fix: broken rhel/fedora tasks disabled

Bump signald to 0.18.1

CHANGELOG.md

@@ -1,3 +1,40 @@
+# 2022-04-21
+
+## matrix-registration-bot support
+
+Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server.
+
+See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started.
+
+
+# 2022-04-19
+
+## Borg backup support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server.
+
+See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started.
+
+
+## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action
+
+If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading:
+
+> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs.
+
+If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care.
+
+If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path:
+
+0. Pull the latest playbook changes
+1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
+2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`)
+3. Start Postgres (`systemctl start matrix-postgres` on the server)
+4. Start the main Synapse process (`systemctl start matrix-synapse` on the server)
+5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough.
+6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you
+
+
 # 2022-04-14
 
 ## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action

docs/configuring-playbook-backup-borg.md

@@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste
 
 The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day.
 
+By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable.
+
+
 ## Prerequisites
 
 1. Create a new SSH key:
@@ -51,6 +54,8 @@ where:
 * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
 * PRIVATE KEY - the content of the **private** part of the SSH key you created before
 
+To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable.
+
 `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.
 
 Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.

docs/configuring-playbook-bot-matrix-registration-bot.md

@@ -0,0 +1,72 @@
+# Setting up matrix-registration-bot (optional)
+
+The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
+
+The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
+where you invite someone by sending them a registration token. They can register as normal but have to provide a valid
+registration token in a final step  of the registration.
+
+See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
+does and why it might be useful to you.
+
+
+## Registering the bot user
+
+By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`.
+
+(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+## Obtaining an admin access token
+
+In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the
+bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account
+(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
+You can expand "Access token" to copy it.
+
+![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
+
+**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_matrix_registration_bot_enabled: true
+# Token obtained via logging into the bot account (see above)
+matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE"
+
+# Enables registration
+matrix_synapse_enable_registration: true
+
+# Restrict registration to users with a token
+matrix_synapse_registration_requires_token: true
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
+In this room send `help` and the bot will reply with all options.
+
+You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
+If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
+or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).

docs/configuring-playbook-postgres-backup.md

@@ -2,6 +2,9 @@
 
 The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
 
+For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead.
+
+
 ## Adjusting the playbook configuration
 
 Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:

docs/configuring-playbook.md

@@ -151,6 +151,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)
 
+- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional)
+
+### Backups
+
+- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional)
+
+- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional)
+
 
 ### Other specialized services
 

docs/faq.md

@@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee
 
 - **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting.
 
-- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login.
+- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login.
 
 - **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server).
 

group_vars/matrix_servers

@@ -987,6 +987,35 @@ matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architectu
 #
 ######################################################################
 
+
+######################################################################
+#
+# matrix-bot-matrix-registration-bot
+#
+######################################################################
+
+# We don't enable bots by default.
+matrix_bot_matrix_registration_bot_enabled: false
+
+matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
+
+matrix_bot_matrix_registration_bot_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+
+######################################################################
+#
+# /matrix-bot-matrix-registration-bot
+#
+######################################################################
+
+
 ######################################################################
 #
 # matrix-bot-honoroit
@@ -1081,13 +1110,33 @@ matrix_bot_mjolnir_systemd_required_services_list: |
 ######################################################################
 
 matrix_backup_borg_enabled: false
+matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
+matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}"
+matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}"
+matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}"
+matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}"
+matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}"
+matrix_backup_borg_postgresql_databases: |
+  {{
+    (([{
+        'name': matrix_synapse_database_database
+    }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+    +
+    matrix_postgres_additional_databases)|map(attribute='name')|list
+  }}
 matrix_backup_borg_location_source_directories:
   - "{{ matrix_base_data_path }}"
 matrix_backup_borg_location_exclude_patterns: |
   {{
-    {
-      'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"],
-    }[matrix_homeserver_implementation]
+    ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else [])
+    +
+    ([matrix_postgres_data_path] if matrix_postgres_enabled else [])
+  }}
+matrix_backup_borg_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-postgres.service'] if matrix_postgres_enabled else [])
   }}
 
 ######################################################################

roles/matrix-backup-borg/defaults/main.yml

@@ -1,18 +1,19 @@
 ---
 matrix_backup_borg_enabled: true
 
-matrix_backup_borg_container_image_self_build: false
-matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic"
-matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src"
-
-matrix_backup_borg_version: latest
-matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
-matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
-matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}"
-
 matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
 matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
 
+matrix_backup_borg_container_image_self_build: false
+matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
+matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
+
+# version determined automatically, based on postgres server version (if enabled), otherwise latest is used
+matrix_backup_borg_version: ""
+matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
+matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
+matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version|default('') == '' }}"
+
 # A list of extra arguments to pass to the container
 matrix_backup_borg_container_extra_arguments: []
 
@@ -28,18 +29,30 @@ matrix_backup_borg_schedule: "*-*-* 04:00:00"
 # what directories should be added to backup
 matrix_backup_borg_location_source_directories: []
 
+# postgres db backup
+matrix_backup_borg_postgresql_enabled: true
+matrix_backup_borg_supported_postgres_versions: ['12', '13', '14']
+matrix_backup_borg_postgresql_databases: []
+matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres"
+matrix_backup_borg_postgresql_databases_username: "matrix"
+matrix_backup_borg_postgresql_databases_password: ""
+matrix_backup_borg_postgresql_databases_port: 5432
+
 # target repositories
 matrix_backup_borg_location_repositories: []
 
 # exclude following paths:
 matrix_backup_borg_location_exclude_patterns: []
 
-# borg encryption mode, only repokey-* is supported
+# borg encryption mode, only "repokey-*" and "none" are supported
 matrix_backup_borg_encryption: repokey-blake2
 
 # private ssh key used to connect to the borg repo
 matrix_backup_borg_ssh_key_private: ""
 
+# allow unencrypted repo access
+matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
+
 # borg ssh command with ssh key
 matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
 
@@ -47,7 +60,7 @@ matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new
 matrix_backup_borg_storage_compression: lz4
 
 # archive name format
-matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}"
+matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
 
 # repository passphrase
 matrix_backup_borg_storage_encryption_passphrase: ""
@@ -60,4 +73,26 @@ matrix_backup_borg_retention_keep_monthly: 12
 matrix_backup_borg_retention_keep_yearly: 2
 
 # retention prefix
-matrix_backup_borg_retention_prefix: "matrix-"
+matrix_backup_borg_retention_prefix: matrix-
+
+# Default borgmatic configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_backup_borg_configuration_extension_yaml: |
+  # Your custom YAML configuration for borgmatic goes here.
+  # This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_backup_borg_configuration_yaml`.
+
+matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml|from_yaml if matrix_backup_borg_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final borgmatic configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`.
+matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml|from_yaml|combine(matrix_backup_borg_configuration_extension, recursive=True) }}"

roles/matrix-backup-borg/tasks/init.yml

@@ -1,4 +1,4 @@
 ---
 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}"
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}"
   when: matrix_backup_borg_enabled|bool

roles/matrix-backup-borg/tasks/setup_install.yml

@@ -1,4 +1,17 @@
 ---
+- block:
+  - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/detect_existing_postgres_version.yml"
+
+  - name: Fail if detected Postgres version is unsupported
+    fail:
+      msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
+    when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
+
+  - name: Set the correct borg backup version to use
+    set_fact:
+      matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
+  when: matrix_backup_borg_postgresql_enabled|bool and matrix_backup_borg_version == ''
+
 - name: Ensure borg paths exist
   file:
     path: "{{ item.path }}"
@@ -11,9 +24,9 @@
     - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
   when: "item.when|bool"
 
-- name: Ensure borg config is created
-  template:
-    src: "{{ role_path }}/templates/config.yaml.j2"
+- name: Ensure borgmatic config is created
+  copy:
+    content: "{{ matrix_backup_borg_configuration|to_nice_yaml(indent=2, width=999999) }}"
     dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"

roles/matrix-backup-borg/tasks/validate_config.yml

@@ -7,4 +7,9 @@
   with_items:
     - "matrix_backup_borg_ssh_key_private"
     - "matrix_backup_borg_location_repositories"
-    - "matrix_backup_borg_storage_encryption_passphrase"
+
+- name: Fail if encryption passphrase is undefined unless repository is unencrypted
+  fail:
+    msg: >-
+      You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
+  when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"

roles/matrix-backup-borg/templates/config.yaml.j2

@@ -7,18 +7,19 @@ location:
   exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
 
 storage:
-  compression: {{ matrix_backup_borg_storage_compression }}
-  ssh_command: {{ matrix_backup_borg_storage_ssh_command }}
-  archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}'
-  encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }}
+  compression: {{ matrix_backup_borg_storage_compression|to_json }}
+  ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
+  archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
+  encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
+  unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
 
 retention:
-  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}
-  keep_daily: {{ matrix_backup_borg_retention_keep_daily }}
-  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }}
-  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }}
-  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }}
-  prefix: '{{ matrix_backup_borg_retention_prefix }}'
+  keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
+  keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }}
+  keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }}
+  keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }}
+  keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }}
+  prefix: {{ matrix_backup_borg_retention_prefix|to_json }}
 
 consistency:
   checks:
@@ -26,6 +27,16 @@ consistency:
     - archives
 
 hooks:
+{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %}
+  postgresql_databases:
+  {% for database in matrix_backup_borg_postgresql_databases %}
+  - name: {{ database|to_json }}
+    hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
+    username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
+    password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
+    port: {{ matrix_backup_borg_postgresql_databases_port|to_json }}
+  {% endfor %}
+{% endif %}
   after_backup:
     - echo "Backup created."
   on_error:

roles/matrix-base/defaults/main.yml

@@ -71,6 +71,10 @@ matrix_container_global_registry_prefix: "docker.io/"
 matrix_container_retries_count: 10
 matrix_container_retries_delay: 10
 
+# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
+matrix_geturl_retries_count: 10
+matrix_geturl_retries_delay: 10
+
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
 

roles/matrix-bot-honoroit/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.6
+matrix_bot_honoroit_version: v0.9.7
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -96,6 +96,15 @@ matrix_bot_honoroit_text_prefix_done: ''
 # Text: greetings
 matrix_bot_honoroit_text_greetings: ''
 
+# Text: invite
+matrix_bot_honoroit_text_invite: ''
+
+# Text: join
+matrix_bot_honoroit_text_join: ''
+
+# Text: leave
+matrix_bot_honoroit_text_leave: ''
+
 # Text: error
 matrix_bot_honoroit_text_error: ''
 

roles/matrix-bot-honoroit/templates/env.j2

@@ -11,6 +11,9 @@ HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
 HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
 HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
+HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }}
+HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }}
+HONOROIT_TEXT_LEAVE={{ matrix_bot_honoroit_text_leave }}
 HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
 HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}
 HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }}

roles/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -0,0 +1,49 @@
+---
+# matrix-registration-bot creates and manages registration tokens for a matrix server
+# See: https://github.com/moan0s/matrix-registration-bot
+
+matrix_bot_matrix_registration_bot_enabled: true
+matrix_bot_matrix_registration_bot_container_image_self_build: false
+matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
+matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
+
+matrix_bot_matrix_registration_bot_version: latest
+matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
+matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
+
+matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
+matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
+matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data"
+
+matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
+matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
+
+# The access token that the bot uses to communicate in Matrix chats
+# This does not necessarily need to be a privileged (admin) access token.
+matrix_bot_matrix_registration_bot_bot_access_token: ''
+
+# The access token that the bot uses to call the Matrix API for creating registration tokens.
+# This needs to be a privileged (admin) access token.
+# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
+# If necessary, you can define your own other access token here, which might even be for a different Matrix user.
+matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
+
+matrix_bot_matrix_registration_bot_logging_level: info
+matrix_bot_matrix_registration_environment_variables_extension: ''
+
+# A list of extra arguments to pass to the container
+matrix_bot_matrix_registration_bot_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-matrix-registration-bot.service depends on
+matrix_bot_matrix_registration_bot_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-matrix-registration-bot.service wants
+matrix_bot_matrix_registration_bot_systemd_wanted_services_list: []
+
+# The bot's username. This user needs to be created manually beforehand.
+# Also see `matrix_bot_matrix_registration_bot_user_password`.
+matrix_bot_matrix_registration_bot_matrix_user_id_localpart: "bot.matrix-registration-bot"
+
+matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}:{{ matrix_domain }}'
+
+matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}"

roles/matrix-bot-matrix-registration-bot/tasks/init.yml

@@ -0,0 +1,5 @@
+---
+
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}"
+  when: matrix_bot_matrix_registration_bot_enabled|bool

roles/matrix-bot-matrix-registration-bot/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-matrix-registration-bot
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-matrix-registration-bot
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_bot_matrix_registration_bot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-matrix-registration-bot

roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml

@@ -0,0 +1,73 @@
+---
+
+- name: Ensure matrix-registration-bot paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
+    - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
+    - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
+  when: "item.when|bool"
+
+- name: Ensure matrix-registration-bot configuration file created
+  template:
+    src: "{{ role_path }}/templates/config/config.yml.j2"
+    dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: 0640
+
+- name: Ensure matrix-registration-bot image is pulled
+  docker_image:
+    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}"
+  when: "not matrix_bot_matrix_registration_bot_container_image_self_build|bool"
+  register: result
+  retries: "{{ matrix_container_retries_count }}"
+  delay: "{{ matrix_container_retries_delay }}"
+  until: result is not failed
+
+- name: Ensure matrix-registration-bot repository is present on self-build
+  git:
+    repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}"
+    dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
+    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
+  register: matrix_bot_matrix_registration_bot_git_pull_results
+  when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool"
+
+- name: Ensure matrix-registration-bot image is built
+  docker_image:
+    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
+    source: build
+    force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
+      pull: true
+  when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool"
+
+- name: Ensure matrix-bot-matrix-registration-bot.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
+    mode: 0644
+  register: matrix_bot_matrix_registration_bot_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation
+  service:
+    daemon_reload: true
+  when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool"
+
+- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary
+  service:
+    name: "matrix-bot-matrix-registration-bot.service"
+    state: restarted

roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Check existence of matrix-matrix-registration-bot service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
+  register: matrix_bot_matrix_registration_bot_service_stat
+
+- name: Ensure matrix-matrix-registration-bot is stopped
+  service:
+    name: matrix-bot-matrix-registration-bot
+    state: stopped
+    enabled: false
+    daemon_reload: true
+  register: stopping_result
+  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool"
+
+- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service"
+    state: absent
+  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool"
+
+- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal
+  service:
+    daemon_reload: true
+  when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool"
+
+- name: Ensure Matrix matrix-registration-bot paths don't exist
+  file:
+    path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
+    state: absent
+
+- name: Ensure matrix-registration-bot Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
+    state: absent

roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_matrix_registration_bot_bot_access_token"
+    - "matrix_bot_matrix_registration_bot_api_token"

roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2

@@ -0,0 +1,12 @@
+bot:
+  server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
+  username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
+  access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
+api:
+  # API endpoint of the registration tokens
+  base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
+  # Access token of an administrator on the server
+  token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
+logging:
+  level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}
+

roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2

@@ -0,0 +1,37 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix registration bot
+{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_bot_matrix_registration_bot_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \
+			--log-driver=none \
+			--cap-drop=ALL \
+			-e "CONFIG_PATH=/config/config.yml" \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--read-only \
+			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
+			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
+			--network={{ matrix_docker_network }} \
+			{{ matrix_bot_matrix_registration_bot_docker_image }}
+
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-bot-matrix-registration-bot
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-appservice-slack/templates/config.yaml.j2

@@ -9,6 +9,21 @@ homeserver:
     url: "{{ matrix_appservice_slack_homeserver_url }}"
     media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
 
+# Real Time Messaging API (RTM)
+# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise.
+#
+rtm:
+  # Use the RTM API to listen for requests, which does not require
+  # the bridge to listen on the hook port.
+  # You should leave this enabled, unless you plan to use the
+  # bridge exclusively for webhooks.
+  #
+  enable: true
+
+  # Logging level specific to RTM traffic.
+  #
+  log_level: "silent"
+
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"
 {% else %}

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.10.1
+matrix_heisenbridge_version: 1.12.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-hookshot/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 1.4.0
+matrix_hookshot_version: 1.5.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -8,18 +8,19 @@ matrix_mautrix_signal_container_image_self_build: false
 matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
-matrix_mautrix_signal_version: v0.2.3
-matrix_mautrix_signal_daemon_version: 0.17.0
+matrix_mautrix_signal_version: v0.3.0
+matrix_mautrix_signal_daemon_version: 0.18.1
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_signal_daemon_container_image_self_build: false
-matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
+matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald"
 matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
 
-matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
-matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
+matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
+matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}"
+matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}"
 
 matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"
 matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge"

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.11.2
+matrix_mautrix_telegram_version: v0.11.3
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.3.0
+matrix_mautrix_whatsapp_version: v0.3.1
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-client-element/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.10.9
+matrix_client_element_version: v1.10.10
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-grafana/tasks/setup.yml

@@ -70,6 +70,10 @@
     group: "{{ matrix_user_groupname }}"
   with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
   when: matrix_grafana_enabled|bool
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - name: Ensure matrix-grafana.service installed
   template:

roles/matrix-nginx-proxy/defaults/main.yml

@@ -275,7 +275,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matr
 
 # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
 matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"
-
+matrix_nginx_proxy_tmp_cache_directory_size_mb: "{{ (matrix_nginx_proxy_synapse_cache_max_size_mb | int) * 2 }}"
 # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf).
 # for big matrixservers to enlarge the number of open files to prevent timeouts
 # matrix_nginx_proxy_proxy_additional_configuration_blocks:
@@ -557,6 +557,16 @@ matrix_nginx_proxy_synapse_media_repository_locations: []
 matrix_nginx_proxy_synapse_user_dir_locations: []
 matrix_nginx_proxy_synapse_frontend_proxy_locations: []
 
+# synapse content caching
+matrix_nginx_proxy_synapse_cache_enabled: false
+matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}"
+matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC"
+matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m"
+matrix_nginx_proxy_synapse_cache_inactive_time: "48h"
+matrix_nginx_proxy_synapse_cache_max_size_mb: 1024
+matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"
+
+
 # The amount of worker processes and connections
 # Consider increasing these when you are expecting high amounts of traffic
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections

roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml

@@ -12,15 +12,17 @@
 #
 - name: Ensure Matrix nginx-proxy paths exist
   file:
-    path: "{{ item }}"
+    path: "{{ item.path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items:
-    - "{{ matrix_nginx_proxy_base_path }}"
-    - "{{ matrix_nginx_proxy_data_path }}"
-    - "{{ matrix_nginx_proxy_confd_path }}"
+    - {path: "{{ matrix_nginx_proxy_base_path }}", when: true}
+    - {path: "{{ matrix_nginx_proxy_data_path }}", when: true}
+    - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true}
+    - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"}
+  when: item.when|bool
 
 - name: Ensure Matrix nginx-proxy configured (main config override)
   template:

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2

@@ -5,6 +5,9 @@
 {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %}
 {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %}
 {% if matrix_nginx_proxy_synapse_workers_enabled %}
+	{% if matrix_nginx_proxy_synapse_cache_enabled %}
+    	proxy_cache_path  {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m;
+	{% endif %}
 	# Round Robin "upstream" pools for workers
 
 	{% if generic_workers %}
@@ -95,6 +98,14 @@ server {
 				client_body_buffer_size 25M;
 				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
 				proxy_max_temp_file_size 0;
+
+				{% if matrix_nginx_proxy_synapse_cache_enabled %}
+					proxy_buffering        on;
+					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
+					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
+					proxy_force_ranges on;
+					add_header X-Cache-Status $upstream_cache_status;
+				{% endif %}
 			}
 			{% endfor %}
 		{% endif %}
@@ -227,6 +238,14 @@ server {
 				client_body_buffer_size 25M;
 				client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
 				proxy_max_temp_file_size 0;
+
+				{% if matrix_nginx_proxy_synapse_cache_enabled %}
+					proxy_buffering        on;
+					proxy_cache            {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
+					proxy_cache_valid      any  {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
+					proxy_force_ranges on;
+					add_header X-Cache-Status $upstream_cache_status;
+				{% endif %}
 			}
 			{% endfor %}
 		{% endif %}

roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2

@@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
+			{% if matrix_nginx_proxy_synapse_cache_enabled %}
+			--tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\
+			{% endif %}
 			--network={{ matrix_docker_network }} \
 			{% if matrix_nginx_proxy_container_http_host_bind_port %}
 			-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \

roles/matrix-prometheus/tasks/setup_install.yml

@@ -32,6 +32,10 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   when: "matrix_prometheus_scraper_synapse_rules_enabled|bool"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - name: Ensure prometheus.yml installed
   copy:

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.56.0
+matrix_synapse_version: v1.57.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml

@@ -8,6 +8,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_modules: |

roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -13,6 +13,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_password_providers_enabled: true

roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -18,6 +18,10 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
 
 - set_fact:
     matrix_synapse_modules: |

roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml

@@ -11,17 +11,17 @@
 
 - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 300
+    matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800
   when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_compress_room_time: 1800
+    matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600
   when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided
   set_fact:
-    matrix_synapse_rust_synapse_compress_state_psql_import_time: 1800
+    matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600
   when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''"
 
 - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided

setup.yml

@@ -14,7 +14,6 @@
     - matrix-postgres
     - matrix-redis
     - matrix-corporal
-    - matrix-backup-borg
     - matrix-bridge-appservice-discord
     - matrix-bridge-appservice-slack
     - matrix-bridge-appservice-webhooks
@@ -39,6 +38,7 @@
     - matrix-bridge-heisenbridge
     - matrix-bridge-hookshot
     - matrix-bot-matrix-reminder-bot
+    - matrix-bot-matrix-registration-bot
     - matrix-bot-honoroit
     - matrix-bot-go-neb
     - matrix-bot-mjolnir
@@ -63,6 +63,7 @@
     - matrix-aux
     - matrix-postgres-backup
     - matrix-prometheus-postgres-exporter
+    - matrix-backup-borg
     - matrix-common-after
 
   tasks: