chore(mautrix-whatsapp): update bridge settings

This mostly fixes `key-order` warnings around
`block` statements.

.config/ansible-lint.yml

@@ -9,5 +9,8 @@ skip_list:
   - schema
   - command-instead-of-shell
   - role-name
+  # We frequently load configuration from a template (into a variable), then merge that with another variable (configuration extension)
+  # before finally dumping it to a file.
+  - template-instead-of-copy
 
 offline: false

docs/configuring-playbook-bot-maubot.md

@@ -54,4 +54,5 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 ## Obtaining an admin access token
 
-This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md).
+This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh`
+Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). However these two methods won't allow the bot to work in encrypted rooms.

docs/configuring-playbook-ntfy.md

@@ -71,7 +71,8 @@ Steps needed for specific matrix apps:
   3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
 
 * Element-android v1.4.26+:
-  - [not yet documented; should auto-detect and use it?]
+  1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy`
+  2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings`
 
 If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
 

group_vars/matrix_servers

@@ -2477,13 +2477,24 @@ matrix_grafana_enabled: false
 # Grafana's HTTP port to the local host.
 matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}"
 
-matrix_grafana_dashboard_download_urls_all: |
+matrix_grafana_dashboard_download_urls: |
   {{
-    matrix_grafana_dashboard_download_urls
+    (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
+    +
+    (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else [])
     +
     (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else [])
   }}
 
+matrix_grafana_default_home_dashboard_path: |-
+  {{
+    {
+      'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled else '/etc/grafana/dashboards/node-exporter-full.json'),
+      'dendrite': '/etc/grafana/dashboards/node-exporter-full.json',
+      'conduit': '/etc/grafana/dashboards/node-exporter-full.json',
+    }[matrix_homeserver_implementation]
+  }}
+
 matrix_grafana_systemd_wanted_services_list: |
   {{
     []

roles/matrix-backup-borg/tasks/setup_install.yml

@@ -1,6 +1,7 @@
 ---
 
-- block:
+- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
+  block:
   - name: Fail with matrix_backup_borg_version advice if Postgres not enabled
     ansible.builtin.fail:
       msg: >-
@@ -20,7 +21,6 @@
   - name: Set the correct borg backup version to use
     ansible.builtin.set_fact:
       matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
-  when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
 
 - name: Ensure borg paths exist
   ansible.builtin.file:

roles/matrix-base/defaults/main.yml

@@ -134,7 +134,7 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
 matrix_host_command_systemctl: "/usr/bin/env systemctl"
 matrix_host_command_sh: "/usr/bin/env sh"
 
-matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18)  else ('systemd' if ansible_os_family == 'Suse' else 'ntp') }}"
+matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ('systemd' if ansible_os_family == 'Suse' else 'ntp') }}"
 matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
 
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

roles/matrix-base/tasks/server_base/setup.yml

@@ -9,7 +9,8 @@
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
   when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
 
-- block:
+- when: ansible_os_family == 'Debian'
+  block:
   # ansible_lsb is only available if lsb-release is installed.
   - name: Ensure lsb-release installed
     ansible.builtin.apt:
@@ -28,7 +29,6 @@
 
   - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
     when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
-  when: ansible_os_family == 'Debian'
 
 - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
   when: ansible_distribution == 'Archlinux'
@@ -39,7 +39,7 @@
     state: started
     enabled: true
 
-- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
+- name: "Ensure ntpd is started and autoruns"
   ansible.builtin.service:
     name: "{{ matrix_ntpd_service }}"
     state: started

roles/matrix-bot-buscarron/tasks/setup_install.yml

@@ -2,13 +2,15 @@
 - ansible.builtin.set_fact:
     matrix_bot_buscarron_requires_restart: false
 
-- block:
+- when: "matrix_bot_buscarron_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
       register: matrix_bot_buscarron_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
@@ -24,8 +26,6 @@
 
         - ansible.builtin.set_fact:
             matrix_bot_buscarron_requires_restart: true
-      when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_bot_buscarron_database_engine == 'postgres'"
 
 - name: Ensure buscarron paths exist
   ansible.builtin.file:

roles/matrix-bot-honoroit/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.14
+matrix_bot_honoroit_version: v0.9.15
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

roles/matrix-bot-honoroit/tasks/setup_install.yml

@@ -2,13 +2,15 @@
 - ansible.builtin.set_fact:
     matrix_bot_honoroit_requires_restart: false
 
-- block:
+- when: "matrix_bot_honoroit_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
       register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
@@ -24,8 +26,6 @@
 
         - ansible.builtin.set_fact:
             matrix_bot_honoroit_requires_restart: true
-      when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_bot_honoroit_database_engine == 'postgres'"
 
 - name: Ensure honoroit paths exist
   ansible.builtin.file:

roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml

@@ -3,13 +3,15 @@
 - ansible.builtin.set_fact:
     matrix_bot_matrix_reminder_bot_requires_restart: false
 
-- block:
+- when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
       register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
@@ -25,8 +27,6 @@
 
         - ansible.builtin.set_fact:
             matrix_bot_matrix_reminder_bot_requires_restart: true
-      when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'"
 
 - name: Ensure matrix-reminder-bot paths exist
   ansible.builtin.file:

roles/matrix-bot-postmoogle/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.2
+matrix_bot_postmoogle_version: v0.9.4
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

roles/matrix-bot-postmoogle/tasks/setup_install.yml

@@ -1,11 +1,13 @@
 ---
-- block:
+- when: "matrix_bot_postmoogle_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
       register: matrix_bot_postmoogle_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
@@ -21,8 +23,6 @@
 
         - ansible.builtin.set_fact:
             matrix_bot_postmoogle_requires_restart: true
-      when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_bot_postmoogle_database_engine == 'postgres'"
 
 - name: Ensure postmoogle paths exist
   ansible.builtin.file:
@@ -91,9 +91,3 @@
   ansible.builtin.service:
     daemon_reload: true
   when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-bot-postmoogle.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-bot-postmoogle.service"
-    state: restarted
-  when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -3,13 +3,15 @@
 - ansible.builtin.set_fact:
     matrix_appservice_discord_requires_restart: false
 
-- block:
+- when: "matrix_appservice_discord_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
       register: matrix_appservice_discord_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
@@ -25,8 +27,6 @@
 
         - ansible.builtin.set_fact:
             matrix_appservice_discord_requires_restart: true
-      when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_appservice_discord_database_engine == 'postgres'"
 
 - name: Ensure Appservice Discord image is pulled
   docker_image:

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
 
 # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
-matrix_appservice_irc_version: 0.35.0
+matrix_appservice_irc_version: 0.35.1
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
 matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -21,7 +21,8 @@
     path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
   register: matrix_appservice_irc_stat_passkey
 
-- block:
+- when: "matrix_appservice_irc_stat_passkey.stat.exists"
+  block:
     - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
       ansible.builtin.service:
         name: matrix-appservice-irc
@@ -44,24 +45,23 @@
         - rooms.db
         - users.db
       failed_when: false
-  when: "matrix_appservice_irc_stat_passkey.stat.exists"
 
 - ansible.builtin.set_fact:
     matrix_appservice_irc_requires_restart: false
 
-- block:
+- when: "matrix_appservice_irc_database_engine == 'postgres'"
+  block:
     - name: Check if a nedb database already exists
       ansible.builtin.stat:
         path: "{{ matrix_appservice_irc_data_path }}/users.db"
       register: matrix_appservice_irc_nedb_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
 
         - ansible.builtin.set_fact:
             matrix_appservice_irc_requires_restart: true
-      when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_appservice_irc_database_engine == 'postgres'"
 
 - name: Ensure Appservice IRC image is pulled
   docker_image:

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -43,7 +43,10 @@
       The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
   when: "matrix_synapse_role_executed | default(False)"
 
-- block:
+- when: matrix_appservice_slack_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -76,9 +79,6 @@
             +
             [matrix_appservice_slack_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_appservice_slack_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-appservice-slack/tasks/setup_install.yml

@@ -17,19 +17,19 @@
 - ansible.builtin.set_fact:
     matrix_appservice_slack_requires_restart: false
 
-- block:
+- when: "matrix_appservice_slack_database_engine == 'postgres'"
+  block:
     - name: Check if a nedb database already exists
       ansible.builtin.stat:
         path: "{{ matrix_appservice_slack_data_path }}/teams.db"
       register: matrix_appservice_slack_nedb_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
 
         - ansible.builtin.set_fact:
             matrix_appservice_slack_requires_restart: true
-      when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_appservice_slack_database_engine == 'postgres'"
 
 - name: Ensure Appservice Slack image is pulled
   docker_image:

roles/matrix-bridge-appservice-webhooks/tasks/init.yml

@@ -36,7 +36,10 @@
       The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
   when: "matrix_synapse_role_executed | default(False)"
 
-- block:
+- when: matrix_appservice_webhooks_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -71,9 +74,6 @@
             +
             [matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_appservice_webhooks_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml

@@ -26,7 +26,8 @@
   delay: "{{ matrix_container_retries_delay }}"
   until: result is not failed
 
-- block:
+- when: "matrix_appservice_webhooks_container_image_self_build | bool"
+  block:
     - name: Ensure Appservice webhooks repository is present on self-build
       ansible.builtin.git:
         repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}"
@@ -47,7 +48,6 @@
           dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}"
           path: "{{ matrix_appservice_webhooks_docker_src_files_path }}"
           pull: true
-  when: "matrix_appservice_webhooks_container_image_self_build | bool"
 
 - name: Ensure Matrix Appservice webhooks config is installed
   ansible.builtin.copy:

roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml

@@ -34,7 +34,8 @@
   delay: "{{ matrix_container_retries_delay }}"
   until: result is not failed
 
-- block:
+- when: "matrix_beeper_linkedin_container_image_self_build | bool"
+  block:
     - name: Ensure Beeper LinkedIn repository is present on self-build
       ansible.builtin.git:
         repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
@@ -72,7 +73,6 @@
           pull: true
           args:
             TARGETARCH: "{{ matrix_architecture }}"
-  when: "matrix_beeper_linkedin_container_image_self_build | bool"
 
 - name: Ensure beeper-linkedin config.yaml installed
   ansible.builtin.copy:

roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_go_skype_bridge_requires_restart: false
 
-- block:
+- when: "matrix_go_skype_bridge_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
       register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
@@ -34,9 +36,6 @@
 
         - ansible.builtin.set_fact:
             matrix_go_skype_bridge_requires_restart: true
-      when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_go_skype_bridge_database_engine == 'postgres'"
-
 
 - name: Ensure Go Skype Bridge paths exists
   ansible.builtin.file:

roles/matrix-bridge-hookshot/tasks/init.yml

@@ -28,7 +28,8 @@
       }}
   when: matrix_hookshot_enabled | bool
 
-- block:
+- when: matrix_hookshot_enabled | bool
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -128,7 +129,6 @@
             [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
           }}
       when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
-  when: matrix_hookshot_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_discord_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_discord_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
       register: matrix_mautrix_discord_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
@@ -34,9 +36,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_discord_requires_restart: true
-      when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_discord_database_engine == 'postgres'"
-
 
 - name: Ensure Mautrix Discord paths exists
   ansible.builtin.file:

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mautrix_facebook_enabled | bool
 
-- block:
+- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -70,7 +73,3 @@
           URL endpoint to the matrix-mautrix-facebook container.
           You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
       when: "not matrix_nginx_proxy_enabled | default(False) | bool"
-
-  tags:
-    - always
-  when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_facebook_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_facebook_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
       register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
@@ -33,8 +35,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_facebook_requires_restart: true
-      when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_facebook_database_engine == 'postgres'"
 
 - name: Ensure Mautrix Facebook image is pulled
   docker_image:

roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml

@@ -10,7 +10,8 @@
     - "matrix_mautrix_facebook_appservice_token"
     - "matrix_mautrix_facebook_homeserver_token"
 
-- block:
+- when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
+  block:
     - name: Inject warning if on an old SQLite-supporting version
       ansible.builtin.set_fact:
         matrix_playbook_runtime_results: |
@@ -21,4 +22,3 @@
               "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)"
             ]
           }}
-  when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"

roles/matrix-bridge-mautrix-googlechat/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mautrix_googlechat_enabled | bool
 
-- block:
+- when: matrix_mautrix_googlechat_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -59,9 +62,6 @@
             +
             [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_mautrix_googlechat_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_googlechat_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
       register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
@@ -33,8 +35,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_googlechat_requires_restart: true
-      when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
 
 - name: Ensure Mautrix googlechat image is pulled
   docker_image:

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mautrix_hangouts_enabled | bool
 
-- block:
+- when: matrix_mautrix_hangouts_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -59,9 +62,6 @@
             +
             [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_mautrix_hangouts_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_hangouts_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_hangouts_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
       register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
@@ -33,8 +35,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_hangouts_requires_restart: true
-      when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_hangouts_database_engine == 'postgres'"
 
 - name: Ensure Mautrix Hangouts image is pulled
   docker_image:

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
 
-matrix_mautrix_instagram_version: v0.2.0
+matrix_mautrix_instagram_version: v0.2.1
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -9,14 +9,14 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
 matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
 matrix_telegram_lottieconverter_docker_repo_version: "master"
 matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
-matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15"  # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16"  # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
 
 matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.12.0
+matrix_mautrix_telegram_version: v0.12.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mautrix_telegram_enabled | bool
 
-- block:
+- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -69,7 +72,3 @@
           URL endpoint to the matrix-mautrix-telegram container.
           You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
       when: "not matrix_nginx_proxy_enabled | default(False) | bool"
-
-  tags:
-    - always
-  when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool

roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_telegram_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_telegram_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
       register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
@@ -33,8 +35,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_telegram_requires_restart: true
-      when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_telegram_database_engine == 'postgres'"
 
 - name: Ensure Mautrix Telegram paths exist
   ansible.builtin.file:

roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -11,13 +11,15 @@
 - ansible.builtin.set_fact:
     matrix_mautrix_whatsapp_requires_restart: false
 
-- block:
+- when: "matrix_mautrix_whatsapp_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
       register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
@@ -34,9 +36,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mautrix_whatsapp_requires_restart: true
-      when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mautrix_whatsapp_database_engine == 'postgres'"
-
 
 - name: Ensure Mautrix Whatsapp paths exists
   ansible.builtin.file:

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -55,7 +55,7 @@ appservice:
     # Whether or not to receive ephemeral events via appservice transactions.
     # Requires MSC2409 support (i.e. Synapse 1.22+).
     # You should disable bridge -> sync_with_custom_puppets when this is enabled.
-    ephemeral_events: true
+    ephemeral_events: false
 
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
@@ -191,7 +191,7 @@ bridge:
     # Should Matrix users leaving groups be bridged to WhatsApp?
     bridge_matrix_leave: true
     # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
-    sync_with_custom_puppets: false
+    sync_with_custom_puppets: true
     # Should the bridge update the m.direct account data event when double puppeting is enabled.
     # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
     # and is therefore prone to race conditions.

roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml

@@ -27,7 +27,8 @@
     path: "{{ matrix_mx_puppet_discord_base_path }}/database.db"
   register: matrix_mx_puppet_discord_stat_database
 
