fix: broken rhel/fedora tasks disabled

Bridge mautrix signal and mautrix whatsapp encryption

.gitignore

@@ -1,7 +1,3 @@
-/inventory/*
-!/inventory/.gitkeep
-!/inventory/host_vars/.gitkeep
-!/inventory/scripts
 /roles/*/files/scratchpad
 .DS_Store
 .python-version

ansible.cfg

@@ -1,6 +1,11 @@
 [defaults]
+
+vault_password_file = gpg/open_vault.sh
+
 retry_files_enabled = False
 stdout_callback = yaml
 
+inventory = inventory/hosts
+
 [connection]
 pipelining = True

docs/configuring-playbook-bridge-hookshot.md

@@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
-5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
+5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
 
 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
 
@@ -26,7 +26,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 
 | listener | default path | variable | used as |
 |---|---|---|---|
-| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. |
+| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
 | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
 | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |

docs/configuring-well-known.md

@@ -46,7 +46,7 @@ If you decide to go this route, you don't need to read ahead in this document. W
 
 If you're managing the base domain by yourself somehow, you'll need to set up serving of some `/.well-known/matrix/*` files from it via HTTPS.
 
-To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
+To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server. The files are generated at `/matrix/static-files/.well-known/matrix/` and hosted at `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`, even though this is the wrong place to host them.
 
 You have 3 options when it comes to installing the files on the base domain's server:
 
@@ -98,16 +98,15 @@ server {
 }
 ```
 
-**For Apache**, it would be something like this:
+**For Apache2**, it would be something like this:
 
 ```apache
 <VirtualHost *:443>
 	ServerName DOMAIN
 
 	SSLProxyEngine on
-	<Location /.well-known/matrix>
-		ProxyPass "https://matrix.DOMAIN/.well-known/matrix"
-	</Location>
+	ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
+	ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon
 
 	# other configuration
 </VirtualHost>
@@ -116,8 +115,22 @@ server {
 **For Caddy 2**, it would be something like this:
 
 ```caddy
-reverse_proxy /.well-known/matrix/* https://matrix.DOMAIN {
+DOMAIN.com {
+   @wellknown {
+         path /.well-known/matrix/*:x
+   }
+
+   handle @wellknown {
+      reverse_proxy https://matrix.DOMAIN.com {
           header_up Host {http.reverse_proxy.upstream.hostport}
+      }
+   }
+    # Configration for the base domain goes here
+  # handle {
+  #    header -Server
+  #     encode zstd gzip
+  #    reverse_proxy localhost:4020
+  # }
 }
 ```
 

docs/prerequisites.md

@@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 
 - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
 
+- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
+
 - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
 
 - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).

examples/caddy2/Caddyfile

@@ -214,3 +214,21 @@ element.DOMAIN.tld {
 #        }
 #  }
 #}
+#DOMAIN.com {
+# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
+#    @wellknown {
+#        path /.well-known/matrix/*
+#    }
+#
+#    handle @wellknown {
+#        reverse_proxy https://matrix.DOMAIN.com {
+#            header_up Host {http.reverse_proxy.upstream.hostport}
+#        }
+#    }
+#    # Configration for the base domain goes here
+#   # handle {
+#   #    header -Server
+#   #     encode zstd gzip
+#   #    reverse_proxy localhost:4020
+#   # }
+#}

gpg/open_vault.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e -u
+
+gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

gpg/vault_passphrase.gpg

@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
+iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
+foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
+C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
+luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
++rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
+RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
+4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
+0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
+eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
+ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
+jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
+anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
+yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
+=Cecg
+-----END PGP MESSAGE-----

group_vars/matrix_servers

@@ -1495,7 +1495,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
     }[matrix_homeserver_implementation]|int
   }}
 
-matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_bot_matrix_registration_bot_enabled }}"
 
 matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_server_fqn_element if matrix_client_element_enabled else '' }}"
 

