Merge branch 'spantaleev:master' into master

docs/configuring-awx-system.md

@@ -31,9 +31,9 @@ Updates to this section are trailed here:
 
 ## Does I need an AWX setup to use this? How do I configure it? 
 
-Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation.md). 
+Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). 
 
-For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal.md).
+For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md).
 
 
 ## Does I need a front-end WordPress site? And a DigitalOcean account? 

docs/configuring-playbook-bridge-heisenbridge.md

@@ -4,7 +4,7 @@
 
 The playbook can install and configure [Heisenbridge](https://github.com/hifi/heisenbridge) - the bouncer-style [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat) bridge for you.
 
-See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you.
+See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you. You can also take a look at [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I).
 
 ## Configuration
 
@@ -33,4 +33,6 @@ After the bridge is successfully running just DM `@heisenbridge:your-homeserver`
 Help is available for all commands with the `-h` switch.
 If the bridge ignores you and a DM is not accepted then the owner setting may be wrong.
 
+You can also learn the basics by watching [this demonstration video](https://www.youtube.com/watch?v=nQk1Bp4tk4I).
+
 If you encounter issues or feel lost you can join the project room at [#heisenbridge:vi.fi](https://matrix.to/#/#heisenbridge:vi.fi) for help.

docs/configuring-playbook-synapse.md

@@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
 ## Synapse + OpenID Connect for Single-Sign-On
 
 If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
+
+In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
+
+```
+ - idp_id: keycloak
+        idp_name: "Keycloak"
+        issuer: "https://url.ix/auth/realms/x"
+        client_id: "matrix"
+        client_secret: "{{ vault_synapse_keycloak }}"
+        scopes: ["openid", "profile"]
+        authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
+        token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
+        userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
+        user_mapping_provider:
+          config:
+            display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
+            email_template: "{%raw}{{ user.email }}{% endraw %}"
+```
+

roles/matrix-awx/surveys/configure_email_relay.json.j2

@@ -0,0 +1,19 @@
+{
+  "name": "Configure Email Relay",
+  "description": "Enable MailGun relay to increase verification email reliability.",
+  "spec": [
+    {
+      "question_name": "Enable Email Relay",
+      "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.",
+      "required": false,
+      "min": null,
+      "max": null,
+      "default": "{{ matrix_mailer_relay_use | string | lower }}",
+      "choices": "true\nfalse",
+      "new_question": true,
+      "variable": "matrix_mailer_relay_use",
+      "type": "multiplechoice"
+    }
+  ]
+}
+

roles/matrix-awx/tasks/backup_server.yml

@@ -54,10 +54,6 @@
     validate_certs: yes
   tags: use-survey
 
-- name: Run export.sh if this job template is run by the client
-  command: /bin/sh /root/export.sh
-  tags: use-survey
-
 - name: Include vars in matrix_vars.yml
   include_vars:
     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@@ -70,8 +66,28 @@
     mode: '0660'
   tags: use-survey
 
-- name: Perform the borg backup
-  command: borgmatic
+- name: Run initial backup of /matrix/ and snapshot the database simultaneously 
+  command: "{{ item }}" 
+  with_items:
+    - borgmatic -c /root/.config/borgmatic/config_1.yaml
+    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
+  register: _create_instances
+  async: 3600  # Maximum runtime in seconds.
+  poll: 0  # Fire and continue (never poll)
+  when: matrix_awx_backup_enabled|bool
+
+- name: Wait for both of these jobs to finish
+  async_status:
+    jid: "{{ item.ansible_job_id }}"
+  register: _jobs
+  until: _jobs.finished
+  delay: 5  # Check every 5 seconds.
+  retries: 720  # Retry for a full hour.
+  with_items: "{{ _create_instances.results }}"
+  when: matrix_awx_backup_enabled|bool
+
+- name: Perform borg backup of postgres dump
+  command: borgmatic -c /root/.config/borgmatic/config_2.yaml
   when: matrix_awx_backup_enabled|bool
 
 - name: Set boolean value to exit playbook

roles/matrix-awx/tasks/export_server.yml

@@ -0,0 +1,33 @@
+
+- name: Run export of /matrix/ and snapshot the database simultaneously 
+  command: "{{ item }}" 
+  with_items:
+    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
+    - /bin/sh /usr/local/bin/awx-export-service.sh 0 1
+  register: _create_instances
+  async: 3600  # Maximum runtime in seconds.
+  poll: 0  # Fire and continue (never poll)
+
+- name: Wait for both of these jobs to finish
+  async_status:
+    jid: "{{ item.ansible_job_id }}"
+  register: _jobs
+  until: _jobs.finished
+  delay: 5  # Check every 5 seconds.
+  retries: 720  # Retry for a full hour.
+  with_items: "{{ _create_instances.results }}"
+
+- name: Schedule deletion of the export in 24 hours
+  at:
+    command: rm /chroot/export/matrix*
+    count: 1
+    units: days
+    unique: yes
+
+- name: Set boolean value to exit playbook
+  set_fact:
+    end_playbook: true
+
+- name: End playbook if this task list is called.
+  meta: end_play
+  when: end_playbook is defined and end_playbook|bool

roles/matrix-awx/tasks/import_awx.yml

@@ -1,15 +1,4 @@
 
-- name: Ensure /matrix/awx is empty
-  shell: rm -r /matrix/awx/*
-  ignore_errors: yes
-
-- name: Ensure /matrix/synapse is empty
-  shell: rm -r /matrix/synapse/*
-  ignore_errors: yes
-
-- name: Extract from /chroot/export
-  shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
-
 - name: Ensure correct ownership of /matrix/awx
   shell: chown -R matrix:matrix /matrix/awx
 

roles/matrix-awx/tasks/main.yml

@@ -25,6 +25,15 @@
   when: run_setup|bool and matrix_awx_enabled|bool
   tags:
     - backup-server
+    
+# Perform a export of the server
+- include_tasks: 
+    file: "export_server.yml"
+    apply:
+      tags: export-server
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - export-server
 
 # Create a user account if called
 - include_tasks: 
@@ -98,6 +107,15 @@
   tags:
     - setup-client-element
 
+# Additional playbook to set the variable file during Mailer configuration
+- include_tasks: 
+    file: "set_variables_mailer.yml"
+    apply:
+      tags: setup-mailer
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - setup-mailer
+
 # Additional playbook to set the variable file during Element configuration
 - include_tasks: 
     file: "set_variables_element_subdomain.yml"

roles/matrix-awx/tasks/set_variables_mailer.yml

@@ -0,0 +1,50 @@
+
+- name: Record Mailer variables locally on AWX
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    regexp: "^#? *{{ item.key | regex_escape() }}:"
+    line: "{{ item.key }}: {{ item.value }}"
+    insertafter: '# Email Settings Start'
+  with_dict:
+    'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}'
+
+- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template
+  delegate_to: 127.0.0.1
+  template:
+    src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2'
+    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
+
+- name: Copy new 'Configure Email Relay' survey.json to target machine
+  copy:
+    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
+    dest: '/matrix/awx/configure_email_relay.json'
+    mode: '0660'
+
+- name: Collect AWX admin token the hard way!
+  delegate_to: 127.0.0.1
+  shell: |
+      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
+  register: tower_token
+  no_log: True
+
+- name: Recreate 'Configure Email Relay' job template
+  delegate_to: 127.0.0.1
+  awx.awx.tower_job_template:
+    name: "{{ matrix_domain }} - 1 - Configure Email Relay"
+    description: "Enable MailGun relay to increase verification email reliability."
+    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
+    job_type: run
+    job_tags: "start,setup-mailer"
+    inventory: "{{ member_id }}"
+    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
+    playbook: setup.yml
+    credential: "{{ member_id }} - AWX SSH Key"
+    survey_enabled: true
+    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
+    become_enabled: yes
+    state: present
+    verbosity: 1
+    tower_host: "https://{{ tower_host }}"
+    tower_oauthtoken: "{{ tower_token.stdout }}"
+    validate_certs: yes

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 
-matrix_appservice_irc_version: release-0.26.0
+matrix_appservice_irc_version: release-0.26.1
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-irc/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}"

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}"

roles/matrix-bridge-mautrix-instagram/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}"

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"

roles/matrix-bridge-mx-puppet-discord/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}"

roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}"

roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}"

roles/matrix-bridge-mx-puppet-skype/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}"

roles/matrix-bridge-mx-puppet-slack/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}"

roles/matrix-bridge-mx-puppet-steam/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}"

roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}"

roles/matrix-client-element/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.7.29
+matrix_client_element_version: v1.7.30
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-element/tasks/init.yml

@@ -7,4 +7,4 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.1.53
+matrix_client_hydrogen_version: v0.1.57
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}"

roles/matrix-corporal/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}"

roles/matrix-coturn/defaults/main.yml

@@ -2,7 +2,7 @@ matrix_coturn_enabled: true
 
 matrix_coturn_container_image_self_build: false
 matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
-matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r0"
+matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r1"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
 matrix_coturn_version: 4.5.2

roles/matrix-coturn/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}"

roles/matrix-dynamic-dns/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 7.5.7
+matrix_grafana_version: 8.0.2
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 
@@ -38,11 +38,11 @@ matrix_grafana_default_admin_password: admin
 matrix_grafana_content_security_policy: true
 
 # specify content security policy template to customized template
-# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
 # added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
 # [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
 # [Content Security Policy Reference](https://content-security-policy.com/script-src/)
-matrix_grafana_content_security_policy_customized: true
+matrix_grafana_content_security_policy_customized: false
+matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"
 
 # A list of extra arguments to pass to the container
 matrix_grafana_container_extra_arguments: []

roles/matrix-grafana/templates/grafana.ini.j2

@@ -13,7 +13,7 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}"
 
 # specify content security policy template to customized template
 {% if matrix_grafana_content_security_policy_customized %}
-content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
+content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
 {% endif %}
 
 [auth.anonymous]

roles/matrix-jitsi/defaults/main.yml

@@ -39,6 +39,7 @@ matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
 matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
 matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
 matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
+matrix_jitsi_xmpp_modules: ''
 
 matrix_jitsi_recorder_domain: recorder.meet.jitsi
 

roles/matrix-jitsi/templates/prosody/env.j2

@@ -25,7 +25,7 @@ XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
 XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
 
-XMPP_MODULES=
+XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
 XMPP_MUC_MODULES=
 XMPP_INTERNAL_MUC_MODULES=
 

roles/matrix-ma1sd/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}"

roles/matrix-mailer/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}"

roles/matrix-nginx-proxy/defaults/main.yml

@@ -404,7 +404,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.14.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.16.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

roles/matrix-redis/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_redis_connection_password: ""
 matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
 matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
 
-matrix_redis_version: 6.0.10-alpine
+matrix_redis_version: 6.2.4-alpine
 matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}"
 matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
 matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'

roles/matrix-registration/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}"

roles/matrix-synapse-admin/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_self_build and matrix_synapse_admin_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}"

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.35.0
-matrix_synapse_version_arm64: v1.35.0
+matrix_synapse_version: v1.36.0
+matrix_synapse_version_arm64: v1.36.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
 
 # Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
 # we'll generate it dynamically.

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2977,19 +2977,4 @@ redis:
   password: {{ matrix_synapse_redis_password }}
 
 
-# Enable experimental features in Synapse.
-#
-# Experimental features might break or be removed without a deprecation
-# period.
-#
-experimental_features:
-  # Support for Spaces (MSC1772), it enables the following:
-  #
-  # * The Spaces Summary API (MSC2946).
-  # * Restricting room membership based on space membership (MSC3083).
-  #
-  # Uncomment to disable support for Spaces.
-  #spaces_enabled: false
-
-
 # vim:ft=yaml

roles/matrix-synapse/vars/workers.yml

@@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
+  - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
+  - ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
+  - ^/_matrix/client/(api/v1|r0|unstable)/search$
 
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|unstable)/login$