-- block:
+- when: "matrix_mx_puppet_discord_stat_database.stat.exists"
+  block:
     - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped
       ansible.builtin.service:
         name: matrix-mx-puppet-discord
@@ -40,18 +41,19 @@
         cmd: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db"
       register: matrix_mx_puppet_discord_relocate_database_result
       changed_when: matrix_mx_puppet_discord_relocate_database_result.rc == 0
-  when: "matrix_mx_puppet_discord_stat_database.stat.exists"
 
 - ansible.builtin.set_fact:
     matrix_mx_puppet_discord_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_discord_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
       register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
@@ -67,8 +69,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_discord_requires_restart: true
-      when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_discord_database_engine == 'postgres'"
 
 - name: Ensure MX Puppet Discord image is pulled
   docker_image:

roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml

@@ -43,13 +43,15 @@
 - ansible.builtin.set_fact:
     matrix_mx_puppet_groupme_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
       register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
@@ -65,8 +67,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_groupme_requires_restart: true
-      when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
 
 - name: Ensure MX Puppet Groupme image is pulled
   docker_image:

roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml

@@ -12,13 +12,15 @@
 - ansible.builtin.set_fact:
     matrix_mx_puppet_instagram_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_instagram_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
       register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
@@ -34,8 +36,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_instagram_requires_restart: true
-      when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_instagram_database_engine == 'postgres'"
 
 - name: Ensure mx-puppet-instagram image is pulled
   docker_image:

roles/matrix-bridge-mx-puppet-slack/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mx_puppet_slack_enabled | bool
 
-- block:
+- when: matrix_mx_puppet_slack_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -60,9 +63,6 @@
             +
             [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_mx_puppet_slack_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml

@@ -39,13 +39,15 @@
 - ansible.builtin.set_fact:
     matrix_mx_puppet_slack_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_slack_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
       register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
@@ -61,8 +63,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_slack_requires_restart: true
-      when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_slack_database_engine == 'postgres'"
 
 - name: Ensure MX Puppet Slack image is pulled
   docker_image:

roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml

@@ -43,13 +43,15 @@
 - ansible.builtin.set_fact:
     matrix_mx_puppet_steam_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_steam_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
       register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
@@ -65,8 +67,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_steam_requires_restart: true
-      when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_steam_database_engine == 'postgres'"
 
 - name: Ensure MX Puppet Steam image is pulled
   docker_image:

roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml

@@ -27,7 +27,10 @@
       }}
   when: matrix_mx_puppet_twitter_enabled | bool
 
-- block:
+- when: matrix_mx_puppet_twitter_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -60,9 +63,6 @@
             +
             [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_mx_puppet_twitter_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml

@@ -43,13 +43,15 @@
 - ansible.builtin.set_fact:
     matrix_mx_puppet_twitter_requires_restart: false
 
-- block:
+- when: "matrix_mx_puppet_twitter_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
       register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
@@ -65,8 +67,6 @@
 
         - ansible.builtin.set_fact:
             matrix_mx_puppet_twitter_requires_restart: true
-      when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_mx_puppet_twitter_database_engine == 'postgres'"
 
 - name: Ensure MX Puppet Twitter image is pulled
   docker_image:

roles/matrix-cactus-comments/tasks/init.yml

@@ -21,7 +21,10 @@
       }}
   when: matrix_cactus_comments_enabled | bool
 
-- block:
+- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -63,7 +66,3 @@
           reverse proxy.
           Please make sure that you're proxying client files in {{ matrix_cactus_comments_client_path }} correctly
       when: "not matrix_nginx_proxy_enabled | default(False) | bool"
-
-  tags:
-    - always
-  when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool

roles/matrix-cactus-comments/tasks/setup_install.yml

@@ -65,7 +65,8 @@
       pull: true
   when: "matrix_cactus_comments_container_image_self_build | bool"
 
-- block:
+- when: matrix_cactus_comments_client_local_dir | length == 0
+  block:
     - name: Download client binary to local folder
       ansible.builtin.get_url:
         url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz"
@@ -101,9 +102,9 @@
         mode: "{{ matrix_cactus_comments_client_file_permissions }}"
         owner: "{{ matrix_user_username }}"
         group: "{{ matrix_user_groupname }}"
-  when: matrix_cactus_comments_client_local_dir | length == 0
 
-- block:
+- when: matrix_cactus_comments_client_local_dir | length > 0
+  block:
     - name: Propagate locally distributed client javascreipt
       ansible.builtin.copy:
         src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js"
@@ -118,7 +119,6 @@
         mode: "{{ matrix_cactus_comments_client_file_permissions }}"
         owner: "{{ matrix_user_username }}"
         group: "{{ matrix_user_groupname }}"
-  when: matrix_cactus_comments_client_local_dir | length > 0
 
 - name: Ensure matrix-cactus-comments.service installed
   ansible.builtin.template:

roles/matrix-client-element/tasks/prepare_themes.yml

@@ -4,7 +4,11 @@
 # Tasks related to setting up Element themes
 #
 
-- block:
+- when: matrix_client_element_themes_enabled | bool
+  run_once: true
+  delegate_to: 127.0.0.1
+  become: false
+  block:
   - name: Ensure Element themes repository is pulled
     ansible.builtin.git:
       repo: "{{ matrix_client_element_themes_repository_url }}"
@@ -29,12 +33,6 @@
       matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}"  # noqa var-naming
     with_items: "{{ matrix_client_element_theme_file_contents.results }}"
 