inventory/host_vars/matrix.finallycoffee.eu/vars.yml

@@ -0,0 +1,370 @@
+#
+# General config
+# Domain of the matrix server and SSL config
+#
+matrix_domain: finallycoffee.eu
+
+matrix_ssl_retrieval_method: none
+matrix_nginx_proxy_enabled: true
+matrix_nginx_proxy_https_enabled: false
+matrix_nginx_proxy_container_http_host_bind_port: "127.0.10.1:8080"
+matrix_nginx_proxy_container_federation_host_bind_port: "127.0.10.1:8448"
+matrix_nginx_proxy_trust_forwarded_proto: true
+matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
+
+matrix_nginx_proxy_proxy_synapse_metrics: true
+
+matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
+matrix_server_fqn_element: "chat.{{ matrix_domain }}"
+matrix_docker_installation_enabled: false
+
+web_user: "web"
+revproxy_autoload_dir: "/vault/services/web/sites.d"
+
+#matrix_client_element_version: v1.8.4
+#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
+#matrix_mautrix_telegram_version: v0.10.0
+
+#
+# General Synapse config
+#
+matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
+# A secret used to protect access keys issued by the server.
+matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
+# Make synapse accept larger media aswell
+matrix_synapse_max_upload_size_mb: 200
+# Enable metrics at (default) :9100/_synapse/metrics
+matrix_synapse_metrics_enabled: true
+matrix_synapse_enable_group_creation: true
+matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+matrix_synapse_turn_uris:
+  - "turn:voip.matrix.finallycoffee.eu?transport=udp"
+  - "turn:voip.matrix.finallycoffee.eu?transport=tcp"
+# Auto-join all users into those rooms
+matrix_synapse_auto_join_rooms:
+  - "#welcome:finallycoffee.eu"
+  - "#announcements:finallycoffee.eu"
+
+## Synapse rate limits
+matrix_synapse_rc_federation:
+  window_size: 1000
+  sleep_limit: 25
+  sleep_delay: 500
+  reject_limit: 50
+  concurrent: 5
+matrix_synapse_rc_message:
+  per_second: 0.5
+  burst_count: 25
+
+## Synapse cache tuning
+matrix_synapse_caches_global_factor: 1.5
+matrix_synapse_event_cache_size: "300K"
+
+## Synapse workers
+matrix_synapse_workers_enabled: true
+matrix_synapse_workers_preset: "little-federation-helper"
+matrix_synapse_workers_generic_workers_count: 2
+matrix_synapse_workers_media_repository_workers_count: 2
+matrix_synapse_workers_federation_sender_workers_count: 3
+matrix_synapse_workers_pusher_workers_count: 1
+matrix_synapse_workers_appservice_workers_count: 1
+
+# Static secret auth for matrix-synapse-shared-secret-auth
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+matrix_synapse_ext_password_provider_rest_auth_enabled: true
+matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
+matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
+matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
+matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
+
+# Enable experimental spaces support
+matrix_synapse_configuration_extension_yaml: |
+  database:
+    args:
+      cp_max: 20
+  experimental_features:
+    spaces_enabled: true
+  caches:
+    per_cache_factors:
+      device_id_exists: 3
+      get_users_in_room: 4
+      _get_joined_users_from_context: 4
+      _get_joined_profile_from_event_id: 3
+      "*stateGroupMembersCache*": 2
+      _matches_user_in_member_list: 3
+      get_users_who_share_room_with_user: 3
+      is_interested_in_room: 2
+      get_user_by_id: 1.5
+      room_push_rule_cache: 1.5
+    expire_caches: true
+    cache_entry_ttl: 45m
+    sync_response_cache_duration: 2m
+  
+
+#
+# synapse-admin tool
+#
+matrix_synapse_admin_enabled: true
+matrix_synapse_admin_container_http_host_bind_port: 8985
+
+
+#
+# VoIP / CoTURN config
+#
+# A shared secret (between Synapse and Coturn) used for authentication.
+matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
+# Disable coturn, as we use own instance
+matrix_coturn_enabled: false
+
+
+#
+# dimension (integration manager) config
+#
+matrix_dimension_enabled: true
+matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
+matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
+matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
+matrix_dimension_configuration_extension_yaml: |
+    telegram:
+        botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
+
+
+#
+# mautrix-whatsapp config
+#
+matrix_mautrix_whatsapp_enabled: true
+matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
+matrix_mautrix_whatsapp_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_whatsapp_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
+        max_connection_attempts: 5
+        connection_timeout: 30
+        contact_wait_delay: 5
+        private_chat_portal_meta: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+    logging:
+        print_level: info
+    metrics:
+        enabled: true
+        listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+    whatsapp:
+        os_name: Linux mautrix-whatsapp
+        browser_name: Chrome
+
+
+#
+# mautrix-telegram config
+#
+matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
+matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
+matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
+matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
+matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
+matrix_mautrix_telegram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
+matrix_mautrix_telegram_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Telegram)"
+        parallel_file_transfer: false
+        inline_images: false
+        image_as_file_size: 20
+        delivery_receipts: true
+        login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+        animated_sticker:
+            target: webm
+        encryption:
+            allow: true
+            default: true
+        permissions:
+            "@transcaffeine:finallycoffee.eu": "admin"
+            "gruenhage.xyz": "full"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+#        permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
+
+
+#
+# mautrix-signal config
+#
+matrix_mautrix_signal_enabled: true
+matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
+matrix_mautrix_signal_container_extra_arguments:
+    - "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
+matrix_mautrix_signal_configuration_extension_yaml: |
+    bridge:
+        displayname_template: "{displayname} (via Signal)"
+        community_id: "+signal:finallycoffee.eu"
+        encryption:
+            allow: true
+            default: true
+            key_sharing:
+                allow: true
+                require_verification: false
+        delivery_receipts: true
+        permissions:
+          "@ilosai:fairydust.space": "user"
+    logging:
+        root:
+            level: INFO
+    metrics:
+        enabled: true
+        listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+
+
+#
+# mx-puppet-instagram configuration
+#
+matrix_mx_puppet_instagram_enabled: true
+matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
+matrix_mx_puppet_instagram_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_instagram_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-skype configuration
+#
+matrix_mx_puppet_skype_enabled: true
+matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
+matrix_mx_puppet_skype_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_skype_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+        path: /metrics
+
+
+#
+# mx-puppet-discord configuration
+#
+matrix_mx_puppet_discord_enabled: true
+matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
+matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
+matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
+matrix_mx_puppet_discord_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
+matrix_mx_puppet_discord_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+        avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# mx-puppet-slack configuration
+#
+matrix_mx_puppet_slack_enabled: true
+matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
+matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
+matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
+matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
+matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
+matrix_mx_puppet_slack_container_extra_arguments:
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
+  - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
+matrix_mx_puppet_slack_configuration_extension_yaml: |
+    bridge:
+        enableGroupSync: true
+    metrics:
+        enabled: true
+        port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+        path: /metrics
+    limits:
+        maxAutojoinUsers: 500
+        roomUserAutojoinDelay: 50
+    presence:
+        enabled: true
+        interval: 3000
+
+
+#
+# Element web configuration
+#
+# Branding config
+matrix_client_element_brand: "Chat"
+matrix_client_element_default_theme: "dark"
+matrix_client_element_themes_enabled: true
+matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
+matrix_client_element_welcome_text: |
+    Decentralised, encrypted chat &amp; collaboration,<br />
+    hosted on finallycoffee.eu, powered by element.io &amp;
+    <a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
+      <img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
+    </a>
+matrix_client_element_welcome_logo: "welcome/images/logo.png"
+matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
+matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
+matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
+matrix_client_element_container_extra_arguments:
+  - "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
+  - "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
+# Integration and capabilites config
+matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
+matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
+matrix_client_element_integrations_widgets_urls:
+  - "https://{{ matrix_server_fqn_dimension }}/widgets"
+  - "https://scalar.vector.im/api"
+matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
+matrix_client_element_disable_custom_urls: false
+matrix_client_element_roomdir_servers:
+  - "matrix.org"
+  - "finallycoffee.eu"
+  - "entropia.de"
+matrix_client_element_enable_presence_by_hs_url:
+  https://matrix.org: false
+
+
+# Matrix ma1sd extended configuration
+matrix_ma1sd_configuration_extension_yaml: |
+    hashing:
+      enabled: true
+      pepperLength: 20
+      rotationPolicy: per_requests
+      requests: 10
+      hashStorageType: sql
+      algorithms:
+          - none
+          - sha256
+
+
+# Matrix mail notification relay setup
+matrix_mailer_enabled: true
+matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
+matrix_mailer_relay_use: true
+matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
+matrix_mailer_relay_host_port: 587
+matrix_mailer_relay_auth: true
+matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
+matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

