feat: add automatic creation of reverse-proxy routing

Updated: element-web to v1.9.9

.github/workflows/ansible-lint.yml

@@ -1,22 +0,0 @@
-name: Ansible Lint
-
-on: [push, pull_request]
-
-jobs:
-  build:
-  
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Lint Ansible Playbook
-      uses: ansible/ansible-lint-action@c37fb7b4bda2c8cb18f4942716bae9f11b0dc9bc
-      with:
-        # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
-        targets: "./"
-
-        override-deps: |
-          ansible-lint==5.3.1
-          
-        args: "-x metadata, formatting"

.gitignore

@@ -1,7 +1,3 @@
-/inventory/*
-!/inventory/.gitkeep
-!/inventory/host_vars/.gitkeep
-!/inventory/scripts
 /roles/*/files/scratchpad
 .DS_Store
 .python-version

CHANGELOG.md

@@ -1,3 +1,64 @@
+# 2022-01-07
+
+## Dendrite support
+
+**TLDR**: We now have optional experimental [Dendrite](https://github.com/matrix-org/dendrite) homeserver support for new installations. **Existing (Synapse) installations need to be updated**, because some internals changed. See [Adapting the configuration for existing Synapse installations](#adapting-the-configuration-for-existing-synapse-installations).
+
+[Jip J. Dekker](https://github.com/Dekker1) did the [initial work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/818) of adding [Dendrite](https://github.com/matrix-org/dendrite) support to the playbook back in January 2021. Lots of work (and time) later, Dendrite support is finally ready for testing.
+
+We believe that 2022 will be the year of the non-Synapse Matrix server!
+
+The playbook was previously quite [Synapse](https://github.com/matrix-org/synapse)-centric, but can now accommodate multiple homeserver implementations. Only one homeserver implementation can be active (installed) at a given time.
+
+**Synapse is still the default homeserver implementation** installed by the playbook. A new variable (`matrix_homeserver_implementation`) controls which server implementation is enabled (`synapse` or `dendrite` at the given moment).
+
+### Adapting the configuration for existing Synapse installations
+
+Because the playbook is not so Synapse-centric anymore, a small configuration change is necessary for existing installations to bring them up to date.
+
+The `vars.yml` file for **existing installations will need to be updated** by adding this **additional configuration**:
+
+```yaml
+# All secrets keys are now derived from `matrix_homeserver_generic_secret_key`, not from `matrix_synapse_macaroon_secret_key`.
+# To keep them all the same, define `matrix_homeserver_generic_secret_key` in terms of `matrix_synapse_macaroon_secret_key`.
+# Using a new secret value for this configuration key is also possible and should not cause any problems.
+#
+# Fun fact: new installations (based on the new `examples/vars.yml` file) do this in reverse.
+# That is, the Synapse macaroon secret is derived from `matrix_homeserver_generic_secret_key`.
+matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
+```
+
+### Trying out Dendrite
+
+Finally, **to try out Dendrite**, we recommend that you **use a new server** and the following addition to your `vars.yml` configuration:
+
+```yaml
+matrix_homeserver_implementation: dendrite
+```
+
+**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse to Dendrite) without data loss.
+
+We're excited to gain support for other homeserver implementations, like [Conduit](https://conduit.rs/), etc!
+
+
+## Honoroit bot support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now help you set up [Honoroit](https://gitlab.com/etke.cc/honoroit) - a helpdesk bot.
+
+See our [Setting up Honoroit](docs/configuring-playbook-bot-honoroit.md) documentation to get started.
+
+
+# 2022-01-06
+
+## Cinny support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [Cinny](https://cinny.in/) - a new simple, elegant and secure Matrix client.
+
+By default, we still install Element. Still, people who'd like to try Cinny out can now install it via the playbook.
+
+Additional details are available in [Setting up Cinny](docs/configuring-playbook-client-cinny.md).
+
+
 # 2021-12-22
 
 ## Twitter bridging support via mautrix-twitter

README.md

@@ -19,6 +19,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
 
+- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
+
 - (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
 
 - (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.
@@ -99,6 +101,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
 
+- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
+
 - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
 
 - (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation
@@ -113,6 +117,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
 
+- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
+
 Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
 
 **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

ansible.cfg

@@ -1,6 +1,11 @@
 [defaults]
+
+vault_password_file = gpg/open_vault.sh
+
 retry_files_enabled = False
 stdout_callback = yaml
 
+inventory = inventory/hosts
+
 [connection]
 pipelining = True

docs/configuring-awx-system.md

@@ -4,7 +4,7 @@ An AWX setup for managing multiple Matrix servers.
 
 This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
 
-Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
+Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context.
 
 The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
 
@@ -21,12 +21,7 @@ The following repositories allow you to copy and use this setup:
 
 [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
 
-
-## Testing Fork For This Playbook
-
-Updates to this section are trailed here:
-
-[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy)
+[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental.
 
 
 ## Does I need an AWX setup to use this? How do I configure it? 
@@ -38,7 +33,6 @@ For simpler installation steps you can use to get started with this system, chec
 
 ## Does I need a front-end WordPress site? And a DigitalOcean account? 
 
-You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
-
-You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.
+You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context.
 
+You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers.

docs/configuring-dns.md

@@ -37,6 +37,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
 | CNAME | `goneb`                      | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `sygnal`                     | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `hydrogen`                   | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `cinny`                      | -        | -      | -    | `matrix.<your-domain>` |
 
 ## Subdomains setup
 
@@ -57,6 +58,7 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou
 
 The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
 
+The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
 
 ## `_matrix-identity._tcp` SRV record setup
 

docs/configuring-playbook-bot-go-neb.md

@@ -198,8 +198,8 @@ matrix_bot_go_neb_services:
       # Each room will get the notification with the alert rendered with the given template
       rooms:
         "!someroomid:domain.tld":
-          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
-          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
+          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
           msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 ```
 

docs/configuring-playbook-bot-honoroit.md

@@ -0,0 +1,55 @@
+# Setting up Honoroit (optional)
+
+The playbook can install and configure [Honoroit](https://gitlab.com/etke.cc/honoroit) for you.
+
+It's a bot you can use to setup **your own helpdesk on matrix**
+
+See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
+
+
+## Registering the bot user
+
+By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.
+
+(to use a different username, adjust the `matrix_bot_honoroit_login` variable).
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_honoroit_enabled: true
+
+# Adjust this to whatever password you chose when registering the bot user
+matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT
+
+# Adjust this to your room ID
+matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To use the bot, invite the `@honoroit:DOMAIN` to the room you specified in config, after that any matrix user can send a message to the `@honoroit:DOMAIN` to start a new thread in that room.
+
+Send `!ho help` to the room to see the bot's help menu for additional commands.
+
+You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/honoroit#features).

