Merge branch 'master' of github.com:spantaleev/matrix-docker-ansible-deploy

2 lat temu · 7f8d504be8
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 /roles/**/files/scratchpad
 .DS_Store
 .python-version
 .idea/
 flake.lock

 # ignore roles pulled by ansible-galaxy
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,14 @@
 # 2023-07-24

 ## matrix-registration-bot usage changed

 [matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot.

 **For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings

 * `matrix_bot_matrix_registration_bot_bot_access_token`
 * `matrix_bot_matrix_registration_bot_api_token`

 # 2023-07-21

 ## mautrix-gmessages support
--- a/docs/configuring-playbook-bot-chatgpt.md
+++ b/docs/configuring-playbook-bot-chatgpt.md
@@ -43,6 +43,11 @@ matrix_bot_chatgpt_openai_api_key: ''
 # Matrix access token (from bot user above)
 # see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix
 matrix_bot_chatgpt_matrix_access_token: ''

 # Configuring the system promt used, needed if the bot is used for special tasks.
 # More information: https://github.com/mustvlad/ChatGPT-System-Prompts
 matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'

 ```

 You will need to get tokens for ChatGPT.
--- a/docs/configuring-playbook-bot-matrix-registration-bot.md
+++ b/docs/configuring-playbook-bot-matrix-registration-bot.md
@@ -2,40 +2,28 @@

 The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.

 The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
 where you invite someone by sending them a registration token. They can register as normal but have to provide a valid
 registration token in a final step  of the registration.
 The bot allows you to easily **create and manage registration tokens** aka. invitation codes.
 It can be used for an invitation-based server,
 where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration.

 See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
 does and why it might be useful to you.


 ## Registering the bot user
 ## Configuration

 By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`.

 (to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).

 For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):

 ```
 ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
 ```

 Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.

 ## Obtaining an admin access token

 In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).

 ## Adjusting the playbook configuration

 Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
 To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:

 ```yaml
 matrix_bot_matrix_registration_bot_enabled: true
 # Token obtained via logging into the bot account (see above)
 matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE"

 #By default, the playbook will set use the bot with a username like 
 ## this: `@bot.matrix-registration-bot:DOMAIN`.
 # To use a different username, uncomment & adjust the variable.
 # matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot

 # Generate a strong password here. Consider generating it with `pwgen -s 64 1`
 matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT

 # Enables registration
 matrix_synapse_enable_registration: true
@@ -44,6 +32,7 @@ matrix_synapse_enable_registration: true
 matrix_synapse_registration_requires_token: true
 ```

 The bot account will be automatically created.

 ## Installing

@@ -56,10 +45,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

 ## Usage

 To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).
 To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).

 In this room send `help` and the bot will reply with all options.

 You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
 If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
 or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).

 To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use

