Merge remote-tracking branch 'upstream/master' into testing

roles/matrix-bot-mjolnir/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v0.1.18"
+matrix_bot_mjolnir_version: "v0.1.19"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 
-matrix_appservice_irc_version: release-v0.29.0
+matrix_appservice_irc_version: release-0.30.0
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -0,0 +1,100 @@
+# beeper-linkedin is a Matrix <-> LinkedIn bridge
+# See: https://gitlab.com/beeper/linkedin
+
+matrix_beeper_linkedin_enabled: true
+
+matrix_beeper_linkedin_version: v0.5.0
+# See: https://gitlab.com/beeper/linkedin/container_registry
+matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
+matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
+
+matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
+matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
+matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
+
+matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
+matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
+
+# A list of extra arguments to pass to the container
+matrix_beeper_linkedin_container_extra_arguments: []
+
+# List of systemd services that matrix-beeper-linkedin.service depends on.
+matrix_beeper_linkedin_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-beeper-linkedin.service wants
+matrix_beeper_linkedin_systemd_wanted_services_list: []
+
+matrix_beeper_linkedin_appservice_token: ""
+matrix_beeper_linkedin_homeserver_token: ""
+
+matrix_beeper_linkedin_appservice_bot_username: linkedinbot
+
+
+# Database-related configuration fields.
+# Only Postgres is supported.
+matrix_beeper_linkedin_database_engine: "postgres"
+
+matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin'
+matrix_beeper_linkedin_database_password: ""
+matrix_beeper_linkedin_database_hostname: 'matrix-postgres'
+matrix_beeper_linkedin_database_port: 5432
+matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin'
+
+matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable'
+
+matrix_beeper_linkedin_appservice_database_type: "{{
+	{
+		'postgres':'postgres',
+	}[matrix_beeper_linkedin_database_engine]
+}}"
+
+matrix_beeper_linkedin_appservice_database_uri: "{{
+	{
+		'postgres': matrix_beeper_linkedin_database_connection_string,
+	}[matrix_beeper_linkedin_database_engine]
+}}"
+
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_beeper_linkedin_login_shared_secret: ''
+
+# Default beeper-linkedin configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_beeper_linkedin_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_beeper_linkedin_configuration_yaml`.
+
+matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`.
+matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}"
+
+matrix_beeper_linkedin_registration_yaml: |
+  id: linkedin
+  url: {{ matrix_beeper_linkedin_appservice_address }}
+  as_token: "{{ matrix_beeper_linkedin_appservice_token }}"
+  hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}"
+
+  sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }}
+  rate_limited: false
+  namespaces:
+      users:
+      - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$'
+        exclusive: true
+      - exclusive: true
+        regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$'
+  de.sorunome.msc2409.push_ephemeral: true
+
+matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}"

roles/matrix-bridge-beeper-linkedin/tasks/init.yml

@@ -0,0 +1,16 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}"
+  when: matrix_beeper_linkedin_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
+  when: matrix_beeper_linkedin_enabled|bool

roles/matrix-bridge-beeper-linkedin/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup and matrix_beeper_linkedin_enabled"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup and not matrix_beeper_linkedin_enabled"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin

roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml

@@ -0,0 +1,56 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure Beeper LinkedIn image is pulled
+  docker_image:
+    name: "{{ matrix_beeper_linkedin_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
+
+- name: Ensure Beeper LinkedIn paths exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_beeper_linkedin_base_path }}"
+    - "{{ matrix_beeper_linkedin_config_path }}"
+    - "{{ matrix_beeper_linkedin_data_path }}"
+
+- name: Ensure beeper-linkedin config.yaml installed
+  copy:
+    content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure beeper-linkedin registration.yaml installed
+  copy:
+    content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}"
+    dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-beeper-linkedin.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+    mode: 0644
+  register: matrix_beeper_linkedin_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_systemd_service_result.changed"

roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-beeper-linkedin service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+  register: matrix_beeper_linkedin_service_stat
+
+- name: Ensure matrix-beeper-linkedin is stopped
+  service:
+    name: matrix-beeper-linkedin
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+
+- name: Ensure matrix-beeper-linkedin.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+    state: absent
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"

roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_beeper_linkedin_appservice_token"
+    - "matrix_beeper_linkedin_homeserver_token"
+

roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -0,0 +1,267 @@
+#jinja2: lstrip_blocks: "True"
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: {{ matrix_beeper_linkedin_homeserver_address }}
+    # The domain of the homeserver (for MXIDs, etc).
+    domain: {{ matrix_beeper_linkedin_homeserver_domain }}
+    # Whether or not to verify the SSL certificate of the homeserver.
+    # Only applies if address starts with https://
+    verify_ssl: true
+    # Whether or not the homeserver supports asmux-specific endpoints,
+    # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
+    # updating m.direct.
+    asmux: false
+    # Number of retries for all HTTP requests if the homeserver isn't reachable.
+    http_retry_count: 4
+
+
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: {{ matrix_beeper_linkedin_appservice_address }}
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 29319
+
+    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+    max_body_size: 1
+
+    # The full URI to the database. Only Postgres is currently supported.
+    database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }}
+    # Additional arguments for asyncpg.create_pool()
+    # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
+    database_opts:
+        min_size: 5
+        max_size: 10
+
+    # Provisioning API part of the web server for automated portal creation and fetching information.
+    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
+    provisioning:
+        # Whether or not the provisioning API should be enabled.
+        enabled: true
+        # The prefix to use in the provisioning API endpoints.
+        prefix: /_matrix/provision/v1
+        # The shared secret to authorize users of the API.
+        # Set to "generate" to generate and save a new token.
+        shared_secret: generate
+
+    # The unique ID of this appservice.
+    id: beeper_linkedin
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: LinkedIn bridge bot
+        avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB 
+
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+    ephemeral_events: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "{{ matrix_beeper_linkedin_appservice_token }}"
+    hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}"
+
+
+# Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+    enabled: false
+    listen_port: 8000
+
+# Manhole config.
+manhole:
+    # Whether or not opening the manhole is allowed.
+    enabled: false
+    # The path for the unix socket.
+    path: /var/tmp/linkedin-matrix.manhole
+    # The list of UIDs who can be added to the whitelist.
+    # If empty, any UIDs can be specified in the open-manhole command.
+    whitelist:
+    - 0
+
+
+# Bridge config
+bridge:
+    # Localpart template of MXIDs for LinkedIn  users.
+    username_template: "linkedin_{userid}"
+    # Displayname template for LinkedIn users.
+    # Localpart template for per-user room grouping community IDs.
+    # The bridge will create these communities and add all of the specific user's portals to the community.
+    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
+    # (Note that, by default, non-admins might not have your homeserver's permission to create
+    # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.)
+    # `linkedin_{localpart}={server}` is a good value.
+    community_template: null
+
+    # Displayname template for LinkedIn users.
+    # {displayname} is replaced with the display name of the LinkedIn user
+    #               as defined below in displayname_preference.
+    # Keys available for displayname_preference are also available here.
+    displayname_template: "{displayname} (LinkedIn)"
+
+    # Number of chats to sync (and create portals for) on startup/login.
+    # Set 0 to disable automatic syncing.
+    initial_chat_sync: 10
+
+    # Whether or not the LinkedIn users of logged in Matrix users should be
+    # invited to private chats when the user sends a message from another client.
+    invite_own_puppet_to_pm: false
+    # Whether or not to use /sync to get presence, read receipts and typing notifications
+    # when double puppeting is enabled
+    sync_with_custom_puppets: true
+    # Whether or not to update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # Servers to always allow double puppeting from
+    double_puppet_server_map: {}
+    #    example.com: https://example.com
+    # Allow using double puppeting from any server with a valid client .well-known file.
+
+    # Maximum number of seconds since last message in chat to skip
+    # syncing the chat in any case. This setting will take priority
+    # over both recovery_chat_sync_limit and initial_chat_sync_count.
+    # Default is 3 days = 259200 seconds
+    sync_max_chat_age: 259200
+
+    # Whether or not to sync with custom puppets to receive EDUs that
+    # are not normally sent to appservices.
+    sync_with_custom_puppets: true
+    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
+    #
+    # If set, custom puppets will be enabled automatically for local users
+    # instead of users having to find an access token and run `login-matrix`
+    # manually.
+    login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }}
+
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+
+    # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast
+    # presence, but then it won't send other users' presence to the client.
+    presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }}
+    # Whether or not to update avatars when syncing all contacts at startup.
+    update_avatar_initial_sync: true
+
+
+    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
+    # and login_shared_secret to be configured in order to get a device for the bridge bot.
+    #
+    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
+    # application service.
+    encryption:
+        # Allow encryption, work in group chat rooms with e2ee enabled
+        allow: false
+        # Default to encryption, force-enable encryption in all portals the bridge creates
+        # This will cause the bridge bot to be in private chats for the encryption to work properly.
+        default: false
+        # Options for automatic key sharing.
+        key_sharing:
+            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+            # You must use a client that supports requesting keys from other users to use this feature.
+            allow: false
+            # Require the requesting device to have a valid cross-signing signature?
+            # This doesn't require that the bridge has verified the device, only that the user has verified it.
+            # Not yet implemented.
+            require_cross_signing: false
+            # Require devices to be verified by the bridge?
+            # Verification by the bridge is not yet implemented.
+            require_verification: true
+    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
+    # been sent to LinkedIn.
+    delivery_receipts: false
+    # Whether to allow inviting arbitrary mxids to portal rooms
+    allow_invites: false
+
+    # Settings for backfilling messages from LinkedIn.
+    backfill:
+        # Whether or not the LinkedIn users of logged in Matrix users should be
+        # invited to private chats when backfilling history from LinkedIn. This is
+        # usually needed to prevent rate limits and to allow timestamp massaging.
+        invite_own_puppet: true
+        # Maximum number of messages to backfill initially.
+        # Set to 0 to disable backfilling when creating portal.
+        initial_limit: 0
+        # Maximum number of messages to backfill if messages were missed while
+        # the bridge was disconnected.
+        # Set to 0 to disable backfilling missed messages.
+        missed_limit: 1000
+        # If using double puppeting, should notifications be disabled
+        # while the initial backfill is in progress?
+        disable_notifications: false
+    periodic_reconnect:
+        # TODO needed?
+        # Interval in seconds in which to automatically reconnect all users.
+        # This can be used to automatically mitigate the bug where Linkedin stops sending messages.
+        # Set to -1 to disable periodic reconnections entirely.
+        interval: -1
+        # What to do in periodic reconnects. Either "refresh" or "reconnect"
+        mode: refresh
+        # Should even disconnected users be reconnected?
+        always: false
+    # The number of seconds that a disconnection can last without triggering an automatic re-sync
+    # and missed message backfilling when reconnecting.
+    # Set to 0 to always re-sync, or -1 to never re-sync automatically.
+    resync_max_disconnected_time: 5
+    # Whether or not temporary disconnections should send notices to the notice room.
+    # If this is false, disconnections will never send messages and connections will only send
+    # messages if it was disconnected for more than resync_max_disconnected_time seconds.
+    temporary_disconnect_notices: true
+    # Whether or not the bridge should try to "refresh" the connection if a normal reconnection
+    # attempt fails.
+    refresh_on_reconnection_fail: false
+    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+    # This field will automatically be changed back to false after it,
+    # except if the config file is not writable.
+    resend_bridge_info: false
+    # When using double puppeting, should muted chats be muted in Matrix?
+    mute_bridging: false
+    # Whether or not mute status and tags should only be bridged when the portal room is created.
+    tag_only_on_create: true
+
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: "!li"
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #     user - Access to use the bridge to chat with a Linkedin account.
+    #    admin - User level and some additional administration tools
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions:
+        "{{ matrix_beeper_linkedin_homeserver_domain }}": user
+
+
+
+# Logging config.
+logging:
+    version: 1
+    formatters:
+        colored:
+            (): mautrix.util.logging.color.ColorFormatter
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+        normal:
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+    handlers:
+        console:
+            class: logging.StreamHandler
+            formatter: colored
+    loggers:
+        mau:
+            level: DEBUG
+        paho:
+            level: INFO
+        aiohttp:
+            level: INFO
+    root:
+        level: DEBUG
+        handlers: [ console]
+

roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2

@@ -0,0 +1,42 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Beeper Linkedin bridge
+{% for service in matrix_beeper_linkedin_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_beeper_linkedin_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-v {{ matrix_beeper_linkedin_config_path }}:/data:z \
+			--workdir=/opt/linkedin-matrix \
+			{% for arg in matrix_beeper_linkedin_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_beeper_linkedin_docker_image }} \
+                        python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-beeper-linkedin
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.0.0
+matrix_heisenbridge_version: 1.0.1
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -60,7 +60,7 @@
   git:
     repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}"
     dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
-#    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
+    version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}"
     force: "yes"
   register: matrix_mautrix_facebook_git_pull_results
   when: "matrix_mautrix_facebook_container_image_self_build|bool"

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.9.0
+matrix_mautrix_telegram_version: v0.10.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-client-element/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.8.1
+matrix_client_element_version: v1.8.2
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.2.5
+matrix_client_hydrogen_version: v0.2.7
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/tasks/setup.yml

@@ -33,6 +33,17 @@
   register: matrix_client_hydrogen_git_pull_results
   when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
 
+- name: Ensure Hydrogen Docker image is built
+  docker_image:
+    name: "{{ matrix_client_hydrogen_docker_image }}"
+    source: build
+    force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
+
 - name: Ensure Hydrogen configuration installed
   copy:
     content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}"
@@ -53,17 +64,6 @@
     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
   when: "matrix_client_hydrogen_enabled|bool and item.src is not none"
 
-- name: Ensure Hydrogen Docker image is built
-  docker_image:
-    name: "{{ matrix_client_hydrogen_docker_image }}"
-    source: build
-    force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
-      pull: yes
-  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
-
 - name: Ensure matrix-client-hydrogen.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2"

roles/matrix-corporal/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.1.1
+matrix_corporal_version: 2.1.2
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

roles/matrix-coturn/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
-matrix_coturn_version: 4.5.2-r3
+matrix_coturn_version: 4.5.2-r4
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.0.6
+matrix_grafana_version: 8.1.2
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-jitsi/defaults/main.yml

@@ -7,6 +7,7 @@ matrix_jitsi_enable_guests: false
 matrix_jitsi_enable_recording: false
 matrix_jitsi_enable_transcriptions: false
 matrix_jitsi_enable_p2p: true
+matrix_jitsi_enable_av_moderation: true
 
 # Authentication type, must be one of internal, jwt or ldap. Currently only
 # internal and ldap are supported by this playbook.
@@ -53,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-5963
+matrix_jitsi_version: stable-6173
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@@ -69,6 +70,14 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
 # Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
 matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
 
+# Setting up TURN
+# Default set with Coturn container
+matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}"
+matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
+matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
+matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
+matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
+
 # Controls whether Etherpad will be available within Jitsi
 matrix_jitsi_etherpad_enabled: false
 

roles/matrix-jitsi/templates/prosody/env.j2

@@ -2,6 +2,7 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }}
 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
 ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
+ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
 ENABLE_XMPP_WEBSOCKET
 GLOBAL_MODULES
 GLOBAL_CONFIG
@@ -48,4 +49,9 @@ JWT_AUTH_TYPE
 JWT_TOKEN_AUTH_MODULE
 LOG_LEVEL
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
+TURN_HOST={{ matrix_jitsi_turn_host }}
+TURNS_HOST={{ matrix_jitsi_turns_host }}
+TURN_PORT={{ matrix_jitsi_turn_port }}
+TURNS_PORT={{ matrix_jitsi_turns_port }}
 TZ={{ matrix_jitsi_timezone }}

roles/matrix-mailer/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.94.2-r0-2
+matrix_mailer_version: 4.94.2-r0-4
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

roles/matrix-nginx-proxy/defaults/main.yml

@@ -282,6 +282,23 @@ matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
 # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
 
+# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives
+# Nginx Default: proxy_connect_timeout 60s;   #Defines a timeout for establishing a connection with a proxied server
+# Nginx Default: proxy_send_timeout 60s;      #Sets a timeout for transmitting a request to the proxied server.
+# Nginx Default: proxy_read_timeout 60s;      #Defines a timeout for reading a response from the proxied server.
+# Nginx Default: send_timeout 60s;            #Sets a timeout for transmitting a response to the client.
+#
+# For more information visit:
+# http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout
+# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/
+#
+# Here we are sticking with nginx default values change this value carefully.
+matrix_nginx_proxy_connect_timeout: 60
+matrix_nginx_proxy_send_timeout: 60
+matrix_nginx_proxy_read_timeout: 60
+matrix_nginx_send_timeout: 60
+
 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users.
 #
 # Learn more about what it is here:
@@ -409,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2

@@ -42,6 +42,11 @@ http {
 	{% else %}
 	access_log off;
 	{% endif %}
+	
+	proxy_connect_timeout       {{ matrix_nginx_proxy_connect_timeout }};
+	proxy_send_timeout          {{  matrix_nginx_proxy_send_timeout }};
+	proxy_read_timeout          {{ matrix_nginx_proxy_read_timeout }};
+	send_timeout                {{ matrix_nginx_send_timeout }};
 
 	sendfile on;
 	#tcp_nopush on;

roles/matrix-postgres/defaults/main.yml

@@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64
 # > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
 
-matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.2.0
+matrix_prometheus_node_exporter_version: v1.2.2
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 

roles/matrix-prometheus-postgres-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_postgres_exporter_enabled: false
 
-matrix_prometheus_postgres_exporter_version: v0.9.0
+matrix_prometheus_postgres_exporter_version: v0.10.0
 matrix_prometheus_postgres_exporter_port: 9187
 
 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"

roles/matrix-prometheus/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.28.1
+matrix_prometheus_version: v2.29.2
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

roles/matrix-sygnal/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
 matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
 
-matrix_sygnal_version: v0.9.0
+matrix_sygnal_version: v0.10.1
 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
 matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
 
@@ -25,26 +25,6 @@ matrix_sygnal_container_http_host_bind_port: ''
 # A list of extra arguments to pass to the container
 matrix_sygnal_container_extra_arguments: []
 
-# Database-related configuration fields.
-#
-# To use SQLite, stick to these defaults.
-#
-# To use Postgres:
-# - change the engine (`matrix_sygnal_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables
-matrix_sygnal_database_engine: 'sqlite'
-
-matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db"
-matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db"
-
-matrix_sygnal_database_username: 'matrix_sygnal'
-matrix_sygnal_database_password: 'some-password'
-matrix_sygnal_database_hostname: 'matrix-postgres'
-matrix_sygnal_database_port: 5432
-matrix_sygnal_database_name: 'matrix_sygnal'
-
-matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}'
-
 # A map (dictionary) of apps instances that this server works with.
 #
 # Example configuration:

roles/matrix-sygnal/tasks/setup_install.yml

@@ -1,32 +1,5 @@
 ---
 
-- set_fact:
-    matrix_sygnal_requires_restart: false
-
-- block:
-    - name: Check if an SQLite database already exists
-      stat:
-        path: "{{ matrix_sygnal_sqlite_database_path_local }}"
-      register: matrix_sygnal_sqlite_database_path_local_stat_result
-
-    - block:
-        - set_fact:
-            matrix_postgres_db_migration_request:
-              src: "{{ matrix_sygnal_sqlite_database_path_local }}"
-              dst: "{{ matrix_sygnal_database_connection_string }}"
-              caller: "{{ role_path|basename }}"
-              engine_variable_name: 'matrix_sygnal_database_engine'
-              engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-sygnal.service']
-              pgloader_options: ['--with "quote identifiers"']
-
-        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
-
-        - set_fact:
-            matrix_sygnal_requires_restart: true
-      when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool"
-  when: "matrix_sygnal_database_engine == 'postgres'"
-
 - name: Ensure Sygnal image is pulled
   docker_image:
     name: "{{ matrix_sygnal_docker_image }}"
@@ -65,9 +38,3 @@
   service:
     daemon_reload: yes
   when: "matrix_sygnal_systemd_service_result.changed|bool"
-
-- name: Ensure matrix-sygnal.service restarted, if necessary
-  service:
-    name: "matrix-sygnal.service"
-    state: restarted
-  when: "matrix_sygnal_requires_restart|bool"

roles/matrix-sygnal/tasks/validate_config.yml

@@ -3,11 +3,3 @@
     msg: >-
       Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps`
   when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0"
-
-- name: Fail if running on a non-supported architecture
-  fail:
-    msg: >-
-      Sygnal can only be used on the amd64 architecture for now.
-      Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image.
-      Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role.
-  when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')"

roles/matrix-sygnal/templates/sygnal.yaml.j2

@@ -3,57 +3,6 @@
 # See: matrix.org
 ##
 
-# The 'database' setting defines the database that sygnal uses to store all of
-# its data.
-#
-# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
-# 'psycopg2' (for PostgreSQL).
-#
-# 'args' gives options which are passed through to the database engine,
-# except for options starting 'cp_', which are used to configure the Twisted
-# connection pool. For a reference to valid arguments, see:
-#   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
-#   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
-#   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
-#
-#
-# Example SQLite configuration:
-#
-#database:
-#  name: sqlite3
-#  args:
-#    dbfile: /path/to/database.db
-#
-#
-# Example Postgres configuration:
-#
-#database:
-#  name: psycopg2
-#  args:
-#    host: localhost
-#    database: sygnal
-#    user: sygnal
-#    password: pass
-#    cp_min: 1
-#    cp_max: 5
-#
-{% if matrix_sygnal_database_engine == 'sqlite' %}
-database:
-  name: sqlite3
-  args:
-    dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }}
-{% else %}
-database:
-  name: psycopg2
-  args:
-    host: {{ matrix_sygnal_database_hostname|to_json }}
-    database: {{ matrix_sygnal_database_name|to_json }}
-    user: {{ matrix_sygnal_database_username|to_json }}
-    password: {{ matrix_sygnal_database_password|to_json }}
-    cp_min: 1
-    cp_max: 5
-{% endif %}
-
 ## Logging #
 #
 log:

roles/matrix-synapse-admin/tasks/setup.yml

@@ -16,6 +16,7 @@
   git:
     repo: "{{ matrix_synapse_admin_container_self_build_repo }}"
     dest: "{{ matrix_synapse_admin_docker_src_files_path }}"
+    version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}"
     force: "yes"
   register: matrix_synapse_admin_git_pull_results
   when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool"

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.40.0
-matrix_synapse_version_arm64: v1.40.0
+matrix_synapse_version: v1.41.1
+matrix_synapse_version_arm64: v1.41.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
@@ -470,6 +470,7 @@ matrix_synapse_email_smtp_port: 587
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
 matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
+matrix_synapse_email_invite_client_location: "https://app.element.io"
 
 
 # Enable this to activate the REST auth password provider module.

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -185,6 +185,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
 #
 # This option replaces federation_ip_range_blacklist in Synapse v1.25.0.
 #
+# Note: The value is ignored when an HTTP proxy is in use
+#
 #ip_range_blacklist:
 #  - '127.0.0.0/8'
 #  - '10.0.0.0/8'
@@ -583,6 +585,19 @@ retention:
 #
 #next_link_domain_whitelist: ["matrix.org"]
 
+# Templates to use when generating email or HTML page contents.
+#
+templates:
+  # Directory in which Synapse will try to find template files to use to generate
+  # email or HTML page contents.
+  # If not set, or a file is not found within the template directory, a default
+  # template from within the Synapse package will be used.
+  #
+  # See https://matrix-org.github.io/synapse/latest/templates.html for more
+  # information about using custom templates.
+  #
+  #custom_template_directory: /path/to/custom/templates/
+
 
 ## TLS ##
 
@@ -729,6 +744,21 @@ caches:
    per_cache_factors:
      #get_users_who_share_room_with_user: 2.0
 
+  # Controls how long an entry can be in a cache without having been
+  # accessed before being evicted. Defaults to None, which means
+  # entries are never evicted based on time.
+  #
+  #expiry_time: 30m
+
+  # Controls how long the results of a /sync request are cached for after
+  # a successful response is returned. A higher duration can help clients with
+  # intermittent connections, at the cost of higher memory usage.
+  #
+  # By default, this is zero, which means that sync responses are not cached
+  # at all.
+  #
+  #sync_response_cache_duration: 2m
+
 
 ## Database ##
 
@@ -996,6 +1026,8 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
 # This must be specified if url_preview_enabled is set. It is recommended that
 # you uncomment the following list as a starting point.
 #
+# Note: The value is ignored when an HTTP proxy is in use
+#
 url_preview_ip_range_blacklist:
   - '127.0.0.0/8'
   - '10.0.0.0/8'
@@ -1924,6 +1956,9 @@ cas_config:
 # Additional settings to use with single-sign on systems such as OpenID Connect,
 # SAML2 and CAS.
 #
+# Server admins can configure custom templates for pages related to SSO. See
+# https://matrix-org.github.io/synapse/latest/templates.html for more information.
+#
 sso:
     # A list of client URLs which are whitelisted so that the user does not
     # have to confirm giving access to their account to the URL. Any client
@@ -2250,6 +2285,9 @@ ui_auth:
 {% if matrix_synapse_email_enabled %}
 # Configuration for sending emails from Synapse.
 #
+# Server admins can configure custom templates for email content. See
+# https://matrix-org.github.io/synapse/latest/templates.html for more information.
+#
 email:
   # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
   #
@@ -2275,10 +2313,13 @@ email:
   #require_transport_security: true
   require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
 
-  # Enable sending emails for messages that the user has missed
+  # Uncomment the following to disable TLS for SMTP.
   #
-  #enable_notifs: false
-  enable_notifs: true
+  # By default, if the server supports TLS, it will be used, and the server
+  # must present a certificate that is valid for 'smtp_host'. If this option
+  # is set to false, TLS will not be used.
+  #
+  #enable_tls: false
 
   # notif_from defines the "From" address to use when sending emails.
   # It must be set if email sending is enabled.
@@ -2299,6 +2340,11 @@ email:
   #app_name: my_branded_matrix_server
   app_name: Matrix
 
+  # Enable sending emails for messages that the user has missed
+  #
+  #enable_notifs: false
+  enable_notifs: true
+
   # Uncomment the following to disable automatic subscription to email
   # notifications for new users. Enabled by default.
   #
@@ -2319,48 +2365,11 @@ email:
   #
   #validation_token_lifetime: 15m
 
-  # Directory in which Synapse will try to find the template files below.
-  # If not set, or the files named below are not found within the template
-  # directory, default templates from within the Synapse package will be used.
+  # The web client location to direct users to during an invite. This is passed
+  # to the identity server as the org.matrix.web_client_location key. Defaults
+  # to unset, giving no guidance to the identity server.
   #
-  # Synapse will look for the following templates in this directory:
-  #
-  # * The contents of email notifications of missed events: 'notif_mail.html' and
-  #   'notif_mail.txt'.
-  #
-  # * The contents of account expiry notice emails: 'notice_expiry.html' and
-  #   'notice_expiry.txt'.
-  #
-  # * The contents of password reset emails sent by the homeserver:
-  #   'password_reset.html' and 'password_reset.txt'
-  #
-  # * An HTML page that a user will see when they follow the link in the password
-  #   reset email. The user will be asked to confirm the action before their
-  #   password is reset: 'password_reset_confirmation.html'
-  #
-  # * HTML pages for success and failure that a user will see when they confirm
-  #   the password reset flow using the page above: 'password_reset_success.html'
-  #   and 'password_reset_failure.html'
-  #
-  # * The contents of address verification emails sent during registration:
-  #   'registration.html' and 'registration.txt'
-  #
-  # * HTML pages for success and failure that a user will see when they follow
-  #   the link in an address verification email sent during registration:
-  #   'registration_success.html' and 'registration_failure.html'
-  #
-  # * The contents of address verification emails sent when an address is added
-  #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
-  #
-  # * HTML pages for success and failure that a user will see when they follow
-  #   the link in an address verification email sent when an address is added
-  #   to a Matrix account: 'add_threepid_success.html' and
-  #   'add_threepid_failure.html'
-  #
-  # You can see the default templates at:
-  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
-  #
-  #template_dir: "res/templates"
+  invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }}
 
   # Subjects to use when sending emails from Synapse.
   #

roles/matrix-synapse/vars/workers.yml

@@ -37,6 +37,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/federation/v1/send/
 
   # Client API requests
+  - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
@@ -253,10 +254,12 @@ matrix_synapse_workers_media_repository_endpoints:
   - ^/_synapse/admin/v1/user/.*/media.*$
   - ^/_synapse/admin/v1/media/.*$
   - ^/_synapse/admin/v1/quarantine_media/.*$
+  - ^/_synapse/admin/v1/users/.*/media$
 
   # You should also set `enable_media_repo: False` in the shared configuration
   # file to stop the main synapse running background jobs related to managing the
-  # media repository.
+  # media repository. Note that doing so will prevent the main process from being
+  # able to handle the above endpoints.
 
   # In the `media_repository` worker configuration file, configure the http listener to
   # expose the `media` resource. For example: