chore: update to 1.79.0

Update grafana 10.1.1 -> 10.1.2

.github/workflows/matrix.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Run yamllint
         uses: frenck/action-yamllint@v1.4.1
   ansible-lint:
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Run ansible-lint
         uses: ansible-community/ansible-lint-action@v6.17.0
         with:

CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2023-08-31
+
+## SchildiChat support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) client.
+
+See our [Configuring SchildiChat](docs/configuring-playbook-client-schildichat.md) documentation to get started.
+
+
 # 2023-08-23
 
 ## mautrix-wsproxy support
@@ -396,7 +405,7 @@ Additional details are available in the [Authenticate using Matrix OpenID (Auth-
 
 ## Draupnir moderation tool (bot) support
 
-Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/Gnuxie/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer.
+Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer.
 
 Additional details are available in [Setting up Draupnir](docs/configuring-playbook-bot-draupnir.md).
 

README.md

@@ -47,9 +47,10 @@ Web clients for matrix that you can host on your own domains.
 
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
-[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
-| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) |
-| [Cinny](https://github.com/ajbura/cinny) |  x | Web client | [Link](docs/configuring-playbook-client-cinny.md) |
+| [Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
+| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Lightweight matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
+| [Cinny](https://github.com/ajbura/cinny) |  x | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
+| [SchildiChat](https://schildi.chat/) | x | Based on Element, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat.md) |
 
 
 
@@ -100,33 +101,33 @@ Bridges can be used to connect your matrix installation with third-party communi
 
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
-| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
-| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) |
-| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
-| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) |
-| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
-| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
-| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
-| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) |
-| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
-| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge for bridging your Matrix server to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
-| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
-| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
-| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
-| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
-| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
+| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
+| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) |
+| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
+| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) |
+| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
+| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
+| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
+| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) |
+| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
+| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
+| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
+| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
+| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
+| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
+| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
 | [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) | x | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) | [Link](docs/configuring-playbook-bridge-appservice-webhooks.md) |
-| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
-| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge for bridging your Matrix server to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
-| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bridge for bridging your Matrix server to IRC bouncer-style | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
-| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge for bridging your Matrix server to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
-| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
+| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
+| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
+| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
+| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
+| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
 | [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | x | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) |
 | [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | x | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) |
-| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge for [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
-| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge for [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
-| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge for [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
-| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying email messages to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) |
+| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
+| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
+| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
+| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying emails to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) |
 
 
 ### Bots
@@ -142,7 +143,7 @@ Bots provide various additional functionality to your installation.
 | [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) |
 | [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) |
 | [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) |
-| [Draupnir](https://github.com/Gnuxie/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) |
+| [Draupnir](https://github.com/the-draupnir-project/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) |
 | [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) |
 | [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) | x | ChatGPT from matrix | [Link](docs/configuring-playbook-bot-chatgpt.md) |
 

ansible.cfg

@@ -1,6 +1,11 @@
 [defaults]
+
+vault_password_file = gpg/open_vault.sh
+
 retry_files_enabled = False
 stdout_callback = yaml
 
+inventory = inventory/hosts
+
 [connection]
 pipelining = True

docs/configuring-dns.md

@@ -42,6 +42,7 @@ When you're done configuring DNS, proceed to [Configuring the playbook](configur
 | [Etherpad](configuring-playbook-etherpad.md) collaborative text editor                                                  | CNAME | `etherpad`                     | -        | -      | -    | `matrix.<your-domain>`      |
 | [Hydrogen](configuring-playbook-client-hydrogen.md) web client                                                          | CNAME | `hydrogen`                     | -        | -      | -    | `matrix.<your-domain>`      |
 | [Cinny](configuring-playbook-client-cinny.md) web client                                                                | CNAME | `cinny`                        | -        | -      | -    | `matrix.<your-domain>`      |
+| [SchildiChat](configuring-playbook-client-schildichat.md) web client                                                    | CNAME | `schildichat`                  | -        | -      | -    | `matrix.<your-domain>`      |
 | [wsproxy](configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge                                                    | CNAME | `wsproxy`                      | -        | -      | -    | `matrix.<your-domain>`      |
 | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot                                                         | CNAME | `buscarron`                    | -        | -      | -    | `matrix.<your-domain>`      |
 | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX    | `matrix`                       | 10       | 0      | -    | `matrix.<your-domain>`      |

docs/configuring-playbook-bot-draupnir.md

@@ -1,8 +1,8 @@
 # Setting up draupnir (optional)
 
-The playbook can install and configure the [draupnir](https://github.com/Gnuxie/Draupnir) moderation bot for you.
+The playbook can install and configure the [draupnir](https://github.com/the-draupnir-project/Draupnir) moderation bot for you.
 
-See the project's [documentation](https://github.com/Gnuxie/Draupnir) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you.
 
 If your migrating from Mjolnir skip to step 5b.
 
@@ -77,7 +77,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 
 ## Usage
 
-You can refer to the upstream [documentation](https://github.com/Gnuxie/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
+You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
 
 You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
 

docs/configuring-playbook-client-schildichat.md

@@ -0,0 +1,42 @@
+# Configuring SchildiChat (optional)
+
+By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application.
+
+**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk!
+
+
+## Enabling SchildiChat
+
+If you'd like for the playbook to install SchildiChat, you can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_client_schildichat_enabled: true
+```
+
+
+## Configuring SchildiChat settings
+
+The playbook provides some customization variables you could use to change schildichat's settings.
+
+Their defaults are defined in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml) and they ultimately end up in the generated `/matrix/schildichat/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-schildichat/templates/config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2) template.
+
+**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
+
+Alternatively, **if there is no pre-defined variable** for an schildichat setting you wish to change:
+
+- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of schildichat's various settings that rarely get used.
+
+- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2)) by making use of the `matrix_client_schildichat_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
+
+- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_schildichat_configuration_default` (or `matrix_client_schildichat_configuration`). You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
+
+
+## Themes
+
+To change the look of schildichat, you can define your own themes manually by using the `matrix_client_schildichat_setting_defaults_custom_themes` setting.
+
+Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_schildichat_themes_enabled: true`).
+
+If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
+
+Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed.

docs/configuring-playbook.md

@@ -82,6 +82,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional)
 
+- [Setting up SchildiChat](configuring-playbook-client-schildichat.md) - a web client based on [Element](https://element.io/) with some extras and tweaks (optional)
+
 
 ### Authentication and user-related
 

docs/maintenance-migrating.md

@@ -5,7 +5,7 @@
 # Migrating to new server
 
 1. Prepare by lowering DNS TTL for your domains (`matrix.DOMAIN`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime
-2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*`
+2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` (you might have to cd to /etc/systemd/system/ first)
 3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
 4. Make sure your DNS records are adjusted to point to the new server's IP address
 5. Remove old server from the `inventory/hosts` file and add new server.

gpg/open_vault.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e -u
+
+gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

gpg/vault_passphrase.gpg

@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
+iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
+foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
+C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
+luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
++rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
+RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
+4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
+0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
+eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
+ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
+jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
+anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
+yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
+=Cecg
+-----END PGP MESSAGE-----

group_vars/matrix_servers

@@ -312,6 +312,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
     +
+    ([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
+    +
     ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
     +
     ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
@@ -2752,6 +2754,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true
 matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
+matrix_nginx_proxy_proxy_schildichat_enabled: "{{ matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
@@ -2852,6 +2855,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
     +
     (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
     +
+    (['matrix-client-schildichat.service'] if matrix_client_schildichat_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
+    +
     ([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
     +
     (['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
@@ -2883,6 +2888,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else [])
     +
+    ([matrix_server_fqn_schildichat] if matrix_client_schildichat_enabled else [])
+    +
     ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else [])
     +
     ([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
@@ -2952,10 +2959,7 @@ devture_postgres_gid: "{{ matrix_user_gid }}"
 devture_postgres_connection_username: matrix
 devture_postgres_db_name: matrix
 
-devture_postgres_systemd_services_to_stop_for_maintenance_list: |
-  {{
-    ['matrix-' + matrix_homeserver_implementation + '.service']
-  }}
+devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}"
 
 devture_postgres_managed_databases_auto: |
   {{
@@ -3485,6 +3489,60 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-client-schildichat
+#
+######################################################################
+
+matrix_client_schildichat_enabled: false
+
+matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach schildichat over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# the schildichat HTTP port to the local host.
+matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
+
+matrix_client_schildichat_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-client-schildichat' }}"
+
+matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
+
+matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}"
+matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}"
+
+# Use Dimension if enabled, otherwise fall back to Scalar
+matrix_client_schildichat_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
+matrix_client_schildichat_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
+matrix_client_schildichat_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
+matrix_client_schildichat_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
+
+matrix_client_schildichat_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
+
+matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
+
+matrix_client_schildichat_enable_presence_by_hs_url: |
+  {{
+    none
+    if matrix_synapse_presence_enabled
+    else {matrix_client_schildichat_default_hs_url: false}
+  }}
+
+matrix_client_schildichat_welcome_user_id: ~
+
+matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-client-schildichat
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-synapse

