feat: add automatic creation of reverse-proxy routing

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1247

.gitignore

@@ -1,7 +1,3 @@
-/inventory/*
-!/inventory/.gitkeep
-!/inventory/host_vars/.gitkeep
-!/inventory/scripts
 /roles/*/files/scratchpad
 .DS_Store
 .python-version

CHANGELOG.md

@@ -1,3 +1,28 @@
+# 2021-08-23
+
+## LinkedIn bridging support via beeper-linkedin
+
+Thanks to [Alexandar Mechev](https://github.com/apmechev), the playbook can now install the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging to [LinkedIn](https://www.linkedin.com/) Messaging.
+
+This brings the total number of bridges supported by the playbook up to 20. See all supported bridges [here](docs/configuring-playbook.md#bridging-other-networks).
+
+To get started with bridging to LinkedIn, see [Setting up Beeper LinkedIn bridging](docs/configuring-playbook-bridge-beeper-linkedin.md).
+
+
+# 2021-08-20
+
+# Sygnal upgraded - ARM support and no longer requires a database
+
+The [Sygnal](docs/configuring-playbook-sygnal.md) push gateway has been upgraded from `v0.9.0` to `v0.10.1`.
+
+This is an optional component for the playbook, so most of our users wouldn't care about this announcement.
+
+Since this feels like a relatively big (and untested, as of yet) Sygnal change, we're putting up this changelog entry.
+
+The new version is also available for the ARM architecture. It also no longer requires a database anymore.
+If you need to downgrade to the previous version, changing `matrix_sygnal_version` or `matrix_sygnal_docker_image` will not be enough, as we've removed the `database` configuration completely. You'd need to switch to an earlier playbook commit.
+
+
 # 2021-05-21
 
 ## Hydrogen support

README.md

@@ -45,17 +45,19 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
 
-- (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
+- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
 
-- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
+- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
 
-- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
+- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
 
-- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
+- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
 
-- (optional) the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
+- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
 
-- (optional) the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
+- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
+
+- (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/)
 
 - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
 

ansible.cfg

@@ -1,6 +1,11 @@
 [defaults]
+
+vault_password_file = gpg/open_vault.sh
+
 retry_files_enabled = False
 stdout_callback = yaml
 
+inventory = inventory/hosts
+
 [connection]
 pipelining = True

docs/configuring-playbook-bridge-beeper-linkedin.md

@@ -0,0 +1,59 @@
+# Setting up Beeper Linkedin (optional)
+
+The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges
+
+See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you.
+
+```yaml
+matrix_beeper_linkedin_enabled: true
+```
+
+There are some additional things you may wish to configure about the bridge before you continue.
+
+Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
+```yaml
+matrix_beeper_linkedin_configuration_extension_yaml: |
+  bridge:
+    encryption:
+      allow: true
+      default: true
+```
+
+If you would like to be able to administrate the bridge from your account it can be configured like this:
+```yaml
+matrix_beeper_linkedin_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:YOUR_DOMAIN': admin
+```
+
+You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.
+
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+
+## Usage
+
+You then need to start a chat with `@linkedinbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
+Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account.
+
+If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
+
+After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.
+
+
+## Troubleshooting
+
+### Bridge asking for 2FA even if you don't have 2FA enabled
+
+If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again.

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -1,8 +1,8 @@
 # Setting up Mautrix Facebook (optional)
 
-The playbook can install and configure [mautrix-facebook](https://github.com/tulir/mautrix-facebook) for you.
+The playbook can install and configure [mautrix-facebook](https://github.com/mautrix/facebook) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-facebook/blob/master/ROADMAP.md) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://github.com/mautrix/facebook/blob/master/ROADMAP.md) to learn what it does and why it might be useful to you.
 
 ```yaml
 matrix_mautrix_facebook_enabled: true

docs/configuring-playbook-bridge-mautrix-hangouts.md

@@ -1,8 +1,8 @@
 # Setting up Mautrix Hangouts (optional)
 
-The playbook can install and configure [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) for you.
+The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://docs.mau.fi/bridges/python/hangouts/index.html) to learn what it does and why it might be useful to you.
 
 To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration:
 
@@ -14,7 +14,7 @@ matrix_mautrix_hangouts_enabled: true
 
 ## Set up Double Puppeting
 
-If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-hangouts/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
 ### Method 1: automatically, by enabling Shared Secret Auth
 
@@ -52,7 +52,7 @@ Automatic login may not work. If it does not, reload the page and select the "Ma
 
 Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages.
 
-You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication).
+You can learn more about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/hangouts/authentication.html).
 
 After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.
 

docs/configuring-playbook-bridge-mautrix-instagram.md

@@ -1,6 +1,6 @@
 # Setting up Mautrix Instagram (optional)
 
-The playbook can install and configure [mautrix-instagram](https://github.com/tulir/mautrix-instagram) for you.
+The playbook can install and configure [mautrix-instagram](https://github.com/mautrix/instagram) for you.
 
 See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/index.html) to learn what it does and why it might be useful to you.
 

docs/configuring-playbook-bridge-mautrix-signal.md

@@ -1,8 +1,8 @@
 # Setting up Mautrix Signal (optional)
 
-The playbook can install and configure [mautrix-signal](https://github.com/tulir/mautrix-signal) for you.
+The playbook can install and configure [mautrix-signal](https://github.com/mautrix/signal) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-signal/wiki) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://docs.mau.fi/bridges/python/signal/index.html) to learn what it does and why it might be useful to you.
 
 **Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signal_database_*`).
 
@@ -12,9 +12,54 @@ Use the following playbook configuration:
 matrix_mautrix_signal_enabled: true
 ```
 
+There are some additional things you may wish to configure about the bridge before you continue.
+
+The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file:
+```yaml
+matrix_mautrix_signal_relaybot_enabled: true
+```
+If you want to activate the relay bot in a room, use `!signal set-relay`.
+Use `!signal unset-relay` to deactivate.
+By default, any user on your homeserver will be able to use the bridge.
+If you enable the relay bot functionality, it will relay every user's messages in a portal room - no matter which homeserver they're from.
+
+Different levels of permission can be granted to users:
+
+* relay - Allowed to be relayed through the bridge, no access to commands;
+* user - Use the bridge with puppeting;
+* admin - Use and administer the bridge.
+
+The permissions are following the sequence: nothing < relay < user < admin.
+
+The default permissions are set as follows:
+```yaml
+permissions:
+  '*': relay
+  YOUR_DOMAIN: user
+```
+
+If you want to augment the preset permissions, you might want to set the additional permissions with the following settings in your `vars.yml` file:
+```yaml
+matrix_mautrix_signal_configuration_extension_yaml: |
+  bridge:
+    permissions:
+      '@YOUR_USERNAME:YOUR_DOMAIN': admin
+```
+
+This will add the admin permission to the specific user, while keepting the default permissions.
+
+In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file:
+```yaml
+matrix_mautrix_signal_bridge_permissions: |
+  '@ADMIN:YOUR_DOMAIN': admin
+  '@USER:YOUR_DOMAIN' : user
+```
+
+You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
+
 ## Set up Double Puppeting
 
-If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-signal/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
 ### Method 1: automatically, by enabling Shared Secret Auth
 

docs/configuring-playbook-bridge-mautrix-telegram.md

@@ -1,8 +1,8 @@
 # Setting up Mautrix Telegram (optional)
 
-The playbook can install and configure [mautrix-telegram](https://github.com/tulir/mautrix-telegram) for you.
+The playbook can install and configure [mautrix-telegram](https://github.com/mautrix/telegram) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-telegram/wiki#usage) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://docs.mau.fi/bridges/python/telegram/index.html) to learn what it does and why it might be useful to you.
 
 You'll need to obtain API keys from [https://my.telegram.org/apps](https://my.telegram.org/apps) and then use the following playbook configuration:
 
@@ -14,7 +14,7 @@ matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
 
 ## Set up Double Puppeting
 
-If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
 ### Method 1: automatically, by enabling Shared Secret Auth
 
@@ -45,7 +45,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login
 
 You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
 
-If you want to use the relay-bot feature ([relay bot documentation](https://github.com/tulir/mautrix-telegram/wiki/Relay-bot)), which allows anonymous user to chat with telegram users, use the following additional playbook configuration:
+If you want to use the relay-bot feature ([relay bot documentation](https://docs.mau.fi/bridges/python/telegram/relay-bot.html)), which allows anonymous user to chat with telegram users, use the following additional playbook configuration:
 
 ```yaml
 matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN

docs/configuring-playbook-bridge-mautrix-whatsapp.md

@@ -1,8 +1,8 @@
 # Setting up Mautrix Whatsapp (optional)
 
-The playbook can install and configure [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) for you.
+The playbook can install and configure [mautrix-whatsapp](https://github.com/mautrix/whatsapp) for you.
 
-See the project's [documentation](https://github.com/tulir/mautrix-whatsapp/wiki) to learn what it does and why it might be useful to you.
+See the project's [documentation](https://docs.mau.fi/bridges/go/whatsapp/index.html) to learn what it does and why it might be useful to you.
 
 Use the following playbook configuration:
 
@@ -13,7 +13,7 @@ matrix_mautrix_whatsapp_enabled: true
 
 ## Set up Double Puppeting
 
-If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
 ### Method 1: automatically, by enabling Shared Secret Auth
 

docs/configuring-playbook.md

@@ -104,6 +104,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
 
+- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
+
 - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
 
 - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)

docs/container-images.md

@@ -40,17 +40,17 @@ These services are not part of our default installation, but can be enabled by [
 
 - [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
 
-- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional)
+- [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional)
 
-- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
+- [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
 
-- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
+- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
 
-- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
+- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
 
-- [tulir/mautrix-instagram](https://mau.dev/tulir/mautrix-instagram/container_registry) - the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge to [Instagram](https://instagram.com/) (optional)
+- [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) - the [mautrix-instagram](https://github.com/mautrix/instagram) bridge to [Instagram](https://instagram.com/) (optional)
 
-- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional)
+- [mautrix/signal](https://mau.dev/mautrix/signal/container_registry) - the [mautrix-signal](https://github.com/mautrix/signal) bridge to [Signal](https://www.signal.org/) (optional)
 
 - [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
 

gpg/open_vault.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e -u
+
+gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

gpg/vault_passphrase.gpg

@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
+iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
+foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
+C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
+luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
++rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
+RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
+4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
+0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
+eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
+ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
+jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
+anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
+yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
+=Cecg
+-----END PGP MESSAGE-----

group_vars/matrix_servers

@@ -41,6 +41,8 @@ matrix_awx_enabled: false
 
 matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
 matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
+matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}"
+matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}"
 
 ######################################################################
 #
@@ -214,6 +216,42 @@ matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key
 ######################################################################
 
 
+######################################################################
+#
+# matrix-bridge-beeper-linkedin
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_beeper_linkedin_enabled: false
+
+matrix_beeper_linkedin_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}"
+
+matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}"
+
+matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
+
+matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-beeper-linkedin
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bridge-mautrix-facebook
@@ -1370,6 +1408,12 @@ matrix_postgres_additional_databases: |
       'password': matrix_appservice_irc_database_password,
     }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else [])
     +
+    ([{
+      'name': matrix_beeper_linkedin_database_name,
+      'username': matrix_beeper_linkedin_database_username,
+      'password': matrix_beeper_linkedin_database_password,
+    }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else [])
+    +
     ([{
       'name': matrix_mautrix_facebook_database_name,
       'username': matrix_mautrix_facebook_database_username,
@@ -1460,12 +1504,6 @@ matrix_postgres_additional_databases: |
       'password': matrix_etherpad_database_password,
     }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
     +
-    ([{
-      'name': matrix_sygnal_database_name,
-      'username': matrix_sygnal_database_username,
-      'password': matrix_sygnal_database_password,
-    }] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else [])
-     +
     ([{
       'name': matrix_prometheus_postgres_exporter_database_name,
       'username': matrix_prometheus_postgres_exporter_database_username,
@@ -1510,10 +1548,6 @@ matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}"
 
 matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}"
 
-# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
-matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
-matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}"
-
 ######################################################################
 #
 # /matrix-sygnal

inventory/host_vars/matrix.finallycoffee.eu/vars.yml

@@ -0,0 +1,337 @@
+#
+# General config
+# Domain of the matrix server and SSL config
+#
+matrix_domain: finallycoffee.eu
+matrix_ssl_retrieval_method: none
+matrix_nginx_proxy_enabled: false
+matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
+matrix_server_fqn_element: "chat.{{ matrix_domain }}"
+
+web_user: "web"
+revproxy_autoload_dir: "/vault/services/web/sites.d"
+
+#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
+matrix_mautrix_telegram_version: v0.10.0
+
+#
+# General Synapse config
+#
+matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
+# A secret used to protect access keys issued by the server.
+matrix_synapse_macaroon_secret_key: "{{ vault_matrix_synapse_macaroon_secret_key }}"
+# Make synapse accept larger media aswell
+matrix_synapse_max_upload_size_mb: 100
+# Enable metrics at (default) :9100/_synapse/metrics
+matrix_synapse_metrics_enabled: true
+matrix_synapse_enable_group_creation: true
+matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+matrix_synapse_turn_uris:
+  - "turns:voip.matrix.finallycoffee.eu?transport=udp"
+  - "turns:voip.matrix.finallycoffee.eu?transport=tcp"
+# Auto-join all users into those rooms
+matrix_synapse_auto_join_rooms:
+  - "#welcome:finallycoffee.eu"
+  - "#announcements:finallycoffee.eu"
+
+## Synapse rate limits
+matrix_synapse_rc_federation:
+  window_size: 1000
+  sleep_limit: 25
+  sleep_delay: 500
+  reject_limit: 50
+  concurrent: 5
+matrix_synapse_rc_message:
+  per_second: 0.5
+  burst_count: 25
+
+## Synapse cache tuning
+matrix_synapse_caches_global_factor: 0.7
+matrix_synapse_event_cache_size: "200K"
+
+## Synapse workers
+matrix_synapse_workers_enabled: true
+matrix_synapse_workers_preset: "little-federation-helper"
+matrix_synapse_workers_generic_worker_client_server_count: 0
+matrix_synapse_workers_media_repository_workers_count: 0
+matrix_synapse_workers_federation_sender_workers_count: 1
+matrix_synapse_workers_pusher_workers_count: 0
+matrix_synapse_workers_appservice_workers_count: 1
+
+# Static secret auth for matrix-synapse-shared-secret-auth
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+matrix_synapse_ext_password_provider_rest_auth_enabled: true
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
+matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
+matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
+matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
+
+# Enable experimental spaces support
+matrix_synapse_configuration_extension_yaml: |
+  experimental_features:
+    spaces_enabled: true
+
+#
+# synapse-admin tool
+#
+matrix_synapse_admin_enabled: true
+matrix_synapse_admin_container_http_host_bind_port: 8985
+
+
+#
+# VoIP / CoTURN config
+#
+# A shared secret (between Synapse and Coturn) used for authentication.
+matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+# Disable coturn, as we use own instance
+matrix_coturn_enabled: false
+
+
+#
+# dimension (integration manager) config
+#
+matrix_dimension_enabled: true
+matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
+matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
+matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
+matrix_dimension_configuration_extension_yaml: |
+    telegram:
+        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
+
+
+#
+# mautrix-whatsapp config
+#
+matrix_mautrix_whatsapp_enabled: true
+matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
+matrix_mautrix_whatsapp_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_whatsapp_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
+        max_connection_attempts: 5
+        connection_timeout: 30
+        contact_wait_delay: 5
+        private_chat_portal_meta: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+    logging:
+        print_level: info
+    metrics:
+        enabled: true
+        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+    whatsapp:
+        os_name: Linux mautrix-whatsapp
+        browser_name: Chrome
+
+
+#
+# mautrix-telegram config
+#
+matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
+matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
+matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
+matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
+matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
+matrix_mautrix_telegram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
+matrix_mautrix_telegram_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Telegram)"
+        parallel_file_transfer: false
+        inline_images: false
+        image_as_file_size: 20
+        delivery_receipts: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+        animated_sticker:
+            target: webm
+        encryption:
+            allow: true
+            default: true
+        permissions:
+            "@transcaffeine:finallycoffee.eu": "admin"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+#        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
+
+
+#
+# mautrix-signal config
+#
+matrix_mautrix_signal_enabled: true
+matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
+matrix_mautrix_signal_container_extra_arguments:
+    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_signal_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Signal)"
+        community_id: "+signal:finallycoffee.eu"
+        encryption:
+            allow: true
+            default: true
+            key_sharing:
+                allow: true
+                require_verification: false
+        delivery_receipts: true
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+
+
+#
+# mx-puppet-instagram configuration
+#
+matrix_mx_puppet_instagram_enabled: true
+matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
+matrix_mx_puppet_instagram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_instagram_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-skype configuration
+#
+matrix_mx_puppet_skype_enabled: true
+matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
+matrix_mx_puppet_skype_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_skype_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+        path: /metrics
+
+
+#
+# mx-puppet-discord configuration
+#
+matrix_mx_puppet_discord_enabled: true
+matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
+matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
+matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
+matrix_mx_puppet_discord_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_discord_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-slack configuration
+#
+matrix_mx_puppet_slack_enabled: true
+matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
+matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
+matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
+matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
+matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
+matrix_mx_puppet_slack_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
+matrix_mx_puppet_slack_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# Element web configuration
+#
+# Branding config
+matrix_client_element_brand: "Chat"
+matrix_client_element_default_theme: "dark"
+matrix_client_element_themes_enabled: true
+matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
+matrix_client_element_welcome_text: |
+    Decentralised, encrypted chat &amp; collaboration,<br />
+    hosted on finallycoffee.eu, powered by element.io &amp;
+    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
+      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
+    </a>
+matrix_client_element_welcome_logo: "welcome/images/logo.png"
+matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
+matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
+matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
+matrix_client_element_container_extra_arguments:
+  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
+  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
+# Integration and capabilites config
+matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
+matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
+matrix_client_element_integrations_widgets_urls:
+  - "https://{{ matrix_server_fqn_dimension }}/widgets"
+  - "https://scalar.vector.im/api"
+matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
+matrix_client_element_disable_custom_urls: false
+matrix_client_element_roomdir_servers:
+  - "matrix.org"
+  - "finallycoffee.eu"
+  - "entropia.de"
+matrix_client_element_enable_presence_by_hs_url:
+  https://matrix.org: false
+
+
+# Matrix ma1sd extended configuration
+matrix_ma1sd_configuration_extension_yaml: |
+    hashing:
+      enabled: true
+      pepperLength: 20
+      rotationPolicy: per_requests
+      requests: 10
+      hashStorageType: sql
+      algorithms:
+          - none
+          - sha256
+
+
+# Matrix mail notification relay setup
+matrix_mailer_enabled: true
+matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
+matrix_mailer_relay_use: true
+matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
+matrix_mailer_relay_host_port: 587
+matrix_mailer_relay_auth: true
+matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
+matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

inventory/host_vars/matrix.finallycoffee.eu/vault.yml

@@ -0,0 +1,100 @@
+$ANSIBLE_VAULT;1.1;AES256
+64343261653838626666353837393238353033353632393763363634303466613033376235386235
+6333386536323034643139656232636133386463393264300a663333333237656337343562366336
+66663064393930656566396636333430373233373362346339383866623066316133323366663961
+3732666162363238300a636230346163656334393063343030333064393962663431326461653239
+36653030393234623335313335383832646463663835653035303765633064666435373464653336
+31323433373734633531353562333065623039623633633163376235353737343935623133326663
+65333761383130336165356439623066363964313033666433316231663533393532333738333430
+36633463343335366364343565353862363531376539626237613263303331323631333366363830
+33613937346531323139343166613839366233383663363732353561643238383362353964373135
+61633430353037316266343962376238383238366562323764373135646365383030626130383433
+32313263663165656366313633653431663332636532656465623465353062643934343738633434
+63346333326331633830363663666631326466353138646233383235313532383864633233613134
+39363734353165653065343938643861646630376334303832613163663265373839323765396234
+38633336393739666565346565343865346233373639363530383533386533616337373033613865
+66353434653262663263326237626265636430646630313866383532376264383933343933326264
+65316337323863343935306138343462336666313332396439656234613831356262663630663038
+31376539653638333263333933633134303734656662343039396563343636366433396130653830
+33326539636432646438613236356430343435623539333062666630373265306635343233646333
+39653934323738303239643834663463396165656235393437396635623131316532333465316231
+65373130393463383932383837383830656637653963666638653665356437303239376262613062
+34613830613164323365636461303035616136636330323531383164376334363862383762366665
+62643839333662373461363038326436616639326264633735316139346536373839666236653634
+30376536386137636336363562376339393261373739333162373461656364353139626339346637
+30366431336534663037653438376330346238636562383932653561306134626566333861333630
+39633536653233393161333136316564623631313839633461333438633166363064303238663464
+65353338353464313635333934623833303965393462373530303666643537336662376266613434
+37356664616539323631373535316434383361323935376638666437646538316537613030653231
+62636263663935646466383663306535626465633239366562373038356366366331333537333663
+64363130386535306362646533393161643737366662313631623132356465636565313530353363
+35366165383837326564623363636632616331393834313130303937303664353436363266323033
+61373532383962393937666261626263666631346235646237656337363831633734623733633835
+39613736373031633263396530626566303665343039663866333632636565633034376366356635
+35383633336465636331306232353434653739653339396437363163313630393035366665383263
+34353238656563306366336466376363316430636666353965356535653334343630633532313034
+64626436643030656335616337653564653331326463383461643739333163613361333133633639
+66656137313937356134646362623536363065633564633166343766356436313130373663663334
+63626138356562303761323336646332383761646663383032386261623936633661653735343637
+35326137343532333635353436376665326633633135656537623631326336353138346136636239
+37396135326362613039663136333964626237353562343966383764613231363061333534316233
+38636130313261643061613138656235396530656366313132346362383430333734663866383666
+61633631353830643565313437306664636262666135353133656531623563616335643737373438
+63633235363566616466663262333466383939373336383139643362376365623763386137666332
+39353363636437393236303764343337633233386236303563636634353836363537383632306434
+33653632373064646361616364323133343138363437373436636232373261663639616330666465
+37333130393435613134366437396361363830656137663963643132303334633331633661363061
+38356439666161643431356532353334383539353566386333666461663562613231383331623063
+33336435636239343663663937353864306363363264663033303539616434333436353134383034
+64663533366134306462366565333236383235373233656132396538663437616333343534333166
+66646566623734636532666230326530633538656639353262343665316235386534376534386634
+65663032303930353661363162373533363762353237393030346238306532326264303636383264
+63363063326265396166313533663362346539333532386665316466386131623161313738623239
+66386236656561396539356634636234393436323239396330366237333539343761393431336138
+66396230656435356365356530343132373861376336346532653063666331343366393761373131
+66313864373362326139316461666232386132306535616561663566623963353034313961666266
+34373534363834626334386139653532656564333863323363343165643538336430386434613235
+64386564643564636530313565326433623365303738386433323463396437653066636134313564
+33383035393436393163373864353331376163653137316136376564643066636335313735396664
+33623735353438643237333734353766363863313763653737633135353332363066336232363131
+33333532653737633033666336326331376561636330643935323636626562303439346338633135
+33663035366461336339666665663835373235633338613664636439393837303932643363643830
+63333862643430383235663836653161376637373265646463313538386531666362376532663738
+62333536383537613562336235666431393164616263303863323834343735326133646131303063
+62623836313730363832313764363562306666383337396561633865336561396632303539333166
+35623063336534653531303134653630666264333133393864626665623564313466363731316339
+36646666653062326665346332373963376439396538396663656130616333316533623331346461
+39643862356663316338333662646464353233356635303931626366323831303136366462366133
+34303234343064393265303866636137646461336530653733623264383261653864633332346435
+62383065353662303564633239326664356364366365626466666266326466333834316437383134
+35383261373437643261623533623533326335393932356632653634326432376235393038333464
+33626361366565316533663537343237316563343730363632663639623930313963316665663965
+33386435663462626435383733383336343064333935356364623436626632356535333430343262
+62363136353562633631613965353062363231343037626166363035376530646537646136363730
+35303530343361616230383662333139333533333138613834323437636238656538656436623433
+38353363336665346637643631663934633061626532376330633731316565336166313936393533
+35323535376539633937376532333536323234376632306362633438626565376234353235353836
+37663735366165393963313536356437653361306232313736356164656635616333306332356637
+39353465633536313539366264646364343231653466346165313863623365333465623336376635
+37396663333638356565306439636365653438623935363361356464316663613465303933346537
+61303863323631343264613665323866363935383265323562326364346364343133393965333135
+33306434646533333662613930666337646330303439333938326433376161613836663237303534
+63636139636338656664333034356635653330666362633563366663616661303266326135643036
+34383939613035323331366261356531343961303239626365383332313633393561623963643134
+30353239356234336635616663313830396133643035663838653837613262616364623637616237
+37363662663466396330323830343963366262643339316162643164353430663763613634346233
+62303539336433313066346339363163336236373334613938613061613038613466636632336335
+35326133373061323164623436623338316466396261393630623466313164393736353566356237
+34396530383361613464643461313336663331643438313136353039386263633134616534666464
+33373536326637316635326461656130383333613832386662643431666435663565343565616266
+35303738656362663266653735373833613765356366626436336437326665396635636335616566
+32663733396432656430356335383262613133623066636238623166613839393833616436653936
+34306536343664643732356262663435623834313732373564613337373765373130653734386632
+35623038623639346564393466393463613238363231663965633037353337353332663464336539
+33616131353734663463336436303866306334336339316364313962346430383338306161636462
+64303064313135346236346434316333346434303764356237636530663239633631383561393537
+66383836326634666362613661353533363432303437663235393336396331356465633031326430
+35333263633731626564326430613937343136633562386432396537363663653438333333366135
+33333339376165303736643661343535356561353938346131653662363966643839653262363537
+38373331353539313463363236383633326138366534313064303739626337343962653830653663
+626263633730663932376165333438323835

inventory/hosts

@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+31336566376336626265653165306635633033376662656164383037383834653239656136333734
+3833666339393037323035343565343235396163636166370a643933333933386133366564396465
+30393637613164356564393337633361653432333232383664303739363736633435363764343530
+3532313739363963660a343434356534316230623133636366386334323465376139363162616238
+39396638366262313531653635326361616537396338363533303961623165343931373939306239
+31336632643166633662653765333231393461643933306464303165633037343061323636313034
+34376631656563646665373566633431366638383863666130323264316337663237343135306236
+66323536346164663239343139623430303230333466633437643337343930363530653964626163
+38336363633730393136333637383631636266396636646533356262376630646139303636666538
+32366437353163663865623234643061313639646162643965393535353938313133326237313265
+66646163333535396539646461356334633532313530653834623263386265383765356130333466
+30373531306137393935363030313739666536363138363962646565306439393239303030643162
+33333166663430393866666439653532623034396130313066383035396535646633366237303264
+36356665366461323664373038366364623937386233313039323837666333653764616462333365
+31326264633236373937313537633961633164323138356135633765663639323537656263633766
+38653836323263386333376131333330326237393666363064326463663961633839393039323835
+61306265333232623037356465393133323733363634646364336261326333366239346565366338
+61646132333033373866623739343830336164316461646366666237313565626639323537623732
+38323830656136323137323530343764666433633432366136643538323832653130376363653135
+64376261386635636533353961613335663962306337353866616464613636303735336230623962
+3336

roles/matrix-awx/tasks/customise_website_access_export.yml

@@ -176,7 +176,7 @@
     state: directory
     owner: matrix
     group: matrix
-    mode: '0574'
+    mode: '0770'
   when: customise_base_domain_website is defined
 
 - name: Ensure /chroot/export location exists

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -23,14 +23,7 @@
     repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
     state: present
     update_cache: yes
-  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and not ansible_distribution_release == 'bullseye'
-
-- name: Ensure Docker repository is enabled (using Debian Buster on Debian Bullseye, for which there is no Docker yet)
-  apt_repository:
-    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} buster stable"
-    state: present
-    update_cache: yes
-  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and ansible_distribution_release == 'bullseye'
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
 
 - name: Ensure APT packages are installed
   apt:

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 
-matrix_appservice_irc_version: release-v0.29.0
+matrix_appservice_irc_version: release-0.30.0
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -0,0 +1,100 @@
+# beeper-linkedin is a Matrix <-> LinkedIn bridge
+# See: https://gitlab.com/beeper/linkedin
+
+matrix_beeper_linkedin_enabled: true
+
+matrix_beeper_linkedin_version: v0.5.0
+# See: https://gitlab.com/beeper/linkedin/container_registry
+matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
+matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
+
+matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
+matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
+matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
+
+matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}"
+matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
+matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
+
+# A list of extra arguments to pass to the container
+matrix_beeper_linkedin_container_extra_arguments: []
+
+# List of systemd services that matrix-beeper-linkedin.service depends on.
+matrix_beeper_linkedin_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-beeper-linkedin.service wants
+matrix_beeper_linkedin_systemd_wanted_services_list: []
+
+matrix_beeper_linkedin_appservice_token: ""
+matrix_beeper_linkedin_homeserver_token: ""
+
+matrix_beeper_linkedin_appservice_bot_username: linkedinbot
+
+
+# Database-related configuration fields.
+# Only Postgres is supported.
+matrix_beeper_linkedin_database_engine: "postgres"
+
+matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin'
+matrix_beeper_linkedin_database_password: ""
+matrix_beeper_linkedin_database_hostname: 'matrix-postgres'
+matrix_beeper_linkedin_database_port: 5432
+matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin'
+
+matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable'
+
+matrix_beeper_linkedin_appservice_database_type: "{{
+	{
+		'postgres':'postgres',
+	}[matrix_beeper_linkedin_database_engine]
+}}"
+
+matrix_beeper_linkedin_appservice_database_uri: "{{
+	{
+		'postgres': matrix_beeper_linkedin_database_connection_string,
+	}[matrix_beeper_linkedin_database_engine]
+}}"
+
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_beeper_linkedin_login_shared_secret: ''
+
+# Default beeper-linkedin configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_beeper_linkedin_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_beeper_linkedin_configuration_yaml`.
+
+matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`.
+matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}"
+
+matrix_beeper_linkedin_registration_yaml: |
+  id: linkedin
+  url: {{ matrix_beeper_linkedin_appservice_address }}
+  as_token: "{{ matrix_beeper_linkedin_appservice_token }}"
+  hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}"
+
+  sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }}
+  rate_limited: false
+  namespaces:
+      users:
+      - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$'
+        exclusive: true
+      - exclusive: true
+        regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$'
+  de.sorunome.msc2409.push_ephemeral: true
+
+matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}"

roles/matrix-bridge-beeper-linkedin/tasks/init.yml

@@ -0,0 +1,16 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}"
+  when: matrix_beeper_linkedin_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
+  when: matrix_beeper_linkedin_enabled|bool

roles/matrix-bridge-beeper-linkedin/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup and matrix_beeper_linkedin_enabled"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup and not matrix_beeper_linkedin_enabled"
+  tags:
+    - setup-all
+    - setup-beeper-linkedin

roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml

@@ -0,0 +1,56 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure Beeper LinkedIn image is pulled
+  docker_image:
+    name: "{{ matrix_beeper_linkedin_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
+
+- name: Ensure Beeper LinkedIn paths exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_beeper_linkedin_base_path }}"
+    - "{{ matrix_beeper_linkedin_config_path }}"
+    - "{{ matrix_beeper_linkedin_data_path }}"
+
+- name: Ensure beeper-linkedin config.yaml installed
+  copy:
+    content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure beeper-linkedin registration.yaml installed
+  copy:
+    content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}"
+    dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-beeper-linkedin.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+    mode: 0644
+  register: matrix_beeper_linkedin_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_systemd_service_result.changed"

roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-beeper-linkedin service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+  register: matrix_beeper_linkedin_service_stat
+
+- name: Ensure matrix-beeper-linkedin is stopped
+  service:
+    name: matrix-beeper-linkedin
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+
+- name: Ensure matrix-beeper-linkedin.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service"
+    state: absent
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_beeper_linkedin_service_stat.stat.exists"

roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_beeper_linkedin_appservice_token"
+    - "matrix_beeper_linkedin_homeserver_token"
+

roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -0,0 +1,267 @@
+#jinja2: lstrip_blocks: "True"
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: {{ matrix_beeper_linkedin_homeserver_address }}
+    # The domain of the homeserver (for MXIDs, etc).
+    domain: {{ matrix_beeper_linkedin_homeserver_domain }}
+    # Whether or not to verify the SSL certificate of the homeserver.
+    # Only applies if address starts with https://
+    verify_ssl: true
+    # Whether or not the homeserver supports asmux-specific endpoints,
+    # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
+    # updating m.direct.
+    asmux: false
+    # Number of retries for all HTTP requests if the homeserver isn't reachable.
+    http_retry_count: 4
+
+
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: {{ matrix_beeper_linkedin_appservice_address }}
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 29319
+
+    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
+    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
+    max_body_size: 1
+
+    # The full URI to the database. Only Postgres is currently supported.
+    database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }}
+    # Additional arguments for asyncpg.create_pool()
+    # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
+    database_opts:
+        min_size: 5
+        max_size: 10
+
+    # Provisioning API part of the web server for automated portal creation and fetching information.
+    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
+    provisioning:
+        # Whether or not the provisioning API should be enabled.
+        enabled: true
+        # The prefix to use in the provisioning API endpoints.
+        prefix: /_matrix/provision/v1
+        # The shared secret to authorize users of the API.
+        # Set to "generate" to generate and save a new token.
+        shared_secret: generate
+
+    # The unique ID of this appservice.
+    id: beeper_linkedin
+    # Appservice bot details.
+    bot:
+        # Username of the appservice bot.
+        username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }}
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # to leave display name/avatar as-is.
+        displayname: LinkedIn bridge bot
+        avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB 
+
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+    ephemeral_events: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "{{ matrix_beeper_linkedin_appservice_token }}"
+    hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}"
+
+
+# Prometheus telemetry config. Requires prometheus-client to be installed.
+metrics:
+    enabled: false
+    listen_port: 8000
+
+# Manhole config.
+manhole:
+    # Whether or not opening the manhole is allowed.
+    enabled: false
+    # The path for the unix socket.
+    path: /var/tmp/linkedin-matrix.manhole
+    # The list of UIDs who can be added to the whitelist.
+    # If empty, any UIDs can be specified in the open-manhole command.
+    whitelist:
+    - 0
+
+
+# Bridge config
+bridge:
+    # Localpart template of MXIDs for LinkedIn  users.
+    username_template: "linkedin_{userid}"
+    # Displayname template for LinkedIn users.
+    # Localpart template for per-user room grouping community IDs.
+    # The bridge will create these communities and add all of the specific user's portals to the community.
+    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
+    # (Note that, by default, non-admins might not have your homeserver's permission to create
+    # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.)
+    # `linkedin_{localpart}={server}` is a good value.
+    community_template: null
+
+    # Displayname template for LinkedIn users.
+    # {displayname} is replaced with the display name of the LinkedIn user
+    #               as defined below in displayname_preference.
+    # Keys available for displayname_preference are also available here.
+    displayname_template: "{displayname} (LinkedIn)"
+
+    # Number of chats to sync (and create portals for) on startup/login.
+    # Set 0 to disable automatic syncing.
+    initial_chat_sync: 10
+
+    # Whether or not the LinkedIn users of logged in Matrix users should be
+    # invited to private chats when the user sends a message from another client.
+    invite_own_puppet_to_pm: false
+    # Whether or not to use /sync to get presence, read receipts and typing notifications
+    # when double puppeting is enabled
+    sync_with_custom_puppets: true
+    # Whether or not to update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # Servers to always allow double puppeting from
+    double_puppet_server_map: {}
+    #    example.com: https://example.com
+    # Allow using double puppeting from any server with a valid client .well-known file.
+
+    # Maximum number of seconds since last message in chat to skip
+    # syncing the chat in any case. This setting will take priority
+    # over both recovery_chat_sync_limit and initial_chat_sync_count.
+    # Default is 3 days = 259200 seconds
+    sync_max_chat_age: 259200
+
+    # Whether or not to sync with custom puppets to receive EDUs that
+    # are not normally sent to appservices.
+    sync_with_custom_puppets: true
+    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
+    #
+    # If set, custom puppets will be enabled automatically for local users
+    # instead of users having to find an access token and run `login-matrix`
+    # manually.
+    login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }}
+
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+
+    # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast
+    # presence, but then it won't send other users' presence to the client.
+    presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }}
+    # Whether or not to update avatars when syncing all contacts at startup.
+    update_avatar_initial_sync: true
+
+
+    # End-to-bridge encryption support options. These require matrix-nio to be installed with pip
+    # and login_shared_secret to be configured in order to get a device for the bridge bot.
+    #
+    # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
+    # application service.
+    encryption:
+        # Allow encryption, work in group chat rooms with e2ee enabled
+        allow: false
+        # Default to encryption, force-enable encryption in all portals the bridge creates
+        # This will cause the bridge bot to be in private chats for the encryption to work properly.
+        default: false
+        # Options for automatic key sharing.
+        key_sharing:
+            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+            # You must use a client that supports requesting keys from other users to use this feature.
+            allow: false
+            # Require the requesting device to have a valid cross-signing signature?
+            # This doesn't require that the bridge has verified the device, only that the user has verified it.
+            # Not yet implemented.
+            require_cross_signing: false
+            # Require devices to be verified by the bridge?
+            # Verification by the bridge is not yet implemented.
+            require_verification: true
+    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
+    # been sent to LinkedIn.
+    delivery_receipts: false
+    # Whether to allow inviting arbitrary mxids to portal rooms
+    allow_invites: false
+
+    # Settings for backfilling messages from LinkedIn.
+    backfill:
+        # Whether or not the LinkedIn users of logged in Matrix users should be
+        # invited to private chats when backfilling history from LinkedIn. This is
+        # usually needed to prevent rate limits and to allow timestamp massaging.
+        invite_own_puppet: true
+        # Maximum number of messages to backfill initially.
+        # Set to 0 to disable backfilling when creating portal.
+        initial_limit: 0
+        # Maximum number of messages to backfill if messages were missed while
+        # the bridge was disconnected.
+        # Set to 0 to disable backfilling missed messages.
+        missed_limit: 1000
+        # If using double puppeting, should notifications be disabled
+        # while the initial backfill is in progress?
+        disable_notifications: false
+    periodic_reconnect:
+        # TODO needed?
+        # Interval in seconds in which to automatically reconnect all users.
+        # This can be used to automatically mitigate the bug where Linkedin stops sending messages.
+        # Set to -1 to disable periodic reconnections entirely.
+        interval: -1
+        # What to do in periodic reconnects. Either "refresh" or "reconnect"
+        mode: refresh
+        # Should even disconnected users be reconnected?
+        always: false
+    # The number of seconds that a disconnection can last without triggering an automatic re-sync
+    # and missed message backfilling when reconnecting.
+    # Set to 0 to always re-sync, or -1 to never re-sync automatically.
+    resync_max_disconnected_time: 5
+    # Whether or not temporary disconnections should send notices to the notice room.
+    # If this is false, disconnections will never send messages and connections will only send
+    # messages if it was disconnected for more than resync_max_disconnected_time seconds.
+    temporary_disconnect_notices: true
+    # Whether or not the bridge should try to "refresh" the connection if a normal reconnection
+    # attempt fails.
+    refresh_on_reconnection_fail: false
+    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+    # This field will automatically be changed back to false after it,
+    # except if the config file is not writable.
+    resend_bridge_info: false
+    # When using double puppeting, should muted chats be muted in Matrix?
+    mute_bridging: false
+    # Whether or not mute status and tags should only be bridged when the portal room is created.
+    tag_only_on_create: true
+
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: "!li"
+
+    # Permissions for using the bridge.
+    # Permitted values:
+    #     user - Access to use the bridge to chat with a Linkedin account.
+    #    admin - User level and some additional administration tools
+    # Permitted keys:
+    #        * - All Matrix users
+    #   domain - All users on that homeserver
+    #     mxid - Specific user
+    permissions:
+        "{{ matrix_beeper_linkedin_homeserver_domain }}": user
+
+
+
+# Logging config.
+logging:
+    version: 1
+    formatters:
+        colored:
+            (): mautrix.util.logging.color.ColorFormatter
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+        normal:
+            format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
+    handlers:
+        console:
+            class: logging.StreamHandler
+            formatter: colored
+    loggers:
+        mau:
+            level: DEBUG
+        paho:
+            level: INFO
+        aiohttp:
+            level: INFO
+    root:
+        level: DEBUG
+        handlers: [ console]
+

roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2

@@ -0,0 +1,42 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Beeper Linkedin bridge
+{% for service in matrix_beeper_linkedin_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_beeper_linkedin_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-v {{ matrix_beeper_linkedin_config_path }}:/data:z \
+			--workdir=/opt/linkedin-matrix \
+			{% for arg in matrix_beeper_linkedin_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_beeper_linkedin_docker_image }} \
+                        python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-beeper-linkedin
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: latest
+matrix_heisenbridge_version: 1.0.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -1,14 +1,13 @@
 # mautrix-facebook is a Matrix <-> Facebook bridge
-# See: https://github.com/tulir/mautrix-facebook
+# See: https://github.com/mautrix/facebook
 
 matrix_mautrix_facebook_enabled: true
 
 matrix_mautrix_facebook_container_image_self_build: false
-matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git"
+matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
 
-matrix_mautrix_facebook_version: latest
-# See: https://mau.dev/tulir/mautrix-facebook/container_registry
-matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:{{ matrix_mautrix_facebook_version }}"
+matrix_mautrix_facebook_version: v0.3.1
+matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
 matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
 
@@ -107,7 +106,7 @@ matrix_mautrix_facebook_registration_yaml: |
     - exclusive: true
       regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
   url: {{ matrix_mautrix_facebook_appservice_address }}
-  # See https://github.com/tulir/mautrix-signal/issues/43
+  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true

roles/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -1,14 +1,14 @@
 # mautrix-hangouts is a Matrix <-> Hangouts bridge
-# See: https://github.com/tulir/mautrix-hangouts
+# See: https://github.com/mautrix/hangouts
 
 matrix_mautrix_hangouts_enabled: true
 
 matrix_mautrix_hangouts_container_image_self_build: false
-matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/tulir/mautrix-hangouts.git"
+matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/mautrix/hangouts.git"
 
 matrix_mautrix_hangouts_version: latest
-# See: https://mau.dev/tulir/mautrix-hangouts/container_registry
-matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:{{ matrix_mautrix_hangouts_version }}"
+# See: https://mau.dev/mautrix/hangouts/container_registry
+matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}mautrix/hangouts:{{ matrix_mautrix_hangouts_version }}"
 matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}"
 
@@ -107,7 +107,7 @@ matrix_mautrix_hangouts_registration_yaml: |
     - exclusive: true
       regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
   url: {{ matrix_mautrix_hangouts_appservice_address }}
-  # See https://github.com/tulir/mautrix-signal/issues/43
+  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -1,14 +1,14 @@
 # mautrix-instagram is a Matrix <-> Instagram bridge
-# See: https://github.com/tulir/mautrix-instagram
+# See: https://github.com/mautrix/instagram
 
 matrix_mautrix_instagram_enabled: true
 
 matrix_mautrix_instagram_container_image_self_build: false
-matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/tulir/mautrix-instagram.git"
+matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 
 matrix_mautrix_instagram_version: latest
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
-matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}tulir/mautrix-instagram:{{ matrix_mautrix_instagram_version }}"
+matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
 matrix_mautrix_instagram_docker_image_force_pull: "{{ matrix_mautrix_instagram_docker_image.endswith(':latest') }}"
 
@@ -97,7 +97,7 @@ matrix_mautrix_instagram_registration_yaml: |
     - exclusive: true
       regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$'
   url: {{ matrix_mautrix_instagram_appservice_address }}
-  # See https://github.com/tulir/mautrix-signal/issues/43
+  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -78,6 +78,22 @@ matrix_mautrix_signal_appservice_database: "{{
 # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mautrix_signal_login_shared_secret: ''
 
+# Enable bridge relay bot functionality
+matrix_mautrix_signal_relaybot_enabled: false
+
+# Permissions for using the bridge.
+# Permitted values:
+#      relay - Allowed to be relayed through the bridge, no access to commands.
+#       user - Use the bridge with puppeting.
+#      admin - Use and administrate the bridge.
+# Permitted keys:
+#        * - All Matrix users
+#   domain - All users on that homeserver
+#     mxid - Specific user
+matrix_mautrix_signal_bridge_permissions: |
+  '*': relay
+  '{{ matrix_mautrix_signal_homeserver_domain }}': user
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -9,6 +9,12 @@ homeserver:
     # Only applies if address starts with https://
     verify_ssl: true
     asmux: false
+    # Number of retries for all HTTP requests if the homeserver isn't reachable.
+    http_retry_count: 4
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint: null
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
@@ -80,6 +86,9 @@ signal:
     avatar_dir: /signald/avatars
     # Directory where signald stores auth data. Used to delete data when logging out.
     data_dir: /signald/data
+    # Whether or not unknown signald accounts should be deleted when the bridge is started.
+    # When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
+    delete_unknown_accounts_on_start: false
     # Whether or not message attachments should be removed from disk after they're bridged.
     remove_file_after_handling: true
 
@@ -131,7 +140,7 @@ bridge:
     # If false, created portal rooms will never be federated.
     federate_rooms: true
     # End-to-bridge encryption support options. You must install the e2be optional dependency for
-    # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
+    # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
         allow: false
@@ -164,12 +173,15 @@ bridge:
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
     resend_bridge_info: false
+    # Interval at which to resync contacts.
+    periodic_sync: 0
 
     # The prefix for commands. Only required in non-management rooms.
     command_prefix: "!signal"
 
     # Permissions for using the bridge.
     # Permitted values:
+    #      relay - Allowed to be relayed through the bridge, no access to commands.
     #       user - Use the bridge with puppeting.
     #      admin - Use and administrate the bridge.
     # Permitted keys:
@@ -177,7 +189,28 @@ bridge:
     #   domain - All users on that homeserver
     #     mxid - Specific user
     permissions: 
-      '{{ matrix_mautrix_signal_homeserver_domain }}': user
+        {{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
+
+    relay:
+        # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
+        # authenticated user into a relaybot for that chat.
+        enabled: {{ matrix_mautrix_signal_relaybot_enabled }}
+        # The formats to use when sending messages to Signal via a relay user.
+        #
+        # Available variables:
+        #   $sender_displayname - The display name of the sender (e.g. Example User)
+        #   $sender_username    - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
+        #   $sender_mxid        - The Matrix ID of the sender (e.g. @exampleuser:example.com)
+        #   $message            - The message content
+        message_formats:
+            m.text: '$sender_displayname: $message'
+            m.notice: '$sender_displayname: $message'
+            m.emote: '* $sender_displayname $message'
+            m.file: '$sender_displayname sent a file'
+            m.image: '$sender_displayname  sent an image'
+            m.audio: '$sender_displayname  sent an audio file'
+            m.video: '$sender_displayname  sent a video'
+            m.location: '$sender_displayname  sent a location'
 
 
 # Python logging configuration.

roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2

@@ -12,7 +12,7 @@ namespaces:
     - exclusive: true
       regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
 url: {{ matrix_mautrix_signal_appservice_address }}
-# See https://github.com/tulir/mautrix-signal/issues/43
+# See https://github.com/mautrix/signal/issues/43
 sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
 rate_limited: false
 de.sorunome.msc2409.push_ephemeral: true

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -1,5 +1,5 @@
 # mautrix-telegram is a Matrix <-> Telegram bridge
-# See: https://github.com/tulir/mautrix-telegram
+# See: https://github.com/mautrix/telegram
 
 matrix_mautrix_telegram_enabled: true
 
@@ -10,12 +10,12 @@ matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path
 matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
 
 matrix_mautrix_telegram_container_self_build: false
-matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git"
+matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.9.0
-# See: https://mau.dev/tulir/mautrix-telegram/container_registry
-matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:{{ matrix_mautrix_telegram_version }}"
+matrix_mautrix_telegram_version: v0.10.1
+# See: https://mau.dev/mautrix/telegram/container_registry
+matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
@@ -110,6 +110,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
 matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
 
+matrix_mautrix_telegram_sender_localpart: "telegrambot"
+
 matrix_mautrix_telegram_registration_yaml: |
   id: telegram
   as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@@ -123,9 +125,9 @@ matrix_mautrix_telegram_registration_yaml: |
       aliases:
       - exclusive: true
         regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
-  # See https://github.com/tulir/mautrix-signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
   url: {{ matrix_mautrix_telegram_appservice_address }}
+#  sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true
 

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -1,10 +1,10 @@
 # mautrix-whatsapp is a Matrix <-> Whatsapp bridge
-# See: https://github.com/tulir/mautrix-whatsapp
+# See: https://github.com/mautrix/whatsapp
 
 matrix_mautrix_whatsapp_enabled: true
 
 matrix_mautrix_whatsapp_version: latest
-# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry
+# See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
 
@@ -96,7 +96,7 @@ matrix_mautrix_whatsapp_registration_yaml: |
   url: {{ matrix_mautrix_whatsapp_appservice_address }}
   as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
   hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
-  # See https://github.com/tulir/mautrix-signal/issues/43
+  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_whatsapp_appservice_bot_username }}
   rate_limited: false
   namespaces:

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -25,7 +25,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 10000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -70,7 +70,7 @@ namePatterns:
   #
   # name: username of the user
   # discriminator: hashtag of the user (ex. #1234)
-  user: :name
+  user: ":name (#:discriminator) (via Discord)"
 
   # A user's guild-specific displayname - if they've set a custom nick in
   # a guild
@@ -82,7 +82,7 @@ namePatterns:
   # displayname: the user's custom group-specific nick
   # channel: the name of the channel
   # guild: the name of the guild
-  userOverride: :name
+  userOverride: ":displayname (:name#:discriminator) (via Discord)"
 
   # Room names for bridged Discord channels
   #
@@ -90,7 +90,7 @@ namePatterns:
   #
   # name: name of the channel
   # guild: name of the guild
-  room: :name
+  room: "#:name (:guild on Discord)"
 
   # Group names for bridged Discord servers
   #

roles/matrix-client-element/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.7.34
+matrix_client_element_version: v1.8.1
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-element/tasks/setup.yml

@@ -67,6 +67,18 @@
     - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
   when: "matrix_client_element_enabled|bool and item.src is not none"
 
+- name: Copy Element costum files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
+    - {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
+  when: "matrix_client_element_enabled|bool and item.src is not none"
+
 - name: Ensure Element config files removed
   file:
     path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

roles/matrix-client-element/templates/welcome.html.j2

@@ -33,7 +33,7 @@ h1::after {
 }
 
 .mx_Logo {
-    height: 54px;
+    height: 92px;
     margin-top: 2px;
 }
 

roles/matrix-common-after/tasks/awx_post.yml

@@ -60,11 +60,5 @@
     state: directory
     owner: matrix
     group: matrix
-    mode: '0574'
-  when: customise_base_domain_website is defined
-
-- name: Ensure erroneous /chroot/website/matrix-domain location doesn't exist
-  file:
-    path: /chroot/website/matrix-domain
-    state: absent
+    mode: '0770'
   when: customise_base_domain_website is defined

roles/matrix-corporal/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_version: 2.1.1
+matrix_corporal_version: 2.1.2
 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
 matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

roles/matrix-coturn/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
 matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
-matrix_coturn_version: 4.5.2-r2
+matrix_coturn_version: 4.5.2-r3
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

roles/matrix-mailer/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.94.2-r0-2
+matrix_mailer_version: 4.94.2-r0-3
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

roles/matrix-nginx-proxy/defaults/main.yml

@@ -10,6 +10,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
 matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
 matrix_nginx_proxy_data_path_in_container: "/nginx-data"
+matrix_nginx_proxy_data_path_extension: "/matrix_domain"
 matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d"
 
 # List of systemd services that matrix-nginx-proxy.service depends on
@@ -75,6 +76,9 @@ matrix_nginx_proxy_container_federation_host_bind_port: '8448'
 # in the `{{ matrix_nginx_proxy_data_path }}/matrix-domain` (`/matrix/nginx-proxy/data/matrix-domain`) directory.
 matrix_nginx_proxy_base_domain_serving_enabled: false
 
+# Controls whether the base domain directory and default index.html file are created.
+matrix_nginx_proxy_base_domain_create_directory: true
+
 matrix_nginx_proxy_base_domain_hostname: "{{ matrix_domain }}"
 
 # Controls whether `matrix_nginx_proxy_base_domain_homepage_template` would be dumped to an `index.html` file
@@ -405,7 +409,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -127,7 +127,7 @@
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
 
 - name: Ensure Matrix nginx-proxy homepage for base domain exists
   copy:
@@ -136,7 +136,7 @@
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool
+  when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
 
 - name: Ensure Matrix nginx-proxy configuration for base domain exists
   template:

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2

@@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: "True"
 
 {% macro render_vhost_directives() %}
-	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
+	root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}{{ matrix_nginx_proxy_data_path_extension }};
 
 	gzip on;
 	gzip_types text/plain application/json;

roles/matrix-postgres/defaults/main.yml

@@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64
 # > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
 
-matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.2.0
+matrix_prometheus_node_exporter_version: v1.2.2
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 

roles/matrix-prometheus-postgres-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_postgres_exporter_enabled: false
 
-matrix_prometheus_postgres_exporter_version: v0.9.0
+matrix_prometheus_postgres_exporter_version: v0.10.0
 matrix_prometheus_postgres_exporter_port: 9187
 
 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"

roles/matrix-prometheus/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.28.1
+matrix_prometheus_version: v2.29.1
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

roles/matrix-sygnal/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
 matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
 
-matrix_sygnal_version: v0.9.0
+matrix_sygnal_version: v0.10.1
 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
 matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
 
@@ -25,26 +25,6 @@ matrix_sygnal_container_http_host_bind_port: ''
 # A list of extra arguments to pass to the container
 matrix_sygnal_container_extra_arguments: []
 
-# Database-related configuration fields.
-#
-# To use SQLite, stick to these defaults.
-#
-# To use Postgres:
-# - change the engine (`matrix_sygnal_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables
-matrix_sygnal_database_engine: 'sqlite'
-
-matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db"
-matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db"
-
-matrix_sygnal_database_username: 'matrix_sygnal'
-matrix_sygnal_database_password: 'some-password'
-matrix_sygnal_database_hostname: 'matrix-postgres'
-matrix_sygnal_database_port: 5432
-matrix_sygnal_database_name: 'matrix_sygnal'
-
-matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}'
-
 # A map (dictionary) of apps instances that this server works with.
 #
 # Example configuration:

roles/matrix-sygnal/tasks/setup_install.yml

@@ -1,32 +1,5 @@
 ---
 
-- set_fact:
-    matrix_sygnal_requires_restart: false
-
-- block:
-    - name: Check if an SQLite database already exists
-      stat:
-        path: "{{ matrix_sygnal_sqlite_database_path_local }}"
-      register: matrix_sygnal_sqlite_database_path_local_stat_result
-
-    - block:
-        - set_fact:
-            matrix_postgres_db_migration_request:
-              src: "{{ matrix_sygnal_sqlite_database_path_local }}"
-              dst: "{{ matrix_sygnal_database_connection_string }}"
-              caller: "{{ role_path|basename }}"
-              engine_variable_name: 'matrix_sygnal_database_engine'
-              engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-sygnal.service']
-              pgloader_options: ['--with "quote identifiers"']
-
-        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
-
-        - set_fact:
-            matrix_sygnal_requires_restart: true
-      when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool"
-  when: "matrix_sygnal_database_engine == 'postgres'"
-
 - name: Ensure Sygnal image is pulled
   docker_image:
     name: "{{ matrix_sygnal_docker_image }}"
@@ -65,9 +38,3 @@
   service:
     daemon_reload: yes
   when: "matrix_sygnal_systemd_service_result.changed|bool"
-
-- name: Ensure matrix-sygnal.service restarted, if necessary
-  service:
-    name: "matrix-sygnal.service"
-    state: restarted
-  when: "matrix_sygnal_requires_restart|bool"

roles/matrix-sygnal/tasks/validate_config.yml

@@ -3,11 +3,3 @@
     msg: >-
       Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps`
   when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0"
-
-- name: Fail if running on a non-supported architecture
-  fail:
-    msg: >-
-      Sygnal can only be used on the amd64 architecture for now.
-      Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image.
-      Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role.
-  when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')"

roles/matrix-sygnal/templates/sygnal.yaml.j2

@@ -3,57 +3,6 @@
 # See: matrix.org
 ##
 
-# The 'database' setting defines the database that sygnal uses to store all of
-# its data.
-#
-# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or
-# 'psycopg2' (for PostgreSQL).
-#
-# 'args' gives options which are passed through to the database engine,
-# except for options starting 'cp_', which are used to configure the Twisted
-# connection pool. For a reference to valid arguments, see:
-#   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
-#   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
-#   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__
-#
-#
-# Example SQLite configuration:
-#
-#database:
-#  name: sqlite3
-#  args:
-#    dbfile: /path/to/database.db
-#
-#
-# Example Postgres configuration:
-#
-#database:
-#  name: psycopg2
-#  args:
-#    host: localhost
-#    database: sygnal
-#    user: sygnal
-#    password: pass
-#    cp_min: 1
-#    cp_max: 5
-#
-{% if matrix_sygnal_database_engine == 'sqlite' %}
-database:
-  name: sqlite3
-  args:
-    dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }}
-{% else %}
-database:
-  name: psycopg2
-  args:
-    host: {{ matrix_sygnal_database_hostname|to_json }}
-    database: {{ matrix_sygnal_database_name|to_json }}
-    user: {{ matrix_sygnal_database_username|to_json }}
-    password: {{ matrix_sygnal_database_password|to_json }}
-    cp_min: 1
-    cp_max: 5
-{% endif %}
-
 ## Logging #
 #
 log:

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.40.0
-matrix_synapse_version_arm64: v1.40.0
+matrix_synapse_version: v1.41.0
+matrix_synapse_version_arm64: v1.41.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
@@ -470,6 +470,7 @@ matrix_synapse_email_smtp_port: 587
 matrix_synapse_email_smtp_require_transport_security: false
 matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
 matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}"
+matrix_synapse_email_invite_client_location: "https://app.element.io"
 
 
 # Enable this to activate the REST auth password provider module.

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -185,6 +185,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
 #
 # This option replaces federation_ip_range_blacklist in Synapse v1.25.0.
 #
+# Note: The value is ignored when an HTTP proxy is in use
+#
 #ip_range_blacklist:
 #  - '127.0.0.0/8'
 #  - '10.0.0.0/8'
@@ -583,6 +585,19 @@ retention:
 #
 #next_link_domain_whitelist: ["matrix.org"]
 
+# Templates to use when generating email or HTML page contents.
+#
+templates:
+  # Directory in which Synapse will try to find template files to use to generate
+  # email or HTML page contents.
+  # If not set, or a file is not found within the template directory, a default
+  # template from within the Synapse package will be used.
+  #
+  # See https://matrix-org.github.io/synapse/latest/templates.html for more
+  # information about using custom templates.
+  #
+  #custom_template_directory: /path/to/custom/templates/
+
 
 ## TLS ##
 
@@ -729,6 +744,21 @@ caches:
    per_cache_factors:
      #get_users_who_share_room_with_user: 2.0
 
+  # Controls how long an entry can be in a cache without having been
+  # accessed before being evicted. Defaults to None, which means
+  # entries are never evicted based on time.
+  #
+  #expiry_time: 30m
+
+  # Controls how long the results of a /sync request are cached for after
+  # a successful response is returned. A higher duration can help clients with
+  # intermittent connections, at the cost of higher memory usage.
+  #
+  # By default, this is zero, which means that sync responses are not cached
+  # at all.
+  #
+  #sync_response_cache_duration: 2m
+
 
 ## Database ##
 
@@ -996,6 +1026,8 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
 # This must be specified if url_preview_enabled is set. It is recommended that
 # you uncomment the following list as a starting point.
 #
+# Note: The value is ignored when an HTTP proxy is in use
+#
 url_preview_ip_range_blacklist:
   - '127.0.0.0/8'
   - '10.0.0.0/8'
@@ -1924,6 +1956,9 @@ cas_config:
 # Additional settings to use with single-sign on systems such as OpenID Connect,
 # SAML2 and CAS.
 #
+# Server admins can configure custom templates for pages related to SSO. See
+# https://matrix-org.github.io/synapse/latest/templates.html for more information.
+#
 sso:
     # A list of client URLs which are whitelisted so that the user does not
     # have to confirm giving access to their account to the URL. Any client
@@ -2250,6 +2285,9 @@ ui_auth:
 {% if matrix_synapse_email_enabled %}
 # Configuration for sending emails from Synapse.
 #
+# Server admins can configure custom templates for email content. See
+# https://matrix-org.github.io/synapse/latest/templates.html for more information.
+#
 email:
   # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
   #
@@ -2275,10 +2313,13 @@ email:
   #require_transport_security: true
   require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
 
-  # Enable sending emails for messages that the user has missed
+  # Uncomment the following to disable TLS for SMTP.
   #
-  #enable_notifs: false
-  enable_notifs: true
+  # By default, if the server supports TLS, it will be used, and the server
+  # must present a certificate that is valid for 'smtp_host'. If this option
+  # is set to false, TLS will not be used.
+  #
+  #enable_tls: false
 
   # notif_from defines the "From" address to use when sending emails.
   # It must be set if email sending is enabled.
@@ -2299,6 +2340,11 @@ email:
   #app_name: my_branded_matrix_server
   app_name: Matrix
 
+  # Enable sending emails for messages that the user has missed
+  #
+  #enable_notifs: false
+  enable_notifs: true
+
   # Uncomment the following to disable automatic subscription to email
   # notifications for new users. Enabled by default.
   #
@@ -2319,48 +2365,11 @@ email:
   #
   #validation_token_lifetime: 15m
 
-  # Directory in which Synapse will try to find the template files below.
-  # If not set, or the files named below are not found within the template
-  # directory, default templates from within the Synapse package will be used.
+  # The web client location to direct users to during an invite. This is passed
+  # to the identity server as the org.matrix.web_client_location key. Defaults
+  # to unset, giving no guidance to the identity server.
   #
-  # Synapse will look for the following templates in this directory:
-  #
-  # * The contents of email notifications of missed events: 'notif_mail.html' and
-  #   'notif_mail.txt'.
-  #
-  # * The contents of account expiry notice emails: 'notice_expiry.html' and
-  #   'notice_expiry.txt'.
-  #
-  # * The contents of password reset emails sent by the homeserver:
-  #   'password_reset.html' and 'password_reset.txt'
-  #
-  # * An HTML page that a user will see when they follow the link in the password
-  #   reset email. The user will be asked to confirm the action before their
-  #   password is reset: 'password_reset_confirmation.html'
-  #
-  # * HTML pages for success and failure that a user will see when they confirm
-  #   the password reset flow using the page above: 'password_reset_success.html'
-  #   and 'password_reset_failure.html'
-  #
-  # * The contents of address verification emails sent during registration:
-  #   'registration.html' and 'registration.txt'
-  #
-  # * HTML pages for success and failure that a user will see when they follow
-  #   the link in an address verification email sent during registration:
-  #   'registration_success.html' and 'registration_failure.html'
-  #
-  # * The contents of address verification emails sent when an address is added
-  #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
-  #
-  # * HTML pages for success and failure that a user will see when they follow
-  #   the link in an address verification email sent when an address is added
-  #   to a Matrix account: 'add_threepid_success.html' and
-  #   'add_threepid_failure.html'
-  #
-  # You can see the default templates at:
-  # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
-  #
-  #template_dir: "res/templates"
+  invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }}
 
   # Subjects to use when sending emails from Synapse.
   #

roles/matrix-synapse/vars/workers.yml

@@ -37,6 +37,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/federation/v1/send/
 
   # Client API requests
+  - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
@@ -253,10 +254,12 @@ matrix_synapse_workers_media_repository_endpoints:
   - ^/_synapse/admin/v1/user/.*/media.*$
   - ^/_synapse/admin/v1/media/.*$
   - ^/_synapse/admin/v1/quarantine_media/.*$
+  - ^/_synapse/admin/v1/users/.*/media$
 
   # You should also set `enable_media_repo: False` in the shared configuration
   # file to stop the main synapse running background jobs related to managing the
-  # media repository.
+  # media repository. Note that doing so will prevent the main process from being
+  # able to handle the above endpoints.
 
   # In the `media_repository` worker configuration file, configure the http listener to
   # expose the `media` resource. For example:

setup.yml

@@ -18,6 +18,7 @@
     - matrix-bridge-appservice-slack
     - matrix-bridge-appservice-webhooks
     - matrix-bridge-appservice-irc
+    - matrix-bridge-beeper-linkedin
     - matrix-bridge-mautrix-facebook
     - matrix-bridge-mautrix-hangouts
     - matrix-bridge-mautrix-instagram
@@ -56,3 +57,28 @@
     - matrix-postgres-backup
     - matrix-prometheus-postgres-exporter
     - matrix-common-after
+
+  tasks:
+    - name: Ensure web-user is present
+      user:
+        name: "{{ web_user }}"
+        state: present
+        system: yes
+      register: web_user_res
+      tags: [ setup-caddy, setup-all, start ]
+    - name: Ensure directory for revproxy config is present
+      file:
+        path: "{{ revproxy_autoload_dir }}/matrix"
+        state: directory
+        owner: "{{ web_user_res.uid }}"
+        group: "{{ web_user_res.group }}"
+        mode: 0750
+      tags: [ setup-caddy, setup-all, start ]
+    - name: Template reverse proxy configuration
+      template:
+        src: Caddyfile.j2
+        dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
+        owner: "{{ web_user_res.uid }}"
+        group: "{{ web_user_res.group }}"
+        mode: 0640
+      tags: [ setup-caddy, setup-all, start ]

templates/Caddyfile.j2

@@ -0,0 +1,110 @@
+https://{{ matrix_server_fqn_matrix }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+	header {
+		Strict-Transport-Security "max-age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+        # matrix-ma1sd
+	reverse_proxy /_matrix/identity/* {{ matrix_ma1sd_container_http_host_bind_port }} {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+        reverse_proxy /_matrix/client/r0/user_directory/search/* {{ matrix_ma1sd_container_http_host_bind_port }} {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+                header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+	reverse_proxy /_matrix/federation/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
+	reverse_proxy /_matrix/key/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
+	reverse_proxy /_matrix/* {{ matrix_synapse_container_client_api_host_bind_port }} {
+		import proxyheaders
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+        route /synapse-admin/* {
+                uri strip_prefix /synapse-admin
+                reverse_proxy http://127.0.0.1{{ matrix_synapse_admin_container_http_host_bind_port }}
+        }
+	reverse_proxy /_synapse/* http://{{ matrix_synapse_container_client_api_host_bind_port }}
+        basicauth /metrics/* bcrypt monitoring {
+                monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
+        }
+        route /metrics/synapse {
+                uri replace /metrics/synapse /_synapse/metrics
+		reverse_proxy http://{{ matrix_synapse_container_metrics_api_host_bind_port }}
+        }
+        route /metrics/synapse/worker/appservice {
+                uri replace /metrics/synapse/worker/appservice /_synapse/metrics
+		reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_appservice_workers_metrics_range_start }}
+        }
+        route /metrics/synapse/worker/federation-sender {
+                uri replace /metrics/synapse/worker/federation-sender /_synapse/metrics
+		reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start }}
+        }
+        route /metrics/bridge/* {
+                uri strip_prefix /metrics/bridge
+                route /mautrix-telegram {
+                    uri replace /mautrix-telegram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-whatsapp {
+                    uri replace /mautrix-whatsapp /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-signal {
+                    uri replace /mautrix-signal /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-instagram {
+                    uri replace /mx-puppet-instagram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-discord {
+                    uri replace /mx-puppet-discord /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-skype {
+                    uri replace /mx-puppet-skype /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-slack {
+                    uri replace /mx-puppet-slack /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+                }
+        }
+	reverse_proxy /bridge/telegram/* http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}
+	reverse_proxy /bridge/slack/* http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}
+}
+
+https://{{ matrix_server_fqn_dimension }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+	reverse_proxy http://{{ matrix_dimension_container_http_host_bind_port }} {
+		#header_up X-Forwarded-For {remote}
+		import proxyheaders
+		#header_up Host {host}
+	}
+}
+
+https://{{ matrix_server_fqn_element }} {
+	tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
+	encode zstd gzip
+	reverse_proxy http://{{ matrix_client_element_container_http_host_bind_port }}
+}
+
+https://{{ matrix_domain }}/.well-known/matrix/* {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	route {
+		uri strip_prefix /.well-known/matrix
+		root * /matrix_static
+		file_server
+	}
+	header {
+		Content-Type "application/json"
+		X-Content-Type-Options "nosniff"
+		Access-Control-Allow-Origin *
+		Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+}