diff --git a/CHANGELOG.md b/CHANGELOG.md index c8c65807c..0f171e68b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +# 2026-02-11 + +## conduwuit has been removed from the playbook + +[conduwuit](./docs/configuring-playbook-conduwuit.md) has been removed from the playbook, as it has been abandoned. + +The playbook will let you know if you're using any `matrix_conduwuit_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the service manually](./docs/configuring-playbook-conduwuit.md#uninstalling-the-service-manually). + +Since [Continuwuity](configuring-playbook-continuwuity.md) is a drop-in replacement for conduwuit, migration is possible. Please refer to [this section](./configuring-playbook-continuwuity.md#migrating-from-conduwuit) for details. + # 2026-02-09 ## (BC Break) matrix-media-repo datastore IDs are now required in `vars.yml` diff --git a/README.md b/README.md index 57e53b157..561c78585 100644 --- a/README.md +++ b/README.md @@ -52,8 +52,7 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow | ---- | -------- | ----------- | ------------- | | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | -| [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) | -| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | [Link](docs/configuring-playbook-continuwuity.md) | +| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. | [Link](docs/configuring-playbook-continuwuity.md) | | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | ### Clients diff --git a/docs/configuring-playbook-conduit.md b/docs/configuring-playbook-conduit.md index 70029a7a4..bb22f70d6 100644 --- a/docs/configuring-playbook-conduit.md +++ b/docs/configuring-playbook-conduit.md @@ -13,8 +13,6 @@ See the project's [documentation](https://docs.conduit.rs/) to learn what it doe By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document. -💡 **Note**: The playbook also supports installing a (currently) faster-moving Conduit fork called [conduwuit](./configuring-playbook-conduwuit.md). - > [!WARNING] > - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. > - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding diff --git a/docs/configuring-playbook-conduwuit.md b/docs/configuring-playbook-conduwuit.md index dae349561..f35dfcac9 100644 --- a/docs/configuring-playbook-conduwuit.md +++ b/docs/configuring-playbook-conduwuit.md @@ -1,106 +1,45 @@ -# Configuring conduwuit (optional) +# Configuring conduwuit (optional, removed) -The playbook can install and configure the [conduwuit](https://conduwuit.puppyirl.gay/) Matrix server for you. +🪦 The playbook used to be able to install and configure the [conduwuit](https://conduwuit.puppyirl.gay/) Matrix server, but no longer includes this component, as it's been abandoned and unmaintained. -See the project's [documentation](https://conduwuit.puppyirl.gay/) to learn what it does and why it might be useful to you. +## Uninstalling the service manually -By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document. +If you still have conduwuit installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. -💡 **Note**: conduwuit is a fork of [Conduit](./configuring-playbook-conduit.md), which the playbook also supports. See [Differences from upstream Conduit](https://conduwuit.puppyirl.gay/differences.html). +To uninstall the service, run the command below on the server: -> [!WARNING] -> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> conduwuit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. -> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding -> - **the Conduwuit project appears to have been abandoned**. You may wish to install [Conduit](./configuring-playbook-conduit.md), or one of the Conduwuit successors (like [Continuwuity](configuring-playbook-continuwuity.md)) - -## Adjusting the playbook configuration - -To use conduwuit, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below: - -```yaml -matrix_homeserver_implementation: conduwuit - -# Registering users can only happen via the API, -# so it makes sense to enable it, at least initially. -matrix_conduwuit_config_allow_registration: true - -# Generate a strong registration token to protect the registration endpoint from abuse. -# You can create one with a command like `pwgen -s 64 1`. -matrix_conduwuit_config_registration_token: '' +```sh +systemctl disable --now matrix-conduwuit.service ``` -### Extending the configuration +## Migrating to Continuwuity -There are some additional things you may wish to configure about the server. +Since [Continuwuity](configuring-playbook-continuwuity.md) is a drop-in replacement for conduwuit, migration is possible. Please refer to [this section](./configuring-playbook-continuwuity.md#migrating-from-conduwuit) for details. -Take a look at: +## Removing data manually -- `roles/custom/matrix-conduwuit/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2` for the server's default configuration +If you are not going to migrate to [Continuwuity](configuring-playbook-continuwuity.md), you can remove data by running the command on the server: -There are various Ansible variables that control settings in the `conduwuit.toml` file. - -If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://conduwuit.puppyirl.gay/configuration.html#environment-variables) using `matrix_conduwuit_environment_variables_extension`. For example: - -```yaml -matrix_conduwuit_environment_variables_extension: | - CONDUWUIT_MAX_REQUEST_SIZE=50000000 - CONDUWUIT_REQUEST_TIMEOUT=60 +```sh +rm -rf /matrix/conduwuit ``` -## Creating the first user account - -Unlike other homeserver implementations (like Synapse and Dendrite), conduwuit does not support creating users via the command line or via the playbook. - -If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token. - -This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users. - -The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**. - - -## Configuring bridges / appservices - -For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver. - -For conduwuit, you will have to manually register appservices using the [`!admin appservices register` command](https://conduwuit.puppyirl.gay/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account. - -The server's bot account has a Matrix ID of `@conduit:example.com` (not `@conduwuit:example.com`!) due to conduwuit's historical legacy. -Your first user account would already have been invited to an admin room with this bot. - -Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`. - -Then, send its content to the existing admin room: - - !admin appservices register - - ``` - as_token: - de.sorunome.msc2409.push_ephemeral: true - receive_ephemeral: true - hs_token: - id: signal - namespaces: - aliases: - - exclusive: true - regex: ^#signal_.+:example\.org$ - users: - - exclusive: true - regex: ^@signal_.+:example\.org$ - - exclusive: true - regex: ^@signalbot:example\.org$ - rate_limited: false - sender_localpart: _bot_signalbot - url: http://matrix-mautrix-signal:29328 - ``` - -## Troubleshooting - -As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-conduwuit`. +>[!WARNING] +> Once you removing the path, there is no going back. Your data on the homeserver (including chat history, rooms, etc.) will be deleted and not be possible to restore them. Please be certain. diff --git a/docs/configuring-playbook-continuwuity.md b/docs/configuring-playbook-continuwuity.md index 13d30707e..9f237fa6e 100644 --- a/docs/configuring-playbook-continuwuity.md +++ b/docs/configuring-playbook-continuwuity.md @@ -13,7 +13,7 @@ See the project's [documentation](https://continuwuity.org) to learn what it doe By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document. -💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports. +💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook has supported. > [!WARNING] > - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index f6a074dac..df753788a 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -51,8 +51,6 @@ For a more custom setup, see the [Other configuration options](#other-configurat - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation - - [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation - - [Configuring continuwuity](configuring-playbook-continuwuity.md), if you've switched to the [continuwuity](https://continuwuity.org) homeserver implementation - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation @@ -261,6 +259,8 @@ Various services that don't fit any other categories. **Note**: since a deprecated or unmaintained service will not be updated, its bug or vulnerability will be unlikely to get patched. It is recommended to migrate from the service to an alternative if any, and make sure to do your own research before you decide to keep it running nonetheless. +- [Configuring conduwuit](configuring-playbook-conduwuit.md) (removed; this component has been abandoned and unmaintained) + - [Setting up the Sliding Sync proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like old Element X versions, before it got switched to Simplified Sliding Sync) - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (deprecated; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md)) diff --git a/docs/container-images.md b/docs/container-images.md index 8d74b95cd..3870527f7 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -27,7 +27,6 @@ We try to stick to official images (provided by their respective projects) as mu | ------- | --------------- | -------- | ----------- | | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | -| [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | | [continuwuity](configuring-playbook-continuwuity.md) | [continuwuation/continuwuity](https://forgejo.ellis.link/continuwuation/continuwuity) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | @@ -172,6 +171,7 @@ The list of the deprecated or unmaintained services is available [here](configur | Service | Container image | Default? | Description | | ------- | --------------- | -------- | ----------- | +| [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit was a fork of Conduit. | | [Dimension](configuring-playbook-dimension.md) | [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) | ❌ | Open source integration manager for Matrix clients | | [Email2Matrix](configuring-playbook-email2matrix.md) | [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) | ❌ | Bridge for relaying emails to Matrix rooms | | [Go-NEB](configuring-playbook-bot-go-neb.md) | [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) | ❌ | Multi functional bot written in Go | diff --git a/docs/howto-srv-server-delegation.md b/docs/howto-srv-server-delegation.md index 95e724436..893bf93ff 100644 --- a/docs/howto-srv-server-delegation.md +++ b/docs/howto-srv-server-delegation.md @@ -26,7 +26,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels: -- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md)) +- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md)) - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached Also, all instructions below are from an older version of the playbook and may not work anymore. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 593fc137b..84f29e983 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -519,7 +519,6 @@ matrix_homeserver_container_client_api_endpoint: |- 'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)), 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), - 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), 'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -530,7 +529,6 @@ matrix_homeserver_container_federation_api_endpoint: |- 'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)), 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), - 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), 'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -5095,7 +5093,6 @@ grafana_default_home_dashboard_path: |- 'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled and matrix_synapse_metrics_enabled else ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else '')), 'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), - 'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'continuwuity': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), }[matrix_homeserver_implementation] }} @@ -5156,7 +5153,6 @@ matrix_registration_shared_secret: |- 'synapse': matrix_synapse_registration_shared_secret | default (''), 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''), 'conduit': '', - 'conduwuit': '', 'continuwuity': '', }[matrix_homeserver_implementation] }} @@ -5316,58 +5312,6 @@ matrix_conduit_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix ###################################################################### -###################################################################### -# -# matrix-conduwuit -# -###################################################################### - -matrix_conduwuit_enabled: "{{ matrix_homeserver_implementation == 'conduwuit' }}" - -matrix_conduwuit_hostname: "{{ matrix_server_fqn_matrix }}" - -matrix_conduwuit_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}" - -matrix_conduwuit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_conduwuit_docker_image_registry_prefix_upstream_default }}" - -matrix_conduwuit_container_network: "{{ matrix_homeserver_container_network }}" - -matrix_conduwuit_container_additional_networks_auto: | - {{ - ( - ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_conduwuit_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) - ) | unique - }} - -matrix_conduwuit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" -matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_conduwuit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" -matrix_conduwuit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" - -matrix_conduwuit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduwuit_container_labels_public_client_root_redirection_url != '' }}" -matrix_conduwuit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" - -matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}" -matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}" -matrix_conduwuit_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}" - -matrix_conduwuit_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" -matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" - -matrix_conduwuit_config_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}" -matrix_conduwuit_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}" -matrix_conduwuit_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}" -matrix_conduwuit_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}" - -matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}" - -###################################################################### -# -# /matrix-conduwuit -# -###################################################################### - - ###################################################################### # # matrix-continuwuity diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index f304911d8..a7120c527 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -84,7 +84,7 @@ matrix_monitoring_container_network: matrix-monitoring matrix_homeserver_enabled: true # This will contain the homeserver implementation that is in use. -# Valid values: synapse, dendrite, conduit, conduwuit, continuwuity +# Valid values: synapse, dendrite, conduit, continuwuity # # By default, we use Synapse, because it's the only full-featured Matrix server at the moment. # diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml index 4f8f1db70..237bcec00 100644 --- a/roles/custom/matrix-base/tasks/validate_config.yml +++ b/roles/custom/matrix-base/tasks/validate_config.yml @@ -13,7 +13,7 @@ - name: Fail if invalid homeserver implementation ansible.builtin.fail: msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" - when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit', 'continuwuity']" + when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'continuwuity']" - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: diff --git a/roles/custom/matrix-conduwuit/defaults/main.yml b/roles/custom/matrix-conduwuit/defaults/main.yml deleted file mode 100644 index 17507c824..000000000 --- a/roles/custom/matrix-conduwuit/defaults/main.yml +++ /dev/null @@ -1,194 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- -# conduwuit is a very cool, featureful fork of conduit (https://gitlab.com/famedly/conduit). -# Project source code URL: https://github.com/girlbossceo/conduwuit -# See: https://conduwuit.puppyirl.gay/ - -matrix_conduwuit_enabled: true - -matrix_conduwuit_hostname: '' - -matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}" -matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4 -matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}" -matrix_conduwuit_docker_image_registry_prefix: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream }}" -matrix_conduwuit_docker_image_registry_prefix_upstream: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream_default }}" -matrix_conduwuit_docker_image_registry_prefix_upstream_default: ghcr.io/ - -matrix_conduwuit_base_path: "{{ matrix_base_data_path }}/conduwuit" -matrix_conduwuit_config_path: "{{ matrix_conduwuit_base_path }}/config" -matrix_conduwuit_data_path: "{{ matrix_conduwuit_base_path }}/data" - -matrix_conduwuit_config_port_number: 6167 - -matrix_conduwuit_tmp_directory_size_mb: 500 - -# List of systemd services that matrix-conduwuit.service depends on -matrix_conduwuit_systemd_required_services_list: "{{ matrix_conduwuit_systemd_required_services_list_default + matrix_conduwuit_systemd_required_services_list_auto + matrix_conduwuit_systemd_required_services_list_custom }}" -matrix_conduwuit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" -matrix_conduwuit_systemd_required_services_list_auto: [] -matrix_conduwuit_systemd_required_services_list_custom: [] - -# List of systemd services that matrix-conduwuit.service wants -matrix_conduwuit_systemd_wanted_services_list: [] - -# Controls how long to sleep for after starting the matrix-synapse container. -# -# Delaying, so that the homeserver can manage to fully start and various services -# that depend on it (`matrix_conduwuit_systemd_required_services_list` and `matrix_conduwuit_systemd_wanted_services_list`) -# may only start after the homeserver is up and running. -# -# This can be set to 0 to remove the delay. -matrix_conduwuit_systemd_service_post_start_delay_seconds: 3 - -# The base container network. It will be auto-created by this role if it doesn't exist already. -matrix_conduwuit_container_network: "" - -# A list of additional container networks that the container would be connected to. -# The role does not create these networks, so make sure they already exist. -# Use this to expose this container to another reverse proxy, which runs in a different container network. -matrix_conduwuit_container_additional_networks: "{{ matrix_conduwuit_container_additional_networks_auto + matrix_conduwuit_container_additional_networks_custom }}" -matrix_conduwuit_container_additional_networks_auto: [] -matrix_conduwuit_container_additional_networks_custom: [] - -# matrix_conduwuit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. -# See `../templates/labels.j2` for details. -# -# To inject your own other container labels, see `matrix_conduwuit_container_labels_additional_labels`. -matrix_conduwuit_container_labels_traefik_enabled: true -matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_conduwuit_container_network }}" -matrix_conduwuit_container_labels_traefik_entrypoints: web-secure -matrix_conduwuit_container_labels_traefik_tls_certResolver: default # noqa var-naming - -# Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint. -matrix_conduwuit_container_labels_public_client_root_enabled: true -matrix_conduwuit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduwuit_hostname }}" -matrix_conduwuit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)" -matrix_conduwuit_container_labels_public_client_root_traefik_priority: 0 -matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" -matrix_conduwuit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints != 'web' }}" -matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming -matrix_conduwuit_container_labels_public_client_root_redirection_enabled: false -matrix_conduwuit_container_labels_public_client_root_redirection_url: "" - -# Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint. -matrix_conduwuit_container_labels_public_client_api_enabled: true -matrix_conduwuit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" -matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix: /_matrix -matrix_conduwuit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}`)" -matrix_conduwuit_container_labels_public_client_api_traefik_priority: 0 -matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" -matrix_conduwuit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints != 'web' }}" -matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming - -# Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint. -# This is similar to `matrix_conduwuit_container_labels_public_client_api_enabled`, but the entrypoint and intent is different. -matrix_conduwuit_container_labels_internal_client_api_enabled: false -matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}" -matrix_conduwuit_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix }}`)" -matrix_conduwuit_container_labels_internal_client_api_traefik_priority: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}" -matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: "" - -# Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint. -matrix_conduwuit_container_labels_public_federation_api_enabled: "{{ matrix_conduwuit_config_allow_federation }}" -matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" -matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix: /_matrix -matrix_conduwuit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix }}`)" -matrix_conduwuit_container_labels_public_federation_api_traefik_priority: 0 -matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: '' -# TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS. -matrix_conduwuit_container_labels_public_federation_api_traefik_tls: true -matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming - -# Controls whether labels will be added that expose the `/_conduwuit` path prefix on a public Traefik entrypoint. -matrix_conduwuit_container_labels_public_conduwuit_api_enabled: true -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix: /_conduwuit -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix }}`)" -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority: 0 -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints != 'web' }}" -matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming - -# matrix_conduwuit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. -# See `../templates/labels.j2` for details. -# -# Example: -# matrix_conduwuit_container_labels_additional_labels: | -# my.label=1 -# another.label="here" -matrix_conduwuit_container_labels_additional_labels: '' - -# Extra arguments for the Docker container -matrix_conduwuit_container_extra_arguments: [] - -# Specifies which template files to use when configuring conduwuit. -# If you'd like to have your own different configuration, feel free to copy and paste -# the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`) -# and then change the specific host's `vars.yml` file like this: -# matrix_conduwuit_template_conduwuit_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/conduwuit.toml.j2" -matrix_conduwuit_template_conduwuit_config: "{{ role_path }}/templates/conduwuit.toml.j2" - -# Max size for uploads, in bytes -matrix_conduwuit_config_server_name: "{{ matrix_domain }}" - -# Max size for uploads, in bytes -matrix_conduwuit_config_max_request_size: 20_000_000 - -# Enables registration. If set to false, no users can register on this server. -matrix_conduwuit_config_allow_registration: false - -# Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting. -# This is only used when `matrix_conduwuit_config_allow_registration` is set to true and no registration token is configured. -matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false - -# Controls the `registration_token` setting. -# When registration is enabled (`matrix_conduwuit_config_allow_registration`) you: -# - either need to set a token to protect registration from abuse -# - or you need to enable the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting -# (see `matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`), -# to allow registration without any form of 2nd-step. -matrix_conduwuit_config_registration_token: '' - -# Controls the `new_user_displayname_suffix` setting. -# This is the suffix that will be added to the displayname of new users. -# Upstream defaults this to "🏳️‍⚧️", but we keep this consistent across all homeserver implementations and do not enable a suffix. -matrix_conduwuit_config_new_user_displayname_suffix: "" - -# Controls the `allow_check_for_updates` setting. -matrix_conduwuit_config_allow_check_for_updates: false - -# Controls the `emergency_password` setting. -matrix_conduwuit_config_emergency_password: '' - -# Controls the `allow_federation` setting. -matrix_conduwuit_config_allow_federation: true - -matrix_conduwuit_trusted_servers: - - "matrix.org" - -matrix_conduwuit_config_log: "info,state_res=warn,rocket=off,_=off,sled=off" - -# TURN integration. -# See: https://conduwuit.puppyirl.gay/turn.html -matrix_conduwuit_config_turn_uris: [] -matrix_conduwuit_config_turn_secret: '' -matrix_conduwuit_config_turn_username: '' -matrix_conduwuit_config_turn_password: '' - -# Controls whether the self-check feature should validate SSL certificates. -matrix_conduwuit_self_check_validate_certificates: true - -# Additional environment variables to pass to the container. -# -# Environment variables take priority over settings in the configuration file. -# -# Example: -# matrix_conduwuit_environment_variables_extension: | -# CONDUWUIT_MAX_REQUEST_SIZE=50000000 -# CONDUWUIT_REQUEST_TIMEOUT=60 -matrix_conduwuit_environment_variables_extension: '' diff --git a/roles/custom/matrix-conduwuit/tasks/install.yml b/roles/custom/matrix-conduwuit/tasks/install.yml deleted file mode 100644 index aa1e2941b..000000000 --- a/roles/custom/matrix-conduwuit/tasks/install.yml +++ /dev/null @@ -1,64 +0,0 @@ -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Ensure conduwuit config path exists - ansible.builtin.file: - path: "{{ matrix_conduwuit_config_path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit data path exists - ansible.builtin.file: - path: "{{ matrix_conduwuit_data_path }}" - state: directory - mode: 0770 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit configuration installed - ansible.builtin.template: - src: "{{ matrix_conduwuit_template_conduwuit_config }}" - dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml" - mode: 0644 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit support files installed - ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_conduwuit_base_path }}/{{ item }}" - mode: 0640 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - with_items: - - labels - - env - -- name: Ensure conduwuit container network is created - community.general.docker_network: - enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" - name: "{{ matrix_conduwuit_container_network }}" - driver: bridge - driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" - -- name: Ensure conduwuit container image is pulled - community.docker.docker_image: - name: "{{ matrix_conduwuit_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-conduwuit.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - mode: 0644 diff --git a/roles/custom/matrix-conduwuit/tasks/main.yml b/roles/custom/matrix-conduwuit/tasks/main.yml deleted file mode 100644 index 425f81bee..000000000 --- a/roles/custom/matrix-conduwuit/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- tags: - - setup-all - - setup-conduwuit - - install-all - - install-conduwuit - block: - - when: matrix_conduwuit_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" - - - when: matrix_conduwuit_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" - -- tags: - - setup-all - - setup-conduwuit - block: - - when: not matrix_conduwuit_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" - -- tags: - - self-check - block: - - when: matrix_conduwuit_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" - - - when: matrix_conduwuit_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" diff --git a/roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml b/roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml deleted file mode 100644 index 5ea3f830f..000000000 --- a/roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml +++ /dev/null @@ -1,28 +0,0 @@ -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# SPDX-FileCopyrightText: 2025 Suguru Hirahara -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Check Matrix Client API - ansible.builtin.uri: - url: "{{ matrix_conduwuit_client_api_url_endpoint_public }}" - follow_redirects: none - validate_certs: "{{ matrix_conduwuit_self_check_validate_certificates }}" - register: result_matrix_conduwuit_client_api - ignore_errors: true - check_mode: false - when: matrix_conduwuit_enabled | bool - delegate_to: 127.0.0.1 - become: false - -- name: Fail if Matrix Client API not working - ansible.builtin.fail: - msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`). Is conduwuit running? Is port 443 open in your firewall? Full error: {{ result_matrix_conduwuit_client_api }}" - when: "matrix_conduwuit_enabled | bool and (result_matrix_conduwuit_client_api.failed or 'json' not in result_matrix_conduwuit_client_api)" - -- name: Report working Matrix Client API - ansible.builtin.debug: - msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`) is working" - when: matrix_conduwuit_enabled | bool diff --git a/roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml b/roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml deleted file mode 100644 index 000a4b608..000000000 --- a/roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Check Matrix Federation API - ansible.builtin.uri: - url: "{{ matrix_synapse_federation_api_url_endpoint_public }}" - follow_redirects: none - validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" - register: result_matrix_synapse_federation_api - ignore_errors: true - check_mode: false - when: matrix_synapse_enabled | bool - delegate_to: 127.0.0.1 - become: false - -- name: Fail if Matrix Federation API not working - ansible.builtin.fail: - msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" - when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - -- name: Fail if Matrix Federation API unexpectedly enabled - ansible.builtin.fail: - msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." - when: "matrix_synapse_enabled | bool and not matrix_synapse_federation_enabled | bool and not result_matrix_synapse_federation_api.failed" - -- name: Report working Matrix Federation API - ansible.builtin.debug: - msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" - when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool" diff --git a/roles/custom/matrix-conduwuit/tasks/setup_install.yml b/roles/custom/matrix-conduwuit/tasks/setup_install.yml deleted file mode 100644 index bc51bc3e5..000000000 --- a/roles/custom/matrix-conduwuit/tasks/setup_install.yml +++ /dev/null @@ -1,63 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Ensure conduwuit config path exists - ansible.builtin.file: - path: "{{ matrix_conduwuit_config_path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit data path exists - ansible.builtin.file: - path: "{{ matrix_conduwuit_data_path }}" - state: directory - mode: 0770 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit configuration installed - ansible.builtin.template: - src: "{{ matrix_conduwuit_template_conduwuit_config }}" - dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml" - mode: 0644 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - -- name: Ensure conduwuit support files installed - ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_conduwuit_base_path }}/{{ item }}" - mode: 0640 - owner: "{{ matrix_user_name }}" - group: "{{ matrix_group_name }}" - with_items: - - labels - -- name: Ensure conduwuit container network is created - community.general.docker_network: - enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" - name: "{{ matrix_conduwuit_container_network }}" - driver: bridge - driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" - -- name: Ensure conduwuit container image is pulled - community.docker.docker_image: - name: "{{ matrix_conduwuit_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-conduwuit.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - mode: 0644 diff --git a/roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml b/roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml deleted file mode 100644 index 24326b337..000000000 --- a/roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Check existence of matrix-conduwuit service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - register: matrix_conduwuit_service_stat - -- when: matrix_conduwuit_service_stat.stat.exists | bool - block: - - name: Ensure matrix-conduwuit is stopped - ansible.builtin.systemd: - name: matrix-conduwuit - state: stopped - daemon_reload: true - - - name: Ensure matrix-conduwuit.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - state: absent diff --git a/roles/custom/matrix-conduwuit/tasks/uninstall.yml b/roles/custom/matrix-conduwuit/tasks/uninstall.yml deleted file mode 100644 index 9755d5ad1..000000000 --- a/roles/custom/matrix-conduwuit/tasks/uninstall.yml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Check existence of matrix-conduwuit service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - register: matrix_conduwuit_service_stat - -- when: matrix_conduwuit_service_stat.stat.exists | bool - block: - - name: Ensure matrix-conduwuit is stopped - ansible.builtin.systemd: - name: matrix-conduwuit - state: stopped - daemon_reload: true - - - name: Ensure matrix-conduwuit.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" - state: absent diff --git a/roles/custom/matrix-conduwuit/tasks/validate_config.yml b/roles/custom/matrix-conduwuit/tasks/validate_config.yml deleted file mode 100644 index d044ddf3d..000000000 --- a/roles/custom/matrix-conduwuit/tasks/validate_config.yml +++ /dev/null @@ -1,15 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Fail if required conduwuit settings not defined - ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item.name }}`). - when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" - with_items: - - {'name': 'matrix_conduwuit_hostname', when: true} - - {'name': 'matrix_conduwuit_container_network', when: true} - - {'name': 'matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_conduwuit_container_labels_internal_client_api_enabled }}"} diff --git a/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2 b/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2 deleted file mode 100644 index 91ee6760f..000000000 --- a/roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2 +++ /dev/null @@ -1,1546 +0,0 @@ -{# -SPDX-FileCopyrightText: 2025 MDAD project contributors -SPDX-FileCopyrightText: 2025 Slavi Pantaleev -SPDX-FileCopyrightText: 2025 Suguru Hirahara - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -### conduwuit Configuration -### See: -### https://conduwuit.puppyirl.gay/configuration.html - -[global] - -# The server_name is the pretty name of this server. It is used as a -# suffix for user and room IDs/aliases. -# -# See the docs for reverse proxying and delegation: -# https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy -# -# Also see the `[global.well_known]` config section at the very bottom. -# -# Examples of delegation: -# - https://puppygock.gay/.well-known/matrix/server -# - https://puppygock.gay/.well-known/matrix/client -# -# YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE -# WIPE. -# -# example: "conduwuit.woof" -# -server_name = {{ matrix_conduwuit_config_server_name | to_json }} - -# The default address (IPv4 or IPv6) conduwuit will listen on. -# -# If you are using Docker or a container NAT networking setup, this must -# be "0.0.0.0". -# -# To listen on multiple addresses, specify a vector e.g. ["127.0.0.1", -# "::1"] -# -address = "0.0.0.0" - -# The port(s) conduwuit will listen on. -# -# For reverse proxying, see: -# https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy -# -# If you are using Docker, don't change this, you'll need to map an -# external port to this. -# -# To listen on multiple ports, specify a vector e.g. [8080, 8448] -# -port = {{ matrix_conduwuit_config_port_number }} - -# The UNIX socket conduwuit will listen on. -# -# conduwuit cannot listen on both an IP address and a UNIX socket. If -# listening on a UNIX socket, you MUST remove/comment the `address` key. -# -# Remember to make sure that your reverse proxy has access to this socket -# file, either by adding your reverse proxy to the 'conduwuit' group or -# granting world R/W permissions with `unix_socket_perms` (666 minimum). -# -# example: "/run/conduwuit/conduwuit.sock" -# -#unix_socket_path = - -# The default permissions (in octal) to create the UNIX socket with. -# -#unix_socket_perms = 660 - -# This is the only directory where conduwuit will save its data, including -# media. Note: this was previously "/var/lib/matrix-conduit". -# -# YOU NEED TO EDIT THIS. -# -# example: "/var/lib/conduwuit" -# -database_path = "/var/lib/conduwuit" - -# conduwuit supports online database backups using RocksDB's Backup engine -# API. To use this, set a database backup path that conduwuit can write -# to. -# -# For more information, see: -# https://conduwuit.puppyirl.gay/maintenance.html#backups -# -# example: "/opt/conduwuit-db-backups" -# -#database_backup_path = - -# The amount of online RocksDB database backups to keep/retain, if using -# "database_backup_path", before deleting the oldest one. -# -#database_backups_to_keep = 1 - -# Text which will be added to the end of the user's displayname upon -# registration with a space before the text. In Conduit, this was the -# lightning bolt emoji. -# -# To disable, set this to "" (an empty string). -# -# The default is the trans pride flag. -# -# example: "🏳️‍⚧️" -# -new_user_displayname_suffix = {{ matrix_conduwuit_config_new_user_displayname_suffix | to_json }} - -# If enabled, conduwuit will send a simple GET request periodically to -# `https://pupbrain.dev/check-for-updates/stable` for any new -# announcements made. Despite the name, this is not an update check -# endpoint, it is simply an announcement check endpoint. -# -# This is disabled by default as this is rarely used except for security -# updates or major updates. -# -allow_check_for_updates = {{ matrix_conduwuit_config_allow_check_for_updates | to_json }} - -# Set this to any float value to multiply conduwuit's in-memory LRU caches -# with such as "auth_chain_cache_capacity". -# -# May be useful if you have significant memory to spare to increase -# performance. -# -# If you have low memory, reducing this may be viable. -# -# By default, the individual caches such as "auth_chain_cache_capacity" -# are scaled by your CPU core count. -# -#cache_capacity_modifier = 1.0 - -# Set this to any float value in megabytes for conduwuit to tell the -# database engine that this much memory is available for database read -# caches. -# -# May be useful if you have significant memory to spare to increase -# performance. -# -# Similar to the individual LRU caches, this is scaled up with your CPU -# core count. -# -# This defaults to 128.0 + (64.0 * CPU core count). -# -#db_cache_capacity_mb = varies by system - -# Set this to any float value in megabytes for conduwuit to tell the -# database engine that this much memory is available for database write -# caches. -# -# May be useful if you have significant memory to spare to increase -# performance. -# -# Similar to the individual LRU caches, this is scaled up with your CPU -# core count. -# -# This defaults to 48.0 + (4.0 * CPU core count). -# -#db_write_buffer_capacity_mb = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#pdu_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#auth_chain_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#shorteventid_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#eventidshort_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#eventid_pdu_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#shortstatekey_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#statekeyshort_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#servernameevent_data_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#server_visibility_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#user_visibility_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#stateinfo_cache_capacity = varies by system - -# This item is undocumented. Please contribute documentation for it. -# -#roomid_spacehierarchy_cache_capacity = varies by system - -# Maximum entries stored in DNS memory-cache. The size of an entry may -# vary so please take care if raising this value excessively. Only -# decrease this when using an external DNS cache. Please note that -# systemd-resolved does *not* count as an external cache, even when -# configured to do so. -# -#dns_cache_entries = 32768 - -# Minimum time-to-live in seconds for entries in the DNS cache. The -# default may appear high to most administrators; this is by design as the -# majority of NXDOMAINs are correct for a long time (e.g. the server is no -# longer running Matrix). Only decrease this if you are using an external -# DNS cache. -# -#dns_min_ttl = 10800 - -# Minimum time-to-live in seconds for NXDOMAIN entries in the DNS cache. -# This value is critical for the server to federate efficiently. -# NXDOMAIN's are assumed to not be returning to the federation and -# aggressively cached rather than constantly rechecked. -# -# Defaults to 3 days as these are *very rarely* false negatives. -# -#dns_min_ttl_nxdomain = 259200 - -# Number of DNS nameserver retries after a timeout or error. -# -#dns_attempts = 10 - -# The number of seconds to wait for a reply to a DNS query. Please note -# that recursive queries can take up to several seconds for some domains, -# so this value should not be too low, especially on slower hardware or -# resolvers. -# -#dns_timeout = 10 - -# Fallback to TCP on DNS errors. Set this to false if unsupported by -# nameserver. -# -#dns_tcp_fallback = true - -# Enable to query all nameservers until the domain is found. Referred to -# as "trust_negative_responses" in hickory_resolver. This can avoid -# useless DNS queries if the first nameserver responds with NXDOMAIN or -# an empty NOERROR response. -# -#query_all_nameservers = true - -# Enable using *only* TCP for querying your specified nameservers instead -# of UDP. -# -# If you are running conduwuit in a container environment, this config -# option may need to be enabled. For more details, see: -# https://conduwuit.puppyirl.gay/troubleshooting.html#potential-dns-issues-when-using-docker -# -#query_over_tcp_only = false - -# DNS A/AAAA record lookup strategy -# -# Takes a number of one of the following options: -# 1 - Ipv4Only (Only query for A records, no AAAA/IPv6) -# -# 2 - Ipv6Only (Only query for AAAA records, no A/IPv4) -# -# 3 - Ipv4AndIpv6 (Query for A and AAAA records in parallel, uses whatever -# returns a successful response first) -# -# 4 - Ipv6thenIpv4 (Query for AAAA record, if that fails then query the A -# record) -# -# 5 - Ipv4thenIpv6 (Query for A record, if that fails then query the AAAA -# record) -# -# If you don't have IPv6 networking, then for better DNS performance it -# may be suitable to set this to Ipv4Only (1) as you will never ever use -# the AAAA record contents even if the AAAA record is successful instead -# of the A record. -# -#ip_lookup_strategy = 5 - -# Max request size for file uploads in bytes. Defaults to 20MB. -# -max_request_size = {{ matrix_conduwuit_config_max_request_size }} - -# This item is undocumented. Please contribute documentation for it. -# -#max_fetch_prev_events = 192 - -# Default/base connection timeout (seconds). This is used only by URL -# previews and update/news endpoint checks. -# -#request_conn_timeout = 10 - -# Default/base request timeout (seconds). The time waiting to receive more -# data from another server. This is used only by URL previews, -# update/news, and misc endpoint checks. -# -#request_timeout = 35 - -# Default/base request total timeout (seconds). The time limit for a whole -# request. This is set very high to not cancel healthy requests while -# serving as a backstop. This is used only by URL previews and update/news -# endpoint checks. -# -#request_total_timeout = 320 - -# Default/base idle connection pool timeout (seconds). This is used only -# by URL previews and update/news endpoint checks. -# -#request_idle_timeout = 5 - -# Default/base max idle connections per host. This is used only by URL -# previews and update/news endpoint checks. Defaults to 1 as generally the -# same open connection can be re-used. -# -#request_idle_per_host = 1 - -# Federation well-known resolution connection timeout (seconds). -# -#well_known_conn_timeout = 6 - -# Federation HTTP well-known resolution request timeout (seconds). -# -#well_known_timeout = 10 - -# Federation client request timeout (seconds). You most definitely want -# this to be high to account for extremely large room joins, slow -# homeservers, your own resources etc. -# -#federation_timeout = 300 - -# Federation client idle connection pool timeout (seconds). -# -#federation_idle_timeout = 25 - -# Federation client max idle connections per host. Defaults to 1 as -# generally the same open connection can be re-used. -# -#federation_idle_per_host = 1 - -# Federation sender request timeout (seconds). The time it takes for the -# remote server to process sent transactions can take a while. -# -#sender_timeout = 180 - -# Federation sender idle connection pool timeout (seconds). -# -#sender_idle_timeout = 180 - -# Federation sender transaction retry backoff limit (seconds). -# -#sender_retry_backoff_limit = 86400 - -# Appservice URL request connection timeout. Defaults to 35 seconds as -# generally appservices are hosted within the same network. -# -#appservice_timeout = 35 - -# Appservice URL idle connection pool timeout (seconds). -# -#appservice_idle_timeout = 300 - -# Notification gateway pusher idle connection pool timeout. -# -#pusher_idle_timeout = 15 - -# Enables registration. If set to false, no users can register on this -# server. -# -# If set to true without a token configured, users can register with no -# form of 2nd-step only if you set the following option to true: -# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` -# -# If you would like registration only via token reg, please configure -# `registration_token` or `registration_token_file`. -# -allow_registration = {{ matrix_conduwuit_config_allow_registration | to_json }} - -yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = {{ matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse | to_json }} - -allow_federation = {{ matrix_conduwuit_config_allow_federation | to_json }} - -# This item is undocumented. Please contribute documentation for it. -# -#yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false - -# A static registration token that new users will have to provide when -# creating an account. If unset and `allow_registration` is true, -# registration is open without any condition. -# -# YOU NEED TO EDIT THIS OR USE registration_token_file. -# -# example: "o&^uCtes4HPf0Vu@F20jQeeWE7" -# -registration_token = {{ matrix_conduwuit_config_registration_token | to_json }} - -# Path to a file on the system that gets read for the registration token. -# this config option takes precedence/priority over "registration_token". -# -# conduwuit must be able to access the file, and it must not be empty -# -# example: "/etc/conduwuit/.reg_token" -# -#registration_token_file = - -# Controls whether encrypted rooms and events are allowed. -# -#allow_encryption = true - -# Controls whether federation is allowed or not. It is not recommended to -# disable this after the fact due to potential federation breakage. -# -#allow_federation = true - -# This item is undocumented. Please contribute documentation for it. -# -#federation_loopback = false - -# Set this to true to require authentication on the normally -# unauthenticated profile retrieval endpoints (GET) -# "/_matrix/client/v3/profile/{userId}". -# -# This can prevent profile scraping. -# -#require_auth_for_profile_requests = false - -# Set this to true to allow your server's public room directory to be -# federated. Set this to false to protect against /publicRooms spiders, -# but will forbid external users from viewing your server's public room -# directory. If federation is disabled entirely (`allow_federation`), this -# is inherently false. -# -#allow_public_room_directory_over_federation = false - -# Set this to true to allow your server's public room directory to be -# queried without client authentication (access token) through the Client -# APIs. Set this to false to protect against /publicRooms spiders. -# -#allow_public_room_directory_without_auth = false - -# Allow guests/unauthenticated users to access TURN credentials. -# -# This is the equivalent of Synapse's `turn_allow_guests` config option. -# This allows any unauthenticated user to call the endpoint -# `/_matrix/client/v3/voip/turnServer`. -# -# It is unlikely you need to enable this as all major clients support -# authentication for this endpoint and prevents misuse of your TURN server -# from potential bots. -# -#turn_allow_guests = false - -# Set this to true to lock down your server's public room directory and -# only allow admins to publish rooms to the room directory. Unpublishing -# is still allowed by all users with this enabled. -# -#lockdown_public_room_directory = false - -# Set this to true to allow federating device display names / allow -# external users to see your device display name. If federation is -# disabled entirely (`allow_federation`), this is inherently false. For -# privacy reasons, this is best left disabled. -# -#allow_device_name_federation = false - -# Config option to allow or disallow incoming federation requests that -# obtain the profiles of our local users from -# `/_matrix/federation/v1/query/profile` -# -# Increases privacy of your local user's such as display names, but some -# remote users may get a false "this user does not exist" error when they -# try to invite you to a DM or room. Also can protect against profile -# spiders. -# -# This is inherently false if `allow_federation` is disabled -# -#allow_inbound_profile_lookup_federation_requests = true - -# Allow standard users to create rooms. Appservices and admins are always -# allowed to create rooms -# -#allow_room_creation = true - -# Set to false to disable users from joining or creating room versions -# that aren't officially supported by conduwuit. -# -# conduwuit officially supports room versions 6 - 11. -# -# conduwuit has slightly experimental (though works fine in practice) -# support for versions 3 - 5. -# -#allow_unstable_room_versions = true - -# Default room version conduwuit will create rooms with. -# -# Per spec, room version 10 is the default. -# -#default_room_version = 10 - -# This item is undocumented. Please contribute documentation for it. -# -#allow_jaeger = false - -# This item is undocumented. Please contribute documentation for it. -# -#jaeger_filter = "info" - -# If the 'perf_measurements' compile-time feature is enabled, enables -# collecting folded stack trace profile of tracing spans using -# tracing_flame. The resulting profile can be visualized with inferno[1], -# speedscope[2], or a number of other tools. -# -# [1]: https://github.com/jonhoo/inferno -# [2]: www.speedscope.app -# -#tracing_flame = false - -# This item is undocumented. Please contribute documentation for it. -# -#tracing_flame_filter = "info" - -# This item is undocumented. Please contribute documentation for it. -# -#tracing_flame_output_path = "./tracing.folded" - -# Examples: -# -# - No proxy (default): -# -# proxy = "none" -# -# - For global proxy, create the section at the bottom of this file: -# -# [global.proxy] -# global = { url = "socks5h://localhost:9050" } -# -# - To proxy some domains: -# -# [global.proxy] -# [[global.proxy.by_domain]] -# url = "socks5h://localhost:9050" -# include = ["*.onion", "matrix.myspecial.onion"] -# exclude = ["*.myspecial.onion"] -# -# Include vs. Exclude: -# -# - If include is an empty list, it is assumed to be `["*"]`. -# -# - If a domain matches both the exclude and include list, the proxy will -# only be used if it was included because of a more specific rule than -# it was excluded. In the above example, the proxy would be used for -# `ordinary.onion`, `matrix.myspecial.onion`, but not -# `hello.myspecial.onion`. -# -#proxy = "none" - -# Servers listed here will be used to gather public keys of other servers -# (notary trusted key servers). -# -# Currently, conduwuit doesn't support inbound batched key requests, so -# this list should only contain other Synapse servers. -# -# example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"] -# -trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }} - -# Whether to query the servers listed in trusted_servers first or query -# the origin server first. For best security, querying the origin server -# first is advised to minimize the exposure to a compromised trusted -# server. For maximum federation/join performance this can be set to true, -# however other options exist to query trusted servers first under -# specific high-load circumstances and should be evaluated before setting -# this to true. -# -#query_trusted_key_servers_first = false - -# Whether to query the servers listed in trusted_servers first -# specifically on room joins. This option limits the exposure to a -# compromised trusted server to room joins only. The join operation -# requires gathering keys from many origin servers which can cause -# significant delays. Therefore this defaults to true to mitigate -# unexpected delays out-of-the-box. The security-paranoid or those willing -# to tolerate delays are advised to set this to false. Note that setting -# query_trusted_key_servers_first to true causes this option to be -# ignored. -# -#query_trusted_key_servers_first_on_join = true - -# Only query trusted servers for keys and never the origin server. This is -# intended for clusters or custom deployments using their trusted_servers -# as forwarding-agents to cache and deduplicate requests. Notary servers -# do not act as forwarding-agents by default, therefore do not enable this -# unless you know exactly what you are doing. -# -#only_query_trusted_key_servers = false - -# Maximum number of keys to request in each trusted server batch query. -# -#trusted_server_batch_size = 1024 - -# Max log level for conduwuit. Allows debug, info, warn, or error. -# -# See also: -# https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives -# -# **Caveat**: -# For release builds, the tracing crate is configured to only implement -# levels higher than error to avoid unnecessary overhead in the compiled -# binary from trace macros. For debug builds, this restriction is not -# applied. -# -log = {{ matrix_conduwuit_config_log | to_json }} - -# Output logs with ANSI colours. -# -#log_colors = true - -# Configures the span events which will be outputted with the log. -# -#log_span_events = "none" - -# Configures whether CONDUWUIT_LOG EnvFilter matches values using regular -# expressions. See the tracing_subscriber documentation on Directives. -# -#log_filter_regex = true - -# Toggles the display of ThreadId in tracing log output. -# -#log_thread_ids = false - -# OpenID token expiration/TTL in seconds. -# -# These are the OpenID tokens that are primarily used for Matrix account -# integrations (e.g. Vector Integrations in Element), *not* OIDC/OpenID -# Connect/etc. -# -#openid_token_ttl = 3600 - -# Allow an existing session to mint a login token for another client. -# This requires interactive authentication, but has security ramifications -# as a malicious client could use the mechanism to spawn more than one -# session. -# Enabled by default. -# -#login_via_existing_session = true - -# Login token expiration/TTL in milliseconds. -# -# These are short-lived tokens for the m.login.token endpoint. -# This is used to allow existing sessions to create new sessions. -# see login_via_existing_session. -# -#login_token_ttl = 120000 - -# Static TURN username to provide the client if not using a shared secret -# ("turn_secret"), It is recommended to use a shared secret over static -# credentials. -# -#turn_username = false - -# Static TURN password to provide the client if not using a shared secret -# ("turn_secret"). It is recommended to use a shared secret over static -# credentials. -# -#turn_password = false - -# Vector list of TURN URIs/servers to use. -# -# Replace "example.turn.uri" with your TURN domain, such as the coturn -# "realm" config option. If using TURN over TLS, replace the URI prefix -# "turn:" with "turns:". -# -# example: ["turn:example.turn.uri?transport=udp", -# "turn:example.turn.uri?transport=tcp"] -# -turn_uris = {{ matrix_conduwuit_config_turn_uris | to_json }} - -# TURN secret to use for generating the HMAC-SHA1 hash apart of username -# and password generation. -# -# This is more secure, but if needed you can use traditional static -# username/password credentials. -# -#turn_secret = false -{% if matrix_conduwuit_config_turn_secret != '' %} -turn_secret = {{ matrix_conduwuit_config_turn_secret | to_json }} -{% endif %} - -# If you have your TURN server configured to use a username and password -# you can provide these information too. In this case comment out `turn_secret above`! -{% if matrix_conduwuit_config_turn_username != '' or matrix_conduwuit_config_turn_password != '' %} -turn_username = {{ matrix_conduwuit_config_turn_username | to_json }} -turn_password = {{ matrix_conduwuit_config_turn_password | to_json }} -{% endif %} - -# TURN secret to use that's read from the file path specified. -# -# This takes priority over "turn_secret" first, and falls back to -# "turn_secret" if invalid or failed to open. -# -# example: "/etc/conduwuit/.turn_secret" -# -#turn_secret_file = - -# TURN TTL, in seconds. -# -#turn_ttl = 86400 - -# List/vector of room IDs or room aliases that conduwuit will make newly -# registered users join. The rooms specified must be rooms that you have -# joined at least once on the server, and must be public. -# -# example: ["#conduwuit:puppygock.gay", -# "!eoIzvAvVwY23LPDay8:puppygock.gay"] -# -#auto_join_rooms = [] - -# Config option to automatically deactivate the account of any user who -# attempts to join a: -# - banned room -# - forbidden room alias -# - room alias or ID with a forbidden server name -# -# This may be useful if all your banned lists consist of toxic rooms or -# servers that no good faith user would ever attempt to join, and -# to automatically remediate the problem without any admin user -# intervention. -# -# This will also make the user leave all rooms. Federation (e.g. remote -# room invites) are ignored here. -# -# Defaults to false as rooms can be banned for non-moderation-related -# reasons and this performs a full user deactivation. -# -#auto_deactivate_banned_room_attempts = false - -# RocksDB log level. This is not the same as conduwuit's log level. This -# is the log level for the RocksDB engine/library which show up in your -# database folder/path as `LOG` files. conduwuit will log RocksDB errors -# as normal through tracing or panics if severe for safety. -# -#rocksdb_log_level = "error" - -# This item is undocumented. Please contribute documentation for it. -# -#rocksdb_log_stderr = false - -# Max RocksDB `LOG` file size before rotating in bytes. Defaults to 4MB in -# bytes. -# -#rocksdb_max_log_file_size = 4194304 - -# Time in seconds before RocksDB will forcibly rotate logs. -# -#rocksdb_log_time_to_roll = 0 - -# Set this to true to use RocksDB config options that are tailored to HDDs -# (slower device storage). -# -# It is worth noting that by default, conduwuit will use RocksDB with -# Direct IO enabled. *Generally* speaking this improves performance as it -# bypasses buffered I/O (system page cache). However there is a potential -# chance that Direct IO may cause issues with database operations if your -# setup is uncommon. This has been observed with FUSE filesystems, and -# possibly ZFS filesystem. RocksDB generally deals/corrects these issues -# but it cannot account for all setups. If you experience any weird -# RocksDB issues, try enabling this option as it turns off Direct IO and -# feel free to report in the conduwuit Matrix room if this option fixes -# your DB issues. -# -# For more information, see: -# https://github.com/facebook/rocksdb/wiki/Direct-IO -# -#rocksdb_optimize_for_spinning_disks = false - -# Enables direct-io to increase database performance via unbuffered I/O. -# -# For more details about direct I/O and RockDB, see: -# https://github.com/facebook/rocksdb/wiki/Direct-IO -# -# Set this option to false if the database resides on a filesystem which -# does not support direct-io like FUSE, or any form of complex filesystem -# setup such as possibly ZFS. -# -#rocksdb_direct_io = true - -# Amount of threads that RocksDB will use for parallelism on database -# operations such as cleanup, sync, flush, compaction, etc. Set to 0 to -# use all your logical threads. Defaults to your CPU logical thread count. -# -#rocksdb_parallelism_threads = varies by system - -# Maximum number of LOG files RocksDB will keep. This must *not* be set to -# 0. It must be at least 1. Defaults to 3 as these are not very useful -# unless troubleshooting/debugging a RocksDB bug. -# -#rocksdb_max_log_files = 3 - -# Type of RocksDB database compression to use. -# -# Available options are "zstd", "zlib", "bz2", "lz4", or "none". -# -# It is best to use ZSTD as an overall good balance between -# speed/performance, storage, IO amplification, and CPU usage. For more -# performance but less compression (more storage used) and less CPU usage, -# use LZ4. -# -# For more details, see: -# https://github.com/facebook/rocksdb/wiki/Compression -# -# "none" will disable compression. -# -#rocksdb_compression_algo = "zstd" - -# Level of compression the specified compression algorithm for RocksDB to -# use. -# -# Default is 32767, which is internally read by RocksDB as the default -# magic number and translated to the library's default compression level -# as they all differ. See their `kDefaultCompressionLevel`. -# -#rocksdb_compression_level = 32767 - -# Level of compression the specified compression algorithm for the -# bottommost level/data for RocksDB to use. Default is 32767, which is -# internally read by RocksDB as the default magic number and translated to -# the library's default compression level as they all differ. See their -# `kDefaultCompressionLevel`. -# -# Since this is the bottommost level (generally old and least used data), -# it may be desirable to have a very high compression level here as it's -# less likely for this data to be used. Research your chosen compression -# algorithm. -# -#rocksdb_bottommost_compression_level = 32767 - -# Whether to enable RocksDB's "bottommost_compression". -# -# At the expense of more CPU usage, this will further compress the -# database to reduce more storage. It is recommended to use ZSTD -# compression with this for best compression results. This may be useful -# if you're trying to reduce storage usage from the database. -# -# See https://github.com/facebook/rocksdb/wiki/Compression for more details. -# -#rocksdb_bottommost_compression = false - -# Database recovery mode (for RocksDB WAL corruption). -# -# Use this option when the server reports corruption and refuses to start. -# Set mode 2 (PointInTime) to cleanly recover from this corruption. The -# server will continue from the last good state, several seconds or -# minutes prior to the crash. Clients may have to run "clear-cache & -# reload" to account for the rollback. Upon success, you may reset the -# mode back to default and restart again. Please note in some cases the -# corruption error may not be cleared for at least 30 minutes of operation -# in PointInTime mode. -# -# As a very last ditch effort, if PointInTime does not fix or resolve -# anything, you can try mode 3 (SkipAnyCorruptedRecord) but this will -# leave the server in a potentially inconsistent state. -# -# The default mode 1 (TolerateCorruptedTailRecords) will automatically -# drop the last entry in the database if corrupted during shutdown, but -# nothing more. It is extraordinarily unlikely this will desynchronize -# clients. To disable any form of silent rollback set mode 0 -# (AbsoluteConsistency). -# -# The options are: -# 0 = AbsoluteConsistency -# 1 = TolerateCorruptedTailRecords (default) -# 2 = PointInTime (use me if trying to recover) -# 3 = SkipAnyCorruptedRecord (you now voided your conduwuit warranty) -# -# For more information on these modes, see: -# https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes -# -# For more details on recovering a corrupt database, see: -# https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption -# -#rocksdb_recovery_mode = 1 - -# Enables or disables paranoid SST file checks. This can improve RocksDB -# database consistency at a potential performance impact due to further -# safety checks ran. -# -# For more information, see: -# https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks -# -#rocksdb_paranoid_file_checks = false - -# Database repair mode (for RocksDB SST corruption). -# -# Use this option when the server reports corruption while running or -# panics. If the server refuses to start use the recovery mode options -# first. Corruption errors containing the acronym 'SST' which occur after -# startup will likely require this option. -# -# - Backing up your database directory is recommended prior to running the -# repair. -# -# - Disabling repair mode and restarting the server is recommended after -# running the repair. -# -# See https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption for more details on recovering a corrupt database. -# -#rocksdb_repair = false - -# This item is undocumented. Please contribute documentation for it. -# -#rocksdb_read_only = false - -# This item is undocumented. Please contribute documentation for it. -# -#rocksdb_secondary = false - -# Enables idle CPU priority for compaction thread. This is not enabled by -# default to prevent compaction from falling too far behind on busy -# systems. -# -#rocksdb_compaction_prio_idle = false - -# Enables idle IO priority for compaction thread. This prevents any -# unexpected lag in the server's operation and is usually a good idea. -# Enabled by default. -# -#rocksdb_compaction_ioprio_idle = true - -# Disables RocksDB compaction. You should never ever have to set this -# option to true. If you for some reason find yourself needing to use this -# option as part of troubleshooting or a bug, please reach out to us in -# the conduwuit Matrix room with information and details. -# -# Disabling compaction will lead to a significantly bloated and -# explosively large database, gradually poor performance, unnecessarily -# excessive disk read/writes, and slower shutdowns and startups. -# -#rocksdb_compaction = true - -# Level of statistics collection. Some admin commands to display database -# statistics may require this option to be set. Database performance may -# be impacted by higher settings. -# -# Option is a number ranging from 0 to 6: -# 0 = No statistics. -# 1 = No statistics in release mode (default). -# 2 to 3 = Statistics with no performance impact. -# 3 to 5 = Statistics with possible performance impact. -# 6 = All statistics. -# -#rocksdb_stats_level = 1 - -# This is a password that can be configured that will let you login to the -# server bot account (currently `@conduit`) for emergency troubleshooting -# purposes such as recovering/recreating your admin room, or inviting -# yourself back. -# -# See https://conduwuit.puppyirl.gay/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room. -# -# Once this password is unset, all sessions will be logged out for -# security purposes. -# -# example: "F670$2CP@Hw8mG7RY1$%!#Ic7YA" -# -emergency_password = {{ matrix_conduwuit_config_emergency_password | to_json }} - -# This item is undocumented. Please contribute documentation for it. -# -#notification_push_path = "/_matrix/push/v1/notify" - -# Allow local (your server only) presence updates/requests. -# -# Note that presence on conduwuit is very fast unlike Synapse's. If using -# outgoing presence, this MUST be enabled. -# -#allow_local_presence = true - -# Allow incoming federated presence updates/requests. -# -# This option receives presence updates from other servers, but does not -# send any unless `allow_outgoing_presence` is true. Note that presence on -# conduwuit is very fast unlike Synapse's. -# -#allow_incoming_presence = true - -# Allow outgoing presence updates/requests. -# -# This option sends presence updates to other servers, but does not -# receive any unless `allow_incoming_presence` is true. Note that presence -# on conduwuit is very fast unlike Synapse's. If using outgoing presence, -# you MUST enable `allow_local_presence` as well. -# -#allow_outgoing_presence = true - -# How many seconds without presence updates before you become idle. -# Defaults to 5 minutes. -# -#presence_idle_timeout_s = 300 - -# How many seconds without presence updates before you become offline. -# Defaults to 30 minutes. -# -#presence_offline_timeout_s = 1800 - -# Enable the presence idle timer for remote users. -# -# Disabling is offered as an optimization for servers participating in -# many large rooms or when resources are limited. Disabling it may cause -# incorrect presence states (i.e. stuck online) to be seen for some remote -# users. -# -#presence_timeout_remote_users = true - -# Allow receiving incoming read receipts from remote servers. -# -#allow_incoming_read_receipts = true - -# Allow sending read receipts to remote servers. -# -#allow_outgoing_read_receipts = true - -# Allow outgoing typing updates to federation. -# -#allow_outgoing_typing = true - -# Allow incoming typing updates from federation. -# -#allow_incoming_typing = true - -# Maximum time federation user can indicate typing. -# -#typing_federation_timeout_s = 30 - -# Minimum time local client can indicate typing. This does not override a -# client's request to stop typing. It only enforces a minimum value in -# case of no stop request. -# -#typing_client_timeout_min_s = 15 - -# Maximum time local client can indicate typing. -# -#typing_client_timeout_max_s = 45 - -# Set this to true for conduwuit to compress HTTP response bodies using -# zstd. This option does nothing if conduwuit was not built with -# `zstd_compression` feature. Please be aware that enabling HTTP -# compression may weaken TLS. Most users should not need to enable this. -# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH -# before deciding to enable this. -# -#zstd_compression = false - -# Set this to true for conduwuit to compress HTTP response bodies using -# gzip. This option does nothing if conduwuit was not built with -# `gzip_compression` feature. Please be aware that enabling HTTP -# compression may weaken TLS. Most users should not need to enable this. -# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before -# deciding to enable this. -# -# If you are in a large amount of rooms, you may find that enabling this -# is necessary to reduce the significantly large response bodies. -# -#gzip_compression = false - -# Set this to true for conduwuit to compress HTTP response bodies using -# brotli. This option does nothing if conduwuit was not built with -# `brotli_compression` feature. Please be aware that enabling HTTP -# compression may weaken TLS. Most users should not need to enable this. -# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH -# before deciding to enable this. -# -#brotli_compression = false - -# Set to true to allow user type "guest" registrations. Some clients like -# Element attempt to register guest users automatically. -# -#allow_guest_registration = false - -# Set to true to log guest registrations in the admin room. Note that -# these may be noisy or unnecessary if you're a public homeserver. -# -#log_guest_registrations = false - -# Set to true to allow guest registrations/users to auto join any rooms -# specified in `auto_join_rooms`. -# -#allow_guests_auto_join_rooms = false - -# Enable the legacy unauthenticated Matrix media repository endpoints. -# These endpoints consist of: -# - /_matrix/media/*/config -# - /_matrix/media/*/upload -# - /_matrix/media/*/preview_url -# - /_matrix/media/*/download/* -# - /_matrix/media/*/thumbnail/* -# -# The authenticated equivalent endpoints are always enabled. -# -# Defaults to true for now, but this is highly subject to change, likely -# in the next release. -# -#allow_legacy_media = true - -# This item is undocumented. Please contribute documentation for it. -# -#freeze_legacy_media = true - -# Check consistency of the media directory at startup: -# 1. When `media_compat_file_link` is enabled, this check will upgrade -# media when switching back and forth between Conduit and conduwuit. -# Both options must be enabled to handle this. -# 2. When media is deleted from the directory, this check will also delete -# its database entry. -# -# If none of these checks apply to your use cases, and your media -# directory is significantly large setting this to false may reduce -# startup time. -# -#media_startup_check = true - -# Enable backward-compatibility with Conduit's media directory by creating -# symlinks of media. -# -# This option is only necessary if you plan on using Conduit again. -# Otherwise setting this to false reduces filesystem clutter and overhead -# for managing these symlinks in the directory. This is now disabled by -# default. You may still return to upstream Conduit but you have to run -# conduwuit at least once with this set to true and allow the -# media_startup_check to take place before shutting down to return to -# Conduit. -# -#media_compat_file_link = false - -# Prune missing media from the database as part of the media startup -# checks. -# -# This means if you delete files from the media directory the -# corresponding entries will be removed from the database. This is -# disabled by default because if the media directory is accidentally moved -# or inaccessible, the metadata entries in the database will be lost with -# sadness. -# -#prune_missing_media = false - -# Vector list of servers that conduwuit will refuse to download remote -# media from. -# -#prevent_media_downloads_from = [] - -# List of forbidden server names that we will block incoming AND outgoing -# federation with, and block client room joins / remote user invites. -# -# This check is applied on the room ID, room alias, sender server name, -# sender user's server name, inbound federation X-Matrix origin, and -# outbound federation handler. -# -# Basically "global" ACLs. -# -#forbidden_remote_server_names = [] - -# List of forbidden server names that we will block all outgoing federated -# room directory requests for. Useful for preventing our users from -# wandering into bad servers or spaces. -# -#forbidden_remote_room_directory_server_names = [] - -# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you -# do not want conduwuit to send outbound requests to. Defaults to -# RFC1918, unroutable, loopback, multicast, and testnet addresses for -# security. -# -# Please be aware that this is *not* a guarantee. You should be using a -# firewall with zones as doing this on the application layer may have -# bypasses. -# -# Currently this does not account for proxies in use like Synapse does. -# -# To disable, set this to be an empty vector (`[]`). -# -# Defaults to: -# ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", -# "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16", -# "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24", -# "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7", -# "2001:db8::/32", "ff00::/8", "fec0::/10"] -# -#ip_range_denylist = - -# Optional IP address or network interface-name to bind as the source of -# URL preview requests. If not set, it will not bind to a specific -# address or interface. -# -# Interface names only supported on Linux, Android, and Fuchsia platforms; -# all other platforms can specify the IP address. To list the interfaces -# on your system, use the command `ip link show`. -# -# example: `"eth0"` or `"1.2.3.4"` -# -#url_preview_bound_interface = - -# Vector list of domains allowed to send requests to for URL previews. -# -# This is a *contains* match, not an explicit match. Putting "google.com" -# will match "https://google.com" and -# "http://mymaliciousdomainexamplegoogle.com" Setting this to "*" will -# allow all URL previews. Please note that this opens up significant -# attack surface to your server, you are expected to be aware of the risks -# by doing so. -# -#url_preview_domain_contains_allowlist = [] - -# Vector list of explicit domains allowed to send requests to for URL -# previews. -# -# This is an *explicit* match, not a contains match. Putting "google.com" -# will match "https://google.com", "http://google.com", but not -# "https://mymaliciousdomainexamplegoogle.com". Setting this to "*" will -# allow all URL previews. Please note that this opens up significant -# attack surface to your server, you are expected to be aware of the risks -# by doing so. -# -#url_preview_domain_explicit_allowlist = [] - -# Vector list of explicit domains not allowed to send requests to for URL -# previews. -# -# This is an *explicit* match, not a contains match. Putting "google.com" -# will match "https://google.com", "http://google.com", but not -# "https://mymaliciousdomainexamplegoogle.com". The denylist is checked -# first before allowlist. Setting this to "*" will not do anything. -# -#url_preview_domain_explicit_denylist = [] - -# Vector list of URLs allowed to send requests to for URL previews. -# -# Note that this is a *contains* match, not an explicit match. Putting -# "google.com" will match "https://google.com/", -# "https://google.com/url?q=https://mymaliciousdomainexample.com", and -# "https://mymaliciousdomainexample.com/hi/google.com" Setting this to "*" -# will allow all URL previews. Please note that this opens up significant -# attack surface to your server, you are expected to be aware of the risks -# by doing so. -# -#url_preview_url_contains_allowlist = [] - -# Maximum amount of bytes allowed in a URL preview body size when -# spidering. Defaults to 256KB in bytes. -# -#url_preview_max_spider_size = 256000 - -# Option to decide whether you would like to run the domain allowlist -# checks (contains and explicit) on the root domain or not. Does not apply -# to URL contains allowlist. Defaults to false. -# -# Example usecase: If this is enabled and you have "wikipedia.org" allowed -# in the explicit and/or contains domain allowlist, it will allow all -# subdomains under "wikipedia.org" such as "en.m.wikipedia.org" as the -# root domain is checked and matched. Useful if the domain contains -# allowlist is still too broad for you but you still want to allow all the -# subdomains under a root domain. -# -#url_preview_check_root_domain = false - -# List of forbidden room aliases and room IDs as strings of regex -# patterns. -# -# Regex can be used or explicit contains matches can be done by just -# specifying the words (see example). -# -# This is checked upon room alias creation, custom room ID creation if -# used, and startup as warnings if any room aliases in your database have -# a forbidden room alias/ID. -# -# example: ["19dollarfortnitecards", "b[4a]droom"] -# -#forbidden_alias_names = [] - -# List of forbidden username patterns/strings. -# -# Regex can be used or explicit contains matches can be done by just -# specifying the words (see example). -# -# This is checked upon username availability check, registration, and -# startup as warnings if any local users in your database have a forbidden -# username. -# -# example: ["administrator", "b[a4]dusernam[3e]"] -# -#forbidden_usernames = [] - -# Retry failed and incomplete messages to remote servers immediately upon -# startup. This is called bursting. If this is disabled, said messages may -# not be delivered until more messages are queued for that server. Do not -# change this option unless server resources are extremely limited or the -# scale of the server's deployment is huge. Do not disable this unless you -# know what you are doing. -# -#startup_netburst = true - -# Messages are dropped and not reattempted. The `startup_netburst` option -# must be enabled for this value to have any effect. Do not change this -# value unless you know what you are doing. Set this value to -1 to -# reattempt every message without trimming the queues; this may consume -# significant disk. Set this value to 0 to drop all messages without any -# attempt at redelivery. -# -#startup_netburst_keep = 50 - -# Block non-admin local users from sending room invites (local and -# remote), and block non-admin users from receiving remote room invites. -# -# Admins are always allowed to send and receive all room invites. -# -#block_non_admin_invites = false - -# Allow admins to enter commands in rooms other than "#admins" (admin -# room) by prefixing your message with "\!admin" or "\\!admin" followed up -# a normal conduwuit admin command. The reply will be publicly visible to -# the room, originating from the sender. -# -# example: \\!admin debug ping puppygock.gay -# -#admin_escape_commands = true - -# Automatically activate the conduwuit admin room console / CLI on -# startup. This option can also be enabled with `--console` conduwuit -# argument. -# -#admin_console_automatic = false - -# List of admin commands to execute on startup. -# -# This option can also be configured with the `--execute` conduwuit -# argument and can take standard shell commands and environment variables -# -# For example: `./conduwuit --execute "server admin-notice conduwuit has -# started up at $(date)"` -# -# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]` -# -#admin_execute = [] - -# Ignore errors in startup commands. -# -# If false, conduwuit will error and fail to start if an admin execute -# command (`--execute` / `admin_execute`) fails. -# -#admin_execute_errors_ignore = false - -# Controls the max log level for admin command log captures (logs -# generated from running admin commands). Defaults to "info" on release -# builds, else "debug" on debug builds. -# -#admin_log_capture = "info" - -# The default room tag to apply on the admin room. -# -# On some clients like Element, the room tag "m.server_notice" is a -# special pinned room at the very bottom of your room list. The conduwuit -# admin room can be pinned here so you always have an easy-to-access -# shortcut dedicated to your admin room. -# -#admin_room_tag = "m.server_notice" - -# Sentry.io crash/panic reporting, performance monitoring/metrics, etc. -# This is NOT enabled by default. conduwuit's default Sentry reporting -# endpoint domain is `o4506996327251968.ingest.us.sentry.io`. -# -#sentry = false - -# Sentry reporting URL, if a custom one is desired. -# -#sentry_endpoint = "https://fe2eb4536aa04949e28eff3128d64757@o4506996327251968.ingest.us.sentry.io/4506996334657536" - -# Report your conduwuit server_name in Sentry.io crash reports and -# metrics. -# -#sentry_send_server_name = false - -# Performance monitoring/tracing sample rate for Sentry.io. -# -# Note that too high values may impact performance, and can be disabled by -# setting it to 0.0 (0%) This value is read as a percentage to Sentry, -# represented as a decimal. Defaults to 15% of traces (0.15) -# -#sentry_traces_sample_rate = 0.15 - -# Whether to attach a stacktrace to Sentry reports. -# -#sentry_attach_stacktrace = false - -# Send panics to Sentry. This is true by default, but Sentry has to be -# enabled. The global `sentry` config option must be enabled to send any -# data. -# -#sentry_send_panic = true - -# Send errors to sentry. This is true by default, but sentry has to be -# enabled. This option is only effective in release-mode; forced to false -# in debug-mode. -# -#sentry_send_error = true - -# Controls the tracing log level for Sentry to send things like -# breadcrumbs and transactions -# -#sentry_filter = "info" - -# Enable the tokio-console. This option is only relevant to developers. -# -# For more information, see: -# https://conduwuit.puppyirl.gay/development.html#debugging-with-tokio-console -# -#tokio_console = false - -# This item is undocumented. Please contribute documentation for it. -# -#test = false - -# Controls whether admin room notices like account registrations, password -# changes, account deactivations, room directory publications, etc will be -# sent to the admin room. Update notices and normal admin command -# responses will still be sent. -# -#admin_room_notices = true - -# Enable database pool affinity support. On supporting systems, block -# device queue topologies are detected and the request pool is optimized -# for the hardware; db_pool_workers is determined automatically. -# -#db_pool_affinity = true - -# Sets the number of worker threads in the frontend-pool of the database. -# This number should reflect the I/O capabilities of the system, -# such as the queue-depth or the number of simultaneous requests in -# flight. Defaults to 32 or four times the number of CPU cores, whichever -# is greater. -# -# Note: This value is only used if db_pool_affinity is disabled or not -# detected on the system, otherwise it is determined automatically. -# -#db_pool_workers = 32 - -# When db_pool_affinity is enabled and detected, the size of any worker -# group will not exceed the determined value. This is necessary when -# thread-pooling approach does not scale to the full capabilities of -# high-end hardware; using detected values without limitation could -# degrade performance. -# -# The value is multiplied by the number of cores which share a device -# queue, since group workers can be scheduled on any of those cores. -# -#db_pool_workers_limit = 64 - -# Determines the size of the queues feeding the database's frontend-pool. -# The size of the queue is determined by multiplying this value with the -# number of pool workers. When this queue is full, tokio tasks conducting -# requests will yield until space is available; this is good for -# flow-control by avoiding buffer-bloat, but can inhibit throughput if -# too low. -# -#db_pool_queue_mult = 4 - -# Sets the initial value for the concurrency of streams. This value simply -# allows overriding the default in the code. The default is 32, which is -# the same as the default in the code. Note this value is itself -# overridden by the computed stream_width_scale, unless that is disabled; -# this value can serve as a fixed-width instead. -# -#stream_width_default = 32 - -# Scales the stream width starting from a base value detected for the -# specific system. The base value is the database pool worker count -# determined from the hardware queue size (e.g. 32 for SSD or 64 or 128+ -# for NVMe). This float allows scaling the width up or down by multiplying -# it (e.g. 1.5, 2.0, etc). The maximum result can be the size of the pool -# queue (see: db_pool_queue_mult) as any larger value will stall the tokio -# task. The value can also be scaled down (e.g. 0.5) to improve -# responsiveness for many users at the cost of throughput for each. -# -# Setting this value to 0.0 causes the stream width to be fixed at the -# value of stream_width_default. The default scale is 1.0 to match the -# capabilities detected for the system. -# -#stream_width_scale = 1.0 - -# Sets the initial amplification factor. This controls batch sizes of -# requests made by each pool worker, multiplying the throughput of each -# stream. This value is somewhat abstract from specific hardware -# characteristics and can be significantly larger than any thread count or -# queue size. This is because each database query may require several -# index lookups, thus many database queries in a batch may make progress -# independently while also sharing index and data blocks which may or may -# not be cached. It is worthwhile to submit huge batches to reduce -# complexity. The maximum value is 32768, though sufficient hardware is -# still advised for that. -# -#stream_amplification = 1024 - -# Number of sender task workers; determines sender parallelism. Default is -# '0' which means the value is determined internally, likely matching the -# number of tokio worker-threads or number of cores, etc. Override by -# setting a non-zero value. -# -#sender_workers = 0 - -[global.well_known] - -# The server URL that the client well-known file will serve. This should -# not contain a port, and should just be a valid HTTPS URL. -# -# example: "https://matrix.example.com" -# -#client = - -# The server base domain of the URL with a specific port that the server -# well-known file will serve. This should contain a port at the end, and -# should not be a URL. -# -# example: "matrix.example.com:443" -# -#server = - -# This item is undocumented. Please contribute documentation for it. -# -#support_page = - -# This item is undocumented. Please contribute documentation for it. -# -#support_role = - -# This item is undocumented. Please contribute documentation for it. -# -#support_email = - -# This item is undocumented. Please contribute documentation for it. -# -#support_mxid = diff --git a/roles/custom/matrix-conduwuit/templates/env.j2 b/roles/custom/matrix-conduwuit/templates/env.j2 deleted file mode 100644 index 026bfe308..000000000 --- a/roles/custom/matrix-conduwuit/templates/env.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ matrix_conduwuit_environment_variables_extension }} diff --git a/roles/custom/matrix-conduwuit/templates/env.j2.license b/roles/custom/matrix-conduwuit/templates/env.j2.license deleted file mode 100644 index a149c4232..000000000 --- a/roles/custom/matrix-conduwuit/templates/env.j2.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: 2025 Slavi Pantaleev - -SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-conduwuit/templates/labels.j2 b/roles/custom/matrix-conduwuit/templates/labels.j2 deleted file mode 100644 index bcaf3b2dc..000000000 --- a/roles/custom/matrix-conduwuit/templates/labels.j2 +++ /dev/null @@ -1,173 +0,0 @@ -{# -SPDX-FileCopyrightText: 2025 MDAD project contributors -SPDX-FileCopyrightText: 2025 Slavi Pantaleev -SPDX-FileCopyrightText: 2025 Suguru Hirahara - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -{% if matrix_conduwuit_container_labels_traefik_enabled %} -traefik.enable=true - -{% if matrix_conduwuit_container_labels_traefik_docker_network %} -traefik.docker.network={{ matrix_conduwuit_container_labels_traefik_docker_network }} -{% endif %} - -traefik.http.services.matrix-conduwuit.loadbalancer.server.port={{ matrix_conduwuit_config_port_number }} - - -{% if matrix_conduwuit_container_labels_public_client_root_enabled %} -############################################################ -# # -# Public Root path (/) # -# # -############################################################ - -{% set client_root_middlewares = [] %} - -{% if matrix_conduwuit_container_labels_public_client_root_redirection_enabled %} -{% set client_root_middlewares = client_root_middlewares + ['matrix-conduwuit-client-root-redirect'] %} -traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.regex=(.*) -traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.replacement={{ matrix_conduwuit_container_labels_public_client_root_redirection_url }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-public-client-root.rule={{ matrix_conduwuit_container_labels_public_client_root_traefik_rule }} - -traefik.http.routers.matrix-conduwuit-public-client-root.middlewares={{ client_root_middlewares | join(',') }} - -{% if matrix_conduwuit_container_labels_public_client_root_traefik_priority | int > 0 %} -traefik.http.routers.matrix-conduwuit-public-client-root.priority={{ matrix_conduwuit_container_labels_public_client_root_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-public-client-root.service=matrix-conduwuit -traefik.http.routers.matrix-conduwuit-public-client-root.entrypoints={{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints }} -traefik.http.routers.matrix-conduwuit-public-client-root.tls={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls | to_json }} - -{% if matrix_conduwuit_container_labels_public_client_root_traefik_tls %} -traefik.http.routers.matrix-conduwuit-public-client-root.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Public Root path (/) # -# # -############################################################ -{% endif %} - - -{% if matrix_conduwuit_container_labels_public_client_api_enabled %} -############################################################ -# # -# Public Client-API (/_matrix) # -# # -############################################################ - -traefik.http.routers.matrix-conduwuit-public-client-api.rule={{ matrix_conduwuit_container_labels_public_client_api_traefik_rule }} - -{% if matrix_conduwuit_container_labels_public_client_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-conduwuit-public-client-api.priority={{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-public-client-api.service=matrix-conduwuit -traefik.http.routers.matrix-conduwuit-public-client-api.entrypoints={{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints }} - -traefik.http.routers.matrix-conduwuit-public-client-api.tls={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls | to_json }} -{% if matrix_conduwuit_container_labels_public_client_api_traefik_tls %} -traefik.http.routers.matrix-conduwuit-public-client-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Public Client-API (/_matrix) # -# # -############################################################ -{% endif %} - - -{% if matrix_conduwuit_container_labels_internal_client_api_enabled %} -############################################################ -# # -# Internal Client-API (/_matrix) # -# # -############################################################ - -traefik.http.routers.matrix-conduwuit-internal-client-api.rule={{ matrix_conduwuit_container_labels_internal_client_api_traefik_rule }} - -{% if matrix_conduwuit_container_labels_internal_client_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-conduwuit-internal-client-api.priority={{ matrix_conduwuit_container_labels_internal_client_api_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-internal-client-api.service=matrix-conduwuit -traefik.http.routers.matrix-conduwuit-internal-client-api.entrypoints={{ matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints }} - -############################################################ -# # -# /Internal Client-API (/_matrix) # -# # -############################################################ -{% endif %} - - -{% if matrix_conduwuit_container_labels_public_federation_api_enabled %} -############################################################ -# # -# Public Federation-API (/_matrix) # -# # -############################################################ - -traefik.http.routers.matrix-conduwuit-public-federation-api.rule={{ matrix_conduwuit_container_labels_public_federation_api_traefik_rule }} - -{% if matrix_conduwuit_container_labels_public_federation_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-conduwuit-public-federation-api.priority={{ matrix_conduwuit_container_labels_public_federation_api_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-public-federation-api.service=matrix-conduwuit -traefik.http.routers.matrix-conduwuit-public-federation-api.entrypoints={{ matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints }} - -traefik.http.routers.matrix-conduwuit-public-federation-api.tls={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls | to_json }} -{% if matrix_conduwuit_container_labels_public_federation_api_traefik_tls %} -traefik.http.routers.matrix-conduwuit-public-federation-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Public Federation-API (/_matrix) # -# # -############################################################ -{% endif %} - - - - -{% if matrix_conduwuit_container_labels_public_conduwuit_api_enabled %} -############################################################ -# # -# Public conduwuit-API (/_conduwuit) # -# # -############################################################ - -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.rule={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule }} - -{% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority | int > 0 %} -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.priority={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority }} -{% endif %} - -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.service=matrix-conduwuit -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.entrypoints={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints }} - -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls | to_json }} -{% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls %} -traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver }} -{% endif %} - -############################################################ -# # -# /Public conduwuit-API (/_conduwuit) # -# # -############################################################ -{% endif %} - - -{% endif %} - -{{ matrix_conduwuit_container_labels_additional_labels }} diff --git a/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2 b/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2 deleted file mode 100644 index 5e32edc28..000000000 --- a/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2 +++ /dev/null @@ -1,51 +0,0 @@ -#jinja2: lstrip_blocks: True -[Unit] -Description=conduwuit Matrix homeserver -{% for service in matrix_conduwuit_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true' - -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ - --rm \ - --name=matrix-conduwuit \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduwuit_tmp_directory_size_mb }}m \ - --network={{ matrix_conduwuit_container_network }} \ - --env CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml \ - --label-file={{ matrix_conduwuit_base_path }}/labels \ - --mount type=bind,src={{ matrix_conduwuit_data_path }},dst=/var/lib/conduwuit \ - --mount type=bind,src={{ matrix_conduwuit_config_path }},dst=/etc/conduwuit,ro \ - {% for arg in matrix_conduwuit_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_conduwuit_docker_image }} - -{% for network in matrix_conduwuit_container_additional_networks %} -ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-conduwuit -{% endfor %} - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduwuit - -{% if matrix_conduwuit_systemd_service_post_start_delay_seconds != 0 %} -ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_conduwuit_systemd_service_post_start_delay_seconds }} -{% endif %} - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true' -ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduwuit /bin/sh -c 'kill -HUP 1' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-conduwuit - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2.license b/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2.license deleted file mode 100644 index 6fe7fc50c..000000000 --- a/roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2.license +++ /dev/null @@ -1,4 +0,0 @@ -SPDX-FileCopyrightText: 2025 MDAD project contributors -SPDX-FileCopyrightText: 2025 Slavi Pantaleev - -SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/roles/custom/matrix-conduwuit/vars/main.yml b/roles/custom/matrix-conduwuit/vars/main.yml deleted file mode 100644 index fa5ec9d6e..000000000 --- a/roles/custom/matrix-conduwuit/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -# SPDX-FileCopyrightText: 2025 MDAD project contributors -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -matrix_conduwuit_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}/_matrix/client/versions" -matrix_conduwuit_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" diff --git a/roles/custom/matrix-continuwuity/tasks/migrate_from_conduwuit.yml b/roles/custom/matrix-continuwuity/tasks/migrate_from_conduwuit.yml index bd2eda127..dd967b255 100644 --- a/roles/custom/matrix-continuwuity/tasks/migrate_from_conduwuit.yml +++ b/roles/custom/matrix-continuwuity/tasks/migrate_from_conduwuit.yml @@ -13,7 +13,7 @@ - name: Check existence of conduwuit directory ansible.builtin.stat: path: "{{ matrix_base_data_path }}/conduwuit" - register: matrix_conduwuit_directory_stat + register: matrix_removed_conduwuit_directory_stat - name: Check existence of continuwuity directory ansible.builtin.stat: @@ -21,7 +21,7 @@ register: matrix_continuwuity_directory_stat - when: > - matrix_conduwuit_directory_stat.stat.exists | bool and + matrix_removed_conduwuit_directory_stat.stat.exists | bool and matrix_continuwuity_directory_stat.stat.exists | bool block: - name: Ensure matrix-continuwuity.service systemd service is stopped diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduwuit.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduwuit.yml deleted file mode 100644 index a322db2f2..000000000 --- a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduwuit.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-FileCopyrightText: 2025 Slavi Pantaleev -# SPDX-FileCopyrightText: 2025 Suguru Hirahara -# -# SPDX-License-Identifier: AGPL-3.0-or-later - ---- - -- name: Ensure conduwuit user registered - {{ user.username | quote }} - ansible.builtin.debug: - msg: "Not registering user. To register conduwuit users, message the conduwuit bot" diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 0598279a3..bb3f96895 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -595,6 +595,18 @@ The following variables in your configuration need to be renamed: {{ lookup('ansible.builtin.varnames', '^matrix_client_cinny_.+', wantlist=True) | join(', ') }} when: "lookup('ansible.builtin.varnames', '^matrix_client_cinny_.+', wantlist=True) | length > 0" +- name: (Deprecation) Catch and report matrix-conduwuit variables + ansible.builtin.fail: + msg: |- + matrix-conduwuit was completely removed from the playbook in February 2026. + + Please remove all `matrix_conduwuit*` variables from your configuration file (vars.yml). + + You may wish to migrate to Continuwuity, a drop-in replacement for conduwuit. See `docs/configuring-playbook-continuwuity.md` for more information. + + The following variables in your configuration need to be removed: {{ lookup('ansible.builtin.varnames', '^matrix_conduwuit.+', wantlist=True) | join(', ') }} + when: "lookup('ansible.builtin.varnames', '^matrix_conduwuit.+', wantlist=True) | length > 0" + - name: (Deprecation) Catch and report matrix-dynamic-dns variables ansible.builtin.fail: msg: |- diff --git a/setup.yml b/setup.yml index eb974bbeb..4574a17d9 100644 --- a/setup.yml +++ b/setup.yml @@ -97,7 +97,6 @@ - custom/matrix-synapse-reverse-proxy-companion - custom/matrix-dendrite - custom/matrix-conduit - - custom/matrix-conduwuit - custom/matrix-continuwuity - custom/matrix-synapse-admin - custom/matrix-synapse-usage-exporter