Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

6 лет назад · 8a0c3146d3
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,38 @@
 # 2020-01-30

 ## Disabling TLSv1.1

 To improve security, we've removed TLSv1.1 support from our default matrix-nginx-proxy configuration.

 If you need to support old clients, you can re-enable it with the following configuration: `matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"`


 # 2020-01-21

 ## Postgres collation changes (action required!)

 By default, we've been using a UTF-8 collation for Postgres. This is known to cause Synapse some troubles (see the [relevant issue](https://github.com/matrix-org/synapse/issues/6722)) on systems that use [glibc](https://www.gnu.org/software/libc/). We run Postgres in an [Alpine Linux](https://alpinelinux.org/) container (which uses [musl](https://www.musl-libc.org/), and not glibc), so our users are likely not affected by the index corruption problem observed by others.

 Still, we might become affected in the future. In any case, it's imminent that Synapse will complain about databases which do not use a C collation.

 To avoid future problems, we recommend that you run the following command:

 ```
 ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres --extra-vars='{"postgres_force_upgrade": true}'
 ```

 It forces a [Postgres database upgrade](docs/maintenance-postgres.md#upgrading-postgresql), which would recreate your Postgres database using the proper (`C`) collation. If you are low on disk space, or run into trouble, refer to the Postgres database upgrade documentation page.


 # 2020-01-14

 ## Added support for Appservice Webhooks

 Thanks to a contribution from [Björn Marten](https://github.com/tripleawwy) from [netresearch](https://www.netresearch.de/), the playbook can now install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. This bridge provides support for Slack-compatible webhooks.

 Learn more in [Setting up Appservice Webhooks](docs/configuring-playbook-bridge-appservice-webhooks.md).


 # 2020-01-12

 ## Added support for automatic Double Puppeting for all Mautrix bridges
--- a/README.md
+++ b/README.md
@@ -44,12 +44,14 @@ Using this playbook, you can get the following services configured on your serve

 - (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)

 - (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
 - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)

 - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)

 - (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)

 - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)

 - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms

 - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
@@ -132,12 +134,14 @@ This playbook sets up your server using the following Docker images:

 - [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)

 - [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
 - [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)

 - [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)

 - [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)

 - [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)

 - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)


--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -9,9 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv

 ## Supported Ansible versions

 Ansible 2.5 or newer is required.

 If you're on Ansible 2.5.x, due to bugs in Ansible 2.5.0 and 2.5.1, at least Ansible 2.5.2 is required.
 Ansible 2.5.2 or newer is required.


 ## Checking your Ansible version
@@ -28,7 +26,7 @@ If you're on an old version of Ansible, you should [upgrade Ansible to a newer v

 Depending on your distribution, you may be able to upgrade Ansible in a few different ways:

 - by using an additional repository (PPA, etc.), which provides newer Ansible versions
 - by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.

 - by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).

--- a/docs/configuring-playbook-bridge-appservice-irc.md
+++ b/docs/configuring-playbook-bridge-appservice-irc.md
@@ -1,8 +1,8 @@
 # Setting up Appservice IRC (optional)

 The playbook can install and configure [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) for you.
 The playbook can install and configure [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) for you.

 See the project's [documentation](https://github.com/TeDomum/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.
 See the project's [documentation](https://github.com/matrix-org/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.

 You'll need to use the following playbook configuration:

--- a/docs/configuring-playbook-bridge-appservice-webhooks.md
+++ b/docs/configuring-playbook-bridge-appservice-webhooks.md
@@ -0,0 +1,61 @@
 # Setting up Appservice Webhooks (optional)

 The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you.

 This bridge provides support for Slack-compatible webhooks.

 Setup Instructions:

 loosely based on [this](https://github.com/turt2live/matrix-appservice-webhooks/blob/master/README.md)

 1. All you basically need is to adjust your `inventory/host_vars/matrix.<domain-name>/vars.yml`:

 ```yaml
 matrix_appservice_webhooks_enabled: true
 matrix_appservice_webhooks_api_secret: '<your_secret>'
 ```

 2. In case you want to change the verbosity of logging via `journalctl -fu matrix-appservice-webhooks.service`
 you can adjust this in `inventory/host_vars/matrix.<domain-name>/vars.yml` as well.

 *Note*: default value is: `info` and availabe log levels are : `info`, `verbose`

 ```yaml
 matrix_appservice_webhooks_log_level: '<log_level>'
 ```

 3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.

 4. Invite the bridge bot user to your room:

    - either with `/invite @_webhook:<domain.name>` (*Note*: Make sure you have administration permissions in your room)

    - or simply add the bridge bot to a private channel (personal channels imply you being an administrator)

 5. Send a message to the bridge bot in order to receive a private message including the webhook link.
 ```
 !webhook
 ```

 6. The JSON body for posting messages will have to look like this:
 ```json
 {
    "text": "Hello world!",
    "format": "plain",
    "displayName": "My Cool Webhook",
    "avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
 }
 ```

 You can test this via curl like so:

 ```
 curl --header "Content-Type: application/json" \
 --data '{
 "text": "Hello world!",
 "format": "plain",
 "displayName": "My Cool Webhook",
 "avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
 }' \
 <the link you've gotten in 5.>
 ```
--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@@ -52,7 +52,7 @@ Note that if your nginx version is old, it might not like our default choice of

 ```yaml
 # Custom protocol list (removing `TLSv1.3`) to suit your nginx version.
 matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
 matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
 ```


--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -93,4 +93,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins

 - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)

 - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)

 - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
--- a/docs/installing.md
+++ b/docs/installing.md
@@ -8,9 +8,11 @@ Run this as-is to set up a server:
 ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
 ```

 This **doesn't start any services just yet** (another step does this later - below).
 **Note**: if you don't use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.

 Feel free to **re-run this any time** you think something is off with the server configuration.
 The above command **doesn't start any services just yet** (another step does this later - below).

 Feel free to **re-run this setup command any time** you think something is off with the server configuration.


 ## Things you might want to do after installing
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@@ -42,7 +42,7 @@ docker run \
 --rm \
 --network=matrix \
 --env-file=/matrix/postgres/env-postgres-psql \
 postgres:12.0-alpine \
 postgres:12.1-alpine \
 pg_dumpall -h matrix-postgres \
 | gzip -c \
 > /postgres.sql.gz
--- a/docs/registering-users.md
+++ b/docs/registering-users.md
@@ -24,11 +24,14 @@ If you've just installed Matrix, **to finalize the installation process**, it's

 -----

 The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user's privileges:

 ## Adding/Removing Administrator privileges to an existing user.  

 The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.

 * log on to your server with ssh
 * execute with the username:
 * execute with the username and 0/1 (0 = non-admin | 1 = admin)

 ```
 /usr/local/bin/matrix-make-user-admin <username>
 /usr/local/bin/matrix-change-user-admin-status <username> <0/1>
 ```
--- a/docs/updating-users-passwords.md
+++ b/docs/updating-users-passwords.md
@@ -34,7 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.

 Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password

 This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not.
 This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* 

 If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). 

 ### Example:
 To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
--- a/examples/apache/matrix-dimension.conf
+++ b/examples/apache/matrix-dimension.conf
@@ -26,7 +26,7 @@
 	SSLCertificateKeyFile /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem

 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

 	ProxyPreserveHost On
--- a/examples/apache/matrix-riot-web.conf
+++ b/examples/apache/matrix-riot-web.conf
@@ -26,7 +26,7 @@
 	SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem

 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

 	ProxyPreserveHost On
--- a/examples/apache/matrix-synapse.conf
+++ b/examples/apache/matrix-synapse.conf
@@ -26,7 +26,7 @@
 	SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem

 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

 	ProxyPreserveHost On
@@ -103,7 +103,7 @@ Listen 8448
 	SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem

 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

 	ProxyPreserveHost On
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -60,6 +60,40 @@ matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_k
 ######################################################################


 ######################################################################
 #
 # matrix-appservice-webhooks
 #
 ######################################################################

 # We don't enable bridges by default.
 matrix_appservice_webhooks_enabled: false

 # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
 # matrix-appservice-webhooks' client-server port to the local host.
 matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_webhooks_webhooks_port }}' }}"

 matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}"

 matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"

 matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}"

 matrix_appservice_webhooks_systemd_required_services_list: |
  {{
    ['docker.service']
    +
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}

 ######################################################################
 #
 # /matrix-appservice-webhooks
 #
 ######################################################################


 ######################################################################
 #
 # matrix-appservice-slack
@@ -74,11 +108,11 @@ matrix_appservice_slack_enabled: false
 # matrix-appservice-slack's client-server port to the local host.
 matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_slack_slack_port }}' }}"

 matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-appservice-token') | to_uuid }}"
 matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}"

 matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-homeserver-token') | to_uuid }}"
 matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}"

 matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-id-token') | to_uuid }}"
 matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}"

 matrix_appservice_slack_systemd_required_services_list: |
  {{
@@ -604,7 +638,6 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
 matrix_synapse_email_smtp_port: 8025
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
 matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"

 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.
--- a/roles/matrix-base/tasks/server_base/setup_debian.yml
+++ b/roles/matrix-base/tasks/server_base/setup_debian.yml
@@ -28,7 +28,7 @@
  apt:
    name:
      - bash-completion
      - python-docker
      - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
      - ntp
      - fuse
    state: latest
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@@ -3,7 +3,7 @@

 matrix_appservice_irc_enabled: true

 matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
 matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.14.1"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
@@ -377,11 +377,6 @@ matrix_appservice_irc_configuration_yaml: |
    enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}

  ircService:
    # The nedb database URI to connect to. This is the name of the directory to
    # dump .db files to. This is relative to the project directory.
    # Required.
    databaseUri: "nedb:///data"

    # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
    # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
    # the database.
@@ -474,6 +469,15 @@ matrix_appservice_irc_configuration_yaml: |
    # enough for the vast majority of use cases.
    maxHttpSockets: 1000

  # Use an external database to store bridge state.
  database:
    # database engine (must be 'postgres' or 'nedb'). Default: nedb
    engine: "nedb"
    # Either a PostgreSQL connection string, or a path to the NeDB storage directory.
    # For postgres, it must start with postgres://
    # For NeDB, it must start with nedb://. The path is relative to the project directory.
    connectionString: "nedb:///data"

 matrix_appservice_irc_configuration_extension_yaml: |
  # Your custom YAML configuration for Appservice IRC servers goes here.
  # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
--- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -98,13 +98,15 @@
    --cap-drop=ALL
    -v {{ matrix_appservice_irc_config_path }}:/config:z
    -v {{ matrix_appservice_irc_data_path }}:/data:z
    --entrypoint=/bin/bash
    {{ matrix_appservice_irc_docker_image }}
    node app.js
    -c
    'node app.js
    -r
    -f /config/registration-template.yaml
    -u "http://matrix-appservice-irc:9999"
    -c /config/config.yaml
    -l irc_bot
    -l irc_bot'
  changed_when: false

 - name: Read Appservice IRC registration-template.yaml
--- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@@ -30,8 +30,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
 			{% for arg in matrix_appservice_irc_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			--entrypoint=/bin/bash \
 			{{ matrix_appservice_irc_docker_image }} \
 			-c /config/config.yaml -f /config/registration.yaml -p 9999
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'

 ExecStop=-/usr/bin/docker kill matrix-appservice-irc
 ExecStop=-/usr/bin/docker rm matrix-appservice-irc
--- a/roles/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml
@@ -3,7 +3,7 @@

 matrix_appservice_slack_enabled: true

 matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.0.2"
 matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

 matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
@@ -51,24 +51,6 @@ matrix_appservice_slack_configuration_yaml: |
    bot_username: "{{ matrix_appservice_slack_bot_name }}"
    username_prefix: {{ matrix_appservice_slack_user_prefix }}

    # Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise.
    rtm:
      # Use the RTM API to listen for requests, which does not require
      # the bridge to listen on the hook port.
      # You should leave this enabled, unless you plan to use the
      # bridge exclusively for webhooks.
      enable: true
      logging: "silent" # Logging level specific to RTM traffic.
      # A prefix similar to inbound_uri_prefix for oauth2 requests. inbound_uri_prefix will be used if this is not set
      # Optional
      # redirect_prefix: "https://my.server.here:9898/mycustomoauthendpoint"

    # Allow users to add channels dynamically by using oauth, or puppet themselves.
    # Optional
    oauth2:
      client_id: ""
      client_secret: ""

    homeserver:
        media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
        url: "{{ matrix_appservice_slack_homeserver_url }}"
--- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml
@@ -0,0 +1,105 @@
 # matrix-appservice-webhooks is a Matrix <-> webhook bridge
 # See: https://github.com/turt2live/matrix-appservice-webhooks

 matrix_appservice_webhooks_enabled: true

 matrix_appservice_webhooks_docker_image: "turt2live/matrix-appservice-webhooks:latest"
 matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"

 matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
 matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config"
 matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data"

 # If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789")
 matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
 matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"

 # Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
 matrix_appservice_webhooks_control_room_id: ''
 matrix_appservice_webhooks_bot_name: 'webhookbot'
 matrix_appservice_webhooks_user_prefix: '_webhook'

 # Controls the webhooks_PORT and MATRIX_PORT of the installation
 matrix_appservice_webhooks_matrix_port: 6789
 matrix_appservice_webhooks_webhooks_port: 6788

 # Controls whether the appservice-webhooks container exposes its HTTP port (tcp/6788 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
 matrix_appservice_webhooks_container_http_host_bind_port: ''

 matrix_appservice_webhooks_homeserver_media_url: "matrix.{{ matrix_domain }}"
 matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008"
 matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
 matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'

 # A list of extra arguments to pass to the container
 matrix_appservice_webhooks_container_extra_arguments: []

 # List of systemd services that matrix-appservice-webhooks.service depends on.
 matrix_appservice_webhooks_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']

 # List of systemd services that matrix-appservice-webhooks.service wants
 matrix_appservice_webhooks_systemd_wanted_services_list: []

 matrix_appservice_webhooks_appservice_token: ''
 matrix_appservice_webhooks_homeserver_token: ''
 matrix_appservice_webhooks_id_token: ''
 matrix_appservice_webhooks_api_secret: ''

 # Logging information (info and verbose is available) default is: info
 matrix_appservice_webhooks_log_level: 'info'

 matrix_appservice_webhooks_configuration_yaml: |

  # Configuration specific to the application service. All fields (unless otherwise marked) are required.
  homeserver:
    # The domain for the client-server API calls.
    url: "{{ matrix_appservice_webhooks_homeserver_url }}"

    # The domain part for user IDs on this home server. Usually, but not always, this is the same as the
    # home server's URL.
    domain: "{{ matrix_domain }}"

  # Configuration specific to the bridge. All fields (unless otherwise marked) are required.
  webhookBot:
    # The localpart to use for the bot. May require re-registering the application service.
    localpart: "_webhook"

  # Provisioning API options
  provisioning:
    # Your secret for the API. Required for all provisioning API requests.
    secret: '{{ matrix_appservice_webhooks_api_secret }}'

  # Configuration related to the web portion of the bridge. Handles the inbound webhooks
  web:
    hookUrlBase:  "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"

  logging:
    console: true
    consoleLevel: {{ matrix_appservice_webhooks_log_level }}
    writeFiles: false

 matrix_appservice_webhooks_configuration_extension_yaml: |
  #

 matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml|from_yaml if matrix_appservice_webhooks_configuration_extension_yaml|from_yaml else {} }}"

 matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml|from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}"

 matrix_appservice_webhooks_registration_yaml: |
  id: "{{ matrix_appservice_webhooks_id_token }}"
  hs_token: "{{ matrix_appservice_webhooks_homeserver_token }}"
  as_token: "{{ matrix_appservice_webhooks_appservice_token }}"
  namespaces:
    users:
      - exclusive: true
        regex: '^@{{ matrix_appservice_webhooks_user_prefix | regex_escape }}.*:{{ matrix_domain | regex_escape }}$'
    aliases: []
    rooms: []
  url: "{{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}"
  sender_localpart: _webhook
  rate_limited: false
  protocols: null

 matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml
@@ -0,0 +1,78 @@
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks'] }}"
  when: matrix_appservice_webhooks_enabled|bool

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/matrix-appservice-webhooks-registration.yaml"] }}
  when: matrix_appservice_webhooks_enabled|bool

 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"

 - block:
  - name: Fail if matrix-nginx-proxy role already executed
    fail:
      msg: >-
        Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
        but it's pointless since the matrix-nginx-proxy role had already executed.
        To fix this, please change the order of roles in your plabook,
        so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
    when: matrix_nginx_proxy_role_executed|default(False)|bool

  - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
    set_fact:
      matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
        location {{ matrix_appservice_webhooks_public_endpoint }}/ {
        {% if matrix_nginx_proxy_enabled|default(False) %}
        {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          proxy_pass {{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}/;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
        {% endif %}
        }

  - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
    set_fact:
      matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
        {{
          matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
          +
          [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
        }}
  tags:
   - always
  when: matrix_appservice_webhooks_enabled|bool

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  debug:
    msg: >-
      NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
      URL endpoint to the matrix-appservice-webhooks container.
      You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
  when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined"
--- a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/main.yml
@@ -0,0 +1,21 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
  tags:
    - setup-all
    - setup-appservice-webhooks

 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
  tags:
    - setup-all
    - setup-appservice-webhooks

 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_appservice_webhooks_enabled|bool"
  tags:
    - setup-all
    - setup-appservice-webhooks
--- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
@@ -0,0 +1,64 @@
 ---

 - name: Ensure Appservice webhooks image is pulled
  docker_image:
    name: "{{ matrix_appservice_webhooks_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}"

 - name: Ensure AppService webhooks paths exist
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
  with_items:
    - "{{ matrix_appservice_webhooks_base_path }}"
    - "{{ matrix_appservice_webhooks_config_path }}"
    - "{{ matrix_appservice_webhooks_data_path }}"

 - name: Ensure Matrix Appservice webhooks config is installed
  copy:
    content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

 - name: Ensure Matrix Appservice webhooks schema.yml template exists
  template:
    src: "{{ role_path }}/templates/schema.yml.j2"
    dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

 - name: Ensure Matrix Appservice webhooks database.json template exists
  template:
    src: "{{ role_path }}/templates/database.json.j2"
    dest: "{{ matrix_appservice_webhooks_data_path }}/database.json"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

 - name: Ensure appservice-webhooks registration.yaml installed
  copy:
    content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

 - name: Ensure matrix-appservice-webhooks.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
    dest: "/etc/systemd/system/matrix-appservice-webhooks.service"
    mode: 0644
  register: matrix_appservice_webhooks_systemd_service_result

 - name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation
  service:
    daemon_reload: yes
  when: "matrix_appservice_webhooks_systemd_service_result.changed"
--- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
@@ -0,0 +1,24 @@
 ---

 - name: Check existence of matrix-appservice-webhooks service
  stat:
    path: "/etc/systemd/system/matrix-appservice-webhooks.service"
  register: matrix_appservice_webhooks_service_stat

 - name: Ensure matrix-appservice-webhooks is stopped
  service:
    name: matrix-appservice-webhooks
    state: stopped
    daemon_reload: yes
  when: "matrix_appservice_webhooks_service_stat.stat.exists"

 - name: Ensure matrix-appservice-webhooks.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-appservice-webhooks.service"
    state: absent
  when: "matrix_appservice_webhooks_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal
  service:
    daemon_reload: yes
  when: "matrix_appservice_webhooks_service_stat.stat.exists"
--- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml
@@ -0,0 +1,12 @@
 ---

 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_appservice_webhooks_appservice_token"
    - "matrix_appservice_webhooks_homeserver_token"
    - "matrix_appservice_webhooks_id_token"
    - "matrix_appservice_webhooks_api_secret"
--- a/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2
+++ b/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2
@@ -0,0 +1,13 @@
 {
  "defaultEnv": {
    "ENV": "NODE_ENV"
  },
  "development": {
    "driver": "sqlite3",
    "filename": "/data/development.db"
  },
  "production": {
    "driver": "sqlite3",
    "filename": "/data/production.db"
  }
 }
--- a/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2
+++ b/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2
@@ -0,0 +1,54 @@
 "$schema": "http://json-schema.org/draft-04/schema#"
 type: "object"
 properties:
  provisioning:
    type: "object"
    properties:
      secret:
        type: "string"
  homeserver:
    type: "object"
    properties:
      domain:
        type: "string"
      url:
        type: "string"
      mediaUrl:
        type: "string"
  web:
    type: "object"
    properties:
      hookUrlBase:
        type: "string"
  webhookBot:
    type: "object"
    properties:
      localpart:
        type: "string"
      appearance:
        type: "object"
        properties:
          displayName:
            type: "string"
          avatarUrl:
            type: "string"
  logging:
    type: "object"
    properties:
      file:
        type: "string"
      console:
        type: "boolean"
      consoleLevel:
        type: "string"
      fileLevel:
        type: "string"
      writeFiles:
        type: "boolean"
      rotate:
        type: "object"
        properties:
          size:
            type: "number"
          count:
            type: "number"
--- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
+++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
@@ -0,0 +1,43 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Appservice webhooks server
 {% for service in matrix_appservice_webhooks_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_appservice_webhooks_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}

 [Service]
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
 ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks

 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre=/bin/sleep 5

 ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_appservice_webhooks_container_http_host_bind_port %}
 			-p {{ matrix_appservice_webhooks_container_http_host_bind_port }}:{{matrix_appservice_webhooks_matrix_port}} \
 			{% endif %}
 			-v {{ matrix_appservice_webhooks_config_path }}:/config:z \
 			-v {{ matrix_appservice_webhooks_data_path }}:/data:z \
 			{% for arg in matrix_appservice_webhooks_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_appservice_webhooks_docker_image }} \
 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml

 ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
 ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-webhooks

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -4,7 +4,7 @@
 matrix_mautrix_telegram_enabled: true

 # See: https://mau.dev/tulir/mautrix-telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.1"
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
--- a/roles/matrix-corporal/tasks/self_check_corporal.yml
+++ b/roles/matrix-corporal/tasks/self_check_corporal.yml
@@ -6,7 +6,7 @@
 - name: Check Matrix Corporal HTTP gateway
  uri:
    url: "{{ corporal_client_api_url_endpoint_public }}"
    follow_redirects: false
    follow_redirects: none
    return_content: true
  register: result_corporal_client_api
  ignore_errors: true
--- a/roles/matrix-mxisd/tasks/self_check_mxisd.yml
+++ b/roles/matrix-mxisd/tasks/self_check_mxisd.yml
@@ -6,7 +6,7 @@
 - name: Check mxisd Identity Service
  uri:
    url: "{{ mxisd_url_endpoint_public }}"
    follow_redirects: false
    follow_redirects: none
    validate_certs: "{{ matrix_mxisd_self_check_validate_certificates }}"
  register: result_mxisd
  ignore_errors: true
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -152,15 +152,27 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_s
 # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
 matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"

 # A list of strings containing additional configuration blocks to add to the matrix domain's server configuration.
 # A list of strings containing additional configuration blocks to add to the nginx http's server configuration.
 matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
 matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
 matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
 matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []

 # Specifies when to reload the matrix-nginx-proxy service so that
 # a new SSL certificate could go into effect.
 matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"

 # Specifies which SSL protocols to use when serving Riot and Synapse
 matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
 matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_nginx_proxy_self_check_validate_certificates: true
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
@@ -6,7 +6,7 @@
      - path: /.well-known/matrix/client
        purpose: Client Discovery
        cors: true
        follow_redirects: false
        follow_redirects: none
        validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"

 - block:
@@ -15,7 +15,7 @@
          path: /.well-known/matrix/server
          purpose: Server Discovery
          cors: false
          follow_redirects: true
          follow_redirects: safe
          validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"

    - name: Determine domains that we require certificates for (mxisd)
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
@@ -9,7 +9,7 @@
 - name: Check .well-known on the matrix hostname
  uri:
    url: "{{ well_known_url_matrix }}"
    follow_redirects: false
    follow_redirects: none
    return_content: true
    validate_certs: "{{ well_known_file_check.validate_certs }}"
  register: result_well_known_matrix
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2
@@ -3,6 +3,9 @@
 {% macro render_vhost_directives() %}
 	gzip on;
 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
 {% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
 	{{- configuration_block }}
 {% endfor %}

 	location / {
 		{% if matrix_nginx_proxy_enabled %}
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
@@ -5,6 +5,9 @@

 	gzip on;
 	gzip_types text/plain application/json;
 	{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}

 	location /.well-known/matrix {
 		root {{ matrix_static_files_base_path }};
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2
@@ -3,6 +3,9 @@
 {% macro render_vhost_directives() %}
 	gzip on;
 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
 	{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}

 	location / {
 		{% if matrix_nginx_proxy_enabled %}
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2
@@ -3,4 +3,7 @@
 # which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
 #
 # Thus, we ensure a larger bucket size value is used.
 server_names_hash_bucket_size 64;
 server_names_hash_bucket_size 64;
 {% for configuration_block in matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks %}
 	{{- configuration_block }}
 {% endfor %}
--- a/roles/matrix-postgres/tasks/setup_postgres.yml
+++ b/roles/matrix-postgres/tasks/setup_postgres.yml
@@ -73,13 +73,19 @@
    mode: 0750
  when: matrix_postgres_enabled|bool

 - name: Ensure matrix-make-user-admin script created
 - name: Ensure matrix-change-user-admin-status script created
  template:
    src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2"
    dest: "/usr/local/bin/matrix-make-user-admin"
    src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"
    dest: "/usr/local/bin/matrix-change-user-admin-status"
    mode: 0750
  when: matrix_postgres_enabled|bool

 - name: (Migration) Ensure old matrix-make-user-admin script deleted
  file:
    path: "/usr/local/bin/matrix-make-user-admin"
    state: absent
  when: matrix_postgres_enabled|bool

 - name: Ensure matrix-postgres-update-user-password-hash script created
  template:
    src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
@@ -146,6 +152,6 @@
    state: absent
  with_items:
    - matrix-postgres-cli
    - matrix-make-user-admin
    - matrix-change-user-admin-status
    - matrix-postgres-update-user-password-hash
  when: "not matrix_postgres_enabled|bool"
--- a/roles/matrix-postgres/tasks/upgrade_postgres.yml
+++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml
@@ -20,6 +20,11 @@
    postgres_start_wait_time: 15
  when: "postgres_start_wait_time|default('') == ''"

 - name: Set postgres_force_upgrade, if not provided
  set_fact:
    postgres_force_upgrade: false
  when: "postgres_force_upgrade|default('') == ''"

 - name: Fail, if trying to upgrade external Postgres database
  fail:
    msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
@@ -45,7 +50,7 @@
 - name: Abort, if already at latest Postgres version
  fail:
    msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do"
  when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest"
  when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade"

 - debug:
    msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}"
--- a/roles/matrix-postgres/templates/env-postgres-server.j2
+++ b/roles/matrix-postgres/templates/env-postgres-server.j2
@@ -1,4 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 POSTGRES_USER={{ matrix_postgres_connection_username }}
 POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
 POSTGRES_DB={{ matrix_postgres_db_name }}
 POSTGRES_DB={{ matrix_postgres_db_name }}
 # Synapse refuses to run if collation is not C.
 # See https://github.com/matrix-org/synapse/issues/6722
 POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8
--- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
+++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
@@ -0,0 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 #!/bin/bash

 if [ $# -ne 2 ]; then
 	echo "Usage: "$0" <username> <0/1>"
 	echo "Usage: 0 = non-admin"
 	echo "Usage: 1 = admin"
 	exit 1
 fi

 docker run \
 	-it \
 	--rm \
 	--user=991:991 \
 	--cap-drop=ALL \
 	--env-file=/matrix/postgres/env-postgres-psql \
 	--network matrix \
 	postgres:12.1-alpine \
 	psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
--- a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2
+++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2
@@ -1,17 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 #!/bin/bash

 if [ $# -ne 1 ]; then
 	echo "Usage: "$0" <username>"
 	exit 1
 fi

 docker run \
 	-it \
 	--rm \
 	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
    --cap-drop=ALL \
 	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
 	--network {{ matrix_docker_network }} \
 	{{ matrix_postgres_docker_image_to_use }} \
 	psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
--- a/roles/matrix-riot-web/defaults/main.yml
+++ b/roles/matrix-riot-web/defaults/main.yml
@@ -1,6 +1,6 @@
 matrix_riot_web_enabled: true

 matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.7"
 matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.8"
 matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"

 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
--- a/roles/matrix-riot-web/tasks/self_check_riot_web.yml
+++ b/roles/matrix-riot-web/tasks/self_check_riot_web.yml
@@ -6,7 +6,7 @@
 - name: Check riot-web
  uri:
    url: "{{ riot_web_url_endpoint_public }}"
    follow_redirects: false
    follow_redirects: none
    validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
  register: result_riot_web
  ignore_errors: true
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -3,7 +3,7 @@

 matrix_synapse_enabled: true

 matrix_synapse_docker_image: "matrixdotorg/synapse:v1.8.0"
 matrix_synapse_docker_image: "matrixdotorg/synapse:v1.9.1"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -259,13 +259,13 @@ matrix_synapse_email_smtp_host: ""
 matrix_synapse_email_smtp_port: 587
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
 matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
 matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"


 # Enable this to activate the REST auth password provider module.
 # See: https://github.com/kamax-io/matrix-synapse-rest-auth
 # See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
 matrix_synapse_ext_password_provider_rest_auth_enabled: false
 matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.2/rest_auth_provider.py"
 matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"
 matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
 matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
 matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
--- a/roles/matrix-synapse/tasks/self_check_client_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_client_api.yml
@@ -3,7 +3,7 @@
 - name: Check Matrix Client API
  uri:
    url: "{{ matrix_synapse_client_api_url_endpoint_public }}"
    follow_redirects: false
    follow_redirects: none
    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
  register: result_matrix_synapse_client_api
  ignore_errors: true
--- a/roles/matrix-synapse/tasks/self_check_federation_api.yml
+++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml
@@ -3,7 +3,7 @@
 - name: Check Matrix Federation API
  uri:
    url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
    follow_redirects: false
    follow_redirects: none
    validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
  register: result_matrix_synapse_federation_api
  ignore_errors: true
--- a/roles/matrix-synapse/tasks/validate_config.yml
+++ b/roles/matrix-synapse/tasks/validate_config.yml
@@ -15,6 +15,7 @@
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_synapse_email_riot_base_url', 'new': '<superseded by client_base_url>'}
    - {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
    - {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
    - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -392,17 +392,17 @@ retention:
  #
  # The rationale for this per-job configuration is that some rooms might have a
  # retention policy with a low 'max_lifetime', where history needs to be purged
  # of outdated messages on a very frequent basis (e.g. every 5min), but not want
  # that purge to be performed by a job that's iterating over every room it knows,
  # which would be quite heavy on the server.
  # of outdated messages on a more frequent basis than for the rest of the rooms
  # (e.g. every 12h), but not want that purge to be performed by a job that's
  # iterating over every room it knows, which could be heavy on the server.
  #
  #purge_jobs:
  #  - shortest_max_lifetime: 1d
  #    longest_max_lifetime: 3d
  #    interval: 5m:
  #    interval: 12h
  #  - shortest_max_lifetime: 3d
  #    longest_max_lifetime: 1y
  #    interval: 24h
  #    interval: 1d


 ## TLS ##
@@ -891,23 +891,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
 # Optional account validity configuration. This allows for accounts to be denied
 # any request after a given period.
 #
 # ``enabled`` defines whether the account validity feature is enabled. Defaults
 # to False.
 #
 # ``period`` allows setting the period after which an account is valid
 # after its registration. When renewing the account, its validity period
 # will be extended by this amount of time. This parameter is required when using
 # the account validity feature.
 #
 # ``renew_at`` is the amount of time before an account's expiry date at which
 # Synapse will send an email to the account's email address with a renewal link.
 # This needs the ``email`` and ``public_baseurl`` configuration sections to be
 # filled.
 #
 # ``renew_email_subject`` is the subject of the email sent out with the renewal
 # link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
 # from the ``email`` section.
 #
 # Once this feature is enabled, Synapse will look for registered users without an
 # expiration date at startup and will add one to every account it found using the
 # current settings at that time.
@@ -918,32 +901,55 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
 # date will be randomly selected within a range [now + period - d ; now + period],
 # where d is equal to 10% of the validity period.
 #
 #account_validity:
 #  enabled: True
 #  period: 6w
 #  renew_at: 1w
 #  renew_email_subject: "Renew your %(app)s account"
 #  # Directory in which Synapse will try to find the HTML files to serve to the
 #  # user when trying to renew an account. Optional, defaults to
 #  # synapse/res/templates.
 #  template_dir: "res/templates"
 #  # HTML to be displayed to the user after they successfully renewed their
 #  # account. Optional.
 #  account_renewed_html_path: "account_renewed.html"
 #  # HTML to be displayed when the user tries to renew an account with an invalid
 #  # renewal token. Optional.
 #  invalid_token_html_path: "invalid_token.html"
 account_validity:
  # The account validity feature is disabled by default. Uncomment the
  # following line to enable it.
  #
  #enabled: true

 # Time that a user's session remains valid for, after they log in.
 #
 # Note that this is not currently compatible with guest logins.
 #
 # Note also that this is calculated at login time: changes are not applied
 # retrospectively to users who have already logged in.
 #
 # By default, this is infinite.
 #
 #session_lifetime: 24h
  # The period after which an account is valid after its registration. When
  # renewing the account, its validity period will be extended by this amount
  # of time. This parameter is required when using the account validity
  # feature.
  #
  #period: 6w

  # The amount of time before an account's expiry date at which Synapse will
  # send an email to the account's email address with a renewal link. By
  # default, no such emails are sent.
  #
  # If you enable this setting, you will also need to fill out the 'email' and
  # 'public_baseurl' configuration sections.
  #
  #renew_at: 1w

  # The subject of the email sent out with the renewal link. '%(app)s' can be
  # used as a placeholder for the 'app_name' parameter from the 'email'
  # section.
  #
  # Note that the placeholder must be written '%(app)s', including the
  # trailing 's'.
  #
  # If this is not set, a default value is used.
  #
  #renew_email_subject: "Renew your %(app)s account"

  # Directory in which Synapse will try to find templates for the HTML files to
  # serve to the user when trying to renew an account. If not set, default
  # templates from within the Synapse package will be used.
  #
  #template_dir: "res/templates"

  # File within 'template_dir' giving the HTML to be displayed to the user after
  # they successfully renewed their account. If not set, default text is used.
  #
  #account_renewed_html_path: "account_renewed.html"

  # File within 'template_dir' giving the HTML to be displayed when the user
  # tries to renew an account with an invalid renewal token. If not set,
  # default text is used.
  #
  #invalid_token_html_path: "invalid_token.html"

 # The user must provide all of the below types of 3PID when registering.
 #
@@ -1378,107 +1384,123 @@ password_config:
   pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}



 # Enable sending emails for password resets, notification events or
 # account expiry notices
 #
 # If your SMTP server requires authentication, the optional smtp_user &
 # smtp_pass variables should be used
 #
 #email:
 #   enable_notifs: false
 #   smtp_host: "localhost"
 #   smtp_port: 25 # SSL: 465, STARTTLS: 587
 #   smtp_user: "exampleusername"
 #   smtp_pass: "examplepassword"
 #   require_transport_security: False
 #   notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
 #   app_name: Matrix
 #
 #   # Enable email notifications by default
 #   #
 #   notif_for_new_users: True
 #
 #   # Defining a custom URL for Riot is only needed if email notifications
 #   # should contain links to a self-hosted installation of Riot; when set
 #   # the "app_name" setting is ignored
 #   #
 #   riot_base_url: "http://localhost/riot"
 #
 #   # Configure the time that a validation email or text message code
 #   # will expire after sending
 #   #
 #   # This is currently used for password resets
 #   #
 #   #validation_token_lifetime: 1h
 #
 #   # Template directory. All template files should be stored within this
 #   # directory. If not set, default templates from within the Synapse
 #   # package will be used
 #   #
 #   # For the list of default templates, please see
 #   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
 #   #
 #   #template_dir: res/templates
 #
 #   # Templates for email notifications
 #   #
 #   notif_template_html: notif_mail.html
 #   notif_template_text: notif_mail.txt
 #
 #   # Templates for account expiry notices
 #   #
 #   expiry_template_html: notice_expiry.html
 #   expiry_template_text: notice_expiry.txt
 #
 #   # Templates for password reset emails sent by the homeserver
 #   #
 #   #password_reset_template_html: password_reset.html
 #   #password_reset_template_text: password_reset.txt
 #
 #   # Templates for registration emails sent by the homeserver
 #   #
 #   #registration_template_html: registration.html
 #   #registration_template_text: registration.txt
 #
 #   # Templates for validation emails sent by the homeserver when adding an email to
 #   # your user account
 #   #
 #   #add_threepid_template_html: add_threepid.html
 #   #add_threepid_template_text: add_threepid.txt
 #
 #   # Templates for password reset success and failure pages that a user
 #   # will see after attempting to reset their password
 #   #
 #   #password_reset_template_success_html: password_reset_success.html
 #   #password_reset_template_failure_html: password_reset_failure.html
 #
 #   # Templates for registration success and failure pages that a user
 #   # will see after attempting to register using an email or phone
 #   #
 #   #registration_template_success_html: registration_success.html
 #   #registration_template_failure_html: registration_failure.html
 #
 #   # Templates for success and failure pages that a user will see after attempting
 #   # to add an email or phone to their account
 #   #
 #   #add_threepid_success_html: add_threepid_success.html
 #   #add_threepid_failure_html: add_threepid_failure.html
 {% if matrix_synapse_email_enabled %}
 # Configuration for sending emails from Synapse.
 #
 email:
   enable_notifs: true
   smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
   smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
   require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
   notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
   app_name: Matrix
   notif_template_html: notif_mail.html
   notif_template_text: notif_mail.txt
   # Templates for account expiry notices.
   expiry_template_html: notice_expiry.html
   expiry_template_text: notice_expiry.txt
   notif_for_new_users: True
   riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }}
  # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
  #
  #smtp_host: mail.server
  smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}

  # The port on the mail server for outgoing SMTP. Defaults to 25.
  #
  #smtp_port: 587
  smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}

  # Username/password for authentication to the SMTP server. By default, no
  # authentication is attempted.
  #
  # smtp_user: "exampleusername"
  # smtp_pass: "examplepassword"

  # Uncomment the following to require TLS transport security for SMTP.
  # By default, Synapse will connect over plain text, and will then switch to
  # TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
  # Synapse will refuse to connect unless the server supports STARTTLS.
  #
  #require_transport_security: true
  require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}

  # Enable sending emails for messages that the user has missed
  #
  #enable_notifs: false
  enable_notifs: true

  # notif_from defines the "From" address to use when sending emails.
  # It must be set if email sending is enabled.
  #
  # The placeholder '%(app)s' will be replaced by the application name,
  # which is normally 'app_name' (below), but may be overridden by the
  # Matrix client application.
  #
  # Note that the placeholder must be written '%(app)s', including the
  # trailing 's'.
  #
  #notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
  notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}

  # app_name defines the default value for '%(app)s' in notif_from. It
  # defaults to 'Matrix'.
  #
  #app_name: my_branded_matrix_server
  app_name: Matrix

  # Uncomment the following to disable automatic subscription to email
  # notifications for new users. Enabled by default.
  #
  #notif_for_new_users: false
  notif_for_new_users: True

  # Custom URL for client links within the email notifications. By default
  # links will be based on "https://matrix.to".
  #
  # (This setting used to be called riot_base_url; the old name is still
  # supported for backwards-compatibility but is now deprecated.)
  #
  #client_base_url: "http://localhost/riot"
  client_base_url: {{ matrix_synapse_email_client_base_url|string|to_json }}

  # Configure the time that a validation email will expire after sending.
  # Defaults to 1h.
  #
  #validation_token_lifetime: 15m

  # Directory in which Synapse will try to find the template files below.
  # If not set, default templates from within the Synapse package will be used.
  #
  # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
  # If you *do* uncomment it, you will need to make sure that all the templates
  # below are in the directory.
  #
  # Synapse will look for the following templates in this directory:
  #
  # * The contents of email notifications of missed events: 'notif_mail.html' and
  #   'notif_mail.txt'.
  #
  # * The contents of account expiry notice emails: 'notice_expiry.html' and
  #   'notice_expiry.txt'.
  #
  # * The contents of password reset emails sent by the homeserver:
  #   'password_reset.html' and 'password_reset.txt'
  #
  # * HTML pages for success and failure that a user will see when they follow
  #   the link in the password reset email: 'password_reset_success.html' and
  #   'password_reset_failure.html'
  #
  # * The contents of address verification emails sent during registration:
  #   'registration.html' and 'registration.txt'
  #
  # * HTML pages for success and failure that a user will see when they follow
  #   the link in an address verification email sent during registration:
  #   'registration_success.html' and 'registration_failure.html'
  #
  # * The contents of address verification emails sent when an address is added
  #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
  #
  # * HTML pages for success and failure that a user will see when they follow
  #   the link in an address verification email sent when an address is added
  #   to a Matrix account: 'add_threepid_success.html' and
  #   'add_threepid_failure.html'
  #
  # You can see the default templates at:
  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
  #
  #template_dir: "res/templates"
  notif_template_html: notif_mail.html
  notif_template_text: notif_mail.txt
  expiry_template_html: notice_expiry.html
  expiry_template_text: notice_expiry.txt
 {% endif %}


--- a/setup.yml
+++ b/setup.yml
@@ -10,6 +10,7 @@
    - matrix-corporal
    - matrix-bridge-appservice-discord
    - matrix-bridge-appservice-slack
    - matrix-bridge-appservice-webhooks
    - matrix-bridge-appservice-irc
    - matrix-bridge-mautrix-facebook
    - matrix-bridge-mautrix-hangouts