 ```bash
 just run-tags bot-matrix-registration-bot-clean-cache
 ```
--- a/docs/configuring-playbook-client-element.md
+++ b/docs/configuring-playbook-client-element.md
@@ -32,7 +32,7 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo

 ## Themes

 To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting.
 To change the look of Element, you can define your own themes manually by using the `matrix_client_element_setting_defaults_custom_themes` setting.

 Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).

--- a/docs/configuring-playbook-dimension.md
+++ b/docs/configuring-playbook-dimension.md
@@ -3,6 +3,8 @@
 **[Dimension](https://dimension.t2bot.io) can only be installed after Matrix services are installed and running.**
 If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later.

 **Note**: Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it.

 **Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).


--- a/docs/configuring-playbook-sliding-sync-proxy.md
+++ b/docs/configuring-playbook-sliding-sync-proxy.md
@@ -12,6 +12,7 @@ Element X Android requires manual compilation to get it working with a non-`matr

 **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync.

 **NOTE**: The sliding-sync proxy is **not required** when using the **Conduit homeserver**. Starting from version `0.6.0` Conduit has native support for some sliding sync features. If there are issues with the native implementation, you might have a better experience when enabling the sliding-sync proxy anyway.

 ## Decide on a domain and path

--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -30,7 +30,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins

 ### Additional useful services

 - [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md))
 - [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional; [unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md))

 - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)

--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -3341,7 +3341,7 @@ matrix_client_element_enable_presence_by_hs_url: |

 matrix_client_element_welcome_user_id: ~

 matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"

 ######################################################################
 #
@@ -4018,6 +4018,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix
 matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"

 # Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features.
 matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_url if matrix_conduit_enabled else '' }}"

 ######################################################################
 #
 # /matrix-sliding-sync
@@ -4107,7 +4110,6 @@ matrix_conduit_systemd_required_services_list: |
    (['docker.service'])
  }}


 ######################################################################
 #
 # /matrix-conduit
@@ -4123,6 +4125,12 @@ matrix_conduit_systemd_required_services_list: |

 matrix_user_creator_users_auto: |
  {{
    ([{
      'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
      'initial_password': matrix_bot_matrix_registration_bot_bot_password,
      'initial_type': 'admin',
    }] if matrix_bot_matrix_registration_bot_enabled else [])
    +
    ([{
      'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
      'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
@@ -4166,13 +4174,20 @@ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_serv

 matrix_user_verification_service_enabled: false
 matrix_user_verification_service_systemd_required_services_list: |
      {{
        ['docker.service']
        +
        (['matrix-synapse.service'] if matrix_synapse_enabled else [])
        +
        ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
      }}
  {{
    ['docker.service']
    +
    (['matrix-' + matrix_homeserver_implementation + '.service'])
  }}

 matrix_user_verification_service_container_additional_networks: |
  {{
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
      ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else [])
    ) | unique
  }}

 # If Jitsi is managed by this playbook we can use the docker network - no need to expose a port.
 # If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,7 +4,7 @@
  version: v1.0.0-1
  name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
  version: v1.2.4-1.7.15-1
  version: v1.2.4-1.7.15-3
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
  version: v0.1.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
@@ -26,28 +26,28 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
  version: v1.0.0-0
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
  version: v2.10.3-0
  version: v2.10.4-1
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
  version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
  version: v1.9.0-0
  version: v1.9.2-0
 - src: git+https://github.com/geerlingguy/ansible-role-docker
  version: 6.1.0
  version: 6.2.0
  name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
  version: v10.0.2-1
  version: v10.0.3-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
  version: v8615-2
  name: jitsi
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
  version: v2.6.2-0
  version: v2.7.0-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
  version: v2.45.0-0
  version: v2.45.0-1
  name: prometheus
 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
  version: v1.6.0-0
  version: v1.6.1-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
  version: v0.13.1-0
  version: v0.13.2-0
  name: prometheus_postgres_exporter
 - src: git+https://gitlab.com/etke.cc/roles/redis.git
  version: v7.0.10-0
  version: v7.2.0-0
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -150,6 +150,12 @@ matrix_homeserver_container_url: ""
 # This likely gets overriden elsewhere.
 matrix_homeserver_container_federation_url: ""

 # Specifies the public url of the Sync v3 (sliding-sync) API.
 # This will be used to set the `org.matrix.msc3575.proxy` property in `/.well-known/matrix/client`.
 # Once the API is stabilized, this will no longer be required.
 # See MSC3575: https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
 matrix_homeserver_sliding_sync_url: ""

 matrix_identity_server_url: ~

 matrix_integration_manager_rest_url: ~
@@ -158,7 +164,7 @@ matrix_integration_manager_ui_url: ~
 # The domain name where a Jitsi server is self-hosted.
 # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
 # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
 matrix_client_element_jitsi_preferredDomain: ''  # noqa var-naming
 matrix_client_element_jitsi_preferred_domain: ''  # noqa var-naming

 # Controls whether Element should use End-to-End Encryption by default.
 # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
--- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
@@ -18,17 +18,17 @@
 		]
 	}
 	{% endif %}
 	{% if matrix_client_element_jitsi_preferredDomain %},
 	{% if matrix_client_element_jitsi_preferred_domain %},
 	"io.element.jitsi": {
 		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 		"preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }}
 	},
 	"im.vector.riot.jitsi": {
 		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 		"preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }}
 	}
 	{% endif %}
 	{% if matrix_sliding_sync_enabled %},
 	{% if matrix_homeserver_sliding_sync_url %},
 	"org.matrix.msc3575.proxy": {
 		"url": "{{ matrix_sliding_sync_base_url }}"
 		"url": "{{ matrix_homeserver_sliding_sync_url }}"
 	}
 	{% endif %}
 	{% if matrix_client_element_location_sharing_enabled %},
--- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml
+++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml
@@ -88,3 +88,5 @@ matrix_bot_chatgpt_matrix_rich_text: true  # MATRIX_RICH_TEXT=true
 # matrix_bot_chatgpt_environment_variables_extension: |
 #   chatgpt_TEXT_DONE=Done
 matrix_bot_chatgpt_environment_variables_extension: ''

 matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
--- a/roles/custom/matrix-bot-chatgpt/templates/env.j2
+++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2
@@ -25,6 +25,8 @@ MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }}
 MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }}
 MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }}

 CHATGPT_PROMPT_PREFIX={{ matrix_bot_chatgpt_matrix_bot_prompt_prefix }}

 DATA_PATH=/data/

 {{ matrix_bot_chatgpt_environment_variables_extension }}
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"

 matrix_bot_honoroit_version: v0.9.17
 matrix_bot_honoroit_version: v0.9.18
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri
 matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
 matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"

 matrix_bot_matrix_registration_bot_version: latest
 matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
 matrix_bot_matrix_registration_bot_version: 1.3.0
 matrix_bot_matrix_registration_bot_docker_iteration: 0
 matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}"
 matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
 matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"

 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
@@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration
 matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
 matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"

 # The access token that the bot uses to communicate in Matrix chats
 # This does not necessarily need to be a privileged (admin) access token.
 matrix_bot_matrix_registration_bot_bot_access_token: ''

 # The access token that the bot uses to call the Matrix API for creating registration tokens.
 # This needs to be a privileged (admin) access token.
 # By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
 # If necessary, you can define your own other access token here, which might even be for a different Matrix user.
 matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
 # The bot's password (can also be used to login via a client like element)
 matrix_bot_matrix_registration_bot_bot_password: ''

 # Optional variable that only needs to be set if the bot account is not admin
 # Needs to be a valid access token of an admin account
 matrix_bot_matrix_registration_bot_api_token: ''

 matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy"

 matrix_bot_matrix_registration_bot_logging_level: info
 matrix_bot_matrix_registration_environment_variables_extension: ''
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
@@ -0,0 +1,12 @@
 ---

 - name: Delete cache files
  ansible.builtin.file:
    state: "{{ item }}"
    path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - absent
    - directory
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
@@ -18,3 +18,9 @@
  block:
    - when: not matrix_bot_matrix_registration_bot_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

 - tags:
    - bot-matrix-registration-bot-clean-cache
  block:
    - when: matrix_bot_matrix_registration_bot_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml"
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -9,7 +9,7 @@
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
    - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
  when: "item.when | bool"

--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@@ -5,6 +5,13 @@
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_bot_matrix_registration_bot_bot_password"

 - name: (Deprecation) Catch and report old settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot.
  when: "item in vars"
  with_items:
    - "matrix_bot_matrix_registration_bot_bot_access_token"
    - "matrix_bot_matrix_registration_bot_api_token"
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
@@ -1,12 +1,16 @@
 bot:
  server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
  username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
  access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
  password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}

 api:
  # API endpoint of the registration tokens
  base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
  # Access token of an administrator on the server
 {% if matrix_bot_matrix_registration_bot_api_token | length > 0 %}
  token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
 {% endif %}

 logging:
  level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}

--- a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2
+++ b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2
@@ -60,7 +60,7 @@ server:
 homeservers:
  {{  matrix_domain }}:
    # Client-server API URL
        url: "https://{{ matrix_server_fqn_matrix }}"
        url: {{ matrix_homeserver_container_url | to_json }}
    # registration_shared_secret from synapse config
    # You can leave this empty if you don't have access to the homeserver.
    # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will.
--- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser

 # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
 matrix_appservice_irc_version: 0.38.0
 matrix_appservice_irc_version: 1.0.1
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
 matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps

 # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
 matrix_appservice_slack_version: 2.0.2
 matrix_appservice_slack_version: 2.1.2
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}"
 matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_heisenbridge_enabled: true

 matrix_heisenbridge_version: 1.14.3
 matrix_heisenbridge_version: 1.14.5
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"

 matrix_hookshot_version: 4.4.0
 matrix_hookshot_version: 4.4.1

 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
 matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"

 matrix_mautrix_discord_version: v0.6.0
 matrix_mautrix_discord_version: v0.6.1
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
 matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false
 matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git"
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"

 matrix_mautrix_gmessages_version: latest
 matrix_mautrix_gmessages_version: v0.1.0
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
 matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
@@ -286,13 +286,7 @@ bridge:

 # Logging config. See https://github.com/tulir/zeroconfig for details.
 logging:
    min_level: debug
    min_level: {{ matrix_mautrix_gmessages_logging_level }}
    writers:
    - type: stdout
      format: pretty-colored
    - type: file
      format: json
      filename: ./logs/mautrix-gmessages.log
      max_size: 100
      max_backups: 10
      compress: true
        - type: stdout
          format: pretty-colored
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"

 matrix_mautrix_whatsapp_version: v0.9.0
 matrix_mautrix_whatsapp_version: v0.10.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"

 matrix_client_element_version: v1.11.36
 matrix_client_element_version: v1.11.39
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
@@ -149,17 +149,17 @@ matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
 matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_permalinkPrefix: "https://matrix.to"  # noqa var-naming
 matrix_client_element_permalink_prefix: "https://matrix.to"  # noqa var-naming
 matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
 matrix_client_element_showLabsSettings: true  # noqa var-naming
 matrix_client_element_show_lab_settings: true  # noqa var-naming
 # Element public room directory server(s)
 matrix_client_element_roomdir_servers: ['matrix.org']
 matrix_client_element_room_directory_servers: ['matrix.org']
 matrix_client_element_welcome_user_id: ~
 # Branding of Element
 matrix_client_element_brand: "Element"

 # URL to Logo on welcome page
 matrix_client_element_welcome_logo: "welcome/images/logo.svg"
 matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg"

 # URL of link on welcome image
 matrix_client_element_welcome_logo_link: "https://element.io"
@@ -169,13 +169,13 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; col

 # Links, shown in footer of welcome page:
 # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
 matrix_client_element_branding_authFooterLinks: ~  # noqa var-naming
 matrix_client_element_branding_auth_footer_links: ~  # noqa var-naming

 # URL to image, shown during Login
 matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}"  # noqa var-naming
 matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}"  # noqa var-naming

 # URL to Wallpaper, shown in background of welcome page
 matrix_client_element_branding_welcomeBackgroundUrl: ~  # noqa var-naming
 matrix_client_element_branding_welcome_background_url: ~  # noqa var-naming

 matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"

@@ -183,7 +183,7 @@ matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/wel
 # point this to a `home.html` template file on your local filesystem.
 matrix_client_element_embedded_pages_home_path: ~

 matrix_client_element_jitsi_preferredDomain: ''  # noqa var-naming
 matrix_client_element_jitsi_preferred_domain: ''  # noqa var-naming

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_client_element_self_check_validate_certificates: true
@@ -207,14 +207,14 @@ matrix_client_element_themes_repository_version: master
 # Controls the default theme
 matrix_client_element_default_theme: 'light'

 # Controls the `settingsDefault.custom_themes` setting of the Element configuration.
 # Controls the `setting_defaults.custom_themes` setting of the Element configuration.
 # You can use this setting to define custom themes.
 #
 # Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
 # If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
 #
 # Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
 matrix_client_element_settingDefaults_custom_themes: []  # noqa var-naming
 matrix_client_element_setting_defaults_custom_themes: []  # noqa var-naming

 # Default Element configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
--- a/roles/custom/matrix-client-element/tasks/prepare_themes.yml
+++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml
@@ -30,7 +30,7 @@

    - name: Load Element theme
      ansible.builtin.set_fact:
        matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"  # noqa var-naming
        matrix_client_element_setting_defaults_custom_themes: "{{ matrix_client_element_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}"  # noqa var-naming
      with_items: "{{ matrix_client_element_theme_file_contents.results }}"

 #
--- a/roles/custom/matrix-client-element/tasks/validate_config.yml
+++ b/roles/custom/matrix-client-element/tasks/validate_config.yml
@@ -27,6 +27,22 @@
  with_items:
    - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'}

 - name: (Deprecation) Catch and report renamed element-web settings
  ansible.builtin.fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'}
    - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'}
    - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'}
    - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'}
    - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'}
    - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'}
    - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'}
    - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'}

 - when: matrix_client_element_container_labels_traefik_enabled | bool
  block:
    - name: Fail if required matrix-client-element Traefik settings not defined
--- a/roles/custom/matrix-client-element/templates/config.json.j2
+++ b/roles/custom/matrix-client-element/templates/config.json.j2
@@ -8,12 +8,12 @@
 			"base_url": {{ matrix_client_element_default_is_url | string | to_json }}
 		}
 	},
 	"settingDefaults": {
 		"custom_themes": {{ matrix_client_element_settingDefaults_custom_themes | to_json }}
 	"setting_defaults": {
 		"custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }}
 	},
 	"default_theme": {{ matrix_client_element_default_theme | string | to_json }},
 	"default_country_code": {{ matrix_client_element_default_country_code | string | to_json }},
 	"permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string | to_json }},
 	"permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }},
 	"disable_custom_urls": {{ matrix_client_element_disable_custom_urls | to_json }},
 	"disable_guests": {{ matrix_client_element_disable_guests | to_json }},
 	"brand": {{ matrix_client_element_brand | to_json }},
@@ -22,28 +22,28 @@
 	"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls | to_json }},
 	"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }},
 	"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }},
 	"showLabsSettings": {{ matrix_client_element_showLabsSettings | to_json }},
 	"roomDirectory": {
 		"servers": {{ matrix_client_element_roomdir_servers | to_json }}
 	"show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }},
 	"room_directory": {
 		"servers": {{ matrix_client_element_room_directory_servers | to_json }}
 	},
 	"welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }},
 	"welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }},
 	{% if matrix_client_element_enable_presence_by_hs_url is not none %}
 		"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }},
 	{% endif %}
 	"embeddedPages": {
 	"embedded_pages": {
 		"homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }}
 	},
 	{% if matrix_client_element_jitsi_preferredDomain %}
 	{% if matrix_client_element_jitsi_preferred_domain %}
 	"jitsi": {
        "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain | to_json }}
        "preferred_domain": {{ matrix_client_element_jitsi_preferred_domain | to_json }}
    },
 	{% endif %}
 	{% if matrix_client_element_location_sharing_enabled %}
 	"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json",
 	{% endif %}
 	"branding": {
 		"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks | to_json }},
 		"authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }},
 		"welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }}
 		"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }},
 		"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }},
 		"welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }}
 	}
 }
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@@ -6,7 +6,7 @@ matrix_conduit_enabled: true

 matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
 matrix_conduit_docker_image_name_prefix: "docker.io/"
 matrix_conduit_docker_image_tag: "v0.5.0"
 matrix_conduit_docker_image_tag: "v0.6.0"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"

 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"
--- a/roles/custom/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'

 matrix_dynamic_dns_version: v3.10.0-ls126
 matrix_dynamic_dns_version: v3.10.0-ls131

 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # Project source code URL: https://github.com/nginx/nginx
 matrix_nginx_proxy_enabled: true
 matrix_nginx_proxy_version: 1.25.1-alpine
 matrix_nginx_proxy_version: 1.25.2-alpine

 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
--- a/roles/custom/matrix-sliding-sync/defaults/main.yml
+++ b/roles/custom/matrix-sliding-sync/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_sliding_sync_enabled: true

 matrix_sliding_sync_version: v0.99.4
 matrix_sliding_sync_version: v0.99.5

 matrix_sliding_sync_scheme: https

--- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
@@ -25,7 +25,7 @@

 matrix_synapse_reverse_proxy_companion_enabled: true

 matrix_synapse_reverse_proxy_companion_version: 1.25.1-alpine
 matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine

 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -4,7 +4,7 @@

 matrix_synapse_enabled: true

 matrix_synapse_version: v1.88.0
 matrix_synapse_version: v1.90.0

 matrix_synapse_username: ''
 matrix_synapse_uid: ''
--- a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml
@@ -4,6 +4,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_encryption_disabler_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
@@ -12,6 +14,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
@@ -20,6 +24,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
@@ -28,6 +34,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_password_provider_ldap_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml"
@@ -36,6 +44,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
@@ -44,6 +54,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
@@ -52,6 +64,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
--- a/roles/custom/matrix-synapse/tasks/setup_install.yml
+++ b/roles/custom/matrix-synapse/tasks/setup_install.yml
@@ -26,6 +26,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml"

@@ -34,6 +36,8 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_synapse_workers_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
@@ -41,12 +45,16 @@
 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml"

 - tags:
    - setup-all
    - setup-synapse
    - install-all
    - install-synapse
  block:
    - when: matrix_s3_media_store_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -2351,7 +2351,7 @@ email:
  # must present a certificate that is valid for 'smtp_host'. If this option
  # is set to false, TLS will not be used.
  #
  #enable_tls: false
  enable_tls: {{ matrix_synapse_email_smtp_enable_tls|to_json }}

  # notif_from defines the "From" address to use when sending emails.
  # It must be set if email sending is enabled.
--- a/roles/custom/matrix-synapse/vars/main.yml
+++ b/roles/custom/matrix-synapse/vars/main.yml
@@ -5,6 +5,9 @@ matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn

 matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}"

 # Optionally: `false` to fully disable tls on outbound smtp
 matrix_synapse_email_smtp_enable_tls: true

 # A Synapse generic worker can handle both federation and client-server API endpoints.
 # We wish to split these, as we normally serve federation separately and don't want them mixed up.
 #
--- a/roles/custom/matrix-user-verification-service/defaults/main.yml
+++ b/roles/custom/matrix-user-verification-service/defaults/main.yml
@@ -18,6 +18,14 @@ matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_
 matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service:{{ matrix_user_verification_service_version }}"
 matrix_user_verification_service_docker_image_force_pull: "{{ matrix_user_verification_service_docker_image.endswith(':latest') }}"

 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_user_verification_service_container_network: "{{ matrix_docker_network }}"

 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_user_verification_service_container_additional_networks: []

 matrix_user_verification_service_container_name: "matrix-user-verification-service"
 # This will be set in group vars
 matrix_user_verification_service_container_http_host_bind_port: ''
--- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml
+++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml
@@ -30,6 +30,11 @@
    group: "{{ matrix_user_groupname }}"
    mode: 0644

 - name: Ensure matrix-user-verification-service container network is created
  community.general.docker_network:
    name: "{{ matrix_user_verification_service_container_network }}"
    driver: bridge

 - name: Ensure matrix-user-verification-service.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-user-verification-service.service.j2"
--- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2
+++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2
@@ -17,12 +17,14 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null'


 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name  {{ matrix_user_verification_service_container_name }}\
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
 			--rm \
 			--name={{ matrix_user_verification_service_container_name }} \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			--network={{ matrix_user_verification_service_container_network }} \
 			{% if matrix_user_verification_service_container_http_host_bind_port %}
 			-p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \
 			{% endif %}
@@ -32,6 +34,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
 			{% endfor %}
 			{{ matrix_user_verification_service_docker_image }}

 {% for network in matrix_user_verification_service_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }}
 {% endfor %}

 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null'
 Restart=always