Merge branch 'spantaleev:master' into polychat-appservice

.gitignore

@@ -3,7 +3,7 @@
 .DS_Store
 .python-version
 .idea/
-flake.lock
+.direnv/
 
 # ignore roles pulled by ansible-galaxy
 /roles/galaxy/*

docs/configuring-playbook-bridge-appservice-slack.md

@@ -20,8 +20,24 @@ matrix_appservice_slack_enabled: true
 matrix_appservice_slack_control_room_id: "Your matrix admin room id"
 ```
 
-3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
-4. Invite the bridge bot user into the admin room:
+3. Enable puppeting (optional, but recommended)
+
+```yaml
+matrix_appservice_slack_puppeting_enabled: true
+matrix_appservice_slack_puppeting_slackapp_client_id: "Your Classic Slack App Client ID"
+matrix_appservice_slack_puppeting_slackapp_client_secret: "Your Classic Slack App Client Secret"
+```
+
+4. Enable Team Sync (optional)
+
+```yaml
+matrix_appservice_slack_team_sync_enabled: true
+```
+
+   See https://matrix-appservice-slack.readthedocs.io/en/latest/team_sync/
+
+4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
+5. Invite the bridge bot user into the admin room:
 
 ```
     /invite @slackbot:MY.DOMAIN
@@ -29,7 +45,7 @@ matrix_appservice_slack_control_room_id: "Your matrix admin room id"
 
 Note that the bot's domain is your server's domain **without the `matrix.` prefix.**
 
-5. Create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
+6. Create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
 
     Name the app "matrixbot" (or anything else you'll remember).
 
@@ -37,7 +53,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
     Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
 
-6. Click on Event Subscriptions and enable them and use the request url `https://matrix.DOMAIN/appservice-slack`. Then add the following events and save:
+7. Click on Event Subscriptions and enable them and use the request url `https://matrix.DOMAIN/appservice-slack`. Then add the following events and save:
 
      Bot User Events:
 
@@ -47,7 +63,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
     - reaction_added
     - reaction_removed
 
-7. Click on OAuth & Permissions and add the following scopes:
+8. Click on OAuth & Permissions and add the following scopes:
 
     - chat:write:bot
     - users:read
@@ -59,9 +75,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
     Note: In order to make Slack files visible to matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details.
 
-8. Click on Install App and Install App to Workspace. Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
+9. Click on Install App and Install App to Workspace. Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
 
-9. For each channel you would like to bridge, perform the following steps:
+10. If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:
 
     * Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID - it will look something like !aBcDeF:example.com.
 
@@ -86,7 +102,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
 
 Other configuration options are available via the `matrix_appservice_slack_configuration_extension_yaml` variable.
 