-  run_once: true
-  delegate_to: 127.0.0.1
-  become: false
-  when: matrix_client_element_themes_enabled | bool
-
-
 #
 # Tasks related to getting rid of Element themes (if it was previously enabled)
 #

roles/matrix-common-after/tasks/start.yml

@@ -34,7 +34,8 @@
   delegate_to: 127.0.0.1
   become: false
 
-- block:
+- when: "ansible_distribution != 'Archlinux'"
+  block:
     - name: Populate service facts
       ansible.builtin.service_facts:
 
@@ -50,9 +51,9 @@
       with_items: "{{ matrix_systemd_services_list }}"
       when:
         - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"
-  when: "ansible_distribution != 'Archlinux'"
 
-- block:
+- when: "ansible_distribution == 'Archlinux'"
+  block:
     # Currently there is a bug in ansible that renders is incompatible with systemd.
     # service_facts is not collecting the data successfully.
     # Therefore iterating here manually
@@ -70,4 +71,3 @@
           Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate.
       with_items: "{{ systemdstatus.results }}"
       when: "item.status['ActiveState'] != 'active'"
-  when: "ansible_distribution == 'Archlinux'"

roles/matrix-coturn/tasks/setup_install.yml

@@ -29,7 +29,8 @@
   delay: "{{ matrix_container_retries_delay }}"
   until: result is not failed
 
-- block:
+- when: "matrix_coturn_container_image_self_build | bool"
+  block:
     - name: Ensure Coturn repository is present on self-build
       ansible.builtin.git:
         repo: "{{ matrix_coturn_container_image_self_build_repo }}"
@@ -50,7 +51,6 @@
           dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}"
           path: "{{ matrix_coturn_docker_src_files_path }}"
           pull: true
-  when: "matrix_coturn_container_image_self_build | bool"
 
 - name: Ensure Coturn configuration path exists
   ansible.builtin.file:

roles/matrix-dendrite/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
 
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "docker.io/"
-matrix_dendrite_docker_image_tag: "v0.9.8"
+matrix_dendrite_docker_image_tag: "v0.9.9"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

roles/matrix-dimension/tasks/setup_install.yml

@@ -3,13 +3,15 @@
 - ansible.builtin.set_fact:
     matrix_dimension_requires_restart: false
 
-- block:
+- when: "matrix_dimension_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_dimension_sqlite_database_path_local }}"
       register: matrix_dimension_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         # pgloader makes a few columns `smallint`, instead of `boolean`.
         # We need to fix them up.
         - ansible.builtin.set_fact:
@@ -67,8 +69,6 @@
 
         - ansible.builtin.set_fact:
             matrix_dimension_requires_restart: true
-      when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_dimension_database_engine == 'postgres'"
 
 - name: Ensure Dimension base path exists
   ansible.builtin.file:

roles/matrix-dynamic-dns/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.9.1-ls98
+matrix_dynamic_dns_version: v3.9.1-ls100
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

roles/matrix-etherpad/tasks/init.yml

@@ -4,7 +4,10 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}"
   when: matrix_etherpad_enabled | bool
 
-- block:
+- when: matrix_etherpad_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -49,9 +52,6 @@
             +
             [matrix_etherpad_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_etherpad_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-grafana/defaults/main.yml

@@ -3,18 +3,14 @@
 # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
 # Project source code URL: https://github.com/grafana/grafana
 
-matrix_grafana_enabled: false
+matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.1.5
+matrix_grafana_version: 9.1.6
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 
-# Not conditional, because when someone disables metrics
-# they might still want to look at the old existing data.
-# So it would be silly to delete the dashboard in such case.
-matrix_grafana_dashboard_download_urls:
-  - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json"
-  - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json"
+# matrix_grafana_dashboard_download_urls holds a list of URLs of dashboards to download
+matrix_grafana_dashboard_download_urls: []
 
 matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana"
 matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config"
@@ -50,6 +46,10 @@ matrix_grafana_content_security_policy: true
 matrix_grafana_content_security_policy_customized: false
 matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"
 
+# matrix_grafana_default_home_dashboard_path influences the `default_home_dashboard_path` grafana.ini setting,
+# which is an in-container path for the default dashboard.
+matrix_grafana_default_home_dashboard_path: /etc/grafana/dashboards/node-exporter-full.json
+
 # A list of extra arguments to pass to the container
 matrix_grafana_container_extra_arguments: []
 

roles/matrix-grafana/tasks/setup.yml

@@ -68,7 +68,7 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
+  with_items: "{{ matrix_grafana_dashboard_download_urls }}"
   when: matrix_grafana_enabled | bool
   register: result
   retries: "{{ matrix_geturl_retries_count }}"

roles/matrix-grafana/tasks/validate_config.yml

@@ -5,3 +5,12 @@
     msg: >
       You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana.
   when: "not matrix_prometheus_enabled"
+
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_grafana_dashboard_download_urls_all', 'new': 'matrix_grafana_dashboard_download_urls'}

roles/matrix-grafana/templates/grafana.ini.j2

@@ -26,8 +26,4 @@ enabled = {{ matrix_grafana_anonymous_access }}
 org_name = "{{ matrix_grafana_anonymous_access_org_name }}"
 
 [dashboards]
-{% if matrix_synapse_metrics_enabled %}
-default_home_dashboard_path = /etc/grafana/dashboards/synapse.json
-{% else %}
-default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json
-{% endif %}
+default_home_dashboard_path = {{ matrix_grafana_default_home_dashboard_path }}

roles/matrix-ma1sd/tasks/migrate_mxisd.yml

@@ -42,7 +42,8 @@
 
 # We use shell commands for the migration, because the Ansible copy module cannot
 # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible.
-- block:
+- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
+  block:
     - name: Copy mxisd data files to ma1sd folder
       ansible.builtin.command:
         cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}"
@@ -66,7 +67,6 @@
         cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated"
       register: matrix_ma1sd_migrate_mxisd_move_directory_result
       changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0
-  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
 
 - name: Ensure outdated matrix-mxisd.service doesn't exist
   ansible.builtin.file:

roles/matrix-ma1sd/tasks/setup_install.yml

@@ -21,13 +21,15 @@
 - ansible.builtin.set_fact:
     matrix_ma1sd_requires_restart: false
 
-- block:
+- when: "matrix_ma1sd_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_ma1sd_sqlite_database_path_local }}"
       register: matrix_ma1sd_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_ma1sd_sqlite_database_path_local }}"
@@ -44,8 +46,6 @@
 
         - ansible.builtin.set_fact:
             matrix_ma1sd_requires_restart: true
-      when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_ma1sd_database_engine == 'postgres'"
 
 - name: Ensure ma1sd image is pulled
   docker_image:
@@ -59,7 +59,8 @@
   delay: "{{ matrix_container_retries_delay }}"
   until: result is not failed
 
-- block:
+- when: "matrix_ma1sd_container_image_self_build | bool"
+  block:
     - name: Ensure gradle is installed for self-building (Debian)
       ansible.builtin.apt:
         name:
@@ -111,7 +112,6 @@
         repository: "{{ matrix_ma1sd_docker_image }}"
         force_tag: true
         source: local
-  when: "matrix_ma1sd_container_image_self_build | bool"
 
 - name: Ensure ma1sd config installed
   ansible.builtin.copy:

roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml

@@ -15,7 +15,8 @@
 # See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module
 # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle.
 # As a workaround, we run `htpasswd` from an Apache container image.
-- block:
+- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''
+  block:
     - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs)
       docker_image:
         name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}"
@@ -57,4 +58,3 @@
       ansible.builtin.file:
         path: /tmp/matrix-nginx-proxy-metrics-password
         state: absent
-  when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''

roles/matrix-nginx-proxy/tasks/self_check_well_known.yml

@@ -9,7 +9,8 @@
         follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}"
         validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
 
-- block:
+- when: matrix_well_known_matrix_server_enabled | bool
+  block:
     - ansible.builtin.set_fact:
         well_known_file_check_matrix_server:
           path: /.well-known/matrix/server
@@ -21,7 +22,6 @@
     - name: Determine domains that we require certificates for (ma1sd)
       ansible.builtin.set_fact:
         well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
-  when: matrix_well_known_matrix_server_enabled | bool
 
 - name: Perform well-known checks
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -16,7 +16,8 @@
 # Tasks related to setting up Let's Encrypt's management of certificates
 #
 
-- block:
+- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
+  block:
     - name: Ensure certbot Docker image is pulled
       docker_image:
         name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
@@ -43,13 +44,13 @@
         mode: 0644
       when: "item.applicable | bool"
       with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
-  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 #
 # Tasks related to getting rid of Let's Encrypt's management of certificates
 #
 
-- block:
+- when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
+  block:
     - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
       ansible.builtin.file:
         path: "{{ matrix_systemd_path }}/{{ item.name }}"
@@ -61,4 +62,3 @@
       ansible.builtin.file:
         path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
         state: absent
-  when: "matrix_ssl_retrieval_method != 'lets-encrypt'"

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -13,7 +13,8 @@
 - ansible.builtin.set_fact:
     domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"
 
-- block:
+- when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
+  block:
     - name: Ensure required service for obtaining is started
       ansible.builtin.service:
         name: "{{ matrix_ssl_pre_obtaining_required_service_name }}"
@@ -24,7 +25,6 @@
       ansible.builtin.wait_for:
         timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}"
       when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool"
-  when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
 
 # This will fail if there is something running on port 80 (like matrix-nginx-proxy).
 # We suppress the error, as we'll try another method below.

roles/matrix-nginx-proxy/tasks/validate_config.yml

@@ -35,7 +35,8 @@
       - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`)
   when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"
 
-- block:
+- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
+  block:
     - name: (Deprecation) Catch and report renamed settings
       ansible.builtin.fail:
         msg: >-
@@ -57,7 +58,6 @@
         - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"
         - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"
       when: "vars[item] == '' or vars[item] is none"
-  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 - name: (Deprecation) Catch and report old metrics usage
   ansible.builtin.fail:

roles/matrix-postgres/defaults/main.yml

@@ -78,7 +78,7 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username]
 # which is unsupported by default by newer Postgres versions (v14+).
 # When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+.
 # If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default.
-matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)"  # noqa var-spacing
+matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)"  # noqa jinja[spacing]
 
 # A list of databases to avoid creating when importing (or upgrading) the database.
 # If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`),
@@ -86,7 +86,7 @@ matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_post
 # We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump.
 matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name]
 
-matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s"  # noqa var-spacing
+matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s"  # noqa jinja[spacing]
 
 # The number of seconds to wait after starting `matrix-postgres.service`
 # and before trying to run queries for creating additional databases/users against it.

roles/matrix-postgres/tasks/import_generic_sqlite_db.yml

@@ -25,7 +25,8 @@
 # We either expect `postgres_db_connection_string` specifying a full Postgres database connection string,
 # or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string.
 
-- block:
+- when: 'postgres_connection_string_variable_name is defined'
+  block:
     - name: Fail if postgres_connection_string_variable_name points to an undefined variable
       ansible.builtin.fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`"
       when: "postgres_connection_string_variable_name not in vars"
@@ -33,7 +34,6 @@
     - name: Get Postgres connection string from variable
       ansible.builtin.set_fact:
         postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}"
-  when: 'postgres_connection_string_variable_name is defined'
 
 - name: Fail if playbook called incorrectly
   ansible.builtin.fail:

roles/matrix-postgres/tasks/migrate_db_to_postgres.yml

@@ -31,7 +31,8 @@
     msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}"
   when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists"
 
-- block:
+- when: "matrix_postgres_pgloader_container_image_self_build | bool"
+  block:
     - name: Ensure pgloader repository is present on self-build
       ansible.builtin.git:
         repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}"
@@ -69,7 +70,6 @@
           dockerfile: Dockerfile
           path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}"
           pull: true
-  when: "matrix_postgres_pgloader_container_image_self_build | bool"
 
 - name: Ensure pgloader Docker image is pulled
   docker_image:
@@ -134,7 +134,8 @@
   register: matrix_postgres_migrate_db_to_postgres_import_result
   changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0
 
-- block:
+- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0"
+  block:
     - ansible.builtin.import_role:
         name: matrix-postgres
         tasks_from: detect_existing_postgres_version
@@ -157,8 +158,6 @@
       register: matrix_postgres_migrate_db_to_postgres_additional_queries_result
       changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0
 
-  when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0"
-
 - name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup)
   ansible.builtin.command:
     cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup"

roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml

@@ -52,14 +52,14 @@
     group: "{{ matrix_user_groupname }}"
   when: "result_pg_old_data_dir_stat.stat.exists"
 
-- block:
+- when: "result_pg_old_data_dir_stat.stat.exists"
+  block:
     - name: Relocate Postgres data files from old directory to new
       ansible.builtin.command:
         cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}"
       with_items: "{{ result_pg_old_data_dir_find.files }}"
       register: matrix_postgres_migrate_postgres_data_directory_move_result
       changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0
-  when: "result_pg_old_data_dir_stat.stat.exists"
 
 # Intentionally not starting matrix-postgres here.
 # It likely needs to be updated to point to the new directory.

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -5,7 +5,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.3.1
+matrix_prometheus_node_exporter_version: v1.4.0
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 
@@ -60,3 +60,8 @@ matrix_prometheus_node_exporter_container_http_host_bind_port: ''
 # If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not  0.0.0.0 and a port, that "<ip>:<port>" value will be used
 # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
 matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
+
+# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_prometheus_node_exporter_dashboard_urls:
+  - https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json

roles/matrix-prometheus-node-exporter/tasks/init.yml

@@ -4,7 +4,8 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}"
   when: matrix_prometheus_node_exporter_enabled | bool
 
-- block:
+- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -38,4 +39,3 @@
             +
             [matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
           }}
-  when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool

roles/matrix-prometheus-postgres-exporter/defaults/main.yml

@@ -58,5 +58,7 @@ matrix_prometheus_postgres_exporter_container_http_host_bind_port: ''
 # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
 matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
 
+# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
 matrix_prometheus_postgres_exporter_dashboard_urls:
   - "https://grafana.com/api/dashboards/9628/revisions/7/download"

roles/matrix-prometheus-postgres-exporter/tasks/init.yml

@@ -4,7 +4,8 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}"
   when: matrix_prometheus_postgres_exporter_enabled | bool
 
-- block:
+- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -38,4 +39,3 @@
             +
             [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
           }}
-  when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool

roles/matrix-registration/tasks/init.yml

@@ -10,7 +10,10 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}"
   when: matrix_registration_enabled | bool
 
-- block:
+- when: matrix_registration_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -54,9 +57,6 @@
             +
             [matrix_registration_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_registration_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-registration/tasks/setup_install.yml

@@ -3,13 +3,15 @@
 - ansible.builtin.set_fact:
     matrix_registration_requires_restart: false
 
-- block:
+- when: "matrix_registration_database_engine == 'postgres'"
+  block:
     - name: Check if an SQLite database already exists
       ansible.builtin.stat:
         path: "{{ matrix_registration_sqlite_database_path_local }}"
       register: matrix_registration_sqlite_database_path_local_stat_result
 
-    - block:
+    - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
+      block:
         - ansible.builtin.set_fact:
             matrix_postgres_db_migration_request:
               src: "{{ matrix_registration_sqlite_database_path_local }}"
@@ -30,8 +32,6 @@
 
         - ansible.builtin.set_fact:
             matrix_registration_requires_restart: true
-      when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
-  when: "matrix_registration_database_engine == 'postgres'"
 
 - name: Ensure matrix-registration paths exist
   ansible.builtin.file:

roles/matrix-synapse-admin/tasks/init.yml

@@ -10,7 +10,10 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}"
   when: matrix_synapse_admin_enabled | bool
 
-- block:
+- when: matrix_synapse_admin_enabled | bool
+  tags:
+    - always
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -45,9 +48,6 @@
             +
             [matrix_synapse_admin_matrix_nginx_proxy_configuration]
           }}
-  tags:
-    - always
-  when: matrix_synapse_admin_enabled | bool
 
 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
   ansible.builtin.debug:

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.67.0
+matrix_synapse_version: v1.68.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
@@ -148,22 +148,22 @@ matrix_synapse_rc_admin_redaction:
 matrix_synapse_rc_joins:
   local:
     per_second: 0.1
-    burst_count: 3
+    burst_count: 10
   remote:
     per_second: 0.01
-    burst_count: 3
+    burst_count: 10
 
 
 matrix_synapse_rc_invites:
   per_room:
-    per_second: 0.5
-    burst_count: 5
+    per_second: 0.3
+    burst_count: 10
   per_user:
-    per_second: 0.004
-    burst_count: 3
-  per_issuer:
-    per_second: 0.5
+    per_second: 0.003
     burst_count: 5
+  per_issuer:
+    per_second: 0.3
+    burst_count: 10
 
 
 matrix_synapse_rc_federation:
@@ -365,6 +365,11 @@ matrix_url_preview_accept_language: ['en-US', 'en']
 matrix_synapse_metrics_enabled: false
 matrix_synapse_metrics_port: 9100
 
+# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_synapse_grafana_dashboard_urls:
+  - https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json
+
 # Controls whether Synapse metrics should be proxied (exposed) on:
 # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process
 # - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process

roles/matrix-synapse/tasks/init.yml

@@ -26,7 +26,8 @@
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}"
   when: matrix_s3_media_store_enabled | bool
 
-- block:
+- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
+  block:
     - name: Fail if matrix-nginx-proxy role already executed
       ansible.builtin.fail:
         msg: >-
@@ -84,4 +85,3 @@
             [matrix_synapse_worker_nginx_metrics_configuration_block]
           }}
       when: matrix_synapse_workers_enabled_list | length > 0
-  when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool

roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml

@@ -85,16 +85,17 @@
 #
 # Row 3 contains a space when there's no result.
 
-- block:
+- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4"
+  block:
     - ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result"
 
     - name: Fail if room find result is not what we expect
       ansible.builtin.fail:
         msg: >-
           Expecting 4 lines in the "find rooms" result.
-  when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4"
 
-- block:
+- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
+  block:
     # matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list
     # of dictionaries like this: {'room_id': '!some-id', 'count': 2461329}
     - ansible.builtin.set_fact:
@@ -113,7 +114,6 @@
       with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}"
       loop_control:
         loop_var: room_details
-  when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
 
 - name: Show notice about lack of rooms to compress
   ansible.builtin.debug:

roles/matrix-synapse/tasks/synapse/setup_install.yml

@@ -18,7 +18,8 @@
     group: "{{ matrix_user_groupname }}"
   when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
 
-- block:
+- when: "matrix_synapse_container_image_self_build | bool"
+  block:
     - name: Ensure Synapse repository is present on self-build
       ansible.builtin.git:
         repo: "{{ matrix_synapse_container_image_self_build_repo }}"
@@ -48,7 +49,6 @@
       environment:
         DOCKER_BUILDKIT: 1
       when: "matrix_synapse_git_pull_results.changed | bool or matrix_synapse_docker_image_check_result.stdout == ''"
-  when: "matrix_synapse_container_image_self_build | bool"
 
 - name: Ensure Synapse Docker image is pulled
   docker_image:

roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml

@@ -37,7 +37,8 @@
     msg: "Unrecognized Synapse worker `app`: `{{ matrix_synapse_worker_details.app }}`. Supported types are: {{ matrix_synapse_workers_avail_list | join(', ') }}"
   when: "matrix_synapse_worker_details.app not in matrix_synapse_workers_avail_list"
 
-- block:
+- when: "matrix_synapse_worker_details.type == 'stream_writer'"
+  block:
     - name: Fail if stream_writer_stream not defined for stream_writer worker
       ansible.builtin.fail:
         msg: >-
@@ -50,7 +51,6 @@
       ansible.builtin.fail:
         msg: "Synapse background workers of type stream_writer (such as {{ item }}) need to define a valid `replication_port` property"
       when: "'replication_port' not in matrix_synapse_worker_details"
-  when: "matrix_synapse_worker_details.type == 'stream_writer'"
 
 - ansible.builtin.set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"

roles/matrix-synapse/vars/main.yml

@@ -34,7 +34,7 @@ matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synaps
 matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}"
 
 # matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints.
-# It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule.
+# It's intentionally put in a separate variable, to avoid tripping ansible-lint's jinja[spacing] rule.
 matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*'
 
 # matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints contains the endpoints serviced by the `typing` stream writer.