Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

CHANGELOG.md

@@ -1,3 +1,47 @@
+# 2019-05-23
+
+## Ansible 2.8 compatibility
+
+Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187).
+
+A manual change is required to the `inventory/hosts` file, changing the group name from `matrix-servers` to `matrix_servers` (dash to underscore).
+
+To avoid doing it manually, run this:
+- Linux: `sed -i 's/matrix-servers/matrix_servers/g' inventory/hosts`
+- Mac: `sed -i '' 's/matrix-servers/matrix_servers/g' inventory/hosts`
+
+
+# 2019-05-21
+
+## Synapse no longer required
+
+The playbook no longer insists on installing [Synapse](https://github.com/matrix-org/synapse) via the `matrix-synapse` role.
+
+If you would prefer to install Synapse another way and just use the playbook to install other services, it should be possible (`matrix_synapse_enabled: false`).
+
+Note that it won't necessarily be the best experience, since the playbook wires things to Synapse by default.
+If you're using your own Synapse instance (especially one not running in a container), you may have to override many variables to point them to the correct place.
+
+Having Synapse not be a required component potentially opens the door for installing alternative Matrix homeservers.
+
+
+## Bridges are now separate from the Synapse role
+
+Bridges are no longer part of the `matrix-synapse` role.
+Each bridge now lives in its own separate role (`roles/matrix-bridge-*`).
+
+These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook).
+
+
+## Renaming inconsistently-named Synapse variables
+
+For better consistency, the following variables have been renamed:
+
+- `matrix_enable_room_list_search` was renamed to `matrix_synapse_enable_room_list_search`
+- `matrix_alias_creation_rules` was renamed to `matrix_synapse_alias_creation_rules`
+- `matrix_nginx_proxy_matrix_room_list_publication_rulesdata_path` was renamed to `matrix_synapse_room_list_publication_rules`
+
+
 # 2019-05-09
 
 Besides a myriad of bug fixes and minor improvements, here are the more notable (bigger) features we can announce today.

README.md

@@ -8,7 +8,7 @@ That is, it lets you join the Matrix network with your own `@<username>:<your-do
 
 Using this playbook, you can get the following services configured on your server:
 
-- a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
+- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
 
 - (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
 
@@ -94,7 +94,7 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w
 
 This playbook sets up your server using the following Docker images:
 
-- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver
+- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional)
 
 - [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
 

docs/configuring-playbook-external-postgres.md

@@ -20,3 +20,5 @@ The database (as specified in `matrix_synapse_database_database`) must exist and
 It must be empty or contain a valid Synapse database. If empty, Synapse would populate it the first time it runs.
 
 **Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible.
+
+The connection to your external Postgres server **will not be SSL encrypted**, as [we don't support that yet](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/89).

docs/configuring-playbook-rest-auth.md

@@ -8,7 +8,7 @@ If you decide that you'd like to let this playbook install it for you, you need
 
 ```yaml
 matrix_synapse_ext_password_provider_rest_auth_enabled: true
-matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://change.me.example.com:12345"
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-mxisd:8090"
 matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
 matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
 matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false

docs/registering-users.md

@@ -4,11 +4,15 @@ Run this to create a new user account on your Matrix server.
 
 You can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
 
-	ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
+```
 
 **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
 
-	/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1>
+```
+/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1>
+```
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
@@ -25,5 +29,6 @@ The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user
 * log on to your server with ssh
 * execute with the username:
 
-    /usr/local/bin/matrix-make-user-admin <username>
+```
-
+/usr/local/bin/matrix-make-user-admin <username>
+```

docs/updating-users-passwords.md

@@ -1,19 +1,43 @@
 # Updating users passwords
 
-If you are using the matrix-postgres container(default), you can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+## Option 1 (if you are using the default matrix-postgres container):
 
-	ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
+You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
+```
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
 **You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
 
-If you are NOT using the matrix-postgres container, you can generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
 
-	docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
+## Option 2 (if you are using an external Postgres server):
+
+You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#starting-the-services)):
+
+```
+docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
+```
 
 and then connecting to the postgres server and executing:
 
-	UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
+```
-
+UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
+```
+`
 where `<password-hash>` is the hash returned by the docker command above.
+
+
+## Option 3:
+
+Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
+
+This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not.
+
+### Example:
+To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
+```
+curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix.<domain>/_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token
+```

examples/caddy/matrix-dimension

@@ -1,4 +1,6 @@
 https://dimension.DOMAIN {
+	# These might differ if you are supplying your own certificates
+	# If you wish to use Caddy's built-in Let's Encrypt support, you can also supply an email address here
 	tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
 
 	proxy / http://127.0.0.1:8134/ {

examples/caddy/matrix-synapse

@@ -1,5 +1,6 @@
 https://matrix.DOMAIN {
 	# If you use your own certificates, your path may differ
+	# If you wish to use Caddy's built-in Let's Encrypt support, you can also supply an email address here
 	tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
 
 	root /matrix/static-files
@@ -22,7 +23,7 @@ https://matrix.DOMAIN {
 	# Synapse Client<>Server API
 	proxy / matrix-synapse:8008 {
 		transparent
-		without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
+		except /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
 	}
 
 }

examples/hosts

@@ -7,5 +7,5 @@
 # For improved Ansible performance, SSH pipelining is enabled by default (`ansible_ssh_pipelining=yes`).
 # If this causes SSH connection troubles, feel free to disable it.
 
-[matrix-servers]
+[matrix_servers]
 matrix.<your-domain> ansible_host=<your-server's external IP address> ansible_ssh_user=root ansible_ssh_pipelining=yes

group_vars/matrix_servers

@@ -9,28 +9,6 @@
 # You can also override ANY variable (seen here or in any given role),
 # by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
 
-######################################################################
-#
-# matrix-appservice-irc
-#
-######################################################################
-
-# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
-# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
-# matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`).
-matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
-
-######################################################################
-#
-# matrix-appservice-discord
-#
-######################################################################
-
-# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network.
-# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
-# matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`).
-matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
-
 
 ######################################################################
 #
@@ -40,7 +18,6 @@ matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matri
 
 matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_id_servers[0] if matrix_synapse_trusted_third_party_id_servers|length > 0 else None }}"
 
-
 ######################################################################
 #
 # /matrix-base
@@ -48,6 +25,132 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_
 ######################################################################
 
 
+######################################################################
+#
+# matrix-bridge-appservice-discord
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_appservice_discord_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`).
+matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
+
+matrix_appservice_discord_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+######################################################################
+#
+# /matrix-bridge-appservice-discord
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-appservice-irc
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_appservice_irc_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`).
+matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
+
+matrix_appservice_irc_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+######################################################################
+#
+# /matrix-bridge-appservice-irc
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-mautrix-facebook
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_facebook_enabled: false
+
+matrix_mautrix_facebook_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+######################################################################
+#
+# /matrix-bridge-mautrix-facebook
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-mautrix-telegram
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_telegram_enabled: false
+
+matrix_mautrix_telegram_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-telegram
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-mautrix-whatsapp
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_whatsapp_enabled: false
+
+matrix_mautrix_whatsapp_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+######################################################################
+#
+# /matrix-bridge-mautrix-whatsapp
+#
+######################################################################
+
 
 ######################################################################
 #

roles/matrix-base/defaults/main.yml

@@ -47,6 +47,7 @@ run_setup: true
 run_import_postgres: true
 run_upgrade_postgres: true
 run_start: true
+run_stop: true
 run_register_user: true
 run_update_user_password: true
 run_import_sqlite_db: true

roles/matrix-base/tasks/main.yml

@@ -3,22 +3,22 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
 
 - import_tasks: "{{ role_path }}/tasks/setup_server_base.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
 
 - import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
 
 - import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-mxisd
@@ -28,6 +28,6 @@
 - import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
   delegate_to: 127.0.0.1
   become: false
-  when: run_self_check
+  when: run_self_check|bool
   tags:
     - self-check

roles/matrix-base/tasks/self_check_dns.yml

@@ -19,7 +19,7 @@
     - name: Determine domains that we require certificates for (mxisd)
       set_fact:
         dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_mxisd] }}"
-  when: "matrix_mxisd_enabled"
+  when: matrix_mxisd_enabled|bool
 
 - name: Perform DNS SRV checks
   include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"

roles/matrix-base/tasks/setup_well_known.yml

@@ -27,10 +27,10 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: matrix_well_known_matrix_server_enabled
+  when: matrix_well_known_matrix_server_enabled|bool
 
 - name: Ensure Matrix /.well-known/matrix/server file deleted
   file:
     path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
     state: absent
-  when: "not matrix_well_known_matrix_server_enabled"
+  when: "not matrix_well_known_matrix_server_enabled|bool"

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -0,0 +1,131 @@
+# matrix-appservice-discord is a Matrix <-> Discord bridge
+# See: https://github.com/Half-Shot/matrix-appservice-discord
+
+matrix_appservice_discord_enabled: true
+
+matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
+
+matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
+
+# Get your own keys at https://discordapp.com/developers/applications/me/create
+matrix_appservice_discord_client_id: ''
+matrix_appservice_discord_bot_token: ''
+
+# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005).
+matrix_appservice_discord_container_expose_client_server_api_port: false
+
+# A list of extra arguments to pass to the container
+matrix_appservice_discord_container_extra_arguments: []
+
+# List of systemd services that matrix-appservice-discord.service depends on.
+matrix_appservice_discord_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-appservice-discord.service wants
+matrix_appservice_discord_systemd_wanted_services_list: []
+
+matrix_appservice_discord_configuration_yaml: |
+    bridge:
+        domain: "{{ matrix_domain }}"
+        homeserverUrl: "{{ matrix_homeserver_url }}"
+    auth:
+        clientID: "{{matrix_appservice_discord_client_id}}"
+        botToken: "{{matrix_appservice_discord_bot_token}}"
+    database:
+        filename: "/data/discord.db"
+        userStorePath: "/data/user-store.db"
+        roomStorePath: "/data/room-store.db"
+
+matrix_appservice_discord_configuration_extension_yaml: |
+    # This is a sample of the config file showing all avaliable options.
+    # Where possible we have documented what they do, and all values are the
+    # default values.
+    #
+    #bridge:
+    #  # Domain part of the bridge, e.g. matrix.org
+    #  domain: "localhost"
+    #  # This should be your publically facing URL because Discord may use it to
+    #  # fetch media from the media store.
+    #  homeserverUrl: "http://localhost:8008"
+    #  # Interval at which to process users in the 'presence queue'. If you have
+    #  # 5 users, one user will be processed every 500 milliseconds according to the
+    #  # value below. This has a minimum value of 250.
+    #  # WARNING: This has a high chance of spamming the homeserver with presence
+    #  # updates since it will send one each time somebody changes state or is online.
+    #  presenceInterval: 500
+    #  # Disable setting presence for 'ghost users' which means Discord users on Matrix
+    #  # will not be shown as away or online.
+    #  disablePresence: false
+    #  # Disable sending typing notifications when somebody on Discord types.
+    #  disableTypingNotifications: false
+    #  # Disable deleting messages on Discord if a message is redacted on Matrix.
+    #  disableDeletionForwarding: false
+    #  # Enable users to bridge rooms using !discord commands. See
+    #  # https://t2bot.io/discord for instructions.
+    #  enableSelfServiceBridging: false
+    #  # Disable sending of read receipts for Matrix events which have been
+    #  # successfully bridged to Discord.
+    #  disableReadReceipts: false
+    # Authentication configuration for the discord bot.
+    #auth:
+    #  clientID: "12345"
+    #  botToken: "foobar"
+    #logging:
+    #  # What level should the logger output to the console at.
+    #  console: "warn" #silly, verbose, info, http, warn, error, silent
+    #  lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
+    #  files:
+    #    - file: "debug.log"
+    #      disable:
+    #        - "PresenceHandler" # Will not capture presence logging
+    #    - file: "warn.log" # Will capture warnings
+    #      level: "warn"
+    #    - file: "botlogs.log" # Will capture logs from DiscordBot
+    #      level: "info"
+    #      enable:
+    #        - "DiscordBot"
+    #database:
+    #  userStorePath: "user-store.db"
+    #  roomStorePath: "room-store.db"
+    #  # You may either use SQLite or Postgresql for the bridge database, which contains
+    #  # important mappings for events and user puppeting configurations.
+    #  # Use the filename option for SQLite, or connString for Postgresql.
+    #  # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
+    #  # WARNING: You will almost certainly be fine with sqlite unless your bridge
+    #  # is in heavy demand and you suffer from IO slowness.
+    #  filename: "discord.db"
+    #  # connString: "postgresql://user:password@localhost/database_name"
+    #room:
+    #  # Set the default visibility of alias rooms, defaults to "public".
+    #  # One of: "public", "private"
+    #  defaultVisibility: "public"
+    #channel:
+    #    # Pattern of the name given to bridged rooms.
+    #    # Can use :guild for the guild name and :name for the channel name.
+    #    namePattern: "[Discord] :guild :name"
+    #    # Changes made to rooms when a channel is deleted.
+    #    deleteOptions:
+    #       # Prefix the room name with a string.
+    #       #namePrefix: "[Deleted]"
+    #       # Prefix the room topic with a string.
+    #       #topicPrefix: "This room has been deleted"
+    #       # Disable people from talking in the room by raising the event PL to 50
+    #       disableMessaging: false
+    #       # Remove the discord alias from the room.
+    #       unsetRoomAlias: true
+    #       # Remove the room from the directory.
+    #       unlistFromDirectory: true
+    #       # Set the room to be unavaliable for joining without an invite.
+    #       setInviteOnly: true
+    #       # Make all the discord users leave the room.
+    #       ghostsLeave: true
+    #limits:
+    #    # Delay in milliseconds between discord users joining a room.
+    #    roomGhostJoinDelay: 6000
+    #    # Delay in milliseconds before sending messages to discord to avoid echos.
+    #    # (Copies of a sent message may arrive from discord before we've
+    #    # fininished handling it, causing us to echo it back to the room)
+    #    discordSendDelay: 750
+
+matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml else {} }}"
+
+matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}"

roles/matrix-bridge-appservice-discord/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord'] }}"
-  when: matrix_appservice_discord_enabled
+  when: matrix_appservice_discord_enabled|bool

roles/matrix-bridge-appservice-discord/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_appservice_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-discord
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_appservice_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-discord
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_appservice_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-discord

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -1,17 +1,25 @@
 ---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Appservice Discord image is pulled
   docker_image:
     name: "{{ matrix_appservice_discord_docker_image }}"
-  when: "matrix_appservice_discord_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
 
-- name: Ensure Appservice Discord configuration path exists
+- name: Ensure Appservice Discord base directory exists
   file:
     path: "{{ matrix_appservice_discord_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_appservice_discord_enabled"
 
 - name: Ensure Matrix Appservice Discord config installed
   copy:
@@ -20,26 +28,23 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_appservice_discord_enabled"
 
 - name: Ensure matrix-appservice-discord.service installed
   template:
-    src: "{{ role_path }}/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2"
     dest: "/etc/systemd/system/matrix-appservice-discord.service"
     mode: 0644
   register: matrix_appservice_discord_systemd_service_result
-  when: "matrix_appservice_discord_enabled"
 
 - name: Ensure systemd reloaded after matrix-appservice-discord.service installation
   service:
     daemon_reload: yes
-  when: "matrix_appservice_discord_enabled and matrix_appservice_discord_systemd_service_result.changed"
+  when: "matrix_appservice_discord_systemd_service_result.changed"
 
 - name: Check if a matrix-appservice-discord registration file exists
   stat:
     path: "{{ matrix_appservice_discord_base_path }}/discord-registration.yaml"
   register: appservice_discord_registration_file
-  when: "matrix_appservice_discord_enabled"
 
 - name: Generate matrix-appservice-discord discord-registration.yaml if it doesn't exist
   shell: >-
@@ -54,17 +59,15 @@
     -c /data/config.yaml
     -f /data/discord-registration.yaml
     -l discord_bot
-  when: "matrix_appservice_discord_enabled and not appservice_discord_registration_file.stat.exists"
+  when: "not appservice_discord_registration_file.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml'
-  when: "matrix_appservice_discord_enabled"
 
 - name: Check if a matrix-appservice-discord invite_link file exists
   stat:
     path: "{{ matrix_appservice_discord_base_path }}/invite_link"
   register: appservice_discord_link_generated
-  when: "matrix_appservice_discord_enabled"
 
 - name: Generate your discord invite link
   shell: >-
@@ -75,28 +78,16 @@
     -w /data
     {{ matrix_appservice_discord_docker_image }}
     /bin/sh -c "node .././build/tools/addbot.js > invite_link"
-  when: "matrix_appservice_discord_enabled and not appservice_discord_link_generated.stat.exists"
+  when: "not appservice_discord_link_generated.stat.exists"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }}
-  when: "matrix_appservice_discord_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json  }}
-  when: "matrix_appservice_discord_enabled"
-
-#
-# Tasks related to getting rid of matrix-appservice-discord (if it was previously enabled)
-#
-
-- name: Ensure matrix-appservice-discord.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-appservice-discord.service"
-    state: absent
-  when: "not matrix_appservice_discord_enabled"

roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-appservice-discord service
+  stat:
+    path: "/etc/systemd/system/matrix-appservice-discord.service"
+  register: matrix_appservice_discord_service_stat
+
+- name: Ensure matrix-appservice-discord is stopped
+  service:
+    name: matrix-appservice-discord
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_appservice_discord_service_stat.stat.exists"
+
+- name: Ensure matrix-appservice-discord.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-appservice-discord.service"
+    state: absent
+  when: "matrix_appservice_discord_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-appservice-discord.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_appservice_discord_service_stat.stat.exists"

roles/matrix-bridge-appservice-discord/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_appservice_discord_client_id"
+    - "matrix_appservice_discord_bot_token"

roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2

@@ -1,15 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Appservice Discord server
-After=docker.service
+{% for service in matrix_appservice_discord_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_appservice_discord_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
 ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
+
 ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -19,13 +23,16 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
 			-p 127.0.0.1:9005:9005 \
 			{% endif %}
 			-v {{ matrix_appservice_discord_base_path }}:/data \
+			{% for arg in matrix_appservice_discord_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_appservice_discord_docker_image }}
 
-			
 ExecStop=-/usr/bin/docker kill matrix-appservice-discord
 ExecStop=-/usr/bin/docker rm matrix-appservice-discord
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-appservice-discord
 
  [Install]
 WantedBy=multi-user.target

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -0,0 +1,436 @@
+# Matrix Appservice IRC is a Matrix <-> IRC bridge
+# See: https://github.com/matrix-org/matrix-appservice-irc
+
+matrix_appservice_irc_enabled: true
+
+matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
+
+matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
+
+# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
+matrix_appservice_irc_container_expose_client_server_api_port: false
+
+# A list of extra arguments to pass to the container
+matrix_appservice_irc_container_extra_arguments: []
+
+# List of systemd services that matrix-appservice-irc.service depends on.
+matrix_appservice_irc_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-appservice-irc.service wants
+matrix_appservice_irc_systemd_wanted_services_list: []
+
+matrix_appservice_irc_configuration_yaml: |
+  #jinja2: lstrip_blocks: True
+  homeserver:
+    url: "https://{{ matrix_server_fqn_matrix }}"
+    domain: "{{ matrix_domain }}"
+    enablePresence: true
+
+matrix_appservice_irc_configuration_extension_yaml: |
+  # Your custom YAML configuration for Appservice IRC servers goes here.
+  # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_appservice_irc_configuration_yaml`.
+  #
+  # Example configuration extension follows:
+  #
+  # ircService:
+  #   databaseUri: "nedb:///data" # does not typically need modification
+  #   passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
+  #   matrixHandler:
+  #     eventCacheSize: 4096
+  #   servers:
+  #     # The address of the server to connect to.
+  #     irc.example.com:
+  #       # A human-readable short name. This is used to label IRC status rooms
+  #       # where matrix users control their connections.
+  #       # E.g. 'ExampleNet IRC Bridge status'.
+  #       # It is also used in the Third Party Lookup API as the instance `desc`
+  #       # property, where each server is an instance.
+  #       name: "ExampleNet"
+  #
+  #       additionalAddresses: [ "irc2.example.com" ]
+  #       #
+  #       # [DEPRECATED] Use `name`, above, instead.
+  #       # A human-readable description string
+  #       # description: "Example.com IRC network"
+  #
+  #       # An ID for uniquely identifying this server amongst other servers being bridged.
+  #       # networkId: "example"
+  #
+  #       # URL to an icon used as the network icon whenever this network appear in
+  #       # a network list. (Like in the riot room directory, for instance.)
+  #       # icon: https://example.com/images/hash.png
+  #
+  #       # The port to connect to. Optional.
+  #       port: 6697
+  #       # Whether to use SSL or not. Default: false.
+  #       ssl: true
+  #       # Whether or not IRC server is using a self-signed cert or not providing CA Chain
+  #       sslselfsign: false
+  #       # Should the connection attempt to identify via SASL (if a server or user password is given)
+  #       # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
+  #       sasl: false
+  #       # Whether to allow expired certs when connecting to the IRC server.
+  #       # Usually this should be off. Default: false.
+  #       allowExpiredCerts: false
+  #       # A specific CA to trust instead of the default CAs. Optional.
+  #       #ca: |
+  #       #  -----BEGIN CERTIFICATE-----
+  #       #  ...
+  #       #  -----END CERTIFICATE-----
+  #
+  #       #
+  #       # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
+  #       # password: 'pa$$w0rd'
+  #       #
+  #       # Whether or not to send connection/error notices to real Matrix users. Default: true.
+  #       sendConnectionMessages: true
+  #
+  #       quitDebounce:
+  #         # Whether parts due to net-splits are debounced for delayMs, to allow
+  #         # time for the netsplit to resolve itself. A netsplit is detected as being
+  #         # a QUIT rate higher than quitsPerSecond. Default: false.
+  #         enabled: false
+  #         # The maximum number of quits per second acceptable above which a netsplit is
+  #         # considered ongoing. Default: 5.
+  #         quitsPerSecond: 5
+  #         # The time window in which to wait before bridging a QUIT to Matrix that occurred during
+  #         # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
+  #         # is not sent many requests to leave rooms all at once if a netsplit occurs and many
+  #         # people to not rejoin.
+  #         # If the user with the same IRC nick as the one who sent the quit rejoins a channel
+  #         # they are considered back online and the quit is not bridged, so long as the rejoin
+  #         # occurs before the randomly-jittered timeout is not reached.
+  #         # Default: 3600000, = 1h
+  #         delayMinMs: 3600000 # 1h
+  #         # Default: 7200000, = 2h
+  #         delayMaxMs: 7200000 # 2h
+  #
+  #       # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
+  #       # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
+  #       # been given multiple modes, the one that maps to the highest power level will be used.
+  #       modePowerMap:
+  #         o: 50
+  #
+  #       botConfig:
+  #         # Enable the presence of the bot in IRC channels. The bot serves as the entity
+  #         # which maps from IRC -> Matrix. You can disable the bot entirely which
+  #         # means IRC -> Matrix chat will be shared by active "M-Nick" connections
+  #         # in the room. If there are no users in the room (or if there are users
+  #         # but their connections are not on IRC) then nothing will be bridged to
+  #         # Matrix. If you're concerned about the bot being treated as a "logger"
+  #         # entity, then you may want to disable the bot. If you want IRC->Matrix
+  #         # but don't want to have TCP connections to IRC unless a Matrix user speaks
+  #         # (because your client connection limit is low), then you may want to keep
+  #         # the bot enabled. Default: true.
+  #         # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
+  #         #     on, else there will be no users and no bot in a channel (meaning no
+  #         #     messages to Matrix!) until a Matrix user speaks which makes a client
+  #         #     join the target IRC channel.
+  #         # NBB: The bridge bot IRC client will still join the target IRC network so
+  #         #      it can service bridge-specific queries from the IRC-side e.g. so
+  #         #      real IRC clients have a way to change their Matrix display name.
+  #         #      See https://github.com/matrix-org/matrix-appservice-irc/issues/55
+  #         enabled: true
+  #         # The nickname to give the AS bot.
+  #         nick: "MatrixBot"
+  #         # The password to give to NickServ or IRC Server for this nick. Optional.
+  #         # password: "helloworld"
+  #         #
+  #         # Join channels even if there are no Matrix users on the other side of
+  #         # the bridge. Set to false to prevent the bot from joining channels which have no
+  #         # real matrix users in them, even if there is a mapping for the channel.
+  #         # Default: true
+  #         joinChannelsIfNoUsers: true
+  #
+  #       # Configuration for PMs / private 1:1 communications between users.
+  #       privateMessages:
+  #         # Enable the ability for PMs to be sent to/from IRC/Matrix.
+  #         # Default: true.
+  #         enabled: true
+  #         # Prevent Matrix users from sending PMs to the following IRC nicks.
+  #         # Optional. Default: [].
+  #         # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
+  #
+  #         # Should created Matrix PM rooms be federated? If false, only users on the
+  #         # HS attached to this AS will be able to interact with this room.
+  #         # Optional. Default: true.
+  #         federate: true
+  #
+  #       # Configuration for mappings not explicitly listed in the 'mappings'
+  #       # section.
+  #       dynamicChannels:
+  #         # Enable the ability for Matrix users to join *any* channel on this IRC
+  #         # network.
+  #         # Default: false.
+  #         enabled: true
+  #         # Should the AS create a room alias for the new Matrix room? The form of
+  #         # the alias can be modified via 'aliasTemplate'. Default: true.
+  #         createAlias: true
+  #         # Should the AS publish the new Matrix room to the public room list so
+  #         # anyone can see it? Default: true.
+  #         published: true
+  #         # What should the join_rule be for the new Matrix room? If 'public',
+  #         # anyone can join the room. If 'invite', only users with an invite can
+  #         # join the room. Note that if an IRC channel has +k or +i set on it,
+  #         # join_rules will be set to 'invite' until these modes are removed.
+  #         # Default: "public".
+  #         joinRule: public
+  #         # This will set the m.room.related_groups state event in newly created rooms
+  #         # with the given groupId. This means flares will show up on IRC users in those rooms.
+  #         # This should be set to the same thing as namespaces.users.group_id in irc_registration.
+  #         # This does not alter existing rooms.
+  #         # Leaving this option empty will not set the event.
+  #         groupId: +myircnetwork:localhost
+  #         # Should created Matrix rooms be federated? If false, only users on the
+  #         # HS attached to this AS will be able to interact with this room.
+  #         # Default: true.
+  #         federate: true
+  #         # The room alias template to apply when creating new aliases. This only
+  #         # applies if createAlias is 'true'. The following variables are exposed:
+  #         # $SERVER => The IRC server address (e.g. "irc.example.com")
+  #         # $CHANNEL => The IRC channel (e.g. "#python")
+  #         # This MUST have $CHANNEL somewhere in it.
+  #         # Default: '#irc_$SERVER_$CHANNEL'
+  #         aliasTemplate: "#irc_$CHANNEL"
+  #         # A list of user IDs which the AS bot will send invites to in response
+  #         # to a !join. Only applies if joinRule is 'invite'. Default: []
+  #         # whitelist:
+  #         #   - "@foo:example.com"
+  #         #   - "@bar:example.com"
+  #         #
+  #         # Prevent the given list of channels from being mapped under any
+  #         # circumstances.
+  #         # exclude: ["#foo", "#bar"]
+  #
+  #       # Configuration for controlling how Matrix and IRC membership lists are
+  #       # synced.
+  #       membershipLists:
+  #         # Enable the syncing of membership lists between IRC and Matrix. This
+  #         # can have a significant effect on performance on startup as the lists are
+  #         # synced. This must be enabled for anything else in this section to take
+  #         # effect. Default: false.
+  #         enabled: false
+  #
+  #         # Syncing membership lists at startup can result in hundreds of members to
+  #         # process all at once. This timer drip feeds membership entries at the
+  #         # specified rate. Default: 10000. (10s)
+  #         floodDelayMs: 10000
+  #
+  #         global:
+  #           ircToMatrix:
+  #             # Get a snapshot of all real IRC users on a channel (via NAMES) and
+  #             # join their virtual matrix clients to the room.
+  #             initial: false
+  #             # Make virtual matrix clients join and leave rooms as their real IRC
+  #             # counterparts join/part channels. Default: false.
+  #             incremental: false
+  #
+  #           matrixToIrc:
+  #             # Get a snapshot of all real Matrix users in the room and join all of
+  #             # them to the mapped IRC channel on startup. Default: false.
+  #             initial: false
+  #             # Make virtual IRC clients join and leave channels as their real Matrix
+  #             # counterparts join/leave rooms. Make sure your 'maxClients' value is
+  #             # high enough! Default: false.
+  #             incremental: false
+  #
+  #         # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
+  #         rooms:
+  #           - room: "!fuasirouddJoxtwfge:localhost"
+  #             matrixToIrc:
+  #               initial: false
+  #               incremental: false
+  #
+  #         # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
+  #         channels:
+  #           - channel: "#foo"
+  #             ircToMatrix:
+  #               initial: false
+  #               incremental: false
+  #
+  #       mappings:
+  #         # 1:many mappings from IRC channels to room IDs on this IRC server.
+  #         # The matrix room must already exist. Your matrix client should expose
+  #         # the room ID in a "settings" page for the room.
+  #         "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
+  #
+  #       # Configuration for virtual matrix users. The following variables are
+  #       # exposed:
+  #       # $NICK => The IRC nick
+  #       # $SERVER => The IRC server address (e.g. "irc.example.com")
+  #       matrixClients:
+  #         # The user ID template to use when creating virtual matrix users. This
+  #         # MUST have $NICK somewhere in it.
+  #         # Optional. Default: "@$SERVER_$NICK".
+  #         # Example: "@irc.example.com_Alice:example.com"
+  #         userTemplate: "@irc_$NICK"
+  #         # The display name to use for created matrix clients. This should have
+  #         # $NICK somewhere in it if it is specified. Can also use $SERVER to
+  #         # insert the IRC domain.
+  #         # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
+  #         displayName: "$NICK (IRC)"
+  #         # Number of tries a client can attempt to join a room before the request
+  #         # is discarded. You can also use -1 to never retry or 0 to never give up.
+  #         # Optional. Default: -1
+  #         joinAttempts: -1
+  #
+  #       # Configuration for virtual IRC users. The following variables are exposed:
+  #       # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
+  #       # $USERID => The user ID
+  #       # $DISPLAY => The display name of this user, with excluded characters
+  #       #             (e.g. space) removed. If the user has no display name, this
+  #       #             falls back to $LOCALPART.
+  #       ircClients:
+  #         # The template to apply to every IRC client nick. This MUST have either
+  #         # $DISPLAY or $USERID or $LOCALPART somewhere in it.
+  #         # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
+  #         nickTemplate: "$DISPLAY[m]"
+  #         # True to allow virtual IRC clients to change their nick on this server
+  #         # by issuing !nick <server> <nick> commands to the IRC AS bot.
+  #         # This is completely freeform: it will NOT follow the nickTemplate.
+  #         allowNickChanges: true
+  #         # The max number of IRC clients that will connect. If the limit is
+  #         # reached, the client that spoke the longest time ago will be
+  #         # disconnected and replaced.
+  #         # Optional. Default: 30.
+  #         maxClients: 30
+  #         # IPv6 configuration.
+  #         ipv6:
+  #           # Optional. Set to true to force IPv6 for outgoing connections.
+  #           only: false
+  #           # Optional. The IPv6 prefix to use for generating unique addresses for each
+  #           # connected user. If not specified, all users will connect from the same
+  #           # (default) address. This may require additional OS-specific work to allow
+  #           # for the node process to bind to multiple different source addresses
+  #           # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
+  #           # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
+  #           # prefix: "2001:0db8:85a3::"  # modify appropriately
+  #         #
+  #         # The maximum amount of time in seconds that the client can exist
+  #         # without sending another message before being disconnected. Use 0 to
+  #         # not apply an idle timeout. This value is ignored if this IRC server is
+  #         # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
+  #         idleTimeout: 10800
+  #         # The number of millseconds to wait between consecutive reconnections if a
+  #         # client gets disconnected. Setting to 0 will cause the scheduling to be
+  #         # disabled, i.e. it will be scheduled immediately (with jitter.
+  #         # Otherwise, the scheduling interval will be used such that one client
+  #         # reconnect for this server will be handled every reconnectIntervalMs ms using
+  #         # a FIFO queue.
+  #         # Default: 5000 (5 seconds)
+  #         reconnectIntervalMs: 5000
+  #         # The number of concurrent reconnects if a user has been disconnected unexpectedly
+  #         # (e.g. a netsplit). You should set this to a reasonably high number so that
+  #         # bridges are not waiting an eternity to reconnect all its clients if
+  #         # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
+  #         # setting above which is for connecting on restart of the bridge. Set to 0 to
+  #         # immediately try to reconnect all users.
+  #         # Default: 50
+  #         concurrentReconnectLimit: 50
+  #         # The number of lines to allow being sent by the IRC client that has received
+  #         # a large block of text to send from matrix. If the number of lines that would
+  #         # be sent is > lineLimit, the text will instead be uploaded to matrix and the
+  #         # resulting URI is treated as a file. As such, a link will be sent to the IRC
+  #         # side instead of potentially spamming IRC and getting the IRC client kicked.
+  #         # Default: 3.
+  #         lineLimit: 3
+  #         # A list of user modes to set on every IRC client. For example, "RiG" would set
+  #         # +R, +i and +G on every IRC connection when they have successfully connected.
+  #         # User modes vary wildly depending on the IRC network you're connecting to,
+  #         # so check before setting this value. Some modes may not work as intended
+  #         # through the bridge e.g. caller ID as there is no way to /ACCEPT.
+  #         # Default: "" (no user modes)
+  #         # userModes: "R"
+  #
+  #   # Configuration for an ident server. If you are running a public bridge it is
+  #   # advised you setup an ident server so IRC mods can ban specific matrix users
+  #   # rather than the application service itself.
+  #   ident:
+  #     # True to listen for Ident requests and respond with the
+  #     # matrix user's user_id (converted to ASCII, respecting RFC 1413).
+  #     # Default: false.
+  #     enabled: false
+  #     # The port to listen on for incoming ident requests.
+  #     # Ports below 1024 require root to listen on, and you may not want this to
+  #     # run as root. Instead, you can get something like an Apache to yank up
+  #     # incoming requests to 113 to a high numbered port. Set the port to listen
+  #     # on instead of 113 here.
+  #     # Default: 113.
+  #     port: 1113
+  #     # The address to listen on for incoming ident requests.
+  #     # Default: 0.0.0.0
+  #     address: "::"
+  #
+  #   # Configuration for logging. Optional. Default: console debug level logging
+  #   # only.
+  #   logging:
+  #     # Level to log on console/logfile. One of error|warn|info|debug
+  #     level: "debug"
+  #     # The file location to log to. This is relative to the project directory.
+  #     logfile: "debug.log"
+  #     # The file location to log errors to. This is relative to the project
+  #     # directory.
+  #     errfile: "errors.log"
+  #     # Whether to log to the console or not.
+  #     toConsole: true
+  #     # The max number of files to keep. Files will be overwritten eventually due
+  #     # to rotations.
+  #     maxFiles: 5
+  #
+  #   # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
+  #   #   $ npm install prom-client@6.3.0
+  #   # Metrics will then be available via GET /metrics on the bridge listening port (-p).
+  #   metrics:
+  #     # Whether to actually enable the metric endpoint. Default: false
+  #     enabled: true
+  #     # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
+  #     # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
+  #     remoteUserAgeBuckets:
+  #       - "1h"
+  #       - "1d"
+  #       - "1w"
+  #
+  #   # Configuration options for the debug HTTP API. To access this API, you must
+  #   # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
+  #   #
+  #   # The debug API exposes the following endpoints:
+  #   #
+  #   #   GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
+  #   #
+  #   #   POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
+  #   #                                      Format: new line delimited commands as per IRC protocol.
+  #   #
+  #   debugApi:
+  #     # True to enable the HTTP API endpoint. Default: false.
+  #     enabled: false
+  #     # The port to host the HTTP API.
+  #     port: 11100
+  #
+  #   # Configuration for the provisioning API.
+  #   #
+  #   # GET /_matrix/provision/link
+  #   # GET /_matrix/provision/unlink
+  #   # GET /_matrix/provision/listlinks
+  #   #
+  #   provisioning:
+  #     # True to enable the provisioning HTTP endpoint. Default: false.
+  #     enabled: false
+  #     # The number of seconds to wait before giving up on getting a response from
+  #     # an IRC channel operator. If the channel operator does not respond within the
+  #     # allotted time period, the provisioning request will fail.
+  #     # Default: 300 seconds (5 mins)
+  #     requestTimeoutSeconds: 300
+  #
+  #   # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
+  #   # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
+  #   # the database.
+  #   #
+
+matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}"
+
+matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}"

roles/matrix-bridge-appservice-irc/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
-  when: matrix_appservice_irc_enabled
+  when: matrix_appservice_irc_enabled|bool

roles/matrix-bridge-appservice-irc/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_appservice_irc_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-irc
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_appservice_irc_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-irc
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_appservice_irc_enabled|bool"
+  tags:
+    - setup-all
+    - setup-appservice-irc

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -1,17 +1,25 @@
 ---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Appservice IRC image is pulled
   docker_image:
     name: "{{ matrix_appservice_irc_docker_image }}"
-  when: "matrix_appservice_irc_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
 
-- name: Ensure Appservice IRC configuration path exists
+- name: Ensure Appservice IRC base directory exists
   file:
     path: "{{ matrix_appservice_irc_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_appservice_irc_enabled"
 
 - name: Ensure Matrix Appservice IRC config installed
   copy:
@@ -20,36 +28,32 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_appservice_irc_enabled"
 
 - name: Check if matrix-appservice-irc passkey exists
   stat:
     path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
   register: irc_passkey_file
-  when: "matrix_appservice_irc_enabled"
 
 - name: Generate matrix-appservice-irc passkey if it doesn't exist
   shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
-  when: "matrix_appservice_irc_enabled and not irc_passkey_file.stat.exists"
+  when: "not irc_passkey_file.stat.exists"
 
 - name: Ensure matrix-appservice-irc.service installed
   template:
-    src: "{{ role_path }}/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
     dest: "/etc/systemd/system/matrix-appservice-irc.service"
     mode: 0644
   register: matrix_appservice_irc_systemd_service_result
-  when: "matrix_appservice_irc_enabled"
 
 - name: Ensure systemd reloaded after matrix-appservice-irc.service installation
   service:
     daemon_reload: yes
-  when: "matrix_appservice_irc_enabled and matrix_appservice_irc_systemd_service_result.changed"
+  when: "matrix_appservice_irc_systemd_service_result.changed"
 
 - name: Check if a matrix-appservice-irc registration file exists
   stat:
     path: "{{ matrix_appservice_irc_base_path }}/registration.yaml"
   register: appservice_irc_registration_file
-  when: "matrix_appservice_irc_enabled"
 
 - name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
   shell: >-
@@ -64,25 +68,22 @@
     -u "http://matrix-appservice-irc:9999"
     -c /data/config.yaml
     -l irc_bot
-  when: "matrix_appservice_irc_enabled and not appservice_irc_registration_file.stat.exists"
+  when: "not appservice_irc_registration_file.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml'
-  when: "matrix_appservice_irc_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }}
-  when: "matrix_appservice_irc_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json  }}
-  when: "matrix_appservice_irc_enabled"
 
 - name: Ensure IRC configuration directory permissions are correct
   file:
@@ -91,14 +92,3 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
     recurse: true
-  when: "matrix_appservice_irc_enabled"
-
-#
-# Tasks related to getting rid of matrix-appservice-irc (if it was previously enabled)
-#
-
-- name: Ensure matrix-appservice-irc.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-appservice-irc.service"
-    state: absent
-  when: "not matrix_appservice_irc_enabled"

roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-appservice-irc service
+  stat:
+    path: "/etc/systemd/system/matrix-appservice-irc.service"
+  register: matrix_appservice_irc_service_stat
+
+- name: Ensure matrix-appservice-irc is stopped
+  service:
+    name: matrix-appservice-irc
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_appservice_irc_service_stat.stat.exists"
+
+- name: Ensure matrix-appservice-irc.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-appservice-irc.service"
+    state: absent
+  when: "matrix_appservice_irc_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-appservice-irc.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_appservice_irc_service_stat.stat.exists"

roles/matrix-bridge-appservice-irc/tasks/validate_config.yml

@@ -0,0 +1,16 @@
+---
+
+# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
+# let the playbook run without errors.
+#
+# Unless the final configuration (`matrix_appservice_irc_configuration`) contains an `ircService` definition,
+# we'd fail generating the registration.yaml file with a non-helpful error.
+#
+# This is a safety check to ensure we fail earlier and in a nicer way.
+- name: Fail if no additional configuration provided
+  fail:
+    msg: >-
+      Your Appservice IRC configuration is incomplete (lacking an `ircService` key).
+      You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
+  when: "matrix_appservice_irc_configuration.ircService|default(none) is none"
+

roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2

@@ -1,15 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Appservice IRC server
-After=docker.service
+{% for service in matrix_appservice_irc_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_appservice_irc_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
 ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
+
 ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -19,12 +23,17 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
 			-p 127.0.0.1:9999:9999 \
 			{% endif %}
 			-v {{ matrix_appservice_irc_base_path }}:/data:z \
+			{% for arg in matrix_appservice_irc_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_appservice_irc_docker_image }} \
 			-c /data/config.yaml -f /data/registration.yaml -p 9999
+
 ExecStop=-/usr/bin/docker kill matrix-appservice-irc
 ExecStop=-/usr/bin/docker rm matrix-appservice-irc
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-appservice-irc
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -0,0 +1,25 @@
+# mautrix-facebook is a Matrix <-> Facebook bridge
+# See: https://github.com/tulir/mautrix-facebook
+
+matrix_mautrix_facebook_enabled: true
+
+matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
+
+matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
+
+# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
+matrix_mautrix_facebook_api_id: ''
+matrix_mautrix_facebook_api_hash: ''
+
+matrix_mautrix_facebook_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}'
+matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080'
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_facebook_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-facebook.service depends on.
+matrix_mautrix_facebook_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-facebook.service wants
+matrix_mautrix_facebook_systemd_wanted_services_list: []

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
-  when: matrix_mautrix_facebook_enabled
+  when: matrix_mautrix_facebook_enabled|bool

roles/matrix-bridge-mautrix-facebook/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mautrix_facebook_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-facebook

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -1,63 +1,56 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Facebook image is pulled
   docker_image:
     name: "{{ matrix_mautrix_facebook_docker_image }}"
-  when: "matrix_mautrix_facebook_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
 
-- name: Ensure Mautrix Facebook configuration path exists
+- name: Ensure Mautrix Facebook base directory exists
   file:
     path: "{{ matrix_mautrix_facebook_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Check if a mautrix-facebook configuration file exists
   stat:
     path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
   register: mautrix_facebook_config_file_stat
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Ensure Matrix Mautrix facebook config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2"
+    src: "{{ role_path }}/templates/config.yaml.j2"
     dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists"
+  when: "not mautrix_facebook_config_file_stat.stat.exists"
-
-- name: (Migration) Fix up old configuration
-  lineinfile:
-    path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-    backrefs: yes
-  with_items:
-    - {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'}
-    - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'}
-  when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-facebook.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-facebook.service"
     mode: 0644
   register: matrix_mautrix_facebook_systemd_service_result
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed"
+  when: "matrix_mautrix_facebook_systemd_service_result.changed"
 
 - name: Check if a mautrix-facebook registration file exists
   stat:
     path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml"
   register: mautrix_facebook_registration_file_stat
-  when: "matrix_mautrix_facebook_enabled"
 
 - name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist
   shell:
@@ -70,32 +63,19 @@
       -v {{ matrix_mautrix_facebook_base_path }}:/data:z
       {{ matrix_mautrix_facebook_docker_image }}
       python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists"
+  when: "not mautrix_facebook_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
-  when: "matrix_mautrix_facebook_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_facebook_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json  }}
-  when: "matrix_mautrix_facebook_enabled"
-
-#
-# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-facebook.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
-    state: absent
-  when: "not matrix_mautrix_facebook_enabled"

roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mautrix-facebook service
+  stat:
+    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
+  register: matrix_mautrix_facebook_service_stat
+
+- name: Ensure matrix-mautrix-facebook is stopped
+  service:
+    name: matrix-mautrix-facebook
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_facebook_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-facebook.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-facebook.service"
+    state: absent
+  when: "matrix_mautrix_facebook_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_facebook_service_stat.stat.exists"

roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mautrix_facebook_api_id"
+    - "matrix_mautrix_facebook_api_hash"

roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -2,9 +2,9 @@
 # Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
-    address: https://{{ matrix_server_fqn_matrix }}
+    address: {{ matrix_mautrix_facebook_homeserver_address }}
     # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_domain }}
+    domain: {{ matrix_mautrix_facebook_homeserver_domain }}
     # Whether or not to verify the SSL certificate of the homeserver.
     # Only applies if address starts with https://
     verify_ssl: true
@@ -13,7 +13,7 @@ homeserver:
 # Changing these values requires regeneration of the registration.
 appservice:
     # The address that the homeserver can use to connect to this appservice.
-    address: http://matrix-mautrix-facebook:8080
+    address: {{ matrix_mautrix_facebook_appservice_address }}
 
     # The hostname and port where this appservice should listen.
     hostname: 0.0.0.0
@@ -73,7 +73,7 @@ bridge:
     #   domain - All users on that homeserver
     #     mxid - Specific user
     permissions:
-        '{{ matrix_domain }}': user
+        '{{ matrix_mautrix_facebook_homeserver_domain }}': user
 
 # Python logging configuration.
 #

roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2

@@ -1,10 +1,13 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Facebook server
-After=docker.service
+{% for service in matrix_mautrix_facebook_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_mautrix_facebook_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
@@ -17,18 +20,24 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
 			-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
 			{{ matrix_mautrix_facebook_docker_image }} \
 			alembic -x config=/data/config.yaml upgrade head
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
+			{% for arg in matrix_mautrix_facebook_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_facebook_docker_image }} \
 			python3 -m mautrix_facebook -c /data/config.yaml
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
 ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-mautrix-facebook
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -0,0 +1,34 @@
+# mautrix-telegram is a Matrix <-> Telegram bridge
+# See: https://github.com/tulir/mautrix-telegram
+
+matrix_mautrix_telegram_enabled: true
+
+matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1"
+
+matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
+
+# Get your own API keys at https://my.telegram.org/apps
+matrix_mautrix_telegram_api_id: ''
+matrix_mautrix_telegram_api_hash: ''
+
+# Mautrix telegram public endpoint to log in to telegram
+# Use an uuid so it's not easily discoverable.
+# Example: /741a0483-ba17-4682-9900-30bd7269f1cc
+matrix_mautrix_telegram_public_endpoint: ''
+
+matrix_mautrix_telegram_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}'
+matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
+matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
+
+# Set this to a port number to expose on the host when not using matrix-nginx-proxy
+matrix_mautrix_telegram_container_exposed_port_number: ~
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_telegram_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-telegram.service depends on.
+matrix_mautrix_telegram_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-telegram.service wants
+matrix_mautrix_telegram_systemd_wanted_services_list: []

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}"
-  when: matrix_mautrix_telegram_enabled
+  when: matrix_mautrix_telegram_enabled|bool

roles/matrix-bridge-mautrix-telegram/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mautrix_telegram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -1,33 +1,39 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Telegram image is pulled
   docker_image:
     name: "{{ matrix_mautrix_telegram_docker_image }}"
-  when: "matrix_mautrix_telegram_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
 
-- name: Ensure Mautrix Telegram configuration path exists
+- name: Ensure Mautrix Telegram base directory exists
   file:
     path: "{{ matrix_mautrix_telegram_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Check if a mautrix-telegram configuration file exists
   stat:
     path: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
   register: mautrix_telegram_config_file_stat
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Ensure Matrix Mautrix telegram config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2"
+    src: "{{ role_path }}/templates/config.yaml.j2"
     dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_config_file_stat.stat.exists"
+  when: "not mautrix_telegram_config_file_stat.stat.exists"
 
 - name: (Migration) Fix up old configuration
   lineinfile:
@@ -38,26 +44,24 @@
   with_items:
     - {'regexp': '^(\s+)filename: \./mautrix-telegram.log', 'line': '\1filename: /data/mautrix-telegram.log'}
     - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-telegram.db'}
-  when: "matrix_mautrix_telegram_enabled and mautrix_telegram_config_file_stat.stat.exists"
+  when: "mautrix_telegram_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-telegram.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-telegram.service"
     mode: 0644
   register: matrix_mautrix_telegram_systemd_service_result
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_systemd_service_result.changed"
+  when: "matrix_mautrix_telegram_systemd_service_result.changed"
 
 - name: Check if a mautrix-telegram registration file exists
   stat:
     path: "{{ matrix_mautrix_telegram_base_path }}/registration.yaml"
   register: mautrix_telegram_registration_file_stat
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Generate matrix-mautrix-telegram registration.yaml if it doesn't exist
   shell:
@@ -70,25 +74,22 @@
       -v {{ matrix_mautrix_telegram_base_path }}:/data:z
       {{ matrix_mautrix_telegram_docker_image }}
       python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_registration_file_stat.stat.exists"
+  when: "not mautrix_telegram_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
-  when: "matrix_mautrix_telegram_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_telegram_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json  }}
-  when: "matrix_mautrix_telegram_enabled"
 
 - block:
   - name: Fail if matrix-nginx-proxy role already executed
@@ -97,8 +98,8 @@
         Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
         To fix this, please change the order of roles in your plabook,
-        so that the matrix-nginx-proxy role would run after the matrix-synapse role.
+        so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
-    when: "matrix_nginx_proxy_role_executed"
+    when: matrix_nginx_proxy_role_executed|bool
 
   - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
     set_fact:
@@ -124,7 +125,7 @@
           [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
         }}
 
-  when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled|default(False)"
+  when: "matrix_nginx_proxy_enabled|default(False)"
   tags:
    - always
 
@@ -135,14 +136,4 @@
       reverse proxy.
       Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
       URL endpoint to the matrix-mautrix-telegram container.
-  when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled is not defined"
+  when: "matrix_nginx_proxy_enabled is not defined"
-
-#
-# Tasks related to getting rid of matrix-mautrix-telegram (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-telegram.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
-    state: absent
-  when: "not matrix_mautrix_telegram_enabled"

roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mautrix-telegram service
+  stat:
+    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
+  register: matrix_mautrix_telegram_service_stat
+
+- name: Ensure matrix-mautrix-telegram is stopped
+  service:
+    name: matrix-mautrix-telegram
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_telegram_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-telegram.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
+    state: absent
+  when: "matrix_mautrix_telegram_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_telegram_service_stat.stat.exists"

roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mautrix_telegram_api_id"
+    - "matrix_mautrix_telegram_api_hash"
+    - "matrix_mautrix_telegram_public_endpoint"

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -2,9 +2,9 @@
 # Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
-    address: https://{{ matrix_server_fqn_matrix }}
+    address: {{ matrix_mautrix_telegram_homeserver_address }}
     # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_domain }}
+    domain: {{ matrix_mautrix_telegram_homeserver_domain }}
     # Whether or not to verify the SSL certificate of the homeserver.
     # Only applies if address starts with https://
     verify_ssl: true
@@ -13,7 +13,7 @@ homeserver:
 # Changing these values requires regeneration of the registration.
 appservice:
     # The address that the homeserver can use to connect to this appservice.
-    address: http://matrix-mautrix-telegram:8080
+    address: {{ matrix_mautrix_telegram_appservice_address }}
 
     # The hostname and port where this appservice should listen.
     hostname: 0.0.0.0
@@ -39,7 +39,7 @@ appservice:
         prefix: {{ matrix_mautrix_telegram_public_endpoint }}
         # The base URL where the public-facing endpoints are available. The prefix is not added
         # implicitly.
-        external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
+        external: {{ matrix_mautrix_telegram_appservice_public_external }}
 
     # Provisioning API part of the web server for automated portal creation and fetching information.
     # Used by things like Dimension (https://dimension.t2bot.io/).
@@ -207,7 +207,7 @@ bridge:
     #   domain - All users on that homeserver
     #     mxid - Specific user
     permissions:
-        '{{ matrix_domain }}': full
+        '{{ matrix_mautrix_telegram_homeserver_domain }}': full
 
     # Options related to the message relay Telegram bot.
     relaybot:

roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2

@@ -1,10 +1,13 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Telegram server
-After=docker.service
+{% for service in matrix_mautrix_telegram_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_mautrix_telegram_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
@@ -17,6 +20,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
 			-v {{ matrix_mautrix_telegram_base_path }}:/data:z \
 			{{ matrix_mautrix_telegram_docker_image }} \
 			alembic -x config=/data/config.yaml upgrade head
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -26,12 +30,17 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
 			-p 127.0.0.1:{{ matrix_mautrix_telegram_container_exposed_port_number }}:8080 \
 			{% endif %}
 			-v {{ matrix_mautrix_telegram_base_path }}:/data:z \
+			{% for arg in matrix_mautrix_telegram_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_telegram_docker_image }} \
 			python3 -m mautrix_telegram -c /data/config.yaml
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
 ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-mautrix-telegram
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -0,0 +1,21 @@
+# mautrix-whatsapp is a Matrix <-> Whatsapp bridge
+# See: https://github.com/tulir/mautrix-whatsapp
+
+matrix_mautrix_whatsapp_enabled: true
+
+matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
+
+matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
+
+matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}"
+matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
+matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_whatsapp_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-whatsapp.service depends on.
+matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-whatsapp.service wants
+matrix_mautrix_whatsapp_systemd_wanted_services_list: []

roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}"
-  when: matrix_mautrix_whatsapp_enabled
+  when: matrix_mautrix_whatsapp_enabled|bool

roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml

@@ -0,0 +1,15 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup and matrix_mautrix_whatsapp_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-whatsapp
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup and not matrix_mautrix_whatsapp_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-whatsapp

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -1,52 +1,56 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Whatsapp image is pulled
   docker_image:
     name: "{{ matrix_mautrix_whatsapp_docker_image }}"
-  when: "matrix_mautrix_whatsapp_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
 
-- name: Ensure Mautrix Whatsapp configuration path exists
+- name: Ensure Mautrix Whatsapp base directory exists
   file:
     path: "{{ matrix_mautrix_whatsapp_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Check if a mautrix-whatsapp configuration file exists
   stat:
     path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
   register: mautrix_whatsapp_config_file_stat
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Ensure Matrix Mautrix whatsapp config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-whatsapp/config.yaml.j2"
+    src: "{{ role_path }}/templates//config.yaml.j2"
     dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_config_file_stat.stat.exists"
+  when: "not mautrix_whatsapp_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-whatsapp.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
     mode: 0644
   register: matrix_mautrix_whatsapp_systemd_service_result
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_systemd_service_result.changed"
+  when: "matrix_mautrix_whatsapp_systemd_service_result.changed"
 
 - name: Check if a mautrix-whatsapp registration file exists
   stat:
     path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml"
   register: mautrix_whatsapp_registration_file_stat
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist
   shell:
@@ -59,32 +63,19 @@
       -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z
       {{ matrix_mautrix_whatsapp_docker_image }}
       /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_registration_file_stat.stat.exists"
+  when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
-  when: "matrix_mautrix_whatsapp_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_whatsapp_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json  }}
-  when: "matrix_mautrix_whatsapp_enabled"
-
-#
-# Tasks related to getting rid of matrix-mautrix-whatsapp (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
-    state: absent
-  when: "not matrix_mautrix_whatsapp_enabled"

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mautrix-whatsapp service
+  stat:
+    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+  register: matrix_mautrix_whatsapp_service_stat
+
+- name: Ensure matrix-mautrix-whatsapp is stopped
+  service:
+    name: matrix-mautrix-whatsapp
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
+
+- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+    state: absent
+  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mautrix_whatsapp_service_stat.stat.exists"

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -2,15 +2,15 @@
 # Homeserver details.
 homeserver:
   # The address that this appservice can use to connect to the homeserver.
-  address: https://{{ matrix_server_fqn_matrix }}
+  address: {{ matrix_mautrix_whatsapp_homeserver_address }}
   # The domain of the homeserver (for MXIDs, etc).
-  domain: {{ matrix_domain }}
+  domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
 
 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.
 appservice:
   # The address that the homeserver can use to connect to this appservice.
-  address: http://matrix-mautrix-whatsapp:8080
+  address: {{ matrix_mautrix_whatsapp_appservice_address }}
 
   # The hostname and port where this appservice should listen.
   hostname: 0.0.0.0
@@ -68,7 +68,7 @@ bridge:
   #   domain - All users on that homeserver
   #     mxid - Specific user
   permissions:
-    '{{ matrix_domain }}': user
+    '{{ matrix_mautrix_whatsapp_homeserver_domain }}': user
 
 # Logging config.
 logging:

roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2

@@ -1,15 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Whatsapp server
-After=docker.service
+{% for service in matrix_mautrix_whatsapp_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_mautrix_whatsapp_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
 ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -17,12 +21,17 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \
 			--workdir=/data \
+			{% for arg in matrix_mautrix_whatsapp_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_whatsapp_docker_image }} \
 			/usr/bin/mautrix-whatsapp
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
 ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-mautrix-whatsapp
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-common-after/tasks/main.yml

@@ -1,4 +1,9 @@
 - import_tasks: "{{ role_path }}/tasks/start.yml"
-  when: run_start
+  when: run_start|bool
   tags:
     - start
+
+- import_tasks: "{{ role_path }}/tasks/stop.yml"
+  when: run_stop|bool
+  tags:
+    - stop

roles/matrix-common-after/tasks/stop.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Ensure Matrix services stopped
+  service:
+    name: "{{ item }}"
+    state: stopped
+  with_items: "{{ matrix_systemd_services_list }}"

roles/matrix-corporal/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}"
-  when: "matrix_corporal_enabled"
+  when: matrix_corporal_enabled|bool

roles/matrix-corporal/tasks/main.yml

@@ -3,13 +3,13 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup and matrix_corporal_enabled"
+  when: "run_setup|bool and matrix_corporal_enabled|bool"
   tags:
     - setup-all
     - setup-corporal
 
 - import_tasks: "{{ role_path }}/tasks/setup_corporal.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-corporal
@@ -17,6 +17,6 @@
 - import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml"
   delegate_to: 127.0.0.1
   become: false
-  when: "run_self_check and matrix_corporal_enabled"
+  when: "run_self_check|bool and matrix_corporal_enabled|bool"
   tags:
     - self-check

roles/matrix-corporal/tasks/setup_corporal.yml

@@ -15,19 +15,20 @@
     - "{{ matrix_corporal_config_dir_path }}"
     - "{{ matrix_corporal_cache_dir_path }}"
     - "{{ matrix_corporal_var_dir_path }}"
-  when: "matrix_corporal_enabled"
+  when: matrix_corporal_enabled|bool
 
 - name: Ensure Matrix Corporal Docker image is pulled
   docker_image:
     name: "{{ matrix_corporal_docker_image }}"
-  when: "matrix_corporal_enabled"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_corporal_enabled|bool
 
 - name: Ensure Matrix Corporal config installed
   template:
     src: "{{ role_path }}/templates/config.json.j2"
     dest: "{{ matrix_corporal_config_dir_path }}/config.json"
     mode: 0644
-  when: "matrix_corporal_enabled"
+  when: matrix_corporal_enabled|bool
 
 - name: Ensure matrix-corporal.service installed
   template:
@@ -35,12 +36,12 @@
     dest: "/etc/systemd/system/matrix-corporal.service"
     mode: 0644
   register: matrix_corporal_systemd_service_result
-  when: "matrix_corporal_enabled"
+  when: matrix_corporal_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-corporal.service installation
   service:
     daemon_reload: yes
-  when: "matrix_corporal_enabled and matrix_corporal_systemd_service_result.changed"
+  when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed"
 
 
 #
@@ -51,7 +52,7 @@
   stat:
     path: "/etc/systemd/system/matrix-corporal.service"
   register: matrix_corporal_service_stat
-  when: "not matrix_corporal_enabled"
+  when: "not matrix_corporal_enabled|bool"
 
 - name: Ensure matrix-corporal is stopped
   service:
@@ -59,18 +60,18 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists"
+  when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists"
 
 - name: Ensure matrix-corporal.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-corporal.service"
     state: absent
-  when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists"
+  when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-corporal.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists"
+  when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists"
 
 - name: Ensure matrix-corporal files don't exist
   file:
@@ -79,10 +80,10 @@
   with_items:
     - /etc/systemd/system/matrix-corporal.service
     - "{{ matrix_corporal_config_dir_path }}/config.json"
-  when: "not matrix_corporal_enabled"
+  when: "not matrix_corporal_enabled|bool"
 
 - name: Ensure Matrix Corporal Docker image doesn't exist
   docker_image:
     name: "{{ matrix_corporal_docker_image }}"
     state: absent
-  when: "not matrix_corporal_enabled"
+  when: "not matrix_corporal_enabled|bool"

roles/matrix-corporal/tasks/validate_config.yml

@@ -14,4 +14,4 @@
 - name: Fail if HTTP API enabled, but no token set
   fail:
     msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
-  when: "matrix_corporal_http_api_enabled and matrix_corporal_http_api_auth_token == ''"
+  when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"

roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2

@@ -10,6 +10,7 @@ After={{ service }}
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-corporal
 ExecStartPre=-/usr/bin/docker rm matrix-corporal
+
 ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -28,10 +29,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
 			{% endfor %}
 			{{ matrix_corporal_docker_image }} \
 			/matrix-corporal -config=/etc/matrix-corporal/config.json
+
 ExecStop=-/usr/bin/docker kill matrix-corporal
 ExecStop=-/usr/bin/docker rm matrix-corporal
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-corporal
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-coturn/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}"
-  when: "matrix_coturn_enabled"
+  when: matrix_coturn_enabled|bool

roles/matrix-coturn/tasks/main.yml

@@ -3,13 +3,13 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup and matrix_coturn_enabled"
+  when: "run_setup|bool and matrix_coturn_enabled|bool"
   tags:
     - setup-all
     - setup-coturn
 
 - import_tasks: "{{ role_path }}/tasks/setup_coturn.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-coturn

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -7,7 +7,8 @@
 - name: Ensure Coturn image is pulled
   docker_image:
     name: "{{ matrix_coturn_docker_image }}"
-  when: matrix_coturn_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_coturn_enabled|bool
 
 - name: Ensure Coturn configuration path exists
   file:
@@ -16,14 +17,14 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: matrix_coturn_enabled
+  when: matrix_coturn_enabled|bool
 
 - name: Ensure turnserver.conf installed
   template:
     src: "{{ role_path }}/templates/turnserver.conf.j2"
     dest: "{{ matrix_coturn_config_path }}"
     mode: 0644
-  when: matrix_coturn_enabled
+  when: matrix_coturn_enabled|bool
 
 # `docker_network` doesn't work as expected when the given network
 # is a substring of a network that already exists.
@@ -34,12 +35,12 @@
     cmd: "docker network ls -q --filter='name=^{{ matrix_coturn_docker_network }}$'"
   register: matrix_coturn_result_docker_network
   changed_when: false
-  when: matrix_coturn_enabled
+  when: matrix_coturn_enabled|bool
 
 - name: Create Coturn network in Docker
   shell:
     cmd: "docker network create --driver=bridge {{ matrix_coturn_docker_network }}"
-  when: "matrix_coturn_enabled and matrix_coturn_result_docker_network.stdout == ''"
+  when: "matrix_coturn_enabled|bool and matrix_coturn_result_docker_network.stdout == ''"
 
 - name: Ensure matrix-coturn.service installed
   template:
@@ -47,12 +48,12 @@
     dest: "/etc/systemd/system/matrix-coturn.service"
     mode: 0644
   register: matrix_coturn_systemd_service_result
-  when: matrix_coturn_enabled
+  when: matrix_coturn_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-coturn.service installation
   service:
     daemon_reload: yes
-  when: "matrix_coturn_enabled and matrix_coturn_systemd_service_result.changed"
+  when: "matrix_coturn_enabled|bool and matrix_coturn_systemd_service_result.changed"
 
 # This may be unnecessary when more long-lived certificates are used.
 # We optimize for the common use-case though (short-lived Let's Encrypt certificates).
@@ -63,11 +64,11 @@
     cron_file: matrix-coturn-ssl-reload
     name: matrix-coturn-ssl-reload
     state: present
-    hour: 4
+    hour: "4"
-    minute: 20
+    minute: "20"
     day: "*/5"
     job: /bin/systemctl reload matrix-coturn.service
-  when: matrix_coturn_enabled and matrix_coturn_tls_enabled
+  when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
 
 
 #
@@ -79,13 +80,13 @@
     user: root
     cron_file: matrix-coturn-ssl-reload
     state: absent
-  when: "not matrix_coturn_enabled or not matrix_coturn_tls_enabled"
+  when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
 
 - name: Check existence of matrix-coturn service
   stat:
     path: "/etc/systemd/system/matrix-coturn.service"
   register: matrix_coturn_service_stat
-  when: "not matrix_coturn_enabled"
+  when: "not matrix_coturn_enabled|bool"
 
 - name: Ensure matrix-coturn is stopped
   service:
@@ -93,27 +94,27 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists"
+  when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
 
 - name: Ensure matrix-coturn.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-coturn.service"
     state: absent
-  when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists"
+  when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-coturn.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists"
+  when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
 
 - name: Ensure Matrix coturn paths don't exist
   file:
     path: "{{ matrix_coturn_base_path }}"
     state: absent
-  when: "not matrix_coturn_enabled"
+  when: "not matrix_coturn_enabled|bool"
 
 - name: Ensure coturn Docker image doesn't exist
   docker_image:
     name: "{{ matrix_coturn_docker_image }}"
     state: absent
-  when: "not matrix_coturn_enabled"
+  when: "not matrix_coturn_enabled|bool"

roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2

@@ -43,6 +43,7 @@ ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
 
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-coturn
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-dimension/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension'] }}"
-  when: "matrix_dimension_enabled"
+  when: matrix_dimension_enabled|bool

roles/matrix-dimension/tasks/main.yml

@@ -3,13 +3,13 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-dimension
 
 - import_tasks: "{{ role_path }}/tasks/setup_dimension.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-dimension

roles/matrix-dimension/tasks/setup_dimension.yml

@@ -11,7 +11,7 @@
     mode: 0770
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_dimension_user_gid }}"
-  when: matrix_dimension_enabled
+  when: matrix_dimension_enabled|bool
 
 - name: Ensure Dimension config installed
   copy:
@@ -20,12 +20,13 @@
     mode: 0640
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_dimension_user_gid }}"
-  when: matrix_dimension_enabled
+  when: matrix_dimension_enabled|bool
 
 - name: Ensure Dimension image is pulled
   docker_image:
     name: "{{ matrix_dimension_docker_image }}"
-  when: matrix_dimension_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_dimension_enabled|bool
 
 - name: Ensure matrix-dimension.service installed
   template:
@@ -33,12 +34,12 @@
     dest: "/etc/systemd/system/matrix-dimension.service"
     mode: 0644
   register: matrix_dimension_systemd_service_result
-  when: matrix_dimension_enabled
+  when: matrix_dimension_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-dimension.service installation
   service:
     daemon_reload: yes
-  when: "matrix_dimension_enabled and matrix_dimension_systemd_service_result.changed"
+  when: "matrix_dimension_enabled|bool and matrix_dimension_systemd_service_result.changed"
 
 #
 # Tasks related to getting rid of the dimension (if it was previously enabled)
@@ -48,7 +49,7 @@
   stat:
     path: "/etc/systemd/system/matrix-dimension.service"
   register: matrix_dimension_service_stat
-  when: not matrix_dimension_enabled
+  when: "not matrix_dimension_enabled|bool"
 
 - name: Ensure matrix-dimension is stopped
   service:
@@ -56,27 +57,27 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists"
+  when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists"
 
 - name: Ensure matrix-dimension.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-dimension.service"
     state: absent
-  when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists"
+  when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-dimension.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists"
+  when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists"
 
 - name: Ensure Dimension environment variables path doesn't exist
   file:
     path: "{{ matrix_dimension_base_path }}"
     state: absent
-  when: "not matrix_dimension_enabled"
+  when: "not matrix_dimension_enabled|bool"
 
 - name: Ensure Dimension Docker image doesn't exist
   docker_image:
     name: "{{ matrix_dimension_docker_image }}"
     state: absent
-  when: "not matrix_dimension_enabled"
+  when: "not matrix_dimension_enabled|bool"

roles/matrix-dimension/tasks/validate_config.yml

@@ -12,4 +12,4 @@
       You need to enable Matrix Federation to use Dimension. Set `{{ item }}` to 'true'.
   with_items:
     - "matrix_synapse_federation_enabled"
-  when: "matrix_dimension_enabled and matrix_synapse_federation_enabled == false"
+  when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool"

roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2

@@ -8,6 +8,7 @@ Requires=docker.service
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-dimension
 ExecStartPre=-/usr/bin/docker rm matrix-dimension
+
 ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
 			--log-driver=none \
 			--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
@@ -24,10 +25,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_dimension_docker_image }}
+
 ExecStop=-/usr/bin/docker kill matrix-dimension
 ExecStop=-/usr/bin/docker rm matrix-dimension
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-dimension
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-mailer/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer'] }}"
-  when: "matrix_mailer_enabled"
+  when: matrix_mailer_enabled|bool

roles/matrix-mailer/tasks/main.yml

@@ -3,7 +3,7 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/setup_mailer.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-mailer

roles/matrix-mailer/tasks/setup_mailer.yml

@@ -11,19 +11,20 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: matrix_mailer_enabled
+  when: matrix_mailer_enabled|bool
 
 - name: Ensure mailer environment variables file created
   template:
     src: "{{ role_path }}/templates/env-mailer.j2"
     dest: "{{ matrix_mailer_base_path }}/env-mailer"
     mode: 0640
-  when: matrix_mailer_enabled
+  when: matrix_mailer_enabled|bool
 
 - name: Ensure mailer image is pulled
   docker_image:
     name: "{{ matrix_mailer_docker_image }}"
-  when: matrix_mailer_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_mailer_enabled|bool
 
 - name: Ensure matrix-mailer.service installed
   template:
@@ -31,12 +32,12 @@
     dest: "/etc/systemd/system/matrix-mailer.service"
     mode: 0644
   register: matrix_mailer_systemd_service_result
-  when: matrix_mailer_enabled
+  when: matrix_mailer_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-mailer.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mailer_enabled and matrix_mailer_systemd_service_result.changed"
+  when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed"
 
 #
 # Tasks related to getting rid of the mailer (if it was previously enabled)
@@ -46,7 +47,7 @@
   stat:
     path: "/etc/systemd/system/matrix-mailer.service"
   register: matrix_mailer_service_stat
-  when: "not matrix_mailer_enabled"
+  when: "not matrix_mailer_enabled|bool"
 
 - name: Ensure matrix-mailer is stopped
   service:
@@ -54,27 +55,27 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists"
+  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"
 
 - name: Ensure matrix-mailer.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-mailer.service"
     state: absent
-  when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists"
+  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-mailer.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists"
+  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"
 
 - name: Ensure Matrix mailer environment variables path doesn't exist
   file:
     path: "{{ matrix_mailer_base_path }}"
     state: absent
-  when: "not matrix_mailer_enabled"
+  when: "not matrix_mailer_enabled|bool"
 
 - name: Ensure mailer Docker image doesn't exist
   docker_image:
     name: "{{ matrix_mailer_docker_image }}"
     state: absent
-  when: "not matrix_mailer_enabled"
+  when: "not matrix_mailer_enabled|bool"

roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2

@@ -8,6 +8,7 @@ Requires=docker.service
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-mailer
 ExecStartPre=-/usr/bin/docker rm matrix-mailer
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
 			--log-driver=none \
 			--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
@@ -21,10 +22,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mailer_docker_image }}
+
 ExecStop=-/usr/bin/docker kill matrix-mailer
 ExecStop=-/usr/bin/docker rm matrix-mailer
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-mailer
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-mxisd/defaults/main.yml

@@ -1,6 +1,6 @@
 matrix_mxisd_enabled: true
 
-matrix_mxisd_docker_image: "kamax/mxisd:1.4.2"
+matrix_mxisd_docker_image: "kamax/mxisd:1.4.3"
 matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
 matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
 matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
@@ -152,7 +152,7 @@ matrix_mxisd_configuration_extension_yaml: |
   #     host: ldapHostnameOrIp
   #     tls: false
   #     port: 389
-  #     baseDns: ['OU=Users,DC=example,DC=org']
+  #     baseDNs: ['OU=Users,DC=example,DC=org']
   #     bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
   #     bindPassword: TheUserPassword
 

roles/matrix-mxisd/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mxisd'] }}"
-  when: "matrix_mxisd_enabled"
+  when: matrix_mxisd_enabled|bool

roles/matrix-mxisd/tasks/main.yml

@@ -3,7 +3,7 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup and matrix_mxisd_enabled"
+  when: "run_setup|bool and matrix_mxisd_enabled|bool"
   tags:
     - setup-all
     - setup-mxisd
@@ -16,6 +16,6 @@
 - import_tasks: "{{ role_path }}/tasks/self_check_mxisd.yml"
   delegate_to: 127.0.0.1
   become: false
-  when: "run_self_check and matrix_mxisd_enabled"
+  when: "run_self_check|bool and matrix_mxisd_enabled|bool"
   tags:
     - self-check

roles/matrix-mxisd/tasks/setup_mxisd.yml

@@ -14,12 +14,13 @@
   with_items:
     - "{{ matrix_mxisd_config_path }}"
     - "{{ matrix_mxisd_data_path }}"
-  when: matrix_mxisd_enabled
+  when: matrix_mxisd_enabled|bool
 
 - name: Ensure mxisd image is pulled
   docker_image:
     name: "{{ matrix_mxisd_docker_image }}"
-  when: matrix_mxisd_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_mxisd_enabled|bool
 
 - name: Ensure mxisd config installed
   copy:
@@ -28,7 +29,7 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: matrix_mxisd_enabled
+  when: matrix_mxisd_enabled|bool
 
 - name: Ensure custom templates are installed if any
   copy:
@@ -42,7 +43,7 @@
     - {value: "{{ matrix_mxisd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'}
     - {value: "{{ matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template }}", location: 'unbind-fraudulent.eml'}
     - {value: "{{ matrix_mxisd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'}
-  when: matrix_mxisd_enabled and matrix_mxisd_threepid_medium_email_custom_templates_enabled and item.value
+  when: "matrix_mxisd_enabled|bool and matrix_mxisd_threepid_medium_email_custom_templates_enabled|bool and item.value"
 
 - name: Ensure matrix-mxisd.service installed
   template:
@@ -50,12 +51,12 @@
     dest: "/etc/systemd/system/matrix-mxisd.service"
     mode: 0644
   register: matrix_mxisd_systemd_service_result
-  when: matrix_mxisd_enabled
+  when: matrix_mxisd_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-mxisd.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mxisd_enabled and matrix_mxisd_systemd_service_result.changed"
+  when: "matrix_mxisd_enabled|bool and matrix_mxisd_systemd_service_result.changed"
 
 #
 # Tasks related to getting rid of mxisd (if it was previously enabled)
@@ -72,27 +73,27 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
+  when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists"
 
 - name: Ensure matrix-mxisd.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-mxisd.service"
     state: absent
-  when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
+  when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-mxisd.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
+  when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists"
 
 - name: Ensure Matrix mxisd paths don't exist
   file:
     path: "{{ matrix_mxisd_base_path }}"
     state: absent
-  when: "not matrix_mxisd_enabled"
+  when: "not matrix_mxisd_enabled|bool"
 
 - name: Ensure mxisd Docker image doesn't exist
   docker_image:
     name: "{{ matrix_mxisd_docker_image }}"
     state: absent
-  when: "not matrix_mxisd_enabled"
+  when: "not matrix_mxisd_enabled|bool"

roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2

@@ -37,6 +37,7 @@ ExecStop=-/usr/bin/docker kill matrix-mxisd
 ExecStop=-/usr/bin/docker rm matrix-mxisd
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-mxisd
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-nginx-proxy/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}"
-  when: "matrix_nginx_proxy_enabled"
+  when: matrix_nginx_proxy_enabled|bool

roles/matrix-nginx-proxy/tasks/main.yml

@@ -6,20 +6,20 @@
 # This role performs actions even if the role is disabled, so we need
 # to ensure there's a valid configuration in any case.
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-nginx-proxy
 
 - import_tasks: "{{ role_path }}/tasks/ssl/main.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-nginx-proxy
     - setup-ssl
 
 - import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-nginx-proxy
@@ -27,7 +27,7 @@
 - import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
   delegate_to: 127.0.0.1
   become: false
-  when: run_self_check
+  when: run_self_check|bool
   tags:
     - self-check
 

roles/matrix-nginx-proxy/tasks/self_check_well_known.yml

@@ -21,7 +21,7 @@
     - name: Determine domains that we require certificates for (mxisd)
       set_fact:
         well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
-  when: "matrix_well_known_matrix_server_enabled"
+  when: matrix_well_known_matrix_server_enabled|bool
 
 - name: Perform well-known checks
   include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -27,7 +27,7 @@
     src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
     dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_enabled"
+  when: matrix_nginx_proxy_enabled|bool
 
 - name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
   template:
@@ -36,35 +36,35 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
     mode: 0400
-  when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
+  when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool"
 
 - name: Ensure Matrix nginx-proxy configured (generic)
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_enabled"
+  when: matrix_nginx_proxy_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for matrix domain exists
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_proxy_matrix_enabled"
+  when: matrix_nginx_proxy_proxy_matrix_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for riot domain exists
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_proxy_riot_enabled"
+  when: matrix_nginx_proxy_proxy_riot_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for dimension domain exists
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_proxy_dimension_enabled"
+  when: matrix_nginx_proxy_proxy_dimension_enabled|bool
 
 - name: Ensure Matrix nginx-proxy data directory for base domain exists
   file:
@@ -73,7 +73,7 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_nginx_proxy_base_domain_serving_enabled"
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool
 
 - name: Ensure Matrix nginx-proxy homepage for base domain exists
   copy:
@@ -82,14 +82,14 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_nginx_proxy_base_domain_serving_enabled"
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool
 
 - name: Ensure Matrix nginx-proxy configuration for base domain exists
   template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
     dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
     mode: 0644
-  when: "matrix_nginx_proxy_base_domain_serving_enabled"
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool
 
 #
 # Tasks related to setting up matrix-nginx-proxy
@@ -97,7 +97,8 @@
 - name: Ensure nginx Docker image is pulled
   docker_image:
     name: "{{ matrix_nginx_proxy_docker_image }}"
-  when: matrix_nginx_proxy_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_nginx_proxy_enabled|bool
 
 - name: Ensure matrix-nginx-proxy.service installed
   template:
@@ -105,7 +106,7 @@
     dest: "/etc/systemd/system/matrix-nginx-proxy.service"
     mode: 0644
   register: matrix_nginx_proxy_systemd_service_result
-  when: matrix_nginx_proxy_enabled
+  when: matrix_nginx_proxy_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
   service:
@@ -121,7 +122,7 @@
   stat:
     path: "/etc/systemd/system/matrix-nginx-proxy.service"
   register: matrix_nginx_proxy_service_stat
-  when: "not matrix_nginx_proxy_enabled"
+  when: "not matrix_nginx_proxy_enabled|bool"
 
 - name: Ensure matrix-nginx-proxy is stopped
   service:
@@ -129,57 +130,57 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
+  when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
 
 - name: Ensure matrix-nginx-proxy.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-nginx-proxy.service"
     state: absent
-  when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
+  when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
+  when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
 
 - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
   file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
     state: absent
-  when: "not matrix_nginx_proxy_proxy_matrix_enabled"
+  when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy configuration for riot domain deleted
   file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
     state: absent
-  when: "not matrix_nginx_proxy_proxy_riot_enabled"
+  when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
   file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
     state: absent
-  when: "not matrix_nginx_proxy_proxy_dimension_enabled"
+  when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy homepage for base domain deleted
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
     state: absent
-  when: "not matrix_nginx_proxy_base_domain_serving_enabled"
+  when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy configuration for base domain deleted
   file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
     state: absent
-  when: "not matrix_nginx_proxy_base_domain_serving_enabled"
+  when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy configuration for main config override deleted
   file:
     path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
     state: absent
-  when: "not matrix_nginx_proxy_enabled"
+  when: "not matrix_nginx_proxy_enabled|bool"
 
 - name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
   file:
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
     state: absent
-  when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
+  when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -36,6 +36,7 @@
 - name: Ensure certbot Docker image is pulled
   docker_image:
     name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 - name: Obtain Let's Encrypt certificates
@@ -67,8 +68,8 @@
       cron_file: matrix-ssl-lets-encrypt
       name: matrix-ssl-lets-encrypt-certificates-renew
       state: present
-      hour: 4
+      hour: "4"
-      minute: 15
+      minute: "15"
       day: "*"
       job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
 
@@ -78,11 +79,11 @@
       cron_file: matrix-ssl-lets-encrypt
       name: matrix-nginx-proxy-reload
       state: present
-      hour: 5
+      hour: "5"
-      minute: 20
+      minute: "20"
       day: "*"
       job: /bin/systemctl reload matrix-nginx-proxy.service
-    when: matrix_nginx_proxy_enabled
+    when: matrix_nginx_proxy_enabled|bool
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 
@@ -98,7 +99,7 @@
     cron_file: matrix-ssl-lets-encrypt
     name: matrix-nginx-proxy-reload
     state: absent
-  when: "not matrix_nginx_proxy_enabled"
+  when: "not matrix_nginx_proxy_enabled|bool"
 
 # When Let's Encrypt is not used at all, remove all cronjobs in that cron file.
 - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -2,7 +2,7 @@
     msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}"
 
 - set_fact:
-    domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/cert.pem"
+    domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem"
 
 - name: Check if a certificate for the domain already exists
   stat:
@@ -35,7 +35,7 @@
     --agree-tos
     --email={{ matrix_ssl_lets_encrypt_support_email }}
     -d {{ domain_name }}
-  when: "domain_name_needs_cert"
+  when: domain_name_needs_cert|bool
   register: result_certbot_direct
   ignore_errors: true
 

roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2

@@ -44,6 +44,7 @@ ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
 ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-nginx-proxy
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-postgres/defaults/main.yml

@@ -8,9 +8,9 @@ matrix_postgres_db_name: ""
 matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
 matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
 
-matrix_postgres_docker_image_v9: "postgres:9.6.12-alpine"
+matrix_postgres_docker_image_v9: "postgres:9.6.13-alpine"
-matrix_postgres_docker_image_v10: "postgres:10.7-alpine"
+matrix_postgres_docker_image_v10: "postgres:10.8-alpine"
-matrix_postgres_docker_image_v11: "postgres:11.2-alpine"
+matrix_postgres_docker_image_v11: "postgres:11.3-alpine"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
 
 # A list of extra arguments to pass to the container

roles/matrix-postgres/tasks/import_postgres.yml

@@ -5,7 +5,7 @@
 - name: Fail if Postgres not enabled
   fail:
     msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import."
-  when: "not matrix_postgres_enabled"
+  when: "not matrix_postgres_enabled|bool"
 
 - name: Fail if playbook called incorrectly
   fail:
@@ -20,7 +20,7 @@
 - name: Fail if provided Postgres dump file doesn't exists
   fail:
     msg: "File cannot be found on the server at {{ server_path_postgres_dump }}"
-  when: not result_server_path_postgres_dump_stat.stat.exists
+  when: "not result_server_path_postgres_dump_stat.stat.exists"
 
 
 # Defaults
@@ -54,7 +54,7 @@
 - name: Abort, if no existing Postgres version detected
   fail:
     msg: "Could not find existing Postgres installation"
-  when: "not matrix_postgres_detected_existing"
+  when: "not matrix_postgres_detected_existing|bool"
 
 - name: Generate Postgres database import command
   set_fact:

roles/matrix-postgres/tasks/import_sqlite_db.yml

@@ -5,7 +5,7 @@
 - name: Fail if Postgres not enabled
   fail:
     msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import."
-  when: "not matrix_postgres_enabled"
+  when: "not matrix_postgres_enabled|bool"
 
 - name: Fail if playbook called incorrectly
   fail:
@@ -20,7 +20,7 @@
 - name: Fail if provided SQLite homeserver.db file doesn't exist
   fail:
     msg: "File cannot be found on the server at {{ server_path_homeserver_db }}"
-  when: not result_server_path_homeserver_db_stat.stat.exists
+  when: "not result_server_path_homeserver_db_stat.stat.exists"
 
 
 # Defaults

roles/matrix-postgres/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres'] }}"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool

roles/matrix-postgres/tasks/main.yml

@@ -3,28 +3,28 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup and matrix_postgres_enabled"
+  when: "run_setup|bool and matrix_postgres_enabled|bool"
   tags:
     - setup-all
     - setup-postgres
 
 - import_tasks: "{{ role_path }}/tasks/setup_postgres.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-postgres
 
 - import_tasks: "{{ role_path }}/tasks/import_postgres.yml"
-  when: run_import_postgres
+  when: run_import_postgres|bool
   tags:
     - import-postgres
 
 - import_tasks: "{{ role_path }}/tasks/import_sqlite_db.yml"
-  when: run_import_sqlite_db
+  when: run_import_sqlite_db|bool
   tags:
     - import-sqlite-db
 
 - import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml"
-  when: run_upgrade_postgres
+  when: run_upgrade_postgres|bool
   tags:
     - upgrade-postgres

roles/matrix-postgres/tasks/setup_postgres.yml

@@ -5,10 +5,10 @@
 #
 
 - import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 # If we have found an existing version (installed from before), we use its corresponding Docker image.
 # If not, we install using the latest Postgres.
@@ -16,18 +16,19 @@
 # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`).
 - set_fact:
     matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - name: Warn if on an old version of Postgres
   debug:
     msg: "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres"
-  when: "matrix_postgres_enabled and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest"
+  when: "matrix_postgres_enabled|bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest"
 
 # Even if we don't run the internal server, we still need this for running the CLI
 - name: Ensure postgres Docker image is pulled
   docker_image:
     name: "{{ matrix_postgres_docker_image_to_use }}"
-  when: matrix_postgres_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_postgres_enabled|bool
 
 # We always create these directories, even if an external Postgres is used,
 # because we store environment variable files there.
@@ -41,7 +42,7 @@
   with_items:
     - "{{ matrix_postgres_base_path }}"
     - "{{ matrix_postgres_data_path }}"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - name: Ensure Postgres environment variables file created
   template:
@@ -51,21 +52,21 @@
   with_items:
     - "env-postgres-psql"
     - "env-postgres-server"
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - name: Ensure matrix-postgres-cli script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2"
     dest: "/usr/local/bin/matrix-postgres-cli"
     mode: 0750
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - name: Ensure matrix-make-user-admin script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2"
     dest: "/usr/local/bin/matrix-make-user-admin"
     mode: 0750
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 #
 # Tasks related to setting up an internal postgres server
@@ -77,12 +78,12 @@
     dest: "/etc/systemd/system/matrix-postgres.service"
     mode: 0644
   register: matrix_postgres_systemd_service_result
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-postgres.service installation
   service:
     daemon_reload: yes
-  when: "matrix_postgres_enabled and matrix_postgres_systemd_service_result.changed"
+  when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed"
 
 #
 # Tasks related to getting rid of the internal postgres server (if it was previously enabled)
@@ -92,41 +93,41 @@
   stat:
     path: "/etc/systemd/system/matrix-postgres.service"
   register: matrix_postgres_service_stat
-  when: "not matrix_postgres_enabled"
+  when: "not matrix_postgres_enabled|bool"
 
 - name: Ensure matrix-postgres is stopped
   service:
     name: matrix-postgres
     state: stopped
     daemon_reload: yes
-  when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists"
+  when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists"
 
 - name: Ensure matrix-postgres.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-postgres.service"
     state: absent
-  when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists"
+  when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-postgres.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists"
+  when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists"
 
 - name: Check existence of matrix-postgres local data path
   stat:
     path: "{{ matrix_postgres_data_path }}"
   register: matrix_postgres_data_path_stat
-  when: "not matrix_postgres_enabled"
+  when: "not matrix_postgres_enabled|bool"
 
 # We just want to notify the user. Deleting data is too destructive.
 - name: Notify if matrix-postgres local data remains
   debug:
     msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
-  when: "not matrix_postgres_enabled and matrix_postgres_data_path_stat.stat.exists"
+  when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists"
 
 - name: Ensure matrix-postgres-update-user-password-hash script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
     dest: "/usr/local/bin/matrix-postgres-update-user-password-hash"
     mode: 0750
-  when: matrix_postgres_enabled
+  when: matrix_postgres_enabled|bool

roles/matrix-postgres/tasks/upgrade_postgres.yml

@@ -23,7 +23,7 @@
 - name: Fail, if trying to upgrade external Postgres database
   fail:
     msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
-  when: "not matrix_postgres_enabled"
+  when: "not matrix_postgres_enabled|bool"
 
 - name: Check Postgres auto-upgrade backup data directory
   stat:
@@ -40,7 +40,7 @@
 - name: Abort, if no existing Postgres version detected
   fail:
     msg: "Could not find existing Postgres installation"
-  when: "not matrix_postgres_detected_existing"
+  when: "not matrix_postgres_detected_existing|bool"
 
 - name: Abort, if already at latest Postgres version
   fail:

roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml

@@ -23,12 +23,12 @@
   slurp:
     src: "{{ matrix_postgres_detection_pg_version_path }}"
   register: result_pg_version
-  when: "matrix_postgres_detected_existing"
+  when: matrix_postgres_detected_existing|bool
 
 - name: Determine existing Postgres version (make sense of PG_VERSION file)
   set_fact:
     matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}"
-  when: "matrix_postgres_detected_existing"
+  when: matrix_postgres_detected_existing|bool
 
 - name: Determine corresponding Docker image to detected version (assume default of latest)
   set_fact:

roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2

@@ -8,6 +8,7 @@ Requires=docker.service
 Type=simple
 ExecStartPre=-/usr/bin/docker stop matrix-postgres
 ExecStartPre=-/usr/bin/docker rm matrix-postgres
+
 ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -23,10 +24,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_postgres_docker_image_to_use }}
+
 ExecStop=-/usr/bin/docker stop matrix-postgres
 ExecStop=-/usr/bin/docker rm matrix-postgres
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-postgres
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-riot-web/defaults/main.yml

@@ -1,6 +1,6 @@
 matrix_riot_web_enabled: true
 
-matrix_riot_web_docker_image: "bubuntux/riot-web:v1.0.8"
+matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.2"
 
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
 

roles/matrix-riot-web/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
-  when: matrix_riot_web_enabled
+  when: matrix_riot_web_enabled|bool

roles/matrix-riot-web/tasks/main.yml

@@ -3,13 +3,13 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup and matrix_riot_web_enabled"
+  when: "run_setup|bool and matrix_riot_web_enabled|bool"
   tags:
     - setup-all
     - setup-riot-web
 
 - import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml"
-  when: run_setup
+  when: run_setup|bool
   tags:
     - setup-all
     - setup-riot-web
@@ -17,6 +17,6 @@
 - import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml"
   delegate_to: 127.0.0.1
   become: false
-  when: "run_self_check and matrix_riot_web_enabled"
+  when: "run_self_check|bool and matrix_riot_web_enabled|bool"
   tags:
     - self-check

roles/matrix-riot-web/tasks/setup_riot_web.yml

@@ -11,12 +11,13 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: matrix_riot_web_enabled
+  when: matrix_riot_web_enabled|bool
 
 - name: Ensure riot-web Docker image is pulled
   docker_image:
     name: "{{ matrix_riot_web_docker_image }}"
-  when: matrix_riot_web_enabled
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+  when: matrix_riot_web_enabled|bool
 
 - name: Ensure Matrix riot-web config files installed
   template:
@@ -30,7 +31,7 @@
     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
     - {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
     - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
-  when: "matrix_riot_web_enabled and item.src is not none"
+  when: "matrix_riot_web_enabled|bool and item.src is not none"
 
 - name: Ensure Matrix riot-web config files removed
   file:
@@ -38,7 +39,7 @@
     state: absent
   with_items:
     - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"}
-  when: "matrix_riot_web_enabled and item.src is none"
+  when: "matrix_riot_web_enabled|bool and item.src is none"
 
 - name: Ensure matrix-riot-web.service installed
   template:
@@ -46,7 +47,7 @@
     dest: "/etc/systemd/system/matrix-riot-web.service"
     mode: 0644
   register: matrix_riot_web_systemd_service_result
-  when: matrix_riot_web_enabled
+  when: matrix_riot_web_enabled|bool
 
 - name: Ensure systemd reloaded after matrix-riot-web.service installation
   service:
@@ -61,7 +62,7 @@
   stat:
     path: "/etc/systemd/system/matrix-riot-web.service"
   register: matrix_riot_web_service_stat
-  when: "not matrix_riot_web_enabled"
+  when: "not matrix_riot_web_enabled|bool"
 
 - name: Ensure matrix-riot-web is stopped
   service:
@@ -69,27 +70,27 @@
     state: stopped
     daemon_reload: yes
   register: stopping_result
-  when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists"
+  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
 
 - name: Ensure matrix-riot-web.service doesn't exist
   file:
     path: "/etc/systemd/system/matrix-riot-web.service"
     state: absent
-  when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists"
+  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
 
 - name: Ensure systemd reloaded after matrix-riot-web.service removal
   service:
     daemon_reload: yes
-  when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists"
+  when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists"
 
 - name: Ensure Matrix riot-web paths doesn't exist
   file:
     path: "{{ matrix_riot_web_data_path }}"
     state: absent
-  when: "not matrix_riot_web_enabled"
+  when: "not matrix_riot_web_enabled|bool"
 
 - name: Ensure riot-web Docker image doesn't exist
   docker_image:
     name: "{{ matrix_riot_web_docker_image }}"
     state: absent
-  when: "not matrix_riot_web_enabled"
+  when: "not matrix_riot_web_enabled|bool"

roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2

@@ -10,6 +10,7 @@ After={{ service }}
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-riot-web
 ExecStartPre=-/usr/bin/docker rm matrix-riot-web
+
 ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -31,10 +32,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_riot_web_docker_image }}
+
 ExecStop=-/usr/bin/docker kill matrix-riot-web
 ExecStop=-/usr/bin/docker rm matrix-riot-web
 Restart=always
 RestartSec=30
+SyslogIdentifier=matrix-riot-web
 
 [Install]
 WantedBy=multi-user.target

roles/matrix-synapse/defaults/main.yml

@@ -1,4 +1,9 @@
-matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2"
+# Synapse is a Matrix homeserver
+# See: https://github.com/matrix-org/synapse
+
+matrix_synapse_enabled: true
+
+matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.1"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
@@ -15,12 +20,6 @@ matrix_synapse_container_expose_client_api_port: false
 # that would be on another port (tcp/8448) controlled by `matrix_synapse_tls_federation_listener_enabled`.
 matrix_synapse_container_expose_federation_api_port: false
 
-# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
-matrix_appservice_irc_container_expose_client_server_api_port: false
-
-# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005).
-matrix_appservice_discord_container_expose_client_server_api_port: false
-
 # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
 matrix_synapse_container_expose_metrics_port: false
 
@@ -68,8 +67,9 @@ matrix_synapse_storage_sql_log_level: "INFO"
 matrix_synapse_root_log_level: "INFO"
 
 # Rate limits
-matrix_synapse_rc_messages_per_second: 0.2
+matrix_synapse_rc_message:
-matrix_synapse_rc_message_burst_count: 10.0
+  per_second: 0.2
+  burst_count: 10
 
 matrix_synapse_rc_registration:
   per_second: 0.17
@@ -86,11 +86,13 @@ matrix_synapse_rc_login:
     per_second: 0.17
     burst_count: 3
 
-matrix_synapse_federation_rc_window_size: 1000
+matrix_synapse_rc_federation:
-matrix_synapse_federation_rc_sleep_limit: 10
+  window_size: 1000
-matrix_synapse_federation_rc_sleep_delay: 500
+  sleep_limit: 10
-matrix_synapse_federation_rc_reject_limit: 50
+  sleep_delay: 500
-matrix_synapse_federation_rc_concurrent: 3
+  reject_limit: 50
+  concurrent: 3
+
 matrix_synapse_federation_rr_transactions_per_room_per_second: 50
 
 # Controls whether the TLS federation listener is enabled (tcp/8448).
@@ -159,9 +161,9 @@ matrix_synapse_container_additional_volumes: []
 # Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
 matrix_synapse_additional_loggers: []
 
-# A list of service config files
+# A list of appservice config files (in-container filesystem paths).
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
-# Contains fs paths
+# You may wish to use this together with `matrix_synapse_container_additional_volumes`.
 matrix_synapse_app_service_config_files: []
 
 # This is set dynamically during execution depending on whether
@@ -239,599 +241,18 @@ matrix_s3_media_store_region: "eu-central-1"
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_synapse_self_check_validate_certificates: true
 
-# Matrix mautrix is a Matrix <-> Telegram bridge
-# Enable telegram bridge
-matrix_mautrix_telegram_enabled: false
-
-matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1"
-
-matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
-
-# Get your own API keys at https://my.telegram.org/apps
-matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
-matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
-# Mautrix telegram public endpoint to log in to telegram
-# Use an uuid so it's not easily discoverable
-matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
-# Set this to a port number to expose on the host when not using the nginx proxy
-matrix_mautrix_telegram_container_exposed_port_number: ~
-
-# Matrix mautrix is a Matrix <-> Whatsapp bridge
-# Enable whatsapp bridge
-matrix_mautrix_whatsapp_enabled: false
-
-matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
-
-matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
-
-# Matrix mautrix is a Matrix <-> Facebook bridge
-# Enable facebook bridge
-matrix_mautrix_facebook_enabled: false
-
-matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
-
-matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
-
-# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
-matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID
-matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH
-
-# Matrix Appservice IRC is a Matrix <-> IRC bridge
-# Enable IRC bridge
-matrix_appservice_irc_enabled: false
-
-matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
-
-matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
-
-matrix_appservice_irc_configuration_yaml: |
-  #jinja2: lstrip_blocks: True
-  homeserver:
-    url: "https://{{ matrix_server_fqn_matrix }}"
-    domain: "{{ matrix_domain }}"
-    enablePresence: true
-
-matrix_appservice_irc_configuration_extension_yaml: |
-  # Your custom YAML configuration for Appservice IRC servers goes here.
-  # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_appservice_irc_configuration_yaml`.
-  #
-  # Example configuration extension follows:
-  #
-  # ircService:
-  #   databaseUri: "nedb:///data" # does not typically need modification
-  #   passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
-  #   matrixHandler:
-  #     eventCacheSize: 4096
-  #   servers:
-  #     # The address of the server to connect to.
-  #     irc.example.com:
-  #       # A human-readable short name. This is used to label IRC status rooms
-  #       # where matrix users control their connections.
-  #       # E.g. 'ExampleNet IRC Bridge status'.
-  #       # It is also used in the Third Party Lookup API as the instance `desc`
-  #       # property, where each server is an instance.
-  #       name: "ExampleNet"
-  #
-  #       additionalAddresses: [ "irc2.example.com" ]
-  #       #
-  #       # [DEPRECATED] Use `name`, above, instead.
-  #       # A human-readable description string
-  #       # description: "Example.com IRC network"
-  #
-  #       # An ID for uniquely identifying this server amongst other servers being bridged.
-  #       # networkId: "example"
-  #
-  #       # URL to an icon used as the network icon whenever this network appear in
-  #       # a network list. (Like in the riot room directory, for instance.)
-  #       # icon: https://example.com/images/hash.png
-  #
-  #       # The port to connect to. Optional.
-  #       port: 6697
-  #       # Whether to use SSL or not. Default: false.
-  #       ssl: true
-  #       # Whether or not IRC server is using a self-signed cert or not providing CA Chain
-  #       sslselfsign: false
-  #       # Should the connection attempt to identify via SASL (if a server or user password is given)
-  #       # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
-  #       sasl: false
-  #       # Whether to allow expired certs when connecting to the IRC server.
-  #       # Usually this should be off. Default: false.
-  #       allowExpiredCerts: false
-  #       # A specific CA to trust instead of the default CAs. Optional.
-  #       #ca: |
-  #       #  -----BEGIN CERTIFICATE-----
-  #       #  ...
-  #       #  -----END CERTIFICATE-----
-  #
-  #       #
-  #       # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
-  #       # password: 'pa$$w0rd'
-  #       #
-  #       # Whether or not to send connection/error notices to real Matrix users. Default: true.
-  #       sendConnectionMessages: true
-  #
-  #       quitDebounce:
-  #         # Whether parts due to net-splits are debounced for delayMs, to allow
-  #         # time for the netsplit to resolve itself. A netsplit is detected as being
-  #         # a QUIT rate higher than quitsPerSecond. Default: false.
-  #         enabled: false
-  #         # The maximum number of quits per second acceptable above which a netsplit is
-  #         # considered ongoing. Default: 5.
-  #         quitsPerSecond: 5
-  #         # The time window in which to wait before bridging a QUIT to Matrix that occurred during
-  #         # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
-  #         # is not sent many requests to leave rooms all at once if a netsplit occurs and many
-  #         # people to not rejoin.
-  #         # If the user with the same IRC nick as the one who sent the quit rejoins a channel
-  #         # they are considered back online and the quit is not bridged, so long as the rejoin
-  #         # occurs before the randomly-jittered timeout is not reached.
-  #         # Default: 3600000, = 1h
-  #         delayMinMs: 3600000 # 1h
-  #         # Default: 7200000, = 2h
-  #         delayMaxMs: 7200000 # 2h
-  #
-  #       # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
-  #       # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
-  #       # been given multiple modes, the one that maps to the highest power level will be used.
-  #       modePowerMap:
-  #         o: 50
-  #
-  #       botConfig:
-  #         # Enable the presence of the bot in IRC channels. The bot serves as the entity
-  #         # which maps from IRC -> Matrix. You can disable the bot entirely which
-  #         # means IRC -> Matrix chat will be shared by active "M-Nick" connections
-  #         # in the room. If there are no users in the room (or if there are users
-  #         # but their connections are not on IRC) then nothing will be bridged to
-  #         # Matrix. If you're concerned about the bot being treated as a "logger"
-  #         # entity, then you may want to disable the bot. If you want IRC->Matrix
-  #         # but don't want to have TCP connections to IRC unless a Matrix user speaks
-  #         # (because your client connection limit is low), then you may want to keep
-  #         # the bot enabled. Default: true.
-  #         # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
-  #         #     on, else there will be no users and no bot in a channel (meaning no
-  #         #     messages to Matrix!) until a Matrix user speaks which makes a client
-  #         #     join the target IRC channel.
-  #         # NBB: The bridge bot IRC client will still join the target IRC network so
-  #         #      it can service bridge-specific queries from the IRC-side e.g. so
-  #         #      real IRC clients have a way to change their Matrix display name.
-  #         #      See https://github.com/matrix-org/matrix-appservice-irc/issues/55
-  #         enabled: true
-  #         # The nickname to give the AS bot.
-  #         nick: "MatrixBot"
-  #         # The password to give to NickServ or IRC Server for this nick. Optional.
-  #         # password: "helloworld"
-  #         #
-  #         # Join channels even if there are no Matrix users on the other side of
-  #         # the bridge. Set to false to prevent the bot from joining channels which have no
-  #         # real matrix users in them, even if there is a mapping for the channel.
-  #         # Default: true
-  #         joinChannelsIfNoUsers: true
-  #
-  #       # Configuration for PMs / private 1:1 communications between users.
-  #       privateMessages:
-  #         # Enable the ability for PMs to be sent to/from IRC/Matrix.
-  #         # Default: true.
-  #         enabled: true
-  #         # Prevent Matrix users from sending PMs to the following IRC nicks.
-  #         # Optional. Default: [].
-  #         # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
-  #
-  #         # Should created Matrix PM rooms be federated? If false, only users on the
-  #         # HS attached to this AS will be able to interact with this room.
-  #         # Optional. Default: true.
-  #         federate: true
-  #
-  #       # Configuration for mappings not explicitly listed in the 'mappings'
-  #       # section.
-  #       dynamicChannels:
-  #         # Enable the ability for Matrix users to join *any* channel on this IRC
-  #         # network.
-  #         # Default: false.
-  #         enabled: true
-  #         # Should the AS create a room alias for the new Matrix room? The form of
-  #         # the alias can be modified via 'aliasTemplate'. Default: true.
-  #         createAlias: true
-  #         # Should the AS publish the new Matrix room to the public room list so
-  #         # anyone can see it? Default: true.
-  #         published: true
-  #         # What should the join_rule be for the new Matrix room? If 'public',
-  #         # anyone can join the room. If 'invite', only users with an invite can
-  #         # join the room. Note that if an IRC channel has +k or +i set on it,
-  #         # join_rules will be set to 'invite' until these modes are removed.
-  #         # Default: "public".
-  #         joinRule: public
-  #         # This will set the m.room.related_groups state event in newly created rooms
-  #         # with the given groupId. This means flares will show up on IRC users in those rooms.
-  #         # This should be set to the same thing as namespaces.users.group_id in irc_registration.
-  #         # This does not alter existing rooms.
-  #         # Leaving this option empty will not set the event.
-  #         groupId: +myircnetwork:localhost
-  #         # Should created Matrix rooms be federated? If false, only users on the
-  #         # HS attached to this AS will be able to interact with this room.
-  #         # Default: true.
-  #         federate: true
-  #         # The room alias template to apply when creating new aliases. This only
-  #         # applies if createAlias is 'true'. The following variables are exposed:
-  #         # $SERVER => The IRC server address (e.g. "irc.example.com")
-  #         # $CHANNEL => The IRC channel (e.g. "#python")
-  #         # This MUST have $CHANNEL somewhere in it.
-  #         # Default: '#irc_$SERVER_$CHANNEL'
-  #         aliasTemplate: "#irc_$CHANNEL"
-  #         # A list of user IDs which the AS bot will send invites to in response
-  #         # to a !join. Only applies if joinRule is 'invite'. Default: []
-  #         # whitelist:
-  #         #   - "@foo:example.com"
-  #         #   - "@bar:example.com"
-  #         #
-  #         # Prevent the given list of channels from being mapped under any
-  #         # circumstances.
-  #         # exclude: ["#foo", "#bar"]
-  #
-  #       # Configuration for controlling how Matrix and IRC membership lists are
-  #       # synced.
-  #       membershipLists:
-  #         # Enable the syncing of membership lists between IRC and Matrix. This
-  #         # can have a significant effect on performance on startup as the lists are
-  #         # synced. This must be enabled for anything else in this section to take
-  #         # effect. Default: false.
-  #         enabled: false
-  #
-  #         # Syncing membership lists at startup can result in hundreds of members to
-  #         # process all at once. This timer drip feeds membership entries at the
-  #         # specified rate. Default: 10000. (10s)
-  #         floodDelayMs: 10000
-  #
-  #         global:
-  #           ircToMatrix:
-  #             # Get a snapshot of all real IRC users on a channel (via NAMES) and
-  #             # join their virtual matrix clients to the room.
-  #             initial: false
-  #             # Make virtual matrix clients join and leave rooms as their real IRC
-  #             # counterparts join/part channels. Default: false.
-  #             incremental: false
-  #
-  #           matrixToIrc:
-  #             # Get a snapshot of all real Matrix users in the room and join all of
-  #             # them to the mapped IRC channel on startup. Default: false.
-  #             initial: false
-  #             # Make virtual IRC clients join and leave channels as their real Matrix
-  #             # counterparts join/leave rooms. Make sure your 'maxClients' value is
-  #             # high enough! Default: false.
-  #             incremental: false
-  #
-  #         # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
-  #         rooms:
-  #           - room: "!fuasirouddJoxtwfge:localhost"
-  #             matrixToIrc:
-  #               initial: false
-  #               incremental: false
-  #
-  #         # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
-  #         channels:
-  #           - channel: "#foo"
-  #             ircToMatrix:
-  #               initial: false
-  #               incremental: false
-  #
-  #       mappings:
-  #         # 1:many mappings from IRC channels to room IDs on this IRC server.
-  #         # The matrix room must already exist. Your matrix client should expose
-  #         # the room ID in a "settings" page for the room.
-  #         "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
-  #
-  #       # Configuration for virtual matrix users. The following variables are
-  #       # exposed:
-  #       # $NICK => The IRC nick
-  #       # $SERVER => The IRC server address (e.g. "irc.example.com")
-  #       matrixClients:
-  #         # The user ID template to use when creating virtual matrix users. This
-  #         # MUST have $NICK somewhere in it.
-  #         # Optional. Default: "@$SERVER_$NICK".
-  #         # Example: "@irc.example.com_Alice:example.com"
-  #         userTemplate: "@irc_$NICK"
-  #         # The display name to use for created matrix clients. This should have
-  #         # $NICK somewhere in it if it is specified. Can also use $SERVER to
-  #         # insert the IRC domain.
-  #         # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
-  #         displayName: "$NICK (IRC)"
-  #         # Number of tries a client can attempt to join a room before the request
-  #         # is discarded. You can also use -1 to never retry or 0 to never give up.
-  #         # Optional. Default: -1
-  #         joinAttempts: -1
-  #
-  #       # Configuration for virtual IRC users. The following variables are exposed:
-  #       # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
-  #       # $USERID => The user ID
-  #       # $DISPLAY => The display name of this user, with excluded characters
-  #       #             (e.g. space) removed. If the user has no display name, this
-  #       #             falls back to $LOCALPART.
-  #       ircClients:
-  #         # The template to apply to every IRC client nick. This MUST have either
-  #         # $DISPLAY or $USERID or $LOCALPART somewhere in it.
-  #         # Optional. Default: "M-$DISPLAY". Example: "M-Alice".
-  #         nickTemplate: "$DISPLAY[m]"
-  #         # True to allow virtual IRC clients to change their nick on this server
-  #         # by issuing !nick <server> <nick> commands to the IRC AS bot.
-  #         # This is completely freeform: it will NOT follow the nickTemplate.
-  #         allowNickChanges: true
-  #         # The max number of IRC clients that will connect. If the limit is
-  #         # reached, the client that spoke the longest time ago will be
-  #         # disconnected and replaced.
-  #         # Optional. Default: 30.
-  #         maxClients: 30
-  #         # IPv6 configuration.
-  #         ipv6:
-  #           # Optional. Set to true to force IPv6 for outgoing connections.
-  #           only: false
-  #           # Optional. The IPv6 prefix to use for generating unique addresses for each
-  #           # connected user. If not specified, all users will connect from the same
-  #           # (default) address. This may require additional OS-specific work to allow
-  #           # for the node process to bind to multiple different source addresses
-  #           # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
-  #           # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
-  #           # prefix: "2001:0db8:85a3::"  # modify appropriately
-  #         #
-  #         # The maximum amount of time in seconds that the client can exist
-  #         # without sending another message before being disconnected. Use 0 to
-  #         # not apply an idle timeout. This value is ignored if this IRC server is
-  #         # mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
-  #         idleTimeout: 10800
-  #         # The number of millseconds to wait between consecutive reconnections if a
-  #         # client gets disconnected. Setting to 0 will cause the scheduling to be
-  #         # disabled, i.e. it will be scheduled immediately (with jitter.
-  #         # Otherwise, the scheduling interval will be used such that one client
-  #         # reconnect for this server will be handled every reconnectIntervalMs ms using
-  #         # a FIFO queue.
-  #         # Default: 5000 (5 seconds)
-  #         reconnectIntervalMs: 5000
-  #         # The number of concurrent reconnects if a user has been disconnected unexpectedly
-  #         # (e.g. a netsplit). You should set this to a reasonably high number so that
-  #         # bridges are not waiting an eternity to reconnect all its clients if
-  #         # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
-  #         # setting above which is for connecting on restart of the bridge. Set to 0 to
-  #         # immediately try to reconnect all users.
-  #         # Default: 50
-  #         concurrentReconnectLimit: 50
-  #         # The number of lines to allow being sent by the IRC client that has received
-  #         # a large block of text to send from matrix. If the number of lines that would
-  #         # be sent is > lineLimit, the text will instead be uploaded to matrix and the
-  #         # resulting URI is treated as a file. As such, a link will be sent to the IRC
-  #         # side instead of potentially spamming IRC and getting the IRC client kicked.
-  #         # Default: 3.
-  #         lineLimit: 3
-  #         # A list of user modes to set on every IRC client. For example, "RiG" would set
-  #         # +R, +i and +G on every IRC connection when they have successfully connected.
-  #         # User modes vary wildly depending on the IRC network you're connecting to,
-  #         # so check before setting this value. Some modes may not work as intended
-  #         # through the bridge e.g. caller ID as there is no way to /ACCEPT.
-  #         # Default: "" (no user modes)
-  #         # userModes: "R"
-  #
-  #   # Configuration for an ident server. If you are running a public bridge it is
-  #   # advised you setup an ident server so IRC mods can ban specific matrix users
-  #   # rather than the application service itself.
-  #   ident:
-  #     # True to listen for Ident requests and respond with the
-  #     # matrix user's user_id (converted to ASCII, respecting RFC 1413).
-  #     # Default: false.
-  #     enabled: false
-  #     # The port to listen on for incoming ident requests.
-  #     # Ports below 1024 require root to listen on, and you may not want this to
-  #     # run as root. Instead, you can get something like an Apache to yank up
-  #     # incoming requests to 113 to a high numbered port. Set the port to listen
-  #     # on instead of 113 here.
-  #     # Default: 113.
-  #     port: 1113
-  #     # The address to listen on for incoming ident requests.
-  #     # Default: 0.0.0.0
-  #     address: "::"
-  #
-  #   # Configuration for logging. Optional. Default: console debug level logging
-  #   # only.
-  #   logging:
-  #     # Level to log on console/logfile. One of error|warn|info|debug
-  #     level: "debug"
-  #     # The file location to log to. This is relative to the project directory.
-  #     logfile: "debug.log"
-  #     # The file location to log errors to. This is relative to the project
-  #     # directory.
-  #     errfile: "errors.log"
-  #     # Whether to log to the console or not.
-  #     toConsole: true
-  #     # The max number of files to keep. Files will be overwritten eventually due
-  #     # to rotations.
-  #     maxFiles: 5
-  #
-  #   # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
-  #   #   $ npm install prom-client@6.3.0
-  #   # Metrics will then be available via GET /metrics on the bridge listening port (-p).
-  #   metrics:
-  #     # Whether to actually enable the metric endpoint. Default: false
-  #     enabled: true
-  #     # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
-  #     # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
-  #     remoteUserAgeBuckets:
-  #       - "1h"
-  #       - "1d"
-  #       - "1w"
-  #
-  #   # Configuration options for the debug HTTP API. To access this API, you must
-  #   # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
-  #   #
-  #   # The debug API exposes the following endpoints:
-  #   #
-  #   #   GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
-  #   #
-  #   #   POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
-  #   #                                      Format: new line delimited commands as per IRC protocol.
-  #   #
-  #   debugApi:
-  #     # True to enable the HTTP API endpoint. Default: false.
-  #     enabled: false
-  #     # The port to host the HTTP API.
-  #     port: 11100
-  #
-  #   # Configuration for the provisioning API.
-  #   #
-  #   # GET /_matrix/provision/link
-  #   # GET /_matrix/provision/unlink
-  #   # GET /_matrix/provision/listlinks
-  #   #
-  #   provisioning:
-  #     # True to enable the provisioning HTTP endpoint. Default: false.
-  #     enabled: false
-  #     # The number of seconds to wait before giving up on getting a response from
-  #     # an IRC channel operator. If the channel operator does not respond within the
-  #     # allotted time period, the provisioning request will fail.
-  #     # Default: 300 seconds (5 mins)
-  #     requestTimeoutSeconds: 300
-  #
-  #   # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
-  #   # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
-  #   # the database.
-  #   #
-
-matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}"
-
-matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}"
-
-
-# Matrix Appservice Discord is a Matrix <-> Discord bridge
-# Enable Discord bridge
-matrix_appservice_discord_enabled: false
-
-matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
-
-matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
-
-matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID"
-matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
-
-matrix_appservice_discord_configuration_yaml: |
-    bridge:
-        domain: "{{ matrix_domain }}"
-        homeserverUrl: "{{ matrix_homeserver_url }}"
-    auth:
-        clientID: "{{matrix_appservice_discord_client_id}}"
-        botToken: "{{matrix_appservice_discord_bot_token}}"
-    database:
-        filename: "/data/discord.db"
-        userStorePath: "/data/user-store.db"
-        roomStorePath: "/data/room-store.db"
-
-matrix_appservice_discord_configuration_extension_yaml: |
-    # This is a sample of the config file showing all avaliable options.
-    # Where possible we have documented what they do, and all values are the
-    # default values.
-    #
-    #bridge:
-    #  # Domain part of the bridge, e.g. matrix.org
-    #  domain: "localhost"
-    #  # This should be your publically facing URL because Discord may use it to
-    #  # fetch media from the media store.
-    #  homeserverUrl: "http://localhost:8008"
-    #  # Interval at which to process users in the 'presence queue'. If you have
-    #  # 5 users, one user will be processed every 500 milliseconds according to the
-    #  # value below. This has a minimum value of 250.
-    #  # WARNING: This has a high chance of spamming the homeserver with presence
-    #  # updates since it will send one each time somebody changes state or is online.
-    #  presenceInterval: 500
-    #  # Disable setting presence for 'ghost users' which means Discord users on Matrix
-    #  # will not be shown as away or online.
-    #  disablePresence: false
-    #  # Disable sending typing notifications when somebody on Discord types.
-    #  disableTypingNotifications: false
-    #  # Disable deleting messages on Discord if a message is redacted on Matrix.
-    #  disableDeletionForwarding: false
-    #  # Enable users to bridge rooms using !discord commands. See
-    #  # https://t2bot.io/discord for instructions.
-    #  enableSelfServiceBridging: false
-    #  # Disable sending of read receipts for Matrix events which have been
-    #  # successfully bridged to Discord.
-    #  disableReadReceipts: false
-    # Authentication configuration for the discord bot.
-    #auth:
-    #  clientID: "12345"
-    #  botToken: "foobar"
-    #logging:
-    #  # What level should the logger output to the console at.
-    #  console: "warn" #silly, verbose, info, http, warn, error, silent
-    #  lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
-    #  files:
-    #    - file: "debug.log"
-    #      disable:
-    #        - "PresenceHandler" # Will not capture presence logging
-    #    - file: "warn.log" # Will capture warnings
-    #      level: "warn"
-    #    - file: "botlogs.log" # Will capture logs from DiscordBot
-    #      level: "info"
-    #      enable:
-    #        - "DiscordBot"
-    #database:
-    #  userStorePath: "user-store.db"
-    #  roomStorePath: "room-store.db"
-    #  # You may either use SQLite or Postgresql for the bridge database, which contains
-    #  # important mappings for events and user puppeting configurations.
-    #  # Use the filename option for SQLite, or connString for Postgresql.
-    #  # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
-    #  # WARNING: You will almost certainly be fine with sqlite unless your bridge
-    #  # is in heavy demand and you suffer from IO slowness.
-    #  filename: "discord.db"
-    #  # connString: "postgresql://user:password@localhost/database_name"
-    #room:
-    #  # Set the default visibility of alias rooms, defaults to "public".
-    #  # One of: "public", "private"
-    #  defaultVisibility: "public"
-    #channel:
-    #    # Pattern of the name given to bridged rooms.
-    #    # Can use :guild for the guild name and :name for the channel name.
-    #    namePattern: "[Discord] :guild :name"
-    #    # Changes made to rooms when a channel is deleted.
-    #    deleteOptions:
-    #       # Prefix the room name with a string.
-    #       #namePrefix: "[Deleted]"
-    #       # Prefix the room topic with a string.
-    #       #topicPrefix: "This room has been deleted"
-    #       # Disable people from talking in the room by raising the event PL to 50
-    #       disableMessaging: false
-    #       # Remove the discord alias from the room.
-    #       unsetRoomAlias: true
-    #       # Remove the room from the directory.
-    #       unlistFromDirectory: true
-    #       # Set the room to be unavaliable for joining without an invite.
-    #       setInviteOnly: true
-    #       # Make all the discord users leave the room.
-    #       ghostsLeave: true
-    #limits:
-    #    # Delay in milliseconds between discord users joining a room.
-    #    roomGhostJoinDelay: 6000
-    #    # Delay in milliseconds before sending messages to discord to avoid echos.
-    #    # (Copies of a sent message may arrive from discord before we've
-    #    # fininished handling it, causing us to echo it back to the room)
-    #    discordSendDelay: 750
-
-matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}"
-
-matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}"
-
-
 # Controls whether searching the public room list is enabled.
-matrix_enable_room_list_search: true
+matrix_synapse_enable_room_list_search: true
 
 # Controls who's allowed to create aliases on this server.
-matrix_alias_creation_rules:
+matrix_synapse_alias_creation_rules:
   - user_id: "*"
     alias: "*"
     room_id: "*"
     action: allow
 
 # Controls who can publish and which rooms can be published in the public room list.
-matrix_room_list_publication_rules:
+matrix_synapse_room_list_publication_rules:
   - user_id: "*"
     alias: "*"
     room_id: "*"

roles/matrix-synapse/tasks/ext/init.yml

@@ -1,11 +0,0 @@
----
-
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/init.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml"

roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml

@@ -1,11 +1,10 @@
 - set_fact:
     matrix_synapse_password_providers_enabled: true
-  when: "matrix_synapse_ext_password_provider_ldap_enabled"
+  when: matrix_synapse_ext_password_provider_ldap_enabled|bool
 
 - set_fact:
     matrix_synapse_additional_loggers: >
       {{ matrix_synapse_additional_loggers }}
       +
       {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
-  when: "matrix_synapse_ext_password_provider_ldap_enabled"
+  when: matrix_synapse_ext_password_provider_ldap_enabled|bool
-