inventory/host_vars/matrix.finallycoffee.eu/vars.yml

@@ -0,0 +1,411 @@
+#
+# General config
+# Domain of the matrix server and SSL config
+#
+matrix_domain: finallycoffee.eu
+
+matrix_ssl_retrieval_method: none
+matrix_nginx_proxy_enabled: true
+matrix_nginx_proxy_https_enabled: false
+matrix_nginx_proxy_container_http_host_bind_port: "127.0.10.1:8080"
+matrix_nginx_proxy_container_federation_host_bind_port: "127.0.10.1:8448"
+matrix_nginx_proxy_trust_forwarded_proto: true
+matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
+
+#matrix_nginx_proxy_proxy_synapse_metrics: true
+matrix_nginx_proxy_proxy_matrix_metrics_enabled: true
+matrix_synapse_metrics_enabled: true
+matrix_synapse_metrics_proxying_enabled: true
+
+matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
+matrix_server_fqn_element: "chat.{{ matrix_domain }}"
+matrix_playbook_docker_installation_enabled: false
+
+#matrix_client_element_version: v1.8.4
+#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
+#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.77.0"
+#matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
+#matrix_synapse_default_room_version: "10"
+#matrix_mautrix_telegram_version: v0.10.0
+matrix_dimension_scheme: https
+
+devture_timesync_installation_enabled: false
+matrix_playbook_reverse_proxy_type: playbook-managed-nginx
+# per https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#adapting-the-configuration-for-existing-synapse-installations
+#matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
+matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
+devture_systemd_service_manager_up_verification_delay_seconds: 120
+
+web_user: "web"
+revproxy_autoload_dir: "/vault/services/web/sites.d"
+postgres_dump_dir: /vault/temp
+
+
+#
+# General Synapse config
+#
+#matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
+devture_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
+# A secret used to protect access keys issued by the server.
+# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
+# Make synapse accept larger media aswell
+matrix_synapse_max_upload_size_mb: 200
+# Enable metrics at (default) :9100/_synapse/metrics
+matrix_synapse_metrics_enabled: true
+matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+matrix_synapse_turn_uris:
+  - "turn:voip.matrix.finallycoffee.eu?transport=udp"
+  - "turn:voip.matrix.finallycoffee.eu?transport=tcp"
+# Auto-join all users into those rooms
+matrix_synapse_auto_join_rooms:
+  - "#welcome:finallycoffee.eu"
+  - "#announcements:finallycoffee.eu"
+
+## Synapse rate limits
+matrix_synapse_rc_federation:
+  window_size: 1000
+  sleep_limit: 50
+  sleep_delay: 500
+  reject_limit: 50
+  concurrent: 10
+matrix_synapse_rc_message:
+  per_second: 0.5
+  burst_count: 25
+matrix_synapse_rc_joins:
+  local:
+    per_second: 0.5
+    burst_count: 20
+  remote:
+    per_second: 0.05
+    burst_count: 20
+matrix_synapse_rc_joins_per_room:
+  per_second: 1
+  burst_count: 10
+matrix_synapse_rc_invites:
+  per_room:
+    per_second: 0.5
+    burst_count: 10
+  per_user:
+    per_second: 0.006
+    burst_count: 10
+  per_issuer:
+    per_second: 2
+    burst_count: 20
+
+## Synapse cache tuning
+matrix_synapse_caches_global_factor: 1.5
+matrix_synapse_event_cache_size: "300K"
+
+## Synapse workers
+matrix_synapse_workers_enabled: true
+matrix_synapse_workers_preset: "little-federation-helper"
+matrix_synapse_workers_generic_workers_count: 1
+matrix_synapse_workers_media_repository_workers_count: 2
+matrix_synapse_workers_federation_sender_workers_count: 2
+matrix_synapse_workers_pusher_workers_count: 1
+matrix_synapse_workers_appservice_workers_count: 1
+
+# Static secret auth for matrix-synapse-shared-secret-auth
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+matrix_synapse_ext_password_provider_rest_auth_enabled: true
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
+matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
+matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
+matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
+
+# Enable experimental spaces support
+matrix_synapse_configuration_extension_yaml: |
+  database:
+    args:
+      cp_max: 20
+  experimental_features:
+    spaces_enabled: true
+  caches:
+    per_cache_factors:
+      device_id_exists: 3
+      get_users_in_room: 4
+      _get_joined_users_from_context: 4
+      _get_joined_profile_from_event_id: 3
+      "*stateGroupMembersCache*": 2
+      _matches_user_in_member_list: 3
+      get_users_who_share_room_with_user: 3
+      is_interested_in_room: 2
+      get_user_by_id: 1.5
+      room_push_rule_cache: 1.5
+    expire_caches: true
+    cache_entry_ttl: 45m
+    sync_response_cache_duration: 2m
+  
+
+#
+# synapse-admin tool
+#
+matrix_synapse_admin_enabled: true
+matrix_synapse_admin_container_http_host_bind_port: 8985
+
+
+#
+# VoIP / CoTURN config
+#
+# A shared secret (between Synapse and Coturn) used for authentication.
+matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+# Disable coturn, as we use own instance
+matrix_coturn_enabled: false
+
+
+#
+# dimension (integration manager) config
+#
+matrix_dimension_enabled: true
+matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
+matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
+matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
+matrix_dimension_configuration_extension_yaml: |
+    telegram:
+        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
+
+
+#
+# mautrix-whatsapp config
+#
+matrix_mautrix_whatsapp_enabled: true
+matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
+matrix_mautrix_whatsapp_bridge_mute_bridging: true
+matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
+matrix_mautrix_whatsapp_bridge_allow_user_invite: true
+matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
+matrix_mautrix_whatsapp_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_whatsapp_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
+        max_connection_attempts: 5
+        connection_timeout: 30
+        contact_wait_delay: 5
+        private_chat_portal_meta: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+    logging:
+        print_level: info
+    metrics:
+        enabled: true
+        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+    whatsapp:
+        os_name: Linux mautrix-whatsapp
+        browser_name: Chrome
+
+
+#
+# mautrix-telegram config
+#
+matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
+matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
+matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
+matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
+matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
+matrix_mautrix_telegram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
+matrix_mautrix_telegram_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Telegram)"
+        parallel_file_transfer: false
+        inline_images: false
+        image_as_file_size: 20
+        delivery_receipts: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+        animated_sticker:
+            target: webm
+        encryption:
+            allow: true
+            default: true
+        permissions:
+            "@transcaffeine:finallycoffee.eu": "admin"
+            "gruenhage.xyz": "full"
+            "boobies.software": "full"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+#        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
+
+
+#
+# mautrix-signal config
+#
+matrix_mautrix_signal_enabled: true
+matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
+matrix_mautrix_signal_container_extra_arguments:
+    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_signal_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Signal)"
+        community_id: "+signal:finallycoffee.eu"
+        encryption:
+            allow: true
+            default: true
+            key_sharing:
+                allow: true
+                require_verification: false
+        delivery_receipts: true
+        permissions:
+          "@ilosai:fairydust.space": "user"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+
+
+#
+# mx-puppet-instagram configuration
+#
+matrix_mx_puppet_instagram_enabled: true
+matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
+matrix_mx_puppet_instagram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_instagram_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-skype configuration
+#
+#matrix_mx_puppet_skype_enabled: false
+matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
+# matrix_mx_puppet_skype_container_extra_arguments:
+#   - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
+# matrix_mx_puppet_skype_configuration_extension_yaml: |
+#     bridge:
+#         enableGroupSync: true
+#         avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
+#     metrics:
+#         enabled: true
+#         port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+#         path: /metrics
+
+
+#
+# mx-puppet-discord configuration
+#
+matrix_mx_puppet_discord_enabled: false
+matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
+matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
+matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
+matrix_mx_puppet_discord_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_discord_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-slack configuration
+#
+matrix_mx_puppet_slack_enabled: true
+matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
+matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
+matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
+matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
+matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
+matrix_mx_puppet_slack_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
+matrix_mx_puppet_slack_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# Element web configuration
+#
+# Branding config
+matrix_client_element_brand: "Chat"
+matrix_client_element_default_theme: "dark"
+matrix_client_element_themes_enabled: true
+matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
+matrix_client_element_welcome_text: |
+    Decentralised, encrypted chat &amp; collaboration,<br />
+    hosted on finallycoffee.eu, powered by element.io &amp;
+    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
+      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
+    </a>
+matrix_client_element_welcome_logo: "welcome/images/logo.png"
+matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
+matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
+matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
+matrix_client_element_container_extra_arguments:
+  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
+  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
+# Integration and capabilites config
+matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
+matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
+matrix_client_element_integrations_widgets_urls:
+  - "https://{{ matrix_server_fqn_dimension }}/widgets"
+  - "https://scalar.vector.im/api"
+matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
+matrix_client_element_disable_custom_urls: false
+matrix_client_element_room_directory_servers:
+  - "matrix.org"
+  - "finallycoffee.eu"
+  - "entropia.de"
+matrix_client_element_enable_presence_by_hs_url:
+  https://matrix.org: false
+
+
+# Matrix ma1sd extended configuration
+matrix_ma1sd_configuration_extension_yaml: |
+    hashing:
+      enabled: true
+      pepperLength: 20
+      rotationPolicy: per_requests
+      requests: 10
+      hashStorageType: sql
+      algorithms:
+          - none
+          - sha256
+
+
+# Matrix mail notification relay setup
+matrix_mailer_enabled: true
+matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
+matrix_mailer_relay_use: true
+matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
+matrix_mailer_relay_host_port: 587
+matrix_mailer_relay_auth: true
+matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
+matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

inventory/host_vars/matrix.finallycoffee.eu/vault.yml

@@ -0,0 +1,100 @@
+$ANSIBLE_VAULT;1.1;AES256
+39366364363633336238333130353832663162393038633665396333343732353964333363666539
+6562346632343235623835643735386434316666393234360a383634616537393134613631383836
+61333835363666623033306166376232303930306433343366373463653234623736643633383734
+3330333665383539650a383132353032386230393031626361343764323034386230363066306331
+34646236336262623435633566363033613737373064616266336237343233663066396163373034
+62303765353066653737366539626461636531636438323932333134363136363134646164646531
+63656638666233313437663261396665653736373164323433306435323336633938313164646264
+33653661633965363833393031616463633761356234633630643562306366653133366637346166
+38636433343736343461613731623538633361363934343764326466313261353633646230353065
+37366134303164356433333961346663313963626165323966656536313532376162326565383539
+65363333633964323838663461373666353665643236623839646664653661613838353239613137
+39353061323131306365656261343630313665356165623064616436653566373663343733316237
+34393666383465323463313838393465643830373632373938633763666636346539666233303265
+38353337633833373331356663633936326334366337393135653030333531613565643666633038
+64393862303765366632393137313432376563353335353231323464633637343334346634306534
+35613330373336633031376263306466306437656635396133613335386130346163663438386136
+61646437343938663431343736363564376238316666373531616231366132643864346538363866
+35396433366137356162313963666134383134306462313336613735386639363936326131383939
+66623833643433663039623837623133303336666233623935313438366136353332313165333936
+31386632336535383533646639636164313331346630633366383739623261366465656632393062
+63373332623738303364623437666531396331646666336230353333366261653438363861656466
+39333762633037383336393164616563396564383232636533363864636230616664303330323932
+66666234633362346132303932643464366466323535303835363430333737666661373534333934
+61393362616438626636383564613335363634626231663234616438343464383461303632363033
+39336362396339316661323662393665383031643931626333646335643335353661653939363538
+38666561313539613566386132336630643237333432656236356132616230663561343665353938
+33366663353834356434366335373265373439363430636533303933656264366338623232613435
+35356662383232386137313064313363303861326635333435393737643663336534363234623430
+32376432353330613666396337303935376366613564353039396164383361616337656535346166
+34396635356266326461613135303639643935363261396363636338636564643838313262326266
+31663139343336376233303637373864363835313839326433656235616332333134306139623239
+37636639356263646437373362333931613262363363313462666534643765313139386461623731
+33376635653133353033333733613464396632636634313063326363313030376632643863336237
+61636638353237313764313435626463633964643665313536326235343639663137373436303564
+30636232626137376339303238653664346538356430306238633037366332316263623666373062
+63646533646131303466653637346463613237323161313265613834383634626237323563653733
+38656435303264346663663465333966376631666530333833353233376263336436613065366362
+36366263343438393132326661623031316663663231663464383732343064383234616636306530
+66613634626362316533303034393063666632343262613431613635663866636433623535363238
+30643933613731363236346234336662613633323831633437613435326465383530653765616262
+63373538396364316563343365303134373466663639386137663564356532353531343636613135
+63316463353264316164306566326462333732316431643939626161346530636638636662303037
+34346461313961613063336332333934383363373335616636363661396362613661383762663866
+64303834636264376461396266663763336665356561376161333136336638646363313133353161
+31643061623833623239373432633537663664636334623534326639616633616361333834366131
+30376361656238353332656666316637643133623433333861653265636266376639666135383638
+37363337326231656530363536393737383565666266306532626361633633353539363866376534
+61303737326632303762626666306134343837376566343035386663613336626332383035383035
+37633462373066373062313862323766316362393832666466396637363562353865303366323062
+39346332383966313437646138623364656234663066663639663138626163656433363038323166
+65613862386665643438323061323763306635666162303366323131363436633335356332393366
+63373966383132303434633835333438333337303664346335643066623839343835643364306561
+34643336346564363462396330643263653931376664386335313433376332653832323437376135
+35383231386133363236653334393433306638303131323064343931623538323130343666653061
+36353536383632333964343730346265626433303131346531303133663832363036333261386237
+30363361356265356139323761623563396565336137333733656431636531333234323061343862
+33623935346663333735613661363234646234356331323636386637343661373363363261646231
+33643233343235323230393933616664623166666266333862323631653835666135303233653635
+63373061656163353762636531613632366638383366303864343132376162643963366564363563
+61336338613935613532636165383463633866633036393533313433643562313737383431353163
+37623165373933376236393931363939633963666636303136373065376635623761346537643530
+35363464313630376233633863306238616138666464316534363332333937343362343233346431
+34643032323934353939666364323239653932363735373061633434653062326336353239633261
+38306237336266663038656534393664646138343038323335633064616431386666613739326630
+34383963666534313530376331366238343836303036306336343533666332386163643033643138
+33336333333338353733383165306139623964303035653439623131633566356136386431613135
+63616462386639303230343866346631346532353531373132613433363239646330653666633532
+65393766333238383531313132633537633833363335303630376239396565373730646331313633
+30383861303739343265623934643635633361623262356433323035393062353630346430646262
+63303434353038646361353661616339313937323336303566303536366163623362356332383862
+37326333393761633732653264646333653439363039323238383361336233323232613336303464
+34393635633131313135313665363161306466643364393734346264633030373234306466653862
+32336163666435636162343465386633653863363533616339636531306130383331376563393533
+65366136626662343065383164646665613035393636373565346235656439303933343563366339
+36643838393033353033396535613331303031646162316361613564323163633434633861356135
+62343461616335323565636633383962316531316362396165366533346166336163623232366261
+39376230376562626135346333326437373733373266393236383435343562653034313133376236
+61666138346562613330633630373837653465393233613261353937336666646231366666393335
+35393463333936323664323831396639333462626238613164616435363664643438653763623431
+32663237363134353061373563396535653565636431366565386337653863316333343738343432
+62303132636338303462313439376535363063333833363632613832303436353834376561333330
+66633632383135646263626333643230343630326539663762633934316261633062663732373932
+30306438386263626335373838343236643562326135663366353638353163346365396261313133
+36333634306133353235316237343738623263333732343063356238333162323931346664346539
+66323733643061386334306130633537353630663336313966663538373963313435666564316539
+63613030366332363432303036396232306537663765653938353736376135316539613135623632
+66356639623635663365323635646635383638346539323438336261393332373935383536333831
+61306639343061333639336162366536366438356166396266666132303932333037613632623666
+63616662343830303664353931306632323630316162643432653835313962633735626163366332
+34373637633066333432383533316363613031393963373963386161663430623533383165653561
+38343439633066366663643138326264653539336530393932386236366533663935353664343966
+39323161646231353234633961633732613065323039663062313661386565366534623430356632
+64343732336238393262363338363734643639353830646163343361653761633134303163616562
+35633436393832393137383534613031303963613339333566343065336530623964636662353065
+32366630353538383339346465376661323666333234373665613164633866363364613066643034
+37616630366232353166366535633936366536626462353831643335306337353564316461653564
+66663133373466333431336366346435623436656230376232613665633466333463636263373464
+30386434336538303061666566383033616563303564666362346432663130306531613063363537
+646635613236636563666161666630653836

inventory/hosts

@@ -0,0 +1,24 @@
+$ANSIBLE_VAULT;1.1;AES256
+34373565633762393838366465623964356238366661386638373937363563613036646662333330
+3436326333353462346464656136363131376565386433620a613965643930313137353134616134
+39656164373331383333613630323531646132626263626661313735313136326132343866313733
+3737323866333566320a376564393337306438636261393535623435326139393830613765646630
+63363538343963636231623031346539363937383363376133333562376339343361303337343133
+39323431653963613134376465333762653038393839313137323832313633343639623665393263
+34623034353564613665333037366231613261343336613730666130396437363332373463313137
+39326237626130323336626265653431383332303065323536316634353735313565633862633937
+65303032306434663962653866366538636133623530343836633233636664386230366165356462
+35623536356462623261666533626436613465346461313733356531386338626263376561363131
+30373534653437363165623138656636323638393734323836396536336364376131333066343432
+38653564623432623461353266623263643430383965373138663361646665616566613337663837
+63343766303936383330643561356233333961303436656564363061393136356163393463383033
+66343034633230373362343332613338646537353934373264633965636431373630326632356535
+36393363356261616234386266333462373065646436653430653561366330353732616135346165
+30306164633666666339336261306264306133616263623430376536346364306336373332326463
+37333735376365373536613734653961326434653665356436323635373863636266663130303431
+39396534633064383566306133363431323537313639383464303433373761363333303936626366
+37383637336631663931303265393562356336623861613161663738393038353263616662633634
+37373932306261666531303265646365323464363930313238343537343433636639383764343139
+35303831646166376365363536656239346630346561356464653362363637306234353761653432
+61323865663266613433343639343762363437333562346633396462623436346364363033383739
+646230333738313565356339346435656331

requirements.yml

@@ -4,7 +4,7 @@
   version: v1.0.0-1
   name: auxiliary
 - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.4-1.8.2-0
+  version: v1.2.5-1.8.2-1
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
   version: v0.1.1-2
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
@@ -16,7 +16,7 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v15.3-0
+  version: v16.0-2
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
   version: a0cc7c1c696872ba8880d9c5e5a54098de825030
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
@@ -30,19 +30,19 @@
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
   version: v2.8.1-0
 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v1.9.2-0
+  version: v1.9.2-1
 - src: git+https://github.com/geerlingguy/ansible-role-docker
   version: 6.2.0
   name: geerlingguy.docker
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v10.1.0-0
+  version: v10.1.2-0
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v8615-2
+  version: v8960-0
   name: jitsi
 - src: git+https://gitlab.com/etke.cc/roles/ntfy.git
   version: v2.7.0-2
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.45.0-1
+  version: v2.47.0-0
   name: prometheus
 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
   version: v1.6.1-0

roles/custom/matrix-base/defaults/main.yml

@@ -72,6 +72,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
 # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
 matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
 
+# This is where you access the schildichat web client from (if enabled via matrix_client_schildichat_enabled; disabled by default).
+matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
+
 # This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
 matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
 

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 # A moderation tool for Matrix
-# Project source code URL: https://github.com/Gnuxie/Draupnir
+# Project source code URL: https://github.com/the-draupnir-project/Draupnir
 
 matrix_bot_draupnir_enabled: true
 
-matrix_bot_draupnir_version: "v1.84.0"
+matrix_bot_draupnir_version: "v1.85.1"
 
 matrix_bot_draupnir_container_image_self_build: false
-matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
+matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
 
 matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
 matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -36,6 +36,16 @@ matrix_bot_draupnir_access_token: ""
 # Note: draupnir is fairly verbose - expect a lot of messages from it.
 matrix_bot_draupnir_management_room: ""
 
+# Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot.
+# This setting is described the following way in the Configuration.
+#
+# Whether or not Draupnir should apply `m.room.server_acl` events.
+# DO NOT change this to `true` unless you are very confident that you know what you are doing.
+#
+# Please follow the advice of upstream and only change this value if you know what your doing.
+# Its Exposed here because its common enough to be valid to expose.
+matrix_bot_draupnir_disable_server_acl: "false"
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -51,9 +51,11 @@ recordIgnoredInvites: false
 # (see verboseLogging to adjust this a bit.)
 managementRoom: "{{ matrix_bot_draupnir_management_room }}"
 
+# Deprecated and will be removed in a future version.
+# Running with verboseLogging is unsupported.
 # Whether Draupnir should log a lot more messages in the room,
-# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
-verboseLogging: false
+# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room.
+#verboseLogging: false
 
 # The log level of terminal (or container) output,
 # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
@@ -73,6 +75,10 @@ verifyPermissionsOnStartup: true
 # turn on to trial some untrusted configuration or lists.
 noop: false
 
+# Whether or not Draupnir should apply `m.room.server_acl` events.
+# DO NOT change this to `true` unless you are very confident that you know what you are doing.
+disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}"
+
 # Whether Draupnir should check member lists quicker (by using a different endpoint),
 # keep in mind that enabling this will miss invited (but not joined) users.
 #

roles/custom/matrix-bot-honoroit/defaults/main.yml

@@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.18
+matrix_bot_honoroit_version: v0.9.19
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

roles/custom/matrix-bridge-appservice-discord/defaults/main.yml

@@ -5,7 +5,7 @@
 matrix_appservice_discord_enabled: false
 matrix_appservice_discord_container_image_self_build: false
 
-matrix_appservice_discord_version: v3.1.0
+matrix_appservice_discord_version: v4.0.0
 matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
 matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}"
 matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
 matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
 
-matrix_mautrix_discord_version: v0.6.1
+matrix_mautrix_discord_version: v0.6.2
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
 matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -6,9 +6,9 @@ matrix_mautrix_gmessages_enabled: true
 
 matrix_mautrix_gmessages_container_image_self_build: false
 matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git"
-matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
+matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
-matrix_mautrix_gmessages_version: v0.1.0
+matrix_mautrix_gmessages_version: v0.2.0
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
 matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}"

roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -136,6 +136,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
 matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
 
+matrix_mautrix_telegram_sender_localpart: "telegrambot"
+
 matrix_mautrix_telegram_registration_yaml: |
   id: telegram
   as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@@ -154,6 +156,7 @@ matrix_mautrix_telegram_registration_yaml: |
   url: {{ matrix_mautrix_telegram_appservice_address }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true
+#  sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
 
 matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"
 

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.10.0
+matrix_mautrix_whatsapp_version: v0.10.1
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -70,7 +70,7 @@ namePatterns:
   #
   # name: username of the user
   # discriminator: hashtag of the user (ex. #1234)
-  user: :name
+  user: ":name (#:discriminator) (via Discord)"
 
   # A user's guild-specific displayname - if they've set a custom nick in
   # a guild
@@ -82,7 +82,7 @@ namePatterns:
   # displayname: the user's custom group-specific nick
   # channel: the name of the channel
   # guild: the name of the guild
-  userOverride: :name
+  userOverride: ":displayname (:name#:discriminator) (via Discord)"
 
   # Room names for bridged Discord channels
   #
@@ -90,7 +90,7 @@ namePatterns:
   #
   # name: name of the channel
   # guild: name of the guild
-  room: :name
+  room: "#:name (:guild on Discord)"
 
   # Group names for bridged Discord servers
   #

roles/custom/matrix-client-element/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.11.40
+matrix_client_element_version: v1.11.43
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/custom/matrix-client-element/tasks/setup_install.yml

@@ -90,6 +90,19 @@
     - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
   when: "item.src is not none"
 
+- name: Copy Element costum files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
+    - {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
+  when: false
+    #when: "matrix_client_element_enabled|bool and item.src is not none"
+
 - name: Ensure Element config files removed
   ansible.builtin.file:
     path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

roles/custom/matrix-client-element/templates/welcome.html.j2

@@ -33,7 +33,7 @@ h1::after {
 }
 
 .mx_Logo {
-    height: 54px;
+    height: 92px;
     margin-top: 2px;
 }
 

roles/custom/matrix-client-hydrogen/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: false
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.4.0
+matrix_client_hydrogen_version: v0.4.1
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/custom/matrix-client-schildichat/defaults/main.yml

@@ -0,0 +1,312 @@
+---
+# Project source code URL: https://github.com/SchildiChat/schildichat-desktop
+
+matrix_client_schildichat_enabled: true
+
+matrix_client_schildichat_container_image_self_build: false
+
+matrix_client_schildichat_version: v1.11.30-sc.2
+matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_name_prefix }}etke.cc/schildichat-web:{{ matrix_client_schildichat_version }}"
+matrix_client_schildichat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else 'registry.gitlab.com/' }}"
+matrix_client_schildichat_docker_image_force_pull: "{{ matrix_client_schildichat_docker_image.endswith(':latest') }}"
+
+matrix_client_schildichat_data_path: "{{ matrix_base_data_path }}/client-schildichat"
+matrix_client_schildichat_docker_src_files_path: "{{ matrix_client_schildichat_data_path }}/docker-src"
+
+# The base container network
+matrix_client_schildichat_container_network: matrix-client-schildichat
+
+# A list of additional container networks that the container would be connected to.
+# The role does not create these networks, so make sure they already exist.
+# Use this to expose this container to a reverse proxy, which runs in a different container network.
+matrix_client_schildichat_container_additional_networks: []
+
+# Controls whether the matrix-client-schildichat container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
+matrix_client_schildichat_container_http_host_bind_port: ''
+
+# matrix_client_schildichat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_client_schildichat_container_labels_additional_labels`.
+matrix_client_schildichat_container_labels_traefik_enabled: true
+matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_client_schildichat_container_network }}"
+matrix_client_schildichat_container_labels_traefik_hostname: "{{ matrix_client_schildichat_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/schildichat`).
+matrix_client_schildichat_container_labels_traefik_path_prefix: "{{ matrix_client_schildichat_path_prefix }}"
+matrix_client_schildichat_container_labels_traefik_rule: "Host(`{{ matrix_client_schildichat_container_labels_traefik_hostname }}`){% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_client_schildichat_container_labels_traefik_priority: 0
+matrix_client_schildichat_container_labels_traefik_entrypoints: web-secure
+matrix_client_schildichat_container_labels_traefik_tls: "{{ matrix_client_schildichat_container_labels_traefik_entrypoints != 'web' }}"
+matrix_client_schildichat_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls which additional headers to attach to all HTTP responses.
+# To add your own headers, use `matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom`
+matrix_client_schildichat_container_labels_traefik_additional_response_headers: "{{ matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto | combine(matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom) }}"
+matrix_client_schildichat_container_labels_traefik_additional_response_headers_auto: |
+  {{
+    {}
+    | combine ({'X-XSS-Protection': matrix_client_schildichat_http_header_xss_protection} if matrix_client_schildichat_http_header_xss_protection else {})
+    | combine ({'X-Frame-Options': matrix_client_schildichat_http_header_frame_options} if matrix_client_schildichat_http_header_frame_options else {})
+    | combine ({'X-Content-Type-Options': matrix_client_schildichat_http_header_content_type_options} if matrix_client_schildichat_http_header_content_type_options else {})
+    | combine ({'Content-Security-Policy': matrix_client_schildichat_http_header_content_security_policy} if matrix_client_schildichat_http_header_content_security_policy else {})
+    | combine ({'Permission-Policy': matrix_client_schildichat_http_header_content_permission_policy} if matrix_client_schildichat_http_header_content_permission_policy else {})
+    | combine ({'Strict-Transport-Security': matrix_client_schildichat_http_header_strict_transport_security} if matrix_client_schildichat_http_header_strict_transport_security and matrix_client_schildichat_container_labels_traefik_tls else {})
+  }}
+matrix_client_schildichat_container_labels_traefik_additional_response_headers_custom: {}
+
+# matrix_client_schildichat_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_client_schildichat_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_client_schildichat_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_client_schildichat_container_extra_arguments: []
+
+# List of systemd services that matrix-client-schildichat.service depends on
+matrix_client_schildichat_systemd_required_services_list: ['docker.service']
+
+# Specifies the value of the `X-XSS-Protection` header
+# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
+#
+# Learn more about it is here:
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# - https://portswigger.net/web-security/cross-site-scripting/reflected
+matrix_client_schildichat_http_header_xss_protection: "1; mode=block"
+
+# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+matrix_client_schildichat_http_header_frame_options: SAMEORIGIN
+
+# Specifies the value of the `X-Content-Type-Options` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+matrix_client_schildichat_http_header_content_type_options: nosniff
+
+# Specifies the value of the `Content-Security-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+matrix_client_schildichat_http_header_content_security_policy: frame-ancestors 'self'
+
+# Specifies the value of the `Permission-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
+matrix_client_schildichat_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_schildichat_floc_optout_enabled else '' }}"
+
+# Specifies the value of the `Strict-Transport-Security` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+matrix_client_schildichat_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_schildichat_hsts_preload_enabled else '' }}"
+
+# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
+#
+# Learn more about what it is here:
+# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
+# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
+# - https://amifloced.org/
+#
+# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
+# See: `matrix_client_schildichat_content_permission_policy`
+matrix_client_schildichat_floc_optout_enabled: true
+
+# Controls if HSTS preloading is enabled
+#
+# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
+# indicates a willingness to be "preloaded" into browsers:
+# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
+# For more information visit:
+# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# - https://hstspreload.org/#opt-in
+# See: `matrix_client_schildichat_http_header_strict_transport_security`
+matrix_client_schildichat_hsts_preload_enabled: false
+
+# The hostname at which schildichat is served.
+# Only works with with Traefik reverse-proxying.
+# For matrix-nginx-proxy, `matrix_server_fqn_schildichat` is used and this variable has no effect.
+matrix_client_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}"
+
+# The path at which schildichat is exposed.
+# When matrix-nginx-proxy is used, setting this to values other than `/` will cause configuration mismatches and trouble.
+#
+# If Traefik is used, the hostname is also configurable - see `matrix_client_schildichat_container_labels_traefik_hostname`.
+# This value must either be `/` or not end with a slash (e.g. `/schildichat`).
+matrix_client_schildichat_path_prefix: /
+
+# schildichat config.json customizations
+matrix_client_schildichat_default_server_name: "{{ matrix_domain }}"
+matrix_client_schildichat_default_hs_url: ""
+matrix_client_schildichat_default_is_url: ~
+matrix_client_schildichat_disable_custom_urls: true
+matrix_client_schildichat_disable_guests: true
+matrix_client_schildichat_integrations_ui_url: "https://scalar.vector.im/"
+matrix_client_schildichat_integrations_rest_url: "https://scalar.vector.im/api"
+matrix_client_schildichat_integrations_widgets_urls: ["https://scalar.vector.im/api"]
+matrix_client_schildichat_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
+matrix_client_schildichat_permalink_prefix: "https://matrix.to"  # noqa var-naming
+matrix_client_schildichat_bug_report_endpoint_url: "https://element.io/bugreports/submit"
+matrix_client_schildichat_show_lab_settings: true  # noqa var-naming
+# schildichat public room directory server(s)
+matrix_client_schildichat_room_directory_servers: ['matrix.org']
+matrix_client_schildichat_welcome_user_id: ~
+# Branding of schildichat
+matrix_client_schildichat_brand: "schildichat"
+
+# URL to Logo on welcome page
+matrix_client_schildichat_welcome_logo: "themes/element/img/logos/element-logo.svg"
+
+# URL of link on welcome image
+matrix_client_schildichat_welcome_logo_link: "https://schildi.chat"
+
+matrix_client_schildichat_welcome_headline: "_t('Welcome to SchildiChat')"
+matrix_client_schildichat_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
+
+# Links, shown in footer of welcome page:
+# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
+matrix_client_schildichat_branding_auth_footer_links: ~  # noqa var-naming
+
+# URL to image, shown during Login
+matrix_client_schildichat_branding_auth_header_logo_url: "{{ matrix_client_schildichat_welcome_logo }}"  # noqa var-naming
+
+# URL to Wallpaper, shown in background of welcome page
+matrix_client_schildichat_branding_welcome_background_url: ~  # noqa var-naming
+
+matrix_client_schildichat_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"
+
+# By default, there's no schildichat homepage (when logged in). If you wish to have one,
+# point this to a `home.html` template file on your local filesystem.
+matrix_client_schildichat_embedded_pages_home_path: ~
+
+matrix_client_schildichat_jitsi_preferred_domain: ''  # noqa var-naming
+
+# Controls whether the self-check feature should validate SSL certificates.
+matrix_client_schildichat_self_check_validate_certificates: true
+
+# don't show the registration button on welcome page
+matrix_client_schildichat_registration_enabled: false
+
+# Default country code on welcome page when login by phone number
+matrix_client_schildichat_default_country_code: "GB"
+
+# Controls whether presence will be enabled
+matrix_client_schildichat_enable_presence_by_hs_url: ~
+
+# Controls whether custom schildichat themes will be installed.
+# When enabled, all themes found in the `matrix_client_schildichat_themes_repository_url` repository
+# will be installed and enabled automatically.
+matrix_client_schildichat_themes_enabled: false
+matrix_client_schildichat_themes_repository_url: https://github.com/aaronraimist/element-themes
+matrix_client_schildichat_themes_repository_version: master
+
+# Controls the default theme
+matrix_client_schildichat_default_theme: 'light'
+
+# Controls the `setting_defaults.custom_themes` setting of the schildichat configuration.
+# You can use this setting to define custom themes.
+#
+# Also, look at `matrix_client_schildichat_themes_enabled` for a way to pull in a bunch of custom themes automatically.
+# If you define your own themes here and set `matrix_client_schildichat_themes_enabled: true`, your themes will be preserved as well.
+#
+# Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed.
+matrix_client_schildichat_setting_defaults_custom_themes: []  # noqa var-naming
+
+# Default schildichat configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_configuration_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_client_schildichat_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
+
+# Your custom JSON configuration for schildichat should go to `matrix_client_schildichat_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_client_schildichat_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_client_schildichat_configuration_default`.
+#
+# Example configuration extension follows:
+#
+# matrix_client_schildichat_configuration_extension_json: |
+#  {
+#  "disable_3pid_login": true,
+#  "disable_login_language_selector": true
+#  }
+matrix_client_schildichat_configuration_extension_json: '{}'
+
+matrix_client_schildichat_configuration_extension: "{{ matrix_client_schildichat_configuration_extension_json | from_json if matrix_client_schildichat_configuration_extension_json | from_json is mapping else {} }}"
+
+# Holds the final schildichat configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_configuration_default`.
+matrix_client_schildichat_configuration: "{{ matrix_client_schildichat_configuration_default | combine(matrix_client_schildichat_configuration_extension, recursive=True) }}"
+
+# schildichat Location sharing functionality
+# More info: https://element.io/blog/element-launches-e2ee-location-sharing/
+# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server
+matrix_client_schildichat_location_sharing_enabled: false
+
+# Default schildichat location sharing map style configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_client_schildichat_location_sharing_map_style_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_client_schildichat_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}"
+
+# Your custom JSON configuration for schildichat location sharing map style should go to `matrix_client_schildichat_location_sharing_map_style_extension_json`.
+# This configuration extends the default starting configuration (`matrix_client_schildichat_location_sharing_map_style_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_client_schildichat_location_sharing_map_style_default`.
+#
+# Example configuration override follows:
+#
+# matrix_client_schildichat_location_sharing_map_style_extension_json: |
+#  {
+#    "sources": {
+#        "localsource": {
+#            "tileSize": 512
+#        }
+#    }
+#  }
+#
+# Example configuration extension follows:
+#
+# matrix_client_schildichat_location_sharing_map_style_extension_json: |
+#  {
+#    "sources": {
+#        "anothersource": {
+#            "attribution": "",
+#            "tileSize": 256,
+#            "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"],
+#            "type": "raster"
+#        }
+#    }
+#  }
+matrix_client_schildichat_location_sharing_map_style_extension_json: '{}'
+
+matrix_client_schildichat_location_sharing_map_style_extension: "{{ matrix_client_schildichat_location_sharing_map_style_extension_json | from_json if matrix_client_schildichat_location_sharing_map_style_extension_json | from_json is mapping else {} }}"
+
+# Holds the final schildichat location sharing map style configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_client_schildichat_location_sharing_map_style_default`.
+matrix_client_schildichat_location_sharing_map_style: "{{ matrix_client_schildichat_location_sharing_map_style_default | combine(matrix_client_schildichat_location_sharing_map_style_extension, recursive=True) }}"
+
+# Example tile servers configuration
+# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"]
+# or
+# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"]
+matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles: []
+
+# Map attribution (optional):
+# Attribution for OpenStreetMap would be like this:
+# matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: "&copy; <a href=\"https://www.openstreetmap.org/copyright\" target=\"_blank\">OpenStreetMap</a> contributors"
+# Leave blank, if map does not require attribution.
+matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution: ""

roles/custom/matrix-client-schildichat/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+
+- tags:
+    - setup-all
+    - setup-client-schildichat
+    - install-all
+    - install-client-schildichat
+  block:
+    - when: matrix_client_schildichat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_client_schildichat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
+
+    - when: matrix_client_schildichat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-client-schildichat
+  block:
+    - when: not matrix_client_schildichat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+
+- tags:
+    - self-check
+  block:
+    - when: matrix_client_schildichat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"

roles/custom/matrix-client-schildichat/tasks/prepare_themes.yml

@@ -0,0 +1,47 @@
+---
+
+#
+# Tasks related to setting up schildichat themes
+#
+
+- when: matrix_client_schildichat_themes_enabled | bool
+  run_once: true
+  delegate_to: 127.0.0.1
+  become: false
+  block:
+    - name: Ensure schildichat themes repository is pulled
+      ansible.builtin.git:
+        repo: "{{ matrix_client_schildichat_themes_repository_url }}"
+        version: "{{ matrix_client_schildichat_themes_repository_version }}"
+        dest: "{{ role_path }}/files/scratchpad/themes"
+
+    - name: Find all schildichat theme files
+      ansible.builtin.find:
+        paths: "{{ role_path }}/files/scratchpad/themes"
+        patterns: "*.json"
+        recurse: true
+      register: matrix_client_schildichat_theme_file_list
+
+    - name: Read schildichat theme
+      ansible.builtin.slurp:
+        path: "{{ item.path }}"
+      register: "matrix_client_schildichat_theme_file_contents"
+      with_items: "{{ matrix_client_schildichat_theme_file_list.files }}"
+
+    - name: Load schildichat theme
+      ansible.builtin.set_fact:
+        matrix_client_schildichat_setting_defaults_custom_themes: "{{ matrix_client_schildichat_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}"  # noqa var-naming
+      with_items: "{{ matrix_client_schildichat_theme_file_contents.results }}"
+
+#
+# Tasks related to getting rid of schildichat themes (if it was previously enabled)
+#
+
+- name: Ensure schildichat themes repository is removed
+  ansible.builtin.file:
+    path: "{{ role_path }}/files/scratchpad/themes"
+    state: absent
+  run_once: true
+  delegate_to: 127.0.0.1
+  become: false
+  when: "not matrix_client_schildichat_themes_enabled | bool"

roles/custom/matrix-client-schildichat/tasks/self_check.yml

@@ -0,0 +1,24 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_client_schildichat_url_endpoint_public: "https://{{ matrix_server_fqn_schildichat }}/config.json"
+
+- name: Check schildichat
+  ansible.builtin.uri:
+    url: "{{ matrix_client_schildichat_url_endpoint_public }}"
+    follow_redirects: none
+    validate_certs: "{{ matrix_client_schildichat_self_check_validate_certificates }}"
+  register: matrix_client_schildichat_self_check_result
+  check_mode: false
+  ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
+
+- name: Fail if schildichat not working
+  ansible.builtin.fail:
+    msg: "Failed checking schildichat is up at `{{ matrix_server_fqn_schildichat }}` (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`). Is schildichat running? Is port 443 open in your firewall? Full error: {{ matrix_client_schildichat_self_check_result }}"
+  when: "matrix_client_schildichat_self_check_result.failed or 'json' not in matrix_client_schildichat_self_check_result"
+
+- name: Report working schildichat
+  ansible.builtin.debug:
+    msg: "schildichat at `{{ matrix_server_fqn_schildichat }}` is working (checked endpoint: `{{ matrix_client_schildichat_url_endpoint_public }}`)"

roles/custom/matrix-client-schildichat/tasks/setup_install.yml

@@ -0,0 +1,109 @@
+---
+
+- name: Ensure schildichat paths exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_client_schildichat_data_path }}", when: true}
+    - {path: "{{ matrix_client_schildichat_docker_src_files_path }}", when: "{{ matrix_client_schildichat_container_image_self_build }}"}
+  when: "item.when | bool"
+
+- name: Ensure schildichat Docker image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_client_schildichat_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_client_schildichat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_schildichat_docker_image_force_pull }}"
+  when: "not matrix_client_schildichat_container_image_self_build | bool"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure schildichat repository is present on self-build
+  ansible.builtin.git:
+    repo: "{{ matrix_client_schildichat_container_image_self_build_repo }}"
+    dest: "{{ matrix_client_schildichat_docker_src_files_path }}"
+    version: "{{ matrix_client_schildichat_docker_image.split(':')[1] }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
+  register: matrix_client_schildichat_git_pull_results
+  when: "matrix_client_schildichat_container_image_self_build | bool"
+
+# See:
+# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
+# - https://github.com/vector-im/schildichat-web/issues/19544
+- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
+  ansible.builtin.lineinfile:
+    path: "{{ matrix_client_schildichat_docker_src_files_path }}/webpack.config.js"
+    regexp: '(\s+)splitChunks: \{'
+    line: '\1splitChunks: { maxSize: 100000,'
+    backrefs: true
+    owner: root
+    group: root
+    mode: '0644'
+  when: "matrix_client_schildichat_container_image_self_build | bool and matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled | bool"
+
+- name: Ensure schildichat Docker image is built
+  ansible.builtin.command:
+    cmd: |-
+      {{ devture_systemd_docker_base_host_command_docker }} buildx build
+      --tag={{ matrix_client_schildichat_docker_image }}
+      --file={{ matrix_client_schildichat_docker_src_files_path }}/Dockerfile
+      {{ matrix_client_schildichat_docker_src_files_path }}
+  changed_when: true
+  when: matrix_client_schildichat_container_image_self_build | bool
+
+- name: Ensure schildichat configuration installed
+  ansible.builtin.copy:
+    content: "{{ matrix_client_schildichat_configuration | to_nice_json }}"
+    dest: "{{ matrix_client_schildichat_data_path }}/config.json"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure schildichat location sharing map style installed
+  when: matrix_client_schildichat_location_sharing_enabled | bool
+  ansible.builtin.copy:
+    content: "{{ matrix_client_schildichat_location_sharing_map_style | to_nice_json }}"
+    dest: "{{ matrix_client_schildichat_data_path }}/map_style.json"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure schildichat config files installed
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/templates/labels.j2", name: "labels"}
+    - {src: "{{ matrix_client_schildichat_page_template_welcome_path }}", name: "welcome.html"}
+    - {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"}
+  when: "item.src is not none"
+
+- name: Ensure schildichat config files removed
+  ansible.builtin.file:
+    path: "{{ matrix_client_schildichat_data_path }}/{{ item.name }}"
+    state: absent
+  with_items:
+    - {src: "{{ matrix_client_schildichat_embedded_pages_home_path }}", name: "home.html"}
+  when: "item.src is none"
+
+- name: Ensure schildichat container network is created
+  community.general.docker_network:
+    name: "{{ matrix_client_schildichat_container_network }}"
+    driver: bridge
+
+- name: Ensure matrix-client-schildichat.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-client-schildichat.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
+    mode: 0644

roles/custom/matrix-client-schildichat/tasks/setup_uninstall.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-client-schildichat.service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
+  register: matrix_client_schildichat_service_stat
+
+- when: matrix_client_schildichat_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-client-schildichat is stopped
+      ansible.builtin.service:
+        name: matrix-client-schildichat
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-client-schildichat.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-schildichat.service"
+        state: absent
+
+    - name: Ensure schildichat path doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_client_schildichat_data_path }}"
+        state: absent

roles/custom/matrix-client-schildichat/tasks/validate_config.yml

@@ -0,0 +1,37 @@
+---
+
+- name: Fail if required schildichat settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`) for using schildichat.
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_client_schildichat_default_hs_url"
+
+- name: Fail if schildichat location sharing enabled, but no tile server defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define at least one map tile server in matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles list
+  when:
+    - matrix_client_schildichat_location_sharing_enabled | bool
+    - matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles | length == 0
+
+- when: matrix_client_schildichat_container_labels_traefik_enabled | bool
+  block:
+    - name: Fail if required matrix-client-schildichat Traefik settings not defined
+      ansible.builtin.fail:
+        msg: >-
+          You need to define a required configuration setting (`{{ item }}`).
+      when: "vars[item] == ''"
+      with_items:
+        - matrix_client_schildichat_container_labels_traefik_hostname
+        - matrix_client_schildichat_container_labels_traefik_path_prefix
+
+    # We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
+    # Knowing that `matrix_client_schildichat_container_labels_traefik_path_prefix` does not end with a slash
+    # ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
+    - name: Fail if matrix_client_schildichat_container_labels_traefik_path_prefix ends with a slash
+      ansible.builtin.fail:
+        msg: >-
+          matrix_client_schildichat_container_labels_traefik_path_prefix (`{{ matrix_client_schildichat_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/schildichat`).
+      when: "matrix_client_schildichat_container_labels_traefik_path_prefix != '/' and matrix_client_schildichat_container_labels_traefik_path_prefix[-1] == '/'"

roles/custom/matrix-client-schildichat/templates/config.json.j2

@@ -0,0 +1,49 @@
+{
+	"default_server_config": {
+		"m.homeserver": {
+			"base_url": {{ matrix_client_schildichat_default_hs_url | string | to_json }},
+			"server_name": {{ matrix_client_schildichat_default_server_name | string | to_json }}
+		},
+		"m.identity_server": {
+			"base_url": {{ matrix_client_schildichat_default_is_url | string | to_json }}
+		}
+	},
+	"setting_defaults": {
+		"custom_themes": {{ matrix_client_schildichat_setting_defaults_custom_themes | to_json }}
+	},
+	"default_theme": {{ matrix_client_schildichat_default_theme | string | to_json }},
+	"default_country_code": {{ matrix_client_schildichat_default_country_code | string | to_json }},
+	"permalink_prefix": {{ matrix_client_schildichat_permalink_prefix | string | to_json }},
+	"disable_custom_urls": {{ matrix_client_schildichat_disable_custom_urls | to_json }},
+	"disable_guests": {{ matrix_client_schildichat_disable_guests | to_json }},
+	"brand": {{ matrix_client_schildichat_brand | to_json }},
+	"integrations_ui_url": {{ matrix_client_schildichat_integrations_ui_url | string | to_json }},
+	"integrations_rest_url": {{ matrix_client_schildichat_integrations_rest_url | string | to_json }},
+	"integrations_widgets_urls": {{ matrix_client_schildichat_integrations_widgets_urls | to_json }},
+	"integrations_jitsi_widget_url": {{ matrix_client_schildichat_integrations_jitsi_widget_url | string | to_json }},
+	"bug_report_endpoint_url": {{ matrix_client_schildichat_bug_report_endpoint_url | to_json }},
+	"show_labs_settings": {{ matrix_client_schildichat_show_lab_settings | to_json }},
+	"room_directory": {
+		"servers": {{ matrix_client_schildichat_room_directory_servers | to_json }}
+	},
+	"welcome_user_id": {{ matrix_client_schildichat_welcome_user_id | to_json }},
+	{% if matrix_client_schildichat_enable_presence_by_hs_url is not none %}
+		"enable_presence_by_hs_url": {{ matrix_client_schildichat_enable_presence_by_hs_url | to_json }},
+	{% endif %}
+	"embedded_pages": {
+		"homeUrl": {{ matrix_client_schildichat_embedded_pages_home_url | string | to_json }}
+	},
+	{% if matrix_client_schildichat_jitsi_preferred_domain %}
+	"jitsi": {
+        "preferred_domain": {{ matrix_client_schildichat_jitsi_preferred_domain | to_json }}
+    },
+	{% endif %}
+	{% if matrix_client_schildichat_location_sharing_enabled %}
+	"map_style_url": "https://{{ matrix_server_fqn_schildichat }}/map_style.json",
+	{% endif %}
+	"branding": {
+		"auth_footer_links": {{ matrix_client_schildichat_branding_auth_footer_links | to_json }},
+		"auth_header_logo_url": {{ matrix_client_schildichat_branding_auth_header_logo_url | to_json }},
+		"welcome_background_url": {{ matrix_client_schildichat_branding_welcome_background_url | to_json }}
+	}
+}

roles/custom/matrix-client-schildichat/templates/labels.j2

@@ -0,0 +1,45 @@
+{% if matrix_client_schildichat_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_client_schildichat_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_client_schildichat_container_labels_traefik_docker_network }}
+{% endif %}
+
+{% set middlewares = [] %}
+
+{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.regex=({{ matrix_client_schildichat_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-client-schildichat-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-client-schildichat-slashless-redirect'] %}
+{% endif %}
+
+{% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-client-schildichat-strip-prefix.stripprefix.prefixes={{ matrix_client_schildichat_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-client-schildichat-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_client_schildichat_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_client_schildichat_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-client-schildichat-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-client-schildichat-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-client-schildichat.rule={{ matrix_client_schildichat_container_labels_traefik_rule }}
+{% if matrix_client_schildichat_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-client-schildichat.priority={{ matrix_client_schildichat_container_labels_traefik_priority }}
+{% endif %}
+traefik.http.routers.matrix-client-schildichat.service=matrix-client-schildichat
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-client-schildichat.middlewares={{ middlewares | join(',') }}
+{% endif %}
+traefik.http.routers.matrix-client-schildichat.entrypoints={{ matrix_client_schildichat_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-client-schildichat.tls={{ matrix_client_schildichat_container_labels_traefik_tls | to_json }}
+{% if matrix_client_schildichat_container_labels_traefik_tls %}
+traefik.http.routers.matrix-client-schildichat.tls.certResolver={{ matrix_client_schildichat_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080
+{% endif %}
+
+{{ matrix_client_schildichat_container_labels_additional_labels }}

roles/custom/matrix-client-schildichat/templates/map_style.json.j2

@@ -0,0 +1,18 @@
+{
+    "layers": [
+        {
+            "id": "locallayer",
+            "source": "localsource",
+            "type": "raster"
+        }
+    ],
+    "sources": {
+        "localsource": {
+            "attribution": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_attribution|to_json }},
+            "tileSize": 256,
+            "tiles": {{ matrix_client_schildichat_location_sharing_map_style_content_sources_localsource_tiles|to_json }},
+            "type": "raster"
+        }
+    },
+    "version": 8
+}

roles/custom/matrix-client-schildichat/templates/systemd/matrix-client-schildichat.service.j2

@@ -0,0 +1,57 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix schildichat server
+{% for service in matrix_client_schildichat_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-client-schildichat \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_client_schildichat_container_network }} \
+			{% if matrix_client_schildichat_container_http_host_bind_port %}
+			-p {{ matrix_client_schildichat_container_http_host_bind_port }}:8080 \
+			{% endif %}
+			--label-file={{ matrix_client_schildichat_data_path }}/labels \
+			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
+			--mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/usr/share/nginx/html/config.json,ro \
+			--mount type=bind,src={{ matrix_client_schildichat_data_path }}/config.json,dst=/usr/share/nginx/html/config.{{ matrix_server_fqn_schildichat }}.json,ro \
+			{% if matrix_client_schildichat_location_sharing_enabled %}
+			--mount type=bind,src={{ matrix_client_schildichat_data_path }}/map_style.json,dst=/usr/share/nginx/html/map_style.json,ro \
+			{% endif %}
+			{% if matrix_client_schildichat_embedded_pages_home_path is not none %}
+			--mount type=bind,src={{ matrix_client_schildichat_data_path }}/home.html,dst=/usr/share/nginx/html/home.html,ro \
+			{% endif %}
+			--mount type=bind,src={{ matrix_client_schildichat_data_path }}/welcome.html,dst=/usr/share/nginx/html/welcome.html,ro \
+			{% for arg in matrix_client_schildichat_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_client_schildichat_docker_image }}
+
+{% for network in matrix_client_schildichat_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-schildichat
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-schildichat
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-schildichat 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-schildichat 2>/dev/null || true'
+
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-client-schildichat
+
+[Install]
+WantedBy=multi-user.target

roles/custom/matrix-client-schildichat/templates/welcome.html.j2

@@ -0,0 +1,205 @@
+#jinja2: lstrip_blocks: "True"
+<style type="text/css">
+
+/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid
+ * voodoo where we have to set display: none by default
+ */
+
+h1::after {
+    content: "!";
+}
+
+.mx_Parent {
+    display: -webkit-box;
+    display: -webkit-flex;
+    display: -ms-flexbox;
+    display: flex;
+    -webkit-box-orient: vertical;
+    -webkit-box-direction: normal;
+    -webkit-flex-direction: column;
+    -ms-flex-direction: column;
+    flex-direction: column;
+    -webkit-box-pack: center;
+    -webkit-justify-content: center;
+    -ms-flex-pack: center;
+    justify-content: center;
+    -webkit-box-align: center;
+    -webkit-align-items: center;
+    -ms-flex-align: center;
+    align-items: center;
+    text-align: center;
+    padding: 25px 35px;
+    color: #2e2f32;
+}
+
+.mx_Logo {
+    height: 54px;
+    margin-top: 2px;
+}
+
+.mx_ButtonGroup {
+    margin-top: 10px;
+}
+
+.mx_ButtonRow {
+    display: -webkit-box;
+    display: -webkit-flex;
+    display: -ms-flexbox;
+    display: flex;
+    -webkit-justify-content: space-around;
+    -ms-flex-pack: distribute;
+    justify-content: space-around;
+    -webkit-box-align: center;
+    -webkit-align-items: center;
+    -ms-flex-align: center;
+    align-items: center;
+    justify-content: space-between;
+    box-sizing: border-box;
+    margin: 12px 0 0;
+}
+
+.mx_ButtonRow > * {
+    margin: 0 10px;
+}
+
+.mx_ButtonRow > *:first-child {
+    margin-left: 0;
+}
+
+.mx_ButtonRow > *:last-child {
+    margin-right: 0;
+}
+
+.mx_ButtonParent {
+    display: -webkit-box;
+    display: -webkit-flex;
+    display: -ms-flexbox;
+    display: flex;
+    padding: 10px 20px;
+    -webkit-box-orient: horizontal;
+    -webkit-box-direction: normal;
+    -webkit-flex-direction: row;
+    -ms-flex-direction: row;
+    flex-direction: row;
+    -webkit-box-pack: center;
+    -webkit-justify-content: center;
+    -ms-flex-pack: center;
+    justify-content: center;
+    -webkit-box-align: center;
+    -webkit-align-items: center;
+    -ms-flex-align: center;
+    align-items: center;
+    border-radius: 4px;
+    width: 150px;
+    background-repeat: no-repeat;
+    background-position: 10px center;
+    text-decoration: none;
+    color: #2e2f32 !important;
+}
+
+.mx_ButtonLabel {
+    margin-left: 20px;
+}
+
+.mx_Header_title {
+    font-size: 24px;
+    font-weight: 600;
+    margin: 20px 0 0;
+}
+
+.mx_Header_subtitle {
+    font-size: 12px;
+    font-weight: normal;
+    margin: 8px 0 0;
+}
+
+.mx_ButtonSignIn {
+    background-color: #368BD6;
+    color: white !important;
+}
+
+.mx_ButtonCreateAccount {
+    background-color: #0DBD8B;
+    color: white !important;
+}
+
+.mx_SecondaryButton {
+    background-color: #FFFFFF;
+    color: #2E2F32;
+}
+
+.mx_Button_iconSignIn {
+    background-image: url('welcome/images/icon-sign-in.svg');
+}
+.mx_Button_iconCreateAccount {
+    background-image: url('welcome/images/icon-create-account.svg');
+}
+.mx_Button_iconHelp {
+    background-image: url('welcome/images/icon-help.svg');
+}
+.mx_Button_iconRoomDirectory {
+    background-image: url('welcome/images/icon-room-directory.svg');
+}
+
+/*
+.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
+If it is set on the page, we should show the buttons. Otherwise, we have to assume
+we don't have an account and should hide them. No account == no guest account either.
+ */
+.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
+    display: none;
+}
+
+.mx_ButtonRow.mx_WelcomePage_guestFunctions {
+    margin-top: 20px;
+}
+.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
+    margin: 0 auto;
+}
+
+@media only screen and (max-width: 480px) {
+    .mx_ButtonRow {
+        flex-direction: column;
+    }
+
+    .mx_ButtonRow > * {
+        margin: 0 0 10px 0;
+    }
+}
+
+</style>
+
+<div class="mx_Parent">
+    <a href="{{ matrix_client_schildichat_welcome_logo_link }}" target="_blank" rel="noopener">
+        <img src="{{ matrix_client_schildichat_welcome_logo }}" alt="" class="mx_Logo"/>
+    </a>
+    <h1 class="mx_Header_title">{{ matrix_client_schildichat_welcome_headline }}</h1>
+    <h4 class="mx_Header_subtitle">{{ matrix_client_schildichat_welcome_text }}</h4>
+    <div class="mx_ButtonGroup">
+        <div class="mx_ButtonRow">
+            <a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
+                <div class="mx_ButtonLabel">_t("Sign In")</div>
+            </a>
+{% if matrix_client_schildichat_registration_enabled %}
+            <a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
+                <div class="mx_ButtonLabel">_t("Create Account")</div>
+            </a>
+{% endif %}
+        </div>
+{% if matrix_client_schildichat_disable_guests != true %}
+        <!-- The comments below are meant to be used by Ansible as a quick way
+             to strip out the marked content when desired.
+             See https://github.com/vector-im/riot-web/issues/8622.
+             TODO: Convert to config option if possible. -->
+        <!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
+        <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
+            <div>
+                <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
+                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
+                </a>
+            </div>
+        </div>
+        <!-- END Ansible: Remove these lines when guest access is disabled -->
+{% endif %}
+    </div>
+</div>

roles/custom/matrix-client-schildichat/vars/main.yml

@@ -0,0 +1,3 @@
+---
+
+matrix_client_schildichat_embedded_pages_home_url: "{{ ('' if matrix_client_schildichat_embedded_pages_home_path is none else 'home.html') }}"

roles/custom/matrix-nginx-proxy/defaults/main.yml

@@ -212,6 +212,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
 matrix_nginx_proxy_proxy_cinny_enabled: false
 matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}"
 
+# Controls whether proxying the schildichat domain should be done.
+matrix_nginx_proxy_proxy_schildichat_enabled: false
+matrix_nginx_proxy_proxy_schildichat_hostname: "{{ matrix_server_fqn_schildichat }}"
+
 # Controls whether proxying the buscarron domain should be done.
 matrix_nginx_proxy_proxy_buscarron_enabled: false
 matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}"
@@ -421,6 +425,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: []
 # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf).
 matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: []
 
+# A list of strings containing additional configuration blocks to add to schildichat's server configuration (matrix-client-schildichat.conf).
+matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks: []
+
 # A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf).
 matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: []
 

roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -115,6 +115,13 @@
     mode: 0644
   when: matrix_nginx_proxy_proxy_cinny_enabled | bool
 
+- name: Ensure Matrix nginx-proxy configuration for schildichat domain exists
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-schildichat.conf.j2"
+    dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf"
+    mode: 0644
+  when: matrix_nginx_proxy_proxy_schildichat_enabled | bool
+
 - name: Ensure Matrix nginx-proxy configuration for buscarron domain exists
   ansible.builtin.template:
     src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2"
@@ -281,6 +288,12 @@
     state: absent
   when: "not matrix_nginx_proxy_proxy_element_enabled | bool"
 
+- name: Ensure Matrix nginx-proxy configuration for Schildichat domain deleted
+  ansible.builtin.file:
+    path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf"
+    state: absent
+  when: "not matrix_nginx_proxy_proxy_schildichat_enabled | bool"
+
 - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted
   ansible.builtin.file:
     path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf"

roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-schildichat.conf.j2

@@ -0,0 +1,106 @@
+#jinja2: lstrip_blocks: "True"
+
+{% macro render_vhost_directives() %}
+	gzip on;
+	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
+
+	{% if matrix_nginx_proxy_hsts_preload_enabled %}
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+	{% else %}
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	{% endif %}
+	add_header X-Content-Type-Options nosniff;
+	add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
+	add_header X-Frame-Options SAMEORIGIN;
+	add_header Content-Security-Policy "frame-ancestors 'self'";
+
+	{% if matrix_nginx_proxy_floc_optout_enabled %}
+		add_header Permissions-Policy interest-cohort=() always;
+	{% endif %}
+
+
+	{% for configuration_block in matrix_nginx_proxy_proxy_schildichat_additional_server_configuration_blocks %}
+		{{- configuration_block }}
+	{% endfor %}
+
+	location / {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
+			set $backend "matrix-client-schildichat:8080";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://127.0.0.1:8765;
+		{% endif %}
+
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
+	}
+{% endmacro %}
+
+server {
+	listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
+	listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
+
+
+	server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	{% if matrix_nginx_proxy_https_enabled %}
+		location /.well-known/acme-challenge {
+			{% if matrix_nginx_proxy_enabled %}
+				{# Use the embedded DNS resolver in Docker containers to discover the service #}
+				resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
+				set $backend "matrix-certbot:8080";
+				proxy_pass http://$backend;
+			{% else %}
+				{# Generic configuration for use outside of our container setup #}
+				proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
+			{% endif %}
+		}
+
+		location / {
+			return 301 https://$http_host$request_uri;
+		}
+	{% else %}
+		{{ render_vhost_directives() }}
+	{% endif %}
+}
+
+{% if matrix_nginx_proxy_https_enabled %}
+server {
+	listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+	listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
+
+	server_name {{ matrix_nginx_proxy_proxy_schildichat_hostname }};
+
+	server_tokens off;
+	root /dev/null;
+
+	ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/fullchain.pem;
+	ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/privkey.pem;
+
+	ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
+	{% if matrix_nginx_proxy_ssl_ciphers != "" %}
+	ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
+	{% endif %}
+	ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
+
+	{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
+		ssl_stapling on;
+		ssl_stapling_verify on;
+		ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_schildichat_hostname }}/chain.pem;
+	{% endif %}
+
+	{% if matrix_nginx_proxy_ssl_session_tickets_off %}
+		ssl_session_tickets off;
+	{% endif %}
+	ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
+	ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
+
+	{{ render_vhost_directives() }}
+}
+{% endif %}

roles/custom/matrix-sliding-sync/defaults/main.yml

@@ -5,7 +5,7 @@
 
 matrix_sliding_sync_enabled: true
 
-matrix_sliding_sync_version: v0.99.7
+matrix_sliding_sync_version: v0.99.10
 
 matrix_sliding_sync_scheme: https
 

roles/custom/matrix-synapse/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_synapse_enabled: true
 
-matrix_synapse_version: v1.90.0
+matrix_synapse_version: v1.92.3
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -438,7 +438,24 @@ matrix_synapse_container_additional_volumes: []
 # A list of additional loggers to register in synapse.log.config.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"name": "..", "level": "DEBUG"}
-matrix_synapse_additional_loggers: []
+matrix_synapse_additional_loggers: "{{ matrix_synapse_additional_loggers_auto + matrix_synapse_additional_loggers_custom }}"
+
+matrix_synapse_additional_loggers_auto:
+  # By default, we're disabling some useless (and even toxic) spammy WARNING-level logs.
+  # Related to:
+  # - https://github.com/matrix-org/synapse/issues/16208
+  # - https://github.com/matrix-org/synapse/issues/16101
+  # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2853
+  - name: synapse.http.matrixfederationclient
+    level: CRITICAL
+  - name: synapse.federation.sender.per_destination_queue
+    level: CRITICAL
+  - name: synapse.handlers.device
+    level: CRITICAL
+  - name: synapse.replication.tcp.handler
+    level: CRITICAL
+
+matrix_synapse_additional_loggers_custom: []
 
 # A list of appservice config files (in-container filesystem paths).
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
@@ -991,9 +1008,9 @@ matrix_synapse_redaction_retention_period: 7d
 matrix_synapse_user_ips_max_age: 28d
 
 
-matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest"
+matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:v0.0.1"
 matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/"
-matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
+matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') or matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
 
 matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"
 matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state"

roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml

@@ -33,9 +33,9 @@
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
       }}
 
-    matrix_synapse_additional_loggers: >
+    matrix_synapse_additional_loggers_auto: >
       {{
-        matrix_synapse_additional_loggers
+        matrix_synapse_additional_loggers_auto
         +
         [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}]
       }}

roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml

@@ -3,9 +3,9 @@
 - ansible.builtin.set_fact:
     matrix_synapse_password_providers_enabled: true
 
-    matrix_synapse_additional_loggers: >
+    matrix_synapse_additional_loggers_auto: >
       {{
-        matrix_synapse_additional_loggers
+        matrix_synapse_additional_loggers_auto
        +
         [{'name': 'ldap_auth_provider', 'level': 'INFO'}]
       }}

roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -28,9 +28,9 @@
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
       }}
 
-    matrix_synapse_additional_loggers: >
+    matrix_synapse_additional_loggers_auto: >
       {{
-        matrix_synapse_additional_loggers
+        matrix_synapse_additional_loggers_auto
         +
         [{'name': 'rest_auth_provider', 'level': 'INFO'}]
       }}

roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -43,9 +43,9 @@
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
       }}
 
-    matrix_synapse_additional_loggers: >
+    matrix_synapse_additional_loggers_auto: >
       {{
-        matrix_synapse_additional_loggers
+        matrix_synapse_additional_loggers_auto
         +
         [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
       }}

roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2

@@ -3,6 +3,7 @@
 Description=Synapse worker ({{ matrix_synapse_worker_container_name }})
 AssertPathExists={{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}
 After=matrix-synapse.service
+Requires=matrix-synapse.service
 
 [Service]
 Type=simple

roles/custom/matrix-synapse/vars/main.yml

@@ -170,6 +170,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$
   - ^/_matrix/client/(r0|v3|unstable)/capabilities$
+  - ^/_matrix/client/(r0|v3|unstable)/notifications$
 
   # Encryption requests
   # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri`

setup.yml

@@ -102,6 +102,7 @@
     - custom/matrix-client-element
     - custom/matrix-client-hydrogen
     - custom/matrix-client-cinny
+    - custom/matrix-client-schildichat
     - galaxy/jitsi
     - custom/matrix-user-verification-service
     - custom/matrix-ldap-registration-proxy

templates/Caddyfile.j2

@@ -0,0 +1,110 @@
+https://{{ matrix_server_fqn_matrix }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+	header {
+		Strict-Transport-Security "max-age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+        basicauth /metrics/* bcrypt monitoring {
+                monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
+        }
+        route /metrics/synapse {
+                uri replace /metrics/synapse /metrics/synapse/main-process
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/appservice {
+                uri replace /metrics/synapse/worker/appservice /metrics/synapse/worker/appservice-0
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-0 {
+                uri replace /metrics/synapse/worker/federation-sender-0 /metrics/synapse/worker/federation-sender-0
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-1 {
+                uri replace /metrics/synapse/worker/federation-sender-1 /metrics/synapse/worker/federation-sender-1
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-2 {
+                uri replace /metrics/synapse/worker/federation-sender-2 /metrics/synapse/worker/federation-sender-2
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/generic-0 {
+                uri replace /metrics/synapse/worker/generic-0 /metrics/synapse/worker/generic-worker-0
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/generic-1 {
+                uri replace /metrics/synapse/worker/generic-1 /metrics/synapse/worker/generic-worker-1
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/media-0 {
+                uri replace /metrics/synapse/worker/media-0 /metrics/synapse/worker/media-repository-0
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/media-1 {
+                uri replace /metrics/synapse/worker/media-1 /metrics/synapse/worker/media-repository-1
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/bridge/* {
+                uri strip_prefix /metrics/bridge
+                route /mautrix-telegram {
+                    uri replace /mautrix-telegram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-whatsapp {
+                    uri replace /mautrix-whatsapp /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-signal {
+                    uri replace /mautrix-signal /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-instagram {
+                    uri replace /mx-puppet-instagram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-discord {
+                    uri replace /mx-puppet-discord /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-skype {
+                    uri replace /mx-puppet-skype /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-slack {
+                    uri replace /mx-puppet-slack /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+                }
+        }
+	reverse_proxy /_matrix/federation/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
+	reverse_proxy /_matrix/key/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_server_fqn_dimension }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_server_fqn_element }} {
+	tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
+	encode zstd gzip
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_domain }}/.well-known/matrix/* {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	route {
+		uri strip_prefix /.well-known/matrix
+		root * /matrix_static
+		file_server
+	}
+	header {
+		Content-Type "application/json"
+		X-Content-Type-Options "nosniff"
+		Access-Control-Allow-Origin *
+		Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+}