63 Commits

Author SHA1 Message Date
aa406a910e meta: move inventory structure to be more usable 2025-07-13 21:14:23 +02:00
43244d7daa meta: add own inventory, add vault-unlock with GPG 2025-07-13 21:14:19 +02:00
Slavi Pantaleev
9b3d2637ad Upgrade Traefik (v3.4.4-0 -> v3.4.4-1) 2025-07-12 13:29:25 +03:00
renovate[bot]
cffda7277b Update dependency prometheus_postgres_exporter to v0.17.1-6 2025-07-12 08:51:58 +03:00
renovate[bot]
eff5dd0527 Update dependency prometheus_node_exporter to v1.9.1-9 2025-07-12 08:51:51 +03:00
renovate[bot]
05202d0032 Update dependency traefik to v3.4.4-0 2025-07-12 08:47:12 +03:00
renovate[bot]
49d32b15c6 Update dependency traefik_certs_dumper to v2.10.0-1 2025-07-12 08:45:41 +03:00
renovate[bot]
f0f1d6ca67 Update dependency postgres_backup to v17-5 2025-07-11 22:14:40 +03:00
renovate[bot]
bc55e358bf Update dependency prometheus to v3.4.2-1 2025-07-11 22:14:32 +03:00
Slavi Pantaleev
9e205d50ac Upgrade baibot (v1.7.5 -> v1.7.6) 2025-07-11 16:49:24 +03:00
renovate[bot]
348324d347 Update dependency postgres_backup to v17-4 2025-07-11 13:56:05 +03:00
renovate[bot]
63a3915d86 Update dependency livekit_server to v1.9.0-2 2025-07-11 13:55:54 +03:00
renovate[bot]
a770681b18 Update dependency container_socket_proxy to v0.3.0-6 2025-07-11 11:14:44 +03:00
renovate[bot]
7fcb253c23 Update dependency grafana to v11.6.3-1 2025-07-11 11:14:36 +03:00
Suguru Hirahara
56e01ad456 Update renovate.json: apply versioning=loose
This makes it possible for Renovate to detect updates such as from `x.x.x-0` to `x.x.x-1`.

References:
- https://docs.renovatebot.com/modules/versioning/loose/
- https://docs.renovatebot.com/configuration-options/#versioning

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-07-11 11:08:30 +03:00
renovate[bot]
bd6be256b7 Update dependency ntfy to v2.13.0-0 2025-07-11 10:02:07 +03:00
Slavi Pantaleev
fb0ccc391e Make FluffyChat container HTTP port configurable
This makes it possible to switch out the container image with one that
uses a port other than 8080.
2025-07-10 19:06:09 +03:00
renovate[bot]
e6413534be Update dependency valkey to v8.1.3-0 2025-07-10 10:11:59 +03:00
renovate[bot]
2d1b1cfdde Update gnuxie/draupnir Docker tag to v2.5.0 2025-07-09 22:42:50 +03:00
renovate[bot]
54ef63e0c2 Update dependency ntfy to v2.12.0-0 2025-07-09 22:38:28 +03:00
renovate[bot]
06e14a6b70 Update dependency certifi to v2025.7.9 2025-07-09 11:26:15 +03:00
renovate[bot]
9726cb24be Update dependency etherpad to v2.3.2-0 2025-07-08 07:34:06 +03:00
Slavi Pantaleev
a41ec6e8de Upgrade Postgres (v17.4-0 -> v17.5-0) 2025-07-08 07:26:48 +03:00
Slavi Pantaleev
c399c6ff10 Extract mautrix-twitter's network.displayname_template configuration into a variable (matrix_mautrix_twitter_network_displayname_template) 2025-07-08 06:41:22 +03:00
Slavi Pantaleev
9e31a254d8 Extract mautrix-slack's network.displayname_template configuration into a variable (matrix_mautrix_slack_network_displayname_template) 2025-07-08 06:41:22 +03:00
Slavi Pantaleev
1ccb6c822a Extract mautrix-bluesky's network.displayname_template configuration into a variable (matrix_mautrix_bluesky_network_displayname_template) 2025-07-08 06:41:22 +03:00
Slavi Pantaleev
1813c856e6 Extract mautrix-signal's network.displayname_template configuration into a variable (matrix_mautrix_signal_network_displayname_template) 2025-07-08 06:41:22 +03:00
Slavi Pantaleev
f4306be183 Extract mautrix-whatsapp's network.displayname_template configuration into a variable (matrix_mautrix_whatsapp_network_displayname_template) 2025-07-08 06:41:22 +03:00
renovate[bot]
78a3bf42f3 Update matrixconduit/matrix-conduit Docker tag to v0.10.6 2025-07-07 20:04:29 +03:00
Slavi Pantaleev
5142b2ee90 Merge pull request from Virkkunen/continuwuity-review
Update Continuwuity files
2025-07-05 13:36:22 +03:00
Virkkunen
f08bc17273 add validation for changed continuwuity variable names 2025-07-05 09:57:33 +02:00
Virkkunen
3997244190 capitalise CONTINUWUITY 2025-07-05 09:52:44 +02:00
Virkkunen
c04dfe2384 add missing _config_ to some variable names 2025-07-04 21:50:31 +02:00
Virkkunen
d1796978ca add matrix_continuwuity_config_suspend_on_register 2025-07-04 21:44:50 +02:00
Virkkunen
1b2b6ddaa3 add more defederation variables 2025-07-04 21:38:32 +02:00
Virkkunen
e813309311 fix spelling 2025-07-04 21:19:20 +02:00
Virkkunen
8eb5bbf2c1 add missing comments on main.yml settings 2025-07-04 21:13:49 +02:00
Virkkunen
4632628b74 move main.yml variables 2025-07-04 21:10:29 +02:00
Virkkunen
bdec7c646d update continuwuity.toml 2025-07-04 21:07:46 +02:00
Slavi Pantaleev
25498851a0 Add some relay-related variables to mautrix-slack role 2025-07-04 20:39:20 +03:00
Virkkunen
613f685f54 add matrix_continuwuity_url_preview_domain_contains_allowlist variable 2025-07-04 20:29:44 +03:00
renovate[bot]
5987bc5b5e Update ghcr.io/element-hq/element-call Docker tag to v0.13.1 2025-07-03 20:27:45 +03:00
renovate[bot]
d2164d7a48 Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.7.2 2025-07-02 09:52:37 +03:00
renovate[bot]
9adfd8fc0d Update ghcr.io/element-hq/element-call Docker tag to v0.13.0 2025-07-01 20:14:38 +03:00
renovate[bot]
24d1875d38 Update ghcr.io/element-hq/matrix-authentication-service Docker tag to v0.18.0 2025-07-01 20:14:30 +03:00
renovate[bot]
c0269b71b8 Update ghcr.io/element-hq/synapse Docker tag to v1.133.0 2025-07-01 20:14:23 +03:00
renovate[bot]
4e8aa53e27 Update ghcr.io/element-hq/element-web Docker tag to v1.11.105 2025-07-01 20:11:52 +03:00
Catalan Lover
31a7f4367c Update Draupnir role Synapse-http-antispam config to match upstream. () 2025-06-28 10:49:37 +03:00
Catalan Lover
1a6a75bdab Add support for do_ping to synapse-http-antispam
This defaults to true for end user comfort as it helps assure them the modules connection to the consumer is working or is definitively not working. (As far as i have been told it retries until success)
2025-06-28 08:12:27 +03:00
renovate[bot]
29607f442d Update dependency maunium/synapse-http-antispam to v0.5.0 2025-06-27 17:44:12 +03:00
Slavi Pantaleev
f8142a0c37 Switch from (now-missing) ansible-community/ansible-lint-action to ansible/ansible-lint 2025-06-27 17:38:43 +03:00
Slavi Pantaleev
b13ba5b909 Use ansible.builtin.package instead of ansible.builtin.yum
`ansible.builtin.yum` is no longer available in newer Ansible versions.
We may use `ansible.builtin.dnf` instead, but `ansible.builting.package`
seems like a safer bet that should work in both older & newer RHEL-based
distros.

Ref: https://github.com/ansible/ansible-lint/issues/4251
2025-06-27 17:38:02 +03:00
Slavi Pantaleev
018f3f4408 Upgrade baibot (v1.7.4 -> v1.7.5) 2025-06-27 16:48:08 +03:00
renovate[bot]
39d13a826a Update dependency prometheus to v3.4.2-0 2025-06-27 11:59:38 +03:00
renovate[bot]
34878abd67 Update dependency traefik to v3.4.3-0 2025-06-27 11:58:43 +03:00
renovate[bot]
acf244ea26 Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.6.25 2025-06-25 12:18:53 +03:00
renovate[bot]
133ba64375 Update nginx Docker tag to v1.29.0 2025-06-25 07:03:43 +03:00
Slavi Pantaleev
bebaac886e Upgrade Jitsi (v10314-0 -> v10314-1) 2025-06-25 06:58:09 +03:00
Slavi Pantaleev
b8ebe57558 Reference local configuring-playbook-user-verification-service.md docs file locally 2025-06-25 06:32:45 +03:00
renovate[bot]
93fffee6a4 Update gnuxie/draupnir Docker tag to v2.4.1 2025-06-24 06:09:26 +03:00
renovate[bot]
3be0449c35 Update matrixconduit/matrix-conduit Docker tag to v0.10.5 2025-06-23 20:34:50 +03:00
renovate[bot]
91817e8335 Update gnuxie/draupnir Docker tag to v2.4.0 2025-06-23 15:09:42 +03:00
renovate[bot]
772c248733 Update dependency Pygments to v2.19.2 2025-06-21 20:45:19 +03:00
52 changed files with 1108 additions and 168 deletions
.github
ansible.cfg
docs
gpg
i18n
inventory
host_vars
matrix.finallycoffee.eu
hosts
requirements.txtrequirements.yml
roles
custom
matrix-alertmanager-receiver
defaults
matrix-appservice-draupnir-for-all
defaults
matrix-authentication-service
defaults
matrix-base
matrix-bot-baibot
defaults
matrix-bot-draupnir
defaults
matrix-bridge-mautrix-bluesky
defaults
templates
matrix-bridge-mautrix-signal
defaults
templates
matrix-bridge-mautrix-slack
defaults
templates
matrix-bridge-mautrix-telegram
defaults
matrix-bridge-mautrix-twitter
defaults
templates
matrix-bridge-mautrix-whatsapp
defaults
templates
matrix-bridge-mx-puppet-discord
matrix-client-element
matrix-client-fluffychat
matrix-conduit
defaults
matrix-continuwuity
matrix-element-call
defaults
matrix-synapse-reverse-proxy-companion
defaults
matrix-synapse
defaults
matrix-client-element
matrix-riot-web
setup.yml
templates

