Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

6 лет назад · 9874c3df90
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,47 @@
 # 2019-06-24
 ## (BC Break) WhatsApp bridge configuration is now entirely managed by the playbook
 Until now, configuration files for the [WhatsApp bridge](docs/configuring-playbook-bridge-mautrix-whatsapp.md) were created by the playbook initially, but never modified later on.
 From now on, the playbook will keep the configuration in sync for you.
 This means that if you were making manual changes to the `/matrix/mautrix-whatsapp/config.yaml` or `/matrix/mautrix-whatsapp/registration.yaml` configuration files, those would be lost the next time you run the playbook.
 The bridge now stores configuration in a subdirectory (`/matrix/mautrix-whatsapp/config`), so your old configuration remains in the base directory (`/matrix/mautrix-whatsapp`).
 You need to migrate any manual changes over to the new `matrix_mautrix_whatsapp_configuration_extension_yaml` variable, so that the playbook would apply them for you.
 Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/data`). When you run the playbook with an existing database file (`/matrix/mautrix-whatsapp/mautrix-whatsapp.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`).
 We're now following the default configuration for the WhatsApp bridge.
 # 2019-06-20
 ## (BC Break) IRC bridge configuration is now entirely managed by the playbook
 Until now, configuration files for the [IRC bridge](docs/configuring-playbook-bridge-appservice-irc.md) were created by the playbook initially, but never modified later on.
 From now on, the playbook will keep the configuration in sync for you.
 This means that if you were making manual changes to the `/matrix/appservice-irc/config.yaml` or `/matrix/appservice-irc/registration.yaml` configuration files, those would be lost the next time you run the playbook.
 The bridge now stores configuration in a subdirectory (`/matrix/appservice-irc/config`), so your old configuration remains in the base directory (`/matrix/appservice-irc`).
 Previously, we asked people to configure bridged IRC servers by extending the bridge configuration (`matrix_appservice_irc_configuration_extension_yaml`). While this is still possible and will continue working forever, **we now recommend defining IRC servers in the easier to use `matrix_appservice_irc_ircService_servers` variable**. See [our IRC bridge documentation page](docs/configuring-playbook-bridge-appservice-irc.md) for an example.
 If you decide to continue using `matrix_appservice_irc_configuration_extension_yaml`, you might be interested to know that `ircService.databaseUri` and a few other keys now have default values in the base configuration (`matrix_appservice_irc_configuration_yaml`). You may wish to stop redefining those keys, unless you really intend to override them. You most likely only need to override `ircService.servers`.
 Bridge data (`passkey.pem` and database files) is now also stored in a subdirectory (`/matrix/appservice-irc/data`).
 When you run the playbook with an existing `/matrix/appservice-irc/passkey.pem` file, the playbook will stop the bridge and relocate the passkey and database files (`rooms.db` and `users.db`) to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`).
 # 2019-06-15
 ## (BC Break) Telegram bridge configuration is now entirely managed by the playbook
 Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on.
 From now on, the playbook will keep those configuration in sync for you.
 From now on, the playbook will keep the configuration in sync for you.
 This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook.
@@ -44,7 +81,7 @@ Besides this optional/non-urgent DNS change, assuming you're already on Synapse
 Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on.
 From now on, the playbook will keep those configuration in sync for you.
 From now on, the playbook will keep the configuration in sync for you.
 This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook.
@@ -91,7 +128,7 @@ As always, if you forget to remove usage of some outdated variable, the playbook
 # 2019-05-23
 ## Ansible 2.8 compatibility
 ## (BC Break) Ansible 2.8 compatibility
 Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187).
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -50,7 +50,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
 devture/ansible:2.7.0-r1
 devture/ansible:2.8.1-r0
 ```
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
--- a/docs/configuring-playbook-bridge-appservice-irc.md
+++ b/docs/configuring-playbook-bridge-appservice-irc.md
@@ -8,69 +8,52 @@ You'll need to use the following playbook configuration:
 ```yaml
 matrix_appservice_irc_enabled: true
 matrix_appservice_irc_configuration_extension_yaml: |
  # Your custom YAML configuration for Appservice IRC servers goes here.
  # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_appservice_irc_configuration_yaml`.
  # 
  # For a full example configuration with comments, see `roles/matrix-synapse/defaults/main.yml`
  #
  # A simple example configuration extension follows:
  #
  ircService:
    databaseUri: "nedb:///data" # does not typically need modification
    passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
    matrixHandler:
      eventCacheSize: 4096
    servers:
      irc.example.com:
        name: "ExampleNet"
        port: 6697
        ssl: true
        sasl: false
        allowExpiredCerts: false
        sendConnectionMessages: true
        botConfig:
          enabled: true
          nick: "MatrixBot"
          joinChannelsIfNoUsers: true
        privateMessages:
          enabled: true
          federate: true
        dynamicChannels:
          enabled: true
          createAlias: true
          published: true
          joinRule: public
          groupId: +myircnetwork:localhost
          federate: true
          aliasTemplate: "#irc_$CHANNEL"
        membershipLists:
          enabled: false
          floodDelayMs: 10000
          global:
            ircToMatrix:
              initial: false
              incremental: false
            matrixToIrc:
              initial: false
              incremental: false
        matrixClients:
          userTemplate: "@irc_$NICK"
          displayName: "$NICK (IRC)"
          joinAttempts: -1
        ircClients:
          nickTemplate: "$DISPLAY[m]"
          allowNickChanges: true
          maxClients: 30
          idleTimeout: 10800
          reconnectIntervalMs: 5000
          concurrentReconnectLimit: 50
          lineLimit: 3
 matrix_appservice_irc_ircService_servers:
  irc.example.com:
    name: "ExampleNet"
    port: 6697
    ssl: true
    sasl: false
    allowExpiredCerts: false
    sendConnectionMessages: true
    botConfig:
      enabled: true
      nick: "MatrixBot"
      joinChannelsIfNoUsers: true
    privateMessages:
      enabled: true
      federate: true
    dynamicChannels:
      enabled: true
      createAlias: true
      published: true
      joinRule: public
      groupId: +myircnetwork:localhost
      federate: true
      aliasTemplate: "#irc_$CHANNEL"
    membershipLists:
      enabled: false
      floodDelayMs: 10000
      global:
        ircToMatrix:
          initial: false
          incremental: false
        matrixToIrc:
          initial: false
          incremental: false
    matrixClients:
      userTemplate: "@irc_$NICK"
      displayName: "$NICK (IRC)"
      joinAttempts: -1
    ircClients:
      nickTemplate: "$DISPLAY[m]"
      allowNickChanges: true
      maxClients: 30
      idleTimeout: 10800
      reconnectIntervalMs: 5000
      concurrentReconnectLimit: 50
      lineLimit: 3
 ```
 You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -78,6 +78,10 @@ matrix_appservice_irc_systemd_required_services_list: |
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}"
 matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
 ######################################################################
 #
 # /matrix-bridge-appservice-irc
@@ -101,9 +105,9 @@ matrix_mautrix_facebook_systemd_required_services_list: |
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-appservice-token') | to_uuid }}"
 matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}"
 matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-homeserver-token') | to_uuid }}"
 matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
 ######################################################################
 #
@@ -129,9 +133,9 @@ matrix_mautrix_telegram_systemd_required_services_list: |
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-appservice-token') | to_uuid }}"
 matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
 matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-homeserver-token') | to_uuid }}"
 matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
 matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
@@ -160,6 +164,10 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
  }}
 matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
 ######################################################################
 #
 # /matrix-bridge-mautrix-whatsapp
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@@ -7,11 +7,323 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
 matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
 matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
 matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008'
 matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
 matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
 matrix_appservice_irc_homeserver_enablePresence: true
 matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
 matrix_appservice_irc_ircService_servers: []
 # Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options):
 #
 # matrix_appservice_irc_ircService_servers:
 #   # The address of the server to connect to.
 #   irc.example.com:
 #     # A human-readable short name. This is used to label IRC status rooms
 #     # where matrix users control their connections.
 #     # E.g. 'ExampleNet IRC Bridge status'.
 #     # It is also used in the Third Party Lookup API as the instance `desc`
 #     # property, where each server is an instance.
 #     name: "ExampleNet"
 #     additionalAddresses: [ "irc2.example.com" ]
 #     #
 #     # [DEPRECATED] Use `name`, above, instead.
 #     # A human-readable description string
 #     # description: "Example.com IRC network"
 #     # An ID for uniquely identifying this server amongst other servers being bridged.
 #     # networkId: "example"
 #     # URL to an icon used as the network icon whenever this network appear in
 #     # a network list. (Like in the riot room directory, for instance.)
 #     # icon: https://example.com/images/hash.png
 #     # The port to connect to. Optional.
 #     port: 6697
 #     # Whether to use SSL or not. Default: false.
 #     ssl: true
 #     # Whether or not IRC server is using a self-signed cert or not providing CA Chain
 #     sslselfsign: false
 #     # Should the connection attempt to identify via SASL (if a server or user password is given)
 #     # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
 #     sasl: false
 #     # Whether to allow expired certs when connecting to the IRC server.
 #     # Usually this should be off. Default: false.
 #     allowExpiredCerts: false
 #     # A specific CA to trust instead of the default CAs. Optional.
 #     #ca: |
 #     #  -----BEGIN CERTIFICATE-----
 #     #  ...
 #     #  -----END CERTIFICATE-----
 #     #
 #     # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
 #     # password: 'pa$$w0rd'
 #     #
 #     # Whether or not to send connection/error notices to real Matrix users. Default: true.
 #     sendConnectionMessages: true
 #     quitDebounce:
 #       # Whether parts due to net-splits are debounced for delayMs, to allow
 #       # time for the netsplit to resolve itself. A netsplit is detected as being
 #       # a QUIT rate higher than quitsPerSecond. Default: false.
 #       enabled: false
 #       # The maximum number of quits per second acceptable above which a netsplit is
 #       # considered ongoing. Default: 5.
 #       quitsPerSecond: 5
 #       # The time window in which to wait before bridging a QUIT to Matrix that occurred during
 #       # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
 #       # is not sent many requests to leave rooms all at once if a netsplit occurs and many
 #       # people to not rejoin.
 #       # If the user with the same IRC nick as the one who sent the quit rejoins a channel
 #       # they are considered back online and the quit is not bridged, so long as the rejoin
 #       # occurs before the randomly-jittered timeout is not reached.
 #       # Default: 3600000, = 1h
 #       delayMinMs: 3600000 # 1h
 #       # Default: 7200000, = 2h
 #       delayMaxMs: 7200000 # 2h
 #     # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
 #     # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
 #     # been given multiple modes, the one that maps to the highest power level will be used.
 #     modePowerMap:
 #       o: 50
 #     botConfig:
 #       # Enable the presence of the bot in IRC channels. The bot serves as the entity
 #       # which maps from IRC -> Matrix. You can disable the bot entirely which
 #       # means IRC -> Matrix chat will be shared by active "M-Nick" connections
 #       # in the room. If there are no users in the room (or if there are users
 #       # but their connections are not on IRC) then nothing will be bridged to
 #       # Matrix. If you're concerned about the bot being treated as a "logger"
 #       # entity, then you may want to disable the bot. If you want IRC->Matrix
 #       # but don't want to have TCP connections to IRC unless a Matrix user speaks
 #       # (because your client connection limit is low), then you may want to keep
 #       # the bot enabled. Default: true.
 #       # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
 #       #     on, else there will be no users and no bot in a channel (meaning no
 #       #     messages to Matrix!) until a Matrix user speaks which makes a client
 #       #     join the target IRC channel.
 #       # NBB: The bridge bot IRC client will still join the target IRC network so
 #       #      it can service bridge-specific queries from the IRC-side e.g. so
 #       #      real IRC clients have a way to change their Matrix display name.
 #       #      See https://github.com/matrix-org/matrix-appservice-irc/issues/55
 #       enabled: true
 #       # The nickname to give the AS bot.
 #       nick: "MatrixBot"
 #       # The password to give to NickServ or IRC Server for this nick. Optional.
 #       # password: "helloworld"
 #       #
 #       # Join channels even if there are no Matrix users on the other side of
 #       # the bridge. Set to false to prevent the bot from joining channels which have no
 #       # real matrix users in them, even if there is a mapping for the channel.
 #       # Default: true
 #       joinChannelsIfNoUsers: true
 #     # Configuration for PMs / private 1:1 communications between users.
 #     privateMessages:
 #       # Enable the ability for PMs to be sent to/from IRC/Matrix.
 #       # Default: true.
 #       enabled: true
 #       # Prevent Matrix users from sending PMs to the following IRC nicks.
 #       # Optional. Default: [].
 #       # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
 #       # Should created Matrix PM rooms be federated? If false, only users on the
 #       # HS attached to this AS will be able to interact with this room.
 #       # Optional. Default: true.
 #       federate: true
 #     # Configuration for mappings not explicitly listed in the 'mappings'
 #     # section.
 #     dynamicChannels:
 #       # Enable the ability for Matrix users to join *any* channel on this IRC
 #       # network.
 #       # Default: false.
 #       enabled: true
 #       # Should the AS create a room alias for the new Matrix room? The form of
 #       # the alias can be modified via 'aliasTemplate'. Default: true.
 #       createAlias: true
 #       # Should the AS publish the new Matrix room to the public room list so
 #       # anyone can see it? Default: true.
 #       published: true
 #       # What should the join_rule be for the new Matrix room? If 'public',
 #       # anyone can join the room. If 'invite', only users with an invite can
 #       # join the room. Note that if an IRC channel has +k or +i set on it,
 #       # join_rules will be set to 'invite' until these modes are removed.
 #       # Default: "public".
 #       joinRule: public
 #       # This will set the m.room.related_groups state event in newly created rooms
 #       # with the given groupId. This means flares will show up on IRC users in those rooms.
 #       # This should be set to the same thing as namespaces.users.group_id in irc_registration.
 #       # This does not alter existing rooms.
 #       # Leaving this option empty will not set the event.
 #       groupId: +myircnetwork:localhost
 #       # Should created Matrix rooms be federated? If false, only users on the
 #       # HS attached to this AS will be able to interact with this room.
 #       # Default: true.
 #       federate: true
 #       # The room alias template to apply when creating new aliases. This only
 #       # applies if createAlias is 'true'. The following variables are exposed:
 #       # $SERVER => The IRC server address (e.g. "irc.example.com")
 #       # $CHANNEL => The IRC channel (e.g. "#python")
 #       # This MUST have $CHANNEL somewhere in it.
 #       # Default: '#irc_$SERVER_$CHANNEL'
 #       aliasTemplate: "#irc_$CHANNEL"
 #       # A list of user IDs which the AS bot will send invites to in response
 #       # to a !join. Only applies if joinRule is 'invite'. Default: []
 #       # whitelist:
 #       #   - "@foo:example.com"
 #       #   - "@bar:example.com"
 #       #
 #       # Prevent the given list of channels from being mapped under any
 #       # circumstances.
 #       # exclude: ["#foo", "#bar"]
 #     # Configuration for controlling how Matrix and IRC membership lists are
 #     # synced.
 #     membershipLists:
 #       # Enable the syncing of membership lists between IRC and Matrix. This
 #       # can have a significant effect on performance on startup as the lists are
 #       # synced. This must be enabled for anything else in this section to take
 #       # effect. Default: false.
 #       enabled: false
 #       # Syncing membership lists at startup can result in hundreds of members to
 #       # process all at once. This timer drip feeds membership entries at the
 #       # specified rate. Default: 10000. (10s)
 #       floodDelayMs: 10000
 #       global:
 #         ircToMatrix:
 #           # Get a snapshot of all real IRC users on a channel (via NAMES) and
 #           # join their virtual matrix clients to the room.
 #           initial: false
 #           # Make virtual matrix clients join and leave rooms as their real IRC
 #           # counterparts join/part channels. Default: false.
 #           incremental: false
 #         matrixToIrc:
 #           # Get a snapshot of all real Matrix users in the room and join all of
 #           # them to the mapped IRC channel on startup. Default: false.
 #           initial: false
 #           # Make virtual IRC clients join and leave channels as their real Matrix
 #           # counterparts join/leave rooms. Make sure your 'maxClients' value is
 #           # high enough! Default: false.
 #           incremental: false
 #       # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
 #       rooms:
 #         - room: "!fuasirouddJoxtwfge:localhost"
 #           matrixToIrc:
 #             initial: false
 #             incremental: false
 #       # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
 #       channels:
 #         - channel: "#foo"
 #           ircToMatrix:
 #             initial: false
 #             incremental: false
 #     mappings:
 #       # 1:many mappings from IRC channels to room IDs on this IRC server.
 #       # The matrix room must already exist. Your matrix client should expose
 #       # the room ID in a "settings" page for the room.
 #       "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
 #     # Configuration for virtual matrix users. The following variables are
 #     # exposed:
 #     # $NICK => The IRC nick
 #     # $SERVER => The IRC server address (e.g. "irc.example.com")
 #     matrixClients:
 #       # The user ID template to use when creating virtual matrix users. This
 #       # MUST have $NICK somewhere in it.
 #       # Optional. Default: "@$SERVER_$NICK".
 #       # Example: "@irc.example.com_Alice:example.com"
 #       userTemplate: "@irc_$NICK"
 #       # The display name to use for created matrix clients. This should have
 #       # $NICK somewhere in it if it is specified. Can also use $SERVER to
 #       # insert the IRC domain.
 #       # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
 #       displayName: "$NICK (IRC)"
 #       # Number of tries a client can attempt to join a room before the request
 #       # is discarded. You can also use -1 to never retry or 0 to never give up.
 #       # Optional. Default: -1
 #       joinAttempts: -1
 #     # Configuration for virtual IRC users. The following variables are exposed:
 #     # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
 #     # $USERID => The user ID
 #     # $DISPLAY => The display name of this user, with excluded characters
 #     #             (e.g. space) removed. If the user has no display name, this
 #     #             falls back to $LOCALPART.
 #     ircClients:
 #       # The template to apply to every IRC client nick. This MUST have either
 #       # $DISPLAY or $USERID or $LOCALPART somewhere in it.
 #       # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
 #       nickTemplate: "$DISPLAY[m]"
 #       # True to allow virtual IRC clients to change their nick on this server
 #       # by issuing !nick <server> <nick> commands to the IRC AS bot.
 #       # This is completely freeform: it will NOT follow the nickTemplate.
 #       allowNickChanges: true
 #       # The max number of IRC clients that will connect. If the limit is
 #       # reached, the client that spoke the longest time ago will be
 #       # disconnected and replaced.
 #       # Optional. Default: 30.
 #       maxClients: 30
 #       # IPv6 configuration.
 #       ipv6:
 #         # Optional. Set to true to force IPv6 for outgoing connections.
 #         only: false
 #         # Optional. The IPv6 prefix to use for generating unique addresses for each
 #         # connected user. If not specified, all users will connect from the same
 #         # (default) address. This may require additional OS-specific work to allow
 #         # for the node process to bind to multiple different source addresses
 #         # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
 #         # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
 #         # prefix: "2001:0db8:85a3::"  # modify appropriately
 #       #
 #       # The maximum amount of time in seconds that the client can exist
 #       # without sending another message before being disconnected. Use 0 to
 #       # not apply an idle timeout. This value is ignored if this IRC server is
 #       # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
 #       idleTimeout: 10800
 #       # The number of millseconds to wait between consecutive reconnections if a
 #       # client gets disconnected. Setting to 0 will cause the scheduling to be
 #       # disabled, i.e. it will be scheduled immediately (with jitter.
 #       # Otherwise, the scheduling interval will be used such that one client
 #       # reconnect for this server will be handled every reconnectIntervalMs ms using
 #       # a FIFO queue.
 #       # Default: 5000 (5 seconds)
 #       reconnectIntervalMs: 5000
 #       # The number of concurrent reconnects if a user has been disconnected unexpectedly
 #       # (e.g. a netsplit). You should set this to a reasonably high number so that
 #       # bridges are not waiting an eternity to reconnect all its clients if
 #       # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
 #       # setting above which is for connecting on restart of the bridge. Set to 0 to
 #       # immediately try to reconnect all users.
 #       # Default: 50
 #       concurrentReconnectLimit: 50
 #       # The number of lines to allow being sent by the IRC client that has received
 #       # a large block of text to send from matrix. If the number of lines that would
 #       # be sent is > lineLimit, the text will instead be uploaded to matrix and the
 #       # resulting URI is treated as a file. As such, a link will be sent to the IRC
 #       # side instead of potentially spamming IRC and getting the IRC client kicked.
 #       # Default: 3.
 #       lineLimit: 3
 #       # A list of user modes to set on every IRC client. For example, "RiG" would set
 #       # +R, +i and +G on every IRC connection when they have successfully connected.
 #       # User modes vary wildly depending on the IRC network you're connecting to,
 #       # so check before setting this value. Some modes may not work as intended
 #       # through the bridge e.g. caller ID as there is no way to /ACCEPT.
 #       # Default: "" (no user modes)
 #       # userModes: "R"
 # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container).
 #
@@ -27,6 +339,9 @@ matrix_appservice_irc_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-appservice-irc.service wants
 matrix_appservice_irc_systemd_wanted_services_list: []
 matrix_appservice_irc_appservice_token: ''
 matrix_appservice_irc_homeserver_token: ''
 matrix_appservice_irc_configuration_yaml: |
  #jinja2: lstrip_blocks: True
  homeserver:
@@ -61,6 +376,95 @@ matrix_appservice_irc_configuration_yaml: |
    # Default: true
    enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
  ircService:
    # The nedb database URI to connect to. This is the name of the directory to
    # dump .db files to. This is relative to the project directory.
    # Required.
    databaseUri: "nedb:///data"
    # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
    # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
    # the database.
    #
    # To generate a .pem file:
    # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    #
    # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
    # for storage in the database. Passwords are stored by using the admin room command
    # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
    # the Matrix user, this password will be sent as the server password (PASS command).
    passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
    # Config for Matrix -> IRC bridging
    matrixHandler:
      # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
      eventCacheSize: 4096
    servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
    # Configuration for an ident server. If you are running a public bridge it is
    # advised you setup an ident server so IRC mods can ban specific matrix users
    # rather than the application service itself.
    ident:
      # True to listen for Ident requests and respond with the
      # matrix user's user_id (converted to ASCII, respecting RFC 1413).
      # Default: false.
      enabled: false
      # The port to listen on for incoming ident requests.
      # Ports below 1024 require root to listen on, and you may not want this to
      # run as root. Instead, you can get something like an Apache to yank up
      # incoming requests to 113 to a high numbered port. Set the port to listen
      # on instead of 113 here.
      # Default: 113.
      port: 1113
      # The address to listen on for incoming ident requests.
      # Default: 0.0.0.0
      address: "::"
    # Configuration for logging. Optional. Default: console debug level logging
    # only.
    logging:
      # Level to log on console/logfile. One of error|warn|info|debug
      level: "debug"
      # The file location to log to. This is relative to the project directory.
      #logfile: "debug.log"
      # The file location to log errors to. This is relative to the project
      # directory.
      #errfile: "errors.log"
      # Whether to log to the console or not.
      toConsole: true
      # The max number of files to keep. Files will be overwritten eventually due
      # to rotations.
      maxFiles: 5
    # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
    #   $ npm install prom-client@6.3.0
    # Metrics will then be available via GET /metrics on the bridge listening port (-p).
    metrics:
      # Whether to actually enable the metric endpoint. Default: false
      enabled: true
      # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
      # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
      remoteUserAgeBuckets:
        - "1h"
        - "1d"
        - "1w"
    # Configuration for the provisioning API.
    #
    # GET /_matrix/provision/link
    # GET /_matrix/provision/unlink
    # GET /_matrix/provision/listlinks
    #
    provisioning:
      # True to enable the provisioning HTTP endpoint. Default: false.
      enabled: false
      # The number of seconds to wait before giving up on getting a response from
      # an IRC channel operator. If the channel operator does not respond within the
      # allotted time period, the provisioning request will fail.
      # Default: 300 seconds (5 mins)
      requestTimeoutSeconds: 300
  # Options here are generally only applicable to large-scale bridges and may have
  # consequences greater than other options in this configuration file.
  advanced:
@@ -78,403 +482,22 @@ matrix_appservice_irc_configuration_extension_yaml: |
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_appservice_irc_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # ircService:
  #   databaseUri: "nedb:///data" # does not typically need modification
  #   passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
  #   matrixHandler:
  #     eventCacheSize: 4096
  #   servers:
  #     # The address of the server to connect to.
  #     irc.example.com:
  #       # A human-readable short name. This is used to label IRC status rooms
  #       # where matrix users control their connections.
  #       # E.g. 'ExampleNet IRC Bridge status'.
  #       # It is also used in the Third Party Lookup API as the instance `desc`
  #       # property, where each server is an instance.
  #       name: "ExampleNet"
  #
  #       additionalAddresses: [ "irc2.example.com" ]
  #       #
  #       # [DEPRECATED] Use `name`, above, instead.
  #       # A human-readable description string
  #       # description: "Example.com IRC network"
  #
  #       # An ID for uniquely identifying this server amongst other servers being bridged.
  #       # networkId: "example"
  #
  #       # URL to an icon used as the network icon whenever this network appear in
  #       # a network list. (Like in the riot room directory, for instance.)
  #       # icon: https://example.com/images/hash.png
  #
  #       # The port to connect to. Optional.
  #       port: 6697
  #       # Whether to use SSL or not. Default: false.
  #       ssl: true
  #       # Whether or not IRC server is using a self-signed cert or not providing CA Chain
  #       sslselfsign: false
  #       # Should the connection attempt to identify via SASL (if a server or user password is given)
  #       # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
  #       sasl: false
  #       # Whether to allow expired certs when connecting to the IRC server.
  #       # Usually this should be off. Default: false.
  #       allowExpiredCerts: false
  #       # A specific CA to trust instead of the default CAs. Optional.
  #       #ca: |
  #       #  -----BEGIN CERTIFICATE-----
  #       #  ...
  #       #  -----END CERTIFICATE-----
  #
  #       #
  #       # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
  #       # password: 'pa$$w0rd'
  #       #
  #       # Whether or not to send connection/error notices to real Matrix users. Default: true.
  #       sendConnectionMessages: true
  #
  #       quitDebounce:
  #         # Whether parts due to net-splits are debounced for delayMs, to allow
  #         # time for the netsplit to resolve itself. A netsplit is detected as being
  #         # a QUIT rate higher than quitsPerSecond. Default: false.
  #         enabled: false
  #         # The maximum number of quits per second acceptable above which a netsplit is
  #         # considered ongoing. Default: 5.
  #         quitsPerSecond: 5
  #         # The time window in which to wait before bridging a QUIT to Matrix that occurred during
  #         # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
  #         # is not sent many requests to leave rooms all at once if a netsplit occurs and many
  #         # people to not rejoin.
  #         # If the user with the same IRC nick as the one who sent the quit rejoins a channel
  #         # they are considered back online and the quit is not bridged, so long as the rejoin
  #         # occurs before the randomly-jittered timeout is not reached.
  #         # Default: 3600000, = 1h
  #         delayMinMs: 3600000 # 1h
  #         # Default: 7200000, = 2h
  #         delayMaxMs: 7200000 # 2h
  #
  #       # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
  #       # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
  #       # been given multiple modes, the one that maps to the highest power level will be used.
  #       modePowerMap:
  #         o: 50
  #
  #       botConfig:
  #         # Enable the presence of the bot in IRC channels. The bot serves as the entity
  #         # which maps from IRC -> Matrix. You can disable the bot entirely which
  #         # means IRC -> Matrix chat will be shared by active "M-Nick" connections
  #         # in the room. If there are no users in the room (or if there are users
  #         # but their connections are not on IRC) then nothing will be bridged to
  #         # Matrix. If you're concerned about the bot being treated as a "logger"
  #         # entity, then you may want to disable the bot. If you want IRC->Matrix
  #         # but don't want to have TCP connections to IRC unless a Matrix user speaks
  #         # (because your client connection limit is low), then you may want to keep
  #         # the bot enabled. Default: true.
  #         # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
  #         #     on, else there will be no users and no bot in a channel (meaning no
  #         #     messages to Matrix!) until a Matrix user speaks which makes a client
  #         #     join the target IRC channel.
  #         # NBB: The bridge bot IRC client will still join the target IRC network so
  #         #      it can service bridge-specific queries from the IRC-side e.g. so
  #         #      real IRC clients have a way to change their Matrix display name.
  #         #      See https://github.com/matrix-org/matrix-appservice-irc/issues/55
  #         enabled: true
  #         # The nickname to give the AS bot.
  #         nick: "MatrixBot"
  #         # The password to give to NickServ or IRC Server for this nick. Optional.
  #         # password: "helloworld"
  #         #
  #         # Join channels even if there are no Matrix users on the other side of
  #         # the bridge. Set to false to prevent the bot from joining channels which have no
  #         # real matrix users in them, even if there is a mapping for the channel.
  #         # Default: true
  #         joinChannelsIfNoUsers: true
  #
  #       # Configuration for PMs / private 1:1 communications between users.
  #       privateMessages:
  #         # Enable the ability for PMs to be sent to/from IRC/Matrix.
  #         # Default: true.
  #         enabled: true
  #         # Prevent Matrix users from sending PMs to the following IRC nicks.
  #         # Optional. Default: [].
  #         # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
  #
  #         # Should created Matrix PM rooms be federated? If false, only users on the
  #         # HS attached to this AS will be able to interact with this room.
  #         # Optional. Default: true.
  #         federate: true
  #
  #       # Configuration for mappings not explicitly listed in the 'mappings'
  #       # section.
  #       dynamicChannels:
  #         # Enable the ability for Matrix users to join *any* channel on this IRC
  #         # network.
  #         # Default: false.
  #         enabled: true
  #         # Should the AS create a room alias for the new Matrix room? The form of
  #         # the alias can be modified via 'aliasTemplate'. Default: true.
  #         createAlias: true
  #         # Should the AS publish the new Matrix room to the public room list so
  #         # anyone can see it? Default: true.
  #         published: true
  #         # What should the join_rule be for the new Matrix room? If 'public',
  #         # anyone can join the room. If 'invite', only users with an invite can
  #         # join the room. Note that if an IRC channel has +k or +i set on it,
  #         # join_rules will be set to 'invite' until these modes are removed.
  #         # Default: "public".
  #         joinRule: public
  #         # This will set the m.room.related_groups state event in newly created rooms
  #         # with the given groupId. This means flares will show up on IRC users in those rooms.
  #         # This should be set to the same thing as namespaces.users.group_id in irc_registration.
  #         # This does not alter existing rooms.
  #         # Leaving this option empty will not set the event.
  #         groupId: +myircnetwork:localhost
  #         # Should created Matrix rooms be federated? If false, only users on the
  #         # HS attached to this AS will be able to interact with this room.
  #         # Default: true.
  #         federate: true
  #         # The room alias template to apply when creating new aliases. This only
  #         # applies if createAlias is 'true'. The following variables are exposed:
  #         # $SERVER => The IRC server address (e.g. "irc.example.com")
  #         # $CHANNEL => The IRC channel (e.g. "#python")
  #         # This MUST have $CHANNEL somewhere in it.
  #         # Default: '#irc_$SERVER_$CHANNEL'
  #         aliasTemplate: "#irc_$CHANNEL"
  #         # A list of user IDs which the AS bot will send invites to in response
  #         # to a !join. Only applies if joinRule is 'invite'. Default: []
  #         # whitelist:
  #         #   - "@foo:example.com"
  #         #   - "@bar:example.com"
  #         #
  #         # Prevent the given list of channels from being mapped under any
  #         # circumstances.
  #         # exclude: ["#foo", "#bar"]
  #
  #       # Configuration for controlling how Matrix and IRC membership lists are
  #       # synced.
  #       membershipLists:
  #         # Enable the syncing of membership lists between IRC and Matrix. This
  #         # can have a significant effect on performance on startup as the lists are
  #         # synced. This must be enabled for anything else in this section to take
  #         # effect. Default: false.
  #         enabled: false
  #
  #         # Syncing membership lists at startup can result in hundreds of members to
  #         # process all at once. This timer drip feeds membership entries at the
  #         # specified rate. Default: 10000. (10s)
  #         floodDelayMs: 10000
  #
  #         global:
  #           ircToMatrix:
  #             # Get a snapshot of all real IRC users on a channel (via NAMES) and
  #             # join their virtual matrix clients to the room.
  #             initial: false
  #             # Make virtual matrix clients join and leave rooms as their real IRC
  #             # counterparts join/part channels. Default: false.
  #             incremental: false
  #
  #           matrixToIrc:
  #             # Get a snapshot of all real Matrix users in the room and join all of
  #             # them to the mapped IRC channel on startup. Default: false.
  #             initial: false
  #             # Make virtual IRC clients join and leave channels as their real Matrix
  #             # counterparts join/leave rooms. Make sure your 'maxClients' value is
  #             # high enough! Default: false.
  #             incremental: false
  #
  #         # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
  #         rooms:
  #           - room: "!fuasirouddJoxtwfge:localhost"
  #             matrixToIrc:
  #               initial: false
  #               incremental: false
  #
  #         # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
  #         channels:
  #           - channel: "#foo"
  #             ircToMatrix:
  #               initial: false
  #               incremental: false
  #
  #       mappings:
  #         # 1:many mappings from IRC channels to room IDs on this IRC server.
  #         # The matrix room must already exist. Your matrix client should expose
  #         # the room ID in a "settings" page for the room.
  #         "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
  #
  #       # Configuration for virtual matrix users. The following variables are
  #       # exposed:
  #       # $NICK => The IRC nick
  #       # $SERVER => The IRC server address (e.g. "irc.example.com")
  #       matrixClients:
  #         # The user ID template to use when creating virtual matrix users. This
  #         # MUST have $NICK somewhere in it.
  #         # Optional. Default: "@$SERVER_$NICK".
  #         # Example: "@irc.example.com_Alice:example.com"
  #         userTemplate: "@irc_$NICK"
  #         # The display name to use for created matrix clients. This should have
  #         # $NICK somewhere in it if it is specified. Can also use $SERVER to
  #         # insert the IRC domain.
  #         # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
  #         displayName: "$NICK (IRC)"
  #         # Number of tries a client can attempt to join a room before the request
  #         # is discarded. You can also use -1 to never retry or 0 to never give up.
  #         # Optional. Default: -1
  #         joinAttempts: -1
  #
  #       # Configuration for virtual IRC users. The following variables are exposed:
  #       # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
  #       # $USERID => The user ID
  #       # $DISPLAY => The display name of this user, with excluded characters
  #       #             (e.g. space) removed. If the user has no display name, this
  #       #             falls back to $LOCALPART.
  #       ircClients:
  #         # The template to apply to every IRC client nick. This MUST have either
  #         # $DISPLAY or $USERID or $LOCALPART somewhere in it.
  #         # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
  #         nickTemplate: "$DISPLAY[m]"
  #         # True to allow virtual IRC clients to change their nick on this server
  #         # by issuing !nick <server> <nick> commands to the IRC AS bot.
  #         # This is completely freeform: it will NOT follow the nickTemplate.
  #         allowNickChanges: true
  #         # The max number of IRC clients that will connect. If the limit is
  #         # reached, the client that spoke the longest time ago will be
  #         # disconnected and replaced.
  #         # Optional. Default: 30.
  #         maxClients: 30
  #         # IPv6 configuration.
  #         ipv6:
  #           # Optional. Set to true to force IPv6 for outgoing connections.
  #           only: false
  #           # Optional. The IPv6 prefix to use for generating unique addresses for each
  #           # connected user. If not specified, all users will connect from the same
  #           # (default) address. This may require additional OS-specific work to allow
  #           # for the node process to bind to multiple different source addresses
  #           # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
  #           # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
  #           # prefix: "2001:0db8:85a3::"  # modify appropriately
  #         #
  #         # The maximum amount of time in seconds that the client can exist
  #         # without sending another message before being disconnected. Use 0 to
  #         # not apply an idle timeout. This value is ignored if this IRC server is
  #         # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
  #         idleTimeout: 10800
  #         # The number of millseconds to wait between consecutive reconnections if a
  #         # client gets disconnected. Setting to 0 will cause the scheduling to be
  #         # disabled, i.e. it will be scheduled immediately (with jitter.
  #         # Otherwise, the scheduling interval will be used such that one client
  #         # reconnect for this server will be handled every reconnectIntervalMs ms using
  #         # a FIFO queue.
  #         # Default: 5000 (5 seconds)
  #         reconnectIntervalMs: 5000
  #         # The number of concurrent reconnects if a user has been disconnected unexpectedly
  #         # (e.g. a netsplit). You should set this to a reasonably high number so that
  #         # bridges are not waiting an eternity to reconnect all its clients if
  #         # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
  #         # setting above which is for connecting on restart of the bridge. Set to 0 to
  #         # immediately try to reconnect all users.
  #         # Default: 50
  #         concurrentReconnectLimit: 50
  #         # The number of lines to allow being sent by the IRC client that has received
  #         # a large block of text to send from matrix. If the number of lines that would
  #         # be sent is > lineLimit, the text will instead be uploaded to matrix and the
  #         # resulting URI is treated as a file. As such, a link will be sent to the IRC
  #         # side instead of potentially spamming IRC and getting the IRC client kicked.
  #         # Default: 3.
  #         lineLimit: 3
  #         # A list of user modes to set on every IRC client. For example, "RiG" would set
  #         # +R, +i and +G on every IRC connection when they have successfully connected.
  #         # User modes vary wildly depending on the IRC network you're connecting to,
  #         # so check before setting this value. Some modes may not work as intended
  #         # through the bridge e.g. caller ID as there is no way to /ACCEPT.
  #         # Default: "" (no user modes)
  #         # userModes: "R"
  #
  #   # Configuration for an ident server. If you are running a public bridge it is
  #   # advised you setup an ident server so IRC mods can ban specific matrix users
  #   # rather than the application service itself.
  #   ident:
  #     # True to listen for Ident requests and respond with the
  #     # matrix user's user_id (converted to ASCII, respecting RFC 1413).
  #     # Default: false.
  #     enabled: false
  #     # The port to listen on for incoming ident requests.
  #     # Ports below 1024 require root to listen on, and you may not want this to
  #     # run as root. Instead, you can get something like an Apache to yank up
  #     # incoming requests to 113 to a high numbered port. Set the port to listen
  #     # on instead of 113 here.
  #     # Default: 113.
  #     port: 1113
  #     # The address to listen on for incoming ident requests.
  #     # Default: 0.0.0.0
  #     address: "::"
  #
  #   # Configuration for logging. Optional. Default: console debug level logging
  #   # only.
  #   logging:
  #     # Level to log on console/logfile. One of error|warn|info|debug
  #     level: "debug"
  #     # The file location to log to. This is relative to the project directory.
  #     logfile: "debug.log"
  #     # The file location to log errors to. This is relative to the project
  #     # directory.
  #     errfile: "errors.log"
  #     # Whether to log to the console or not.
  #     toConsole: true
  #     # The max number of files to keep. Files will be overwritten eventually due
  #     # to rotations.
  #     maxFiles: 5
  #
  #   # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
  #   #   $ npm install prom-client@6.3.0
  #   # Metrics will then be available via GET /metrics on the bridge listening port (-p).
  #   metrics:
  #     # Whether to actually enable the metric endpoint. Default: false
  #     enabled: true
  #     # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
  #     # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
  #     remoteUserAgeBuckets:
  #       - "1h"
  #       - "1d"
  #       - "1w"
  #
  #   # Configuration options for the debug HTTP API. To access this API, you must
  #   # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
  #   #
  #   # The debug API exposes the following endpoints:
  #   #
  #   #   GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
  #   #
  #   #   POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
  #   #                                      Format: new line delimited commands as per IRC protocol.
  #   #
  #   debugApi:
  #     # True to enable the HTTP API endpoint. Default: false.
  #     enabled: false
  #     # The port to host the HTTP API.
  #     port: 11100
  #
  #   # Configuration for the provisioning API.
  #   #
  #   # GET /_matrix/provision/link
  #   # GET /_matrix/provision/unlink
  #   # GET /_matrix/provision/listlinks
  #   #
  #   provisioning:
  #     # True to enable the provisioning HTTP endpoint. Default: false.
  #     enabled: false
  #     # The number of seconds to wait before giving up on getting a response from
  #     # an IRC channel operator. If the channel operator does not respond within the
  #     # allotted time period, the provisioning request will fail.
  #     # Default: 300 seconds (5 mins)
  #     requestTimeoutSeconds: 300
  #
  #   # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
  #   # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
  #   # the database.
  #   #
 matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}"
 matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}"
 # The original registration.yaml file generated by AppService IRC is merged with this config override,
 # to produce the final registration.yaml file ultimately used by both the bridge and the homeserver.
 #
 # We do this to ensure consistency:
 # - always having an up-to-date registration.yaml file (synced with the configuration file)
 # - always having the same AS/HS token and appservice id in the registration.yaml file
 #
 # Learn more about this in `setup_install.yml`
 matrix_appservice_irc_registration_override_yaml: |
  id: appservice-irc
  as_token: "{{ matrix_appservice_irc_appservice_token }}"
  hs_token: "{{ matrix_appservice_irc_homeserver_token }}"
 matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}"
--- a/roles/matrix-bridge-appservice-irc/tasks/init.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml
@@ -1,3 +1,11 @@
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
  when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)"
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
  when: matrix_appservice_irc_enabled|bool
@@ -7,7 +15,7 @@
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
      {{ ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
--- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -1,13 +1,5 @@
 ---
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
  when: "matrix_synapse_role_executed|default(False)"
 - name: Ensure Appservice IRC image is pulled
  docker_image:
    name: "{{ matrix_appservice_irc_docker_image }}"
@@ -15,67 +7,130 @@
    force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
 - name: Ensure Appservice IRC base directory exists
 - name: Ensure Appservice IRC paths exist
  file:
    path: "{{ matrix_appservice_irc_base_path }}"
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
  with_items:
    - "{{ matrix_appservice_irc_base_path }}"
    - "{{ matrix_appservice_irc_config_path }}"
    - "{{ matrix_appservice_irc_data_path }}"
 - name: Check if an old passkey file already exists
  stat:
    path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
  register: matrix_appservice_irc_stat_passkey
 - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
  service:
    name: matrix-appservice-irc
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_appservice_irc_stat_passkey.stat.exists"
 - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
  command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem"
  when: "matrix_appservice_irc_stat_passkey.stat.exists"
 - name: (Data relocation) Move AppService database files to ./data directory
  command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}"
  with_items:
    - rooms.db
    - users.db
  failed_when: false
  when: "matrix_appservice_irc_stat_passkey.stat.exists"
 - name: Ensure Matrix Appservice IRC config installed
  copy:
    content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_irc_base_path }}/config.yaml"
    dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
 - name: Check if matrix-appservice-irc passkey exists
 - name: Check if Appservice IRC passkey exists
  stat:
    path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
    path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
  register: irc_passkey_file
 - name: Generate matrix-appservice-irc passkey if it doesn't exist
  shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
 - name: Generate Appservice IRC passkey if it doesn't exist
  shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
  when: "not irc_passkey_file.stat.exists"
 - name: Ensure matrix-appservice-irc.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
    dest: "/etc/systemd/system/matrix-appservice-irc.service"
    mode: 0644
  register: matrix_appservice_irc_systemd_service_result
 - name: Ensure systemd reloaded after matrix-appservice-irc.service installation
  service:
    daemon_reload: yes
  when: "matrix_appservice_irc_systemd_service_result.changed"
 - name: Check if a matrix-appservice-irc registration file exists
  stat:
    path: "{{ matrix_appservice_irc_base_path }}/registration.yaml"
  register: appservice_irc_registration_file
 - name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
 # Ideally, we'd like to generate the final registration.yaml file by ourselves.
 #
 # However, the IRC bridge supports multiple servers, which leads to multiple
 # users/aliases/rooms rules in the registration file.
 #
 # Generating a proper file by ourselves is complicated and may lead to deviation
 # from what the bridge is doing.
 #
 # Instead, we do another hacky thing - asking the bridge to generate a template,
 # and then we parse it and fix it up with our own AS/HS token.
 # We need to do this, because:
 # - we'd like to have an up-to-date registration file
 # - we can achieve this by asking the bridge to rebuild it each time
 # - however, the bridge insists on regenerating all tokens each time
 # - .. which is not friendly for integrating with the homeserver
 #
 # So we have a hybrid approach. We ask the bridge to always generate
 # an up-to-date file, and we fix it up with some static values later on,
 # to produce a final registration.yaml file, as we desire.
 - name: Generate Appservice IRC registration-template.yaml
  shell: >-
    /usr/bin/docker run --rm --name matrix-appservice-irc-gen
    --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
    --cap-drop=ALL \
    -v {{ matrix_appservice_irc_base_path }}:/data:z
    --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
    --cap-drop=ALL
    -v {{ matrix_appservice_irc_config_path }}:/config:z
    -v {{ matrix_appservice_irc_data_path }}:/data:z
    {{ matrix_appservice_irc_docker_image }}
    node app.js
    -r
    -f /data/registration.yaml
    -f /config/registration-template.yaml
    -u "http://matrix-appservice-irc:9999"
    -c /data/config.yaml
    -c /config/config.yaml
    -l irc_bot
  when: "not appservice_irc_registration_file.stat.exists"
  changed_when: false
 - name: Read Appservice IRC registration-template.yaml
  slurp:
    src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
  register: matrix_appservice_irc_registration_template_slurp
 - name: Ensure IRC configuration directory permissions are correct
 - name: Remove unnecessary Appservice IRC registration-template.yaml
  file:
    path: "{{ matrix_appservice_irc_base_path }}"
    state: directory
    path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
    state: absent
  changed_when: false
 - name: Parse registration-template.yaml
  set_fact:
    matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}"
 - name: Combine registration-template.yaml and own registration override config
  set_fact:
    matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}"
 - name: Ensure Appservice IRC registration.yaml installed
  copy:
    content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
    recurse: true
 - name: Ensure matrix-appservice-irc.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
    dest: "/etc/systemd/system/matrix-appservice-irc.service"
    mode: 0644
  register: matrix_appservice_irc_systemd_service_result
 - name: Ensure systemd reloaded after matrix-appservice-irc.service installation
  service:
    daemon_reload: yes
  when: "matrix_appservice_irc_systemd_service_result.changed"
--- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml
@@ -1,5 +1,14 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_appservice_irc_appservice_token"
    - "matrix_appservice_irc_homeserver_token"
 # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
 # let the playbook run without errors.
 #
@@ -10,9 +19,11 @@
 - name: Fail if no additional configuration provided
  fail:
    msg: >-
      Your Appservice IRC configuration is incomplete (lacking an `ircService` key).
      You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
  when: "matrix_appservice_irc_configuration.ircService|default(none) is none"
      Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration).
      You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers`
      or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`.
      Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
  when: "matrix_appservice_irc_configuration.ircService.servers|length == 0"
 - name: (Deprecation) Catch and report renamed appservice-irc variables
  fail:
--- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@@ -25,12 +25,13 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
 			{% if matrix_appservice_irc_container_http_host_bind_port %}
 			-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \
 			{% endif %}
 			-v {{ matrix_appservice_irc_base_path }}:/data:z \
 			-v {{ matrix_appservice_irc_config_path }}:/config:z \
 			-v {{ matrix_appservice_irc_data_path }}:/data:z \
 			{% for arg in matrix_appservice_irc_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_appservice_irc_docker_image }} \
 			-c /data/config.yaml -f /data/registration.yaml -p 9999
 			-c /config/config.yaml -f /config/registration.yaml -p 9999
 ExecStop=-/usr/bin/docker kill matrix-appservice-irc
 ExecStop=-/usr/bin/docker rm matrix-appservice-irc
--- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml
@@ -171,7 +171,7 @@ matrix_mautrix_facebook_registration_yaml: |
  namespaces:
    users:
    - exclusive: true
      regex: '@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}'
      regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
  url: {{ matrix_mautrix_facebook_appservice_address }}
  sender_localpart: facebookbot
  rate_limited: false
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -367,10 +367,10 @@ matrix_mautrix_telegram_registration_yaml: |
  namespaces:
      users:
      - exclusive: true
        regex: '@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}'
        regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
      aliases:
      - exclusive: true
        regex: '#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}'
        regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
  url: {{ matrix_mautrix_telegram_appservice_address }}
  sender_localpart: telegrambot
  rate_limited: false
--- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -7,8 +7,10 @@ matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
 matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
 matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
 matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config"
 matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data"
 matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}"
 matrix_mautrix_whatsapp_homeserver_address: "http://matrix-synapse:8008"
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
@@ -20,3 +22,170 @@ matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-mautrix-whatsapp.service wants
 matrix_mautrix_whatsapp_systemd_wanted_services_list: []
 matrix_mautrix_whatsapp_appservice_token: ''
 matrix_mautrix_whatsapp_homeserver_token: ''
 # Default mautrix-whatsapp configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_mautrix_whatsapp_configuration_yaml: |
  # Homeserver details.
  homeserver:
      # The address that this appservice can use to connect to the homeserver.
      address: {{ matrix_mautrix_whatsapp_homeserver_address }}
      # The domain of the homeserver (for MXIDs, etc).
      domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
  # Application service host/registration related details.
  # Changing these values requires regeneration of the registration.
  appservice:
      # The address that the homeserver can use to connect to this appservice.
      address: {{ matrix_mautrix_whatsapp_appservice_address }}
      # The hostname and port where this appservice should listen.
      hostname: 0.0.0.0
      port: 8080
      # Database config.
      database:
          # The database type. "sqlite3" and "postgres" are supported.
          type: sqlite3
          # The database URI.
          #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
          #   Postgres: Connection string. For example, postgres://user:password@host/database
          uri: mautrix-whatsapp.db
          # Maximum number of connections. Mostly relevant for Postgres.
          max_open_conns: 20
          max_idle_conns: 2
      # Path to the Matrix room state store.
      state_store_path: ./mx-state.json
      # The unique ID of this appservice.
      id: whatsapp
      # Appservice bot details.
      bot:
          # Username of the appservice bot.
          username: whatsappbot
          # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
          # to leave display name/avatar as-is.
          displayname: WhatsApp bridge bot
          avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
      # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
      as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
      hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
  # Bridge config
  bridge:
      # Localpart template of MXIDs for WhatsApp users.
      # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
      username_template: "{{ 'whatsapp_{{.}}' }}"
      # Displayname template for WhatsApp users.
      # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
      # {{ '{{.Jid}}' }}    - phone number (international format)
      # The following variables are also available, but will cause problems on multi-user instances:
      # {{ '{{.Name}}' }}   - display name from contact list
      # {{ '{{.Short}}' }}  - short display name from contact list
      displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
      # WhatsApp connection timeout in seconds.
      connection_timeout: 20
      # Maximum number of times to retry connecting on connection error.
      max_connection_attempts: 3
      # Number of seconds to wait between connection attempts.
      # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
      connection_retry_delay: -1
      # Whether or not the bridge should send a notice to the user's management room when it retries connecting.
      # If false, it will only report when it stops retrying.
      report_connection_retry: true
      # Number of seconds to wait for contacts and chats to be sent at startup before syncing.
      # If you have lots of chats, it might take more than a second.
      contact_wait_delay: 1
      # Number of chats to sync for new users.
      initial_chat_sync_count: 10
      # Number of old messages to fill when creating new portal rooms.
      initial_history_fill_count: 20
      # Maximum number of chats to sync when recovering from downtime.
      # Set to -1 to sync all new chats during downtime.
      recovery_chat_sync_limit: -1
      # Whether or not to sync history when recovering from downtime.
      recovery_history_backfill: true
      # Maximum number of seconds since last message in chat to skip
      # syncing the chat in any case. This setting will take priority
      # over both recovery_chat_sync_limit and initial_chat_sync_count.
      # Default is 3 days = 259200 seconds
      sync_max_chat_age: 259200
      # Whether or not to sync with custom puppets to receive EDUs that
      # are not normally sent to appservices.
      sync_with_custom_puppets: true
      # Whether or not to invite own WhatsApp user's Matrix puppet into private
      # chat portals when backfilling if needed.
      # This always uses the default puppet instead of custom puppets due to
      # rate limits and timestamp massaging.
      invite_own_puppet_for_backfilling: true
      # Whether or not to explicitly set the avatar and room name for private
      # chat portal rooms. This can be useful if the previous field works fine,
      # but causes room avatar/name bugs.
      private_chat_portal_meta: false
      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!wa"
      # Permissions for using the bridge.
      # Permitted values:
      #     user - Access to use the bridge to chat with a WhatsApp account.
      #    admin - User level and some additional administration tools
      # Permitted keys:
      #        * - All Matrix users
      #   domain - All users on that homeserver
      #     mxid - Specific user
      permissions:
          "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
  # Logging config.
  logging:
      # The directory for log files. Will be created if not found.
      directory: ./logs
      # Available variables: .Date for the file date and .Index for different log files on the same day.
      file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
      # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
      file_date_format: "2006-01-02"
      # Log file permissions.
      file_mode: 0600
      # Timestamp format for log entries in the Go time format.
      timestamp_format: "Jan _2, 2006 15:04:05"
      # Minimum severity for log messages.
      # Options: debug, info, warn, error, fatal
      print_level: debug
 matrix_mautrix_whatsapp_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_mautrix_whatsapp_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_mautrix_whatsapp_configuration_yaml`.
 matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml is mapping else {} }}"
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`.
 matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml|from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}"
 matrix_mautrix_whatsapp_registration_yaml: |
  id: whatsapp
  url: {{ matrix_mautrix_whatsapp_appservice_address }}
  as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
  hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
  sender_localpart: whatsappbot
  rate_limited: false
  namespaces:
      users:
      - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
        exclusive: true
 matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
@@ -7,7 +7,7 @@
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
      {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml
@@ -2,6 +2,12 @@
  tags:
    - always
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_mautrix_whatsapp_enabled|bool"
  tags:
    - setup-all
    - setup-mautrix-whatsapp
 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup and matrix_mautrix_whatsapp_enabled"
  tags:
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -15,27 +15,59 @@
    force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}"
 - name: Ensure Mautrix Whatsapp base directory exists
 - name: Ensure Mautrix Whatsapp paths exists
  file:
    path: "{{ matrix_mautrix_whatsapp_base_path }}"
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
 - name: Check if a mautrix-whatsapp configuration file exists
  with_items:
    - "{{ matrix_mautrix_whatsapp_base_path }}"
    - "{{ matrix_mautrix_whatsapp_config_path }}"
    - "{{ matrix_mautrix_whatsapp_data_path }}"
 - name: Check if an old database file exists
  stat:
    path: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db"
  register: matrix_mautrix_whatsapp_stat_database
 - name: Check if an old matrix state file exists
  stat:
    path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
  register: mautrix_whatsapp_config_file_stat
    path: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json"
  register: matrix_mautrix_whatsapp_stat_mx_state
 - name: Ensure Matrix Mautrix whatsapp config installed
  template:
    src: "{{ role_path }}/templates//config.yaml.j2"
    dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
 - name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped
  service:
    name: matrix-mautrix-whatsapp
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
 - name: (Data relocation) Move mautrix-whatsapp database file to ./data directory
  command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
  when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
 - name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory
  command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json"
  when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists"
 - name: Ensure mautrix-whatsapp config.yaml installed
  copy:
    content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}"
    dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
 - name: Ensure mautrix-whatsapp registration.yaml installed
  copy:
    content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}"
    dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
  when: "not mautrix_whatsapp_config_file_stat.stat.exists"
 - name: Ensure matrix-mautrix-whatsapp.service installed
  template:
@@ -48,21 +80,3 @@
  service:
    daemon_reload: yes
  when: "matrix_mautrix_whatsapp_systemd_service_result.changed"
 - name: Check if a mautrix-whatsapp registration file exists
  stat:
    path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml"
  register: mautrix_whatsapp_registration_file_stat
 - name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist
  shell:
    cmd: >-
      /usr/bin/docker run
      --rm
      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
      --cap-drop=ALL
      --name matrix-mautrix-whatsapp-gen
      -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z
      {{ matrix_mautrix_whatsapp_docker_image }}
      /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
  when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml
@@ -0,0 +1,11 @@
 ---
 - name: Fail if required settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
  with_items:
    - "matrix_mautrix_whatsapp_appservice_token"
    - "matrix_mautrix_whatsapp_homeserver_token"
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -1,87 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 # Homeserver details.
 homeserver:
  # The address that this appservice can use to connect to the homeserver.
  address: {{ matrix_mautrix_whatsapp_homeserver_address }}
  # The domain of the homeserver (for MXIDs, etc).
  domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.
 appservice:
  # The address that the homeserver can use to connect to this appservice.
  address: {{ matrix_mautrix_whatsapp_appservice_address }}
  # The hostname and port where this appservice should listen.
  hostname: 0.0.0.0
  port: 8080
  # Database config.
  database:
    # The database type. Only "sqlite3" is supported.
    type: sqlite3
    # The database URI. Usually file name. https://github.com/mattn/go-sqlite3#connection-string
    uri: mautrix-whatsapp.db
  # Path to the Matrix room state store.
  state_store_path: ./mx-state.json
  # The unique ID of this appservice.
  id: whatsapp
  # Appservice bot details.
  bot:
    # Username of the appservice bot.
    username: whatsappbot
    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
    # to leave display name/avatar as-is.
    displayname: WhatsApp bridge bot
    avatar: remove
  # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
  as_token: "This value is generated when generating the registration"
  hs_token: "This value is generated when generating the registration"
 # Bridge config. Currently unused.
 bridge:
  # {% raw %}
  # protecting the go templates inside the raw section.
  # Localpart template of MXIDs for WhatsApp users.
  # {{.}} is replaced with the phone number of the WhatsApp user.
  username_template: whatsapp_{{.}}
  # Displayname template for WhatsApp users.
  # {{.Notify}} - nickname set by the WhatsApp user
  # {{.Jid}}    - phone number (international format)
  # The following variables are also available, but will cause problems on multi-user instances:
  # {{.Name}}   - display name from contact list
  # {{.Short}}  - short display name from contact list
  displayname_template: "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)"
  # {% endraw %}
  # The prefix for commands. Only required in non-management rooms.
  command_prefix: "!wa"
  # Permissions for using the bridge.
  # Permitted values:
  #     user - Access to use the bridge to chat with a WhatsApp account.
  #    admin - User level and some additional administration tools
  # Permitted keys:
  #        * - All Matrix users
  #   domain - All users on that homeserver
  #     mxid - Specific user
  permissions:
    '{{ matrix_mautrix_whatsapp_homeserver_domain }}': user
 # Logging config.
 logging:
  # The directory for log files. Will be created if not found.
  directory: ./logs
  # Available variables: .Date for the file date and .Index for different log files on the same day.
  file_name_format: {% raw %}"{{.Date}}-{{.Index}}.log"{% endraw %}
  # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
  file_date_format: 2006-01-02
  # Log file permissions.
  file_mode: 0600
  # Timestamp format for log entries in the Go time format.
  timestamp_format: Jan _2, 2006 15:04:05
  # Minimum severity for log messages.
  # Options: debug, info, warn, error, fatal
  print_level: debug
--- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
+++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
@@ -22,13 +22,14 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \
 			-v {{ matrix_mautrix_whatsapp_config_path }}:/config:z \
 			-v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \
 			--workdir=/data \
 			{% for arg in matrix_mautrix_whatsapp_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_whatsapp_docker_image }} \
 			/usr/bin/mautrix-whatsapp
 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
 ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
 ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # that is frequently out of date.
 matrix_nginx_proxy_docker_image: "nginx:1.15.12-alpine"
 matrix_nginx_proxy_docker_image: "nginx:1.17.0-alpine"
 matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
--- a/roles/matrix-postgres/defaults/main.yml
+++ b/roles/matrix-postgres/defaults/main.yml
@@ -8,9 +8,9 @@ matrix_postgres_db_name: ""
 matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
 matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
 matrix_postgres_docker_image_v9: "postgres:9.6.13-alpine"
 matrix_postgres_docker_image_v10: "postgres:10.8-alpine"
 matrix_postgres_docker_image_v11: "postgres:11.3-alpine"
 matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine"
 matrix_postgres_docker_image_v10: "postgres:10.9-alpine"
 matrix_postgres_docker_image_v11: "postgres:11.4-alpine"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
 # This variable is assigned at runtime. Overriding its value has no effect.
--- a/roles/matrix-riot-web/defaults/main.yml
+++ b/roles/matrix-riot-web/defaults/main.yml
@@ -1,6 +1,6 @@
 matrix_riot_web_enabled: true
 matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.1"
 matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.2"
 matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"