inventory/host_vars/matrix.finallycoffee.eu/vault.yml

@@ -0,0 +1,100 @@
+$ANSIBLE_VAULT;1.1;AES256
+39366364363633336238333130353832663162393038633665396333343732353964333363666539
+6562346632343235623835643735386434316666393234360a383634616537393134613631383836
+61333835363666623033306166376232303930306433343366373463653234623736643633383734
+3330333665383539650a383132353032386230393031626361343764323034386230363066306331
+34646236336262623435633566363033613737373064616266336237343233663066396163373034
+62303765353066653737366539626461636531636438323932333134363136363134646164646531
+63656638666233313437663261396665653736373164323433306435323336633938313164646264
+33653661633965363833393031616463633761356234633630643562306366653133366637346166
+38636433343736343461613731623538633361363934343764326466313261353633646230353065
+37366134303164356433333961346663313963626165323966656536313532376162326565383539
+65363333633964323838663461373666353665643236623839646664653661613838353239613137
+39353061323131306365656261343630313665356165623064616436653566373663343733316237
+34393666383465323463313838393465643830373632373938633763666636346539666233303265
+38353337633833373331356663633936326334366337393135653030333531613565643666633038
+64393862303765366632393137313432376563353335353231323464633637343334346634306534
+35613330373336633031376263306466306437656635396133613335386130346163663438386136
+61646437343938663431343736363564376238316666373531616231366132643864346538363866
+35396433366137356162313963666134383134306462313336613735386639363936326131383939
+66623833643433663039623837623133303336666233623935313438366136353332313165333936
+31386632336535383533646639636164313331346630633366383739623261366465656632393062
+63373332623738303364623437666531396331646666336230353333366261653438363861656466
+39333762633037383336393164616563396564383232636533363864636230616664303330323932
+66666234633362346132303932643464366466323535303835363430333737666661373534333934
+61393362616438626636383564613335363634626231663234616438343464383461303632363033
+39336362396339316661323662393665383031643931626333646335643335353661653939363538
+38666561313539613566386132336630643237333432656236356132616230663561343665353938
+33366663353834356434366335373265373439363430636533303933656264366338623232613435
+35356662383232386137313064313363303861326635333435393737643663336534363234623430
+32376432353330613666396337303935376366613564353039396164383361616337656535346166
+34396635356266326461613135303639643935363261396363636338636564643838313262326266
+31663139343336376233303637373864363835313839326433656235616332333134306139623239
+37636639356263646437373362333931613262363363313462666534643765313139386461623731
+33376635653133353033333733613464396632636634313063326363313030376632643863336237
+61636638353237313764313435626463633964643665313536326235343639663137373436303564
+30636232626137376339303238653664346538356430306238633037366332316263623666373062
+63646533646131303466653637346463613237323161313265613834383634626237323563653733
+38656435303264346663663465333966376631666530333833353233376263336436613065366362
+36366263343438393132326661623031316663663231663464383732343064383234616636306530
+66613634626362316533303034393063666632343262613431613635663866636433623535363238
+30643933613731363236346234336662613633323831633437613435326465383530653765616262
+63373538396364316563343365303134373466663639386137663564356532353531343636613135
+63316463353264316164306566326462333732316431643939626161346530636638636662303037
+34346461313961613063336332333934383363373335616636363661396362613661383762663866
+64303834636264376461396266663763336665356561376161333136336638646363313133353161
+31643061623833623239373432633537663664636334623534326639616633616361333834366131
+30376361656238353332656666316637643133623433333861653265636266376639666135383638
+37363337326231656530363536393737383565666266306532626361633633353539363866376534
+61303737326632303762626666306134343837376566343035386663613336626332383035383035
+37633462373066373062313862323766316362393832666466396637363562353865303366323062
+39346332383966313437646138623364656234663066663639663138626163656433363038323166
+65613862386665643438323061323763306635666162303366323131363436633335356332393366
+63373966383132303434633835333438333337303664346335643066623839343835643364306561
+34643336346564363462396330643263653931376664386335313433376332653832323437376135
+35383231386133363236653334393433306638303131323064343931623538323130343666653061
+36353536383632333964343730346265626433303131346531303133663832363036333261386237
+30363361356265356139323761623563396565336137333733656431636531333234323061343862
+33623935346663333735613661363234646234356331323636386637343661373363363261646231
+33643233343235323230393933616664623166666266333862323631653835666135303233653635
+63373061656163353762636531613632366638383366303864343132376162643963366564363563
+61336338613935613532636165383463633866633036393533313433643562313737383431353163
+37623165373933376236393931363939633963666636303136373065376635623761346537643530
+35363464313630376233633863306238616138666464316534363332333937343362343233346431
+34643032323934353939666364323239653932363735373061633434653062326336353239633261
+38306237336266663038656534393664646138343038323335633064616431386666613739326630
+34383963666534313530376331366238343836303036306336343533666332386163643033643138
+33336333333338353733383165306139623964303035653439623131633566356136386431613135
+63616462386639303230343866346631346532353531373132613433363239646330653666633532
+65393766333238383531313132633537633833363335303630376239396565373730646331313633
+30383861303739343265623934643635633361623262356433323035393062353630346430646262
+63303434353038646361353661616339313937323336303566303536366163623362356332383862
+37326333393761633732653264646333653439363039323238383361336233323232613336303464
+34393635633131313135313665363161306466643364393734346264633030373234306466653862
+32336163666435636162343465386633653863363533616339636531306130383331376563393533
+65366136626662343065383164646665613035393636373565346235656439303933343563366339
+36643838393033353033396535613331303031646162316361613564323163633434633861356135
+62343461616335323565636633383962316531316362396165366533346166336163623232366261
+39376230376562626135346333326437373733373266393236383435343562653034313133376236
+61666138346562613330633630373837653465393233613261353937336666646231366666393335
+35393463333936323664323831396639333462626238613164616435363664643438653763623431
+32663237363134353061373563396535653565636431366565386337653863316333343738343432
+62303132636338303462313439376535363063333833363632613832303436353834376561333330
+66633632383135646263626333643230343630326539663762633934316261633062663732373932
+30306438386263626335373838343236643562326135663366353638353163346365396261313133
+36333634306133353235316237343738623263333732343063356238333162323931346664346539
+66323733643061386334306130633537353630663336313966663538373963313435666564316539
+63613030366332363432303036396232306537663765653938353736376135316539613135623632
+66356639623635663365323635646635383638346539323438336261393332373935383536333831
+61306639343061333639336162366536366438356166396266666132303932333037613632623666
+63616662343830303664353931306632323630316162643432653835313962633735626163366332
+34373637633066333432383533316363613031393963373963386161663430623533383165653561
+38343439633066366663643138326264653539336530393932386236366533663935353664343966
+39323161646231353234633961633732613065323039663062313661386565366534623430356632
+64343732336238393262363338363734643639353830646163343361653761633134303163616562
+35633436393832393137383534613031303963613339333566343065336530623964636662353065
+32366630353538383339346465376661323666333234373665613164633866363364613066643034
+37616630366232353166366535633936366536626462353831643335306337353564316461653564
+66663133373466333431336366346435623436656230376232613665633466333463636263373464
+30386434336538303061666566383033616563303564666362346432663130306531613063363537
+646635613236636563666161666630653836

inventory/hosts

@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+31336566376336626265653165306635633033376662656164383037383834653239656136333734
+3833666339393037323035343565343235396163636166370a643933333933386133366564396465
+30393637613164356564393337633361653432333232383664303739363736633435363764343530
+3532313739363963660a343434356534316230623133636366386334323465376139363162616238
+39396638366262313531653635326361616537396338363533303961623165343931373939306239
+31336632643166633662653765333231393461643933306464303165633037343061323636313034
+34376631656563646665373566633431366638383863666130323264316337663237343135306236
+66323536346164663239343139623430303230333466633437643337343930363530653964626163
+38336363633730393136333637383631636266396636646533356262376630646139303636666538
+32366437353163663865623234643061313639646162643965393535353938313133326237313265
+66646163333535396539646461356334633532313530653834623263386265383765356130333466
+30373531306137393935363030313739666536363138363962646565306439393239303030643162
+33333166663430393866666439653532623034396130313066383035396535646633366237303264
+36356665366461323664373038366364623937386233313039323837666333653764616462333365
+31326264633236373937313537633961633164323138356135633765663639323537656263633766
+38653836323263386333376131333330326237393666363064326463663961633839393039323835
+61306265333232623037356465393133323733363634646364336261326333366239346565366338
+61646132333033373866623739343830336164316461646366666237313565626639323537623732
+38323830656136323137323530343764666433633432366136643538323832653130376363653135
+64376261386635636533353961613335663962306337353866616464613636303735336230623962
+3336

roles/matrix-base/tasks/server_base/setup_fedora.yml

@@ -18,6 +18,7 @@
   when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
 
 - name: Ensure yum packages are installed
+  when: false
   yum:
     name:
       - "{{ matrix_ntpd_package }}"

roles/matrix-base/tasks/server_base/setup_redhat.yml

@@ -28,4 +28,4 @@
       - "{{ matrix_docker_package_name }}"
       - docker-python
     state: latest
-  when: matrix_docker_installation_enabled|bool
+  when: matrix_docker_installation_enabled|bool and false

roles/matrix-bot-buscarron/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_bot_buscarron_container_image_self_build: false
 matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 
-matrix_bot_buscarron_version: v1.0.0
+matrix_bot_buscarron_version: v1.1.0
 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@@ -88,6 +88,21 @@ matrix_bot_buscarron_spam_hosts: []
 # spam email addresses
 matrix_bot_buscarron_spam_emails: []
 
+# Ban duration in hours
+matrix_bot_buscarron_ban_duration: 24
+
+# Banlist size
+matrix_bot_buscarron_ban_size: 10000
+
+# Postmark token (confirmation emails)
+matrix_bot_buscarron_pm_token:
+
+# Postmark sender signature
+matrix_bot_buscarron_pm_from:
+
+# Postmark confirmation email's reply-to
+matrix_bot_buscarron_pm_replyto:
+
 # Additional environment variables to pass to the buscarron container
 #
 # Example:

roles/matrix-bot-buscarron/templates/env.j2

@@ -7,12 +7,19 @@ BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
 BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
+BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
+BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
+BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
+BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
+BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
 BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
 BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
 BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
+BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}
+BUSCARRON_{{ form.name|upper }}_CONFIRMATION_BODY={{ form.confirmation_body|default('') }}
 {% endfor %}
 BUSCARRON_LIST={{ forms|join(" ") }}
 

roles/matrix-bridge-appservice-discord/tasks/init.yml

@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-appservice-discord-registration.yaml"] }}
+        ["/matrix-appservice-discord-registration.yaml"]
+      }}
   when: matrix_appservice_discord_enabled|bool

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 
-matrix_appservice_irc_version: release-0.33.0
+matrix_appservice_irc_version: release-0.34.0
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-irc/tasks/init.yml

@@ -21,12 +21,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-appservice-irc-registration.yaml"] }}
+        ["/matrix-appservice-irc-registration.yaml"]
+      }}
   when: matrix_appservice_irc_enabled|bool

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 
-matrix_appservice_slack_version: release-1.10.0
+matrix_appservice_slack_version: release-1.11.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -21,14 +21,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-appservice-slack-registration.yaml"] }}
+        ["/matrix-appservice-slack-registration.yaml"]
+      }}
   when: matrix_appservice_slack_enabled|bool
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.

roles/matrix-bridge-appservice-webhooks/tasks/init.yml

@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-appservice-webhooks-registration.yaml"] }}
+        ["/matrix-appservice-webhooks-registration.yaml"]
+      }}
   when: matrix_appservice_webhooks_enabled|bool
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.

roles/matrix-bridge-beeper-linkedin/tasks/init.yml

@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-beeper-linkedin-registration.yaml"] }}
+        ["/matrix-beeper-linkedin-registration.yaml"]
+      }}
   when: matrix_beeper_linkedin_enabled|bool

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.12.0
+matrix_heisenbridge_version: 1.13.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-heisenbridge/tasks/init.yml

@@ -14,12 +14,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/heisenbridge-registration.yaml"] }}
+        ["/heisenbridge-registration.yaml"]
+      }}
   when: matrix_heisenbridge_enabled|bool

roles/matrix-bridge-hookshot/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
 matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
 matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
 
-matrix_hookshot_version: 1.5.0
+matrix_hookshot_version: 1.7.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -121,6 +121,11 @@ matrix_hookshot_generic_allow_js_transformation_functions: false
 matrix_hookshot_generic_user_id_prefix: '_webhooks_'
 
 
+matrix_hookshot_feeds_enabled: false
+# polling interval in seconds
+matrix_hookshot_feeds_interval: 600
+
+
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_provisioning_port: 9002
 matrix_hookshot_provisioning_secret: ''

roles/matrix-bridge-hookshot/tasks/init.yml

@@ -14,14 +14,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/hookshot-registration.yml"] }}
+        ["/hookshot-registration.yml"]
+      }}
   when: matrix_hookshot_enabled|bool
 
 - block:

roles/matrix-bridge-hookshot/templates/config.yml.j2

@@ -78,6 +78,13 @@ generic:
   allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
   userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
 {% endif %}
+{% if matrix_hookshot_feeds_enabled %}
+feeds:
+  # (Optional) Configure this to enable RSS/Atom feed support
+  #
+  enabled: {{ matrix_hookshot_feeds_enabled }}
+  pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }}
+{% endif %}
 {% if matrix_hookshot_provisioning_enabled %}
 provisioning:
   # (Optional) Provisioning API for integration managers

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
+        ["/matrix-mautrix-facebook-registration.yaml"]
+      }}
   when: matrix_mautrix_facebook_enabled|bool
 
 - block:

roles/matrix-bridge-mautrix-googlechat/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-googlechat-registration.yaml"] }}
+        ["/matrix-mautrix-googlechat-registration.yaml"]
+      }}
   when: matrix_mautrix_googlechat_enabled|bool
 
 - block:

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-hangouts-registration.yaml"] }}
+        ["/matrix-mautrix-hangouts-registration.yaml"]
+      }}
   when: matrix_mautrix_hangouts_enabled|bool
 
 - block:

roles/matrix-bridge-mautrix-instagram/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-instagram-registration.yaml"] }}
+        ["/matrix-mautrix-instagram-registration.yaml"]
+      }}
   when: matrix_mautrix_instagram_enabled|bool

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -127,3 +127,7 @@ matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/regis
 matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml|from_yaml }}"
 
 matrix_mautrix_signal_log_level: 'DEBUG'
+
+matrix_mautrix_signal_bridge_encryption_allow: false
+matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
+matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"

roles/matrix-bridge-mautrix-signal/tasks/init.yml

@@ -7,12 +7,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-signal-registration.yaml"] }}
+        ["/matrix-mautrix-signal-registration.yaml"]
+      }}
   when: matrix_mautrix_signal_enabled|bool

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -152,15 +152,15 @@ bridge:
     # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
-        default: false
+        default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }}
         # Options for automatic key sharing.
         key_sharing:
             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
             # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
+            allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }}
             # Require the requesting device to have a valid cross-signing signature?
             # This doesn't require that the bridge has verified the device, only that the user has verified it.
             # Not yet implemented.

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -118,6 +118,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
 # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
 matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
 
+matrix_mautrix_telegram_sender_localpart: "telegrambot"
+
 matrix_mautrix_telegram_registration_yaml: |
   id: telegram
   as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@@ -131,11 +133,11 @@ matrix_mautrix_telegram_registration_yaml: |
       aliases:
       - exclusive: true
         regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
-  # See https://github.com/mautrix/signal/issues/43
   sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
   url: {{ matrix_mautrix_telegram_appservice_address }}
   rate_limited: false
   de.sorunome.msc2409.push_ephemeral: true
+#  sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
 
 matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
 

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-telegram-registration.yaml"] }}
+        ["/matrix-mautrix-telegram-registration.yaml"]
+      }}
   when: matrix_mautrix_telegram_enabled|bool
 
 - block:

roles/matrix-bridge-mautrix-twitter/tasks/init.yml

@@ -7,14 +7,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-twitter-registration.yaml"] }}
+        ["/matrix-mautrix-twitter-registration.yaml"]
+      }}
   when: matrix_mautrix_twitter_enabled|bool
 
 # ansible lower than 2.8, does not support docker_image build parameters

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: v0.3.1
+matrix_mautrix_whatsapp_version: v0.4.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@@ -123,3 +123,8 @@ matrix_mautrix_whatsapp_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"
+
+# Enable End-to-bridge encryption
+matrix_mautrix_whatsapp_bridge_encryption_allow: false
+matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
+matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"

roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml

@@ -6,12 +6,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
+        ["/matrix-mautrix-whatsapp-registration.yaml"]
+      }}
   when: matrix_mautrix_whatsapp_enabled|bool

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -158,16 +158,16 @@ bridge:
     # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
-        allow: false
+        allow: {{ matrix_mautrix_whatsapp_bridge_encryption_allow|to_json }}
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         # It is recommended to also set private_chat_portal_meta to true when using this.
-        default: false
+        default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }}
         # Options for automatic key sharing.
         key_sharing:
             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
             # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
+            allow: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow|to_json }}
             # Require the requesting device to have a valid cross-signing signature?
             # This doesn't require that the bridge has verified the device, only that the user has verified it.
             # Not yet implemented.

roles/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -1,27 +1,21 @@
 ---
 # Mx Puppet Discord is a Matrix <-> Discord bridge
-# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord)
-#
-# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See:
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/201
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/202
-# - https://github.com/matrix-discord/mx-puppet-discord/issues/203
-# - (other similar issues in the past)
+# See: https://gitlab.com/mx-puppet/discord/mx-puppet-discord
 
 matrix_mx_puppet_discord_enabled: true
 
 matrix_mx_puppet_discord_container_image_self_build: false
-matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo"
+matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/mx-puppet/discord/mx-puppet-discord.git"
 matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}"
-matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord"
+matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "Dockerfile"
 
 # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_discord_container_http_host_bind_port: ''
 
-matrix_mx_puppet_discord_version: latest
-matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}"
+matrix_mx_puppet_discord_version: v0.1.1
+matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}mx-puppet/discord/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}"
 matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mx-puppet-discord/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
+        ["/matrix-mx-puppet-discord-registration.yaml"]
+      }}
   when: matrix_mx_puppet_discord_enabled|bool

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -25,7 +25,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 10000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -70,7 +70,7 @@ namePatterns:
   #
   # name: username of the user
   # discriminator: hashtag of the user (ex. #1234)
-  user: :name
+  user: ":name (#:discriminator) (via Discord)"
 
   # A user's guild-specific displayname - if they've set a custom nick in
   # a guild
@@ -82,7 +82,7 @@ namePatterns:
   # displayname: the user's custom group-specific nick
   # channel: the name of the channel
   # guild: the name of the guild
-  userOverride: :name
+  userOverride: ":displayname (:name#:discriminator) (via Discord)"
 
   # Room names for bridged Discord channels
   #
@@ -90,7 +90,7 @@ namePatterns:
   #
   # name: name of the channel
   # guild: name of the guild
-  room: :name
+  room: "#:name (:guild on Discord)"
 
   # Group names for bridged Discord servers
   #

roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2

@@ -17,7 +17,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true'
 
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
+ExecStartPre={{ matrix_host_command_sleep }} 15
 
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
 			--log-driver=none \

roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
+        ["/matrix-mx-puppet-groupme-registration.yaml"]
+      }}
   when: matrix_mx_puppet_groupme_enabled|bool

roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
+        ["/matrix-mx-puppet-instagram-registration.yaml"]
+      }}
   when: matrix_mx_puppet_instagram_enabled|bool

roles/matrix-bridge-mx-puppet-skype/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_skype_config_path }}/registration.yaml,dst=/matrix-mx-puppet-skype-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-skype-registration.yaml"] }}
+        ["/matrix-mx-puppet-skype-registration.yaml"]
+      }}
   when: matrix_mx_puppet_skype_enabled|bool

roles/matrix-bridge-mx-puppet-slack/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Mx Puppet Slack is a Matrix <-> Slack bridge
-# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack)
+# See: https://github.com/Sorunome/mx-puppet-slack
 
 matrix_mx_puppet_slack_enabled: true
 
@@ -8,17 +8,17 @@ matrix_mx_puppet_slack_oauth_client_id: ''
 matrix_mx_puppet_slack_oauth_client_secret: ''
 
 matrix_mx_puppet_slack_container_image_self_build: false
-matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git"
+matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/mx-puppet/slack/mx-puppet-slack.git"
 matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}"
-matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack"
+matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "Dockerfile"
 
 # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
 matrix_mx_puppet_slack_container_http_host_bind_port: ''
 
-matrix_mx_puppet_slack_version: latest
-matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}"
+matrix_mx_puppet_slack_version: v0.1.2
+matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}mx-puppet/slack/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}"
 matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mx-puppet-slack/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
+        ["/matrix-mx-puppet-slack-registration.yaml"]
+      }}
   when: matrix_mx_puppet_slack_enabled|bool
 
 - block:

roles/matrix-bridge-mx-puppet-steam/tasks/init.yml

@@ -13,12 +13,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
+        ["/matrix-mx-puppet-steam-registration.yaml"]
+      }}
   when: matrix_mx_puppet_steam_enabled|bool

roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml

@@ -13,14 +13,18 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
+        ["/matrix-mx-puppet-twitter-registration.yaml"]
+      }}
   when: matrix_mx_puppet_twitter_enabled|bool
 
 - block:

roles/matrix-bridge-sms/tasks/init.yml

@@ -15,12 +15,16 @@
 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
+      }}
 
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files|default([]) }}
+      {{
+        matrix_synapse_app_service_config_files|default([])
         +
-      {{ ["/matrix-sms-bridge-registration.yaml"] }}
+        ["/matrix-sms-bridge-registration.yaml"]
+      }}
   when: matrix_sms_bridge_enabled|bool

roles/matrix-client-cinny/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true
 matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
-matrix_client_cinny_version: v1.8.2
+matrix_client_cinny_version: v2.0.3
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

roles/matrix-client-element/defaults/main.yml

@@ -3,13 +3,13 @@
 matrix_client_element_enabled: true
 
 matrix_client_element_container_image_self_build: false
-matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
+matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git"
 # Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.10.11
+matrix_client_element_version: v1.10.12
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-element/tasks/setup_install.yml

@@ -82,6 +82,18 @@
     - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
   when: "item.src is not none"
 
+- name: Copy Element costum files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
+    - {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
+  when: "matrix_client_element_enabled|bool and item.src is not none"
+
 - name: Ensure Element config files removed
   file:
     path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

roles/matrix-client-element/templates/welcome.html.j2

@@ -33,7 +33,7 @@ h1::after {
 }
 
 .mx_Logo {
-    height: 54px;
+    height: 92px;
     margin-top: 2px;
 }
 

roles/matrix-grafana/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.4.1
+matrix_grafana_version: 8.5.1
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-jitsi/tasks/init.yml

@@ -3,3 +3,8 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
   when: matrix_jitsi_enabled|bool
+
+- name: Fail if on an unsupported architecture
+  fail:
+    msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
+  when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64'

roles/matrix-postgres/defaults/main.yml

@@ -22,12 +22,12 @@ matrix_postgres_architecture: amd64
 # > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault
 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
 
-matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.20{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.15{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.10{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.6{{ matrix_postgres_docker_image_suffix }}"
-matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.2{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}"
+matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.3{{ matrix_postgres_docker_image_suffix }}"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.57.1
+matrix_synapse_version: v1.59.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/files/workers-doc-to-yaml.awk

@@ -120,7 +120,7 @@ enable_parsing {
                 worker_stanza_append("  # " line linefeed)
 
                 # and take note of words hinting at additional conditions to be met
-                if (line ~ /(^| )[Ii]f |(^| )[Ff]or /) {
+                if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) {
                     endpoints_seem_conditional = 1
                 }
             }

roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml

@@ -27,11 +27,15 @@
       }}
 
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
+      }}
 
     matrix_synapse_additional_loggers: >
-      {{ matrix_synapse_additional_loggers }}
+      {{
+        matrix_synapse_additional_loggers
         +
-      {{ [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }}
+        [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}]
+      }}

roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml

@@ -4,7 +4,9 @@
     matrix_synapse_password_providers_enabled: true
 
     matrix_synapse_additional_loggers: >
-      {{ matrix_synapse_additional_loggers }}
+      {{
+        matrix_synapse_additional_loggers
        +
-      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
+        [{'name': 'ldap_auth_provider', 'level': 'INFO'}]
+      }}
   when: matrix_synapse_ext_password_provider_ldap_enabled|bool

roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml

@@ -34,19 +34,23 @@
 
 - set_fact:
     matrix_synapse_spam_checker: >
-      {{ matrix_synapse_spam_checker }}
+      {{
+        matrix_synapse_spam_checker
         +
         [{
           "module": "mjolnir.AntiSpam",
           "config": {
-          "block_invites": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }},
-          "block_messages": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }},
-          "block_usernames": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }},
-          "ban_lists": {{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}
+            "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites,
+            "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages,
+            "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames,
+            "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists,
           }
         }]
+      }}
 
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
+      }}

roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml

@@ -22,11 +22,15 @@
     matrix_synapse_password_providers_enabled: true
 
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
+      }}
 
     matrix_synapse_additional_loggers: >
-      {{ matrix_synapse_additional_loggers }}
+      {{
+        matrix_synapse_additional_loggers
         +
-      {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }}
+        [{'name': 'rest_auth_provider', 'level': 'INFO'}]
+      }}

roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -37,11 +37,15 @@
       }}
 
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
+      }}
 
     matrix_synapse_additional_loggers: >
-      {{ matrix_synapse_additional_loggers }}
+      {{
+        matrix_synapse_additional_loggers
         +
-      {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}
+        [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
+      }}

roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml

@@ -39,16 +39,20 @@
 
 - set_fact:
     matrix_synapse_modules: >
-      {{ matrix_synapse_modules }}
+      {{
+        matrix_synapse_modules
         +
         [{
           "module": "synapse_simple_antispam.AntiSpamInvites",
           "config": {
-          "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
+            "blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers
           }
         }]
+      }}
 
     matrix_synapse_container_extra_arguments: >
-      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      {{
+        matrix_synapse_container_extra_arguments|default([])
         +
         ["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
+      }}

roles/matrix-synapse/tasks/synapse/workers/init.yml

@@ -19,7 +19,7 @@
     worker:
       type: 'federation_sender'
       instanceId: "{{ item }}"
-      port: 0
+      port: "{{ item }}"
       metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}"
   register: "matrix_synapse_workers_list_results_federation_sender_workers"
   loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list }}"

roles/matrix-synapse/tasks/validate_config.yml

@@ -20,7 +20,7 @@
   with_items:
     - "matrix_synapse_workers_appservice_workers_count"
     - "matrix_synapse_workers_pusher_workers_count"
-    - "matrix_synapse_workers_federation_sender_workers_count"
+#    - "matrix_synapse_workers_federation_sender_workers_count"
 
 - name: (Deprecation) Catch and report renamed settings
   fail:

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -432,6 +432,11 @@ manhole_settings:
 # sign up in a short space of time never to return after their initial
 # session.
 #
+# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
+# applies a different trial number if the user was registered by an appservice.
+# A value of 0 means no trial days are applied. Appservices not listed in this
+# dictionary use the value of `mau_trial_days` instead.
+#
 # 'mau_limit_alerting' is a means of limiting client side alerting
 # should the mau limit be reached. This is useful for small instances
 # where the admin has 5 mau seats (say) for 5 specific people and no
@@ -442,6 +447,8 @@ manhole_settings:
 #max_mau_value: 50
 #mau_trial_days: 2
 #mau_limit_alerting: false
+#mau_appservice_trial_days:
+#  "appservice-id": 1
 
 # If enabled, the metrics for the number of monthly active users will
 # be populated, however no one will be limited. If limit_usage_by_mau
@@ -742,11 +749,11 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
 #
 #allow_profile_lookup_over_federation: false
 
-# Uncomment to disable device display name lookup over federation. By default, the
-# Federation API allows other homeservers to obtain device display names of any user
-# on this homeserver. Defaults to 'true'.
+# Uncomment to allow device display name lookup over federation. By default, the
+# Federation API prevents other homeservers from obtaining the display names of
+# user devices on this homeserver. Defaults to 'false'.
 #
-#allow_device_name_lookup_over_federation: false
+#allow_device_name_lookup_over_federation: true
 
 
 ## Caching ##
@@ -1375,7 +1382,11 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
 #
 registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }}
 
-
+# Allow users to submit a token during registration to bypass any required 3pid
+# steps configured in `registrations_require_3pid`.
+# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
+#
+#enable_registration_token_3pid_bypass: false
 
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
@@ -2848,7 +2859,9 @@ opentracing:
 # Disables sending of outbound federation transactions on the main process.
 # Uncomment if using a federation sender worker.
 #
-#send_federation: false
+{% if matrix_synapse_workers_federation_sender_workers_count|int > 0 %}
+send_federation: false
+{% endif %}
 
 # It is possible to run multiple federation sender workers, in which case the
 # work is balanced across them.
@@ -2858,8 +2871,13 @@ opentracing:
 # started, to ensure that all instances are running with the same config (otherwise
 # events may be dropped).
 #
-#federation_sender_instances:
-#  - federation_sender1
+{% if matrix_synapse_workers_federation_sender_workers_count != 0%}
+federation_sender_instances:
+{% for i in range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list %}
+#  -dd federation_sender1
+  - federation_sender:{{ i | int }}
+{% endfor %}
+{% endif %}
 
 # When using workers this should be a map from `worker_name` to the
 # HTTP replication listener of the worker, if configured.

roles/matrix-synapse/vars/workers.yml

@@ -1,12 +1,15 @@
 ---
 
 matrix_synapse_workers_generic_worker_endpoints:
-  # This worker can handle API requests matching the following regular
-  # expressions:
+  # This worker can handle API requests matching the following regular expressions.
+  # These endpoints can be routed to any worker. If a worker is set up to handle a
+  # stream then, for maximum efficiency, additional endpoints should be routed to that
+  # worker: refer to the [stream writers](#stream-writers) section below for further
+  # information.
 
   # Sync requests
-  - ^/_matrix/client/(v2_alpha|r0|v3)/sync$
-  - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$
+  - ^/_matrix/client/(r0|v3)/sync$
+  - ^/_matrix/client/(api/v1|r0|v3)/events$
   - ^/_matrix/client/(api/v1|r0|v3)/initialSync$
   - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$
 
@@ -20,19 +23,14 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/federation/v1/query/
   - ^/_matrix/federation/v1/make_join/
   - ^/_matrix/federation/v1/make_leave/
-  - ^/_matrix/federation/v1/send_join/
-  - ^/_matrix/federation/v2/send_join/
-  - ^/_matrix/federation/v1/send_leave/
-  - ^/_matrix/federation/v2/send_leave/
-  - ^/_matrix/federation/v1/invite/
-  - ^/_matrix/federation/v2/invite/
-  - ^/_matrix/federation/v1/query_auth/
+  - ^/_matrix/federation/(v1|v2)/send_join/
+  - ^/_matrix/federation/(v1|v2)/send_leave/
+  - ^/_matrix/federation/(v1|v2)/invite/
   - ^/_matrix/federation/v1/event_auth/
   - ^/_matrix/federation/v1/exchange_third_party_invite/
   - ^/_matrix/federation/v1/user/devices/
   - ^/_matrix/federation/v1/get_groups_publicised$
   - ^/_matrix/key/v2/query
-  - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/
   - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/
 
   # Inbound federation transaction request
@@ -45,22 +43,25 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$
-  - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$
   - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$
   - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$
+  - ^/_matrix/client/(r0|v3|unstable)/account/3pid$
+  - ^/_matrix/client/(r0|v3|unstable)/devices$
   - ^/_matrix/client/versions$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/
+  - ^/_matrix/client/(r0|v3|unstable)/joined_groups$
+  - ^/_matrix/client/(r0|v3|unstable)/publicised_groups$
+  - ^/_matrix/client/(r0|v3|unstable)/publicised_groups/
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$
 
+  # Encryption requests
+  - ^/_matrix/client/(r0|v3|unstable)/keys/query$
+  - ^/_matrix/client/(r0|v3|unstable)/keys/changes$
+  - ^/_matrix/client/(r0|v3|unstable)/keys/claim$
+  - ^/_matrix/client/(r0|v3|unstable)/room_keys/
+
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
   - ^/_matrix/client/(r0|v3|unstable)/register$
@@ -74,11 +75,31 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/
   - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/
 
+  # These appear to be conditional and should not be enabled by default.
+  # We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them.
+  # For now, they've been commented out manually.
+  #
+  # # Device requests
+  # - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/
+
+  # # Account data requests
+  # - ^/_matrix/client/(r0|v3|unstable)/.*/tags
+  # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data
+
+  # # Receipts requests
+  # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
+  # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
+
+  # # Presence requests
+  # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
+
 
   # Additionally, the following REST endpoints can be handled for GET requests:
 
   # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
   # ^/_matrix/federation/v1/groups/
+  # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
+  # ^/_matrix/client/(r0|v3|unstable)/groups/
 
   # Pagination requests can also be handled, but all requests for a given
   # room must be routed to the same instance. Additionally, care must be taken to
@@ -155,16 +176,17 @@ matrix_synapse_workers_generic_worker_endpoints:
 
   # #### Stream writers
 
-  # Additionally, there is *experimental* support for moving writing of specific
-  # streams (such as events) off of the main process to a particular worker. (This
-  # is only supported with Redis-based replication.)
-
-  # Currently supported streams are `events` and `typing`.
+  # Additionally, the writing of specific streams (such as events) can be moved off
+  # of the main process to a particular worker.
+  # (This is only supported with Redis-based replication.)
 
   # To enable this, the worker must have a HTTP replication listener configured,
-  # have a `worker_name` and be listed in the `instance_map` config. For example to
-  # move event persistence off to a dedicated worker, the shared configuration would
-  # include:
+  # have a `worker_name` and be listed in the `instance_map` config. The same worker
+  # can handle multiple streams, but unless otherwise documented, each stream can only
+  # have a single writer.
+
+  # For example, to move event persistence off to a dedicated worker, the shared
+  # configuration would include:
 
   # ```yaml
   # instance_map:
@@ -176,8 +198,20 @@ matrix_synapse_workers_generic_worker_endpoints:
   #     events: event_persister1
   # ```
 
-  # The `events` stream also experimentally supports having multiple writers, where
-  # work is sharded between them by room ID. Note that you *must* restart all worker
+  # An example for a stream writer instance:
+
+  # ```yaml
+  # {{#include systemd-with-workers/workers/event_persister.yaml}}
+  # ```
+
+  # Some of the streams have associated endpoints which, for maximum efficiency, should
+  # be routed to the workers handling that stream. See below for the currently supported
+  # streams and the endpoints associated with them:
+
+  # ##### The `events` stream
+
+  # The `events` stream experimentally supports having multiple writers, where work
+  # is sharded between them by room ID. Note that you *must* restart all worker
   # instances when adding or removing event persisters. An example `stream_writers`
   # configuration with multiple writers:
 
@@ -188,9 +222,51 @@ matrix_synapse_workers_generic_worker_endpoints:
   #         - event_persister2
   # ```
 
+  # ##### The `typing` stream
+
+  # The following endpoints should be routed directly to the worker configured as
+  # the stream writer for the `typing` stream:
+
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing
+
+  # ##### The `to_device` stream
+
+  # The following endpoints should be routed directly to the worker configured as
+  # the stream writer for the `to_device` stream:
+
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/
+
+  # ##### The `account_data` stream
+
+  # The following endpoints should be routed directly to the worker configured as
+  # the stream writer for the `account_data` stream:
+
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(r0|v3|unstable)/.*/tags
+  # ^/_matrix/client/(r0|v3|unstable)/.*/account_data
+
+  # ##### The `receipts` stream
+
+  # The following endpoints should be routed directly to the worker configured as
+  # the stream writer for the `receipts` stream:
+
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
+  # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
+
+  # ##### The `presence` stream
+
+  # The following endpoints should be routed directly to the worker configured as
+  # the stream writer for the `presence` stream:
+
+  # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
+  # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
+
   # #### Background tasks
 
-  # There is also *experimental* support for moving background tasks to a separate
+  # There is also support for moving background tasks to a separate
   # worker. Background tasks are run periodically or started via replication. Exactly
   # which tasks are configured to run depends on your Synapse configuration (e.g. if
   # stats is enabled).
@@ -206,6 +282,12 @@ matrix_synapse_workers_generic_worker_endpoints:
   # You might also wish to investigate the `update_user_directory` and
   # `media_instance_running_background_jobs` settings.
 
+  # An example for a dedicated background worker instance:
+
+  # ```yaml
+  # {{#include systemd-with-workers/workers/background_worker.yaml}}
+  # ```
+
 # pusher worker (no API endpoints) [
   # Handles sending push notifications to sygnal and email. Doesn't handle any
   # REST endpoints itself, but you should set `start_pushers: False` in the
@@ -292,18 +374,27 @@ matrix_synapse_workers_user_dir_endpoints:
   # Handles searches in the user directory. It can handle REST endpoints matching
   # the following regular expressions:
 
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$
+  - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$
 
-  # When using this worker you must also set `update_user_directory: False` in the
+  # When using this worker you must also set `update_user_directory: false` in the
   # shared configuration file to stop the main synapse running background
   # jobs related to updating the user directory.
 
+  # Above endpoint is not *required* to be routed to this worker. By default,
+  # `update_user_directory` is set to `true`, which means the main process
+  # will handle updates. All workers configured with `client` can handle the above
+  # endpoint as long as either this worker or the main process are configured to
+  # handle it, and are online.
+
+  # If `update_user_directory` is set to `false`, and this worker is not running,
+  # the above endpoint may give outdated results.
+
 matrix_synapse_workers_frontend_proxy_endpoints:
   # Proxies some frequently-requested client endpoints to add caching and remove
   # load from the main synapse. It can handle REST endpoints matching the following
   # regular expressions:
 
-  - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload
+  - ^/_matrix/client/(r0|v3|unstable)/keys/upload
 
   # If `use_presence` is False in the homeserver config, it can also handle REST
   # endpoints matching the following regular expressions:

setup.yml

@@ -7,9 +7,10 @@
     - roles/matrix-synapse/vars/workers.yml
 
   roles:
+#    - matrix-awx
     - matrix-base
-    - matrix-dynamic-dns
-    - matrix-mailer
+#    - matrix-dynamic-dns
+#    - matrix-mailer
     - matrix-postgres
     - matrix-redis
     - matrix-corporal
@@ -65,3 +66,33 @@
     - matrix-prometheus-postgres-exporter
     - matrix-backup-borg
     - matrix-common-after
+
+  tasks:
+    - name: Ensure web-user is present
+      user:
+        name: "{{ web_user }}"
+        state: present
+        system: yes
+      register: web_user_res
+      tags: [ setup-caddy, setup-all, start ]
+    - name: Ensure directory for revproxy config is present
+      file:
+        path: "{{ revproxy_autoload_dir }}/matrix"
+        state: directory
+        owner: "{{ web_user_res.uid }}"
+        group: "{{ web_user_res.group }}"
+        mode: 0750
+      tags: [ setup-caddy, setup-all, start ]
+    - name: Template reverse proxy configuration
+      template:
+        src: Caddyfile.j2
+        dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
+        owner: "{{ web_user_res.uid }}"
+        group: "{{ web_user_res.group }}"
+        mode: 0640
+      tags: [ setup-caddy, setup-all, start ]
+    - name: Restart reverse proxy
+      docker_container:
+        name: web
+        state: started
+        restart: yes

templates/Caddyfile.j2

@@ -0,0 +1,110 @@
+https://{{ matrix_server_fqn_matrix }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+	header {
+		Strict-Transport-Security "max-age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+        basicauth /metrics/* bcrypt monitoring {
+                monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
+        }
+        route /metrics/synapse {
+                uri replace /metrics/synapse /_synapse/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/appservice {
+                uri replace /metrics/synapse/worker/appservice /_synapse-worker-appservice-0/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-0 {
+                uri replace /metrics/synapse/worker/federation-sender-0 /_synapse-worker-federation_sender-0/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-1 {
+                uri replace /metrics/synapse/worker/federation-sender-1 /_synapse-worker-federation_sender-1/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/federation-sender-2 {
+                uri replace /metrics/synapse/worker/federation-sender-2 /_synapse-worker-federation_sender-2/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/generic-0 {
+                uri replace /metrics/synapse/worker/generic-0 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start)|int}}/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/generic-1 {
+                uri replace /metrics/synapse/worker/generic-1 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start + 1)|int}}/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/media-0 {
+                uri replace /metrics/synapse/worker/media-0 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start)|int }}/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/synapse/worker/media-1 {
+                uri replace /metrics/synapse/worker/media-1 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start + 1)|int }}/metrics
+                reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+        }
+        route /metrics/bridge/* {
+                uri strip_prefix /metrics/bridge
+                route /mautrix-telegram {
+                    uri replace /mautrix-telegram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-whatsapp {
+                    uri replace /mautrix-whatsapp /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
+                }
+                route /mautrix-signal {
+                    uri replace /mautrix-signal /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-instagram {
+                    uri replace /mx-puppet-instagram /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-discord {
+                    uri replace /mx-puppet-discord /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-skype {
+                    uri replace /mx-puppet-skype /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
+                }
+                route /mx-puppet-slack {
+                    uri replace /mx-puppet-slack /metrics
+                    reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
+                }
+        }
+	reverse_proxy /_matrix/federation/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
+	reverse_proxy /_matrix/key/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_server_fqn_dimension }} {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	encode zstd gzip
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_server_fqn_element }} {
+	tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
+	encode zstd gzip
+        reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
+}
+
+https://{{ matrix_domain }}/.well-known/matrix/* {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	route {
+		uri strip_prefix /.well-known/matrix
+		root * /matrix_static
+		file_server
+	}
+	header {
+		Content-Type "application/json"
+		X-Content-Type-Options "nosniff"
+		Access-Control-Allow-Origin *
+		Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+	}
+}