meta: move inventory structure to be more usable

.github/renovate.json

@@ -1,17 +1,12 @@
 {
 	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
 	"extends": [
-		"config:recommended"
+		"config:base"
 	],
-	"labels": [
+	"labels": ["dependencies"],
-		"dependencies"
+	"regexManagers": [
-	],
-	"customManagers": [
 		{
-			"customType": "regex",
+			"fileMatch": ["defaults/main.yml$"],
-			"fileMatch": [
-				"defaults/main.yml$"
-			],
 			"matchStrings": [
 				"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
 			]
@@ -19,11 +14,11 @@
 	],
 	"packageRules": [
 		{
-			"ignoreUnstable": false,
+			"matchSourceUrlPrefixes": [
-			"matchSourceUrls": [
+				"https://github.com/devture/com.devture.ansible.role",
-				"https://github.com/devture/com.devture.ansible.role{/,}**",
+				"https://github.com/mother-of-all-self-hosting"
-				"https://github.com/mother-of-all-self-hosting{/,}**"
+			],
-			]
+			"ignoreUnstable": false
 		}
 	],
 	"ignoreDeps": [

.github/workflows/lock-threads.yml

@@ -1,29 +0,0 @@
-# SPDX-FileCopyrightText: 2017 - 2023 Armin Sebastian
-#
-# SPDX-License-Identifier: MIT
-
----
-name: 'Lock Threads'
-on:  # yamllint disable-line rule:truthy
-  # Use this to do a dry run from a pull request
-  # pull_request:
-  schedule:
-    - cron: '0 * * * *'
-  workflow_dispatch:
-
-permissions:
-  issues: write
-  pull-requests: write
-
-concurrency:
-  group: lock-threads
-
-jobs:
-  action:
-    if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: dessant/lock-threads@v5
-        with:
-          add-issue-labels: 'outdated'
-          process-only: 'issues, prs'

LICENSES/MIT.txt

@@ -1,18 +0,0 @@
-MIT License
-
-Copyright (c) <year> <copyright holders>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
-associated documentation files (the "Software"), to deal in the Software without restriction, including 
-without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
-copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the 
-following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial 
-portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
-LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
-EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 
-USE OR OTHER DEALINGS IN THE SOFTWARE.

docs/configuring-playbook-dynamic-dns.md

@@ -14,7 +14,7 @@ Most cloud providers / ISPs will charge you extra for a static IP address. If yo
 
 ## Prerequisite
 
-You'll need to authenticate with your DNS provider somehow, in most cases this is simply a username and password but can differ from provider to provider. Please consult with your providers documentation and the upstream [ddclient documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in) to determine what you'll need to provide to authenticate.
+You'll need to get a username and password from your DNS provider. Please consult with the provider about how to retrieve them.
 
 ## Adjusting the playbook configuration
 
@@ -31,8 +31,6 @@ matrix_dynamic_dns_domain_configurations:
     domain: "{{ matrix_domain }}"
 ```
 
-Keep in mind that certain providers may require a different configuration of the `matrix_dynamic_dns_domain_configurations` variable, for provider specific examples see the [upstream documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in).
-
 ### Extending the configuration
 
 There are some additional things you may wish to configure about the component.
@@ -59,8 +57,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
 Additional resources:
 
 - https://matrix.org/docs/guides/free-small-matrix-server
-- https://github.com/linuxserver/docker-ddclient
 
 ## Troubleshooting
 
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dynamic-dns`. However, due to an [upstream issue](https://github.com/linuxserver/docker-ddclient/issues/54#issuecomment-1153143132) the logging output is not always complete. For advanced debugging purposes running the `ddclient` tool outside of the container is useful via the following: `ddclient -file ./ddclient.conf -daemon=0 -debug -verbose -noquiet`.
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dynamic-dns`.

docs/configuring-playbook-livekit-server.md

@@ -25,14 +25,4 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
 
 - `7882/udp`: ICE/UDP Mux
 
-- `3479/udp`: TURN/UDP. Also see the [Limitations](#limitations) section below.
-
-- `5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below.
-
 💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
-
-## Limitations
-
-For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
-
-It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).

docs/configuring-playbook-synapse-auto-compressor.md

@@ -24,15 +24,12 @@ matrix_synapse_auto_compressor_enabled: true
 
 ### Edit the schedule (optional)
 
-By default the task will around 0 a.m. every day based on the `matrix_synapse_auto_compressor_schedule` variable with a randomized delay of 6 hours (controlled by the `matrix_synapse_auto_compressor_schedule_randomized_delay_sec` variable). It is defined in the format of systemd timer calendar.
+By default the task will run 0 a.m. every day based on the `matrix_synapse_auto_compressor_schedule` variable. It is defined in the format of systemd timer calendar.
 
 To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):
 
 ```yaml
 matrix_synapse_auto_compressor_schedule: "*-*-* 00:00:00"
-
-# Consider adjusting the randomized delay or setting it to 0 to disable randomized delays.
-# matrix_synapse_auto_compressor_schedule_randomized_delay_sec: 6h
 ```
 
 ### Extending the configuration

docs/prerequisites.md

@@ -59,10 +59,10 @@ We will be using `example.com` as the domain in the following instruction. Pleas
 
   - `80/tcp`: HTTP webserver
   - `443/tcp` and `443/udp`: HTTPS webserver
-  - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
+  - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
-  - `3478/udp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
+  - `3478/udp`: STUN/TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
-  - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
+  - `5349/tcp`: TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
-  - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
+  - `5349/udp`: TURN over UDP (used by [coturn](./docs/configuring-playbook-turn.md))
   - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
   - the range `49152-49172/udp`: TURN over UDP
   - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.

group_vars/matrix_servers

@@ -3568,8 +3568,10 @@ matrix_coturn_container_additional_volumes: |
     )
   }}
 
-matrix_coturn_systemd_required_services_list_auto: |
+matrix_coturn_systemd_required_services_list: |
   {{
+    [devture_systemd_docker_base_docker_service_name]
+    +
     ([traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
   }}
 
@@ -5597,7 +5599,7 @@ grafana_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_prim
 
 grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
 
-grafana_provisioning_datasources_datasources: |
+grafana_provisioning_datasources: |
   {{
     ([{
       'name': (matrix_server_fqn_matrix + ' - Prometheus'),
@@ -6314,38 +6316,11 @@ livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm6
 livekit_server_container_network: "{{ matrix_addons_container_network }}"
 livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
 
-livekit_server_container_additional_volumes_auto: |
-  {{
-    (
-      [
-       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + livekit_server_config_turn_domain + '/certificate.crt'),
-         'dst': livekit_server_config_turn_cert_file,
-         'options': 'ro',
-       },
-       {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + livekit_server_config_turn_domain + '/privatekey.key'),
-         'dst': livekit_server_config_turn_key_file,
-         'options': 'ro',
-       },
-      ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled and (livekit_server_config_turn_cert_file and livekit_server_config_turn_key_file)) else []
-    )
-  }}
-
 livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
 livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
 
-livekit_server_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
-livekit_server_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
-
-livekit_server_metrics_proxying_enabled: "{{ livekit_server_config_prometheus_enabled and matrix_metrics_exposure_enabled }}"
-livekit_server_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
-livekit_server_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/livekit-server"
-
-livekit_server_config_prometheus_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
-
 livekit_server_config_keys_auto: |-
   {{
     {}
@@ -6365,33 +6340,6 @@ livekit_server_config_turn_tls_port: 5350
 # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
 livekit_server_config_turn_udp_port: 3479
 
-# LiveKit's TURN implementation requires SSL certificates.
-# We only enable it if we can provide them automatically via Traefik + Traefik Certs Dumper.
-livekit_server_config_turn_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled }}"
-
-livekit_server_config_turn_cert_file: |-
-  {{
-    {
-      'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
-      'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
-      'none': '',
-    }[matrix_playbook_reverse_proxy_type]
-  }}
-
-livekit_server_config_turn_key_file: |-
-  {{
-    {
-      'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
-      'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
-      'none': '',
-    }[matrix_playbook_reverse_proxy_type]
-  }}
-
-livekit_server_systemd_required_services_list_auto: |
-  {{
-    ([traefik_certs_dumper_identifier + '-wait-for-domain@' + livekit_server_config_turn_domain + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled else [])
-  }}
-
 ########################################################################
 #                                                                      #
 # /livekit-server                                                      #

requirements.yml

@@ -4,7 +4,7 @@
   version: v1.0.0-5
   name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
-  version: v1.4.0-1.9.13-1
+  version: v1.4.0-1.9.13-0
   name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
   version: v0.3.0-4
@@ -16,22 +16,22 @@
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.3.0-0
+  version: v2.2.7-4
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
   version: v4.98.1-r0-2-0
   name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.0-0
+  version: v11.5.2-2
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10169-0
+  version: v10133-1-0
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.8.4-5
+  version: v1.8.4-2
   name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.11.0-5
+  version: v2.11.0-4
   name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: 201c939eed363de269a83ba29784fc3244846048
@@ -52,7 +52,7 @@
   version: v2.55.1-3
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.9.1-0
+  version: v1.8.2-5
   name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
   version: v0.14.0-9
@@ -67,7 +67,7 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.3.5-0
+  version: v3.3.4-1
   name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
   version: v2.10.0-0

roles/custom/matrix-bot-baibot/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.5.1
+matrix_bot_baibot_version: v1.5.0
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2

@@ -13,8 +13,6 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-googlechat 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \

roles/custom/matrix-cactus-comments-client/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.36.1
+matrix_cactus_comments_client_version: 2.36.0
 
 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"

roles/custom/matrix-client-cinny/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
 # renovate: datasource=docker depName=ajbura/cinny
-matrix_client_cinny_version: v4.6.0
+matrix_client_cinny_version: v4.5.1
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}"
 matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"

roles/custom/matrix-client-element/defaults/main.yml

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.11.97
+matrix_client_element_version: v1.11.96
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"
@@ -113,7 +113,10 @@ matrix_client_element_systemd_required_services_list: "{{ [devture_systemd_docke
 # Controls the healthcheck command for the container.
 #
 # Leave empty to use the default (upstream) command.
-matrix_client_element_container_healthcheck_cmd: ""
+#
+# The default command is a patch until https://github.com/element-hq/element-web/pull/29471
+# lands in a release.
+matrix_client_element_container_healthcheck_cmd: "wget -q --spider http://localhost:$ELEMENT_WEB_PORT/config.json"
 
 # Specifies the value of the `X-XSS-Protection` header
 # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

roles/custom/matrix-coturn/defaults/main.yml

@@ -56,10 +56,7 @@ matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"
 matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
 
 # List of systemd services that matrix-coturn.service depends on
-matrix_coturn_systemd_required_services_list: "{{ matrix_coturn_systemd_required_services_list_default + matrix_coturn_systemd_required_services_list_auto + matrix_coturn_systemd_required_services_list_custom }}"
+matrix_coturn_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_coturn_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_coturn_systemd_required_services_list_auto: []
-matrix_coturn_systemd_required_services_list_custom: []
 
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically at runtime. You can provide a different default value,

roles/custom/matrix-dynamic-dns/defaults/main.yml

@@ -55,18 +55,6 @@ matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
 matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
 matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"
 
-# Config options
-matrix_dynamic_dns_use: "web"
-
-# The endpoint to use to determine your external IP
-matrix_dynamic_dns_web: "https://cloudflare.com/cdn-cgi/trace"
-
-# The field to extract the IP from
-# If your endpoint defined in `matrix_dynamic_dns_web` doesn't need this, just set it to ""
-matrix_dynamic_dns_web_skip: "ip="
-
-matrix_dynamic_dns_additional_configuration_blocks: []
-
 # Holds the configurations (the domains to update DNS for, the providers they use, etc.)
 #
 # Example:
@@ -77,3 +65,7 @@ matrix_dynamic_dns_additional_configuration_blocks: []
 #     password: XXXXXXXXXXXXXXXX
 #     domain: "{{ matrix_domain }}"
 matrix_dynamic_dns_domain_configurations: []
+
+# Config options
+matrix_dynamic_dns_additional_configuration_blocks: []
+matrix_dynamic_dns_use: "web"

roles/custom/matrix-dynamic-dns/tasks/validate_config.yml

@@ -14,8 +14,8 @@
 - name: Fail if required matrix-dynamic-dns settings not defined in configuration blocks
   ansible.builtin.fail:
     msg: >-
-      One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, protocol).
+      One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol).
-  when: "'domain' not in configuration or 'protocol' not in configuration"
+  when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration"
   with_items: "{{ matrix_dynamic_dns_domain_configurations }}"
   loop_control:
     loop_var: configuration

roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2

@@ -10,57 +10,24 @@ syslog=no
 pid=/var/run/ddclient/ddclient.pid
 ssl=yes
 use={{ matrix_dynamic_dns_use }}
-web='{{ matrix_dynamic_dns_web }}'
-{% if matrix_dynamic_dns_web_skip %}
-web-skip='{{ matrix_dynamic_dns_web_skip }}'
-{% endif %}
-
-{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
-{{ matrix_dynamic_dns_additional_configuration }}
-{% endfor %}
 
 {% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %}
 protocol={{ dynamic_dns_domain_configuration.protocol }}
-
+server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %}
-{% if 'provider' in dynamic_dns_domain_configuration %}
+login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %}
-server={{ dynamic_dns_domain_configuration.provider }}
+password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %}
-{% endif %}
+static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %}
-
+custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %}
-{% if 'username' in dynamic_dns_domain_configuration %}
+zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %}
-login='{{ dynamic_dns_domain_configuration.username }}'
+ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %}
-{% endif %}
+mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %}
-
+wildcard=yes {% endif %}
-{% if 'password' in dynamic_dns_domain_configuration %}
-password='{{ dynamic_dns_domain_configuration.password }}'
-{% endif %}
-
-{% if 'static' in dynamic_dns_domain_configuration %}
-static=yes
-{% endif %}
-
-{% if 'custom' in dynamic_dns_domain_configuration %}
-custom=yes
-{% endif %}
-
-{% if 'zone' in dynamic_dns_domain_configuration %}
-zone={{ dynamic_dns_domain_configuration.zone }}
-{% endif %}
-
-{% if 'ttl' in dynamic_dns_domain_configuration %}
-ttl={{ dynamic_dns_domain_configuration.ttl }}
-{% endif %}
-
-{% if 'mx' in dynamic_dns_domain_configuration %}
-mx={{ dynamic_dns_domain_configuration.mx }}
-{% endif %}
-
-{% if 'wildcard' in dynamic_dns_domain_configuration %}
-wildcard=yes
-{% endif %}
-
-{% if 'script' in dynamic_dns_domain_configuration %}
-script={{ dynamic_dns_domain_configuration.script }}
-{% endif %}
-
 {{ dynamic_dns_domain_configuration.domain }}
+
+{% endfor %}
+
+
+{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
+{{ matrix_dynamic_dns_additional_configuration }}
+
 {% endfor %}

roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2

@@ -23,7 +23,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--network={{ matrix_dynamic_dns_container_network }} \
   			-e PUID={{ matrix_user_uid }} \
   			-e PGID={{ matrix_user_gid }} \
-			--mount type=bind,src={{ matrix_dynamic_dns_config_path }},dst=/config \
+			--mount type=bind,src={{ matrix_dynamic_dns_config_path }},dst=/config/ddclient \
 			{% for arg in matrix_dynamic_dns_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}

roles/custom/matrix-element-call/defaults/main.yml

@@ -12,7 +12,7 @@
 matrix_element_call_enabled: false
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
-matrix_element_call_version: v0.9.0
+matrix_element_call_version: v0.8.0
 
 matrix_element_call_scheme: https
 

roles/custom/matrix-livekit-jwt-service/defaults/main.yml

@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.2.3
+matrix_livekit_jwt_service_version: 0.2.1
 
 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"

roles/custom/matrix-static-files/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.36.1
+matrix_static_files_version: 2.36.0
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"

roles/custom/matrix-synapse-auto-compressor/defaults/main.yml

@@ -64,14 +64,9 @@ matrix_synapse_auto_compressor_database_name: 'synapse'
 # connection string to synapse database (postgres only)
 matrix_synapse_auto_compressor_synapse_database: 'postgres://{{ matrix_synapse_auto_compressor_database_username | urlencode() }}:{{ matrix_synapse_auto_compressor_database_password | urlencode() }}@{{ matrix_synapse_auto_compressor_database_hostname }}:{{ matrix_synapse_auto_compressor_database_port }}/{{ matrix_synapse_auto_compressor_database_name }}'
 
-# Controls the `OnCalendar` configuration for the compressor job.
+# systemd calendar configuration for the compressor job
-# Also see: `matrix_synapse_auto_compressor_schedule_randomized_delay_sec`
 matrix_synapse_auto_compressor_schedule: "*-*-* 00:00:00"
 
-# The `RandomizedDelaySec` delay (in seconds or as a systemd time string) to randomize the `OnCalendar` start time (`matrix_synapse_auto_compressor_schedule`) of the compressor job.
-# This can be set to 0 to disable randomized delays.
-matrix_synapse_auto_compressor_schedule_randomized_delay_sec: 6h
-
 # The number of state groups to work on at once.
 # All of the entries from state_groups_state are requested from the database for state groups that are worked on.
 # Therefore small chunk sizes may be needed on machines with low memory.

roles/custom/matrix-synapse-auto-compressor/templates/matrix-synapse-auto-compressor.timer.j2

@@ -11,7 +11,6 @@ Description=Synapse State Auto Compressor Timer
 [Timer]
 Unit=matrix-synapse-auto-compressor.service
 OnCalendar={{ matrix_synapse_auto_compressor_schedule }}
-RandomizedDelaySec={{ matrix_synapse_auto_compressor_schedule_randomized_delay_sec }}
 
 [Install]
 WantedBy=timers.target

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.128.0
+matrix_synapse_version: v1.127.1
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''

roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2

@@ -1,43 +1,4 @@
 #jinja2: lstrip_blocks: "True"
-{% if matrix_synapse_container_image_customizations_templates_enabled %}
-FROM {{ matrix_synapse_docker_image }} AS templates-builder
-
-{#
-This ugly script below does quite a lot:
-	- installs git and other dependencies temporarily, just so we could do a shallow-clone
-	- prepare the SSH config: keyscanning (if enabled), private key (if enabled)
-	- performs a git shallow clone with just the branch we need
-	- makes sure the files are owned by the user that will actually run the container later
-#}
-{% set dependencies = ['git', 'ssh', 'openssh-client'] %}
-{% if matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key %}
-RUN echo '{{ matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key | b64encode }}' | base64 -d > /custom-templates-private-key
-RUN chmod 400 /custom-templates-private-key
-{% endif %}
-
-RUN apt-get update && apt-get install --no-install-recommends -y {{ dependencies | join(' ') }}
-
-{% if matrix_synapse_container_image_customizations_templates_git_repository_keyscan_enabled %}
-RUN mkdir ~/.ssh
-RUN chmod 700 ~/.ssh
-RUN ssh-keyscan -t rsa {{ matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname }} >> ~/.ssh/known_hosts
-{% endif %}
-
-RUN {% if matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key %}GIT_SSH_COMMAND='ssh -i /custom-templates-private-key'{% endif %} git \
-	clone \
-		--branch={{ matrix_synapse_container_image_customizations_templates_git_repository_branch }} \
-		--depth=1 \
-		--single-branch \
-		--no-tags \
-		{{ matrix_synapse_container_image_customizations_templates_git_repository_url }} \
-		{{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}
-
-RUN /bin/sh -c 'cd {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} && git rev-parse HEAD > git-revision.txt'
-RUN rm -rf {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}/.git
-
-RUN chown -R {{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}
-{% endif %}
-
 FROM {{ matrix_synapse_docker_image }}
 
 {% if matrix_synapse_container_image_customizations_auto_accept_invite_installation_enabled %}
@@ -53,7 +14,46 @@ RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_st
 {% endif %}
 
 {% if matrix_synapse_container_image_customizations_templates_enabled %}
-COPY --from=templates-builder {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}
+{#
+This ugly script below does quite a lot:
+	- installs git and other dependencies temporarily, just so we could do a shallow-clone
+	- prepare the SSH config: keyscanning (if enabled), private key (if enabled)
+	- performs a git shallow clone with just the branch we need
+	- makes sure the files are owned by the user that will actually run the container later
+	- removes the `.git` directory to save space, but keeps git revision in `git-revision.txt`, should we need it for debugging
+	- finally, verifies that the templates path can indeed be found within the base path (sanity check)
+#}
+{% set dependencies = ['git', 'ssh', 'openssh-client'] %}
+RUN \
+	{% if matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key %}
+	echo '{{ matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key | b64encode }}' | base64 -d > /custom-templates-private-key && \
+	chmod 400 /custom-templates-private-key && \
+	{% endif %}
+	apt-get update && \
+	apt-get install --no-install-recommends -y {{ dependencies | join(' ') }} && \
+	{% if matrix_synapse_container_image_customizations_templates_git_repository_keyscan_enabled %}
+	mkdir ~/.ssh && \
+	chmod 700 ~/.ssh && \
+	ssh-keyscan -t rsa {{ matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname }} >> ~/.ssh/known_hosts && \
+	{% endif %}
+	{% if matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key %}GIT_SSH_COMMAND='ssh -i /custom-templates-private-key'{% endif %} git \
+		clone \
+			--branch={{ matrix_synapse_container_image_customizations_templates_git_repository_branch }} \
+			--depth=1 \
+			--single-branch \
+			--no-tags \
+			{{ matrix_synapse_container_image_customizations_templates_git_repository_url }} \
+			{{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} && \
+	/bin/sh -c 'cd {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} && git rev-parse HEAD > git-revision.txt' && \
+	rm -rf {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}/.git && \
+	chown -R {{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }} && \
+	apt-get autoremove -y {{ dependencies | join(' ') }} && \
+	{% if matrix_synapse_container_image_customizations_templates_git_repository_ssh_private_key %}
+	rm /custom-templates-private-key && \
+	{% endif %}
+	true
+
+RUN /bin/sh -c 'stat {{ matrix_synapse_container_image_customizations_templates_in_container_base_path }}/{{ matrix_synapse_container_image_customizations_templates_in_container_template_files_relative_path }} || exit 1'
 {% endif %}
 
 {{ matrix_synapse_container_image_customizations_dockerfile_body_custom }}