docs/configuring-playbook-bridge-mautrix-twitter.md

@@ -2,9 +2,9 @@
 
 **Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) bridge supported by the playbook.
 
-The playbook can install and configure [mautrix-twitter](https://github.com/tulir/mautrix-twitter) for you.
+The playbook can install and configure [mautrix-twitter](https://github.com/mautrix/twitter) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-twitter/wiki#usage) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/mautrix/twitter) to learn what it does and why it might be useful to you.
 
 ```yaml
 matrix_mautrix_twitter_enabled: true
@@ -13,7 +13,7 @@ matrix_mautrix_twitter_enabled: true
 
 ## Set up Double Puppeting
 
-If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-twitter/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
 ### Method 1: automatically, by enabling Shared Secret Auth
 
@@ -23,7 +23,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
 
 ### Method 2: manually, by asking each user to provide a working access token
 
-This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/tulir/mautrix-twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
+This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/mautrix/twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
 
 ## Usage
 
@@ -32,6 +32,4 @@ This method is currently not available for the Mautrix-Twitter bridge, but is on
 
 You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
 
-If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
-
 After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

docs/configuring-playbook-client-cinny.md

@@ -0,0 +1,21 @@
+# Configuring Cinny (optional)
+
+This playbook can install the [cinny](https://github.com/ajbura/cinny) Matrix web client for you.
+cinny is a web client focusing primarily on simple, elegant and secure interface.
+cinny can be installed alongside or instead of Element.
+
+If you'd like cinny to be installed, add the following to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_client_cinny_enabled: true
+```
+
+You will also need to add a DNS record so that cinny can be accessed.
+By default cinny will use https://cinny.DOMAIN so you will need to create an CNAME record
+for `cinny`. See [Configuring DNS](configuring-dns.md).
+
+If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain):
+
+```yaml
+ matrix_server_fqn_cinny: "app.{{ matrix_domain }}"
+```

docs/configuring-playbook-dimension.md

@@ -58,7 +58,7 @@ curl -X POST --header 'Content-Type: application/json' -d '{
     "type": "m.login.password"
 }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
 ```
-*Change the "YourDimensionUser/Pass" URL accordigly*
+*Change `YourDimensionUsername`, `YourDimensionPassword`, and `YOURDOMAIN` accordingly.*
 
 **Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**
 

docs/configuring-playbook-etherpad.md

@@ -25,6 +25,23 @@ The Dimension administrator users can configure the default URL template. The Di
 If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
 Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`
 
+### Etherpad Admin access (optional)
+
+Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_etherpad_admin_username: admin
+matrix_etherpad_admin_password: some-password
+```
+
+The admin web-UI should then be available on: `https://dimension.<your-domain>/etherpad/admin`
+
+### Managing / Deleting old pads
+
+If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above.
+
+Then from the plugin manager page (`https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
+
 ## Known issues
 
 If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.

docs/configuring-playbook-own-webserver.md

@@ -64,7 +64,7 @@ Once you've followed the [Preparation](#preparation) guide above, you can take a
 
 ### Using your own external caddy webserver
 
-After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration.
+After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory and [examples/caddy2](../examples/caddy2) directory for a sample configuration for Caddy v1 and v2, respectively.
 
 ### Using your own HAproxy reverse proxy
 After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/haproxy](../examples/haproxy) directory for a sample configuration. In this case HAproxy is used as a reverse proxy and a simple Nginx container is used to serve statically `.well-known` files.

docs/configuring-playbook.md

@@ -69,6 +69,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
 
 - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional)
+- [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional)
 
 
 ### Authentication and user-related
@@ -141,6 +142,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional)
 
+- [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional)
+
 - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional)
 
 - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)

docs/container-images.md

@@ -30,6 +30,8 @@ These services are enabled and used by default, but you can turn them off, if yo
 
 These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later):
 
+- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional)
+
 - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
 
 - [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) - the [Etherpad](https://etherpad.org) realtime collaborative text editor that can be used in a Jitsi audio/video call or integrated as a widget into Matrix chat rooms via the Dimension integration manager (optional)
@@ -46,7 +48,7 @@ These services are not part of our default installation, but can be enabled by [
 
 - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
 
-- [tulir/mautrix-twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/tulir/mautrix-twitter) bridge to [Twitter](https://twitter.com/) (optional)
+- [mautrix/twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/mautrix/twitter) bridge to [Twitter](https://twitter.com/) (optional)
 
 - [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
 
@@ -92,6 +94,8 @@ These services are not part of our default installation, but can be enabled by [
 
 - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
 
+- [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional)
+
 - [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
 
 - [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional)

docs/self-building.md

@@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-synapse-admin`
 - `matrix-client-element`
 - `matrix-client-hydrogen`
+- `matrix-client-cinny`
 - `matrix-registration`
 - `matrix-coturn`
 - `matrix-corporal`
@@ -33,6 +34,7 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-bridge-mautrix-whatsapp`
 - `matrix-bridge-mx-puppet-skype`
 - `matrix-bot-mjolnir`
+- `matrix-bot-honoroit`
 - `matrix-bot-matrix-reminder-bot`
 - `matrix-email2matrix`
 

examples/vars.yml

@@ -10,6 +10,14 @@
 # Example value: example.com
 matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
 
+# The Matrix homeserver software to install.
+# See `roles/matrix-base/defaults/main.yml` for valid options.
+matrix_homeserver_implementation: synapse
+
+# A secret used as a base, for generating various other secrets.
+# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
+matrix_homeserver_generic_secret_key: ''
+
 # This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
 #
 # In case SSL renewal fails at some point, you'll also get an email notification there.
@@ -20,14 +28,6 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
 # Example value: someone@example.com
 matrix_ssl_lets_encrypt_support_email: ''
 
-# A shared secret (between Coturn and Synapse) used for authentication.
-# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-matrix_coturn_turn_static_auth_secret: ''
-
-# A secret used to protect access keys issued by the server.
-# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-matrix_synapse_macaroon_secret_key: ''
-
 # A Postgres password to use for the superuser Postgres user (called `matrix` by default).
 #
 # The playbook creates additional Postgres users and databases (one for each enabled service)

gpg/open_vault.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e -u
+
+gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

gpg/vault_passphrase.gpg

@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
+iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
+foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
+C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
+luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
++rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
+RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
+4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
+0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
+eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
+ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
+jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
+anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
+yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
+=Cecg
+-----END PGP MESSAGE-----

inventory/host_vars/matrix.finallycoffee.eu/vars.yml

@@ -0,0 +1,339 @@
+#
+# General config
+# Domain of the matrix server and SSL config
+#
+matrix_domain: finallycoffee.eu
+matrix_ssl_retrieval_method: none
+matrix_nginx_proxy_enabled: false
+matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
+matrix_server_fqn_element: "chat.{{ matrix_domain }}"
+
+web_user: "web"
+revproxy_autoload_dir: "/vault/services/web/sites.d"
+
+#matrix_client_element_version: v1.8.4
+#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
+#matrix_mautrix_telegram_version: v0.10.0
+
+#
+# General Synapse config
+#
+matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
+# A secret used to protect access keys issued by the server.
+matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
+# Make synapse accept larger media aswell
+matrix_synapse_max_upload_size_mb: 100
+# Enable metrics at (default) :9100/_synapse/metrics
+matrix_synapse_metrics_enabled: true
+matrix_synapse_enable_group_creation: true
+matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+matrix_synapse_turn_uris:
+  - "turns:voip.matrix.finallycoffee.eu?transport=udp"
+  - "turns:voip.matrix.finallycoffee.eu?transport=tcp"
+# Auto-join all users into those rooms
+matrix_synapse_auto_join_rooms:
+  - "#welcome:finallycoffee.eu"
+  - "#announcements:finallycoffee.eu"
+
+## Synapse rate limits
+matrix_synapse_rc_federation:
+  window_size: 1000
+  sleep_limit: 25
+  sleep_delay: 500
+  reject_limit: 50
+  concurrent: 5
+matrix_synapse_rc_message:
+  per_second: 0.5
+  burst_count: 25
+
+## Synapse cache tuning
+matrix_synapse_caches_global_factor: 0.7
+matrix_synapse_event_cache_size: "200K"
+
+## Synapse workers
+matrix_synapse_workers_enabled: true
+matrix_synapse_workers_preset: "little-federation-helper"
+matrix_synapse_workers_generic_worker_client_server_count: 0
+matrix_synapse_workers_media_repository_workers_count: 0
+matrix_synapse_workers_federation_sender_workers_count: 1
+matrix_synapse_workers_pusher_workers_count: 0
+matrix_synapse_workers_appservice_workers_count: 1
+
+# Static secret auth for matrix-synapse-shared-secret-auth
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+matrix_synapse_ext_password_provider_rest_auth_enabled: true
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
+matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
+matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
+matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
+
+# Enable experimental spaces support
+matrix_synapse_configuration_extension_yaml: |
+  experimental_features:
+    spaces_enabled: true
+
+#
+# synapse-admin tool
+#
+matrix_synapse_admin_enabled: true
+matrix_synapse_admin_container_http_host_bind_port: 8985
+
+
+#
+# VoIP / CoTURN config
+#
+# A shared secret (between Synapse and Coturn) used for authentication.
+matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+# Disable coturn, as we use own instance
+matrix_coturn_enabled: false
+
+
+#
+# dimension (integration manager) config
+#
+matrix_dimension_enabled: true
+matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
+matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
+matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
+matrix_dimension_configuration_extension_yaml: |
+    telegram:
+        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
+
+
+#
+# mautrix-whatsapp config
+#
+matrix_mautrix_whatsapp_enabled: true
+matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
+matrix_mautrix_whatsapp_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_whatsapp_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
+        max_connection_attempts: 5
+        connection_timeout: 30
+        contact_wait_delay: 5
+        private_chat_portal_meta: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+    logging:
+        print_level: info
+    metrics:
+        enabled: true
+        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+    whatsapp:
+        os_name: Linux mautrix-whatsapp
+        browser_name: Chrome
+
+
+#
+# mautrix-telegram config
+#
+matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
+matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
+matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
+matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
+matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
+matrix_mautrix_telegram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
+matrix_mautrix_telegram_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Telegram)"
+        parallel_file_transfer: false
+        inline_images: false
+        image_as_file_size: 20
+        delivery_receipts: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+        animated_sticker:
+            target: webm
+        encryption:
+            allow: true
+            default: true
+        permissions:
+            "@transcaffeine:finallycoffee.eu": "admin"
+            "gruenhage.xyz": "full"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+#        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
+
+
+#
+# mautrix-signal config
+#
+matrix_mautrix_signal_enabled: true
+matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
+matrix_mautrix_signal_container_extra_arguments:
+    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_signal_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Signal)"
+        community_id: "+signal:finallycoffee.eu"
+        encryption:
+            allow: true
+            default: true
+            key_sharing:
+                allow: true
+                require_verification: false
+        delivery_receipts: true
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+
+
+#
+# mx-puppet-instagram configuration
+#
+matrix_mx_puppet_instagram_enabled: true
+matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
+matrix_mx_puppet_instagram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_instagram_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-skype configuration
+#
+matrix_mx_puppet_skype_enabled: true
+matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
+matrix_mx_puppet_skype_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_skype_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+        path: /metrics
+
+
+#
+# mx-puppet-discord configuration
+#
+matrix_mx_puppet_discord_enabled: true
+matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
+matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
+matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
+matrix_mx_puppet_discord_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_discord_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-slack configuration
+#
+matrix_mx_puppet_slack_enabled: true
+matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
+matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
+matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
+matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
+matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
+matrix_mx_puppet_slack_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
+matrix_mx_puppet_slack_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# Element web configuration
+#
+# Branding config
+matrix_client_element_brand: "Chat"
+matrix_client_element_default_theme: "dark"
+matrix_client_element_themes_enabled: true
+matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
+matrix_client_element_welcome_text: |
+    Decentralised, encrypted chat &amp; collaboration,<br />
+    hosted on finallycoffee.eu, powered by element.io &amp;
+    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
+      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
+    </a>
+matrix_client_element_welcome_logo: "welcome/images/logo.png"
+matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
+matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
+matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
+matrix_client_element_container_extra_arguments:
+  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
+  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
+# Integration and capabilites config
+matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
+matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
+matrix_client_element_integrations_widgets_urls:
+  - "https://{{ matrix_server_fqn_dimension }}/widgets"
+  - "https://scalar.vector.im/api"
+matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
+matrix_client_element_disable_custom_urls: false
+matrix_client_element_roomdir_servers:
+  - "matrix.org"
+  - "finallycoffee.eu"
+  - "entropia.de"
+matrix_client_element_enable_presence_by_hs_url:
+  https://matrix.org: false
+
+
+# Matrix ma1sd extended configuration
+matrix_ma1sd_configuration_extension_yaml: |
+    hashing:
+      enabled: true
+      pepperLength: 20
+      rotationPolicy: per_requests
+      requests: 10
+      hashStorageType: sql
+      algorithms:
+          - none
+          - sha256
+
+
+# Matrix mail notification relay setup
+matrix_mailer_enabled: true
+matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
+matrix_mailer_relay_use: true
+matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
+matrix_mailer_relay_host_port: 587
+matrix_mailer_relay_auth: true
+matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
+matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

inventory/host_vars/matrix.finallycoffee.eu/vault.yml

@@ -0,0 +1,100 @@
+$ANSIBLE_VAULT;1.1;AES256
+39366364363633336238333130353832663162393038633665396333343732353964333363666539
+6562346632343235623835643735386434316666393234360a383634616537393134613631383836
+61333835363666623033306166376232303930306433343366373463653234623736643633383734
+3330333665383539650a383132353032386230393031626361343764323034386230363066306331
+34646236336262623435633566363033613737373064616266336237343233663066396163373034
+62303765353066653737366539626461636531636438323932333134363136363134646164646531
+63656638666233313437663261396665653736373164323433306435323336633938313164646264
+33653661633965363833393031616463633761356234633630643562306366653133366637346166
+38636433343736343461613731623538633361363934343764326466313261353633646230353065
+37366134303164356433333961346663313963626165323966656536313532376162326565383539
+65363333633964323838663461373666353665643236623839646664653661613838353239613137
+39353061323131306365656261343630313665356165623064616436653566373663343733316237
+34393666383465323463313838393465643830373632373938633763666636346539666233303265
+38353337633833373331356663633936326334366337393135653030333531613565643666633038
+64393862303765366632393137313432376563353335353231323464633637343334346634306534
+35613330373336633031376263306466306437656635396133613335386130346163663438386136
+61646437343938663431343736363564376238316666373531616231366132643864346538363866
+35396433366137356162313963666134383134306462313336613735386639363936326131383939
+66623833643433663039623837623133303336666233623935313438366136353332313165333936
+31386632336535383533646639636164313331346630633366383739623261366465656632393062
+63373332623738303364623437666531396331646666336230353333366261653438363861656466
+39333762633037383336393164616563396564383232636533363864636230616664303330323932
+66666234633362346132303932643464366466323535303835363430333737666661373534333934
+61393362616438626636383564613335363634626231663234616438343464383461303632363033
+39336362396339316661323662393665383031643931626333646335643335353661653939363538
+38666561313539613566386132336630643237333432656236356132616230663561343665353938
+33366663353834356434366335373265373439363430636533303933656264366338623232613435
+35356662383232386137313064313363303861326635333435393737643663336534363234623430
+32376432353330613666396337303935376366613564353039396164383361616337656535346166
+34396635356266326461613135303639643935363261396363636338636564643838313262326266
+31663139343336376233303637373864363835313839326433656235616332333134306139623239
+37636639356263646437373362333931613262363363313462666534643765313139386461623731
+33376635653133353033333733613464396632636634313063326363313030376632643863336237
+61636638353237313764313435626463633964643665313536326235343639663137373436303564
+30636232626137376339303238653664346538356430306238633037366332316263623666373062
+63646533646131303466653637346463613237323161313265613834383634626237323563653733
+38656435303264346663663465333966376631666530333833353233376263336436613065366362
+36366263343438393132326661623031316663663231663464383732343064383234616636306530
+66613634626362316533303034393063666632343262613431613635663866636433623535363238
+30643933613731363236346234336662613633323831633437613435326465383530653765616262
+63373538396364316563343365303134373466663639386137663564356532353531343636613135
+63316463353264316164306566326462333732316431643939626161346530636638636662303037
+34346461313961613063336332333934383363373335616636363661396362613661383762663866
+64303834636264376461396266663763336665356561376161333136336638646363313133353161
+31643061623833623239373432633537663664636334623534326639616633616361333834366131
+30376361656238353332656666316637643133623433333861653265636266376639666135383638
+37363337326231656530363536393737383565666266306532626361633633353539363866376534
+61303737326632303762626666306134343837376566343035386663613336626332383035383035
+37633462373066373062313862323766316362393832666466396637363562353865303366323062
+39346332383966313437646138623364656234663066663639663138626163656433363038323166
+65613862386665643438323061323763306635666162303366323131363436633335356332393366
+63373966383132303434633835333438333337303664346335643066623839343835643364306561
+34643336346564363462396330643263653931376664386335313433376332653832323437376135
+35383231386133363236653334393433306638303131323064343931623538323130343666653061
+36353536383632333964343730346265626433303131346531303133663832363036333261386237
+30363361356265356139323761623563396565336137333733656431636531333234323061343862
+33623935346663333735613661363234646234356331323636386637343661373363363261646231
+33643233343235323230393933616664623166666266333862323631653835666135303233653635
+63373061656163353762636531613632366638383366303864343132376162643963366564363563
+61336338613935613532636165383463633866633036393533313433643562313737383431353163
+37623165373933376236393931363939633963666636303136373065376635623761346537643530
+35363464313630376233633863306238616138666464316534363332333937343362343233346431
+34643032323934353939666364323239653932363735373061633434653062326336353239633261
+38306237336266663038656534393664646138343038323335633064616431386666613739326630
+34383963666534313530376331366238343836303036306336343533666332386163643033643138
+33336333333338353733383165306139623964303035653439623131633566356136386431613135
+63616462386639303230343866346631346532353531373132613433363239646330653666633532
+65393766333238383531313132633537633833363335303630376239396565373730646331313633
+30383861303739343265623934643635633361623262356433323035393062353630346430646262
+63303434353038646361353661616339313937323336303566303536366163623362356332383862
+37326333393761633732653264646333653439363039323238383361336233323232613336303464
+34393635633131313135313665363161306466643364393734346264633030373234306466653862
+32336163666435636162343465386633653863363533616339636531306130383331376563393533
+65366136626662343065383164646665613035393636373565346235656439303933343563366339
+36643838393033353033396535613331303031646162316361613564323163633434633861356135
+62343461616335323565636633383962316531316362396165366533346166336163623232366261
+39376230376562626135346333326437373733373266393236383435343562653034313133376236
+61666138346562613330633630373837653465393233613261353937336666646231366666393335
+35393463333936323664323831396639333462626238613164616435363664643438653763623431
+32663237363134353061373563396535653565636431366565386337653863316333343738343432
+62303132636338303462313439376535363063333833363632613832303436353834376561333330
+66633632383135646263626333643230343630326539663762633934316261633062663732373932
+30306438386263626335373838343236643562326135663366353638353163346365396261313133
+36333634306133353235316237343738623263333732343063356238333162323931346664346539
+66323733643061386334306130633537353630663336313966663538373963313435666564316539
+63613030366332363432303036396232306537663765653938353736376135316539613135623632
+66356639623635663365323635646635383638346539323438336261393332373935383536333831
+61306639343061333639336162366536366438356166396266666132303932333037613632623666
+63616662343830303664353931306632323630316162643432653835313962633735626163366332
+34373637633066333432383533316363613031393963373963386161663430623533383165653561
+38343439633066366663643138326264653539336530393932386236366533663935353664343966
+39323161646231353234633961633732613065323039663062313661386565366534623430356632
+64343732336238393262363338363734643639353830646163343361653761633134303163616562
+35633436393832393137383534613031303963613339333566343065336530623964636662353065
+32366630353538383339346465376661323666333234373665613164633866363364613066643034
+37616630366232353166366535633936366536626462353831643335306337353564316461653564
+66663133373466333431336366346435623436656230376232613665633466333463636263373464
+30386434336538303061666566383033616563303564666362346432663130306531613063363537
+646635613236636563666161666630653836

inventory/hosts

@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+31336566376336626265653165306635633033376662656164383037383834653239656136333734
+3833666339393037323035343565343235396163636166370a643933333933386133366564396465
+30393637613164356564393337633361653432333232383664303739363736633435363764343530
+3532313739363963660a343434356534316230623133636366386334323465376139363162616238
+39396638366262313531653635326361616537396338363533303961623165343931373939306239
+31336632643166633662653765333231393461643933306464303165633037343061323636313034
+34376631656563646665373566633431366638383863666130323264316337663237343135306236
+66323536346164663239343139623430303230333466633437643337343930363530653964626163
+38336363633730393136333637383631636266396636646533356262376630646139303636666538
+32366437353163663865623234643061313639646162643965393535353938313133326237313265
+66646163333535396539646461356334633532313530653834623263386265383765356130333466
+30373531306137393935363030313739666536363138363962646565306439393239303030643162
+33333166663430393866666439653532623034396130313066383035396535646633366237303264
+36356665366461323664373038366364623937386233313039323837666333653764616462333365
+31326264633236373937313537633961633164323138356135633765663639323537656263633766
+38653836323263386333376131333330326237393666363064326463663961633839393039323835
+61306265333232623037356465393133323733363634646364336261326333366239346565366338
+61646132333033373866623739343830336164316461646366666237313565626639323537623732
+38323830656136323137323530343764666433633432366136643538323832653130376363653135
+64376261386635636533353961613335663962306337353866616464613636303735336230623962
+3336

roles/matrix-awx/tasks/main.yml

@@ -8,9 +8,9 @@
   tags:
     - always
 
-# Renames the variables if needed
+# Renames or updates the vars.yml if needed
 - include_tasks: 
-    file: "rename_variables.yml"
+    file: "update_variables.yml"
     apply:
       tags: always
   when: run_setup|bool and matrix_awx_enabled|bool

roles/matrix-awx/tasks/rename_variables.yml

@@ -1,8 +0,0 @@
----
-
-- name: Rename synapse presence variable
-  delegate_to: 127.0.0.1
-  replace:
-    path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
-    regexp: 'matrix_synapse_use_presence'
-    replace: 'matrix_synapse_presence_enabled'

roles/matrix-awx/tasks/update_variables.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Rename synapse presence variable
+  delegate_to: 127.0.0.1
+  replace:
+    path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
+    regexp: 'matrix_synapse_use_presence'
+    replace: 'matrix_synapse_presence_enabled'
+
+- name: Generate matrix_homeserver_generic_secret_key variable
+  delegate_to: 127.0.0.1
+  command: |
+      openssl rand -hex 16
+  register: generic_secret
+  no_log: True
+  when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )
+
+- name: Add new matrix_homeserver_generic_secret_key variable
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
+    insertbefore: '# Basic Settings End'
+    mode: '0600'
+    state: present    
+  when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )

roles/matrix-base/defaults/main.yml

@@ -7,6 +7,18 @@
 # Example value: example.com
 matrix_domain: ~
 
+# This will contain the homeserver implementation that is in use.
+# Valid values: synapse, dendrite
+#
+# By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
+#
+# This value automatically influences other variables (`matrix_synapse_enabled`, `matrix_dendrite_enabled`, etc.).
+# The homeserver implementation of an existing server cannot be changed without data loss.
+matrix_homeserver_implementation: synapse
+
+# This contains a secret, which is used for generating various other secrets later on.
+matrix_homeserver_generic_secret_key: ''
+
 # This is where your data lives and what we set up.
 # This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
@@ -21,6 +33,9 @@ matrix_server_fqn_element: "element.{{ matrix_domain }}"
 # This is where you access the Hydrogen web client from (if enabled via matrix_client_hydrogen_enabled; disabled by default).
 matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
 
+# This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
+matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
+
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
 
@@ -88,11 +103,16 @@ matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS
 
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 
-# Specifies where the homeserver is on the container network.
-# Where this is depends on whether there's a reverse-proxy in front of it, etc.
+# Specifies where the homeserver's Client-Server API is on the container network.
+# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
 # This likely gets overriden elsewhere.
 matrix_homeserver_container_url: ""
 
+# Specifies where the homeserver's Federation API is on the container network.
+# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
+# This likely gets overriden elsewhere.
+matrix_homeserver_container_federation_url: ""
+
 matrix_identity_server_url: ~
 
 matrix_integration_manager_rest_url: ~
@@ -218,6 +238,7 @@ run_synapse_register_user: true
 run_synapse_update_user_password: true
 run_synapse_import_media_store: true
 run_synapse_rust_synapse_compress_state: true
+run_dendrite_register_user: true
 run_setup: true
 run_self_check: true
 run_start: true

roles/matrix-base/tasks/main.yml

@@ -31,4 +31,5 @@
     - setup-all
     - setup-ma1sd
     - setup-synapse
+    - setup-dendrite
     - setup-nginx-proxy

roles/matrix-base/tasks/sanity_check.yml

@@ -1,5 +1,10 @@
 ---
 
+- name: Fail if invalid homeserver implementation
+  fail:
+    msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
+  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']"
+
 # We generally support Ansible 2.7.1 and above.
 - name: Fail if running on Ansible < 2.7.1
   fail:
@@ -28,14 +33,29 @@
     - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
     - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
 
+# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
+- name: Fail if matrix_homeserver_generic_secret_key is undefined
+  fail:
+    msg: |
+      The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
+
+      If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
+
+      If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
+      `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`
+      to your `vars.yml` file. Using another secret value for the new variable is also possible and shouldn't cause any trouble.
+  when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
+
 - name: Fail if required variables are undefined
   fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value"
+    msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
   with_items:
-    - matrix_domain
-    - matrix_server_fqn_matrix
-    - matrix_server_fqn_element
-  when: "item not in vars or vars[item] is none"
+    - {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"}
+    - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"}
+    - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"}
+    - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url|default('') }}"}
+    - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url|default('') }}"}
+  when: "item.value is none or item.value == ''"
 
 - name: Fail if uppercase domain used
   fail:

roles/matrix-base/tasks/server_base/setup_archlinux.yml

@@ -4,8 +4,6 @@
   pacman:
     name:
       - python-docker
-      # TODO This needs to be verified. Which version do we need?
-      - fuse3
       - python-dnspython
     state: latest
     update_cache: yes

roles/matrix-base/tasks/server_base/setup_centos.yml

@@ -21,7 +21,6 @@
   yum:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_centos8.yml

@@ -28,7 +28,6 @@
   yum:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 
@@ -44,4 +43,4 @@
   pip:
     name: docker-py
     state: latest
-  when: matrix_docker_installation_enabled|bool
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -29,7 +29,6 @@
   apt:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -29,7 +29,6 @@
   apt:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/util/ensure_fuse_installed.yml

@@ -0,0 +1,23 @@
+
+# This is for both CentOS 7 and 8
+- name: Ensure fuse installed (CentOS)
+  yum:
+    name:
+      - fuse
+    state: latest
+  when: ansible_distribution == 'CentOS'
+
+# This is for both Debian and Raspbian
+- name: Ensure fuse installed (Debian/Raspbian)
+  apt:
+    name:
+      - fuse
+    state: latest
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure fuse installed (Archlinux)
+  pacman:
+    name:
+      - fuse3
+    state: latest
+  when: ansible_distribution == 'Archlinux'

roles/matrix-base/tasks/validate_config.yml

@@ -1,9 +0,0 @@
----
-
-- name: Fail if required Matrix Base settings not defined
-  fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`) for using this playbook.
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_homeserver_container_url"

roles/matrix-base/vars/main.yml

@@ -1,3 +1,3 @@
 # This will contain a list of enabled services that the playbook is managing.
 # Each component is expected to append its service name to this list.
-matrix_systemd_services_list: []
+matrix_systemd_services_list: []

roles/matrix-bot-go-neb/defaults/main.yml

@@ -203,8 +203,8 @@ matrix_bot_go_neb_services: []
 #      # Each room will get the notification with the alert rendered with the given template
 #      rooms:
 #        "!someroomid:domain.tld":
-#          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
-#          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+#          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
+#          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
 #          msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 
 # Default configuration template which covers the generic use case.

roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2

@@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			{{ matrix_bot_go_neb_docker_image }} \
 			-c "go-neb /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb

roles/matrix-bot-honoroit/defaults/main.yml

@@ -0,0 +1,103 @@
+# honoroit is a helpdesk bot
+# See: https://gitlab.com/etke.cc/honoroit
+
+matrix_bot_honoroit_enabled: true
+
+matrix_bot_honoroit_container_image_self_build: false
+matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
+matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
+
+matrix_bot_honoroit_version: v0.9.2
+matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
+matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
+
+matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
+matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
+matrix_bot_honoroit_data_path: "{{ matrix_bot_honoroit_base_path }}/data"
+matrix_bot_honoroit_data_store_path: "{{ matrix_bot_honoroit_data_path }}/store"
+
+# A list of extra arguments to pass to the container
+matrix_bot_honoroit_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-honoroit.service depends on
+matrix_bot_honoroit_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-honoroit.service wants
+matrix_bot_honoroit_systemd_wanted_services_list: []
+
+
+# Database-related configuration fields.
+#
+# To use SQLite, stick to these defaults.
+#
+# To use Postgres:
+# - change the engine (`matrix_bot_honoroit_database_engine: 'postgres'`)
+# - adjust your database credentials via the `matrix_bot_honoroit_database_*` variables
+matrix_bot_honoroit_database_engine: 'sqlite'
+
+matrix_bot_honoroit_sqlite_database_path_local: "{{ matrix_bot_honoroit_data_path }}/bot.db"
+matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db"
+
+matrix_bot_honoroit_database_username: 'honoroit'
+matrix_bot_honoroit_database_password: 'some-password'
+matrix_bot_honoroit_database_hostname: 'matrix-postgres'
+matrix_bot_honoroit_database_port: 5432
+matrix_bot_honoroit_database_name: 'honoroit'
+
+matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode=disable'
+
+matrix_bot_honoroit_storage_database: "{{
+	{
+		'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
+		'postgres': matrix_bot_honoroit_database_connection_string,
+	}[matrix_bot_honoroit_database_engine]
+}}"
+
+matrix_bot_honoroit_database_dialect: "{{
+  {
+    'sqlite': 'sqlite3',
+    'postgres': 'postgres',
+  }[matrix_bot_honoroit_database_engine]
+}}"
+
+
+# The bot's username. This user needs to be created manually beforehand.
+# Also see `matrix_bot_honoroit_password`.
+matrix_bot_honoroit_login: "honoroit"
+
+# The password that the bot uses to authenticate.
+matrix_bot_honoroit_password: ''
+
+matrix_bot_honoroit_homeserver: "{{ matrix_homeserver_container_url }}"
+
+# The room ID where bot will create threads
+matrix_bot_honoroit_roomid: ''
+
+# Command prefix
+matrix_bot_honoroit_prefix: ''
+
+# Sentry DSN
+matrix_bot_honoroit_sentry: ''
+
+# Log level
+matrix_bot_honoroit_loglevel: ''
+
+# Text: greetings
+matrix_bot_honoroit_text_greetings: ''
+
+# Text: error
+matrix_bot_honoroit_text_error: ''
+
+# Text: empty room
+matrix_bot_honoroit_text_emptyroom: ''
+
+# Text: done
+matrix_bot_honoroit_text_done: ''
+
+# Additional environment variables to pass to the Honoroit container
+#
+# Example:
+# matrix_bot_honoroit_environment_variables_extension: |
+#   HONOROIT_TEXT_DONE=Done
+matrix_bot_honoroit_environment_variables_extension: ''

