These IDs were incorrectly auto-derived from matrix_homeserver_generic_secret_key,
which is meant for secrets that are OK to change. Datastore IDs are static
identifiers that must never change after first use.
The playbook now requires users to explicitly set matrix_media_repo_datastore_file_id
(and matrix_media_repo_datastore_s3_id when S3 is enabled) in vars.yml, with
validation that fails early if they are missing.
This was the last usage of passlib, which is now removed from prerequisites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* This push request is about handling Traefik ipallowlist to synapse-admin application.
It's my first push request. If I forgot something please let me know. :-)
* Changed position of variable and naming for better expandebility of traefik options
* Remove useless `noqa var-naming` comment and too many blank lines at the end of the file
* If redis ist enabled for matrix media repo it failes to connect to valkey due to inproper configuration.
* Updated solution for fixing MMR redis connection
* Clean up
* Update valkey_container_network condition
---------
Co-authored-by: AkDk7 <joerg@pannbacker.email>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
This:
- brings consistency - no more mixing `_name_prefix` and `_registry_prefix`
- adds extensibility - a future patch will allow reconfiguring all registry prefixes for all roles in the playbook
We still have `_docker_` vs `_container_` inconsistencies.
These may be worked on later.
No need to duplicate the same logic as in `group_vars/matrix_servers`.
Having it disabled by default in the role itself and overriding it at the playbook level (based on the selected homeserver implementation) makes more sense.
This is provoked by de91fe933d,
where I've added a few new labels and made it possible for people to
disable them.
In this patch, I'm making it possible to disable any of the old Traefik
labels in a similar way.
`matrix-media-repo` is the only role that seems incompatible with the
changes introduced by Traefik v3, due to its use of `PathPrefix` with
regular expressions in a few places.
Regular expressions should now be used with `PathRegexp`, not
`PathPrefix`. Furthermore, they should follow the Golang regexp syntax,
as described in the migration guide:
https://doc.traefik.io/traefik/migration/v2-to-v3-details/#dynamic-configuration-changes
This is backward-compatible with what we had before. We're not changing
the SSL mode - just making it configurable.
Most components are defaulting to `sslmode=disable`, while some
(`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all.
We're making sslmode configurable, because certain external Postgres
servers may be configured to require SSL encryption.
In such cases `sslmode=disable` does not work and needs to be changed to
`sslmode=require` or something else (`verify-ca`, `verify-full`, etc).
