matrix_livekit_jwt_service_container_repo_version interpolated
livekit_server_version (the LiveKit Server role's version) instead of
this role's own matrix_livekit_jwt_service_version, so self-builds
checked out the wrong git tag.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
v0.5.0 makes LIVEKIT_FULL_ACCESS_HOMESERVERS a required setting and
drops the implicit `*` wildcard default upstream.
Split the full-access-homeservers list into _default/_auto/_custom
parts (following the convention used for other variables in this role),
with a sane _default of the homeserver's own domain. This also lets
group_vars/matrix_servers drop its now-redundant override.
Add a validate_config.yml check requiring the setting to be defined.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Introduces the `matrix_synapse_experimental_features_msc4429_enabled`
variable (disabled by default), allowing Synapse to notify clients
using the legacy /sync endpoint of profile changes for other users.
See <https://github.com/matrix-org/matrix-spec-proposals/pull/4429>
Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
The derived `*_base_path` defaults concatenated `matrix_bot_maubot_path_prefix`
directly, producing `//v1` and `//plugin/` when users set the documented
`matrix_bot_maubot_path_prefix: /` (for serving on a dedicated subdomain),
which Traefik rejects. Apply the standard `'/' == path_prefix` guard already
used by other roles (honoroit, mautrix-discord, MAS, heisenbridge, etc.).
Reported by The Dark Wizard.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
LiveKit v1.12.0 tightens TURN security: credentials now carry a TTL,
and TURN no longer relays to restricted peer CIDRs by default. The
role defaults match upstream's secure defaults and are appropriate
for typical playbook deployments.
Bumps the migration-validation gate accordingly so users are pointed
at the CHANGELOG entry on next run.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This release adds opt-in server-level enforcement of MSC4284 policy
servers via two new `[global]` keys: `enable_policy_servers` and
`policy_server_request_timeout`. Surface both as Ansible variables
matching tuwunel's upstream defaults (off, 5s timeout) and refresh the
docs section that previously claimed MSC4284 needed no playbook
configuration.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5213.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Repo convention is to pin homeserver-role versions to a specific tag
so renovate can track updates and so the deployment is reproducible.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
renovate[bot]
Slavi Pantaleev
Norman Ziegner
Suguru Hirahara
Suguru Hirahara
Catalan Lover