-10. Unlinking
+11. Unlinking
 
     Channels can be unlinked again like this:
     ```

docs/maintenance-postgres.md

@@ -87,8 +87,6 @@ This playbook can upgrade your existing Postgres setup with the following comman
 just run-tags upgrade-postgres
 ```
 
-**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 16 support yet.**
-
 **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
 To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`
 

docs/maintenance-synapse.md

@@ -74,7 +74,7 @@ Synapse's presence feature which tracks which users are online and which are off
 
 If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).
 
-[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will aslo need to tune Postgres manually.
+[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.
 
 ### Tuning caches and cache autotuning
 

flake.lock

@@ -0,0 +1,60 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712578459,
+        "narHash": "sha256-r+rjtYIdwV7mEqFwbvaS7dZSH+3xNW9loR3Rh9C0ifI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b1a486be09c354e25a18689eb21425e43892e38c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -1,19 +1,30 @@
 {
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-
-  outputs = { self, nixpkgs, ... }:
-    let
-      pkgs = import nixpkgs { system = "x86_64-linux"; };
-    in
-    {
-      devShell.x86_64-linux = pkgs.mkShell {
-        buildInputs = with pkgs; [
-          just
-          python311Packages.ansible-core
-          python311Packages.passlib
-        ];
-        LC_ALL = "C.UTF-8";
-        LC_CTYPE = "C.UTF-8";
-      };
-    };
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+  }:
+    flake-utils.lib.eachDefaultSystem
+    (
+      system: let
+        pkgs = import nixpkgs {
+          inherit system;
+        };
+      in
+        with pkgs; {
+          devShells.default = mkShell {
+            buildInputs = [
+              just
+              ansible
+            ];
+            shellHook = ''
+              echo "$(ansible --version)"
+            '';
+          };
+        }
+    );
 }

group_vars/matrix_servers

@@ -19,6 +19,14 @@
 # Also see `devture_docker_sdk_for_python_installation_enabled`.
 matrix_playbook_docker_installation_enabled: true
 
+matrix_playbook_docker_installation_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options_auto | combine(matrix_playbook_docker_installation_daemon_options_custom, recursive=True) }}"
+
+matrix_playbook_docker_installation_daemon_options_auto:
+  experimental: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+  ip6tables: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+
+matrix_playbook_docker_installation_daemon_options_custom: {}
+
 # Controls whether to attach Traefik labels to services.
 # This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
 # yet still use Traefik installed in another way.
@@ -489,13 +497,7 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d
 #                                                                      #
 ########################################################################
 
-docker_daemon_options: |
-  {{
-    {
-      'experimental': devture_systemd_docker_base_ipv6_enabled,
-      'ip6tables': devture_systemd_docker_base_ipv6_enabled,
-    }
-  }}
+docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}"
 
 ########################################################################
 #                                                                      #
@@ -1921,15 +1923,15 @@ matrix_hookshot_systemd_wanted_services_list: |
   {{
     matrix_addons_homeserver_systemd_services_list
     +
-    ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
+    ([(redis_identifier + '.service')] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
     +
-    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
+    ([(keydb_identifier + '.service')] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
   }}
 
 # Hookshot's experimental encryption feature (and possibly others) may benefit from Redis, if available.
 # We only connect to Redis if encryption is enabled (not for everyone who has Redis enabled),
 # because connectivity is still potentially troublesome and is to be investigated.
-matrix_hookshot_queue_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
+matrix_hookshot_cache_redis_host: "{{ redis_identifier if redis_enabled and matrix_hookshot_experimental_encryption_enabled else (keydb_identifier if keydb_enabled and matrix_hookshot_experimental_encryption_enabled else '') }}"
 
 matrix_hookshot_container_network: "{{ matrix_addons_container_network }}"
 
@@ -1938,9 +1940,9 @@ matrix_hookshot_container_additional_networks_auto: |
     (
       ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
       +
-      ([redis_container_network] if redis_enabled and matrix_hookshot_queue_host == redis_identifier else [])
+      ([redis_container_network] if redis_enabled and matrix_hookshot_cache_redis_host == redis_identifier else [])
