-registration.yaml"]
+ }}
when: matrix_mautrix_facebook_enabled|bool
- block:
diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
index e334e8d6b..dd5b83689 100644
--- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true
matrix_mautrix_googlechat_container_image_self_build: false
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
-matrix_mautrix_googlechat_version: v0.3.1
+matrix_mautrix_googlechat_version: v0.3.3
# See: https://mau.dev/mautrix/googlechat/container_registry
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
index f458df1bf..27845148e 100644
--- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-googlechat-registration.yaml"]
+ }}
when: matrix_mautrix_googlechat_enabled|bool
- block:
diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
index 680dcd88b..d00e52528 100644
--- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-hangouts-registration.yaml"]
+ }}
when: matrix_mautrix_hangouts_enabled|bool
- block:
diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
index d33acd09d..867133809 100644
--- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-instagram-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-instagram-registration.yaml"]
+ }}
when: matrix_mautrix_instagram_enabled|bool
diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
index 14a2c35fa..ad0752e34 100644
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: v0.3.0
-matrix_mautrix_signal_daemon_version: 0.18.1
+matrix_mautrix_signal_daemon_version: 0.18.5
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
@@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis
matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"
matrix_mautrix_signal_log_level: 'DEBUG'
+
+matrix_mautrix_signal_bridge_encryption_allow: false
+matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/matrix-bridge-mautrix-signal/tasks/init.yml
index 21d52066f..b9b698c57 100644
--- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/init.yml
@@ -7,12 +7,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-signal-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-signal-registration.yaml"]
+ }}
when: matrix_mautrix_signal_enabled|bool
diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
index 2f427b907..b831fe9a1 100644
--- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -152,15 +152,15 @@ bridge:
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
- allow: false
+ allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
- default: false
+ default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
- allow: false
+ allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
index a97dcd8e0..93b4d9f85 100644
--- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-telegram-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-telegram-registration.yaml"]
+ }}
when: matrix_mautrix_telegram_enabled|bool
- block:
diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
index 3dd4667cf..b2e292ffc 100644
--- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_mautrix_twitter_enabled: true
matrix_mautrix_twitter_container_image_self_build: false
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
-matrix_mautrix_twitter_version: v0.1.3
+matrix_mautrix_twitter_version: v0.1.4
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
index 5b526bbde..34f4ebde2 100644
--- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-twitter/tasks/init.yml
@@ -7,14 +7,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-twitter-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-twitter-registration.yaml"]
+ }}
when: matrix_mautrix_twitter_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index d920be51c..5be700516 100644
--- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
-matrix_mautrix_whatsapp_version: v0.3.1
+matrix_mautrix_whatsapp_version: v0.4.0
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@@ -123,3 +123,12 @@ matrix_mautrix_whatsapp_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_whatsapp_bridge_encryption_allow: false
+matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
+matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
+
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_whatsapp_log_level: 'warn'
diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
index 57166386b..d4fb82218 100644
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
@@ -6,12 +6,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mautrix-whatsapp-registration.yaml"]
+ }}
when: matrix_mautrix_whatsapp_enabled|bool
diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
index 0e3b855cb..d73718eaa 100644
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -10,7 +10,7 @@ homeserver:
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
# The bridge will use the appservice as_token to authorize requests.
- status_endpoint: "null"
+ status_endpoint: null
appservice:
# The address that the homeserver can use to connect to this appservice.
@@ -158,16 +158,16 @@ bridge:
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
- allow: false
+ allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
# It is recommended to also set private_chat_portal_meta to true when using this.
- default: false
+ default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
- allow: false
+ allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
@@ -211,7 +211,8 @@ logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
- file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
+ # empy/null = journal logging only
+ file_name_format:
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
@@ -220,4 +221,4 @@ logging:
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
- print_level: debug
+ print_level: {{ matrix_mautrix_whatsapp_log_level }}
diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
index 522576897..2a2ecd58a 100644
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@@ -1,27 +1,21 @@
---
# Mx Puppet Discord is a Matrix <-> Discord bridge
-# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord)
-#
-# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See:
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/201
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/202
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/203
-# - (other similar issues in the past)
+# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_container_image_self_build: false
-matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo"
+matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git"
matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}"
-matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord"
+matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile"
# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_discord_container_http_host_bind_port: ''
-matrix_mx_puppet_discord_version: latest
-matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}"
+matrix_mx_puppet_discord_version: v0.1.1
+matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}"
matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
index 69458093d..115ccf353 100644
--- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-discord-registration.yaml"]
+ }}
when: matrix_mx_puppet_discord_enabled|bool
diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
index 7a4c4a383..52b12c3d0 100644
--- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
+++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
@@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
+ExecStartPre={{ matrix_host_command_sleep }} 15
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
--log-driver=none \
diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
index db28f324c..9bada5d87 100644
--- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-groupme-registration.yaml"]
+ }}
when: matrix_mx_puppet_groupme_enabled|bool
diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
index d16e6be0f..ae6302b30 100644
--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-instagram-registration.yaml"]
+ }}
when: matrix_mx_puppet_instagram_enabled|bool
diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
index d28f6ca1a..699ad6f69 100644
--- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-skype-registration.yaml"]
+ }}
when: matrix_mx_puppet_skype_enabled|bool
diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
index bb92c1d8c..b77614f70 100644
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@@ -1,6 +1,6 @@
---
# Mx Puppet Slack is a Matrix <-> Slack bridge
-# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack)
+# See: https://github.com/Sorunome/mx-puppet-slack
matrix_mx_puppet_slack_enabled: true
@@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: ''
matrix_mx_puppet_slack_oauth_client_secret: ''
matrix_mx_puppet_slack_container_image_self_build: false
-matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git"
+matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git"
matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}"
-matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack"
+matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile"
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_slack_container_http_host_bind_port: ''
-matrix_mx_puppet_slack_version: latest
-matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}"
+matrix_mx_puppet_slack_version: v0.1.2
+matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}"
matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
index 66d51784e..ed6753a2f 100644
--- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-slack-registration.yaml"]
+ }}
when: matrix_mx_puppet_slack_enabled|bool
- block:
diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
index efca41103..9a171af79 100644
--- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
@@ -13,12 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-steam-registration.yaml"]
+ }}
when: matrix_mx_puppet_steam_enabled|bool
diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
index 757f1f414..d774de159 100644
--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
@@ -13,14 +13,18 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-mx-puppet-twitter-registration.yaml"]
+ }}
when: matrix_mx_puppet_twitter_enabled|bool
- block:
diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml
index b8af8e604..9ee96b3eb 100644
--- a/roles/matrix-bridge-sms/tasks/init.yml
+++ b/roles/matrix-bridge-sms/tasks/init.yml
@@ -15,12 +15,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
+ }}
matrix_synapse_app_service_config_files: >
- {{ matrix_synapse_app_service_config_files|default([]) }}
- +
- {{ ["/matrix-sms-bridge-registration.yaml"] }}
+ {{
+ matrix_synapse_app_service_config_files|default([])
+ +
+ ["/matrix-sms-bridge-registration.yaml"]
+ }}
when: matrix_sms_bridge_enabled|bool
diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml
index 2ded40482..891058009 100644
--- a/roles/matrix-client-cinny/defaults/main.yml
+++ b/roles/matrix-client-cinny/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
-matrix_client_cinny_version: v1.8.2
+matrix_client_cinny_version: v2.0.4
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml
index e45458754..86b0ee6ad 100644
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@@ -3,13 +3,13 @@
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
-matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
+matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git"
# Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
-matrix_client_element_version: v1.10.11
+matrix_client_element_version: v1.10.14
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml
index 4b91eb2bc..88d52ba5c 100644
--- a/roles/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/matrix-client-hydrogen/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
-matrix_client_hydrogen_version: v0.2.26
+matrix_client_hydrogen_version: v0.2.29
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml
index 46492e21d..bf3564cd0 100644
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
-matrix_coturn_version: 4.5.2-r11
+matrix_coturn_version: 4.5.2-r12
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml
index 5d733eb3d..95a1188b4 100644
--- a/roles/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/matrix-dynamic-dns/defaults/main.yml
@@ -5,7 +5,7 @@ matrix_dynamic_dns_enabled: true
# The dynamic dns daemon interval
matrix_dynamic_dns_daemon_interval: '300'
-matrix_dynamic_dns_version: v3.9.1-ls79
+matrix_dynamic_dns_version: v3.9.1-ls89
# The docker container to use when in mode
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml
index 0daf24a35..8a0248606 100644
--- a/roles/matrix-etherpad/defaults/main.yml
+++ b/roles/matrix-etherpad/defaults/main.yml
@@ -4,7 +4,7 @@ matrix_etherpad_enabled: false
matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
-matrix_etherpad_version: 1.8.16
+matrix_etherpad_version: 1.8.18
matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}"
matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml
index ee184e1d4..991cb19d6 100644
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -4,7 +4,7 @@
matrix_grafana_enabled: false
-matrix_grafana_version: 8.5.1
+matrix_grafana_version: 8.5.3
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index dfbac32e7..64e2e06bf 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -485,7 +485,7 @@ matrix_ssl_lets_encrypt_staging: false
# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
matrix_ssl_lets_encrypt_server: ''
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.23.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.27.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~
diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml
index 8593bb83b..bb8202173 100644
--- a/roles/matrix-postgres/defaults/main.yml
+++ b/roles/matrix-postgres/defaults/main.yml
@@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
-matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
# This variable is assigned at runtime. Overriding its value has no effect.
diff --git a/roles/matrix-registration/defaults/main.yml b/roles/matrix-registration/defaults/main.yml
index d924551a1..a5db3022d 100644
--- a/roles/matrix-registration/defaults/main.yml
+++ b/roles/matrix-registration/defaults/main.yml
@@ -7,6 +7,10 @@ matrix_registration_enabled: true
matrix_registration_container_image_self_build: false
matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration"
matrix_registration_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_registration_version }}"
+# Controls whether we'll be patching the dependencies in `setup.py` when self-building.
+# Without patching, building will likely fail, because of the poor unbounded way dependencies are defined (e.g. `flask-limiter>=1.1.0`).
+# This is an attempt to get matrix-registration in its current (outdated) version to build.
+matrix_registration_container_image_self_build_python_dependencies_patch_enabled: true
matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml
index 6ff2de302..36cd0fd4a 100644
--- a/roles/matrix-registration/tasks/setup_install.yml
+++ b/roles/matrix-registration/tasks/setup_install.yml
@@ -68,6 +68,14 @@
register: matrix_registration_git_pull_results
when: "matrix_registration_container_image_self_build|bool"
+# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1864
+- name: Patch setup.py to allow self-built version to work
+ lineinfile:
+ path: "{{ matrix_registration_docker_src_files_path }}/setup.py"
+ regexp: 'flask-limiter'
+ line: '"flask-limiter~=1.1.0", "Markupsafe<2.1",'
+ when: "matrix_registration_container_image_self_build|bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled|bool"
+
- name: Ensure matrix-registration Docker image is built
docker_image:
name: "{{ matrix_registration_docker_image }}"
diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml
index ad1d863f5..d0debe85f 100644
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.58.1
+matrix_synapse_version: v1.60.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@@ -358,10 +358,13 @@ matrix_synapse_workers_presets:
one-of-each:
generic_workers_count: 1
pusher_workers_count: 1
- appservice_workers_count: 1
+ # appservice workers are deprecated since Synapse v1.59. This will be removed.
+ appservice_workers_count: 0
federation_sender_workers_count: 1
media_repository_workers_count: 1
# Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved.
+ # user_dir workers are deprecated since Synapse v1.59. This will be removed.
+ # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
user_dir_workers_count: 0
frontend_proxy_workers_count: 1
@@ -383,7 +386,9 @@ matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[
matrix_synapse_workers_pusher_workers_metrics_range_start: 19200
# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported.
-matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}"
+# appservice workers are deprecated since Synapse v1.59. This will be removed.
+# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
+matrix_synapse_workers_appservice_workers_count: 0
matrix_synapse_workers_appservice_workers_metrics_range_start: 19300
# matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now.
@@ -397,7 +402,9 @@ matrix_synapse_workers_media_repository_workers_port_range_start: 18551
matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551
# Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved.
-matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}"
+# user_dir workers are deprecated since Synapse v1.59. This will be removed.
+# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
+matrix_synapse_workers_user_dir_workers_count: 0
matrix_synapse_workers_user_dir_workers_port_range_start: 18661
matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661
@@ -552,7 +559,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: []
# Enable this to activate the E2EE disabling Synapse module.
# See: https://github.com/digitalentity/matrix_encryption_disabler
matrix_synapse_ext_encryption_disabler_enabled: false
-matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/1182388f7019e8ec1e28f035070c7919d0e4cc24/matrix_e2ee_filter.py"
+matrix_synapse_ext_encryption_disabler_download_url: "https://raw.githubusercontent.com/digitalentity/matrix_encryption_disabler/cdc37a07441acb7c2a3288bcb29b376658d5e766/matrix_e2ee_filter.py"
# A list of server domain names for which to deny encryption if the event sender's domain matches the domain in the list.
# By default, with the configuration below, we prevent all homeserver users from initiating encryption in ANY room.
matrix_synapse_ext_encryption_disabler_deny_encryption_for_users_of: ["{{ matrix_domain }}"]
diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
index 90411a34b..cdcdd0828 100644
--- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml
@@ -27,11 +27,15 @@
}}
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
+ }}
matrix_synapse_additional_loggers: >
- {{ matrix_synapse_additional_loggers }}
- +
- {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }}
+ {{
+ matrix_synapse_additional_loggers
+ +
+ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}]
+ }}
diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
index 374c9e55d..b483f688a 100644
--- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
+++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
@@ -4,7 +4,9 @@
matrix_synapse_password_providers_enabled: true
matrix_synapse_additional_loggers: >
- {{ matrix_synapse_additional_loggers }}
- +
- {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
+ {{
+ matrix_synapse_additional_loggers
+ +
+ [{'name': 'ldap_auth_provider', 'level': 'INFO'}]
+ }}
when: matrix_synapse_ext_password_provider_ldap_enabled|bool
diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
index ec298ccd2..1d224bc92 100644
--- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml
@@ -34,19 +34,23 @@
- set_fact:
matrix_synapse_spam_checker: >
- {{ matrix_synapse_spam_checker }}
- +
- [{
- "module": "mjolnir.AntiSpam",
- "config": {
- "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }},
- "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }},
- "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }},
- "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}
- }
- }]
+ {{
+ matrix_synapse_spam_checker
+ +
+ [{
+ "module": "mjolnir.AntiSpam",
+ "config": {
+ "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites,
+ "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages,
+ "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames,
+ "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists,
+ }
+ }]
+ }}
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
+ }}
diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
index 13a64c58c..22ad318de 100644
--- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
@@ -22,11 +22,15 @@
matrix_synapse_password_providers_enabled: true
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
+ }}
matrix_synapse_additional_loggers: >
- {{ matrix_synapse_additional_loggers }}
- +
- {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }}
+ {{
+ matrix_synapse_additional_loggers
+ +
+ [{'name': 'rest_auth_provider', 'level': 'INFO'}]
+ }}
diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
index 843f03703..091b0eb2f 100644
--- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
@@ -37,11 +37,15 @@
}}
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
+ }}
matrix_synapse_additional_loggers: >
- {{ matrix_synapse_additional_loggers }}
- +
- {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}
+ {{
+ matrix_synapse_additional_loggers
+ +
+ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
+ }}
diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
index 740d9474c..579a707c6 100644
--- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
@@ -39,16 +39,20 @@
- set_fact:
matrix_synapse_modules: >
- {{ matrix_synapse_modules }}
- +
- [{
- "module": "synapse_simple_antispam.AntiSpamInvites",
- "config": {
- "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
- }
- }]
+ {{
+ matrix_synapse_modules
+ +
+ [{
+ "module": "synapse_simple_antispam.AntiSpamInvites",
+ "config": {
+ "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers
+ }
+ }]
+ }}
matrix_synapse_container_extra_arguments: >
- {{ matrix_synapse_container_extra_arguments|default([]) }}
- +
- ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
+ {{
+ matrix_synapse_container_extra_arguments|default([])
+ +
+ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
+ }}
diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml
index 89107c0a6..bb8a2bcd0 100644
--- a/roles/matrix-synapse/tasks/validate_config.yml
+++ b/roles/matrix-synapse/tasks/validate_config.yml
@@ -12,13 +12,24 @@
- "matrix_synapse_database_password"
- "matrix_synapse_database_database"
+- name: Fail if asking to configure deprecaed workers (appservice, userdir)
+ fail:
+ msg: >-
+ `{{ item }}` cannot be more than 0.
+ This type of worker has been deprecated since Synapse v1.59.
+ Please remove your `{{ item }}` configuration to solve this problem.
+ See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types
+ when: "vars[item]|int != 0"
+ with_items:
+ - "matrix_synapse_workers_appservice_workers_count"
+ - "matrix_synapse_workers_user_dir_workers_count"
+
- name: Fail if asking for more than 1 instance of single-instance workers
fail:
msg: >-
`{{ item }}` cannot be more than 1. This is a single-instance worker.
when: "vars[item]|int > 1"
with_items:
- - "matrix_synapse_workers_appservice_workers_count"
- "matrix_synapse_workers_pusher_workers_count"
- "matrix_synapse_workers_federation_sender_workers_count"
diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 37cad10fe..cce713300 100644
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver
# thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/
# reduce the main worker's offerings to core homeserver business
-{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'appservice')|list %}
-notify_appservices: false
-{% endif %}
{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'federation_sender')|list %}
send_federation: false
{% endif %}
@@ -364,9 +361,6 @@ enable_media_repo: false
{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'pusher')|list %}
start_pushers: false
{% endif %}
-{% if matrix_synapse_workers_enabled_list|selectattr('type', 'equalto', 'user_dir')|list %}
-update_user_directory: false
-{% endif %}
daemonize: false
{% endif %}
@@ -432,6 +426,11 @@ manhole_settings:
# sign up in a short space of time never to return after their initial
# session.
#
+# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
+# applies a different trial number if the user was registered by an appservice.
+# A value of 0 means no trial days are applied. Appservices not listed in this
+# dictionary use the value of `mau_trial_days` instead.
+#
# 'mau_limit_alerting' is a means of limiting client side alerting
# should the mau limit be reached. This is useful for small instances
# where the admin has 5 mau seats (say) for 5 specific people and no
@@ -442,6 +441,8 @@ manhole_settings:
#max_mau_value: 50
#mau_trial_days: 2
#mau_limit_alerting: false
+#mau_appservice_trial_days:
+# "appservice-id": 1
# If enabled, the metrics for the number of monthly active users will
# be populated, however no one will be limited. If limit_usage_by_mau
@@ -742,11 +743,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
#
#allow_profile_lookup_over_federation: false
-# Uncomment to disable device display name lookup over federation. By default, the
-# Federation API allows other homeservers to obtain device display names of any user
-# on this homeserver. Defaults to 'true'.
+# Uncomment to allow device display name lookup over federation. By default, the
+# Federation API prevents other homeservers from obtaining the display names of
+# user devices on this homeserver. Defaults to 'false'.
#
-#allow_device_name_lookup_over_federation: false
+#allow_device_name_lookup_over_federation: true
## Caching ##
@@ -1375,7 +1376,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
#
registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }}
-
+# Allow users to submit a token during registration to bypass any required 3pid
+# steps configured in `registrations_require_3pid`.
+# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
+#
+#enable_registration_token_3pid_bypass: false
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
@@ -2521,8 +2526,10 @@ password_providers:
uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }}
mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }}
name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }}
+{% if matrix_synapse_ext_password_provider_ldap_bind_dn %}
bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }}
bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }}
+{% endif %}
filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }}
{% endif %}
{% endif %}
diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml
index 33bf585b3..91b289c7b 100644
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -279,7 +279,7 @@ matrix_synapse_workers_generic_worker_endpoints:
# run_background_tasks_on: background_worker
# ```
- # You might also wish to investigate the `update_user_directory` and
+ # You might also wish to investigate the `update_user_directory_from_worker` and
# `media_instance_running_background_jobs` settings.
# An example for a dedicated background worker instance:
@@ -288,6 +288,40 @@ matrix_synapse_workers_generic_worker_endpoints:
# {{#include systemd-with-workers/workers/background_worker.yaml}}
# ```
+ # #### Updating the User Directory
+
+ # You can designate one generic worker to update the user directory.
+
+ # Specify its name in the shared configuration as follows:
+
+ # ```yaml
+ # update_user_directory_from_worker: worker_name
+ # ```
+
+ # This work cannot be load-balanced; please ensure the main process is restarted
+ # after setting this option in the shared configuration!
+
+ # This style of configuration supersedes the legacy `synapse.app.user_dir`
+ # worker application type.
+
+
+ # #### Notifying Application Services
+
+ # You can designate one generic worker to send output traffic to Application Services.
+
+ # Specify its name in the shared configuration as follows:
+
+ # ```yaml
+ # notify_appservices_from_worker: worker_name
+ # ```
+
+ # This work cannot be load-balanced; please ensure the main process is restarted
+ # after setting this option in the shared configuration!
+
+ # This style of configuration supersedes the legacy `synapse.app.appservice`
+ # worker application type.
+
+
# pusher worker (no API endpoints) [
# Handles sending push notifications to sygnal and email. Doesn't handle any
# REST endpoints itself, but you should set `start_pushers: False` in the
@@ -305,6 +339,9 @@ matrix_synapse_workers_generic_worker_endpoints:
# ]
# appservice worker (no API endpoints) [
+ # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
+ # `notify_appservices_from_worker` option instead.](#notifying-application-services)
+
# Handles sending output traffic to Application Services. Doesn't handle any
# REST endpoints itself, but you should set `notify_appservices: False` in the
# shared configuration file to stop the main synapse sending appservice notifications.
@@ -371,6 +408,9 @@ matrix_synapse_workers_media_repository_endpoints:
# Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately).
matrix_synapse_workers_user_dir_endpoints:
+ # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
+ # `update_user_directory_from_worker` option instead.](#updating-the-user-directory)
+
# Handles searches in the user directory. It can handle REST endpoints matching
# the following regular expressions: