Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

These three roles have multiple variable prefixes each:
- kakaotalk: matrix_appservice_kakaotalk + matrix_appservice_kakaotalk_node
- telegram: matrix_mautrix_telegram + matrix_mautrix_telegram_lottieconverter
- synapse: matrix_synapse + matrix_synapse_customized + matrix_synapse_rust_synapse_compress_state

For each: renamed _docker_image* to _container_image* (and _docker_src*,
_docker_repo* where applicable), added deprecation entries in
validate_config.yml, updated group_vars references, and moved
deprecation tasks to the front of validate_config.yml.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Remove `matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove `matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove `matrix_synapse_ext_synapse_auto_accept_invite_enabled`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove `matrix_synapse_container_image_customizations_auto_accept_invite_installation_enabled`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove `matrix_synapse_ext_synapse_auto_accept_invite_version`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove `matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users`

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Remove roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update README.md

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update container-images.md

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update configuring-playbook.md

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update configuring-playbook-synapse-auto-accept-invite.md

Reuse bf744319e0/docs/configuring-playbook-sliding-sync-proxy.md

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update validate_config.yml

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

* Update CHANGELOG.md

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

---------

Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>

matrix_synapse_systemd_service_post_start_delay_seconds is assigned a string value, and setup fails while creating the service file. It is impossible to compare str and int.

Switch the systemd ExecStartPost health check from docker exec + curl
to polling docker inspect for container health status. This piggybacks
on the container image's built-in HEALTHCHECK instead of duplicating it.

Also add a configurable container health interval (5s for Traefik setups,
15s otherwise) to speed up startup readiness detection without affecting
non-Traefik deployments.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Previously, we had a 10-second magical delay.

Now we first do a healthcheck to figure out when it really is up.
Then, we do the same 10-second magical delay to account for the time it
may take for a reverse-proxy (like Traefik) to pick up Synapse's routes.

The migrate service now declares Requires/After on matrix-synapse.service,
ensuring Synapse (and its transitive dependencies like Postgres and Docker)
are running before the migration triggers.

Ref:
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4882
- https://github.com/element-hq/synapse/pull/19204
- https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage

We default it to `true`, keeping up with upstream and the old behavior.

s3-storage-provider users may set `matrix_synapse_enable_local_media_storage` to `false`
to disable local file caching.
This likely comes at the expense of some performance.

For matrix-media-repo users, it likely doesn't matter what this is set to,
as for a matrix-media-repo setup, all media-related API endpoints are
captured and forwarded to matrix-media-repo (before reaching Synapse).

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4637

We no longer need to boto workaround since s3-storage-provider got
upgraded to v1.6.0 in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4635

* synapse - introduce matrix_synapse_url_preview_url_blacklist var

* Preserve original comments around `url_preview_url_blacklist`

---------

Co-authored-by: Aleksandrs Jansons <alex@peledu.casa>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>

This reverts commit 2b0ea94a72.

We're going back to s3-storage-provider=v1.5.0

Ref: https://github.com/matrix-org/synapse-s3-storage-provider/pull/134#issuecomment-3396609289

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4637

We no longer need to boto workaround since s3-storage-provider got
upgraded to v1.6.0 in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4635

Related to https://github.com/element-hq/synapse/pull/18759

Currently problematic (leading to failures to start for Synapse) because of:
https://github.com/element-hq/synapse/pull/18759#issuecomment-3172744530

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4445

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

This works around an issue with Matrix Authentication Service's `syn2mas` sub-command (at version v0.16.0),
which chokes with an error:

> Error: Failed to load Synapse configuration
> Caused by:
> invalid type: found unit, expected struct EnableableSection for key "default.cas_config" in homeserver.yaml YAML file

This issue is likely to be fixed in MAS v0.16.1 or v0.17.0.

This also reverts e5574a405e because:
- it was causing issues on some servers (not clear why)
- such workarounds are no longer necessary when doing multi-stage building.

* Enable Internal Admin API Access separately from Public access.

* Add Config variable for Draupnir Hijack command

And also make the internal admin API be automatically  activated when this capability is used.

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Further Refine Internal Admin API

* Add Non Worker Labels for Internal Admin API

* Variable Rename

* Add validation rules for Internal Synapse admin API

* Add Draupnir Admin API required config validation.

* Override `matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_traefik_entrypoints` via group vars

* Wire `matrix_bot_draupnir_admin_api_enabled` to `matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand` in Draupnir's `defaults/main.yml`

* Remove unnecessary `matrix_bot_draupnir_admin_api_enabled` override from `group_vars/matrix_servers`

The same value is now (more appropriately) defined in Draupnir's `defaults/main.yml` file anyway.

* Add additional condition (`matrix_bot_draupnir_enabled`) for enabling `matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled`

* Use a separate task for validating `matrix_bot_draupnir_admin_api_enabled` when `matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand`

The other task deals with checking for null and not-blank and can't handle booleans properly.

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Ref:
- c4747dd177/docs/self-hosting.md (a-matrix-homeserver)
- e39fe3bc7f

* Add support for configuring Synapse's MSC4133 (Custom Profile Fields) experimental feature

* Reorder experimental_features in homeserver.yaml.j2 alphabetically

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

This is required by Element Call.

Ref:

- 93ae2aed98/docs/self-hosting.md (a-matrix-homeserver)
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562

This is required by Element Call.

Ref:

- 93ae2aed98/docs/self-hosting.md (a-matrix-homeserver)
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4113

`-t` works on both old and new Docker versions, so it's best to use that.

It's useless and just makes the config longer.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3964

Related to https://github.com/aws/aws-cli/issues/9214

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Replace "@user1" with "@alice"

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Replace "@user2" with "@bob"

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>