Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

roles/custom/matrix-base/tasks/clean_up_old_files.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Get rid of old files and directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ matrix_base_data_path }}/environment-variables"
+    - "{{ matrix_base_data_path }}/scratchpad"

roles/custom/matrix-base/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
+  tags:
+    - always
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+
+# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
+# which are required by many other roles.
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
+  when: run_setup | bool
+  tags:
+    - always
+    - setup-system-user
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
+  when: run_setup | bool
+  tags:
+    - setup-all
+    - setup-ma1sd
+    - setup-synapse
+    - setup-dendrite
+    - setup-nginx-proxy

roles/custom/matrix-base/tasks/sanity_check.yml

@@ -0,0 +1,91 @@
+---
+
+- name: Fail if invalid homeserver implementation
+  ansible.builtin.fail:
+    msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
+  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
+
+# We generally support Ansible 2.7.1 and above.
+- name: Fail if running on Ansible < 2.7.1
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
+
+# Though we do not support Ansible 2.9.6 which is buggy
+- name: Fail if running on Ansible 2.9.6 on Ubuntu
+  ansible.builtin.fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - ansible_distribution == 'Ubuntu'
+    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
+
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
+    - {'old': 'hostname_identity', 'new': 'matrix_domain'}
+    - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
+    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
+
+# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
+- name: Fail if matrix_homeserver_generic_secret_key is undefined
+  ansible.builtin.fail:
+    msg: |
+      The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
+
+      If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
+
+      If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
+      `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`
+      to your `vars.yml` file. Using another secret value for the new variable is also possible and shouldn't cause any trouble.
+  when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
+
+- name: Fail if required variables are undefined
+  ansible.builtin.fail:
+    msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
+  with_items:
+    - {'var': matrix_domain, 'value': "{{ matrix_domain | default('') }}"}
+    - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix | default('') }}"}
+    - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"}
+    - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"}
+    - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"}
+  when: "item.value is none or item.value == ''"
+
+- name: Fail if uppercase domain used
+  ansible.builtin.fail:
+    msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
+  with_items:
+    - "{{ matrix_domain }}"
+    - "{{ matrix_server_fqn_matrix }}"
+    - "{{ matrix_server_fqn_element }}"
+  when: "item != item | lower"
+
+- name: Fail if using python2 on Archlinux
+  ansible.builtin.fail:
+    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
+  when:
+    - ansible_distribution == 'Archlinux'
+    - ansible_python.version.major != 3
+
+- name: Fail if architecture is set incorrectly
+  ansible.builtin.fail:
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
+        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
+        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
+
+- name: Fail if encountering usage of removed role (mx-puppet-skype)
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration seems to include a reference to `matrix_mx_puppet_skype_enabled`. Are you trying to install the mx-puppet-skype bridge?
+      The playbook no longer includes a role for installing mx-puppet-skype, because the mx-puppet-bridge is unmaintained and has been reported as broken for a long time.
+      To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration.
+      To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal.
+      If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`.
+  when: "'matrix_mx_puppet_skype_enabled' in vars"

roles/custom/matrix-base/tasks/server_base/setup.yml

@@ -0,0 +1,47 @@
+---
+
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
+  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8
+
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
+  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30
+
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
+  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
+
+- when: ansible_os_family == 'Debian'
+  block:
+  # ansible_lsb is only available if lsb-release is installed.
+  - name: Ensure lsb-release installed
+    ansible.builtin.apt:
+      name:
+        - lsb-release
+      state: present
+      update_cache: true
+    register: lsb_release_installation_result
+
+  - name: Reread ansible_lsb facts if lsb-release got installed
+    ansible.builtin.setup:
+      filter: ansible_lsb*
+    when: lsb_release_installation_result.changed
+
+  - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
+    when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian')
+
+  - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
+    when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
+
+- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
+  when: ansible_distribution == 'Archlinux'
+
+- name: Ensure Docker is started and autoruns
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true
+
+- name: "Ensure ntpd is started and autoruns"
+  ansible.builtin.service:
+    name: "{{ matrix_ntpd_service }}"
+    state: started
+    enabled: true

roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Install host dependencies
+  community.general.pacman:
+    name:
+      - python-docker
+      - python-dnspython
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  community.general.pacman:
+    name:
+      - docker
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/server_base/setup_debian.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Ensure APT usage dependencies are installed
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+    state: present
+    update_cache: true
+
+- name: Ensure Docker's APT key is trusted
+  ansible.builtin.apt_key:
+    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker repository is enabled
+  ansible.builtin.apt_repository:
+    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    state: present
+    update_cache: true
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure APT packages are installed
+  ansible.builtin.apt:
+    name:
+      - "{{ matrix_ntpd_package }}"
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  ansible.builtin.apt:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/server_base/setup_fedora.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Ensure Docker repository is enabled
+  ansible.builtin.template:
+    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
+    dest: "/etc/yum.repos.d/docker-ce.repo"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items:
+    - docker-ce-fedora.repo
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  ansible.builtin.rpm_key:
+    state: present
+    key: https://download.docker.com/linux/fedora/gpg
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure yum packages are installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - python3-pip
+    state: present
+  when: matrix_docker_installation_enabled | bool
+
+- name: Ensure Docker-Py is installed
+  ansible.builtin.pip:
+    name: docker-py
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Ensure APT usage dependencies are installed
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+    state: present
+    update_cache: true
+
+- name: Ensure Docker's APT key is trusted
+  ansible.builtin.apt_key:
+    url: https://download.docker.com/linux/raspbian/gpg
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker repository is enabled
+  ansible.builtin.apt_repository:
+    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
+    state: present
+    update_cache: true
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure APT packages are installed
+  ansible.builtin.apt:
+    name:
+      - "{{ matrix_ntpd_package }}"
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  ansible.builtin.apt:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/server_base/setup_redhat.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Ensure Docker repository is enabled
+  ansible.builtin.template:
+    src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
+    dest: "/etc/yum.repos.d/docker-ce.repo"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  ansible.builtin.rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure yum packages are installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - docker-python
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml

@@ -0,0 +1,44 @@
+---
+
+- name: Ensure Docker repository is enabled
+  ansible.builtin.template:
+    src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
+    dest: "/etc/yum.repos.d/docker-ce.repo"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  ansible.builtin.rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure EPEL is installed
+  ansible.builtin.yum:
+    name:
+      - epel-release
+    state: present
+    update_cache: true
+
+- name: Ensure yum packages are installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+    state: present
+    update_cache: true
+
+- name: Ensure Docker is installed
+  ansible.builtin.yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - python3-pip
+    state: present
+  when: matrix_docker_installation_enabled | bool
+
+- name: Ensure Docker-Py is installed
+  ansible.builtin.pip:
+    name: docker-py
+    state: present
+  when: matrix_docker_installation_enabled | bool

roles/custom/matrix-base/tasks/setup_matrix_base.yml

@@ -0,0 +1,77 @@
+---
+
+- name: Ensure Matrix base path exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "{{ matrix_base_data_path_mode }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_base_data_path }}"
+
+- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
+  ansible.builtin.copy:
+    src: "{{ matrix_vars_yml_snapshotting_src }}"
+    dest: "{{ matrix_base_data_path }}/vars.yml"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: '0660'
+  when: "matrix_vars_yml_snapshotting_enabled | bool"
+
+- name: Save current git-repo status on the target to aid with restoring in case of problems
+  when: "matrix_playbook_commit_hash_preservation_enabled|bool"
+  block:
+    - name: Get local git hash  # noqa command-instead-of-module
+      delegate_to: 127.0.0.1
+      become: false
+      register: git_describe
+      changed_when: false
+      ansible.builtin.shell:
+        git describe
+            --always
+            --tags
+            --dirty
+            --long
+            --all
+
+    - ansible.builtin.set_fact:
+        git_hash: "{{ git_describe.stdout }}"
+
+    - name: Git hash
+      ansible.builtin.debug:
+        msg: "Git hash: {{ git_hash }}"
+
+    - name: Save git_hash.yml on target
+      ansible.builtin.copy:
+        content: "{{ git_hash }}"
+        dest: "{{ matrix_base_data_path }}/git_hash.yml"
+        owner: "{{ matrix_user_username }}"
+        group: "{{ matrix_user_groupname }}"
+        mode: '0660'
+
+  rescue:
+    - name: GIT not found error
+      ansible.builtin.debug:
+        msg: >-
+          Couldn't find GIT on the local machine. Continuing without saving the GIT hash.
+          You can disable saving the GIT hash by setting 'matrix_playbook_commit_hash_preservation_enabled: false' in vars.yml
+      when: "git_describe.stderr.find('git: not found') != -1"
+
+    - name: Get GIT hash error
+      ansible.builtin.fail:
+        msg: >-
+          Error when trying to get the GIT hash. Please consult the error message above.
+          You can disable saving the GIT hash by setting 'matrix_playbook_commit_hash_preservation_enabled: false' in vars.yml
+      when: "git_describe.stderr.find('git: not found') == -1"
+
+- name: Ensure Matrix network is created in Docker
+  community.docker.docker_network:
+    name: "{{ matrix_docker_network }}"
+    driver: bridge
+
+- name: Ensure matrix-remove-all script created
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2"
+    dest: "{{ matrix_local_bin_path }}/matrix-remove-all"
+    mode: 0750

roles/custom/matrix-base/tasks/setup_matrix_user.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Ensure Matrix group is created
+  ansible.builtin.group:
+    name: "{{ matrix_user_groupname }}"
+    gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
+    state: present
+  register: matrix_group
+
+- name: Set Matrix Group GID Variable
+  ansible.builtin.set_fact:
+    matrix_user_gid: "{{ matrix_group.gid }}"
+
+- name: Ensure Matrix user is created
+  ansible.builtin.user:
+    name: "{{ matrix_user_username }}"
+    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
+    state: present
+    group: "{{ matrix_user_groupname }}"
+    home: "{{ matrix_base_data_path }}"
+    create_home: false
+    system: true
+  register: matrix_user
+
+- name: Set Matrix Group UID Variable
+  ansible.builtin.set_fact:
+    matrix_user_uid: "{{ matrix_user.uid }}"

roles/custom/matrix-base/tasks/setup_well_known.yml

@@ -0,0 +1,52 @@
+---
+# We need others to be able to read these directories too,
+# so that matrix-nginx-proxy's nginx user can access the files.
+#
+# For running with another webserver, we recommend being part of the `matrix` group.
+- name: Ensure Matrix static-files path exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_static_files_base_path }}/.well-known/matrix"
+
+- name: Ensure Matrix /.well-known/matrix/client file configured
+  ansible.builtin.copy:
+    content: "{{ matrix_well_known_matrix_client_configuration | to_nice_json }}"
+    dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Matrix /.well-known/matrix/server file configured
+  ansible.builtin.copy:
+    content: "{{ matrix_well_known_matrix_server_configuration | to_nice_json }}"
+    dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_well_known_matrix_server_enabled | bool
+
+- name: Ensure Matrix /.well-known/matrix/server file deleted
+  ansible.builtin.file:
+    path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
+    state: absent
+  when: "not matrix_well_known_matrix_server_enabled | bool"
+
+- name: Ensure Matrix /.well-known/matrix/support file configured
+  ansible.builtin.copy:
+    content: "{{ matrix_well_known_matrix_support_configuration | to_nice_json }}"
+    dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/support"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_well_known_matrix_support_enabled | bool
+
+- name: Ensure Matrix /.well-known/matrix/support file deleted
+  ansible.builtin.file:
+    path: "{{ matrix_static_files_base_path }}/.well-known/matrix/support"
+    state: absent
+  when: "not matrix_well_known_matrix_support_enabled | bool"

roles/custom/matrix-base/tasks/util/ensure_fuse_installed.yml

@@ -0,0 +1,23 @@
+---
+# This is for both RedHat 7 and 8
+- name: Ensure fuse installed (RedHat)
+  ansible.builtin.yum:
+    name:
+      - fuse
+    state: present
+  when: ansible_os_family == 'RedHat'
+
+# This is for both Debian and Raspbian
+- name: Ensure fuse installed (Debian/Raspbian)
+  ansible.builtin.apt:
+    name:
+      - fuse
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure fuse installed (Archlinux)
+  community.general.pacman:
+    name:
+      - fuse3
+    state: present
+  when: ansible_distribution == 'Archlinux'

roles/custom/matrix-base/tasks/util/ensure_openssl_installed.yml

@@ -0,0 +1,23 @@
+---
+# This is for both RedHat 7 and 8
+- name: Ensure openssl installed (RedHat)
+  ansible.builtin.yum:
+    name:
+      - openssl
+    state: present
+  when: ansible_os_family == 'RedHat'
+
+# This is for both Debian and Raspbian
+- name: Ensure openssl installed (Debian/Raspbian)
+  ansible.builtin.apt:
+    name:
+      - openssl
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure openssl installed (Archlinux)
+  community.general.pacman:
+    name:
+      - openssl
+    state: present
+  when: ansible_distribution == 'Archlinux'