@@ -20,6 +20,7 @@
"packageRules": [ "packageRules": [
{ {
"ignoreUnstable": false, "ignoreUnstable": false,
"versioning": "loose",
"matchSourceUrls": [ "matchSourceUrls": [
"https://github.com/devture/com.devture.ansible.role{/,}**", "https://github.com/devture/com.devture.ansible.role{/,}**",
"https://github.com/mother-of-all-self-hosting{/,}**" "https://github.com/mother-of-all-self-hosting{/,}**"

@@ -24,10 +24,14 @@ jobs:
steps: steps:
- name: Check out - name: Check out
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Run ansible-lint - name: Run ansible-lint
uses: ansible-community/ansible-lint-action@v6.17.0 uses: ansible/ansible-lint@v25.6.1
with: with:
path: roles/custom args: "roles/custom"
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
precommit: precommit:
name: Run pre-commit name: Run pre-commit
runs-on: ubuntu-latest runs-on: ubuntu-latest

@@ -1,6 +1,11 @@
[defaults] [defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False retry_files_enabled = False
result_format = yaml result_format = yaml
inventory = inventory/hosts
[connection] [connection]
pipelining = True pipelining = True

@@ -50,8 +50,8 @@ If a specific setting you'd like to change does not have a dedicated Ansible var
```yaml ```yaml
matrix_continuwuity_environment_variables_extension: | matrix_continuwuity_environment_variables_extension: |
continuwuity_MAX_REQUEST_SIZE=50000000 CONTINUWUITY_MAX_REQUEST_SIZE=50000000
continuwuity_REQUEST_TIMEOUT=60 CONTINUWUITY_REQUEST_TIMEOUT=60
``` ```
## Creating the first user account ## Creating the first user account

@@ -70,7 +70,7 @@ By default the Jitsi Meet instance **does not require for anyone to log in, and
If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode. If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up. See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
### Enable Gravatar (optional) ### Enable Gravatar (optional)

5
gpg/open_vault.sh Executable file

@@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file

@@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

@@ -1,6 +1,6 @@
alabaster==1.0.0 alabaster==1.0.0
babel==2.17.0 babel==2.17.0
certifi==2025.6.15 certifi==2025.7.9
charset-normalizer==3.4.2 charset-normalizer==3.4.2
click==8.2.1 click==8.2.1
docutils==0.21.2 docutils==0.21.2
@@ -14,7 +14,7 @@ mdit-py-plugins==0.4.2
mdurl==0.1.2 mdurl==0.1.2
myst-parser==4.0.1 myst-parser==4.0.1
packaging==25.0 packaging==25.0
Pygments==2.19.1 Pygments==2.19.2
PyYAML==6.0.2 PyYAML==6.0.2
requests==2.32.4 requests==2.32.4
setuptools==80.9.0 setuptools==80.9.0

@@ -0,0 +1,17 @@
---
postgres_max_connections: 400
postgres_shared_buffers: 3145728 # (3072 MiB)
postgres_effective_cache_size: 8388608 # (8192 MiB)
postgres_container_shm_size: 1G
postgres_maintenance_work_mem: 786432 # (768 MiB)
postgres_wal_buffers: 16384 # (16 MiB)
postgres_random_page_cost: 1.3
postgres_work_mem: 4096
postgres_huge_pages: try
postgres_min_wal_size: 524288 # (512 MiB)
postgres_max_wal_size: 4194304 # (4GiB)
postgres_max_worker_processes: 8
postgres_max_parallel_workers: 8
postgres_max_parallel_workers_per_gather: 4
postgres_max_parallel_maintenance_workers: 4

@@ -0,0 +1,386 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
traefik_config_entrypoint_web_secure_enabled: false
traefik_container_web_host_bind_port: '127.0.10.1:8080'
traefik_config_entrypoint_web_forwardedHeaders_insecure: true
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
matrix_synapse_metrics_proxying_enabled: true
matrix_sliding_sync_enabled: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_playbook_docker_installation_enabled: false
#matrix_dimension_scheme: https
devture_timesync_installation_enabled: false
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
devture_systemd_service_manager_up_verification_delay_seconds: 300
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
#matrix_synapse_rc_federation:
# window_size: 1000
# sleep_limit: 50
# sleep_delay: 500
# reject_limit: 50
# concurrent: 10
#matrix_synapse_rc_message:
# per_second: 0.5
# burst_count: 25
#matrix_synapse_rc_joins:
# local:
# per_second: 0.5
# burst_count: 20
# remote:
# per_second: 0.05
# burst_count: 20
#matrix_synapse_rc_joins_per_room:
# per_second: 1
# burst_count: 10
#matrix_synapse_rc_invites:
# per_room:
# per_second: 0.5
# burst_count: 10
# per_user:
# per_second: 0.006
# burst_count: 10
# per_issuer:
# per_second: 2
# burst_count: 20
## Synapse cache tuning
#matrix_synapse_caches_global_factor: 1.5
#matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 1
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 0
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
#matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
#matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
#matrix_synapse_ext_password_provider_rest_auth_enabled: true
#matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
#matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
#matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
#matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_min: 10
cp_max: 30
cp_reconnect: True
# caches:
# per_cache_factors:
# device_id_exists: 3
# get_users_in_room: 4
# _get_joined_users_from_context: 4
# _get_joined_profile_from_event_id: 3
# "*stateGroupMembersCache*": 2
# _matches_user_in_member_list: 3
# get_users_who_share_room_with_user: 3
# is_interested_in_room: 2
# get_user_by_id: 1.5
# room_push_rule_cache: 1.5
# expire_caches: true
# cache_entry_ttl: 45m
# sync_response_cache_duration: 2m
#
# synapse-admin tool
#
#matrix_synapse_admin_enabled: true
#matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: false
#matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
#matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
#matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
#matrix_dimension_configuration_extension_yaml: |
# telegram:
# botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
matrix_bridges_encryption_enabled: true
matrix_bridges_encryption_default: true
matrix_appservice_double_puppet_enabled: true
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_appservice_bot_username: slack
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: false
#matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
#matrix_mx_puppet_instagram_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
#matrix_mx_puppet_instagram_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
# path: /metrics
# presence:
# enabled: true
# interval: 3000
#
#
##
## mx-puppet-discord configuration
##
matrix_mx_puppet_discord_enabled: false
#matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
#matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
#matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
#matrix_mx_puppet_discord_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
#matrix_mx_puppet_discord_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
# path: /metrics
# limits:
# maxAutojoinUsers: 500
# roomUserAutojoinDelay: 50
# presence:
# enabled: true
# interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: false
#matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
#matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
#matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
#matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
#matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
#matrix_mx_puppet_slack_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
#matrix_mx_puppet_slack_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
# path: /metrics
# limits:
# maxAutojoinUsers: 500
# roomUserAutojoinDelay: 50
# presence:
# enabled: true
# interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_room_directory_servers:
- "matrix.org"
- "finallycoffee.eu"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
#matrix_ma1sd_configuration_extension_yaml: |
# hashing:
# enabled: true
# pepperLength: 20
# rotationPolicy: per_requests
# requests: 10
# hashStorageType: sql
# algorithms:
# - none
# - sha256
# Matrix mail notification relay setup
exim_relay_enabled: true
exim_relay_sender_address: "system-matrix@{{ matrix_domain }}"
exim_relay_relay_use: true
exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
exim_relay_relay_host_port: 587
exim_relay_relay_auth: true
exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

@@ -0,0 +1,105 @@
$ANSIBLE_VAULT;1.1;AES256
61626165616330663863393762663031623164636666346339343636363035663463636135656533
3338383762633130346536613334626164306464333835380a353264386431326437616234393165
61323266623432353731373634353339393936643130346434346530336563326533386331646533
3030663037666664360a346636343966663733663836633736316630663230613137663166336336
62383131343934353635633261323036613231646439626162306238313132316664653237653533
34376464633335626133376138343139653561613232333133393535393137653964633561313761
62653632663432313936336231613832626362343737383863343562636437646439666638383733
63313538616430393536356534303164633332653538643264353834393465373538643963343039
31366661636263353936363931343938323563626538303133366263363533393564386466666361
38666264643931336563633663663538616431313231336364653631383261326537336162313837
32373730343538653862326636303264353737353139663161393762383138393531363264633531
32383661396537636635666665316630663032333932393131336235663938623932383230343830
31613563656663343830353438396535663864306531333239623738653838633331386465353466
37366363643334623165373562363465636161396437333966303864663033636665623564613565
39643635333636363132633462386536393634303838343835363633626162363236653839376230
34666430363933336335323330386339656339356637653931643565303166303436333562333361
38633838636337316137343564613338346239663933356130396562306164376430363233373632
66303430303034353262343565373139333535636231623062633537653636376136656138623637
34396562376233643234643436323433336436393163363935643033643833386631633762343162
33633136316635326532343430383437366139333830373731636265386234356164393066333663
37663934633437653364356231383934313132343162323436373339393964656336646164333533
37626336616565323237633736653433316238366261303465343466643363303131376665346231
62623133336561313732393837323330643138663830353662366139373366383436323530333732
38623633666537643038636163303164653866343934616236343733386533663936303637326462
63633137626632613736313333643363373963306161353431396261646635383930366166363135
66353962643638616635376137346439383339303236323761366439306638623762343966623035
30323435396533633238313962306366343362393339616131393839653565666666313833313433
66386362353061323465666563616230336565663339646162623634643330646239343934373636
33363061316637613266373831376133303337616639643239393835636138323266613134633633
65356634636562313961643865353334306131333030373566666535373039343337613964306465
32393163666232383266363763336132653765316162663961653933633832626533646537376136
64613133373135616531343837616264656461313963646565656465656165303534343834663734
62313865366634656265613264623234653165633839323030643333643139323531643637393439
61656561303732663834336334643765616234373063306236303538646663316131663933323236
63396263663034613832653361383061336132663032646133323931386562653661346264363439
35636463613635316239363061363836623564303933373964363365626133373039643264666530
30343165366365333339366639353033666634613162363164333433633563613461666532323566
63303836353331326439646139653738633866356463303264623166306262393766346338373537
62373865303264633663666333323135343530323434383835393763363739636135646538336364
33376438636264393635383163353431336463396263333239626566653262373434316532343633
61363061623430636462393135316564636536633963393338383334643134366232396564316635
31373963633164653235643665653863303831663065383433363036633962633462393839363235
36323562323634643639643561636261643136313633656236656566353539343063386162383234
38653461633561353639336531353333393262633065386539353031386332343739656261653238
31326434386130336465613233663563323035666631303137313665336566363134306638663265
62353430353934633965316636643566653235366230323139656539646539626236616138313362
31643437366563383164306331303662356562616366366237613633666534623765323034396534
38326537376265343065313738316433353266633539313134323735383864623663323662633662
65613862623766343736343031636238356161343036363566646635643334373030386434646135
64336263356663376564333935623135396231623165326437393563333361356435346634616665
66376231666633643936323264323565346637343538366138616631383964376632613437323163
30366537326533363939643237376538366230313263623139323662396633343239343066313564
63356533373338653030313038653137666434323737323763623136666530313035356634666633
35643530333632633664643361633964666432336631636561343739646266653634353963323534
35663731616539646332393837633566393734643033623937316661653839663937303666376339
65653036373565323435636637373231316265393231333734356462356635346531366530316262
37643632346164366561353236373633623464643536373361666263303739356335333934313537
31373035633333313065613162346133663736313265376230393135353431343765306539633032
63353338656231376666613138353235613362643334653537353237653139396533363630303033
36363039613232666266333535343466336263663762623865376532326262666332303361356266
65646337323037383564666639363636333135323265633932333264346363326466343234653936
65656535343663356562613064323138656338633064633462313864616665653230626638373939
61623862386364396335323836396664653731633365623936383435383330643038386665653238
62643961626464313666343431303064303338396135643432383730613161336435306262653132
38373432393564333562363761386239343366343465386638643737663561633837303734333835
66366465633164346365356637313534376136303630666432613664363030323336316639393339
61383565316432383633383832363439316366373536336639643961333663303631633464633238
31396331386163386261393565346266636436386465326639326363663930666665306637393263
65363763336561316566363164626466643637343731666530386432343431653634353336376461
33366233366533656334666138346661323463633133303933626163343666623761613961346231
35383232306336386665313264393933646631656333613138353532666133366339656564353865
35353330393131366137663466333363653866323936353734306361633163626537363561346332
65363231623766666638383661323964633034366261633035303861383135383235656465373738
66373762626130356633626436366533626633353836346239666333353262656665636330626561
66613165313137373766623464646330643662393033396266643662653136393233336265353430
38376130663634333133353763383264623133373230323938316638323864643430386633376564
65356264623766666637353866326638613435663830623063343439373030663663623432393863
33343134626465313230646239646537653938613938633736346235323438393237363639373932
61376231386265366132333965333133343737623066383534666633396635356537623432623132
62656431323033633265626265613736383435376132613532333037613834313130626361373533
39653361323366636335343865343737346264636433386332666332376662343634356630316135
30366163333561353338663666363738313732303031333637636266623530623261306335616233
31346436346663643464626134313338346439323838343663613135663834666632653866346431
64376566343963346664366363353636636231386530363961333131383133323163396265313563
35393534343664336237336231313831333739633662306636373338663434613231306538343865
61613063306432623932616534363865333639396232383562396161383539363336303463323731
63313239666538306239663864653839616132363662336331636262353061663136386331306131
66336361396239383638623463663635613364366433343739356331633330633561653038633530
38303832363663656432396636613134613965373639353731366138323435326135626339353263
39313032333966376135653664623666626233613530646534636362646237303465653931666563
65343936623462633162343334643335623834323364646362633232346237306337303430616363
61633930343132303962653432636230343331343332616434323035633963623138653737306566
34353135623134626237653165663738633435656439393234643432353535646439313638653664
39326437393166633937663261336330656266303431383437626163623163303133323139313563
39383664633739373664653131326665306533633162373535396464663637653662336237656161
39633138383166316437313237303733336365343066366462643165643865653039343037633263
61613730393666636530633231396165363033313161663463323861663262383234643236643038
61633138323664613061663538383333323566393262303633623136613166636361306562356163
66363033373262396461316438643238396633353962616362623363303035353765393164616230
35303664616539363639373830623337396239626539613761613839363638326664306465313762
34646634326338306430653065343231366430666534306331336532346535663737633639363834
34623539616339363535633365306230663264626234363637366436353833663136303032623338
32633761333165393231303165393234643363313839373339666433666130313035643836626531
63356638666264333163

24
inventory/hosts Normal file

@@ -0,0 +1,24 @@
$ANSIBLE_VAULT;1.1;AES256
37366366376266633033656235333633346134336666323465356666353363323130366365393534
3365373534643965613139656465323663393862336163640a623663366631323035346632353030
37396264356137336535363663323935646464333138653035623562346438643139323439366132
3364356364353738660a616638393635333938373838316631396536386134333831613831343732
39333066363566643864343661646633326134633039316636306332303063366665373638353735
34386339633566663038613538316233306238383734623363623666346261336562663039373264
31313061616432643761633139643039636164613136643264663131666166646531366335346164
34303339393334616434633736383763653035386333363137336431363034653263306261646661
37323563373436333736633836666563646162303232393932346430373039346431356166393930
37616639333038653936633163323139396666303638663039623633633832333737633764643863
61383763613865323061636662663837656339373335643066333964393362303766366533303332
63646335356639366130393530373936636330633132356639626531303839656166346263613733
31333362316537323934306434393630656161353465636434303538643835396361613563663437
34383765626235356530396433643037306233663263623664636163326132316237386231323165
65643235356434626161396136303563633836313961343664653339623862633338313963333237
63663961636661383634343532356234626531373938313164373561386139366338393066623036
36633137623361626161313961386630623635323336353036623165316632353333383162623531
61353138613030343636326166303762656264643834396330313563616439323265333039323566
64356538346662613836356462613536656636373065643734346166353466363266353939393535
66333739623735656463373530646663303535643562363534306438323135353763303363376135
37653566306461396563333135633235626130313231636165383438376237383663373939353637
30366661303131333438376363366131613361326635366264363064633034376230353137663030
346238306532363635623732396366633538

11
requirements.txt Normal file

@@ -0,0 +1,11 @@
ansible==11.3.0
ansible-core==2.18.3
cffi==1.17.1
cryptography==44.0.2
Jinja2==3.1.6
MarkupSafe==3.0.2
packaging==24.2
passlib==1.7.4
pycparser==2.22
PyYAML==6.0.2
resolvelib==1.0.1

@@ -7,7 +7,7 @@
version: v1.4.1-1.9.14-0 version: v1.4.1-1.9.14-0
name: backup_borg name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.3.0-4 version: v0.3.0-6
name: container_socket_proxy name: container_socket_proxy
- src: git+https://github.com/geerlingguy/ansible-role-docker - src: git+https://github.com/geerlingguy/ansible-role-docker
version: 7.4.7 version: 7.4.7
@@ -16,22 +16,22 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.3.0-0 version: v2.3.2-0
name: etherpad name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-0 version: v4.98.1-r0-2-0
name: exim_relay name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.3-0 version: v11.6.3-1
name: grafana name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10314-0 version: v10314-1
name: jitsi name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.0-0 version: v1.9.0-2
name: livekit_server name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.11.0-5 version: v2.13.0-0
name: ntfy name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048 version: 201c939eed363de269a83ba29784fc3244846048
@@ -43,19 +43,19 @@
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v17.4-0 version: v17.5-0
name: postgres name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v17-3 version: v17-5
name: postgres_backup name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.4.1-0 version: v3.4.2-1
name: prometheus name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-3 version: v1.9.1-9
name: prometheus_node_exporter name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.17.1-1 version: v0.17.1-6
name: prometheus_postgres_exporter name: prometheus_postgres_exporter
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.4.0-0 version: v1.4.0-0
@@ -67,11 +67,11 @@
version: v1.0.0-0 version: v1.0.0-0
name: timesync name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.4.1-1 version: v3.4.4-1
name: traefik name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-0 version: v2.10.0-1
name: traefik_certs_dumper name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v8.1.2-0 version: v8.1.3-0
name: valkey name: valkey

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2025.5.21 matrix_alertmanager_receiver_version: 2025.7.2
matrix_alertmanager_receiver_scheme: https matrix_alertmanager_receiver_scheme: https

@@ -12,7 +12,7 @@
matrix_appservice_draupnir_for_all_enabled: true matrix_appservice_draupnir_for_all_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir # renovate: datasource=docker depName=gnuxie/draupnir
matrix_appservice_draupnir_for_all_version: "v2.3.1" matrix_appservice_draupnir_for_all_version: "v2.5.0"
matrix_appservice_draupnir_for_all_container_image_self_build: false matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 0.17.1 matrix_authentication_service_version: 0.18.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

@@ -5,6 +5,6 @@
--- ---
- name: Ensure fuse installed (RedHat) - name: Ensure fuse installed (RedHat)
ansible.builtin.yum: ansible.builtin.package:
name: fuse name: fuse
state: present state: present

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.7.4 matrix_bot_baibot_version: v1.7.6
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

@@ -12,7 +12,7 @@
matrix_bot_draupnir_enabled: true matrix_bot_draupnir_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir # renovate: datasource=docker depName=gnuxie/draupnir
matrix_bot_draupnir_version: "v2.3.1" matrix_bot_draupnir_version: "v2.5.0"
matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -148,17 +148,14 @@ matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupn
# Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant. # Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant.
matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks: matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks:
- check_event_for_spam
- user_may_invite - user_may_invite
- user_may_join_room - user_may_join_room
matrix_bot_draupnir_synapse_http_antispam_config_fail_open: matrix_bot_draupnir_synapse_http_antispam_config_fail_open:
check_event_for_spam: true
user_may_invite: true user_may_invite: true
user_may_join_room: true user_may_join_room: true
matrix_bot_draupnir_synapse_http_antispam_config_async: matrix_bot_draupnir_synapse_http_antispam_config_async: {}
check_event_for_spam: true
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.

@@ -36,6 +36,11 @@ matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
matrix_mautrix_bluesky_appservice_public_address: '' matrix_mautrix_bluesky_appservice_public_address: ''
# Displayname template for Bluesky users.
# {{ .DisplayName }} is replaced with the display name of the Bluesky user.
# {{ .Username }} is replaced with the username of the Bluesky user.
matrix_mautrix_bluesky_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)"
matrix_mautrix_bluesky_bridge_command_prefix: "!bs" matrix_mautrix_bluesky_bridge_command_prefix: "!bs"
matrix_mautrix_bluesky_bridge_permissions: | matrix_mautrix_bluesky_bridge_permissions: |

@@ -11,7 +11,7 @@ network:
# {{ .DisplayName }} is replaced with the display name of the Bluesky user. # {{ .DisplayName }} is replaced with the display name of the Bluesky user.
# {{ .Username }} is replaced with the username of the Bluesky user. # {{ .Username }} is replaced with the username of the Bluesky user.
# {% endraw %} # {% endraw %}
displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)" displayname_template: {{ matrix_mautrix_bluesky_network_displayname_template | to_json }}
# Maximum number of conversations to sync on startup # Maximum number of conversations to sync on startup
conversation_sync_limit: 20 conversation_sync_limit: 20

@@ -48,6 +48,14 @@ matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_signal_command_prefix: "!signal" matrix_mautrix_signal_command_prefix: "!signal"
# Displayname template for Signal users.
# {{.ProfileName}} - The Signal profile name set by the user.
# {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances.
# {{.PhoneNumber}} - The phone number of the user.
# {{.UUID}} - The UUID of the Signal user.
# {{.AboutEmoji}} - The emoji set by the user in their profile.
matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}"
matrix_mautrix_signal_bridge_permissions: | matrix_mautrix_signal_bridge_permissions: |
{{ {{
{'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'} {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'}

@@ -9,7 +9,7 @@ network:
# {{.UUID}} - The UUID of the Signal user. # {{.UUID}} - The UUID of the Signal user.
# {{.AboutEmoji}} - The emoji set by the user in their profile. # {{.AboutEmoji}} - The emoji set by the user in their profile.
# {% endraw %} # {% endraw %}
displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}" displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }}
# Should avatars from the user's contact list be used? This is not safe on multi-user instances. # Should avatars from the user's contact list be used? This is not safe on multi-user instances.
use_contact_avatars: false use_contact_avatars: false
# Should the bridge request the user's contact list from the phone on startup? # Should the bridge request the user's contact list from the phone on startup?

@@ -36,6 +36,27 @@ matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# Displayname template for Slack users. Available variables:
# .Name - The username of the user
# .Team.Name - The name of the team the channel is in
# .Team.Domain - The Slack subdomain of the team the channel is in
# .ID - The internal ID of the user
# .IsBot - Whether the user is a bot
# .Profile.DisplayName - The username or real name of the user (depending on settings)
# Variables only available for users (not bots):
# .TeamID - The internal ID of the workspace the user is in
# .TZ - The timezone region of the user (e.g. Europe/London)
# .TZLabel - The label of the timezone of the user (e.g. Greenwich Mean Time)
# .TZOffset - The UTC offset of the timezone of the user (e.g. 0)
# .Profile.RealName - The real name of the user
# .Profile.FirstName - The first name of the user
# .Profile.LastName - The last name of the user
# .Profile.Title - The job title of the user
# .Profile.Pronouns - The pronouns of the user
# .Profile.Email - The email address of the user
# .Profile.Phone - The formatted phone number of the user
matrix_mautrix_slack_network_displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}'
matrix_mautrix_slack_command_prefix: "!slack" matrix_mautrix_slack_command_prefix: "!slack"
matrix_mautrix_slack_bridge_permissions: | matrix_mautrix_slack_bridge_permissions: |
@@ -168,3 +189,12 @@ matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsa
matrix_mautrix_slack_provisioning_shared_secret: '' matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: '' matrix_mautrix_slack_public_media_signing_key: ''
# Controls whether relay mode is enabled
matrix_mautrix_slack_bridge_relay_enabled: false
# Controls whether only admins can set themselves as relay users
matrix_mautrix_slack_bridge_relay_admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room
matrix_mautrix_slack_bridge_relay_default_relays: []

@@ -20,7 +20,7 @@ network:
# .Profile.Pronouns - The pronouns of the user # .Profile.Pronouns - The pronouns of the user
# .Profile.Email - The email address of the user # .Profile.Email - The email address of the user
# .Profile.Phone - The formatted phone number of the user # .Profile.Phone - The formatted phone number of the user
displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}' displayname_template: {{ matrix_mautrix_slack_network_displayname_template | to_json }}
# Channel name template for Slack channels (all types). Available variables: # Channel name template for Slack channels (all types). Available variables:
# .Name - The name of the channel # .Name - The name of the channel
# .Team.Name - The name of the team the channel is in # .Team.Name - The name of the team the channel is in
@@ -113,12 +113,12 @@ bridge:
relay: relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat. # authenticated user into a relaybot for that chat.
enabled: false enabled: {{ matrix_mautrix_slack_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users? # Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room. # If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: true admin_only: {{ matrix_mautrix_slack_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: [] default_relays: {{ matrix_mautrix_slack_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot. # The formats to use when sending messages via the relaybot.
# Available variables: # Available variables:
# .Sender.UserID - The Matrix user ID of the sender. # .Sender.UserID - The Matrix user ID of the sender.

@@ -223,6 +223,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`. # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
matrix_mautrix_telegram_sender_localpart: "telegrambot"
matrix_mautrix_telegram_registration_yaml: | matrix_mautrix_telegram_registration_yaml: |
id: telegram id: telegram
as_token: "{{ matrix_mautrix_telegram_appservice_token }}" as_token: "{{ matrix_mautrix_telegram_appservice_token }}"

@@ -44,6 +44,11 @@ matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
matrix_mautrix_twitter_appservice_public_address: '' matrix_mautrix_twitter_appservice_public_address: ''
# Displayname template for Twitter users.
# {{ .DisplayName }} is replaced with the display name of the Twitter user.
# {{ .Username }} is replaced with the username of the Twitter user.
matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"
matrix_mautrix_twitter_bridge_command_prefix: "!tw" matrix_mautrix_twitter_bridge_command_prefix: "!tw"
matrix_mautrix_twitter_bridge_permissions: | matrix_mautrix_twitter_bridge_permissions: |

@@ -11,7 +11,7 @@ network:
# {{ .DisplayName }} is replaced with the display name of the Twitter user. # {{ .DisplayName }} is replaced with the display name of the Twitter user.
# {{ .Username }} is replaced with the username of the Twitter user. # {{ .Username }} is replaced with the username of the Twitter user.
# {% endraw %} # {% endraw %}
displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)" displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }}
# Maximum number of conversations to sync on startup # Maximum number of conversations to sync on startup
conversation_sync_limit: 20 conversation_sync_limit: 20

@@ -161,6 +161,13 @@ matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_doubl
matrix_mautrix_whatsapp_double_puppet_secrets_auto: {} matrix_mautrix_whatsapp_double_puppet_secrets_auto: {}
matrix_mautrix_whatsapp_double_puppet_secrets_custom: {} matrix_mautrix_whatsapp_double_puppet_secrets_custom: {}
# Displayname template for WhatsApp users.
# {{.PushName}} - nickname set by the WhatsApp user
# {{.BusinessName}} - validated WhatsApp business name
# {{.Phone}} - phone number (international format)
# {{.FullName}} - Name you set in the contacts list
matrix_mautrix_whatsapp_network_displayname_template: '{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}'
# Enable End-to-bridge encryption # Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"

@@ -22,7 +22,7 @@ network:
# {{.Phone}} - phone number (international format) # {{.Phone}} - phone number (international format)
# {{.FullName}} - Name you set in the contacts list # {{.FullName}} - Name you set in the contacts list
# {% endraw %} # {% endraw %}
displayname_template: "{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}" displayname_template: {{ matrix_mautrix_whatsapp_network_displayname_template | to_json }}
# Should incoming calls send a message to the Matrix room? # Should incoming calls send a message to the Matrix room?
call_start_notices: true call_start_notices: true

@@ -70,7 +70,7 @@ namePatterns:
# #
# name: username of the user # name: username of the user
# discriminator: hashtag of the user (ex. #1234) # discriminator: hashtag of the user (ex. #1234)
user: :name user: ":name (#:discriminator) (via Discord)"
# A user's guild-specific displayname - if they've set a custom nick in # A user's guild-specific displayname - if they've set a custom nick in
# a guild # a guild
@@ -82,7 +82,7 @@ namePatterns:
# displayname: the user's custom group-specific nick # displayname: the user's custom group-specific nick
# channel: the name of the channel # channel: the name of the channel
# guild: the name of the guild # guild: the name of the guild
userOverride: :name userOverride: ":displayname (:name#:discriminator) (via Discord)"
# Room names for bridged Discord channels # Room names for bridged Discord channels
# #
@@ -90,7 +90,7 @@ namePatterns:
# #
# name: name of the channel # name: name of the channel
# guild: name of the guild # guild: name of the guild
room: :name room: "#:name (:guild on Discord)"
# Group names for bridged Discord servers # Group names for bridged Discord servers
# #

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.11.104 matrix_client_element_version: v1.11.105
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}" matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"

@@ -101,6 +101,19 @@
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"} - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is not none" when: "item.src is not none"
- name: Copy Element costum files
copy:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
when: false
#when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element Web nginx.conf file is removed - name: Ensure Element Web nginx.conf file is removed
ansible.builtin.file: ansible.builtin.file:
path: "{{ matrix_client_element_data_path }}/nginx.conf" path: "{{ matrix_client_element_data_path }}/nginx.conf"

@@ -33,7 +33,7 @@ h1::after {
} }
.mx_Logo { .mx_Logo {
height: 54px; height: 92px;
margin-top: 2px; margin-top: 2px;
} }

@@ -33,9 +33,14 @@ matrix_client_fluffychat_container_additional_networks: "{{ matrix_client_fluffy
matrix_client_fluffychat_container_additional_networks_auto: [] matrix_client_fluffychat_container_additional_networks_auto: []
matrix_client_fluffychat_container_additional_networks_custom: [] matrix_client_fluffychat_container_additional_networks_custom: []
# Configures the port number used inside the container image.
matrix_client_fluffychat_container_http_port: 8080
# Controls whether the matrix-client-fluffychat container exposes its HTTP port (tcp/8080 in the container). # Controls whether the matrix-client-fluffychat container exposes its HTTP port (tcp/8080 in the container).
# #
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.
#
# Also see: `matrix_client_fluffychat_container_http_port`
matrix_client_fluffychat_container_http_host_bind_port: '' matrix_client_fluffychat_container_http_host_bind_port: ''
# matrix_client_fluffychat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # matrix_client_fluffychat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
@@ -44,6 +49,7 @@ matrix_client_fluffychat_container_http_host_bind_port: ''
# To inject your own other container labels, see `matrix_client_fluffychat_container_labels_additional_labels`. # To inject your own other container labels, see `matrix_client_fluffychat_container_labels_additional_labels`.
matrix_client_fluffychat_container_labels_traefik_enabled: true matrix_client_fluffychat_container_labels_traefik_enabled: true
matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_client_fluffychat_container_network }}" matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_client_fluffychat_container_network }}"
matrix_client_fluffychat_container_labels_traefik_http_service_load_balancer_port: "{{ matrix_client_fluffychat_container_http_port }}"
matrix_client_fluffychat_container_labels_traefik_hostname: "{{ matrix_client_fluffychat_hostname }}" matrix_client_fluffychat_container_labels_traefik_hostname: "{{ matrix_client_fluffychat_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/fluffychat`). # The path prefix must either be `/` or not end with a slash (e.g. `/fluffychat`).
matrix_client_fluffychat_container_labels_traefik_path_prefix: "{{ matrix_client_fluffychat_path_prefix }}" matrix_client_fluffychat_container_labels_traefik_path_prefix: "{{ matrix_client_fluffychat_path_prefix }}"

@@ -11,7 +11,7 @@ traefik.enable=true
traefik.docker.network={{ matrix_client_fluffychat_container_labels_traefik_docker_network }} traefik.docker.network={{ matrix_client_fluffychat_container_labels_traefik_docker_network }}
{% endif %} {% endif %}
traefik.http.services.matrix-client-fluffychat.loadbalancer.server.port=8080 traefik.http.services.matrix-client-fluffychat.loadbalancer.server.port={{ matrix_client_fluffychat_container_labels_traefik_http_service_load_balancer_port }}
{% set middlewares = [] %} {% set middlewares = [] %}

@@ -22,7 +22,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--read-only \ --read-only \
--network={{ matrix_client_fluffychat_container_network }} \ --network={{ matrix_client_fluffychat_container_network }} \
{% if matrix_client_fluffychat_container_http_host_bind_port %} {% if matrix_client_fluffychat_container_http_host_bind_port %}
-p {{ matrix_client_fluffychat_container_http_host_bind_port }}:8080 \ -p {{ matrix_client_fluffychat_container_http_host_bind_port }}:{{ matrix_client_fluffychat_container_http_port }} \
{% endif %} {% endif %}
--label-file={{ matrix_client_fluffychat_data_path }}/labels \ --label-file={{ matrix_client_fluffychat_data_path }}/labels \
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \ --tmpfs=/tmp:rw,noexec,nosuid,size=10m \

@@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg
matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}" matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}"
matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/ matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/
# renovate: datasource=docker depName=matrixconduit/matrix-conduit # renovate: datasource=docker depName=matrixconduit/matrix-conduit
matrix_conduit_docker_image_tag: "v0.10.4" matrix_conduit_docker_image_tag: "v0.10.6"
matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

@@ -143,6 +143,9 @@ matrix_continuwuity_config_max_request_size: 20_000_000
# Enables registration. If set to false, no users can register on this server. # Enables registration. If set to false, no users can register on this server.
matrix_continuwuity_config_allow_registration: false matrix_continuwuity_config_allow_registration: false
# Controls if newly registered users are automatically suspended, requiring admin approval.
matrix_continuwuity_config_suspend_on_register: false
# Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting. # Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting.
# This is only used when `matrix_continuwuity_config_allow_registration` is set to true and no registration token is configured. # This is only used when `matrix_continuwuity_config_allow_registration` is set to true and no registration token is configured.
matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false
@@ -166,12 +169,11 @@ matrix_continuwuity_config_allow_check_for_updates: false
# Controls the `emergency_password` setting. # Controls the `emergency_password` setting.
matrix_continuwuity_config_emergency_password: '' matrix_continuwuity_config_emergency_password: ''
# Controls the `allow_federation` setting. # Controls the `matrix_continuwuity_trusted_servers`` setting.
matrix_continuwuity_config_allow_federation: true matrix_continuwuity_config_trusted_servers:
matrix_continuwuity_trusted_servers:
- "matrix.org" - "matrix.org"
# Controls the `matrix_continuwuity_config_log` setting.
matrix_continuwuity_config_log: "info,state_res=warn,rocket=off,_=off,sled=off" matrix_continuwuity_config_log: "info,state_res=warn,rocket=off,_=off,sled=off"
# TURN integration. # TURN integration.
@@ -184,15 +186,23 @@ matrix_continuwuity_config_turn_password: ''
# Controls whether the self-check feature should validate SSL certificates. # Controls whether the self-check feature should validate SSL certificates.
matrix_continuwuity_self_check_validate_certificates: true matrix_continuwuity_self_check_validate_certificates: true
# Controls server (de)federation settings.
matrix_continuwuity_config_allow_federation: true
matrix_continuwuity_config_allowed_remote_server_names: []
matrix_continuwuity_config_forbidden_remote_server_names: []
matrix_continuwuity_config_forbidden_remote_room_directory_server_names: []
matrix_continuwuity_config_prevent_media_downloads_from: []
matrix_continuwuity_config_ignore_messages_from_server_names: []
# Controls the `url_preview_domain_contains_allowlist` setting.
matrix_continuwuity_config_url_preview_domain_contains_allowlist: []
# Additional environment variables to pass to the container. # Additional environment variables to pass to the container.
# #
# Environment variables take priority over settings in the configuration file. # Environment variables take priority over settings in the configuration file.
# #
# Example: # Example:
# matrix_continuwuity_environment_variables_extension: | # matrix_continuwuity_environment_variables_extension: |
# continuwuity_MAX_REQUEST_SIZE=50000000 # CONTINUWUITY_MAX_REQUEST_SIZE=50000000
# continuwuity_REQUEST_TIMEOUT=60 # CONTINUWUITY_REQUEST_TIMEOUT=60
matrix_continuwuity_environment_variables_extension: '' matrix_continuwuity_environment_variables_extension: ''
matrix_continuwuity_forbidden_remote_server_names: []
matrix_continuwuity_forbidden_remote_room_directory_server_names: []

@@ -13,3 +13,18 @@
- {'name': 'matrix_continuwuity_hostname', when: true} - {'name': 'matrix_continuwuity_hostname', when: true}
- {'name': 'matrix_continuwuity_container_network', when: true} - {'name': 'matrix_continuwuity_container_network', when: true}
- {'name': 'matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_continuwuity_container_labels_internal_client_api_enabled }}"} - {'name': 'matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_continuwuity_container_labels_internal_client_api_enabled }}"}
- name: (Deprecation) Catch and report renamed Continuwuity settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "item.old in vars"
with_items:
- {'old': 'matrix_continuwuity_allowed_remote_server_names', 'new': 'matrix_continuwuity_config_allowed_remote_server_names'}
- {'old': 'matrix_continuwuity_forbidden_remote_room_directory_server_names', 'new': 'matrix_continuwuity_config_forbidden_remote_room_directory_server_names'}
- {'old': 'matrix_continuwuity_forbidden_remote_server_names', 'new': 'matrix_continuwuity_config_forbidden_remote_server_names'}
- {'old': 'matrix_continuwuity_ignore_messages_from_server_names', 'new': 'matrix_continuwuity_config_ignore_messages_from_server_names'}
- {'old': 'matrix_continuwuity_prevent_media_downloads_from', 'new': 'matrix_continuwuity_config_prevent_media_downloads_from'}
- {'old': 'matrix_continuwuity_trusted_servers', 'new': 'matrix_continuwuity_config_trusted_servers'}
- {'old': 'matrix_continuwuity_url_preview_domain_contains_allowlist', 'new': 'matrix_continuwuity_config_url_preview_domain_contains_allowlist'}

@@ -7,8 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
### continuwuity Configuration ### continuwuity Configuration
### See: ### For more information, see:
### https://continuwuity.org/configuration ### https://continuwuity.org/configuration.html
[global] [global]
@@ -16,7 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# suffix for user and room IDs/aliases. # suffix for user and room IDs/aliases.
# #
# See the docs for reverse proxying and delegation: # See the docs for reverse proxying and delegation:
# https://continuwuity.org/deploying/generic#setting-up-the-reverse-proxy # https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
# #
# Also see the `[global.well_known]` config section at the very bottom. # Also see the `[global.well_known]` config section at the very bottom.
# #
@@ -27,7 +27,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE # YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
# WIPE. # WIPE.
# #
# example: "continuwuity.woof" # example: "continuwuity.org"
# #
server_name = {{ matrix_continuwuity_config_server_name | to_json }} server_name = {{ matrix_continuwuity_config_server_name | to_json }}
@@ -44,7 +44,7 @@ address = "0.0.0.0"
# The port(s) continuwuity will listen on. # The port(s) continuwuity will listen on.
# #
# For reverse proxying, see: # For reverse proxying, see:
# https://continuwuity.org/deploying/generic#setting-up-the-reverse-proxy # https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
# #
# If you are using Docker, don't change this, you'll need to map an # If you are using Docker, don't change this, you'll need to map an
# external port to this. # external port to this.
@@ -59,8 +59,9 @@ port = {{ matrix_continuwuity_config_port_number }}
# listening on a UNIX socket, you MUST remove/comment the `address` key. # listening on a UNIX socket, you MUST remove/comment the `address` key.
# #
# Remember to make sure that your reverse proxy has access to this socket # Remember to make sure that your reverse proxy has access to this socket
# file, either by adding your reverse proxy to the 'continuwuity' group or # file, either by adding your reverse proxy to the appropriate user group
# granting world R/W permissions with `unix_socket_perms` (666 minimum). # or granting world R/W permissions with `unix_socket_perms` (666
# minimum).
# #
# example: "/run/continuwuity/continuwuity.sock" # example: "/run/continuwuity/continuwuity.sock"
# #
@@ -70,8 +71,8 @@ port = {{ matrix_continuwuity_config_port_number }}
# #
#unix_socket_perms = 660 #unix_socket_perms = 660
# This is the only directory where continuwuity will save its data, including # This is the only directory where continuwuity will save its data,
# media. Note: this was previously "/var/lib/matrix-conduit". # including media. Note: this was previously "/var/lib/matrix-conduit".
# #
# YOU NEED TO EDIT THIS. # YOU NEED TO EDIT THIS.
# #
@@ -79,9 +80,9 @@ port = {{ matrix_continuwuity_config_port_number }}
# #
database_path = "/var/lib/continuwuity" database_path = "/var/lib/continuwuity"
# continuwuity supports online database backups using RocksDB's Backup engine # continuwuity supports online database backups using RocksDB's Backup
# API. To use this, set a database backup path that continuwuity can write # engine API. To use this, set a database backup path that continuwuity
# to. # can write to.
# #
# For more information, see: # For more information, see:
# https://continuwuity.org/maintenance.html#backups # https://continuwuity.org/maintenance.html#backups
@@ -108,17 +109,13 @@ database_path = "/var/lib/continuwuity"
new_user_displayname_suffix = {{ matrix_continuwuity_config_new_user_displayname_suffix | to_json }} new_user_displayname_suffix = {{ matrix_continuwuity_config_new_user_displayname_suffix | to_json }}
# If enabled, continuwuity will send a simple GET request periodically to # If enabled, continuwuity will send a simple GET request periodically to
# `https://pupbrain.dev/check-for-updates/stable` for any new # `https://continuwuity.org/.well-known/continuwuity/announcements` for any new
# announcements made. Despite the name, this is not an update check # announcements or major updates. This is not an update check endpoint.
# endpoint, it is simply an announcement check endpoint.
#
# This is disabled by default as this is rarely used except for security
# updates or major updates.
# #
allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates | to_json }} allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates | to_json }}
# Set this to any float value to multiply continuwuity's in-memory LRU caches # Set this to any float value to multiply continuwuity's in-memory LRU
# with such as "auth_chain_cache_capacity". # caches with such as "auth_chain_cache_capacity".
# #
# May be useful if you have significant memory to spare to increase # May be useful if you have significant memory to spare to increase
# performance. # performance.
@@ -190,14 +187,6 @@ allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates
# #
#servernameevent_data_cache_capacity = varies by system #servernameevent_data_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it.
#
#server_visibility_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it.
#
#user_visibility_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it. # This item is undocumented. Please contribute documentation for it.
# #
#stateinfo_cache_capacity = varies by system #stateinfo_cache_capacity = varies by system
@@ -259,7 +248,7 @@ allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates
# #
# If you are running continuwuity in a container environment, this config # If you are running continuwuity in a container environment, this config
# option may need to be enabled. For more details, see: # option may need to be enabled. For more details, see:
# https://continuwuity.org/troubleshooting#potential-dns-issues-when-using-docker # https://continuwuity.org/troubleshooting.html#potential-dns-issues-when-using-docker
# #
#query_over_tcp_only = false #query_over_tcp_only = false
@@ -372,6 +361,26 @@ max_request_size = {{ matrix_continuwuity_config_max_request_size }}
# #
#pusher_idle_timeout = 15 #pusher_idle_timeout = 15
# Maximum time to receive a request from a client (seconds).
#
#client_receive_timeout = 75
# Maximum time to process a request received from a client (seconds).
#
#client_request_timeout = 180
# Maximum time to transmit a response to a client (seconds)
#
#client_response_timeout = 120
# Grace period for clean shutdown of client requests (seconds).
#
#client_shutdown_timeout = 10
# Grace period for clean shutdown of federation requests (seconds).
#
#sender_shutdown_timeout = 5
# Enables registration. If set to false, no users can register on this # Enables registration. If set to false, no users can register on this
# server. # server.
# #
@@ -384,17 +393,27 @@ max_request_size = {{ matrix_continuwuity_config_max_request_size }}
# #
allow_registration = {{ matrix_continuwuity_config_allow_registration | to_json }} allow_registration = {{ matrix_continuwuity_config_allow_registration | to_json }}
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = {{ matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse | to_json }} # If registration is enabled, and this setting is true, new users
# registered after the first admin user will be automatically suspended
allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }} # and will require an admin to run `!admin users unsuspend <user_id>`.
# This item is undocumented. Please contribute documentation for it.
# #
#yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false # Suspended users are still able to read messages, make profile updates,
# leave rooms, and deactivate their account, however cannot send messages,
# invites, or create/join or otherwise modify rooms.
# They are effectively read-only.
#
suspend_on_register = {{ matrix_continuwuity_config_suspend_on_register | to_json }}
# Enabling this setting opens registration to anyone without restrictions.
# This makes your server vulnerable to abuse
#
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = {{ matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse | to_json }}
# A static registration token that new users will have to provide when # A static registration token that new users will have to provide when
# creating an account. If unset and `allow_registration` is true, # creating an account. If unset and `allow_registration` is true,
# registration is open without any condition. # you must set
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
# to true to allow open registration without any conditions.
# #
# YOU NEED TO EDIT THIS OR USE registration_token_file. # YOU NEED TO EDIT THIS OR USE registration_token_file.
# #
@@ -402,8 +421,9 @@ allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
# #
registration_token = {{ matrix_continuwuity_config_registration_token | to_json }} registration_token = {{ matrix_continuwuity_config_registration_token | to_json }}
# Path to a file on the system that gets read for the registration token. # Path to a file on the system that gets read for additional registration
# this config option takes precedence/priority over "registration_token". # tokens. Multiple tokens can be added if you separate them with
# whitespace
# #
# continuwuity must be able to access the file, and it must not be empty # continuwuity must be able to access the file, and it must not be empty
# #
@@ -418,12 +438,21 @@ registration_token = {{ matrix_continuwuity_config_registration_token | to_json
# Controls whether federation is allowed or not. It is not recommended to # Controls whether federation is allowed or not. It is not recommended to
# disable this after the fact due to potential federation breakage. # disable this after the fact due to potential federation breakage.
# #
#allow_federation = true allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
# This item is undocumented. Please contribute documentation for it. # Allows federation requests to be made to itself
#
# This isn't intended and is very likely a bug if federation requests are
# being sent to yourself. This currently mainly exists for development
# purposes.
# #
#federation_loopback = false #federation_loopback = false
# Always calls /forget on behalf of the user if leaving a room. This is a
# part of MSC4267 "Automatically forgetting rooms on leave"
#
#forget_forced_upon_leave = false
# Set this to true to require authentication on the normally # Set this to true to require authentication on the normally
# unauthenticated profile retrieval endpoints (GET) # unauthenticated profile retrieval endpoints (GET)
# "/_matrix/client/v3/profile/{userId}". # "/_matrix/client/v3/profile/{userId}".
@@ -501,9 +530,9 @@ registration_token = {{ matrix_continuwuity_config_registration_token | to_json
# Default room version continuwuity will create rooms with. # Default room version continuwuity will create rooms with.
# #
# Per spec, room version 10 is the default. # Per spec, room version 11 is the default.
# #
#default_room_version = 10 #default_room_version = 11
# This item is undocumented. Please contribute documentation for it. # This item is undocumented. Please contribute documentation for it.
# #
@@ -568,9 +597,9 @@ registration_token = {{ matrix_continuwuity_config_registration_token | to_json
# Currently, continuwuity doesn't support inbound batched key requests, so # Currently, continuwuity doesn't support inbound batched key requests, so
# this list should only contain other Synapse servers. # this list should only contain other Synapse servers.
# #
# example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"] # example: ["matrix.org", "tchncs.de"]
# #
trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }} trusted_servers = {{ matrix_continuwuity_config_trusted_servers | to_json }}
# Whether to query the servers listed in trusted_servers first or query # Whether to query the servers listed in trusted_servers first or query
# the origin server first. For best security, querying the origin server # the origin server first. For best security, querying the origin server
@@ -627,8 +656,9 @@ log = {{ matrix_continuwuity_config_log | to_json }}
# #
#log_span_events = "none" #log_span_events = "none"
# Configures whether continuwuity_LOG EnvFilter matches values using regular # Configures whether CONTINUWUITY_LOG EnvFilter matches values using
# expressions. See the tracing_subscriber documentation on Directives. # regular expressions. See the tracing_subscriber documentation on
# Directives.
# #
#log_filter_regex = true #log_filter_regex = true
@@ -664,13 +694,17 @@ log = {{ matrix_continuwuity_config_log | to_json }}
# ("turn_secret"), It is recommended to use a shared secret over static # ("turn_secret"), It is recommended to use a shared secret over static
# credentials. # credentials.
# #
#turn_username = false {% if matrix_continuwuity_config_turn_username != '' %}
turn_username = {{ matrix_continuwuity_config_turn_username | to_json }}
{% endif %}
# Static TURN password to provide the client if not using a shared secret # Static TURN password to provide the client if not using a shared secret
# ("turn_secret"). It is recommended to use a shared secret over static # ("turn_secret"). It is recommended to use a shared secret over static
# credentials. # credentials.
# #
#turn_password = false {% if matrix_continuwuity_config_turn_password != '' %}
turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
{% endif %}
# Vector list of TURN URIs/servers to use. # Vector list of TURN URIs/servers to use.
# #
@@ -689,18 +723,10 @@ turn_uris = {{ matrix_continuwuity_config_turn_uris | to_json }}
# This is more secure, but if needed you can use traditional static # This is more secure, but if needed you can use traditional static
# username/password credentials. # username/password credentials.
# #
#turn_secret = false
{% if matrix_continuwuity_config_turn_secret != '' %} {% if matrix_continuwuity_config_turn_secret != '' %}
turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }} turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
{% endif %} {% endif %}
# If you have your TURN server configured to use a username and password
# you can provide these information too. In this case comment out `turn_secret above`!
{% if matrix_continuwuity_config_turn_username != '' or matrix_continuwuity_config_turn_password != '' %}
turn_username = {{ matrix_continuwuity_config_turn_username | to_json }}
turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
{% endif %}
# TURN secret to use that's read from the file path specified. # TURN secret to use that's read from the file path specified.
# #
# This takes priority over "turn_secret" first, and falls back to # This takes priority over "turn_secret" first, and falls back to
@@ -714,12 +740,12 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
#turn_ttl = 86400 #turn_ttl = 86400
# List/vector of room IDs or room aliases that continuwuity will make newly # List/vector of room IDs or room aliases that continuwuity will make
# registered users join. The rooms specified must be rooms that you have # newly registered users join. The rooms specified must be rooms that you
# joined at least once on the server, and must be public. # have joined at least once on the server, and must be public.
# #
# example: ["#continuwuity:puppygock.gay", # example: ["#continuwuity:continuwuity.org",
# "!eoIzvAvVwY23LPDay8:puppygock.gay"] # "!main-1:continuwuity.org"]
# #
#auto_join_rooms = [] #auto_join_rooms = []
@@ -742,10 +768,10 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
#auto_deactivate_banned_room_attempts = false #auto_deactivate_banned_room_attempts = false
# RocksDB log level. This is not the same as continuwuity's log level. This # RocksDB log level. This is not the same as continuwuity's log level.
# is the log level for the RocksDB engine/library which show up in your # This is the log level for the RocksDB engine/library which show up in
# database folder/path as `LOG` files. continuwuity will log RocksDB errors # your database folder/path as `LOG` files. continuwuity will log RocksDB
# as normal through tracing or panics if severe for safety. # errors as normal through tracing or panics if severe for safety.
# #
#rocksdb_log_level = "error" #rocksdb_log_level = "error"
@@ -806,7 +832,7 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# Type of RocksDB database compression to use. # Type of RocksDB database compression to use.
# #
# Available options are "zstd", "zlib", "bz2", "lz4", or "none". # Available options are "zstd", "bz2", "lz4", or "none".
# #
# It is best to use ZSTD as an overall good balance between # It is best to use ZSTD as an overall good balance between
# speed/performance, storage, IO amplification, and CPU usage. For more # speed/performance, storage, IO amplification, and CPU usage. For more
@@ -827,6 +853,9 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# magic number and translated to the library's default compression level # magic number and translated to the library's default compression level
# as they all differ. See their `kDefaultCompressionLevel`. # as they all differ. See their `kDefaultCompressionLevel`.
# #
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_compression_level = 32767 #rocksdb_compression_level = 32767
# Level of compression the specified compression algorithm for the # Level of compression the specified compression algorithm for the
@@ -840,6 +869,9 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# less likely for this data to be used. Research your chosen compression # less likely for this data to be used. Research your chosen compression
# algorithm. # algorithm.
# #
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_bottommost_compression_level = 32767 #rocksdb_bottommost_compression_level = 32767
# Whether to enable RocksDB's "bottommost_compression". # Whether to enable RocksDB's "bottommost_compression".
@@ -851,7 +883,7 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
# See https://github.com/facebook/rocksdb/wiki/Compression for more details. # See https://github.com/facebook/rocksdb/wiki/Compression for more details.
# #
#rocksdb_bottommost_compression = false #rocksdb_bottommost_compression = true
# Database recovery mode (for RocksDB WAL corruption). # Database recovery mode (for RocksDB WAL corruption).
# #
@@ -878,7 +910,7 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# 0 = AbsoluteConsistency # 0 = AbsoluteConsistency
# 1 = TolerateCorruptedTailRecords (default) # 1 = TolerateCorruptedTailRecords (default)
# 2 = PointInTime (use me if trying to recover) # 2 = PointInTime (use me if trying to recover)
# 3 = SkipAnyCorruptedRecord (you now voided your continuwuity warranty) # 3 = SkipAnyCorruptedRecord (you now voided your Continuwuity warranty)
# #
# For more information on these modes, see: # For more information on these modes, see:
# https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes # https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
@@ -897,6 +929,20 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
#rocksdb_paranoid_file_checks = false #rocksdb_paranoid_file_checks = false
# Enables or disables checksum verification in rocksdb at runtime.
# Checksums are usually hardware accelerated with low overhead; they are
# enabled in rocksdb by default. Older or slower platforms may see gains
# from disabling.
#
#rocksdb_checksums = true
# Enables the "atomic flush" mode in rocksdb. This option is not intended
# for users. It may be removed or ignored in future versions. Atomic flush
# may be enabled by the paranoid to possibly improve database integrity at
# the cost of performance.
#
#rocksdb_atomic_flush = false
# Database repair mode (for RocksDB SST corruption). # Database repair mode (for RocksDB SST corruption).
# #
# Use this option when the server reports corruption while running or # Use this option when the server reports corruption while running or
@@ -934,10 +980,10 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
#rocksdb_compaction_ioprio_idle = true #rocksdb_compaction_ioprio_idle = true
# Disables RocksDB compaction. You should never ever have to set this # Enables RocksDB compaction. You should never ever have to set this
# option to true. If you for some reason find yourself needing to use this # option to false. If you for some reason find yourself needing to use
# option as part of troubleshooting or a bug, please reach out to us in # this option as part of troubleshooting or a bug, please reach out to us
# the continuwuity Matrix room with information and details. # in the continuwuity Matrix room with information and details.
# #
# Disabling compaction will lead to a significantly bloated and # Disabling compaction will lead to a significantly bloated and
# explosively large database, gradually poor performance, unnecessarily # explosively large database, gradually poor performance, unnecessarily
@@ -970,7 +1016,9 @@ turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
# #
# example: "F670$2CP@Hw8mG7RY1$%!#Ic7YA" # example: "F670$2CP@Hw8mG7RY1$%!#Ic7YA"
# #
{% if matrix_continuwuity_config_emergency_password != '' %}
emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json }} emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json }}
{% endif %}
# This item is undocumented. Please contribute documentation for it. # This item is undocumented. Please contribute documentation for it.
# #
@@ -978,8 +1026,8 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# Allow local (your server only) presence updates/requests. # Allow local (your server only) presence updates/requests.
# #
# Note that presence on continuwuity is very fast unlike Synapse's. If using # Note that presence on continuwuity is very fast unlike Synapse's. If
# outgoing presence, this MUST be enabled. # using outgoing presence, this MUST be enabled.
# #
#allow_local_presence = true #allow_local_presence = true
@@ -995,8 +1043,8 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# #
# This option sends presence updates to other servers, but does not # This option sends presence updates to other servers, but does not
# receive any unless `allow_incoming_presence` is true. Note that presence # receive any unless `allow_incoming_presence` is true. Note that presence
# on continuwuity is very fast unlike Synapse's. If using outgoing presence, # on continuwuity is very fast unlike Synapse's. If using outgoing
# you MUST enable `allow_local_presence` as well. # presence, you MUST enable `allow_local_presence` as well.
# #
#allow_outgoing_presence = true #allow_outgoing_presence = true
@@ -1115,7 +1163,7 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# Check consistency of the media directory at startup: # Check consistency of the media directory at startup:
# 1. When `media_compat_file_link` is enabled, this check will upgrade # 1. When `media_compat_file_link` is enabled, this check will upgrade
# media when switching back and forth between Conduit and continuwuity. # media when switching back and forth between Conduit and conduwuit.
# Both options must be enabled to handle this. # Both options must be enabled to handle this.
# 2. When media is deleted from the directory, this check will also delete # 2. When media is deleted from the directory, this check will also delete
# its database entry. # its database entry.
@@ -1150,27 +1198,71 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# #
#prune_missing_media = false #prune_missing_media = false
# Vector list of servers that continuwuity will refuse to download remote # List of forbidden server names via regex patterns that we will block
# media from. # incoming AND outgoing federation with, and block client room joins /
# remote user invites.
# #
#prevent_media_downloads_from = [] # Note that your messages can still make it to forbidden servers through
# backfilling. Events we receive from forbidden servers via backfill
# List of forbidden server names that we will block incoming AND outgoing # from servers we *do* federate with will be stored in the database.
# federation with, and block client room joins / remote user invites.
# #
# This check is applied on the room ID, room alias, sender server name, # This check is applied on the room ID, room alias, sender server name,
# sender user's server name, inbound federation X-Matrix origin, and # sender user's server name, inbound federation X-Matrix origin, and
# outbound federation handler. # outbound federation handler.
# #
# Basically "global" ACLs. # You can set this to ["*"] to block all servers by default, and then
# use `allowed_remote_server_names` to allow only specific servers.
# #
forbidden_remote_server_names = {{ matrix_continuwuity_forbidden_remote_server_names | to_json }} # example: ["badserver\\.tld$", "badphrase", "19dollarfortnitecards"]
#
forbidden_remote_server_names = {{ matrix_continuwuity_config_forbidden_remote_server_names | to_json }}
# List of forbidden server names that we will block all outgoing federated # List of allowed server names via regex patterns that we will allow,
# room directory requests for. Useful for preventing our users from # regardless of if they match `forbidden_remote_server_names`.
# wandering into bad servers or spaces.
# #
forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_remote_room_directory_server_names | to_json }} # This option has no effect if `forbidden_remote_server_names` is empty.
#
# example: ["goodserver\\.tld$", "goodphrase"]
#
allowed_remote_server_names = {{ matrix_continuwuity_config_allowed_remote_server_names | to_json }}
# Vector list of regex patterns of server names that continuwuity will
# refuse to download remote media from.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
prevent_media_downloads_from = {{ matrix_continuwuity_config_prevent_media_downloads_from | to_json }}
# List of forbidden server names via regex patterns that we will block all
# outgoing federated room directory requests for. Useful for preventing
# our users from wandering into bad servers or spaces.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_config_forbidden_remote_room_directory_server_names | to_json }}
# Vector list of regex patterns of server names that continuwuity will not
# send messages to the client from.
#
# Note that there is no way for clients to receive messages once a server
# has become unignored without doing a full sync. This is a protocol
# limitation with the current sync protocols. This means this is somewhat
# of a nuclear option.
#
# example: ["reallybadserver\.tld$", "reallybadphrase",
# "69dollarfortnitecards"]
#
ignore_messages_from_server_names = {{ matrix_continuwuity_config_ignore_messages_from_server_names | to_json }}
# Send messages from users that the user has ignored to the client.
#
# There is no way for clients to receive messages sent while a user was
# ignored without doing a full sync. This is a protocol limitation with
# the current sync protocols. Disabling this option will move
# responsibility of ignoring messages to the client, which can avoid this
# limitation.
#
#send_messages_from_ignored_users_to_client = false
# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
# do not want continuwuity to send outbound requests to. Defaults to # do not want continuwuity to send outbound requests to. Defaults to
@@ -1215,7 +1307,7 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# attack surface to your server, you are expected to be aware of the risks # attack surface to your server, you are expected to be aware of the risks
# by doing so. # by doing so.
# #
#url_preview_domain_contains_allowlist = [] url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_preview_domain_contains_allowlist | to_json }}
# Vector list of explicit domains allowed to send requests to for URL # Vector list of explicit domains allowed to send requests to for URL
# previews. # previews.
@@ -1279,7 +1371,7 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# used, and startup as warnings if any room aliases in your database have # used, and startup as warnings if any room aliases in your database have
# a forbidden room alias/ID. # a forbidden room alias/ID.
# #
# example: ["19dollarfortnitecards", "b[4a]droom"] # example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
# #
#forbidden_alias_names = [] #forbidden_alias_names = []
@@ -1292,7 +1384,7 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# startup as warnings if any local users in your database have a forbidden # startup as warnings if any local users in your database have a forbidden
# username. # username.
# #
# example: ["administrator", "b[a4]dusernam[3e]"] # example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
# #
#forbidden_usernames = [] #forbidden_usernames = []
@@ -1323,8 +1415,8 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# Allow admins to enter commands in rooms other than "#admins" (admin # Allow admins to enter commands in rooms other than "#admins" (admin
# room) by prefixing your message with "\!admin" or "\\!admin" followed up # room) by prefixing your message with "\!admin" or "\\!admin" followed up
# a normal continuwuity admin command. The reply will be publicly visible to # a normal continuwuity admin command. The reply will be publicly visible
# the room, originating from the sender. # to the room, originating from the sender.
# #
# example: \\!admin debug ping puppygock.gay # example: \\!admin debug ping puppygock.gay
# #
@@ -1341,8 +1433,8 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# This option can also be configured with the `--execute` continuwuity # This option can also be configured with the `--execute` continuwuity
# argument and can take standard shell commands and environment variables # argument and can take standard shell commands and environment variables
# #
# For example: `./continuwuity --execute "server admin-notice continuwuity has # For example: `./continuwuity --execute "server admin-notice continuwuity
# started up at $(date)"` # has started up at $(date)"`
# #
# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]` # example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
# #
@@ -1355,6 +1447,13 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# #
#admin_execute_errors_ignore = false #admin_execute_errors_ignore = false
# List of admin commands to execute on SIGUSR2.
#
# Similar to admin_execute, but these commands are executed when the
# server receives SIGUSR2 on supporting platforms.
#
#admin_signal_execute = []
# Controls the max log level for admin command log captures (logs # Controls the max log level for admin command log captures (logs
# generated from running admin commands). Defaults to "info" on release # generated from running admin commands). Defaults to "info" on release
# builds, else "debug" on debug builds. # builds, else "debug" on debug builds.
@@ -1364,21 +1463,20 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# The default room tag to apply on the admin room. # The default room tag to apply on the admin room.
# #
# On some clients like Element, the room tag "m.server_notice" is a # On some clients like Element, the room tag "m.server_notice" is a
# special pinned room at the very bottom of your room list. The continuwuity # special pinned room at the very bottom of your room list. The
# admin room can be pinned here so you always have an easy-to-access # continuwuity admin room can be pinned here so you always have an
# shortcut dedicated to your admin room. # easy-to-access shortcut dedicated to your admin room.
# #
#admin_room_tag = "m.server_notice" #admin_room_tag = "m.server_notice"
# Sentry.io crash/panic reporting, performance monitoring/metrics, etc. # Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
# This is NOT enabled by default. continuwuity's default Sentry reporting # This is NOT enabled by default.
# endpoint domain is `o4506996327251968.ingest.us.sentry.io`.
# #
#sentry = false #sentry = false
# Sentry reporting URL, if a custom one is desired. # Sentry reporting URL, if a custom one is desired.
# #
#sentry_endpoint = "https://fe2eb4536aa04949e28eff3128d64757@o4506996327251968.ingest.us.sentry.io/4506996334657536" #sentry_endpoint = ""
# Report your continuwuity server_name in Sentry.io crash reports and # Report your continuwuity server_name in Sentry.io crash reports and
# metrics. # metrics.
@@ -1512,6 +1610,34 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# #
#sender_workers = 0 #sender_workers = 0
# Enables listener sockets; can be set to false to disable listening. This
# option is intended for developer/diagnostic purposes only.
#
#listening = true
# Enables configuration reload when the server receives SIGUSR1 on
# supporting platforms.
#
#config_reload_signal = true
[global.tls]
# Path to a valid TLS certificate file.
#
# example: "/path/to/my/certificate.crt"
#
#certs =
# Path to a valid TLS certificate private key.
#
# example: "/path/to/my/certificate.key"
#
#key =
# Whether to listen and allow for HTTP and HTTPS connections (insecure!)
#
#dual_protocol = false
[global.well_known] [global.well_known]
# The server URL that the client well-known file will serve. This should # The server URL that the client well-known file will serve. This should
@@ -1529,18 +1655,46 @@ forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_
# #
#server = #server =
# This item is undocumented. Please contribute documentation for it. # URL to a support page for the server, which will be served as part of
# the MSC1929 server support endpoint at /.well-known/matrix/support.
# Will be included alongside any contact information
# #
#support_page = #support_page =
# This item is undocumented. Please contribute documentation for it. # Role string for server support contacts, to be served as part of the
# MSC1929 server support endpoint at /.well-known/matrix/support.
# #
#support_role = #support_role = "m.role.admin"
# This item is undocumented. Please contribute documentation for it. # Email address for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_mxid if specified.
# #
#support_email = #support_email =
# This item is undocumented. Please contribute documentation for it. # Matrix ID for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_email if specified.
#
# If no email or mxid is specified, all of the server's admins will be
# listed.
# #
#support_mxid = #support_mxid =
[global.blurhashing]
# blurhashing x component, 4 is recommended by https://blurha.sh/
#
#components_x = 4
# blurhashing y component, 3 is recommended by https://blurha.sh/
#
#components_y = 3
# Max raw size that the server will blurhash, this is the size of the
# image after converting it to raw data, it should be higher than the
# upload limit but not too high. The higher it is the higher the
# potential load will be for clients requesting blurhashes. The default
# is 33.55MB. Setting it to 0 disables blurhashing.
#
#blurhash_max_raw_size = 33554432

@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}" matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.12.2 matrix_element_call_version: v0.13.1
matrix_element_call_scheme: https matrix_element_call_scheme: https

@@ -24,7 +24,7 @@
matrix_synapse_reverse_proxy_companion_enabled: true matrix_synapse_reverse_proxy_companion_enabled: true
# renovate: datasource=docker depName=nginx # renovate: datasource=docker depName=nginx
matrix_synapse_reverse_proxy_companion_version: 1.28.0-alpine matrix_synapse_reverse_proxy_companion_version: 1.29.0-alpine
matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
matrix_synapse_github_org_and_repo: element-hq/synapse matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.132.0 matrix_synapse_version: v1.133.0
matrix_synapse_username: '' matrix_synapse_username: ''
matrix_synapse_uid: '' matrix_synapse_uid: ''
@@ -1417,7 +1417,7 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config:
matrix_synapse_ext_synapse_http_antispam_enabled: false matrix_synapse_ext_synapse_http_antispam_enabled: false
matrix_synapse_ext_synapse_http_antispam_git_repository_url: "https://github.com/maunium/synapse-http-antispam" matrix_synapse_ext_synapse_http_antispam_git_repository_url: "https://github.com/maunium/synapse-http-antispam"
# renovate: datasource=github-releases depName=maunium/synapse-http-antispam # renovate: datasource=github-releases depName=maunium/synapse-http-antispam
matrix_synapse_ext_synapse_http_antispam_git_version: "v0.4.0" matrix_synapse_ext_synapse_http_antispam_git_version: "v0.5.0"
# Where Synapse can locate the consumer of the antispam API. Currently # Where Synapse can locate the consumer of the antispam API. Currently
# Draupnir is the only consumer of this API that is playbook supported. # Draupnir is the only consumer of this API that is playbook supported.
# But https://github.com/maunium/meowlnir also supports the API. # But https://github.com/maunium/meowlnir also supports the API.
@@ -1426,6 +1426,10 @@ matrix_synapse_ext_synapse_http_antispam_config_base_url: ''
# homeserver a lot like how AS authentication is done. This is fully managed # homeserver a lot like how AS authentication is done. This is fully managed
# the same way AS authentication is by the playbook. # the same way AS authentication is by the playbook.
matrix_synapse_ext_synapse_http_antispam_config_authorization: '' matrix_synapse_ext_synapse_http_antispam_config_authorization: ''
# This controls if the module will ping the consumer or not for ease of troubleshooting. This defaults
# to enabled to help assure users that the connection is working.
# Due to that its only a single log line per worker per startup this default is deemed acceptable.
matrix_synapse_ext_synapse_http_antispam_config_do_ping: true
# This controls what callbacks are activated. This list is fully dependent on what consumer is in play. # This controls what callbacks are activated. This list is fully dependent on what consumer is in play.
# And what capabilities said consumer should or shouldn't have. There are also performance implications # And what capabilities said consumer should or shouldn't have. There are also performance implications
# to these choices. # to these choices.
@@ -1440,6 +1444,7 @@ matrix_synapse_ext_synapse_http_antispam_config: "{{ matrix_synapse_ext_synapse_
matrix_synapse_ext_synapse_http_antispam_config_yaml: | matrix_synapse_ext_synapse_http_antispam_config_yaml: |
base_url: {{ matrix_synapse_ext_synapse_http_antispam_config_base_url | to_json }} base_url: {{ matrix_synapse_ext_synapse_http_antispam_config_base_url | to_json }}
authorization: {{ matrix_synapse_ext_synapse_http_antispam_config_authorization | to_json }} authorization: {{ matrix_synapse_ext_synapse_http_antispam_config_authorization | to_json }}
do_ping: {{ matrix_synapse_ext_synapse_http_antispam_config_do_ping | to_json }}
enabled_callbacks: {{ matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks | to_json }} enabled_callbacks: {{ matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks | to_json }}
fail_open: {{ matrix_synapse_ext_synapse_http_antispam_config_fail_open | to_json }} fail_open: {{ matrix_synapse_ext_synapse_http_antispam_config_fail_open | to_json }}
async: {{ matrix_synapse_ext_synapse_http_antispam_config_async | to_json }} async: {{ matrix_synapse_ext_synapse_http_antispam_config_async | to_json }}

Binary file not shown.

After

(image error) Size: 188 KiB

Binary file not shown.

After

(image error) Size: 2.1 MiB

Binary file not shown.

After

(image error) Size: 747 KiB

Binary file not shown.

After

(image error) Size: 188 KiB

Binary file not shown.

After

(image error) Size: 2.1 MiB

@@ -165,3 +165,4 @@
- install-all - install-all
- role: galaxy/playbook_runtime_messages - role: galaxy/playbook_runtime_messages

106
templates/Caddyfile.j2 Normal file

@@ -0,0 +1,106 @@
https://{{ matrix_server_fqn_matrix }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
basicauth /metrics/* bcrypt monitoring {
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
}
route /metrics/synapse {
uri replace /metrics/synapse /metrics/synapse/main-process
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/appservice {
uri replace /metrics/synapse/worker/appservice /metrics/synapse/worker/appservice-0
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-0 {
uri replace /metrics/synapse/worker/federation-sender-0 /metrics/synapse/worker/federation-sender-0
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-1 {
uri replace /metrics/synapse/worker/federation-sender-1 /metrics/synapse/worker/federation-sender-1
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-2 {
uri replace /metrics/synapse/worker/federation-sender-2 /metrics/synapse/worker/federation-sender-2
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-0 {
uri replace /metrics/synapse/worker/generic-0 /metrics/synapse/worker/generic-worker-0
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-1 {
uri replace /metrics/synapse/worker/generic-1 /metrics/synapse/worker/generic-worker-1
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-0 {
uri replace /metrics/synapse/worker/media-0 /metrics/synapse/worker/media-repository-0
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-1 {
uri replace /metrics/synapse/worker/media-1 /metrics/synapse/worker/media-repository-1
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/bridge/* {
uri strip_prefix /metrics/bridge
route /mautrix-telegram {
uri replace /mautrix-telegram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
}
route /mautrix-whatsapp {
uri replace /mautrix-whatsapp /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
}
route /mautrix-signal {
uri replace /mautrix-signal /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-instagram {
uri replace /mx-puppet-instagram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-discord {
uri replace /mx-puppet-discord /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-slack {
uri replace /mx-puppet-slack /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
}
}
reverse_proxy /_matrix/federation/* http://{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port }}
reverse_proxy /_matrix/key/* http://{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port }}
reverse_proxy * http://{{ devture_traefik_container_web_host_bind_port }}
}
https://{{ matrix_server_fqn_dimension }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_server_fqn_element }} {
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_domain }}/.well-known/matrix/* {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
route {
uri strip_prefix /.well-known/matrix
root * /matrix_static
file_server
}
header {
Content-Type "application/json"
X-Content-Type-Options "nosniff"
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
}