feat: add automatic creation of reverse-proxy routing

Fixed self-build functionality for mautrix-signal

docs/configuring-dns.md

@@ -68,4 +68,4 @@ This is an optional feature. See [ma1sd's documentation](https://github.com/ma1u
 
 Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
 
-When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).
+When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md).

docs/configuring-playbook-synapse.md

@@ -56,7 +56,7 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
 
 If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
 
-In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
+In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
 
 ```
  - idp_id: keycloak
@@ -70,7 +70,7 @@ In case you encounter errors regarding the parsing of the variables, you can try
         userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
         user_mapping_provider:
           config:
-            display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
+            display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}"
-            email_template: "{%raw}{{ user.email }}{% endraw %}"
+            email_template: "{% raw %}{{ user.email }}{% endraw %}"
 ```
 

docs/maintenance-synapse.md

@@ -14,7 +14,7 @@ Table of contents:
 
 ## Purging old data with the Purge History API
 
-You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
+You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
 
 To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
 Alternatively, you can log in and obtain a new access token like this:
@@ -27,7 +27,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login
 
 Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.
 
-Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions.
+Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions.
 
 After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql).
 

docs/self-building.md

@@ -26,6 +26,7 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-bridge-mautrix-hangouts`
 - `matrix-bridge-mautrix-telegram`
 - `matrix-bridge-mx-puppet-skype`
+- `matrix-bot-mjolnir`
 
 Adding self-building support to other roles is welcome. Feel free to contribute!
 

examples/apache/matrix-synapse.conf

@@ -32,6 +32,7 @@
 	ProxyPreserveHost On
 	ProxyRequests Off
 	ProxyVia On
+	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
 
 	# Keep some URIs free for different proxy/location
 	ProxyPassMatch ^/.well-known/matrix/client !
@@ -45,6 +46,14 @@
 	ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
 	ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client retry=0 nocanon
 	ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
+	
+	# Proxy Admin API (necessary for Synapse-Admin)
+	# ProxyPass /_synapse/admin http://127.0.0.1:8008/_synapse/admin retry=0 nocanon
+	# ProxyPassReverse /_synapse/admin http://127.0.0.1:8008/_synapse/admin
+	
+	# Proxy Synapse-Admin
+	# ProxyPass /synapse-admin http://127.0.0.1:8766 retry=0 nocanon
+	# ProxyPassReverse /synapse-admin http://127.0.0.1:8766
 
 	# Map /.well-known/matrix/client for client discovery
 	Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
@@ -111,6 +120,7 @@ Listen 8448
 	ProxyPreserveHost On
 	ProxyRequests Off
 	ProxyVia On
+	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
 
 	# Proxy all remaining traffic to the Synapse port
 	# Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1

group_vars/matrix_servers

@@ -374,13 +374,15 @@ matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provi
 matrix_mautrix_signal_database_engine: 'postgres'
 matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
 
+matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+matrix_mautrix_signal_daemon_container_self_build: "{{ matrix_architecture != 'amd64' }}"
+
 ######################################################################
 #
 # /matrix-bridge-mautrix-signal
 #
 ######################################################################
 
-
 ######################################################################
 #
 # matrix-bridge-mautrix-telegram
@@ -392,6 +394,8 @@ matrix_mautrix_telegram_enabled: false
 
 # Images are multi-arch (amd64 and arm64, but not arm32).
 matrix_mautrix_telegram_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+matrix_telegram_lottieconverter_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+matrix_telegram_lottieconverter_container_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
 
 matrix_mautrix_telegram_systemd_required_services_list: |
   {{
@@ -851,6 +855,8 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en
 # We don't enable bots by default.
 matrix_bot_mjolnir_enabled: false
 
+matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+
 matrix_bot_mjolnir_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -1472,7 +1478,7 @@ matrix_postgres_additional_databases: |
       'username': matrix_prometheus_postgres_exporter_database_username,
       'password': matrix_prometheus_postgres_exporter_database_password,
     }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else [])
-   
+
    }}
 
 matrix_postgres_import_roles_to_ignore: |
@@ -1669,16 +1675,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
 
 # Even if TURN doesn't support TLS (it does by default),
 # it doesn't hurt to try a secure connection anyway.
+#
+# When Let's Encrypt certificates are used (the default case),
+# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them.
+# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
 matrix_synapse_turn_uris: |
   {{
+    []
+    +
     [
       'turns:' + matrix_server_fqn_matrix + '?transport=udp',
       'turns:' + matrix_server_fqn_matrix + '?transport=tcp',
+    ] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else []
+    +
+    [
       'turn:' + matrix_server_fqn_matrix + '?transport=udp',
       'turn:' + matrix_server_fqn_matrix + '?transport=tcp',
-    ]
+    ] if matrix_coturn_enabled else []
-    if matrix_coturn_enabled
-    else []
   }}
 
 matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
@@ -1768,6 +1781,7 @@ matrix_prometheus_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en
 
 matrix_prometheus_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
 matrix_prometheus_scraper_synapse_targets: ['matrix-synapse:{{ matrix_synapse_metrics_port }}']
+matrix_prometheus_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
 matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
 
 matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enabled }}"

inventory/scripts/jitsi-generate-passwords.sh

@@ -11,7 +11,6 @@ echo "# Install it before using this script, or simply create your own passwords
 
 echo ""
 
-JICOFO_COMPONENT_SECRET=$(generatePassword)
 JICOFO_AUTH_PASSWORD=$(generatePassword)
 JVB_AUTH_PASSWORD=$(generatePassword)
 JIBRI_RECORDER_PASSWORD=$(generatePassword)
@@ -19,7 +18,6 @@ JIBRI_XMPP_PASSWORD=$(generatePassword)
 
 echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
 echo ""
-echo "matrix_jitsi_jicofo_component_secret: "$JICOFO_COMPONENT_SECRET
 echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD
 echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD
 echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD

roles/matrix-awx/surveys/backup_server.json.j2

@@ -16,4 +16,3 @@
     }
   ]
 }
-

roles/matrix-awx/tasks/customise_website_access_export.yml

@@ -128,18 +128,13 @@
     validate_certs: yes
   when: customise_base_domain_website is undefined
 
-- name: Ensure group "sftp" exists
-  group:
-    name: sftp
-    state: present
-
 - name: If user doesn't define a sftp_password, create a disabled 'sftp' account
   user:
     name: sftp
     comment: SFTP user to set custom web files and access servers export
     shell: /bin/false
     home: /home/sftp
-    group: sftp
+    group: matrix
     password: '*'
     update_password: always
   when: sftp_password|length == 0
@@ -150,15 +145,20 @@
     comment: SFTP user to set custom web files and access servers export
     shell: /bin/false
     home: /home/sftp
-    group: sftp
+    group: matrix
     password: "{{ sftp_password | password_hash('sha512') }}"
     update_password: always
   when: sftp_password|length > 0
 
+- name: Ensure group "sftp" exists
+  group:
+    name: sftp
+    state: present
+
 - name: adding existing user 'sftp' to group matrix
   user:
     name: sftp
-    groups: matrix
+    groups: sftp
     append: yes
   when: customise_base_domain_website is defined
 
@@ -214,14 +214,14 @@
     group: sftp
     mode: '0644'
   when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
-
+    
-- name: Alter SSH Subsystem State 1
+- name: Remove any existing Subsystem lines
   lineinfile:
     path: /etc/ssh/sshd_config
-    line: "Subsystem sftp	/usr/lib/openssh/sftp-server"
     state: absent
+    regexp: '^Subsystem'
 
-- name: Alter SSH Subsystem State 2
+- name: Set SSH Subsystem State
   lineinfile:
     path: /etc/ssh/sshd_config
     insertafter: "^# override default of no subsystems"

roles/matrix-awx/tasks/purge_media_local.yml

@@ -6,7 +6,7 @@
 
 - name: Purge local media to specific date
   shell: |
-    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
+    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
   register: purge_command
   
 - name: Print output of purge command

roles/matrix-awx/tasks/purge_media_main.yml

@@ -17,15 +17,16 @@
     - jq
     state: present
 
-- name: Collect access token for janitor user
-  shell: |
-    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
-  register: janitors_token
-  
 - name: Collect the internal IP of the matrix-synapse container
   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
   register: synapse_container_ip
-    
+
+- name: Collect access token for janitor user
+  shell: |
+    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
+  register: janitors_token
+  no_log: True
+
 - name: Generate list of dates to purge to
   delegate_to: 127.0.0.1
   shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"

roles/matrix-awx/tasks/purge_media_remote.yml

@@ -6,7 +6,7 @@
 
 - name: Purge remote media to specific date
   shell: |
-    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
+    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
   register: purge_command
   
 - name: Print output of purge command

roles/matrix-awx/tasks/set_variables_synapse.yml

@@ -1,13 +1,13 @@
 
-- name: Limit max upload size to 100MB part 1
+- name: Limit max upload size to 200MB part 1
   set_fact:
-    matrix_synapse_max_upload_size_mb: "100"
+    matrix_synapse_max_upload_size_mb: "200"
-  when: matrix_synapse_max_upload_size_mb_raw|int >= 100
+  when: matrix_synapse_max_upload_size_mb_raw|int >= 200
 
-- name: Limit max upload size to 100MB part 2
+- name: Limit max upload size to 200MB part 2
   set_fact:
     matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
-  when: matrix_synapse_max_upload_size_mb_raw|int < 100
+  when: matrix_synapse_max_upload_size_mb_raw|int < 200
 
 - name: Record Synapse variables locally on AWX
   delegate_to: 127.0.0.1
@@ -66,7 +66,7 @@
   delegate_to: 127.0.0.1
   lineinfile:
     path: '{{ awx_cached_matrix_vars }}'
-    regexp: "{{ item }}:"
+    regexp: "{{ item }}"
     line: "{{ item }}"
     insertbefore: '# Synapse Extension End'
   with_items:
@@ -78,7 +78,7 @@
   delegate_to: 127.0.0.1
   lineinfile:
     path: '{{ awx_cached_matrix_vars }}'
-    regexp: "{{ item }}:"
+    regexp: "{{ item }}"
     line: "{{ item }}"
     insertbefore: '# Synapse Extension End'
     state: absent

roles/matrix-base/defaults/main.yml

@@ -11,6 +11,9 @@ matrix_domain: ~
 # This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
 
+# This is where you access federation API.
+matrix_server_fqn_matrix_federation: '{{ matrix_server_fqn_matrix }}'
+
 # This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
 # This and the Matrix FQN (see above) are expected to be on the same server.
 matrix_server_fqn_element: "element.{{ matrix_domain }}"

roles/matrix-base/templates/static-files/well-known/matrix-server.j2

@@ -1,4 +1,4 @@
 #jinja2: lstrip_blocks: "True"
 {
-	"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
+	"m.server": "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 }

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -2,7 +2,7 @@
 # See: https://github.com/anoadragon453/matrix-reminder-bot
 
 matrix_bot_matrix_reminder_bot_enabled: true
-matrix_bot_matrix_reminder_bot_version: release-v0.2.0
+matrix_bot_matrix_reminder_bot_version: release-v0.2.1
 matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_container_global_registry_prefix }}anoa/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
 matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
 

roles/matrix-bot-mjolnir/defaults/main.yml

@@ -2,13 +2,21 @@
 # See: https://github.com/matrix-org/mjolnir
 
 matrix_bot_mjolnir_enabled: true
-matrix_bot_mjolnir_version: "v0.1.17"
+
-matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
+matrix_bot_mjolnir_version: "v0.1.18"
+
+matrix_bot_mjolnir_container_image_self_build: false
+matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
+
+matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
+matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
+
 matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
 
 matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
 matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
 matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
+matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
 
 # A list of extra arguments to pass to the container
 matrix_bot_mjolnir_container_extra_arguments: []

roles/matrix-bot-mjolnir/tasks/init.yml

@@ -1,3 +1,10 @@
+# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
+# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
+- name: Fail if trying to self-build on Ansible < 2.8
+  fail:
+    msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled"
+
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
   when: matrix_bot_mjolnir_enabled|bool

roles/matrix-bot-mjolnir/tasks/setup_install.yml

@@ -14,14 +14,36 @@
     - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true }
     - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true }
     - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true }
+    - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" }
   when: "item.when|bool"
 
-- name: Ensure mjolnir image is pulled
+- name: Ensure mjolnir Docker image is pulled
   docker_image:
     name: "{{ matrix_bot_mjolnir_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
+  when: "not matrix_bot_mjolnir_container_image_self_build|bool"
+
+- name: Ensure mjolnir repository is present on self-build
+  git:
+    repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
+    dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
+    version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
+    force: "yes"
+  register: matrix_bot_mjolnir_git_pull_results
+  when: "matrix_bot_mjolnir_container_image_self_build|bool"
+
+- name: Ensure mjolnir Docker image is built
+  docker_image:
+    name: "{{ matrix_bot_mjolnir_docker_image }}"
+    source: build
+    force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_bot_mjolnir_container_image_self_build|bool"
 
 - name: Ensure matrix-bot-mjolnir config installed
   copy:

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
   when: matrix_mautrix_facebook_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Mautrix Facebook image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build"

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -67,10 +67,3 @@
       URL endpoint to the matrix-mautrix-hangouts container.
       You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
   when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Mautrix Hangouts image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build"

roles/matrix-bridge-mautrix-instagram/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mautrix-instagram-registration.yaml"] }}
   when: matrix_mautrix_instagram_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Mautrix instagram image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build"

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -3,12 +3,20 @@
 
 matrix_mautrix_signal_enabled: true
 
+matrix_mautrix_signal_container_self_build: false
+matrix_mautrix_signal_docker_repo: "https://mau.dev/tulir/mautrix-signal.git"
+matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
+
 matrix_mautrix_signal_version: latest
 matrix_mautrix_signal_daemon_version: latest
 # See: https://mau.dev/tulir/mautrix-signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
 
+matrix_mautrix_signal_daemon_container_self_build: false
+matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
+matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
+
 matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
 matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml

@@ -14,7 +14,29 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
-  when: matrix_mautrix_signal_enabled|bool
+  when: "matrix_mautrix_signal_enabled|bool and not matrix_mautrix_signal_container_self_build|bool"
+
+
+- name: Ensure Mautrix Signal repository is present on self-build
+  git:
+    repo: "{{ matrix_mautrix_signal_docker_repo }}"
+    dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
+    force: "yes"
+  register: matrix_mautrix_signal_git_pull_results
+  when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_container_self_build|bool"
+
+- name: Ensure Mautrix Signal image is built
+  docker_image:
+    name: "{{ matrix_mautrix_signal_docker_image }}"
+    source: build
+    force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_signal_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_container_self_build|bool"
+  
 
 - name: Ensure Mautrix Signal Daemon image is pulled
   docker_image:
@@ -22,7 +44,28 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
-  when: matrix_mautrix_signal_enabled|bool
+  when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool
+  register: matrix_mautrix_signal_daemon_pull_results
+
+- name: Ensure Mautrix Signal Daemon repository is present on self-build
+  git:
+    repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}"
+    dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
+    force: "yes"
+  register: matrix_mautrix_signal_daemon_git_pull_results
+  when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_daemon_container_self_build|bool"
+
+- name: Ensure Mautrix Signal Daemon image is built
+  docker_image:
+    name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
+    source: build
+    force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_daemon_container_self_build|bool"
 
 - name: Ensure Mautrix Signal paths exist
   file:

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -3,6 +3,12 @@
 
 matrix_mautrix_telegram_enabled: true
 
+matrix_telegram_lottieconverter_container_self_build: false
+matrix_telegram_lottieconverter_container_self_build_mask_arch: false
+matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
+matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+
 matrix_mautrix_telegram_container_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -56,6 +56,26 @@
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}"
   when: "not matrix_mautrix_telegram_container_self_build|bool"
 
+- name: Ensure lottieconverter is present when self-building
+  git:
+    repo: "{{ matrix_telegram_lottieconverter_docker_repo }}"
+    dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
+    force: "yes"
+  register: matrix_telegram_lottieconverter_git_pull_results
+  when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_mautrix_telegram_container_self_build|bool"
+
+- name: Ensure lottieconverter Docker image is built
+  docker_image:
+    name: "{{ matrix_telegram_lottieconverter_docker_image }}"
+    source: build
+    force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_telegram_lottieconverter_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_self_build|bool"
+
 - name: Ensure matrix-mautrix-telegram repository is present when self-building
   git:
     repo: "{{ matrix_mautrix_telegram_docker_repo }}"
@@ -73,7 +93,9 @@
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
-      pull: yes
+      pull: "{{ not matrix_telegram_lottieconverter_container_self_build_mask_arch|bool }}"
+      args:
+        TARGETARCH: ""
   when: "matrix_mautrix_telegram_container_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed"
 
 - name: Check if an old database file already exists

roles/matrix-bridge-mx-puppet-discord/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
   when: matrix_mx_puppet_discord_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"

roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
   when: matrix_mx_puppet_groupme_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"

roles/matrix-bridge-mx-puppet-skype/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
   when: matrix_mx_puppet_skype_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Skype image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build"

roles/matrix-bridge-mx-puppet-slack/tasks/init.yml

@@ -68,10 +68,3 @@
       URL endpoint to the matrix-mx-puppet-slack container.
       You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
   when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"

roles/matrix-bridge-mx-puppet-steam/tasks/init.yml

@@ -21,10 +21,3 @@
       +
       {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
   when: matrix_mx_puppet_steam_enabled|bool
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"

roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml

@@ -68,10 +68,3 @@
       URL endpoint to the matrix-mx-puppet-twitter container.
       You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
   when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
-
-# ansible lower than 2.8, does not support docker_image build parameters
-# for self building it is explicitly needed, so we rather fail here
-- name: Fail if running on Ansible lower than 2.8 and trying self building
-  fail:
-    msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"

roles/matrix-client-element/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.7.31
+matrix_client_element_version: v1.7.33
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.2.0
+matrix_client_hydrogen_version: v0.2.3
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-corporal/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.1.0
+matrix_corporal_version: 2.1.1
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

roles/matrix-coturn/defaults/main.yml

@@ -2,7 +2,7 @@ matrix_coturn_enabled: true
 
 matrix_coturn_container_image_self_build: false
 matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
-matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2"
+matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
 matrix_coturn_version: 4.5.2-r2

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.0.3
+matrix_grafana_version: 8.0.6
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-jitsi/defaults/main.yml

@@ -32,8 +32,8 @@ matrix_jitsi_ldap_start_tls: false
 
 matrix_jitsi_timezone: UTC
 
-matrix_jitsi_xmpp_domain: matrix-jitsi-web
+matrix_jitsi_xmpp_domain: meet.jitsi
-matrix_jitsi_xmpp_server: matrix-jitsi-prosody
+matrix_jitsi_xmpp_server: xmpp.meet.jitsi
 matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
 matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
 matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
@@ -53,7 +53,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-5765-1
+matrix_jitsi_version: stable-5963
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

roles/matrix-jitsi/tasks/validate_config.yml

@@ -16,7 +16,6 @@
   with_items:
     - "matrix_jitsi_jibri_xmpp_password"
     - "matrix_jitsi_jibri_recorder_password"
-    - "matrix_jitsi_jicofo_component_secret"
     - "matrix_jitsi_jicofo_auth_password"
     - "matrix_jitsi_jvb_auth_password"
 

roles/matrix-jitsi/templates/jicofo/env.j2

@@ -1,17 +1,34 @@
-ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+AUTH_TYPE={{ matrix_jitsi_auth_type }}
-
+BRIDGE_AVG_PARTICIPANT_STRESS
+BRIDGE_STRESS_THRESHOLD
+ENABLE_AUTH
+ENABLE_AUTO_OWNER
+ENABLE_CODEC_VP8
+ENABLE_CODEC_VP9
+ENABLE_CODEC_H264
+ENABLE_OCTO
+ENABLE_RECORDING
+ENABLE_SCTP
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
+JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
+JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
+JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
+JICOFO_ENABLE_HEALTH_CHECKS
+JICOFO_SHORT_ID
+JICOFO_RESERVATION_ENABLED
+JICOFO_RESERVATION_REST_BASE_URL
+JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+JIBRI_REQUEST_RETRIES
+JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+JIGASI_BREWERY_MUC
+JIGASI_SIP_URI
+JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
+MAX_BRIDGE_PARTICIPANTS
+OCTO_BRIDGE_SELECTION_STRATEGY
+TZ={{ matrix_jitsi_timezone }}
 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
 XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
-
-JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
-JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
-JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
-
-JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
-
-JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
-JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
-
-TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/jvb/env.j2

@@ -1,20 +1,25 @@
-JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
+ENABLE_COLIBRI_WEBSOCKET
-JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
+ENABLE_OCTO
-JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
+DOCKER_HOST_ADDRESS
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
 JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
 JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
 JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
-
+JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
-XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
+JVB_TCP_HARVESTER_DISABLED=true
-XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
-XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
+JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
-
-HOSTNAME=matrix-jitsi-jvb
-
 {% if matrix_jitsi_jvb_stun_servers|length > 0 %}
 JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
 {% endif %}
-
+JVB_ENABLE_APIS
+JVB_WS_DOMAIN
+JVB_WS_SERVER_ID
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
-
+JVB_OCTO_BIND_ADDRESS
-{{ matrix_jitsi_jvb_environment_variables_extension }}
+JVB_OCTO_PUBLIC_ADDRESS
+JVB_OCTO_BIND_PORT
+JVB_OCTO_REGION
+TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2

@@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
+			--network-alias=jvb.meet.jitsi \
 			--env-file={{ matrix_jitsi_jvb_base_path }}/env \
 			{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
 			-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \

roles/matrix-jitsi/templates/prosody/env.j2

@@ -1,10 +1,10 @@
 AUTH_TYPE={{ matrix_jitsi_auth_type }}
-
 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
-
+ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
-PUBLIC_URL={{ matrix_jitsi_web_public_url }}
+ENABLE_XMPP_WEBSOCKET
-
+GLOBAL_MODULES
+GLOBAL_CONFIG
 LDAP_URL={{ matrix_jitsi_ldap_url }}
 LDAP_BASE={{ matrix_jitsi_ldap_base }}
 LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
@@ -18,32 +18,34 @@ LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
 LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
 LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
 LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
-
 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
 XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
-
 XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
 XMPP_MUC_MODULES=
 XMPP_INTERNAL_MUC_MODULES=
-
 XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
-
+XMPP_CROSS_DOMAIN=true
-JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
 JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
 JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
-
 JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
 JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
-
+JIGASI_XMPP_USER=
+JIGASI_XMPP_PASSWORD=
 JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
 JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
-
 JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
 JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
-
+JWT_APP_ID
-ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
+JWT_APP_SECRET
-
+JWT_ACCEPTED_ISSUERS
+JWT_ACCEPTED_AUDIENCES
+JWT_ASAP_KEYSERVER
+JWT_ALLOW_EMPTY
+JWT_AUTH_TYPE
+JWT_TOKEN_AUTH_MODULE
+LOG_LEVEL
+PUBLIC_URL={{ matrix_jitsi_web_public_url }}
 TZ={{ matrix_jitsi_timezone }}

roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2

@@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
+			--network-alias={{ matrix_jitsi_xmpp_server }} \
 			{% if matrix_jitsi_prosody_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
 			{% endif %}

roles/matrix-jitsi/templates/web/env.j2

@@ -1,42 +1,94 @@
-ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_COLIBRI_WEBSOCKET
-ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+ENABLE_FLOC=0
-
+ENABLE_LETSENCRYPT=0
-ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
+ENABLE_HTTP_REDIRECT=0
-
+ENABLE_HSTS=0
-ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
+ENABLE_XMPP_WEBSOCKET
-
+DISABLE_HTTPS=0
-DISABLE_HTTPS=1
+DISABLE_DEEP_LINKING
-
+LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
-JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
-
+LETSENCRYPT_USE_STAGING=0
 PUBLIC_URL={{ matrix_jitsi_web_public_url }}
-
-XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
-XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
-XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
-XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
-XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
-XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
-
 TZ={{ matrix_jitsi_timezone }}
-
+AMPLITUDE_ID
-JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
+ANALYTICS_SCRIPT_URLS
-JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
+ANALYTICS_WHITELISTED_EVENTS
-JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
+CALLSTATS_CUSTOM_SCRIPT_URL
-JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
+CALLSTATS_ID
-JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
+CALLSTATS_SECRET
-JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
+CHROME_EXTENSION_BANNER_JSON
-
+CONFCODE_URL
+CONFIG_EXTERNAL_CONNECT
+DEFAULT_LANGUAGE
+DEPLOYMENTINFO_ENVIRONMENT
+DEPLOYMENTINFO_ENVIRONMENT_TYPE
+DEPLOYMENTINFO_REGION
+DEPLOYMENTINFO_SHARD
+DEPLOYMENTINFO_USERREGION
+DIALIN_NUMBERS_URL
+DIALOUT_AUTH_URL
+DIALOUT_CODES_URL
+DROPBOX_APPKEY
+DROPBOX_REDIRECT_URI
+DYNAMIC_BRANDING_URL
+ENABLE_AUDIO_PROCESSING
+ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
+ENABLE_CALENDAR
+ENABLE_FILE_RECORDING_SERVICE
+ENABLE_FILE_RECORDING_SERVICE_SHARING
+ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
+ENABLE_IPV6
+ENABLE_LIPSYNC
+ENABLE_NO_AUDIO_DETECTION
+ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
+ENABLE_PREJOIN_PAGE
+ENABLE_WELCOME_PAGE
+ENABLE_CLOSE_PAGE
 ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
-
+ENABLE_REMB
+ENABLE_REQUIRE_DISPLAY_NAME
+ENABLE_SIMULCAST
+ENABLE_STATS_ID
+ENABLE_STEREO
+ENABLE_SUBDOMAINS
+ENABLE_TALK_WHILE_MUTED
+ENABLE_TCC
+ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
+ETHERPAD_PUBLIC_URL
+ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
+GOOGLE_ANALYTICS_ID
+GOOGLE_API_APP_CLIENT_ID
+INVITE_SERVICE_URL
+JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
+MATOMO_ENDPOINT
+MATOMO_SITE_ID
+MICROSOFT_API_APP_CLIENT_ID
+NGINX_RESOLVER
+NGINX_WORKER_PROCESSES
+NGINX_WORKER_CONNECTIONS
+PEOPLE_SEARCH_URL
 RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
 RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
 RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
 RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
-
+START_AUDIO_ONLY
 START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
+START_WITH_AUDIO_MUTED
+START_SILENT
+DISABLE_AUDIO_LEVELS
+ENABLE_NOISY_MIC_DETECTION
+START_BITRATE
+DESKTOP_SHARING_FRAMERATE_MIN
+DESKTOP_SHARING_FRAMERATE_MAX
 START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
-
+START_WITH_VIDEO_MUTED
-ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
+TESTING_CAP_SCREENSHARE_BITRATE
-
+TESTING_OCTO_PROBABILITY
-{{ matrix_jitsi_web_environment_variables_extension }}
+XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
+XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
+XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
+XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
+XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
+XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
+TOKEN_AUTH_URL

roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2

@@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
+			--network-alias={{ matrix_jitsi_xmpp_domain }} \
 			--env-file={{ matrix_jitsi_web_base_path }}/env \
 			{% if matrix_jitsi_web_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \

roles/matrix-nginx-proxy/defaults/main.yml

@@ -1,5 +1,5 @@
 matrix_nginx_proxy_enabled: true
-matrix_nginx_proxy_version: 1.21.0-alpine
+matrix_nginx_proxy_version: 1.21.1-alpine
 
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
@@ -120,6 +120,7 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
 # Controls whether proxying the matrix domain should be done.
 matrix_nginx_proxy_proxy_matrix_enabled: false
 matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_nginx_proxy_proxy_matrix_federation_hostname: "{{ matrix_nginx_proxy_proxy_matrix_hostname }}"
 # The port name used for federation in the nginx configuration.
 # This is not necessarily the port that it's actually on,
 # as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container.
@@ -404,7 +405,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.16.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2

@@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 
 {% macro render_vhost_directives() %}
-	root /nginx-data/matrix-domain;
+	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
 
 	gzip on;
 	gzip_types text/plain application/json;

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2

@@ -239,7 +239,7 @@ server {
 		listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }};
 	{% endif %}
 
-	server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
+	server_name {{ matrix_nginx_proxy_proxy_matrix_federation_hostname }};
 	server_tokens off;
 
 	root /dev/null;

roles/matrix-prometheus/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.28.0
+matrix_prometheus_version: v2.28.1
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 
@@ -34,6 +34,7 @@ matrix_prometheus_scraper_synapse_rules_synapse_tag: "master"
 matrix_prometheus_scraper_synapse_rules_download_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_scraper_synapse_rules_synapse_tag }}/contrib/prometheus/synapse-v2.rules"
 
 matrix_prometheus_scraper_synapse_targets: []
+matrix_prometheus_scraper_synapse_workers_enabled_list: []
 
 # Tells whether the "node" scraper configuration is enabled.
 # This configuration aims to scrape the current node (this server).

roles/matrix-prometheus/templates/prometheus.yml.j2

@@ -31,6 +31,19 @@ scrape_configs:
     metrics_path: '/_synapse/metrics'
     static_configs:
     - targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }}
+      labels:
+        instance: {{ matrix_domain }}
+        job: master
+        index: 0
+  {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %}
+  {% if worker.metrics_port != 0 %}
+    - targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}']
+      labels:
+        instance: {{ matrix_domain }}
+        job: {{ worker.type }}
+        index: {{ worker.instanceId }}
+  {% endif %}
+  {% endfor %}
   {% endif %}
 
   {% if matrix_prometheus_scraper_node_enabled %}
@@ -43,4 +56,4 @@ scrape_configs:
   - job_name: postgres
     static_configs:
       - targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }}
-  {% endif %}
+  {% endif %}

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.37.1
+matrix_synapse_version: v1.38.1
-matrix_synapse_version_arm64: v1.37.1
+matrix_synapse_version_arm64: v1.38.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/tasks/main.yml

@@ -3,7 +3,7 @@
     - always
 
 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: run_setup|bool
+  when: run_setup|bool and matrix_synapse_enabled|bool
   tags:
     - setup-all
     - setup-synapse