       +
-      ([keydb_container_network] if keydb_enabled and matrix_hookshot_queue_host == keydb_identifier else [])
+      ([keydb_container_network] if keydb_enabled and matrix_hookshot_cache_redis_host == keydb_identifier else [])
       +
       ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_hookshot_container_labels_traefik_enabled else [])
     ) | unique
@@ -3422,7 +3424,7 @@ exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64',
 
 exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"
 
-exim_relay_sender_address: "matrix@{{ matrix_domain }}"
+exim_relay_sender_address: "matrix@{{ exim_relay_hostname }}"
 
 ########################################################################
 #                                                                      #
@@ -5033,6 +5035,7 @@ matrix_dendrite_systemd_wanted_services_list_auto: |
     (['matrix-coturn.service'] if matrix_coturn_enabled else [])
   }}
 
+matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
 matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
 
 ######################################################################

requirements.yml

@@ -7,7 +7,7 @@
   version: v1.2.8-1.8.9-0
   name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
-  version: v0.1.1-3
+  version: v0.1.2-1
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
   version: 7.1.0
@@ -16,16 +16,16 @@
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v2.0.1-2
+  version: v2.0.3-0
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.97-r0-0-3
+  version: v4.97.1-r0-0-2
   name: exim_relay
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.4.1-0
+  version: v11.0.0-0
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v9364-1
+  version: v9457-3
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
   version: v6.3.4-1
@@ -43,16 +43,16 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
   name: playbook_state_preserver
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v16.1-6
+  version: v16.3-0
   name: postgres
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
   version: 046004a8cb9946979b72ce81c2526c8033ea8067
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.51.0-0
+  version: v2.52.0-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.7.0-3
+  version: v1.8.0-0
   name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
   version: v0.14.0-4
@@ -70,7 +70,7 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v2.11.0-4
+  version: v2.11.2-0
   name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
   version: v2.8.3-1

roles/custom/matrix-bot-buscarron/defaults/main.yml

@@ -6,7 +6,7 @@
 matrix_bot_buscarron_enabled: true
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron
-matrix_bot_buscarron_version: v1.4.0
+matrix_bot_buscarron_version: v1.4.1
 
 # The hostname at which Buscarron is served.
 matrix_bot_buscarron_hostname: ''

roles/custom/matrix-bot-honoroit/defaults/main.yml

@@ -21,7 +21,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit
-matrix_bot_honoroit_version: v0.9.20
+matrix_bot_honoroit_version: v0.9.21
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

roles/custom/matrix-bot-postmoogle/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_v
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle
-matrix_bot_postmoogle_version: v0.9.17
+matrix_bot_postmoogle_version: v0.9.18
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

roles/custom/matrix-bridge-appservice-slack/defaults/main.yml

@@ -105,6 +105,14 @@ matrix_appservice_slack_database_port: 5432
 matrix_appservice_slack_database_name: matrix_appservice_slack
 matrix_appservice_slack_database_sslmode: disable
 
+matrix_appservice_slack_puppeting_enabled: false
+matrix_appservice_slack_puppeting_slackapp_client_id: ''
+matrix_appservice_slack_puppeting_slackapp_client_secret: ''
+matrix_appservice_slack_puppeting_onboard_users: true
+
+matrix_appservice_slack_team_sync_enabled: false
+matrix_appservice_slack_team_sync_alias_prefix: 'slack_'
+
 # The name of the container network to use when importing a NeDB database into Postgres.
 # For Postgres not working in a container, this can be left empty.
 matrix_appservice_slack_database_container_network: ''

roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2

@@ -24,6 +24,26 @@ rtm:
   #
   log_level: "silent"
 
+{% if matrix_appservice_slack_puppeting_enabled %}
+puppeting:
+  enabled: true
+  onboard_users: {{ matrix_appservice_slack_puppeting_onboard_users | to_json }}
+
+oauth2:
+  client_id: {{ matrix_appservice_slack_puppeting_slackapp_client_id | to_json }}
+  client_secret: {{ matrix_appservice_slack_puppeting_slackapp_client_secret | to_json }}
+{% endif %}
+
+{% if matrix_appservice_slack_team_sync_enabled %}
+team_sync:
+  all:
+    channels:
+      enabled: true
+      alias_prefix: {{ matrix_appservice_slack_team_sync_alias_prefix | to_json }}
+    users:
+      enabled: true
+{% endif %}
+
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"
 {% else %}

roles/custom/matrix-bridge-hookshot/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 5.2.1
+matrix_hookshot_version: 5.3.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -40,15 +40,17 @@ matrix_hookshot_appservice_port: 9993
 matrix_hookshot_appservice_hostname: "{{ matrix_hookshot_public_hostname }}"
 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
 
-# The variables below control the queue parameters and may optionally be pointed to a Redis instance.
-# These are required when experimental encryption is enabled (`matrix_hookshot_experimental_encryption_enabled`).
-matrix_hookshot_queue_host: ''
-matrix_hookshot_queue_port: 6739
+# The variables below control the Redis cache parameters.
+# Using caching is required when experimental encryption is enabled (`matrix_hookshot_experimental_encryption_enabled`)
+# but may also speed up Hookshot startup, etc.
+matrix_hookshot_cache_redis_host: ''
+matrix_hookshot_cache_redis_port: "6379"
+matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_host + ':' + matrix_hookshot_cache_redis_port) if matrix_hookshot_cache_redis_host else '' }}"  # noqa var-naming
 
 # Controls whether the experimental end-to-bridge encryption support is enabled.
 # This requires that:
 # - support to also be enabled in the homeserver, see the documentation of Hookshot.
-# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_queue_*` variables.
+# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables.
 matrix_hookshot_experimental_encryption_enabled: false
 
 # Controls whether metrics are enabled in the bridge configuration.
@@ -91,7 +93,7 @@ matrix_hookshot_github_oauth_client_id: ''  # "Client ID" on the GitHub App page
 matrix_hookshot_github_oauth_client_secret: ''  # "Client Secret" on the GitHub App page
 # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
 matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
-matrix_hookshot_github_oauth_redirect_uri: "https://{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
+matrix_hookshot_github_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
 
 # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
 matrix_hookshot_github_defaultOptions_ignoreHooks: {}  # noqa var-naming

roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml

@@ -29,6 +29,8 @@
     - {'old': 'matrix_hookshot_jira_oauth_uri', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
     - {'old': 'matrix_hookshot_gitlab_secret', 'new': 'matrix_hookshot_gitlab_webhook_secret'}
     - {'old': 'matrix_hookshot_ident', 'new': 'matrix_hookshot_identifier'}
+    - {'old': 'matrix_hookshot_queue_host', 'new': 'matrix_hookshot_cache_redis_host'}
+    - {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'}
 
 - name: Fail if required Hookshot settings not defined
   ansible.builtin.fail:
@@ -93,8 +95,8 @@
 - name: Fail if no Redis queue enabled when Hookshot encryption is enabled
   ansible.builtin.fail:
     msg: >-
-      You need to define a required configuration setting (`{{ item }}`) to enable Hookshot encryption.
-  when: "matrix_hookshot_experimental_encryption_enabled and matrix_hookshot_queue_host == ''"
+      You need to define a required configuration setting (`matrix_hookshot_cache_redis*`) to enable Hookshot encryption.
+  when: "matrix_hookshot_experimental_encryption_enabled and matrix_hookshot_cache_redisUri == ''"
 
 - name: (Deprecation) Catch and report old metrics usage
   ansible.builtin.fail:

roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

@@ -107,11 +107,9 @@ metrics:
   # (Optional) Prometheus metrics support
   #
   enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
-{% if matrix_hookshot_queue_host != '' %}
-queue:
-  monolithic: true
-  port: {{ matrix_hookshot_queue_port }}
-  host: {{ matrix_hookshot_queue_host | to_json }}
+{% if matrix_hookshot_cache_redisUri %}
+cache:
+  redisUri: {{ matrix_hookshot_cache_redisUri | to_json }}
 {% endif %}
 {% if matrix_hookshot_experimental_encryption_enabled %}
 experimentalEncryption:

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.3.0
+matrix_mautrix_gmessages_version: v0.4.1
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.2.0
+matrix_mautrix_meta_instagram_version: v0.3.1
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.2.0
+matrix_mautrix_meta_messenger_version: v0.3.1
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"

roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.5.1
+matrix_mautrix_signal_version: v0.6.1
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.10.6
+matrix_mautrix_whatsapp_version: v0.10.7
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"

roles/custom/matrix-cactus-comments-client/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.28.0
+matrix_cactus_comments_client_version: 2.30.0
 
 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"

roles/custom/matrix-client-element/defaults/main.yml

@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=vectorim/element-web
-matrix_client_element_version: v1.11.63
+matrix_client_element_version: v1.11.66
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -160,8 +160,8 @@ matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg"
 # URL of link on welcome image
 matrix_client_element_welcome_logo_link: "https://element.io"
 
-matrix_client_element_welcome_headline: "_t('Welcome to Element')"
-matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
+matrix_client_element_welcome_headline: "_t(\"welcome_to_element\")"
+matrix_client_element_welcome_text: "_t(\"powered_by_matrix_with_logo\")"
 
 # Links, shown in footer of welcome page:
 # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]

roles/custom/matrix-client-element/templates/welcome.html.j2

@@ -178,11 +178,11 @@ we don't have an account and should hide them. No account == no guest account ei
     <div class="mx_ButtonGroup">
         <div class="mx_ButtonRow">
             <a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
-                <div class="mx_ButtonLabel">_t("Sign In")</div>
+                <div class="mx_ButtonLabel">_t("action|sign_in")</div>
             </a>
 {% if matrix_client_element_registration_enabled %}
             <a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
-                <div class="mx_ButtonLabel">_t("Create Account")</div>
+                <div class="mx_ButtonLabel">_t("action|create_account")</div>
             </a>
 {% endif %}
         </div>
@@ -195,7 +195,7 @@ we don't have an account and should hide them. No account == no guest account ei
         <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
             <div>
                 <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
-                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
+                    <div class="mx_ButtonLabel">_t("action|explore_rooms")</div>
                 </a>
             </div>
         </div>

roles/custom/matrix-conduit/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_conduit_hostname: ''
 matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
 matrix_conduit_docker_image_name_prefix: "docker.io/"
 # renovate: datasource=docker depName=matrixconduit/matrix-conduit
-matrix_conduit_docker_image_tag: "v0.6.0"
+matrix_conduit_docker_image_tag: "v0.7.0"
 matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
 
 matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

roles/custom/matrix-conduit/templates/labels.j2

@@ -83,14 +83,14 @@ traefik.http.routers.matrix-conduit-public-client-api.tls.certResolver={{ matrix
 #                                                          #
 ############################################################
 
-traefik.http.routers.matrix-conduit-public-client-api.rule={{ matrix_conduit_container_labels_internal_client_api_traefik_rule }}
+traefik.http.routers.matrix-conduit-internal-client-api.rule={{ matrix_conduit_container_labels_internal_client_api_traefik_rule }}
 
 {% if matrix_conduit_container_labels_internal_client_api_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-conduit-public-client-api.priority={{ matrix_conduit_container_labels_internal_client_api_traefik_priority }}
+traefik.http.routers.matrix-conduit-internal-client-api.priority={{ matrix_conduit_container_labels_internal_client_api_traefik_priority }}
 {% endif %}
 
-traefik.http.routers.matrix-conduit-public-client-api.service=matrix-conduit
-traefik.http.routers.matrix-conduit-public-client-api.entrypoints={{ matrix_conduit_container_labels_internal_client_api_traefik_entrypoints }}
+traefik.http.routers.matrix-conduit-internal-client-api.service=matrix-conduit
+traefik.http.routers.matrix-conduit-internal-client-api.entrypoints={{ matrix_conduit_container_labels_internal_client_api_traefik_entrypoints }}
 
 ############################################################
 #                                                          #

roles/custom/matrix-dendrite/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
 # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith
-matrix_dendrite_docker_image_tag: "v0.13.6"
+matrix_dendrite_docker_image_tag: "v0.13.7"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

roles/custom/matrix-rageshake/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_rageshake_path_prefix: /
 # There are no stable container image tags yet.
 # See: https://github.com/matrix-org/rageshake/issues/69
 # renovate: datasource=docker depName=ghcr.io/matrix-org/rageshake
-matrix_rageshake_version: 1.12.0
+matrix_rageshake_version: 1.13.0
 
 matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake"
 matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config"

roles/custom/matrix-sliding-sync/defaults/main.yml

@@ -6,7 +6,7 @@
 matrix_sliding_sync_enabled: true
 
 # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync
-matrix_sliding_sync_version: v0.99.15
+matrix_sliding_sync_version: v0.99.17
 
 matrix_sliding_sync_scheme: https
 

roles/custom/matrix-static-files/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.28.0
+matrix_static_files_version: 2.30.0
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"

roles/custom/matrix-sygnal/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_sygnal_hostname: ''
 matrix_sygnal_path_prefix: /
 
 # renovate: datasource=docker depName=matrixdotorg/sygnal
-matrix_sygnal_version: v0.14.0
+matrix_sygnal_version: v0.14.1
 
 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"

roles/custom/matrix-synapse-admin/defaults/main.yml

@@ -12,7 +12,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
 
 # renovate: datasource=docker depName=awesometechnologies/synapse-admin
-matrix_synapse_admin_version: 0.8.7
+matrix_synapse_admin_version: 0.10.1
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"

roles/custom/matrix-synapse-auto-compressor/defaults/main.yml

@@ -6,7 +6,7 @@
 matrix_synapse_auto_compressor_enabled: true
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/rust-synapse-compress-state
-matrix_synapse_auto_compressor_version: "{{ 'latest' if matrix_synapse_auto_compressor_container_image_self_build else 'v0.1.3' }}"
+matrix_synapse_auto_compressor_version: v0.1.4
 
 matrix_synapse_auto_compressor_base_path: "{{ matrix_base_data_path }}/synapse-auto-compressor"
 matrix_synapse_auto_compressor_container_src_files_path: "{{ matrix_synapse_auto_compressor_base_path }}/container-src"

roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml

@@ -7,11 +7,13 @@
 #
 # When Synapse workers are enabled, however, the reverse-proxying configuration is much more complicated - certain requests need to go to certain workers, etc.
 # matrix-synapse-reverse-proxy-companion is the central place services that need to reach Synapse could be pointed to.
+#
+# Project source code URL: https://github.com/nginx/nginx
 
 matrix_synapse_reverse_proxy_companion_enabled: true
 
 # renovate: datasource=docker depName=nginx
-matrix_synapse_reverse_proxy_companion_version: 1.25.4-alpine
+matrix_synapse_reverse_proxy_companion_version: 1.25.5-alpine
 
 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.104.0
+matrix_synapse_version: v1.107.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -1227,6 +1227,8 @@ matrix_synapse_ext_synapse_auto_accept_invite_enabled: false
 matrix_synapse_ext_synapse_auto_accept_invite_version: 1.1.3
 # Specifies whether only direct messages (1:1 rooms) will be auto accepted.
 matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: false
+# Specifies whether only invites from local users will be auto accepted.
+matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users: false
 # When Synapse workers enabled it is possible (but not required) to assign a worker to run this module on (null = main process).
 matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: null
 

roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite/setup_install.yml

@@ -10,6 +10,7 @@
             "module": "synapse_auto_accept_invite.InviteAutoAccepter",
             "config": {
               "accept_invites_only_for_direct_messages": matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages,
+              "accept_invites_only_from_local_users": matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users,
               "worker_to_run_on": matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on,
           },
         }]

roles/custom/matrix-synapse/tasks/synapse/setup_install.yml

@@ -94,7 +94,7 @@
 - name: Generate initial Synapse config and signing key
   ansible.builtin.command:
     cmd: |
-      docker run
+      {{ devture_systemd_docker_base_host_command_docker }} run
       --rm
       --name=matrix-config
       --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}

roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_ssl.yml

@@ -5,10 +5,12 @@
     path: "{{ matrix_base_data_path }}/ssl"
     state: absent
 
-- name: Ensure matrix-ssl-lets-encrypt-certificates-renew systemd timer and service are gone
+- name: Ensure matrix SSL-related systemd timers and services are gone
   ansible.builtin.file:
     path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
     state: absent
   with_items:
     - matrix-ssl-lets-encrypt-certificates-renew.timer
     - matrix-ssl-lets-encrypt-certificates-renew.service
+    - matrix-ssl-nginx-proxy-reload.timer
+    - matrix-ssl-nginx-proxy-reload.service

setup.yml

@@ -127,8 +127,6 @@
     - custom/matrix-bridge-appservice-polychat
     - custom/matrix-pantalaimon
 
-    - role: galaxy/auxiliary
-
     - role: galaxy/postgres_backup
 
     - role: galaxy/backup_borg
@@ -142,6 +140,8 @@
 
     - role: galaxy/traefik_certs_dumper
 
+    - role: galaxy/auxiliary
+
     - when: devture_systemd_service_manager_enabled | bool
       role: galaxy/systemd_service_manager