Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into matrix-registration-bot

CHANGELOG.md

@@ -1,3 +1,31 @@
+# 2022-04-19
+
+## Borg backup support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server.
+
+See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started.
+
+
+## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action
+
+If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading:
+
+> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs.
+
+If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care.
+
+If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path:
+
+0. Pull the latest playbook changes
+1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
+2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`)
+3. Start Postgres (`systemctl start matrix-postgres` on the server)
+4. Start the main Synapse process (`systemctl start matrix-synapse` on the server)
+5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough.
+6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you
+
+
 # 2022-04-14
 
 ## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action

docs/configuring-playbook-backup-borg.md

@@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste
 
 The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day.
 
+By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable.
+
+
 ## Prerequisites
 
 1. Create a new SSH key:
@@ -51,6 +54,8 @@ where:
 * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
 * PRIVATE KEY - the content of the **private** part of the SSH key you created before
 
+To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable.
+
 `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.
 
 Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.

docs/configuring-playbook-postgres-backup.md

@@ -2,6 +2,9 @@
 
 The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
 
+For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead.
+
+
 ## Adjusting the playbook configuration
 
 Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:

docs/configuring-playbook.md

@@ -152,6 +152,13 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)
 
 
+### Backups
+
+- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional)
+
+- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional)
+
+
 ### Other specialized services
 
 - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)

group_vars/matrix_servers

@@ -1090,13 +1090,33 @@ matrix_bot_mjolnir_systemd_required_services_list: |
 ######################################################################
 
 matrix_backup_borg_enabled: false
+matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
+matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}"
+matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}"
+matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}"
+matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}"
+matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}"
+matrix_backup_borg_postgresql_databases: |
+  {{
+    (([{
+        'name': matrix_synapse_database_database
+    }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+    +
+    matrix_postgres_additional_databases)|map(attribute='name')|list
+  }}
 matrix_backup_borg_location_source_directories:
   - "{{ matrix_base_data_path }}"
 matrix_backup_borg_location_exclude_patterns: |
   {{
-    {
-      'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"],
-    }[matrix_homeserver_implementation]
+    ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
+    +
+    ([matrix_postgres_data_path] if matrix_postgres_enabled else [])
+  }}
+matrix_backup_borg_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
   }}
 
 ######################################################################

roles/matrix-backup-borg/defaults/main.yml

@@ -1,17 +1,18 @@
 ---
 matrix_backup_borg_enabled: true
 
+matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
+matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
+
 matrix_backup_borg_container_image_self_build: false
-matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic"
-matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src"
+matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
+matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
 
-matrix_backup_borg_version: latest
+# version determined automatically, based on postgres server version (if enabled), otherwise latest is used
+matrix_backup_borg_version: ""
 matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
 matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
-matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}"
-
-matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
-matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
+matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}"
 
 # A list of extra arguments to pass to the container
 matrix_backup_borg_container_extra_arguments: []
@@ -28,18 +29,30 @@ matrix_backup_borg_schedule: "*-*-* 04:00:00"
 # what directories should be added to backup
 matrix_backup_borg_location_source_directories: []
 
+# postgres db backup
+matrix_backup_borg_postgresql_enabled: true
+matrix_backup_borg_supported_postgres_versions: ['12', '13', '14']
+matrix_backup_borg_postgresql_databases: []
+matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres"
+matrix_backup_borg_postgresql_databases_username: "matrix"
+matrix_backup_borg_postgresql_databases_password: ""
+matrix_backup_borg_postgresql_databases_port: 5432
+
 # target repositories
 matrix_backup_borg_location_repositories: []
 
 # exclude following paths:
 matrix_backup_borg_location_exclude_patterns: []
 
-# borg encryption mode, only repokey-* is supported
+# borg encryption mode, only "repokey-*" and "none" are supported
 matrix_backup_borg_encryption: repokey-blake2
 
 # private ssh key used to connect to the borg repo
 matrix_backup_borg_ssh_key_private: ""
 
+# allow unencrypted repo access
+matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
+
 # borg ssh command with ssh key
 matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
 
@@ -47,7 +60,7 @@ matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new
 matrix_backup_borg_storage_compression: lz4
 
 # archive name format
-matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}"
+matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
 
 # repository passphrase
 matrix_backup_borg_storage_encryption_passphrase: ""
@@ -60,4 +73,26 @@ matrix_backup_borg_retention_keep_monthly: 12
 matrix_backup_borg_retention_keep_yearly: 2
 
 # retention prefix
-matrix_backup_borg_retention_prefix: "matrix-"
+matrix_backup_borg_retention_prefix: matrix-
+
+# Default borgmatic configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_backup_borg_configuration_extension_yaml: |
+  # Your custom YAML configuration for borgmatic goes here.
+  # This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_backup_borg_configuration_yaml`.
+
+matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final borgmatic configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`.
+matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}"

roles/matrix-backup-borg/tasks/init.yml

@@ -1,4 +1,4 @@
 ---
 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}"
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}"
   when: matrix_backup_borg_enabled|bool

roles/matrix-backup-borg/tasks/setup_install.yml

@@ -1,4 +1,17 @@
 ---
+- block:
+  - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml"
+
+  - name: Fail if detected Postgres version is unsupported
+    fail:
+      msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
+    when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
+
+  - name: Set the correct borg backup version to use
+    set_fact:
+      matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
+  when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == ''
+
 - name: Ensure borg paths exist
   file:
     path: "{{ item.path }}"
@@ -11,9 +24,9 @@
     - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
   when: "item.when|bool"
 
-- name: Ensure borg config is created
-  template:
-    src: "{{ role_path }}/templates/config.yaml.j2"
+- name: Ensure borgmatic config is created
+  copy:
+    content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}"
     dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"

roles/matrix-backup-borg/tasks/validate_config.yml

@@ -7,4 +7,9 @@
   with_items:
     - "matrix_backup_borg_ssh_key_private"
     - "matrix_backup_borg_location_repositories"
-    - "matrix_backup_borg_storage_encryption_passphrase"
+
+- name: Fail if encryption passphrase is undefined unless repository is unencrypted
+  fail:
+    msg: >-
+      You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
+  when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"

roles/matrix-backup-borg/templates/config.yaml.j2

@@ -7,18 +7,19 @@ location:
   exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
 
 storage:
-  compression: {{ matrix_backup_borg_storage_compression }}
-  ssh_command: {{ matrix_backup_borg_storage_ssh_command }}
-  archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}'
-  encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }}
+  compression: {{ matrix_backup_borg_storage_compression|to_json }}
+  ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
+  archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
+  encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
+  unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
 
 retention:
-  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}
-  keep_daily: {{ matrix_backup_borg_retention_keep_daily }}
-  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }}
-  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }}
-  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }}
-  prefix: '{{ matrix_backup_borg_retention_prefix }}'
+  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
+  keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }}
+  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }}
+  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }}
+  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }}
+  prefix: {{ matrix_backup_borg_retention_prefix|to_json }}
 
 consistency:
   checks:
@@ -26,6 +27,16 @@ consistency:
     - archives
 
 hooks:
+{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %}
+  postgresql_databases:
+  {% for database in matrix_backup_borg_postgresql_databases %}
+  - name: {{ database|to_json }}
+    hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
+    username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
+    password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
+    port: {{ matrix_backup_borg_postgresql_databases_port|to_json }}
+  {% endfor %}
+{% endif %}
   after_backup:
     - echo "Backup created."
   on_error:

roles/matrix-base/defaults/main.yml

@@ -71,6 +71,10 @@ matrix_container_global_registry_prefix: "docker.io/"
 matrix_container_retries_count: 10
 matrix_container_retries_delay: 10
 
+# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
+matrix_geturl_retries_count: 10
+matrix_geturl_retries_delay: 10
+
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
 

roles/matrix-bot-honoroit/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.6
+matrix_bot_honoroit_version: v0.9.7
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -96,6 +96,15 @@ matrix_bot_honoroit_text_prefix_done: ''
 # Text: greetings
 matrix_bot_honoroit_text_greetings: ''
 
+# Text: invite
+matrix_bot_honoroit_text_invite: ''
+
+# Text: join
+matrix_bot_honoroit_text_join: ''
+
+# Text: leave
+matrix_bot_honoroit_text_leave: ''
+
 # Text: error
 matrix_bot_honoroit_text_error: ''
 

roles/matrix-bot-honoroit/templates/env.j2

@@ -11,6 +11,9 @@ HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
 HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
 HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
+HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }}
+HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }}
+HONOROIT_TEXT_LEAVE={{ matrix_bot_honoroit_text_leave }}
 HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
 HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}
 HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }}

roles/matrix-bridge-hookshot/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 1.4.0
+matrix_hookshot_version: 1.5.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.11.2
+matrix_mautrix_telegram_version: v0.11.3
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.3.0
+matrix_mautrix_whatsapp_version: v0.3.1
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-client-element/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.10.9
+matrix_client_element_version: v1.10.10
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-grafana/tasks/setup.yml

@@ -70,6 +70,10 @@
     group: "{{ matrix_user_groupname }}"
   with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
   when: matrix_grafana_enabled|bool
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - name: Ensure matrix-grafana.service installed
   template:

roles/matrix-prometheus/tasks/setup_install.yml

@@ -32,6 +32,10 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   when: "matrix_prometheus_scraper_synapse_rules_enabled|bool"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - name: Ensure prometheus.yml installed
   copy:

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.56.0
+matrix_synapse_version: v1.57.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml

@@ -8,6 +8,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_modules: |

roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -13,6 +13,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_password_providers_enabled: true

roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -18,6 +18,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_modules: |

roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml

@@ -11,17 +11,17 @@
 
 - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 300
+    matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800
   when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_compress_room_time: 1800
+    matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600
   when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_psql_import_time: 1800
+    matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600
   when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided

setup.yml

@@ -13,7 +13,6 @@
     - matrix-postgres
     - matrix-redis
     - matrix-corporal
-    - matrix-backup-borg
     - matrix-bridge-appservice-discord
     - matrix-bridge-appservice-slack
     - matrix-bridge-appservice-webhooks
@@ -62,5 +61,6 @@
     - matrix-aux
     - matrix-postgres-backup
     - matrix-prometheus-postgres-exporter
+    - matrix-backup-borg
     - matrix-common-after
     - matrix-bot-matrix-registration-bot