roles/matrix-bot-honoroit/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
+  when: matrix_bot_honoroit_enabled|bool

roles/matrix-bot-honoroit/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit

roles/matrix-bot-honoroit/tasks/setup_install.yml

@@ -0,0 +1,92 @@
+---
+- set_fact:
+    matrix_bot_honoroit_requires_restart: false
+
+- block:
+    - name: Check if an SQLite database already exists
+      stat:
+        path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
+      register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
+
+    - block:
+        - set_fact:
+            matrix_postgres_db_migration_request:
+              src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
+              dst: "{{ matrix_bot_honoroit_database_connection_string }}"
+              caller: "{{ role_path|basename }}"
+              engine_variable_name: 'matrix_bot_honoroit_database_engine'
+              engine_old: 'sqlite'
+              systemd_services_to_stop: ['matrix-bot-honoroit.service']
+
+        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
+
+        - set_fact:
+            matrix_bot_honoroit_requires_restart: true
+      when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool"
+  when: "matrix_bot_honoroit_database_engine == 'postgres'"
+
+- name: Ensure honoroit paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_bot_honoroit_config_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_data_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
+  when: "item.when|bool"
+
+- name: Ensure honoroit environment variables file created
+  template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_bot_honoroit_config_path }}/env"
+    mode: 0640
+
+- name: Ensure honoroit image is pulled
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
+  when: "not matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure honoroit repository is present on self-build
+  git:
+    repo: "{{ matrix_bot_honoroit_docker_repo }}"
+    dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+    force: "yes"
+  register: matrix_bot_honoroit_git_pull_results
+  when: "matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure honoroit image is built
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    source: build
+    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure matrix-bot-honoroit.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+    mode: 0644
+  register: matrix_bot_honoroit_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
+
+- name: Ensure matrix-bot-honoroit.service restarted, if necessary
+  service:
+    name: "matrix-bot-honoroit.service"
+    state: restarted
+  when: "matrix_bot_honoroit_requires_restart|bool"

roles/matrix-bot-honoroit/tasks/setup_uninstall.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Check existence of matrix-honoroit service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+  register: matrix_bot_honoroit_service_stat
+
+- name: Ensure matrix-honoroit is stopped
+  service:
+    name: matrix-bot-honoroit
+    state: stopped
+    enabled: no
+    daemon_reload: yes
+  register: stopping_result
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure matrix-bot-honoroit.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+    state: absent
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure Matrix honoroit paths don't exist
+  file:
+    path: "{{ matrix_bot_honoroit_base_path }}"
+    state: absent
+
+- name: Ensure honoroit Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    state: absent

roles/matrix-bot-honoroit/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_honoroit_password"
+    - "matrix_bot_honoroit_roomid"

roles/matrix-bot-honoroit/templates/env.j2

@@ -0,0 +1,15 @@
+HONOROIT_LOGIN={{ matrix_bot_honoroit_login }}
+HONOROIT_PASSWORD={{ matrix_bot_honoroit_password }}
+HONOROIT_HOMESERVER={{ matrix_bot_honoroit_homeserver }}
+HONOROIT_ROOMID={{ matrix_bot_honoroit_roomid }}
+HONOROIT_DB_DSN={{ matrix_bot_honoroit_database_connection_string }}
+HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
+HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
+HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
+HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
+HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
+HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
+HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}
+HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }}
+
+{{ matrix_bot_honoroit_environment_variables_extension }}

roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2

@@ -0,0 +1,39 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix helpdesk bot
+{% for service in matrix_bot_honoroit_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_bot_honoroit_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_bot_honoroit_config_path }}/env \
+			--mount type=bind,src={{ matrix_bot_honoroit_data_path }},dst=/data \
+			{% for arg in matrix_bot_honoroit_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_bot_honoroit_docker_image }}
+
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-bot-honoroit
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_bot_matrix_reminder_bot_enabled: true
 
-matrix_bot_matrix_reminder_bot_container_self_build: false
+matrix_bot_matrix_reminder_bot_container_image_self_build: false
 matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
 matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
 

roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml

@@ -46,7 +46,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
-  when: "not matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot repository is present on self-build
   git:
@@ -54,7 +54,7 @@
     dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
     force: "yes"
   register: matrix_bot_matrix_reminder_bot_git_pull_results
-  when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot image is built
   docker_image:
@@ -66,7 +66,7 @@
       dockerfile: docker/Dockerfile
       path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
       pull: yes
-  when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot config installed
   copy:

roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml

@@ -8,3 +8,12 @@
   with_items:
     - "matrix_bot_matrix_reminder_bot_matrix_user_password"
     - "matrix_bot_matrix_reminder_bot_reminders_timezone"
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}

roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
 			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-matrix-reminder-bot

roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \
 			{% endfor %}
 			{{ matrix_bot_mjolnir_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-mjolnir

roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
 			{{ matrix_appservice_discord_docker_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-discord

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_appservice_irc_enabled: true
 
-matrix_appservice_irc_container_self_build: false
+matrix_appservice_irc_container_image_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 

roles/matrix-bridge-appservice-irc/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -11,7 +11,7 @@
     - { path: "{{ matrix_appservice_irc_base_path }}", when: true }
     - { path: "{{ matrix_appservice_irc_config_path }}", when: true }
     - { path: "{{ matrix_appservice_irc_data_path }}", when: true }
-    - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" }
+    - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" }
   when: item.when|bool
 
 - name: Check if an old passkey file already exists
@@ -61,7 +61,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
-  when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool"
+  when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-irc repository is present when self-building
   git:
@@ -69,7 +69,7 @@
     dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
     force: "yes"
   register: matrix_appservice_irc_git_pull_results
-  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool"
+  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-irc Docker image is built
   docker_image:
@@ -81,7 +81,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_appservice_irc_docker_src_files_path }}"
       pull: yes
-  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
+  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
 
 - name: Ensure Matrix Appservice IRC config installed
   copy:

roles/matrix-bridge-appservice-irc/tasks/validate_config.yml

@@ -33,3 +33,4 @@
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
+    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}

roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2

@@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
 			{{ matrix_appservice_irc_docker_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-irc

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -3,11 +3,11 @@
 
 matrix_appservice_slack_enabled: true
 
-matrix_appservice_slack_container_self_build: false
+matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 
-matrix_appservice_slack_version: release-1.8.0
+matrix_appservice_slack_version: release-1.10.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
@@ -44,7 +44,7 @@
       msg: >-
         Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-appservice-slack/tasks/setup_install.yml

@@ -11,7 +11,7 @@
     - { path: "{{ matrix_appservice_slack_base_path }}", when: true }
     - { path: "{{ matrix_appservice_slack_config_path }}", when: true }
     - { path: "{{ matrix_appservice_slack_data_path }}", when: true }
-    - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" }
+    - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" }
   when: item.when|bool
 
 - set_fact:
@@ -37,7 +37,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
-  when: "not matrix_appservice_slack_container_self_build|bool"
+  when: "not matrix_appservice_slack_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-slack repository is present when self-building
   git:
@@ -45,7 +45,7 @@
     dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
     force: "yes"
   register: matrix_appservice_slack_git_pull_results
-  when: "matrix_appservice_slack_container_self_build|bool"
+  when: "matrix_appservice_slack_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-slack Docker image is built
   docker_image:
@@ -57,7 +57,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_appservice_slack_docker_src_files_path }}"
       pull: yes
-  when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
+  when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
 
 - name: Ensure Matrix Appservice Slack config installed
   copy:

roles/matrix-bridge-appservice-slack/tasks/validate_config.yml

@@ -11,3 +11,12 @@
     - "matrix_appservice_slack_homeserver_url"
     - "matrix_appservice_slack_homeserver_token"
     - "matrix_appservice_slack_id_token"
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'}

roles/matrix-bridge-appservice-slack/templates/config.yaml.j2

@@ -5,9 +5,9 @@ bot_username: "{{ matrix_appservice_slack_bot_name }}"
 username_prefix: {{ matrix_appservice_slack_user_prefix }}
 
 homeserver:
-    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
-    url: "{{ matrix_appservice_slack_homeserver_url }}"
     server_name: "{{ matrix_domain }}"
+    url: "{{ matrix_appservice_slack_homeserver_url }}"
+    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
 
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"

roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
 			{{ matrix_appservice_slack_docker_image }} \
 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-slack

roles/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -1,15 +1,15 @@
 # matrix-appservice-webhooks is a Matrix <-> webhook bridge
-# See: https://github.com/turt2live/matrix-appservice-webhooks
+# See: https://github.com/redoonetworks/matrix-appservice-webhooks
 
 matrix_appservice_webhooks_enabled: true
 
 matrix_appservice_webhooks_container_image_self_build: false
-matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/turt2live/matrix-appservice-webhooks"
+matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/redoonetworks/matrix-appservice-webhooks"
 matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile"
 
-matrix_appservice_webhooks_version: latest
-matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
+matrix_appservice_webhooks_version: v1.0.3-01
+matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}redoonetworks/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-webhooks/tasks/init.yml

@@ -37,7 +37,7 @@
       msg: >-
         Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web
 			{{ matrix_appservice_webhooks_docker_image }} \
 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-webhooks

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_beeper_linkedin_enabled: true
 
-matrix_beeper_linkedin_version: v0.5.1
+matrix_beeper_linkedin_version: v0.5.2
 
 # See: https://gitlab.com/beeper/linkedin/container_registry
 matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"

roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi
 			{{ matrix_beeper_linkedin_docker_image }} \
                         python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-beeper-linkedin

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.8.0
+matrix_heisenbridge_version: 1.10.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2

@@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \
           --listen-port 9898 \
           {{ matrix_heisenbridge_homeserver_url }}
 
-ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
-ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
+ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
+ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-heisenbridge

roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo
 			{{ matrix_mautrix_facebook_docker_image }} \
 			python3 -m mautrix_facebook -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-facebook

roles/matrix-bridge-mautrix-googlechat/tasks/init.yml

@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google
 			{{ matrix_mautrix_googlechat_docker_image }} \
 			python3 -m mautrix_googlechat -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-googlechat

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2

@@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
 			{{ matrix_mautrix_hangouts_docker_image }} \
 			python3 -m mautrix_hangouts -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-hangouts

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_mautrix_instagram_enabled: true
 matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 
-matrix_mautrix_instagram_version: latest
+matrix_mautrix_instagram_version: v0.1.2
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag
 			{{ matrix_mautrix_instagram_docker_image }} \
 			python3 -m mautrix_instagram -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-instagram

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -3,17 +3,17 @@
 
 matrix_mautrix_signal_enabled: true
 
-matrix_mautrix_signal_container_self_build: false
+matrix_mautrix_signal_container_image_self_build: false
 matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
-matrix_mautrix_signal_version: latest
-matrix_mautrix_signal_daemon_version: latest
+matrix_mautrix_signal_version: v0.2.2
+matrix_mautrix_signal_daemon_version: 0.16.1
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
 
-matrix_mautrix_signal_daemon_container_self_build: false
+matrix_mautrix_signal_daemon_container_image_self_build: false
 matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
 matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
 

roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml

@@ -14,7 +14,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
-  when: "not matrix_mautrix_signal_container_self_build|bool"
+  when: "not matrix_mautrix_signal_container_image_self_build|bool"
 
 
 - name: Ensure Mautrix Signal repository is present on self-build
@@ -23,19 +23,19 @@
     dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
     force: "yes"
   register: matrix_mautrix_signal_git_pull_results
-  when: "matrix_mautrix_signal_container_self_build|bool"
+  when: "matrix_mautrix_signal_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal image is built
   docker_image:
     name: "{{ matrix_mautrix_signal_docker_image }}"
     source: build
     force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_git_pull_results.changed }}"
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_signal_docker_src_files_path }}"
       pull: yes
-  when: "matrix_mautrix_signal_container_self_build|bool"
+  when: "matrix_mautrix_signal_container_image_self_build|bool"
 
 
 - name: Ensure Mautrix Signal Daemon image is pulled
@@ -44,7 +44,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
-  when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool
+  when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build|bool
   register: matrix_mautrix_signal_daemon_pull_results
 
 - name: Ensure Mautrix Signal Daemon repository is present on self-build
@@ -53,19 +53,19 @@
     dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
     force: "yes"
   register: matrix_mautrix_signal_daemon_git_pull_results
-  when: "matrix_mautrix_signal_daemon_container_self_build|bool"
+  when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal Daemon image is built
   docker_image:
     name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
     source: build
     force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}"
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
       pull: yes
-  when: "matrix_mautrix_signal_daemon_container_self_build|bool"
+  when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal paths exist
   file:

roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml

@@ -26,3 +26,5 @@
     - {'old': 'matrix_mautrix_signal_db_port', 'new': 'matrix_mautrix_signal_database_port'}
     - {'old': 'matrix_mautrix_signal_db_url', 'new': 'matrix_mautrix_signal_database_connection_string'}
     - {'old': 'matrix_mautrix_signal_configuration_permissions', 'new': '<superseded by matrix_mautrix_signal_configuration_extension_yaml>'}
+    - {'old': 'matrix_mautrix_signal_container_self_build', 'new': 'matrix_mautrix_signal_container_image_self_build'}
+    - {'old': 'matrix_mautrix_signal_daemon_container_self_build', 'new': 'matrix_mautrix_signal_daemon_container_image_self_build'}

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2

@@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
 			{{ matrix_mautrix_signal_daemon_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
 
 Restart=always
 RestartSec=30

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2

@@ -26,6 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
+			--tmpfs /tmp \
 			{% if matrix_mautrix_signal_container_http_host_bind_port %}
 			-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
 			{% endif %}
@@ -37,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			{{ matrix_mautrix_signal_docker_image }} \
 			python3 -m mautrix_signal -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
 
 Restart=always
 RestartSec=30

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -3,17 +3,17 @@
 
 matrix_mautrix_telegram_enabled: true
 
-matrix_telegram_lottieconverter_container_self_build: false
-matrix_telegram_lottieconverter_container_self_build_mask_arch: false
+matrix_telegram_lottieconverter_container_image_self_build: false
+matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
 matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
 matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
-matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
 
-matrix_mautrix_telegram_container_self_build: false
+matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.10.2
+matrix_mautrix_telegram_version: v0.11.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@@ -110,6 +110,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
 matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
 
+matrix_mautrix_telegram_sender_localpart: "telegrambot"
+
 matrix_mautrix_telegram_registration_yaml: |
   id: telegram
   as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@@ -123,10 +125,15 @@ matrix_mautrix_telegram_registration_yaml: |
       aliases:
       - exclusive: true
         regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
-  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
   url: {{ matrix_mautrix_telegram_appservice_address }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true
+#  sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
 
 matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
+
+# Templates for defining MXID's and displaynames for users and rooms.
+matrix_mautrix_telegram_username_template: 'telegram_{userid}'
+matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
+matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -45,7 +45,7 @@
     - { path: "{{ matrix_mautrix_telegram_base_path }}", when: true }
     - { path: "{{ matrix_mautrix_telegram_config_path }}", when: true }
     - { path: "{{ matrix_mautrix_telegram_data_path }}", when: true }
-    - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_self_build }}" }
+    - { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_image_self_build }}" }
   when: item.when|bool
 
 - name: Ensure Mautrix Telegram image is pulled
@@ -54,7 +54,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}"
-  when: "not matrix_mautrix_telegram_container_self_build|bool"
+  when: "not matrix_mautrix_telegram_container_image_self_build|bool"
 
 - name: Ensure lottieconverter is present when self-building
   git:
@@ -62,7 +62,7 @@
     dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
     force: "yes"
   register: matrix_telegram_lottieconverter_git_pull_results
-  when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_mautrix_telegram_container_self_build|bool"
+  when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_mautrix_telegram_container_image_self_build|bool"
 
 - name: Ensure lottieconverter Docker image is built
   docker_image:
@@ -74,7 +74,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
       pull: yes
-  when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_self_build|bool"
+  when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build|bool"
 
 - name: Ensure matrix-mautrix-telegram repository is present when self-building
   git:
@@ -82,7 +82,7 @@
     dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
     force: "yes"
   register: matrix_mautrix_telegram_git_pull_results
-  when: "matrix_mautrix_telegram_container_self_build|bool"
+  when: "matrix_mautrix_telegram_container_image_self_build|bool"
 
 - name: Ensure matrix-mautrix-telegram Docker image is built
   docker_image:
@@ -93,10 +93,10 @@
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
-      pull: "{{ not matrix_telegram_lottieconverter_container_self_build_mask_arch|bool }}"
+      pull: "{{ not matrix_telegram_lottieconverter_container_image_self_build_mask_arch|bool }}"
       args:
         TARGETARCH: ""
-  when: "matrix_mautrix_telegram_container_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed"
+  when: "matrix_mautrix_telegram_container_image_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed"
 
 - name: Check if an old database file already exists
   stat:

roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml

@@ -20,3 +20,6 @@
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_telegram_container_http_host_bind_port>'}
+    - {'old': 'matrix_mautrix_telegram_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
+    - {'old': 'matrix_telegram_lottieconverter_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
+    - {'old': 'matrix_telegram_lottieconverter_container_self_build_mask_arch', 'new': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch'}

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -69,13 +69,16 @@ appservice:
 bridge:
     # Localpart template of MXIDs for Telegram users.
     # {userid} is replaced with the user ID of the Telegram user.
-    username_template: "telegram_{userid}"
+    # Default: telegram_{userid}
+    username_template: {{ matrix_mautrix_telegram_username_template|to_json }}
     # Localpart template of room aliases for Telegram portal rooms.
     # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
-    alias_template: "telegram_{groupname}"
+    # Default: telegram_{groupname}
+    alias_template: {{ matrix_mautrix_telegram_alias_template|to_json }}
     # Displayname template for Telegram users.
     # {displayname} is replaced with the display name of the Telegram user.
-    displayname_template: "{displayname} (Telegram)"
+    # Default: {displayname} (Telegram)
+    displayname_template: {{ matrix_mautrix_telegram_displayname_template|to_json }}
 
     # Set the preferred order of user identifiers which to use in the Matrix puppet display name.
     # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
@@ -222,17 +225,6 @@ bridge:
         #      notices from users listed here will be bridged.
         exceptions: []
 
-    # Some config options related to Telegram message deduplication.
-    # The default values are usually fine, but some debug messages/warnings might recommend you
-    # change these.
-    deduplication:
-        # Whether or not to check the database if the message about to be sent is a duplicate.
-        pre_db_check: false
-        # The number of latest events to keep when checking for duplicates.
-        # You might need to increase this on high-traffic bridge instances.
-        cache_queue_length: 20
-
-
     # The formats to use when sending messages to Telegram via the relay bot.
     #
     # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.

roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2

@@ -15,15 +15,6 @@ Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
-ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--network={{ matrix_docker_network }} \
-			-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
-			-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
-			{{ matrix_mautrix_telegram_docker_image }} \
-			alembic -x config=/config/config.yaml upgrade head
 
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5
@@ -44,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr
 			{{ matrix_mautrix_telegram_docker_image }} \
 			python3 -m mautrix_telegram -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-telegram

roles/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -1,12 +1,12 @@
 # mautrix-twitter is a Matrix <-> Twitter bridge
-# See: https://github.com/tulir/mautrix-twitter
+# See: https://github.com/mautrix/twitter
 
 matrix_mautrix_twitter_enabled: true
 
 matrix_mautrix_twitter_container_image_self_build: false
-matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/tulir/mautrix-twitter.git"
+matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
 
-matrix_mautrix_twitter_version: latest
+matrix_mautrix_twitter_version: v0.1.3
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte
 			{{ matrix_mautrix_twitter_docker_image }} \
 			python3 -m mautrix_twitter -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-twitter

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: latest
+matrix_mautrix_whatsapp_version: v0.2.3
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa
 			{{ matrix_mautrix_whatsapp_docker_image }} \
 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-whatsapp

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -25,7 +25,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 10000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -70,7 +70,7 @@ namePatterns:
   #
   # name: username of the user
   # discriminator: hashtag of the user (ex. #1234)
-  user: :name
+  user: ":name (#:discriminator) (via Discord)"
 
   # A user's guild-specific displayname - if they've set a custom nick in
   # a guild
@@ -82,7 +82,7 @@ namePatterns:
   # displayname: the user's custom group-specific nick
   # channel: the name of the channel
   # guild: the name of the guild
-  userOverride: :name
+  userOverride: ":displayname (:name#:discriminator) (via Discord)"
 
   # Room names for bridged Discord channels
   #
@@ -90,7 +90,7 @@ namePatterns:
   #
   # name: name of the channel
   # guild: name of the guild
-  room: :name
+  room: "#:name (:guild on Discord)"
 
   # Group names for bridged Discord servers
   #

roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc
 			{% endfor %}
 			{{ matrix_mx_puppet_discord_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-discord

roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou
 			{% endfor %}
 			{{ matrix_mx_puppet_groupme_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-groupme

roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst
 			{% endfor %}
 			{{ matrix_mx_puppet_instagram_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-instagram

roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp
 			{% endfor %}
 			{{ matrix_mx_puppet_skype_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mx-puppet-skype

roles/matrix-bridge-mx-puppet-slack/tasks/init.yml

@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool