Merge branch 'spantaleev:master' into master

.github/workflows/matrix.yml

@@ -13,4 +13,4 @@ jobs:
       - name: ⤵️ Check out configuration from GitHub
         uses: actions/checkout@v3
       - name: 🚀 Run yamllint
-        uses: frenck/action-yamllint@v1.1.2
+        uses: frenck/action-yamllint@v1.2.0

CHANGELOG.md

@@ -1,3 +1,74 @@
+# 2022-07-14
+
+## mx-puppet-skype removal
+
+The playbook no longer includes the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge, because it has been broken and unmaintaned for a long time. Users that have `matrix_mx_puppet_skype_enabled` in their configuration files will encounter an error when running the playbook until they remove references to this bridge from their configuration.
+
+To completely clean up your server from `mx-puppet-skype`'s presence on it:
+
+- ensure your Ansible configuration (`vars.yml` file) no longer contains `matrix_mx_puppet_skype_*` references
+- stop and disable the systemd service (run `systemctl disable --now matrix-mx-puppet-skype` on the server)
+- delete the systemd service (run `rm /etc/systemd/system/matrix-mx-puppet-skype.service` on the server)
+- delete `/matrix/mx-puppet-skype` (run `rm -rf /matrix/mx-puppet-skype` on the server)
+- drop the `matrix_mx_puppet_skype` database (run `/usr/local/bin/matrix-postgres-cli` on the server, and execute the `DROP DATABASE matrix_mx_puppet_skype;` query there)
+
+If you still need bridging to [Skype](https://www.skype.com/), consider switching to [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) instead. See [Setting up Go Skype Bridge bridging](docs/configuring-playbook-bridge-go-skype-bridge.md).
+
+If you think this is a mistake and `mx-puppet-skype` works for you (or you get it to work somehow), let us know and we may reconsider this removal.
+
+
+## signald (0.19.0+) upgrade requires data migration
+
+In [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921) we upgraded [signald](https://signald.org/) (used by the mautrix-signal bridge) from `v0.18.5` to `v0.20.0`.
+
+Back in the [`v0.19.0` released of signald](https://gitlab.com/signald/signald/-/blob/main/releases/0.19.0.md) (which we skipped and migrated straight to `v0.20.0`), a new `--migrate-data` command had been added that migrates avatars, group images, attachments, etc., into the database (those were previously stored in the filesystem).
+
+If you've been using the mautrix-signal bridge for a while, you may have files stored in the local filesystem, which will need to be upgraded.
+
+We attempt to do this data migration automatically every time Signald starts (`matrix-mautrix-signal-daemon.service`) using a `ExecStartPre` systemd unit definition.
+
+Keep an eye on your Signal bridge and let us know (in our [support room](README.md#support) or in [Pull Request #1921](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921)) if you experience any trouble!
+
+
+# 2022-07-05
+
+## Ntfy push notifications support
+
+Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you.
+
+See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started.
+
+
+# 2022-06-23
+
+## (Potential Backward Compatibility Break) Changes around metrics collection
+
+**TLDR**: we've made extensive **changes to metrics exposure/collection, which concern people using an external Prometheus server**. If you don't know what that is, you don't need to read below.
+
+**Why do major changes to metrics**? Because various services were exposing metrics in different, hacky, ways. Synapse was exposing metrics at `/_synapse/metrics` and `/_synapse-worker-.../metrics` on the `matrix.DOMAIN`. The Hookshot role was **repurposing** the Granana web UI domain (`stats.DOMAIN`) for exposing its metrics on `stats.DOMAIN/hookshot/metrics`, while protecting these routes using Basic Authentication **normally used for Synapse** (`/_synapse/metrics`). Node-exporter and Postgres-exporter roles were advising for more `stats.DOMAIN` usage in manual ways. Each role was doing things differently and mixing variables from other roles. Each metrics endpoint was ending up in a different place, protected by who knows what Basic Authentication credentials (if protected at all).
+
+**The solution**: a completely revamped way to expose metrics to an external Prometheus server. We are **introducing new `https://matrix.DOMAIN/metrics/*` endpoints**, where various services *can* expose their metrics, for collection by external Prometheus servers. To enable the `/metrics/*` endpoints, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. There's also a way to protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). See the `matrix-nginx-proxy` role or our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation for additional variables around `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+
+**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that:
+1. **Metrics may not be enabled by default anymore**:
+  - If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network.
+  - **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below.
+2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation.
+3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`.
+
+**If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`.
+
+**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`.
+
+**If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that:
+
+1. Exposing metrics is now done using `matrix_synapse_metrics_proxying_enabled`, not `matrix_nginx_proxy_proxy_synapse_metrics: true`. You may still need to enable metrics using `matrix_synapse_metrics_enabled: true` before exposing them.
+2. Protecting metrics endpoints using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is now done in another way. See our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation
+3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics`
+4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`).
+
+**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now.
+
 # 2022-06-13
 
 ## go-skype-bridge bridging support

README.md

@@ -79,7 +79,7 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation
 
-- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
+- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
 
 - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
 
@@ -117,6 +117,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
 
+- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation
+
 - (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
 
 - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation

docs/configuring-dns.md

@@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
 | CNAME | `stats`                      | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `goneb`                      | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `sygnal`                     | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `ntfy`                       | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `hydrogen`                   | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `cinny`                      | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `buscarron`                  | -        | -      | -    | `matrix.<your-domain>` |
@@ -57,11 +58,13 @@ The `goneb.<your-domain>` subdomain may be necessary, because this playbook coul
 
 The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
 
+The `ntfy.<your-domain>` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.<your-domain>` DNS record.
+
 The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
 
 The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
 
-The `buscarron.<your-domain>` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.<your-domain>` DNS record.
+The `buscarron.<your-domain>` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.<your-domain>` DNS record.
 
 ## `_matrix-identity._tcp` SRV record setup
 

docs/configuring-playbook-bridge-hookshot.md

@@ -14,7 +14,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho
 
 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
-3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 
+3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
 5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
 
@@ -32,8 +32,8 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
 | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
 | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
-| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets |
-| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus |
+| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
+| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
 
 See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml).
 
@@ -63,7 +63,14 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_
 
 ### Metrics
 
-If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md).
+Metrics are **only enabled by default** if the builtin [Prometheus](configuring-playbook-prometheus-grafana.md) is enabled (by default, Prometheus isn't enabled). If so, metrics will automatically be collected by Prometheus and made available in Grafana. You will, however, need to set up your own Dashboard for displaying them.
+
+To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however.
+
+**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to:
+
+- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature)
+- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true`
 
 ### Collision with matrix-appservice-webhooks
 

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can
 matrix_mautrix_facebook_configuration_extension_yaml: |
   bridge:
     permissions:
-      '@YOUR_USERNAME:YOUR_DOMAIN': admin
+      '@YOUR_USERNAME:{{ matrix_domain }}': admin
 ```
 
-You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure.
+Using both would look like
+
+```yaml
+matrix_mautrix_facebook_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:{{ matrix_domain }}': admin
+    encryption:
+      allow: true
+      default: true
+```
+
+You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
 
 
 ## Set up Double Puppeting
@@ -91,3 +103,5 @@ Once connected, you should be able to verify that you're browsing the web throug
 Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/).
 
 Once logged in, proceed to [set up bridging](#usage).
+
+If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change

docs/configuring-playbook-bridge-mautrix-instagram.md

@@ -7,6 +7,32 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i
 ```yaml
 matrix_mautrix_instagram_enabled: true
 ```
+There are some additional things you may wish to configure about the bridge before you continue.
+
+Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
+```yaml
+matrix_mautrix_instagram_configuration_extension_yaml: |
+  bridge:
+    encryption:
+      allow: true
+      default: true
+```
+
+If you would like to be able to administrate the bridge from your account it can be configured like this:
+```yaml
+# The easy way. The specified Matrix user ID will be made an admin of all bridges
+matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
+
+# OR:
+# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins.
+matrix_mautrix_instagram_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:YOUR_DOMAIN': admin
+```
+
+You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
+
 
 ## Usage
 

docs/configuring-playbook-bridge-mx-puppet-skype.md

@@ -1,32 +1,5 @@
 # Setting up MX Puppet Skype (optional)
 
-**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this.
+The playbook used to be able to install and configure [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype), but no longer includes this component, because it has been broken and unmaintaned for a long time.
 
-The playbook can install and configure
-[mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you.
-
-See the project page to learn what it does and why it might be useful to you.
-
-To enable the [Skype](https://www.skype.com/) bridge just use the following
-playbook configuration:
-
-
-```yaml
-matrix_mx_puppet_skype_enabled: true
-```
-
-
-## Usage
-
-Once the bot is enabled you need to start a chat with `Skype Puppet Bridge` with
-the handle `@_skypepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
-domain, not the `matrix.` domain).
-
-Send `link <username> <password>` to the bridge bot to link your skype account.
-
-Once logged in, send `list` to the bot user to list the available rooms.
-
-Clicking rooms in the list will result in you receiving an invitation to the
-bridged room.
-
-Also send `help` to the bot to see the commands available.
+Bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook.

docs/configuring-playbook-mautrix-bridges.md

@@ -0,0 +1,111 @@
+# Setting up a Generic Mautrix Bridge (optional)
+
+The playbook can install and configure various [mautrix](https://github.com/mautrix) bridges (twitter, facebook, instagram, signal, hangouts, googlechat, etc.), as well as many other (non-mautrix) bridges.
+This is a common guide for configuring mautrix bridges.
+
+You can see each bridge's features at in the `ROADMAP.md` file in its corresponding [mautrix](https://github.com/mautrix) repository.
+
+To enable a bridge add:
+
+
+```yaml
+# Replace SERVICENAME with one of: twitter, facebook, instagram, ..
+matrix_mautrix_SERVICENAME_enabled: true
+```
+
+to your `vars.yml`
+
+There are some additional things you may wish to configure about the bridge before you continue. Each bridge may have additional requirements besides `_enabled: true`. For example, the mautrix-telegram bridge (our documentation page about it is [here](configuring-playbook-bridge-mautrix-telegram.md)) requires the `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash` variables to be defined. Refer to each bridge's individual documentation page for details about enabling bridges.
+
+You can add
+
+```yaml
+matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
+```
+to `vars.yml` to **configure a user as an administrator for all bridges**.
+**Alternatively** (more verbose, but allows multiple admins to be configured), you can do the same on a per-bridge basis with:
+
+```yaml
+matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:{{ matrix_domain }}': admin
+```
+
+Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
+```yaml
+matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
+  bridge:
+    encryption:
+      allow: true
+      default: true
+```
+
+
+You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this:
+
+```yaml
+matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:{{ matrix_domain }}': admin
+    encryption:
+      allow: true
+      default: true
+```
+
+## Setting the bot's username
+
+```yaml
+matrix_mautrix_SERVICENAME_appservice_bot_username: "BOTNAME"
+```
+
+Can be used to set the username for the bridge.
+
+## Discovering additional configuration options
+
+You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.
+
+
+## Set up Double Puppeting
+
+To set up  [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html)
+
+please do so automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook by adding
+
+```yaml
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
+```
+
+You should generate a strong shared secret with a command like this: pwgen -s 64 1
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+## Controlling the logging level
+
+```yaml
+matrix_mautrix_SERVICENAME_logging_level: WARN
+```
+
+to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated:     TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.
+
+If you have issues with a service, and are requesting support, the higher levels of logging will generally be more helpful.
+
+
+## Usage
+
+You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). 
+
+Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html  .
+
+If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
+
+
+
+## Troubleshooting
+
+For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge.
+Reporting bridge bugs should happen upstream, in the corresponding mautrix repository, not to us.

docs/configuring-playbook-ntfy.md

@@ -0,0 +1,93 @@
+# Setting up ntfy (optional)
+
+The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you.
+
+Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices.
+
+This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features.
+
+**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer.  As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
+
+```yaml
+# Enabling it is the only required setting
+matrix_ntfy_enabled: true
+
+# Some other options
+matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
+matrix_ntfy_configuration_extension_yaml: |
+  log_level: DEBUG
+```
+
+For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`.
+
+For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).
+
+
+## Installing
+
+Don't forget to add `ntfy.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To make use of your ntfy installation, on Android for example, you need two things:
+
+* the `ntfy` app
+* a UnifiedPush-compatible matrix app
+
+You need to install the `ntfy` app on each device on which you want to receive push notifications through your ntfy server. The `ntfy` app will provide UnifiedPush notifications to any number of UnifiedPush-compatible messaging apps installed on the same device.
+
+### Setting up the `ntfy` Android app
+
+1. Install the [ntfy Android app](https://ntfy.sh/docs/subscribe/phone/) from F-droid or Google Play.
+2. In its Settings -> `General: Default server`, enter your ntfy server URL, such as `https://ntfy.DOMAIN`.
+3. In its Settings -> `Advanced: Connection protocol`, choose `WebSockets`.
+
+That is all you need to do in the ntfy app. It has many other features, but for our purposes you can ignore them. In particular you do not need to follow any instructions about subscribing to a notification topic as UnifiedPush will do that automatically.
+
+### Setting up a UnifiedPush-compatible matrix app
+
+Install any UnifiedPush-enabled matrix app on that same device. The matrix app will learn from the `ntfy` app that you have configured UnifiedPush on this device, and then it will tell your matrix server to use it.
+
+Steps needed for specific matrix apps:
+
+* FluffyChat-android:
+  - Should auto-detect and use it. No manual settings.
+
+* SchildiChat-android:
+  1. enable `Settings` -> `Notifications` -> `UnifiedPush: Force custom push gateway`.
+  2. choose `Settings` -> `Notifications` -> `UnifiedPush: Re-register push distributor`. *(For info, a more complex alternative to achieve the same is: delete the relevant unifiedpush registration in `ntfy` app, force-close SchildiChat, re-open it.)*
+  3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
+
+* Element-android v1.4.26+:
+  - [not yet documented; should auto-detect and use it?]
+
+If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
+
+If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
+
+
+## Troubleshooting
+
+First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app.
+
+Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`.
+
+To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL.
+
+In the "Notification Targets" screen in Element-Android or SchildiChat, two relevant URLs are shown, "push\_key" and "Url", and both should begin with your ntfy server's URL. If "push\_key" shows your server but "Url" shows an external server such as `up.schildi.chat` then push notifications will still work but are being routed through that external server before they reach your ntfy server. To rectify that, in SchildiChat (at least around version 1.4.20.sc55) you must enable the `Force custom push gateway` setting as described in the "Usage" section above.
+
+If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app.
+
+The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device.

docs/configuring-playbook-own-webserver.md

@@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
 
 If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
 
+If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
+```yaml
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose.
+matrix_synapse_container_client_api_host_bind_port: ''
+matrix_synapse_container_federation_api_plain_host_bind_port: ''
+```
+
+
 
 ### Using your own external Apache webserver
 

docs/configuring-playbook-prometheus-grafana.md

@@ -9,8 +9,12 @@ Remember to add `stats.<your-domain>` to DNS as described in [Configuring DNS](c
 ```yaml
 matrix_prometheus_enabled: true
 
+# You can remove this, if unnecessary.
 matrix_prometheus_node_exporter_enabled: true
 
+# You can remove this, if unnecessary.
+matrix_prometheus_postgres_exporter_enabled: true
+
 matrix_grafana_enabled: true
 
 matrix_grafana_anonymous_access: false
@@ -34,6 +38,7 @@ Name | Description
 -----|----------
 `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
 `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
+`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
 `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
 `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
 `matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@@ -48,28 +53,55 @@ Most of our docker containers run with limited system access, but the `prometheu
 
 ## Collecting metrics to an external Prometheus server
 
-If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation.
+**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly".
+
+When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network.
+
+The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below.
 
-To do this, you may be interested in the following variables:
+The following variables may be of interest:
 
 Name | Description
 -----|----------
+`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service.
+`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials
+`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead
+`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with
+`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead.
 `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
-`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
-`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
-`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx. 
-`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
+`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`).
+`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network)
+`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
+`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
+`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
+`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
+`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
+`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`
+`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below)
+
+Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations:
+```nginx
+matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks:
+  - 'location /metrics/another-service {
+  resolver 127.0.0.11 valid=5s;
+  proxy_pass http://matrix-another-service:9100/metrics;
+  }'
+```
+
+Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above).
+
+Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. 
 
-### Collecting worker metrics to an external Prometheus server
+### Collecting Synapse worker metrics to an external Prometheus server
 
-If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
+If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
 
-The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
+The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
 It will look a bit like this:
 ```yaml
 scrape_configs:
   - job_name: 'synapse'
-    metrics_path: /_synapse/metrics
+    metrics_path: /metrics/synapse/main-process
     scheme: https
     basic_auth:
       username: prometheus
@@ -80,7 +112,7 @@ scrape_configs:
           job: "master"
           index: 1
   - job_name: 'synapse-generic_worker-1'
-    metrics_path: /_synapse-worker-generic_worker-18111/metrics
+    metrics_path: /metrics/synapse/worker/generic_worker-18111
     scheme: https
     basic_auth:
       username: prometheus
@@ -92,38 +124,6 @@ scrape_configs:
           index: 18111
 ```
 
-### Collecting system and Postgres metrics to an external Prometheus server (advanced)
-
-When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.
-
-It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network.
-
-Use the following variables in addition to the ones mentioned above:
-
-Name | Description
------|----------
-`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy
-`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain
-`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter
-`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter
-`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below)
-
-```nginx
-matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks:
-  - 'location /node-exporter/ {
-  resolver 127.0.0.11 valid=5s;
-  proxy_pass http://matrix-prometheus-node-exporter:9100/;
-  auth_basic "protected";
-  auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
-  }'
-  - 'location /postgres-exporter/ {
-  resolver 127.0.0.11 valid=5s;
-  proxy_pass http://matrix-prometheus-postgres-exporter:9187/;
-  auth_basic "protected";
-  auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
-  }'
-```
-You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187.
 
 ## More information
 
@@ -131,4 +131,3 @@ You can customize the `location`s to your liking, just point your Prometheus to
 - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana)
 - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
-

docs/configuring-playbook-prometheus-postgres.md

@@ -7,11 +7,6 @@ You can enable this with the following settings in your configuration file (`inv
 
 ```yaml
 matrix_prometheus_postgres_exporter_enabled: true
-
-# the role creates a postgres user as credential. You can configure these if required:
-matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter'
-matrix_prometheus_postgres_exporter_database_password: 'some-password'
-
 ```
 
 ## What does it do?
@@ -20,7 +15,8 @@ Name | Description
 -----|----------
 `matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false'
 `matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter'
-`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database.
+`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook
+`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
 
 
 ## More information

docs/configuring-playbook-ssl-certificates.md

@@ -74,6 +74,7 @@ By default, it obtains certificates for:
 - possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
 - possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
 - possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
+- possibly for `ntfy.<your-domain>`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md).
 - possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
 
 If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.

docs/configuring-playbook.md

@@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
 
-- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative
+- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)
 
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
 
@@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 ### Other specialized services
 
 - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
+
+- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional)

docs/configuring-well-known.md

@@ -168,6 +168,11 @@ backend matrix-backend
 /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200!
 ```
 
+**For AWS CloudFront**
+
+   1. Add a custom origin with matrix.<your-domain> to your distribution
+   1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin.
+
 Make sure to:
 
 - **replace `DOMAIN`** in the server configuration with your actual domain name

docs/container-images.md

@@ -68,8 +68,6 @@ These services are not part of our default installation, but can be enabled by [
 
 - [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional)
 
-- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
-
 - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
 
 - [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
@@ -109,3 +107,5 @@ These services are not part of our default installation, but can be enabled by [
 - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and  [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
 
 - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix
+
+- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server

docs/self-building.md

@@ -33,7 +33,6 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-bridge-mautrix-telegram`
 - `matrix-bridge-mautrix-signal`
 - `matrix-bridge-mautrix-whatsapp`
-- `matrix-bridge-mx-puppet-skype`
 - `matrix-bridge-mx-puppet-steam`
 - `matrix-bot-mjolnir`
 - `matrix-bot-honoroit`

group_vars/matrix_servers

@@ -711,8 +711,13 @@ matrix_hookshot_container_http_host_bind_ports: "{{ [] if matrix_nginx_proxy_ena
 
 matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
 
-matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}"
-matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}"
+# We only enable metrics (locally, in the container network) for the bridge if Prometheus is enabled.
+#
+# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
+# - `matrix_hookshot_metrics_enabled`
+# - `matrix_hookshot_metrics_proxying_enabled`
+# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
+matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}"
 
 matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}"
 matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}"
@@ -724,44 +729,6 @@ matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-bridge-mx-puppet-skype
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_mx_puppet_skype_enabled: false
-
-matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
-
-matrix_mx_puppet_skype_systemd_required_services_list: |
-  {{
-    ['docker.service']
-    +
-    ['matrix-' + matrix_homeserver_implementation + '.service']
-    +
-    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
-    +
-    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
-  }}
-
-matrix_mx_puppet_skype_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.tok') | to_uuid }}"
-
-matrix_mx_puppet_skype_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.tok') | to_uuid }}"
-
-matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_mx_puppet_skype_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.skype.db') | to_uuid }}"
-
-######################################################################
-#
-# /matrix-bridge-mx-puppet-skype
-#
-######################################################################
-
 
 ######################################################################
 #
@@ -1260,7 +1227,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
 
 matrix_coturn_enabled: true
 
-matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
 
 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
 
@@ -1547,6 +1514,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
 matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
 matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
+matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
 
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@@ -1573,7 +1541,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
-matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
+matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}"
 
 matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
 matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}"
@@ -1586,13 +1554,6 @@ matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_po
 
 matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
 
-# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
-# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public.
-# A local Prometheus can consume them over the container network.
-matrix_nginx_proxy_proxy_synapse_metrics: false
-matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
-matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
-
 matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
@@ -1614,8 +1575,6 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers
 matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
 matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
 
-matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
-
 matrix_nginx_proxy_systemd_wanted_services_list: |
   {{
     ['matrix-' + matrix_homeserver_implementation + '.service']
@@ -1638,6 +1597,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
     +
     (['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
     +
+    (['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
+    +
     (['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
     +
     (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
@@ -1671,6 +1632,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
     +
+    ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
+    +
     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
     +
     matrix_ssl_additional_domains_to_obtain_certificates_for
@@ -1862,12 +1825,6 @@ matrix_postgres_additional_databases: |
       'password': matrix_mautrix_whatsapp_database_password,
     }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else [])
     +
-    ([{
-      'name': matrix_mx_puppet_skype_database_name,
-      'username': matrix_mx_puppet_skype_database_username,
-      'password': matrix_mx_puppet_skype_database_password,
-    }] if (matrix_mx_puppet_skype_enabled and matrix_mx_puppet_skype_database_engine == 'postgres' and matrix_mx_puppet_skype_database_hostname == 'matrix-postgres') else [])
-    +
     ([{
       'name': matrix_mx_puppet_slack_database_name,
       'username': matrix_mx_puppet_slack_database_username,
@@ -1964,6 +1921,22 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-ntfy
+#
+######################################################################
+
+matrix_ntfy_enabled: false
+
+matrix_ntfy_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:2586' }}"
+
+######################################################################
+#
+# /matrix-ntfy
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-redis
@@ -2196,7 +2169,7 @@ matrix_synapse_admin_enabled: false
 # Synapse Admin's HTTP port to the local host.
 matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
 
-matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 ######################################################################
 #

roles/matrix-backup-borg/defaults/main.yml

@@ -1,4 +1,6 @@
 ---
+# Project source code URL: https://gitlab.com/etke.cc/borgmatic
+
 matrix_backup_borg_enabled: true
 
 matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"

roles/matrix-base/defaults/main.yml

@@ -8,6 +8,10 @@
 # Example value: example.com
 matrix_domain: ~
 
+# The optional matrix admin MXID, used in bridges' configs to set bridge admin user
+# Example value: "@someone:{{ matrix_domain }}"
+matrix_admin: ''
+
 # This will contain the homeserver implementation that is in use.
 # Valid values: synapse, dendrite
 #
@@ -55,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
 # This is where you access the Sygnal push gateway.
 matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
 
+# This is where you access the ntfy push notification service.
+matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
+
 matrix_federation_public_port: 8448
 
 # The architecture that your server runs.

roles/matrix-base/tasks/sanity_check.yml

@@ -79,3 +79,13 @@
   when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
         (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
         (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
+
+- name: Fail if encountering usage of removed role (mx-puppet-skype)
+  fail:
+    msg: >-
+      Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge?
+      The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time.
+      To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration.
+      To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal.
+      If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`.
+  when: "'matrix_mx_puppet_skype_enabled' in vars"

roles/matrix-bot-buscarron/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # buscarron is a helpdesk bot
-# See: https://gitlab.com/etke.cc/buscarron
+# Project source code URL: https://gitlab.com/etke.cc/buscarron
 
 matrix_bot_buscarron_enabled: true
 
@@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false
 matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 
-matrix_bot_buscarron_version: v1.1.0
+matrix_bot_buscarron_version: v1.2.0
 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@@ -76,6 +76,9 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}"
 # forms configuration
 matrix_bot_buscarron_forms: []
 
+# Disable encryption
+matrix_bot_buscarron_noencryption:
+
 # Sentry DSN
 matrix_bot_buscarron_sentry:
 
@@ -88,6 +91,9 @@ matrix_bot_buscarron_spam_hosts: []
 # spam email addresses
 matrix_bot_buscarron_spam_emails: []
 
+# spam email localparts
+matrix_bot_buscarron_spam_localparts: []
+
 # Ban duration in hours
 matrix_bot_buscarron_ban_duration: 24
 

roles/matrix-bot-buscarron/templates/env.j2

@@ -5,6 +5,7 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
 BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
 BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
 BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
+BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
@@ -12,10 +13,12 @@ BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
 BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
 BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
+BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
 BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
+BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }}
 BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
 BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
 BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}

roles/matrix-bot-go-neb/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
-# See: https://github.com/matrix-org/go-neb
+# Project source code URL: https://github.com/matrix-org/go-neb
 
 matrix_bot_go_neb_enabled: true
 matrix_bot_go_neb_version: latest

roles/matrix-bot-honoroit/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # honoroit is a helpdesk bot
-# See: https://gitlab.com/etke.cc/honoroit
+# Project source code URL: https://gitlab.com/etke.cc/honoroit
 
 matrix_bot_honoroit_enabled: true
 

roles/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-registration-bot creates and manages registration tokens for a matrix server
-# See: https://github.com/moan0s/matrix-registration-bot
+# Project source code URL: https://github.com/moan0s/matrix-registration-bot
 
 matrix_bot_matrix_registration_bot_enabled: true
 matrix_bot_matrix_registration_bot_container_image_self_build: false

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-reminder-bot is a bot for one-off and recurring reminders
-# See: https://github.com/anoadragon453/matrix-reminder-bot
+# Project source code URL: https://github.com/anoadragon453/matrix-reminder-bot
 
 matrix_bot_matrix_reminder_bot_enabled: true
 
@@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b
 matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data"
 matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store"
 
+matrix_bot_matrix_reminder_bot_command_prefix: "!"
+
 # A list of extra arguments to pass to the container
 matrix_bot_matrix_reminder_bot_container_extra_arguments: []
 

roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2

@@ -1,5 +1,5 @@
 # The string to prefix bot commands with
-command_prefix: "!"
+command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}"
 
 # Options for connecting to the bot's Matrix account
 matrix:

roles/matrix-bot-mjolnir/defaults/main.yml

@@ -1,10 +1,10 @@
 ---
 # A moderation tool for Matrix
-# See: https://github.com/matrix-org/mjolnir
+# Project source code URL: https://github.com/matrix-org/mjolnir
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v1.4.2"
+matrix_bot_mjolnir_version: "v1.5.0"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-appservice-discord is a Matrix <-> Discord bridge
-# See: https://github.com/Half-Shot/matrix-appservice-discord
+# Project source code URL: https://github.com/Half-Shot/matrix-appservice-discord
 
 matrix_appservice_discord_enabled: true
 

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Matrix Appservice IRC is a Matrix <-> IRC bridge
-# See: https://github.com/matrix-org/matrix-appservice-irc
+# Project source code URL: https://github.com/matrix-org/matrix-appservice-irc
 
 matrix_appservice_irc_enabled: true
 

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-appservice-slack is a Matrix <-> Slack bridge
-# See: https://github.com/matrix-org/matrix-appservice-slack
+# Project source code URL: https://github.com/matrix-org/matrix-appservice-slack
 
 matrix_appservice_slack_enabled: true
 

roles/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-appservice-webhooks is a Matrix <-> webhook bridge
-# See: https://github.com/redoonetworks/matrix-appservice-webhooks
+# Project source code URL: https://github.com/redoonetworks/matrix-appservice-webhooks
 
 matrix_appservice_webhooks_enabled: true
 

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # beeper-linkedin is a Matrix <-> LinkedIn bridge
-# See: https://gitlab.com/beeper/linkedin
+# Project source code URL: https://gitlab.com/beeper/linkedin
 
 matrix_beeper_linkedin_enabled: true
 
@@ -25,6 +25,10 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
 matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
 
+matrix_beeper_linkedin_bridge_presence: true
+
+matrix_beeper_linkedin_command_prefix: "!li"
+
 # A list of extra arguments to pass to the container
 matrix_beeper_linkedin_container_extra_arguments: []
 

roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -226,7 +226,7 @@ bridge:
 
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!li"
+    command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}"
 
     # Permissions for using the bridge.
     # Permitted values:
@@ -238,6 +238,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_beeper_linkedin_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
 
 
@@ -256,12 +259,12 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         paho:
-            level: INFO
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [ console]
 

roles/matrix-bridge-go-skype-bridge/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Go Skype Bridge is a Matrix <-> Skype bridge
-# See: https://github.com/kelaresg/go-skype-bridge
+# Project source code URL: https://github.com/kelaresg/go-skype-bridge
 
 matrix_go_skype_bridge_enabled: true
 
@@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: ''
 
 matrix_go_skype_bridge_appservice_bot_username: skypebridgebot
 
+matrix_go_skype_bridge_command_prefix: "!skype"
+
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_go_skype_bridge_federate_rooms: true

roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2

@@ -165,7 +165,7 @@ bridge:
     allow_user_invite: false
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!wa"
+    command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}"
 
     # End-to-bridge encryption support options. This requires login_shared_secret to be configured
     # in order to get a device for the bridge bot.
@@ -199,6 +199,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_go_skype_bridge_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
     relaybot:
         # Whether or not relaybot support is enabled.

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # heisenbridge is a bouncer-style Matrix IRC bridge
-# See: https://github.com/hifi/heisenbridge
+# Project source code URL: https://github.com/hifi/heisenbridge
 
 matrix_heisenbridge_enabled: true
 

roles/matrix-bridge-hookshot/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
-# https://github.com/matrix-org/matrix-hookshot
+# Project source code URL: https://github.com/matrix-org/matrix-hookshot
 
 matrix_hookshot_enabled: true
 
@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 1.7.3
+matrix_hookshot_version: 1.8.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -29,13 +29,20 @@ matrix_hookshot_public_endpoint: /hookshot
 matrix_hookshot_appservice_port: 9993
 matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
 
-# Metrics work only in conjunction with matrix_synapse_metrics_enabled etc
-matrix_hookshot_metrics_enabled: true
+# Controls whether metrics are enabled in the bridge configuration.
+# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
+# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`.
+matrix_hookshot_metrics_enabled: false
+
+# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`.
+# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
+# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
+matrix_hookshot_metrics_proxying_enabled: false
+
 # There is no need to edit ports.
 # Read the documentation to learn about using hookshot metrics with external Prometheus
 # If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_metrics_port: 9001
-matrix_hookshot_metrics_endpoint: "{{ matrix_hookshot_public_endpoint }}/metrics"
 
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_webhook_port: 9000

roles/matrix-bridge-hookshot/tasks/init.yml

@@ -103,11 +103,10 @@
             [matrix_hookshot_matrix_nginx_proxy_configuration]
           }}
 
-    - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
+    - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
       set_fact:
-        matrix_hookshot_matrix_nginx_proxy_metrics_configuration: |
-          {% if matrix_hookshot_metrics_enabled and matrix_hookshot_proxy_metrics %}
-          location {{ matrix_hookshot_metrics_endpoint }} {
+        matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
+          location /metrics/hookshot {
             {% if matrix_nginx_proxy_enabled|default(False) %}
               {# Use the embedded DNS resolver in Docker containers to discover the service #}
               resolver 127.0.0.11 valid=5s;
@@ -117,24 +116,18 @@
               {# Generic configuration for use outside of our container setup #}
               proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
             {% endif %}
-            proxy_set_header Host $host;
-            {% if matrix_hookshot_proxy_metrics_basic_auth_enabled %}
-              auth_basic "protected";
-              auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
-            {% endif %}
           }
-          {% endif %}
+      when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool
 
-    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy
+    - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
       set_fact:
-        matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: |
+        matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
           {{
-            matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks|default([])
+            matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks|default([])
             +
-            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration]
+            [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
           }}
-  tags:
-    - always
+      when: matrix_hookshot_metrics_enabled|bool and matrix_hookshot_metrics_proxying_enabled|bool
   when: matrix_hookshot_enabled|bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used

roles/matrix-bridge-hookshot/tasks/validate_config.yml

@@ -57,3 +57,16 @@
   when: "matrix_hookshot_provisioning_enabled and vars[item] == ''"
   with_items:
     - "matrix_hookshot_provisioning_secret"
+
+- name: (Deprecation) Catch and report old metrics usage
+  fail:
+    msg: >-
+      Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot,
+      which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`.
+
+      We now recommend exposing Hookshot metrics in another way, from another URL.
+      Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22
+  with_items:
+    - matrix_hookshot_proxy_metrics
+    - matrix_hookshot_metrics_endpoint
+  when: "item in vars"

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-facebook is a Matrix <-> Facebook bridge
-# See: https://github.com/mautrix/facebook
+# Project source code URL: https://github.com/mautrix/facebook
 
 matrix_mautrix_facebook_enabled: true
 
@@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co
 matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data"
 matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src"
 
+matrix_mautrix_facebook_command_prefix: "!fb"
+
 # Whether or not the public-facing endpoints should be enabled (web-based login)
 matrix_mautrix_facebook_appservice_public_enabled: true
 
@@ -89,6 +91,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot
 
 matrix_mautrix_facebook_bridge_presence: true
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_facebook_logging_level: WARNING
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -86,7 +86,7 @@ bridge:
     - first_name
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!fb"
+    command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}"
 
     # Number of chats to sync (and create portals for) on startup/login.
     # Set 0 to disable automatic syncing.
@@ -203,6 +203,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_facebook_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
     relay:
         # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
@@ -250,11 +253,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
         paho:
-            level: INFO
+            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_facebook_logging_level|to_json }}
     root:
-        level: DEBUG
+        level: {{ matrix_mautrix_facebook_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-googlechat is a Matrix <-> googlechat bridge
-# See: https://github.com/mautrix/googlechat
+# Project source code URL: https://github.com/mautrix/googlechat
 
 matrix_mautrix_googlechat_enabled: true
 
@@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur
 matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080'
 
+matrix_mautrix_googlechat_command_prefix: "!gc"
+
 # Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
@@ -78,6 +80,9 @@ matrix_mautrix_googlechat_login_shared_secret: ''
 
 matrix_mautrix_googlechat_appservice_bot_username: googlechatbot
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_googlechat_logging_level: WARNING
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2

@@ -62,7 +62,7 @@ bridge:
     - name
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!HO"
+    command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}"
 
     # Number of chats to sync (and create portals for) on startup/login.
     # Maximum 20, set 0 to disable automatic syncing.
@@ -119,6 +119,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_googlechat_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 # Python logging configuration.
 #
@@ -138,11 +141,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
         hangups:
-            level: DEBUG
+            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
     root:
-        level: DEBUG
+        level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-hangouts is a Matrix <-> Hangouts bridge
-# See: https://github.com/mautrix/hangouts
+# Project source code URL: https://github.com/mautrix/hangouts
 
 matrix_mautrix_hangouts_enabled: true
 
@@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
 
+matrix_mautrix_hangouts_command_prefix: "!HO"
+
 # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
@@ -75,6 +77,9 @@ matrix_mautrix_hangouts_login_shared_secret: ''
 
 matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_hangouts_logging_level: WARNING
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2

@@ -62,7 +62,7 @@ bridge:
     - name
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!HO"
+    command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}"
 
     # Number of chats to sync (and create portals for) on startup/login.
     # Maximum 20, set 0 to disable automatic syncing.
@@ -116,6 +116,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_hangouts_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 # Python logging configuration.
 #
@@ -135,11 +138,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
         hangups:
-            level: DEBUG
+            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
     root:
-        level: DEBUG
+        level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-instagram is a Matrix <-> Instagram bridge
-# See: https://github.com/mautrix/instagram
+# Project source code URL: https://github.com/mautrix/instagram
 
 matrix_mautrix_instagram_enabled: true
 
@@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330'
 
+matrix_mautrix_instagram_command_prefix: "!ig"
+
 # A list of extra arguments to pass to the container
 matrix_mautrix_instagram_container_extra_arguments: []
 
@@ -68,6 +70,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot
 
 matrix_mautrix_instagram_bridge_presence: true
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_instagram_logging_level: WARNING
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -135,7 +135,7 @@ bridge:
     # Whether or not the bridge should backfill chats when reconnecting.
     resync: true
     # Should even disconnected users be reconnected?
-    always: false  
+    always: false
   # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
   # and login_shared_secret to be configured in order to get a device for the bridge bot.
   #
@@ -166,7 +166,7 @@ bridge:
   # been sent to Instagram.
   delivery_receipts: false
   # Whether or not delivery errors should be reported as messages in the Matrix room.
-  delivery_error_reports: false
+  delivery_error_reports: true
   # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
   # This field will automatically be changed back to false after it,
   # except if the config file is not writable.
@@ -176,7 +176,7 @@ bridge:
   unimportant_bridge_notices: true
 
   # The prefix for commands. Only required in non-management rooms.
-  command_prefix: "!ig"
+  command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}"
   # Permissions for using the bridge.
   # Permitted values:
   #       user - Use the bridge with puppeting.
@@ -187,6 +187,9 @@ bridge:
   #     mxid - Specific user
   permissions:
     "{{ matrix_mautrix_instagram_homeserver_domain }}": user
+    {% if matrix_admin %}
+    "{{ matrix_admin }}": admin
+    {% endif %}
   # Provisioning API part of the web server for automated portal creation and fetching information.
   # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
   provisioning:
@@ -216,13 +219,13 @@ logging:
       formatter: colored
   loggers:
     mau:
-      level: DEBUG
+      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
     mauigpapi:
-      level: DEBUG
+      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
     paho:
-      level: INFO
+      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
     aiohttp:
-      level: INFO
+      level: {{ matrix_mautrix_instagram_logging_level|to_json }}
   root:
-    level: DEBUG
+    level: {{ matrix_mautrix_instagram_logging_level|to_json }}
     handlers: [console]

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-signal is a Matrix <-> Signal bridge
-# See: https://github.com/mautrix/signal
+# Project source code URL: https://github.com/mautrix/signal
 
 matrix_mautrix_signal_enabled: true
 
@@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
 matrix_mautrix_signal_version: v0.3.0
-matrix_mautrix_signal_daemon_version: 0.18.5
+matrix_mautrix_signal_daemon_version: 0.20.0
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
@@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: ''
 matrix_mautrix_signal_homeserver_domain: ''
 matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328'
 
+matrix_mautrix_signal_command_prefix: "!signal"
+
 # Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
@@ -57,6 +59,9 @@ matrix_mautrix_signal_homeserver_token: ''
 
 matrix_mautrix_signal_appservice_bot_username: signalbot
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_signal_logging_level: WARNING
+
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_mautrix_signal_federate_rooms: true
@@ -99,6 +104,9 @@ matrix_mautrix_signal_relaybot_enabled: false
 matrix_mautrix_signal_bridge_permissions: |
   '*': relay
   '{{ matrix_mautrix_signal_homeserver_domain }}': user
+  {% if matrix_admin %}
+  "{{ matrix_admin }}": admin
+  {% endif %}
 
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -177,7 +177,7 @@ bridge:
     # Note that this is not related to Signal delivery receipts.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented)
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
@@ -197,7 +197,7 @@ bridge:
         shared_secret: generate
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!signal"
+    command_prefix: "{{ matrix_mautrix_signal_command_prefix }}"
 
     # Messages sent upon joining a management room.
     # Markdown is supported. The defaults are listed below.
@@ -223,7 +223,7 @@ bridge:
     #        * - All Matrix users
     #   domain - All users on that homeserver
     #     mxid - Specific user
-    permissions: 
+    permissions:
         {{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
 
     relay:
@@ -266,9 +266,9 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: {{ matrix_mautrix_signal_log_level }}
+            level: {{ matrix_mautrix_signal_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_signal_logging_level|to_json }}
     root:
-        level: {{ matrix_mautrix_signal_log_level }}
+        level: {{ matrix_mautrix_signal_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2

@@ -21,6 +21,16 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
 
+# Migration task required by the 0.19.0 upgrade
+ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
+			{{ matrix_mautrix_signal_daemon_docker_image }} \
+			--migrate-data
+
 # We can't use `--read-only` for this bridge.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
 			--log-driver=none \

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-telegram is a Matrix <-> Telegram bridge
-# See: https://github.com/mautrix/telegram
+# Project source code URL: https://github.com/mautrix/telegram
 
 matrix_mautrix_telegram_enabled: true
 
@@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram
 matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config"
 matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data"
 
+matrix_mautrix_telegram_command_prefix: "!tg"
+
 # Get your own API keys at https://my.telegram.org/apps
 matrix_mautrix_telegram_api_id: ''
 matrix_mautrix_telegram_api_hash: ''
@@ -43,6 +45,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq
 
 matrix_mautrix_telegram_appservice_bot_username: telegrambot
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_telegram_logging_level: WARNING
+
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_mautrix_telegram_federate_rooms: true

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -105,11 +105,11 @@ bridge:
     # synced when they send messages. The maximum is 10000, after which the Telegram server
     # will not send any more members.
     # Defaults to no local limit (-> limited to 10000 by server)
-    max_initial_member_sync: -1
+    max_initial_member_sync: 10
     # Whether or not to sync the member list in channels.
     # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
     # list regardless of this setting.
-    sync_channel_members: true
+    sync_channel_members: false
     # Whether or not to skip deleted members when syncing members.
     skip_deleted_members: true
     # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
@@ -204,7 +204,7 @@ bridge:
     # been sent to Telegram.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
@@ -276,7 +276,7 @@ bridge:
         list: []
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!tg"
+    command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}"
 
     # Permissions for using the bridge.
     # Permitted values:
@@ -291,6 +291,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_telegram_homeserver_domain }}': full
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
     # Options related to the message relay Telegram bot.
     relaybot:
@@ -401,11 +404,11 @@ logging:
             formatter: precise
     loggers:
         mau:
-            level: DEBUG
+            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
         telethon:
-            level: DEBUG
+            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_telegram_logging_level|to_json }}
     root:
-        level: DEBUG
+        level: {{ matrix_mautrix_telegram_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-twitter is a Matrix <-> Twitter bridge
-# See: https://github.com/mautrix/twitter
+# Project source code URL: https://github.com/mautrix/twitter
 
 matrix_mautrix_twitter_enabled: true
 
@@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
 
+matrix_mautrix_twitter_command_prefix: "!tw"
+
 # A list of extra arguments to pass to the container
 matrix_mautrix_twitter_container_extra_arguments: []
 
@@ -66,6 +68,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt
 
 matrix_mautrix_twitter_appservice_bot_username: twitterbot
 
+# Specifies the default log level for all bridge loggers.
+matrix_mautrix_twitter_logging_level: WARNING
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -149,7 +149,7 @@ bridge:
     # been sent to Twitter.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Whether or not non-fatal polling errors should send notices to the notice room.
     temporary_disconnect_notices: true
     # Number of seconds to sleep more than the previous error when a polling error occurs.
@@ -163,7 +163,7 @@ bridge:
     resend_bridge_info: false
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!tw"
+    command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}"
 
     # Permissions for using the bridge.
     # Permitted values:
@@ -175,6 +175,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_twitter_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 
 # Python logging configuration.
@@ -195,9 +198,9 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
         aiohttp:
-            level: INFO
+            level: {{ matrix_mautrix_twitter_logging_level|to_json }}
     root:
-        level: DEBUG
+        level: {{ matrix_mautrix_twitter_logging_level|to_json }}
         handlers: [console]

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mautrix-whatsapp is a Matrix <-> Whatsapp bridge
-# See: https://github.com/mautrix/whatsapp
+# Project source code URL: https://github.com/mautrix/whatsapp
 
 matrix_mautrix_whatsapp_enabled: true
 
@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.4.0
+matrix_mautrix_whatsapp_version: v0.6.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
 
+matrix_mautrix_whatsapp_command_prefix: "!wa"
+
 # A list of extra arguments to pass to the container
 matrix_mautrix_whatsapp_container_extra_arguments: []
 
@@ -37,6 +39,10 @@ matrix_mautrix_whatsapp_homeserver_token: ''
 
 matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
 
+# Minimum severity of journal log messages.
+# Options: debug, info, warn, error, fatal
+matrix_mautrix_whatsapp_logging_level: 'warn'
+
 # Whether or not created rooms should have federation enabled.
 # If false, created portal rooms will never be federated.
 matrix_mautrix_whatsapp_federate_rooms: true
@@ -128,7 +134,3 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y
 matrix_mautrix_whatsapp_bridge_encryption_allow: false
 matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
 matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
-
-# Minimum severity of journal log messages.
-# Options: debug, info, warn, error, fatal
-matrix_mautrix_whatsapp_log_level: 'warn'

roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml

@@ -8,3 +8,13 @@
   with_items:
     - "matrix_mautrix_whatsapp_appservice_token"
     - "matrix_mautrix_whatsapp_homeserver_token"
+
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_mautrix_whatsapp_log_level', 'new': 'matrix_mautrix_whatsapp_logging_level'}

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -5,13 +5,17 @@ homeserver:
     address: {{ matrix_mautrix_whatsapp_homeserver_address }}
     # The domain of the homeserver (for MXIDs, etc).
     domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
-# Application service host/registration related details.
-# Changing these values requires regeneration of the registration.
     # The URL to push real-time bridge status to.
     # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
     # The bridge will use the appservice as_token to authorize requests.
     status_endpoint: null
+    # Endpoint for reporting per-message status.
+    message_send_checkpoint_endpoint: null
+    # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+    async_media: false
 
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
 appservice:
     # The address that the homeserver can use to connect to this appservice.
     address: {{ matrix_mautrix_whatsapp_appservice_address }}
@@ -24,11 +28,16 @@ appservice:
         type: {{ matrix_mautrix_whatsapp_appservice_database_type|to_json }}
         # The database URI.
         #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
-        #   Postgres: Connection string. For example, postgres://user:password@host/database
+        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
         uri: {{ matrix_mautrix_whatsapp_appservice_database_uri|to_json }}
         # Maximum number of connections. Mostly relevant for Postgres.
         max_open_conns: 20
         max_idle_conns: 2
+        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+        # Parsed with https://pkg.go.dev/time#ParseDuration
+        max_conn_idle_time: null
+        max_conn_lifetime: null
     # The unique ID of this appservice.
     id: whatsapp
     # Appservice bot details.
@@ -39,37 +48,71 @@ appservice:
         # to leave display name/avatar as-is.
         displayname: WhatsApp bridge bot
         avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
+
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+    ephemeral_events: false
+
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
     hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
 
+# Segment API key to track some events, like provisioning API login and encryption errors.
+segment_key: null
+
+# Prometheus config.
+metrics:
+    # Enable prometheus metrics?
+    enabled: false
+    # IP and port where the metrics listener should be. The path is always /metrics
+    listen: 127.0.0.1:8001
+
+# Config for things that are directly sent to WhatsApp.
+whatsapp:
+    # Device name that's shown in the "WhatsApp Web" section in the mobile app.
+    os_name: Mautrix-WhatsApp bridge
+    # Browser name that determines the logo shown in the mobile app.
+    # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
+    # List of valid browser names: https://github.com/tulir/whatsmeow/blob/8b34d886d543b72e5f4699cf5b2797f68d598f78/binary/proto/def.proto#L38-L51
+    browser_name: unknown
+
 # Bridge config
 bridge:
     # Localpart template of MXIDs for WhatsApp users.
     # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
     username_template: "{{ 'whatsapp_{{.}}' }}"
-    displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}"
+    # Displayname template for WhatsApp users.
+    # {{ '{{.PushName}}' }}     - nickname set by the WhatsApp user
+    # {{ '{{.BusinessName}}' }} - validated WhatsApp business name
+    # {{ '{{.Phone}}' }}        - phone number (international format)
+    # The following variables are also available, but will cause problems on multi-user instances:
+    # {{ '{{.FullName}}' }}  - full name from contact list
+    # {{ '{{.FirstName}}' }} - first name from contact list
+    displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}"
+    # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+    # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
+    personal_filtering_spaces: false
     # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
     delivery_receipts: false
+    # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+    message_status_events: false
+    # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+    message_error_notices: true
     # Should incoming calls send a message to the Matrix room?
     call_start_notices: true
     # Should another user's cryptographic identity changing send a message to Matrix?
     identity_change_notices: false
-    # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message?
-    reaction_notices: true
     portal_message_buffer: 128
-    # Settings for handling history sync payloads. These settings only apply right after login,
-    # because the phone only sends the history sync data once, and there's no way to re-request it
-    # (other than logging out and back in again).
+    # Settings for handling history sync payloads.
     history_sync:
         # Should the bridge create portals for chats in the history sync payload?
         create_portals: true
-        # Maximum age of chats in seconds to create portals for. Set to 0 to create portals for all chats in sync payload.
-        max_age: 604800
         # Enable backfilling history sync payloads from WhatsApp using batch sending?
         # This requires a server with MSC2716 support, which is currently an experimental feature in synapse.
         # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
-        # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers.
+        # Note that prior to Synapse 1.49, there were some bugs with the implementation, especially if using event persistence workers.
+        # There are also still some issues in Synapse's federation implementation.
         backfill: false
         # Use double puppets for backfilling?
         # In order to use this, the double puppets must be in the appservice's user ID namespace
@@ -80,6 +123,67 @@ bridge:
         # Should the bridge request a full sync from the phone when logging in?
         # This bumps the size of history syncs from 3 months to 1 year.
         request_full_sync: false
+        # Settings for media requests. If the media expired, then it will not
+        # be on the WA servers.
+        # Media can always be requested by reacting with the ♻️ (recycle) emoji.
+        # These settings determine if the media requests should be done
+        # automatically during or after backfill.
+        media_requests:
+            # Should expired media be automatically requested from the server as
+            # part of the backfill process?
+            auto_request_media: true
+            # Whether to request the media immediately after the media message
+            # is backfilled ("immediate") or at a specific time of the day
+            # ("local_time").
+            request_method: immediate
+            # If request_method is "local_time", what time should the requests
+            # be sent (in minutes after midnight)?
+            request_local_time: 120
+        # The maximum number of initial conversations that should be synced.
+        # Other conversations will be backfilled on demand when the start PM
+        # provisioning endpoint is used or when a message comes in from that
+        # chat.
+        max_initial_conversations: -1
+        # Settings for immediate backfills. These backfills should generally be
+        # small and their main purpose is to populate each of the initial chats
+        # (as configured by max_initial_conversations) with a few messages so
+        # that you can continue conversations without loosing context.
+        immediate:
+            # The number of concurrent backfill workers to create for immediate
+            # backfills. Note that using more than one worker could cause the
+            # room list to jump around since there are no guarantees about the
+            # order in which the backfills will complete.
+            worker_count: 1
+            # The maximum number of events to backfill initially.
+            max_events: 10
+        # Settings for deferred backfills. The purpose of these backfills are
+        # to fill in the rest of the chat history that was not covered by the
+        # immediate backfills. These backfills generally should happen at a
+        # slower pace so as not to overload the homeserver.
+        # Each deferred backfill config should define a "stage" of backfill
+        # (i.e. the last week of messages). The fields are as follows:
+        # - start_days_ago: the number of days ago to start backfilling from.
+        #     To indicate the start of time, use -1. For example, for a week ago, use 7.
+        # - max_batch_events: the number of events to send per batch.
+        # - batch_delay: the number of seconds to wait before backfilling each batch.
+        deferred:
+            # Last Week
+            - start_days_ago: 7
+              max_batch_events: 20
+              batch_delay: 5
+            # Last Month
+            - start_days_ago: 30
+              max_batch_events: 50
+              batch_delay: 10
+            # Last 3 months
+            - start_days_ago: 90
+              max_batch_events: 100
+              batch_delay: 10
+            # The start of time
+            - start_days_ago: -1
+              max_batch_events: 500
+              batch_delay: 10
+    # Should puppet avatars be fetched from the server even if an avatar is already set?
     user_avatar_sync: true
     # Should Matrix users leaving groups be bridged to WhatsApp?
     bridge_matrix_leave: true
@@ -89,11 +193,26 @@ bridge:
     # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
     # and is therefore prone to race conditions.
     sync_direct_chat_list: false
+    # Should the bridge use MSC2867 to bridge manual "mark as unread"s from
+    # WhatsApp and set the unread status on initial backfill?
+    # This will only work on clients that support the m.marked_unread or
+    # com.famedly.marked_unread room account data.
+    sync_manual_marked_unread: true
     # When double puppeting is enabled, users can use `!wa toggle` to change whether
     # presence and read receipts are bridged. These settings set the default values.
     # Existing users won't be affected when these are changed.
     default_bridge_receipts: true
     default_bridge_presence: true
+    # Send the presence as "available" to whatsapp when users start typing on a portal.
+    # This works as a workaround for homeservers that do not support presence, and allows
+    # users to see when the whatsapp user on the other side is typing during a conversation.
+    send_presence_on_typing: false
+    # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
+    # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
+    #
+    # By default, the bridge acts like WhatsApp web, which only sends active delivery
+    # receipts when it's in the foreground.
+    force_active_delivery_receipts: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
         "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }}
@@ -125,9 +244,14 @@ bridge:
     # Should WhatsApp status messages be bridged into a Matrix room?
     # Disabling this won't affect already created status broadcast rooms.
     enable_status_broadcast: true
+    # Should sending WhatsApp status messages be allowed?
+    # This can cause issues if the user has lots of contacts, so it's disabled by default.
+    disable_status_broadcast_send: true
     # Should the status broadcast room be muted and moved into low priority by default?
-    # This is only applied when creating the room, the user can unmute/untag it later.
+    # This is only applied when creating the room, the user can unmute it later.
     mute_status_broadcast: true
+    # Tag to apply to the status broadcast room.
+    status_broadcast_tag: m.lowpriority
     # Should the bridge use thumbnails from WhatsApp?
     # They're disabled by default due to very low resolution.
     whatsapp_thumbnail: false
@@ -137,9 +261,33 @@ bridge:
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.
     federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}
+    # Whether to enable disappearing messages in groups. If enabled, then the expiration time of
+    # the messages will be determined by the first user to read the message, rather than individually.
+    # If the bridge only has a single user, this can be turned on safely.
+    disappearing_messages_in_groups: false
+    # Should the bridge never send alerts to the bridge management room?
+    # These are mostly things like the user being logged out.
+    disable_bridge_alerts: false
+    # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
+    # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
+    # key in the event content even if this is disabled.
+    url_previews: false
+    # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
+    # This is currently not supported in most clients.
+    caption_in_message: false
+    # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
+    # Null means there's no enforced timeout.
+    message_handling_timeout:
+        # Send an error message after this timeout, but keep waiting for the response until the deadline.
+        # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
+        # If the message is older than this when it reaches the bridge, the message won't be handled at all.
+        error_after: null
+        # Drop messages after this timeout. They may still go through if the message got sent to the servers.
+        # This is counted from the time the bridge starts handling the message.
+        deadline: 120s
 
     # The prefix for commands. Only required in non-management rooms.
-    command_prefix: "!wa"
+    command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}"
 
     # Messages sent upon joining a management room.
     # Markdown is supported. The defaults are listed below.
@@ -163,18 +311,53 @@ bridge:
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         # It is recommended to also set private_chat_portal_meta to true when using this.
         default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }}
-        # Options for automatic key sharing.
-        key_sharing:
-            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
-            # You must use a client that supports requesting keys from other users to use this feature.
-            allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
-            # Require the requesting device to have a valid cross-signing signature?
-            # This doesn't require that the bridge has verified the device, only that the user has verified it.
-            # Not yet implemented.
-            require_cross_signing: false
-            # Require devices to be verified by the bridge?
-            # Verification by the bridge is not yet implemented.
-            require_verification: true
+        # Require encryption, drop any unencrypted messages.
+        require: false
+        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+        # You must use a client that supports requesting keys from other users to use this feature.
+        allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
+                # What level of device verification should be required from users?
+        #
+        # Valid levels:
+        #   unverified - Send keys to all device in the room.
+        #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
+        #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
+        #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
+        #                           Note that creating user signatures from the bridge bot is not currently possible.
+        #   verified - Require manual per-device verification
+        #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+        verification_levels:
+            # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+            receive: unverified
+            # Minimum level that the bridge should accept for incoming Matrix messages.
+            send: unverified
+            # Minimum level that the bridge should require for accepting key requests.
+            share: cross-signed-tofu
+        # Options for Megolm room key rotation. These options allow you to
+        # configure the m.room.encryption event content. See:
+        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+        # more information about that event.
+        rotation:
+            # Enable custom Megolm room key rotation settings. Note that these
+            # settings will only apply to rooms created after this option is
+            # set.
+            enable_custom: false
+            # The maximum number of milliseconds a session should be used
+            # before changing it. The Matrix spec recommends 604800000 (a week)
+            # as the default.
+            milliseconds: 604800000
+            # The maximum number of messages that should be sent with a given a
+            # session before changing it. The Matrix spec recommends 100 as the
+            # default.
+            messages: 100
+
+    # Settings for provisioning API
+    provisioning:
+        # Prefix for the provisioning API paths.
+        prefix: /_matrix/provision
+        # Shared secret for authentication. If set to "generate", a random secret will be generated,
+        # or if set to "disable", the provisioning API will be disabled.
+        shared_secret: generate
 
     # Permissions for using the bridge.
     # Permitted values:
@@ -187,6 +370,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
     # Settings for relay mode
     relay:
@@ -211,14 +397,14 @@ logging:
     # The directory for log files. Will be created if not found.
     directory: ./logs
     # Available variables: .Date for the file date and .Index for different log files on the same day.
-    # empy/null = journal logging only
-    file_name_format:
+    # Set this to null to disable logging to file.
+    file_name_format: null
     # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
     file_date_format: "2006-01-02"
     # Log file permissions.
-    file_mode: 0600
+    file_mode: 0o600
     # Timestamp format for log entries in the Go time format.
     timestamp_format: "Jan _2, 2006 15:04:05"
-    # Minimum severity for log messages.
+    # Minimum severity for log messages printed to stdout/stderr. This doesn't affect the log file.
     # Options: debug, info, warn, error, fatal
-    print_level: {{ matrix_mautrix_whatsapp_log_level }}
+    print_level: {{ matrix_mautrix_whatsapp_logging_level }}

roles/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Mx Puppet Discord is a Matrix <-> Discord bridge
-# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord
+# Project source code URL: https://gitlab.com/mx-puppet/discord/mx-puppet-discord
 
 matrix_mx_puppet_discord_enabled: true
 

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -25,7 +25,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -117,7 +117,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge
-# See: https://gitlab.com/robintown/mx-puppet-groupme
+# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme
 
 matrix_mx_puppet_groupme_enabled: true
 

roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2

@@ -78,7 +78,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # mx-puppet-instagram bridges instagram DMs
-# See: https://github.com/Sorunome/mx-puppet-instagram
+# Project source code URL: https://github.com/Sorunome/mx-puppet-instagram
 
 matrix_mx_puppet_instagram_enabled: true
 

roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2

@@ -18,7 +18,7 @@ presence:
   # Bridge Instagram online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -61,7 +61,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-skype/defaults/main.yml

@@ -1,112 +0,0 @@
----
-# Mx Puppet Skype is a Matrix <-> Skype bridge
-# See: https://github.com/Sorunome/mx-puppet-skype
-
-matrix_mx_puppet_skype_enabled: true
-
-matrix_mx_puppet_skype_container_image_self_build: false
-matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git"
-
-matrix_mx_puppet_skype_version: latest
-matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:{{ matrix_mx_puppet_skype_version }}"
-matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}"
-
-matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype"
-matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/config"
-matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data"
-matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src"
-
-matrix_mx_puppet_skype_appservice_port: "8438"
-
-matrix_mx_puppet_skype_homeserver_address: "{{ matrix_homeserver_container_url }}"
-matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}'
-
-# "@user:server.com" to allow specific user
-# "@.*:yourserver.com" to allow users on a specific homeserver
-# "@.*" to allow anyone
-matrix_mx_puppet_skype_provisioning_whitelist:
-  - "@.*:{{ matrix_domain|regex_escape }}"
-
-# Leave empty to disable blacklist
-# "@user:server.com" disallow a specific user
-# "@.*:yourserver.com" disallow users on a specific homeserver
-matrix_mx_puppet_skype_provisioning_blacklist: []
-
-# Same as provisioning
-matrix_mx_puppet_skype_relay_whitelist:
-  - "@.*:{{ matrix_domain|regex_escape }}"
-
-# Same as provisioning
-matrix_mx_puppet_skype_relay_blacklist: []
-
-# A list of extra arguments to pass to the container
-matrix_mx_puppet_skype_container_extra_arguments: []
-
-# List of systemd services that matrix-puppet-skype.service depends on.
-matrix_mx_puppet_skype_systemd_required_services_list: ['docker.service']
-
-# List of systemd services that matrix-puppet-skype.service wants
-matrix_mx_puppet_skype_systemd_wanted_services_list: []
-
-matrix_mx_puppet_skype_appservice_token: ''
-matrix_mx_puppet_skype_homeserver_token: ''
-
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
-matrix_mx_puppet_skype_login_shared_secret: ''
-
-# Database configuration, role default is `sqlite` but playbook default is `postgres`
-matrix_mx_puppet_skype_database_engine: sqlite
-
-matrix_mx_puppet_skype_sqlite_database_path_local: "{{ matrix_mx_puppet_skype_data_path }}/database.db"
-matrix_mx_puppet_skype_sqlite_database_path_in_container: "/data/database.db"
-
-matrix_mx_puppet_skype_database_username: matrix_mx_puppet_skype
-matrix_mx_puppet_skype_database_password: ~
-matrix_mx_puppet_skype_database_hostname: 'matrix-postgres'
-matrix_mx_puppet_skype_database_port: 5432
-matrix_mx_puppet_skype_database_name: matrix_mx_puppet_skype
-
-matrix_mx_puppet_skype_database_connection_string: 'postgresql://{{ matrix_mx_puppet_skype_database_username }}:{{ matrix_mx_puppet_skype_database_password }}@{{ matrix_mx_puppet_skype_database_hostname }}:{{ matrix_mx_puppet_skype_database_port }}/{{ matrix_mx_puppet_skype_database_name }}?sslmode=disable'
-
-# Default configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
-# or completely replace this variable with your own template.
-matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
-
-matrix_mx_puppet_skype_configuration_extension_yaml: |
-  # Your custom YAML configuration goes here.
-  # This configuration extends the default starting configuration (`matrix_mx_puppet_skype_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_mx_puppet_skype_configuration_yaml`.
-
-matrix_mx_puppet_skype_configuration_extension: "{{ matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml if matrix_mx_puppet_skype_configuration_extension_yaml|from_yaml is mapping else {} }}"
-
-# Holds the final configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_skype_configuration_yaml`.
-matrix_mx_puppet_skype_configuration: "{{ matrix_mx_puppet_skype_configuration_yaml|from_yaml|combine(matrix_mx_puppet_skype_configuration_extension, recursive=True) }}"
-
-matrix_mx_puppet_skype_registration_yaml: |
-  as_token: "{{ matrix_mx_puppet_skype_appservice_token }}"
-  hs_token: "{{ matrix_mx_puppet_skype_homeserver_token }}"
-  id: skype-puppet
-  namespaces:
-    users:
-      - exclusive: true
-        regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
-    rooms: []
-    aliases:
-      - exclusive: true
-        regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
-  protocols: []
-  rate_limited: false
-  sender_localpart: _skypepuppet_bot
-  url: {{ matrix_mx_puppet_skype_appservice_address }}
-  de.sorunome.msc2409.push_ephemeral: true
-
-matrix_mx_puppet_skype_registration: "{{ matrix_mx_puppet_skype_registration_yaml|from_yaml }}"

roles/matrix-bridge-mx-puppet-skype/tasks/init.yml

@@ -1,28 +0,0 @@
----
-# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
-- name: Fail if trying to self-build on Ansible < 2.8
-  fail:
-    msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_enabled"
-
-- set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}"
-  when: matrix_mx_puppet_skype_enabled|bool
-
-# If the matrix-synapse role is not used, these variables may not exist.
-- set_fact:
-    matrix_synapse_container_extra_arguments: >
-      {{
-        matrix_synapse_container_extra_arguments|default([])
-        +
-        ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
-      }}
-
-    matrix_synapse_app_service_config_files: >
-      {{
-        matrix_synapse_app_service_config_files|default([])
-        +
-        ["/matrix-mx-puppet-skype-registration.yaml"]
-      }}
-  when: matrix_mx_puppet_skype_enabled|bool

roles/matrix-bridge-mx-puppet-skype/tasks/main.yml

@@ -1,23 +0,0 @@
----
-
-- import_tasks: "{{ role_path }}/tasks/init.yml"
-  tags:
-    - always
-
-- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-skype
-
-- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  when: "run_setup|bool and matrix_mx_puppet_skype_enabled|bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-skype
-
-- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  when: "run_setup|bool and not matrix_mx_puppet_skype_enabled|bool"
-  tags:
-    - setup-all
-    - setup-mx-puppet-skype

roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml

@@ -1,135 +0,0 @@
----
-
-# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
-# We don't want to fail in such cases.
-- name: Fail if matrix-synapse role already executed
-  fail:
-    msg: >-
-      The matrix-bridge-mx-puppet-skype role needs to execute before the matrix-synapse role.
-  when: "matrix_synapse_role_executed|default(False)"
-
-- name: Ensure MX Puppet Skype paths exist
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - {path: "{{ matrix_mx_puppet_skype_base_path }}", when: true}
-    - {path: "{{ matrix_mx_puppet_skype_config_path }}", when: true}
-    - {path: "{{ matrix_mx_puppet_skype_data_path }}", when: true}
-    - {path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}", when: "{{ matrix_mx_puppet_skype_container_image_self_build }}"}
-  when: matrix_mx_puppet_skype_enabled|bool and item.when|bool
-
-- name: Check if an old database file already exists
-  stat:
-    path: "{{ matrix_mx_puppet_skype_base_path }}/database.db"
-  register: matrix_mx_puppet_skype_stat_database
-
-- name: (Data relocation) Ensure matrix-mx-puppet-skype.service is stopped
-  service:
-    name: matrix-mx-puppet-skype
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  failed_when: false
-  when: "matrix_mx_puppet_skype_stat_database.stat.exists"
-
-- name: (Data relocation) Move mx-puppet-skype database file to ./data directory
-  command: "mv {{ matrix_mx_puppet_skype_base_path }}/database.db {{ matrix_mx_puppet_skype_data_path }}/database.db"
-  when: "matrix_mx_puppet_skype_stat_database.stat.exists"
-
-- set_fact:
-    matrix_mx_puppet_skype_requires_restart: false
-
-- block:
-    - name: Check if an SQLite database already exists
-      stat:
-        path: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}"
-      register: matrix_mx_puppet_skype_sqlite_database_path_local_stat_result
-
-    - block:
-        - set_fact:
-            matrix_postgres_db_migration_request:
-              src: "{{ matrix_mx_puppet_skype_sqlite_database_path_local }}"
-              dst: "{{ matrix_mx_puppet_skype_database_connection_string }}"
-              caller: "{{ role_path|basename }}"
-              engine_variable_name: 'matrix_mx_puppet_skype_database_engine'
-              engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-mx-puppet-skype.service']
-
-        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
-
-        - set_fact:
-            matrix_mx_puppet_skype_requires_restart: true
-      when: "matrix_mx_puppet_skype_sqlite_database_path_local_stat_result.stat.exists|bool"
-  when: "matrix_mx_puppet_skype_database_engine == 'postgres'"
-
-- name: Ensure MX Puppet Skype image is pulled
-  docker_image:
-    name: "{{ matrix_mx_puppet_skype_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}"
-  when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build
-  register: result
-  retries: "{{ matrix_container_retries_count }}"
-  delay: "{{ matrix_container_retries_delay }}"
-  until: result is not failed
-
-- name: Ensure MX Puppet Skype repository is present on self build
-  git:
-    repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}"
-    dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_username }}"
-  register: matrix_mx_puppet_skype_git_pull_results
-  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"
-
-- name: Ensure MX Puppet Skype Docker image is built
-  docker_image:
-    name: "{{ matrix_mx_puppet_skype_docker_image }}"
-    source: build
-    force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
-      pull: true
-  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"
-
-- name: Ensure mx-puppet-skype config.yaml installed
-  copy:
-    content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-
-- name: Ensure mx-puppet-skype skype-registration.yaml installed
-  copy:
-    content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-
-- name: Ensure matrix-mx-puppet-skype.service installed
-  template:
-    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-skype.service.j2"
-    dest: "/etc/systemd/system/matrix-mx-puppet-skype.service"
-    mode: 0644
-  register: matrix_mx_puppet_skype_systemd_service_result
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service installation
-  service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_skype_systemd_service_result.changed"
-
-- name: Ensure matrix-mx-puppet-skype.service restarted, if necessary
-  service:
-    name: "matrix-mx-puppet-skype.service"
-    state: restarted
-  when: "matrix_mx_puppet_skype_requires_restart|bool"

roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml

@@ -1,25 +0,0 @@
----
-
-- name: Check existence of matrix-mx-puppet-skype service
-  stat:
-    path: "/etc/systemd/system/matrix-mx-puppet-skype.service"
-  register: matrix_mx_puppet_skype_service_stat
-
-- name: Ensure matrix-mx-puppet-skype is stopped
-  service:
-    name: matrix-mx-puppet-skype
-    state: stopped
-    enabled: false
-    daemon_reload: true
-  when: "matrix_mx_puppet_skype_service_stat.stat.exists"
-
-- name: Ensure matrix-mx-puppet-skype.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mx-puppet-skype.service"
-    state: absent
-  when: "matrix_mx_puppet_skype_service_stat.stat.exists"
-
-- name: Ensure systemd reloaded after matrix-mx-puppet-skype.service removal
-  service:
-    daemon_reload: true
-  when: "matrix_mx_puppet_skype_service_stat.stat.exists"

roles/matrix-bridge-mx-puppet-skype/tasks/validate_config.yml

@@ -1,10 +0,0 @@
----
-
-- name: Fail if required settings not defined
-  fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_mx_puppet_skype_appservice_token"
-    - "matrix_mx_puppet_skype_homeserver_token"

roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2

@@ -1,118 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-bridge:
-  # Address for the bridge to bind to; if running as a Docker container, you
-  # probably want 0.0.0.0 here
-  bindAddress: 0.0.0.0
-  # Port to host the bridge on which your homeserver will connect to
-  port: {{ matrix_mx_puppet_skype_appservice_port }}
-  # Name of your homeserver
-  domain: {{ matrix_domain }}
-  # URL where the bridge can connect to your homeserver
-  homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
-  # Optionally specify a different media URL used for the media store
-  mediaURL: https://{{ matrix_server_fqn_matrix }}
-  # This enabled automatic double-puppeting:
-  # A map for shared secrets of the homeserver URL to the shared secret
-  # See https://github.com/devture/matrix-synapse-shared-secret-auth
-  #loginSharedSecretMap:
-  #  yourserver.com: supersecretsharedsecret
-  {% if matrix_mx_puppet_skype_login_shared_secret != '' %}
-  loginSharedSecretMap:
-    {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
-  {% endif %}
-  # optionally override the display name of the bridge bot
-  #displayname: Protocol Bot
-  # optionally set the avatar of the bridge bot
-  #avatarUrl: mxc://yourserver.com/somefile
-
-logging:
-  # Log level of console output
-  # Allowed values starting with most verbose:
-  # silly, debug, verbose, info, warn, error
-  console: info
-  # Optionally, you can apply filters to the console logging
-  #console:
-  #  level: info
-  #  enabled:
-  #    - Store
-  #  disabled:
-  #    - PresenceHandler
-
-  # Date and time formatting
-  lineDateFormat: MMM-D HH:mm:ss.SSS
-  # Logging files
-  # Log files are rotated daily by default
-  files: []
-
-database:
-{% if matrix_mx_puppet_skype_database_engine == 'postgres' %}
-  # Use Postgres as a database backend
-  # If set, will be used instead of SQLite3
-  # Connection string to connect to the Postgres instance
-  # with username "user", password "pass", host "localhost" and database name "dbname".
-  # Modify each value as necessary
-  connString: {{ matrix_mx_puppet_skype_database_connection_string|to_json }}
-{% else %}
-  # Use SQLite3 as a database backend
-  # The name of the database file
-  filename: {{ matrix_mx_puppet_skype_sqlite_database_path_in_container|to_json }}
-{% endif %}
-
-provisioning:
-  # Regex of Matrix IDs allowed to use the puppet bridge
-  whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
-    # Allow a specific user
-    #- "@user:server\\.com"
-    # Allow users on a specific homeserver
-    #- "@.*:yourserver\\.com"
-    # Allow anyone
-    #- ".*"
-
-  # Regex of Matrix IDs forbidden from using the puppet bridge
-  #blacklist:
-    # Disallow a specific user
-    #- "@user:server\\.com"
-    # Disallow users on a specific homeserver
-    #- "@.*:yourserver\\.com"
-  blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
-
-presence:
-  # Bridge online/offline status
-  enabled: true
-  # How often to send status to the homeserver in milliseconds
-  interval: 500
-  # if the im.vector.user_status state setting should be diabled
-  #disableStatusState: false
-  # A blacklist of remote user IDs for the im.vector.user_status state setting
-  #statusStateBlacklist:
-  # - baduser
-
-relay:
-  # Regex of Matrix IDs to allow to use the relay mode
-  # Same format as in provisioning
-  #whitelist:
-    #- "@.*:yourserver\\.com"
-  whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
-
-  #blacklist:
-    #- "@user:yourserver\\.com"
-  blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
-
-# Map certain homeserver URLs to the C-S API endpoint
-# Useful for double-puppeting if .well-known is unavailable for some reason
-#homeserverUrlMap:
-#  yourserver.com: http://localhost:1234
-
-namePatterns:
-  # Override the protocols set default name patterns
-  # Which variables are available depends on protocol implementation
-  user: :name
-  room: :name
-
-limits:
-  # Up to how many users should be auto-joined on room creation? -1 to disable
-  # Defaults to 200
-  maxAutojoinUsers: 200
-  # How long the delay between two autojoin users should be, in millisectonds.
-  # Defaults to 5000
-  roomUserAutojoinDelay: 5000

roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2

@@ -1,43 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=Matrix Mx Puppet Skype bridge
-{% for service in matrix_mx_puppet_skype_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_mx_puppet_skype_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true'
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true'
-
-# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
-
-ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--network={{ matrix_docker_network }} \
-			-e CONFIG_PATH=/config/config.yaml \
-			-e REGISTRATION_PATH=/config/registration.yaml \
-			-v {{ matrix_mx_puppet_skype_config_path }}:/config:z \
-			-v {{ matrix_mx_puppet_skype_data_path }}:/data:z \
-			{% for arg in matrix_mx_puppet_skype_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_mx_puppet_skype_docker_image }}
-
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-mx-puppet-skype
-
-[Install]
-WantedBy=multi-user.target

roles/matrix-bridge-mx-puppet-slack/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Mx Puppet Slack is a Matrix <-> Slack bridge
-# See: https://github.com/Sorunome/mx-puppet-slack
+# Project source code URL: https://gitlab.com/mx-puppet/slack/mx-puppet-slack
 
 matrix_mx_puppet_slack_enabled: true
 

roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2

@@ -32,7 +32,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -75,7 +75,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-steam/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 # Mx Puppet Steam is a Matrix <-> Steam bridge
-# See: https://github.com/matrix-steam/mx-puppet-steam
+# Project source code URL: https://github.com/icewind1991/mx-puppet-steam
 
 matrix_mx_puppet_steam_enabled: true
 
 matrix_mx_puppet_steam_container_image_self_build: false
-matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git"
+matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git"
 
 # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
 #

roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2

@@ -78,7 +78,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 # Mx Puppet Twitter is a Matrix <-> Twitter bridge
-# See: https://github.com/Sorunome/mx-puppet-twitter
+# Project source code URL: https://github.com/Sorunome/mx-puppet-twitter
 
 matrix_mx_puppet_twitter_enabled: true
 

roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2

@@ -28,7 +28,7 @@ presence:
   # Bridge Twitter online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -71,7 +71,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-sms/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-sms-bridge is a Matrix <-> SMS bridge
-# See: https://github.com/benkuly/matrix-sms-bridge
+# Project source code URL: https://github.com/benkuly/matrix-sms-bridge
 
 matrix_sms_bridge_enabled: true
 

roles/matrix-client-cinny/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/ajbura/cinny
 
 matrix_client_cinny_enabled: true
 

roles/matrix-client-element/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/vector-im/element-web
 
 matrix_client_element_enabled: true
 
@@ -9,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.10.15
+matrix_client_element_version: v1.11.0
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/vector-im/hydrogen-web
 
 matrix_client_hydrogen_enabled: true
 
@@ -7,7 +8,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.2.29
+matrix_client_hydrogen_version: v0.2.33
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/tasks/main.yml

@@ -21,3 +21,10 @@
   tags:
     - setup-all
     - setup-client-hydrogen
+
+- import_tasks: "{{ role_path }}/tasks/self_check.yml"
+  delegate_to: 127.0.0.1
+  become: false
+  when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool"
+  tags:
+    - self-check

roles/matrix-client-hydrogen/tasks/self_check.yml

@@ -1,7 +1,7 @@
 ---
 
 - set_fact:
-    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}"
+    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json"
 
 - name: Check Hydrogen
   uri:

roles/matrix-client-hydrogen/templates/config.json.j2

@@ -1,3 +1,16 @@
 {
-	"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }}
+	"push": {
+		"appId": "io.element.hydrogen.web",
+		"gatewayUrl": "https://matrix.org",
+		"applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
+	},
+	"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }},
+	"bugReportEndpointUrl": "https://element.io/bugreports/submit",
+	"themeManifests": [
+		"assets/theme-Element.json"
+	],
+	"defaultTheme": {
+		"light": "element-light",
+		"dark": "element-dark"
+	}
 }

roles/matrix-corporal/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # matrix-corporal is a reconciliator and gateway for a managed Matrix server.
-# See: https://github.com/devture/matrix-corporal
+# Project source code URL: https://github.com/devture/matrix-corporal
 
 matrix_corporal_enabled: true
 

roles/matrix-coturn/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/coturn/coturn
 
 matrix_coturn_enabled: true
 

roles/matrix-dendrite/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Dendrite is a second-generation Matrix homeserver currently in Beta
-# See: https://github.com/matrix-org/dendrite
+# Project source code URL: https://github.com/matrix-org/dendrite
 
 matrix_dendrite_enabled: true
 

roles/matrix-dimension/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/turt2live/matrix-dimension
 
 matrix_dimension_enabled: false
 

roles/matrix-dimension/templates/config.yaml.j2

@@ -73,13 +73,3 @@ dimension:
   # This is where Dimension is accessible from clients. Be sure to set this
   # to your own Dimension instance.
   publicUrl: "https://{{ matrix_server_fqn_dimension }}"
-
-# Settings for controlling how logging works
-logging:
-  file: /dev/null
-  console: true
-  consoleLevel: verbose
-  fileLevel: info
-  rotate:
-    size: 52428800 # bytes, default is 50mb
-    count: 5

roles/matrix-dynamic-dns/defaults/main.yml

@@ -1,11 +1,13 @@
 ---
+# Project source code URL: https://github.com/linuxserver/docker-ddclient
+
 # Whether dynamic dns is enabled
 matrix_dynamic_dns_enabled: true
 
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.9.1-ls89
+matrix_dynamic_dns_version: v3.9.1-ls92
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

roles/matrix-email2matrix/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/devture/email2matrix
 
 matrix_email2matrix_enabled: true
 

roles/matrix-etherpad/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/ether/etherpad-lite
 
 matrix_etherpad_enabled: false
 

roles/matrix-grafana/defaults/main.yml

@@ -1,10 +1,11 @@
 ---
 # matrix-grafana is open source visualization and analytics software
 # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
+# Project source code URL: https://github.com/grafana/grafana
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.5.3
+matrix_grafana_version: 9.0.3
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-jitsi/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/jitsi/docker-jitsi-meet
 
 matrix_jitsi_enabled: true
 
@@ -70,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-7001
+matrix_jitsi_version: stable-7439-2
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}"  # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

roles/matrix-jitsi/tasks/init.yml

@@ -7,4 +7,4 @@
 - name: Fail if on an unsupported architecture
   fail:
     msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
-  when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64'
+  when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64']

roles/matrix-ma1sd/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # ma1sd is a Federated Matrix Identity Server
-# See: https://github.com/ma1uta/ma1sd
+# Project source code URL: https://github.com/ma1uta/ma1sd
 
 matrix_ma1sd_enabled: true
 

roles/matrix-mailer/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+# Project source code URL: https://github.com/devture/exim-relay
 
 matrix_mailer_enabled: true
 
@@ -9,7 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.95-r0-2
+matrix_mailer_version: 4.95-r0-4
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"