finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:master
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram
..
compare: finallycoffee:223057b6edfa8d9e426a4cc6d675ae435a0188f2
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram

3 Commits
master ... 223057b6ed

Author SHA1 Message Date
transcaffeine
223057b6ed update: synapse to 1.131.0, element-web to 1.11.102 2025-06-03 21:58:36 +02:00
transcaffeine
6bdf3c14ec meta: move inventory structure to be more usable 2025-06-03 21:41:13 +02:00
jdreichmann
ddd79425d2 meta: add own inventory, add vault-unlock with GPG 2025-06-03 21:41:01 +02:00
339 changed files with 849 additions and 2978 deletions
Expand all files Collapse all files

1
.github/renovate.json vendored
View File

@@ -20,7 +20,6 @@
"packageRules": [
{
"ignoreUnstable": false,
"versioning": "loose",
"matchSourceUrls": [
"https://github.com/devture/com.devture.ansible.role{/,}**",
"https://github.com/mother-of-all-self-hosting{/,}**"

2
.github/workflows/close-stale-issues.yml vendored
View File

@@ -19,7 +19,7 @@ jobs:
if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
- uses: actions/stale@v9
with:
######################################################################
# Issues/PRs

14
.github/workflows/matrix.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v5
uses: actions/checkout@v4
- name: Run yamllint
uses: frenck/action-yamllint@v1.5.0
ansible-lint:
@@ -23,20 +23,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v5
uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@v25.9.2
uses: ansible-community/ansible-lint-action@v6.17.0
with:
args: "roles/custom"
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
path: roles/custom
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
uses: actions/checkout@v4
- name: Run pre-commit
uses: pre-commit/action@v3.0.1

4
.pre-commit-config.yaml
View File

@@ -6,7 +6,7 @@ exclude: "LICENSES/"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
rev: v5.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
@@ -21,6 +21,6 @@ repos:
- id: codespell
args: ["--skip=*.po,*.pot,i18n/"]
- repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook
rev: v6.1.2
rev: v5.0.2
hooks:
- id: reuse

11
CHANGELOG.md
View File

@@ -1,14 +1,3 @@
# 2025-10-02
## Element Admin support
The playbook now supports [Element Admin](./docs/configuring-playbook-element-admin.md) - a new web-based administration panel for Synapse and [Matrix Authentication Service](./docs/configuring-playbook-matrix-authentication-service.md).
Deployments based on Matrix Authentication Service may find it useful to run both Synapse Admin and Element Admin at the same time.
Deployments that don't rely on Matrix Authentication Service are unlikely to find anything useful in Element Admin right now (it's too basic in its current form).
# 2025-04-26
## Continuwuity support

1
README.md
View File

@@ -141,7 +141,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
| [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
| [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |
### Bots

9
docs/ansible.md
View File

@@ -20,13 +20,10 @@ To manually check which version of Ansible you're on, run: `ansible --version`.
For the **best experience**, we recommend getting the **latest version of Ansible available**.
We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`).
We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).
> [!WARNING]
> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory.
## Upgrading Ansible
Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
@@ -74,7 +71,7 @@ docker run \
-w /work \
--mount type=bind,src=`pwd`,dst=/work \
--entrypoint=/bin/sh \
ghcr.io/devture/ansible:11.6.0-r0-0
ghcr.io/devture/ansible:11.1.0-r0-0
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code.
@@ -95,7 +92,7 @@ docker run \
--mount type=bind,src=`pwd`,dst=/work \
--mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \
--entrypoint=/bin/sh \
ghcr.io/devture/ansible:11.6.0-r0-0
ghcr.io/devture/ansible:11.1.0-r0-0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_ed25519`) into the container (at `/root/.ssh/id_ed25519`). If your SSH key is at a different path (not in `$HOME/.ssh/id_ed25519`), adjust that part.

2
docs/configuring-playbook-bot-baibot.md
View File

@@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
```
Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.

19
docs/configuring-playbook-bot-draupnir.md
View File

@@ -242,12 +242,9 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Policy lists are maintained in Matrix rooms. Popular ones maintained in the public are:
Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
- `#community-moderation-effort-bl:neko.dev`
- `#huginn-muninn-active-threats:feline.support`
You can tell Draupnir to subscribe to each of these by sending the following command to the Management Room: `!draupnir watch POLICY_LIST_ADDRESS_HERE` (e.g. `!draupnir watch #community-moderation-effort-bl:neko.dev`)
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
#### Creating your own policy lists and rules
@@ -262,7 +259,7 @@ The simplest and most useful entity to target is `user`. Below are a few example
To create rules, you run commands in the Management Room (**not** in the policy list room).
- (ban a single user on a given homeserver): `!draupnir ban @charles:example.com my-bans Rude to others`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server, all users are fake`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake`
As a result of running these commands, you may observe:
@@ -273,14 +270,14 @@ You can undo bans with the [unban command](https://the-draupnir-project.github.i
### Enabling built-in protections
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuitProtection` ("If X amount of users join in Y time, set the room to invite-only").
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
To [**see the configuration options for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#displaying-the-protection-settings), send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuitProtection`).
To **see the configuration options for a given protection**, send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuit`).
To [**set a specific option for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#changing-protection-settings), send a command like this: `!draupnir protections config set PROTECTION_NAME OPTION VALUE` (e.g. `!draupnir protections config set JoinWaveShortCircuitProtection timescaleMinutes 30`).
To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
To [**enable a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/block-invitations-on-server-protection#enabling-the-protection), send a command like this: `!draupnir protections enable PROTECTION_NAME` (e.g. `!draupnir protections enable JoinWaveShortCircuitProtection`).
To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
To **disable a given protection**, send a command like this: `!draupnir protections disable PROTECTION_NAME` (e.g. `!draupnir protections disable JoinWaveShortCircuitProtection`).
To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).

4
docs/configuring-playbook-bot-matrix-registration-bot.md
View File

@@ -37,10 +37,6 @@ matrix_synapse_enable_registration: true
# Restrict registration to users with a token
matrix_synapse_registration_requires_token: true
# Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace.
# Example: "!regbot "
matrix_bot_matrix_registration_bot_bot_prefix: ""
```
The bot account will be created automatically.

2
docs/configuring-playbook-bridge-hookshot.md
View File

@@ -35,7 +35,7 @@ matrix_hookshot_enabled: true
# Uncomment to enable end-to-bridge encryption.
# See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
# matrix_hookshot_encryption_enabled: true
# matrix_hookshot_experimental_encryption_enabled: true
# Uncomment and paste the contents of GitHub app private key to enable GitHub bridge.
# Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section.

4
docs/configuring-playbook-bridge-mx-puppet-steam.md
View File

@@ -7,9 +7,7 @@ SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up MX Puppet Steam bridging (optional, deprecated)
**Note**: This bridge has been deprecated in favor of the [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) bridge for Steam, which can be [installed using this playbook](configuring-playbook-bridge-steam.md). Consider using that bridge instead of this one.
# Setting up MX Puppet Steam bridging (optional)
The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.

48
docs/configuring-playbook-bridge-steam.md
View File

@@ -1,48 +0,0 @@
<!--
SPDX-FileCopyrightText: 2025 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Steam bridging (optional)
The playbook can install and configure [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) for you.
See the project's [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge/blob/main/README.md) to learn what it does and why it might be useful to you.
## Adjusting the playbook configuration
To enable the [Steam](https://steampowered.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_steam_bridge_enabled: true
```
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` and `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
The tag for `just` commands for this bridge is `matrix-steam-bridge` - for example: `just install-service matrix-steam-bridge`
## Usage
To use the bridge, you need to start a chat with `Steam bridge bot` with the handle `@steambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
The bridge supports QR code and password-based login as well as SteamGuard codes via app, SMS, or e-mail. See matrix-steam-bridge [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge) for more information about how to configure the bridge.
To login, send `login [flow ID]` where possible flow IDs are `password` or `qr`
Once logged in, send `search [name]` to search through recognized Steam friends. You can send a user name, display name, or all forms of Steam ID. Send `start-chat [identifier]` to request the bridge bot to open a chat room with a user.
Chat rooms will automatically be opened as new messages are received.
Send `help` to the bot to see the available commands.

4
docs/configuring-playbook-continuwuity.md
View File

@@ -50,8 +50,8 @@ If a specific setting you'd like to change does not have a dedicated Ansible var
```yaml
matrix_continuwuity_environment_variables_extension: |
CONTINUWUITY_MAX_REQUEST_SIZE=50000000
CONTINUWUITY_REQUEST_TIMEOUT=60
continuwuity_MAX_REQUEST_SIZE=50000000
continuwuity_REQUEST_TIMEOUT=60
```
## Creating the first user account

67
docs/configuring-playbook-element-admin.md
View File

@@ -1,67 +0,0 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Element Admin (optional)
The playbook can install and configure [Element Admin](https://github.com/element-hq/element-admin) for you.
Element Admin is a web-based administration panel for Synapse and [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
See the project's [documentation](https://github.com/element-hq/element-admin) to learn more.
💡 **Note**: This project is still very young and doesn't have many features. For now, it's recommended to use [Synapse Admin](./configuring-playbook-synapse-admin.md) instead. Deployments that use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) can use Element Admin for user-management (something that Synapse Admin can't do), while continuing to use Synapse Admin for all other purposes.
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
- [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
## Decide on a domain and path
By default, the Element Admin is configured to be served on the `admin.element.example.com` domain.
If you'd like to run Element Admin on another hostname, see the [Adjusting the Element Admin URL](#adjusting-the-element-admin-url-optional) section below.
## Adjusting DNS records (optional)
By default, this playbook installs Element Admin on the `admin.element.` subdomain (`admin.element.example.com`) and requires you to create a `CNAME` record for `admin.element`, which targets `matrix.example.com`.
When setting these values, replace `example.com` with your own.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_element_admin_enabled: true
```
### Adjusting the Element Admin URL (optional)
By tweaking the `matrix_element_admin_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
Example additional configuration for your `vars.yml` file:
```yaml
matrix_element_admin_hostname: element-admin.example.com
```
> [!WARNING]
> A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**.
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

2
docs/configuring-playbook-jitsi.md
View File

@@ -70,7 +70,7 @@ By default the Jitsi Meet instance **does not require for anyone to log in, and
If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
### Enable Gravatar (optional)

2
docs/configuring-playbook-matrix-authentication-service.md
View File

@@ -51,7 +51,7 @@ This section details what you can expect when switching to the Matrix Authentica
-**Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md).
- ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes.
- ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet.
-**Some services experience issues when authenticating via MAS**:

1
docs/configuring-playbook-matrix-rtc.md
View File

@@ -16,6 +16,7 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))

4
docs/configuring-playbook-synapse-admin.md
View File

@@ -18,8 +18,6 @@ synapse-admin is a web UI tool you can use to **administrate users, rooms, media
💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
## Adjusting DNS records (optional)
By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.
@@ -42,7 +40,7 @@ matrix_synapse_admin_enabled: true
By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable.
> [!WARNING]
> If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all. You may be interested in using [Element Admin](docs/configuring-playbook-element-admin.md) for these purposes.
> If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all.
### Adjusting the Synapse Admin URL (optional)

2
docs/configuring-playbook.md
View File

@@ -184,8 +184,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
- [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)
- [Setting up Steam bridging](configuring-playbook-bridge-steam.md)
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)
- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)

3
docs/container-images.md
View File

@@ -114,7 +114,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
| [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
| [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) |
| [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) |
| [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) |
| [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge |
@@ -159,7 +158,7 @@ Various services that don't fit any other categories.
| ------- | --------------- | -------- | ----------- |
| [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [etke.cc/rust-synapse-compress-state](https://gitlab.com/etke.cc/rust-synapse-compress-state/container_registry) | ❌ | Cli tool that automatically compresses `state_groups` database table in background |
| [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
| [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
| [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI |

8
docs/maintenance-postgres.md
View File

@@ -104,12 +104,12 @@ To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_default` variable.
The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_default` variable
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_default: []`
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_default` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration

2
docs/prerequisites.md
View File

@@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

6
examples/reverse-proxies/apache/matrix-domain.conf
View File

@@ -33,12 +33,6 @@
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyTimeout 86400
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon

225
group_vars/matrix_servers
View File

@@ -162,8 +162,6 @@ matrix_homeserver_container_extra_arguments_auto: |
+
(['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_steam_bridge_config_path + '/registration.yaml,dst=/matrix-steam-bridge-registration.yaml,ro'] if matrix_steam_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
}}
@@ -238,8 +236,6 @@ matrix_homeserver_app_service_config_files_auto: |
(['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+
(['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+
(['/matrix-steam-bridge-registration.yaml'] if matrix_steam_bridge_enabled else [])
}}
matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
@@ -385,8 +381,6 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
+
([{'name': 'matrix-steam-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'matrix-steam-bridge']}] if matrix_steam_bridge_enabled else [])
+
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
+
([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
@@ -453,8 +447,6 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
+
([{'name': 'matrix-element-admin.service', 'priority': 4000, 'groups': ['matrix', 'element-admin']}] if matrix_element_admin_enabled else [])
+
([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
+
([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
@@ -674,18 +666,26 @@ matrix_authentication_service_config_passwords_schemes:
- version: 1
secret: "{{ matrix_synapse_password_config_pepper }}"
algorithm: bcrypt
unicode_normalization: true
- version: 2
algorithm: argon2id
matrix_authentication_service_config_clients_auto: |-
{{
([
{
'client_id': matrix_synapse_experimental_features_msc3861_client_id,
'client_auth_method': matrix_synapse_experimental_features_msc3861_client_auth_method,
'client_secret': matrix_synapse_experimental_features_msc3861_client_secret,
}
] if matrix_synapse_experimental_features_msc3861_enabled else [])
}}
matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}"
matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}"
matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}"
matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}"
matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@@ -997,8 +997,6 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve
matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
@@ -1048,8 +1046,6 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |-
{{
({
@@ -1170,8 +1166,6 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_bluesky_double_puppet_secrets_auto: |-
@@ -1241,8 +1235,6 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}"
@@ -1309,8 +1301,6 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener
matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_slack_double_puppet_secrets_auto: |-
{{
{
@@ -1384,8 +1374,6 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_facebook_appservice_public_enabled: true
matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
@@ -1606,8 +1594,6 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_double_puppet_secrets_auto: |-
@@ -1686,8 +1672,6 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c
matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |-
{{
{
@@ -1764,8 +1748,6 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c
matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |-
{{
{
@@ -1851,8 +1833,6 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
{{
({
@@ -1929,8 +1909,6 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_double_puppet_secrets_auto: |-
@@ -2003,8 +1981,6 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
{{
{
@@ -2123,8 +2099,6 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr
matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"
matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"
@@ -2186,8 +2160,6 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_whatsapp_double_puppet_secrets_auto: |-
{{
{
@@ -2777,82 +2749,6 @@ matrix_postmoogle_container_additional_networks_auto: |-
#
######################################################################
######################################################################
#
# matrix-bridge-steam
#
######################################################################
# We don't enable bridges by default.
matrix_steam_bridge_enabled: false
matrix_steam_bridge_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
}}
matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_steam_bridge_container_network: "{{ matrix_addons_container_network }}"
matrix_steam_bridge_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([postgres_container_network] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname and matrix_steam_bridge_container_network != postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_steam_bridge_container_labels_traefik_enabled else [])
) | unique
}}
matrix_steam_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_steam_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_steam_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_steam_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.as.token', rounds=655555) | to_uuid }}"
matrix_steam_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_steam_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.hs.token', rounds=655555) | to_uuid }}"
matrix_steam_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_steam_bridge_public_media_signing_key: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.pub.key', rounds=655555) | to_uuid) if matrix_steam_bridge_public_media_enabled else '' }}"
matrix_steam_bridge_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.prov', rounds=655555) | to_uuid }}"
matrix_steam_bridge_double_puppet_secrets_auto: |-
{{
({
matrix_steam_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else {}
}}
matrix_steam_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_steam_bridge_metrics_proxying_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_steam_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_steam_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/matrix-steam-bridge"
matrix_steam_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_steam_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"
######################################################################
#
# /matrix-bridge-steam
#
######################################################################
######################################################################
#
# matrix-bot-matrix-reminder-bot
@@ -3797,10 +3693,10 @@ etherpad_systemd_required_services_list_auto: |
([postgres_identifier ~ '.service'] if postgres_enabled else [])
}}
etherpad_database_postgres_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad
etherpad_database_postgres_username: matrix_etherpad
etherpad_database_postgres_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
etherpad_database_username: matrix_etherpad
etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
######################################################################
#
@@ -4482,12 +4378,6 @@ postgres_managed_databases_auto: |
'password': matrix_mx_puppet_groupme_database_password,
}] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
+
([{
'name': matrix_steam_bridge_database_name,
'username': matrix_steam_bridge_database_username,
'password': matrix_steam_bridge_database_password,
}] if (matrix_steam_bridge_enabled and matrix_steam_bridge_database_engine == 'postgres' and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+
([{
'name': matrix_dimension_database_name,
'username': matrix_dimension_database_username,
@@ -4496,9 +4386,9 @@ postgres_managed_databases_auto: |
+
([{
'name': etherpad_database_name,
'username': etherpad_database_postgres_username,
'password': etherpad_database_postgres_password,
}] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_postgres_hostname == postgres_connection_hostname) else [])
'username': etherpad_database_username,
'password': etherpad_database_password,
}] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else [])
+
([{
'name': prometheus_postgres_exporter_database_name,
@@ -4964,7 +4854,7 @@ matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_wo
matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_element_admin_enabled }}"
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
@@ -4992,7 +4882,7 @@ matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}"
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
@@ -5021,7 +4911,7 @@ matrix_synapse_systemd_required_services_list_auto: |
+
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
+
(['matrix-authentication-service.service'] if (matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_matrix_authentication_service_endpoint == matrix_authentication_service_http_base_container_url) else [])
(['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else [])
}}
matrix_synapse_systemd_wanted_services_list_auto: |
@@ -5055,9 +4945,11 @@ matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exp
matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}"
matrix_synapse_matrix_authentication_service_enabled: "{{ matrix_authentication_service_enabled }}"
matrix_synapse_matrix_authentication_service_endpoint: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_matrix_authentication_service_secret: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}"
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
@@ -5069,7 +4961,7 @@ matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_rtc_enabled }}"
# Unless this is done, Synapse fails on startup with:
# > Error in configuration at 'password_config.enabled':
# > Password auth cannot be enabled when OAuth delegation is enabled
matrix_synapse_password_config_enabled: "{{ not matrix_synapse_matrix_authentication_service_enabled }}"
matrix_synapse_password_config_enabled: "{{ not matrix_synapse_experimental_features_msc3861_enabled }}"
matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user"
@@ -5096,7 +4988,7 @@ matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_u
matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}"
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
@@ -5216,8 +5108,6 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}"
matrix_synapse_admin_config_asManagedUsers_auto: |
{{
([
@@ -5353,7 +5243,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
+
([
'^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$',
'^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_telegram_enabled else [])
+
([
@@ -5405,11 +5295,6 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
'^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_wechat_enabled else [])
+
([
'^@'+(matrix_steam_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@steam_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_steam_bridge_enabled else [])
}}
######################################################################
@@ -6214,7 +6099,7 @@ matrix_user_creator_users_auto: |
([{
'username': matrix_bot_draupnir_login,
'initial_password': matrix_bot_draupnir_password,
'initial_type': ('admin' if matrix_bot_draupnir_admin_api_enabled else 'bot'),
'initial_type': 'bot',
}] if matrix_bot_draupnir_enabled and matrix_bot_draupnir_password else [])
}}
@@ -6309,7 +6194,7 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: "{{ matrix_authentication_service_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: "{{ matrix_authentication_service_config_http_issuer if matrix_authentication_service_enabled else '' }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url }}"
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"
@@ -6441,45 +6326,6 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai
# #
########################################################################
########################################################################
# #
# matrix-element-admin #
# #
########################################################################
# We don't enable this by default.
matrix_element_admin_enabled: false
matrix_element_admin_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_element_admin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_admin_container_image_registry_prefix_upstream_default }}"
matrix_element_admin_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_element_admin_container_network: "{{ matrix_addons_container_network }}"
matrix_element_admin_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_element_admin_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_element_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_element_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_element_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_element_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_element_admin_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
######################################################################
# #
# /matrix-element-admin #
# #
######################################################################
########################################################################
# #
@@ -6576,15 +6422,6 @@ livekit_server_config_keys_auto: |-
)
}}
# We only wish for matrix-livekit-jwt-service to create rooms, only for users on trusted homeservers.
# See `matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers`.
#
# Ref:
# - https://github.com/element-hq/lk-jwt-service/releases/tag/v0.3.0
# - https://github.com/livekit/livekit/blob/5e483e7554e5afbf254acf84e3ec0aa6e108e758/config-sample.yaml#L168-L170
# - https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/commit/2a1b04552634097bdd26d472502a8f5bf1b8528f
livekit_server_config_room_auto_create: false
# The playbook intentionally uses a non-standard port than the default used by the role (5349),
# because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
@@ -6664,8 +6501,6 @@ matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(m
matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"
matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["{{ matrix_domain }}"]
########################################################################
# #
# /matrix-livekit-jwt-service #

26
i18n/requirements.txt
View File

@@ -1,26 +1,26 @@
alabaster==1.0.0
babel==2.17.0
certifi==2025.10.5
charset-normalizer==3.4.4
click==8.3.0
docutils==0.22.2
idna==3.11
certifi==2025.4.26
charset-normalizer==3.4.2
click==8.2.1
docutils==0.21.2
idna==3.10
imagesize==1.4.1
Jinja2==3.1.6
linkify-it-py==2.0.3
markdown-it-py==4.0.0
MarkupSafe==3.0.3
mdit-py-plugins==0.5.0
markdown-it-py==3.0.0
MarkupSafe==3.0.2
mdit-py-plugins==0.4.2
mdurl==0.1.2
myst-parser==4.0.1
packaging==25.0
Pygments==2.19.2
PyYAML==6.0.3
requests==2.32.5
Pygments==2.19.1
PyYAML==6.0.2
requests==2.32.3
setuptools==80.9.0
snowballstemmer==3.0.1
Sphinx==8.2.3
sphinx-intl==2.3.2
sphinx-intl==2.3.1
sphinx-markdown-builder==0.6.8
sphinxcontrib-applehelp==2.0.0
sphinxcontrib-devhelp==2.0.0
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0
tabulate==0.9.0
uc-micro-py==1.0.3
urllib3==2.5.0
urllib3==2.4.0

1
inventory/host_vars/matrix.finallycoffee.eu/postgresql.yml
View File

@@ -2,7 +2,6 @@
postgres_max_connections: 400
postgres_shared_buffers: 3145728 # (3072 MiB)
postgres_effective_cache_size: 8388608 # (8192 MiB)
postgres_container_shm_size: 1G
postgres_maintenance_work_mem: 786432 # (768 MiB)
postgres_wal_buffers: 16384 # (16 MiB)
postgres_random_page_cost: 1.3

1
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
View File

@@ -4,7 +4,6 @@
#
matrix_domain: finallycoffee.eu
matrix_client_element_version: "v1.11.112"
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
traefik_config_entrypoint_web_secure_enabled: false

12
justfile
View File

@@ -6,7 +6,7 @@
# Shows help
default:
@{{ just_executable() }} --list --justfile "{{ justfile() }}"
@{{ just_executable() }} --list --justfile {{ justfile() }}
# Pulls external Ansible roles
roles:
@@ -48,7 +48,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star
# Runs installation tasks for a single service
install-service service *extra_args:
{{ just_executable() }} --justfile "{{ justfile() }}" run \
{{ just_executable() }} --justfile {{ justfile() }} run \
--tags=install-{{ service }},start-group \
--extra-vars=group={{ service }} \
--extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
@@ -62,7 +62,7 @@ run +extra_args:
# Runs the playbook with the given list of comma-separated tags and optional arguments
run-tags tags *extra_args:
{{ just_executable() }} --justfile "{{ justfile() }}" run --tags={{ tags }} {{ extra_args }}
{{ just_executable() }} --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
# Runs the playbook in user-registration mode
register-user username password admin_yes_or_no *extra_args:
@@ -73,15 +73,15 @@ start-all *extra_args: (run-tags "start-all" extra_args)
# Starts a specific service group
start-group group *extra_args:
@{{ just_executable() }} --justfile "{{ justfile() }}" run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
@{{ just_executable() }} --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
# Stops all services
stop-all *extra_args: (run-tags "stop-all" extra_args)
# Stops a specific service group
stop-group group *extra_args:
@{{ just_executable() }} --justfile "{{ justfile() }}" run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
@{{ just_executable() }} --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
# Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
rebuild-mautrix-meta-instagram:
/bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom"
/bin/bash {{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh {{ justfile_directory() }}/roles/custom

40
requirements.yml
View File

@@ -4,37 +4,37 @@
version: v1.0.0-5
name: auxiliary
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
version: v1.4.1-1.9.14-2
version: v1.4.1-1.9.14-0
name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.1-1
version: v0.3.0-4
name: container_socket_proxy
- src: git+https://github.com/geerlingguy/ansible-role-docker
version: 7.7.0
version: 7.4.7
name: docker
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.5.0-3
version: v2.3.0-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-2
version: v4.98.1-r0-2-0
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-3
version: v11.6.2-0
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10532-1-0
version: v10184-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.2-0
version: v1.8.4-5
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.14.0-2
version: v2.11.0-5
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 7663e3114513e56f28d3ed762059b445c678a71a
version: 201c939eed363de269a83ba29784fc3244846048
name: playbook_help
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
@@ -43,35 +43,35 @@
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v18.0-0
version: v17.4-0
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-0
version: v17-3
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.7.1-0
version: v3.4.1-0
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-11
version: v1.9.1-3
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.18.1-0
version: v0.17.1-1
name: prometheus_postgres_exporter
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.4.1-0
version: v1.4.0-0
name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-4
name: systemd_service_manager
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.1.0-0
version: v1.0.0-0
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.5.3-0
version: v3.4.1-0
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-2
version: v2.10.0-0
name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v8.1.4-0
version: v8.1.1-0
name: valkey

34
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2025.10.15
matrix_alertmanager_receiver_version: 2025.5.21
matrix_alertmanager_receiver_scheme: https
@@ -159,20 +159,30 @@ matrix_alertmanager_receiver_config_templating_external_url_mapping: {}
# "http://prometheus:8081": https://another.prometheus.example.com
matrix_alertmanager_receiver_config_templating_generator_url_mapping: {}
# Controls the `templating.computed-values` configuration setting.
matrix_alertmanager_receiver_config_templating_computed_values: "{{ matrix_alertmanager_receiver_config_templating_computed_values_default + matrix_alertmanager_receiver_config_templating_computed_values_auto + matrix_alertmanager_receiver_config_templating_computed_values_custom }}"
matrix_alertmanager_receiver_config_templating_computed_values_default:
- values: # always set 'color' to 'yellow'
color: yellow
- values: # set 'color' to 'orange' when alert label 'severity' is 'warning'
color: orange
when-matching-labels:
severity: warning
- values: # set 'color' to 'red' when alert label 'severity' is 'critical'
color: red
when-matching-labels:
severity: critical
- values: # set 'color' to 'green' when alert status is 'resolved'
color: green
when-matching-status: resolved
matrix_alertmanager_receiver_config_templating_computed_values_auto: []
matrix_alertmanager_receiver_config_templating_computed_values_custom: []
# Controls the `templating.firing-template` configuration setting.
matrix_alertmanager_receiver_config_templating_firing_template: |-
{% raw %}
{{ $color := "yellow" }}
{{ if eq .Alert.Labels.severity "warning" }}
{{ $color = "orange" }}
{{ else if eq .Alert.Labels.severity "critical" }}
{{ $color = "red" }}
{{ end }}
{{ if eq .Alert.Status "resolved" }}
{{ $color = "green" }}
{{ end }}
<p>
<strong><font color="{{ $color }}">{{ .Alert.Status | ToUpper }}</font></strong>
<strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
{{ if .Alert.Labels.name }}
{{ .Alert.Labels.name }}
{{ else if .Alert.Labels.alertname }}
@@ -201,7 +211,7 @@ matrix_alertmanager_receiver_config_templating_firing_template: |-
# Controls the `templating.resolved-template` configuration setting.
matrix_alertmanager_receiver_config_templating_resolved_template: |-
{% raw %}
<strong><font color="green">{{ .Alert.Status | ToUpper }}</font></strong>
<strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
{{ if .Alert.Labels.name }}
{{ .Alert.Labels.name }}
{{ else if .Alert.Labels.alertname }}

7
roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml
View File

@@ -7,7 +7,7 @@
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_alertmanager_receiver_hostname', when: true}
- {'name': 'matrix_alertmanager_receiver_path_prefix', when: true}
@@ -21,9 +21,6 @@
ansible.builtin.fail:
msg: >-
The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead.
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_auto', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_custom', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}

6
roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
# configuration of the HTTP server
http:
address: 0.0.0.0 # bind address for this service. Can be left unspecified to bind on all interfaces
@@ -26,6 +26,10 @@ templating:
# value is the mapped value which will be available as '.GeneratorURL' in templates
generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }}
# computation of arbitrary values based on matching alert annotations, labels, or status
# values will be evaluated top to bottom, last entry wins
computed-values: {{ matrix_alertmanager_receiver_config_templating_computed_values | to_json }}
# template for alerts in status 'firing'
firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }}

2
roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=matrix-alertmanager-receiver
{% for service in matrix_alertmanager_receiver_systemd_required_services_list %}

2
roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml
View File

@@ -7,7 +7,7 @@
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}

2
roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
View File

@@ -12,7 +12,7 @@
matrix_appservice_draupnir_for_all_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_appservice_draupnir_for_all_version: "v2.7.1"
matrix_appservice_draupnir_for_all_version: "v2.3.1"
matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

2
roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
View File

@@ -20,7 +20,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}

2
roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Draupnir for All appservice
{% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %}

47
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 1.4.1
matrix_authentication_service_version: 0.16.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -219,11 +219,6 @@ matrix_authentication_service_config_account_displayname_change_allowed: true
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_registration_enabled: false
# Controls the `account.password_registration_email_required` configuration setting.
#
# Whether self-service password registrations require a valid email.
matrix_authentication_service_config_account_password_registration_email_required: true
# Controls the `account.password_change_allowed` configuration setting.
#
# Whether users are allowed to change their passwords.
@@ -236,24 +231,6 @@ matrix_authentication_service_config_account_password_change_allowed: true
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_recovery_enabled: false
# Controls the `account.account_deactivation_allowed` configuration setting.
#
# Whether users are allowed to delete their own account
matrix_authentication_service_config_account_account_deactivation_allowed: true
# Controls the `account.login_with_email_allowed` configuration setting.
#
# Whether users can log in with their email address.
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_login_with_email_allowed: false
# Controls the `account.registration_token_required` configuration setting.
#
# Whether registration tokens are required for password registrations.
# When enabled, users must provide a valid registration token during password
# registration. This has no effect if password registration is disabled.
matrix_authentication_service_config_account_registration_token_required: false
########################################################################################
# #
# /Account configuration #
@@ -337,24 +314,6 @@ matrix_authentication_service_config_secrets_keys: |-
# #
########################################################################################
# Controls the resources exposed by the `web` HTTP listener.
matrix_authentication_service_config_http_listener_web_resources: "{{ matrix_authentication_service_config_http_listener_web_resources_default + matrix_authentication_service_config_http_listener_web_resources_auto + matrix_authentication_service_config_http_listener_web_resources_custom }}"
matrix_authentication_service_config_http_listener_web_resources_default: |-
{{
[
{'name': 'discovery'},
{'name': 'human'},
{'name': 'oauth'},
{'name': 'compat'},
{'name': 'graphql'},
{'name': 'assets'},
]
+
([{'name': 'adminapi'}] if matrix_authentication_service_admin_api_enabled else [])
}}
matrix_authentication_service_config_http_listener_web_resources_auto: []
matrix_authentication_service_config_http_listener_web_resources_custom: []
# Controls the `http.public_base` configuration setting.
matrix_authentication_service_config_http_public_base: "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}"
@@ -650,10 +609,6 @@ matrix_authentication_service_syn2mas_subcommand_extra_options: []
# - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.)
matrix_authentication_service_migration_in_progress: false
# Controls whether the admin API is enabled.
# Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api
matrix_authentication_service_admin_api_enabled: false
########################################################################################
# #
# /Misc #

2
roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
View File

@@ -19,7 +19,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | string | length == 0"
when: "item.when | bool and vars[item.name] | length == 0"
with_items:
- {'name': 'matrix_authentication_service_syn2mas_synapse_homeserver_config_path', when: true}

4
roles/custom/matrix-authentication-service/tasks/validate_config.yml
View File

@@ -9,7 +9,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | string | length == 0"
when: "item.when | bool and vars[item.name] | length == 0"
with_items:
- {'name': 'matrix_authentication_service_hostname', when: true}
- {'name': 'matrix_authentication_service_config_database_username', when: true}
@@ -40,7 +40,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'}

2
roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
#!/bin/bash
args=$@

2
roles/custom/matrix-authentication-service/templates/bin/register-user.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ $# -ne 3 ]; then

14
roles/custom/matrix-authentication-service/templates/config.yaml.j2
View File

@@ -1,8 +1,14 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
http:
listeners:
- name: web
resources: {{ matrix_authentication_service_config_http_listener_web_resources | to_json }}
resources:
- name: discovery
- name: human
- name: oauth
- name: compat
- name: graphql
- name: assets
binds:
- address: '[::]:8080'
proxy_protocol: false
@@ -65,12 +71,8 @@ account:
email_change_allowed: {{ matrix_authentication_service_config_account_email_change_allowed | to_json }}
displayname_change_allowed: {{ matrix_authentication_service_config_account_displayname_change_allowed | to_json }}
password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }}
password_registration_email_required: {{ matrix_authentication_service_config_account_password_registration_email_required | to_json }}
password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }}
password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }}
account_deactivation_allowed: {{ matrix_authentication_service_config_account_account_deactivation_allowed | to_json }}
login_with_email_allowed: {{ matrix_authentication_service_config_account_login_with_email_allowed | to_json }}
registration_token_required: {{ matrix_authentication_service_config_account_registration_token_required | to_json }}
clients: {{ matrix_authentication_service_config_clients | to_json }}

2
roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_api_key | to_json }}

2
roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_api_key | to_json }}

2
roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_api_key | to_json }}

2
roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_api_key | to_json }}

2
roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Authentication Service
{% for service in matrix_authentication_service_systemd_required_services_list %}

5
roles/custom/matrix-base/defaults/main.yml
View File

@@ -51,9 +51,6 @@ matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"
# Global var for enabling msc4190 ( On supported bridges)
matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}"
# Global var for enabling bridge self-signing ( On supported bridges)
matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# Global var to enable/disable relay mode across all bridges with relay mode support
matrix_bridges_relay_enabled: false
@@ -164,7 +161,7 @@ matrix_federation_traefik_entrypoint_tls: true
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
# Not all architectures support all services, so your experience (on non-amd64) may vary.
# See docs/alternative-architectures.md
matrix_architecture: "{{ 'amd64' if ansible_facts.architecture == 'x86_64' else ('arm64' if ansible_facts.architecture == 'aarch64' else ('arm32' if ansible_facts.architecture.startswith('armv') else '')) }}"
matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
# The architecture for Debian packages.
# See: https://wiki.debian.org/SupportedArchitectures

6
roles/custom/matrix-base/tasks/ensure_fuse_installed.yml
View File

@@ -6,11 +6,11 @@
# This is for both RedHat 7 and 8
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml"
when: ansible_facts.os_family == 'RedHat'
when: ansible_os_family == 'RedHat'
# This is for both Debian and Raspbian
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml"
when: ansible_facts.os_family == 'Debian'
when: ansible_os_family == 'Debian'
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml"
when: ansible_facts.os_family == 'Archlinux'
when: ansible_os_family == 'Archlinux'

2
roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml
View File

@@ -5,6 +5,6 @@
---
- name: Ensure fuse installed (RedHat)
ansible.builtin.package:
ansible.builtin.yum:
name: fuse
state: present

8
roles/custom/matrix-base/tasks/validate_config.yml
View File

@@ -20,7 +20,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_identity', 'new': 'matrix_domain'}
@@ -31,8 +31,6 @@
- {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
- {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
- {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
- {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
- {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
- {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
- {'old': 'matrix_user_username', 'new': 'matrix_user_name'}
- {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'}
@@ -66,7 +64,7 @@
- name: Fail if matrix_architecture is set incorrectly
ansible.builtin.fail:
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_facts.architecture }}."
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
- name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly
@@ -99,7 +97,7 @@
To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration.
To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal.
If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`.
when: "lookup('ansible.builtin.varnames', '^matrix_mx_puppet_skype_enabled$', wantlist=True) | length > 0"
when: "'matrix_mx_puppet_skype_enabled' in vars"
- name: Fail if mautrix-instagram and mautrix-meta-instagram are in conflict
ansible.builtin.fail:

2
roles/custom/matrix-base/templates/bin/remove-all.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ "$(id -u)" != "0" ]; then

10
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.8.1
matrix_bot_baibot_version: v1.7.2
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -368,16 +368,16 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: ~
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: 128000
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 400000
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: 16384
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: ~
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 128000
matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_model_id: whisper-1

4
roles/custom/matrix-bot-baibot/tasks/validate_config.yml
View File

@@ -9,7 +9,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true}
- {'name': 'matrix_bot_baibot_config_user_password', when: true}
@@ -37,6 +37,6 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'}

2
roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key | to_json }}

2
roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key | to_json }}

2
roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key | to_json }}

2
roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key | to_json }}

2
roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix baibot bot
{% for service in matrix_bot_baibot_systemd_required_services_list %}

4
roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
View File

@@ -10,7 +10,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_buscarron_noencryption', 'new': '<removed>'}
- {'old': 'matrix_bot_buscarron_spam_hosts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
@@ -22,7 +22,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_buscarron_password', when: true}
- {'name': 'matrix_bot_buscarron_hostname', when: true}

2
roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix web forms bot
{% for service in matrix_bot_buscarron_systemd_required_services_list %}

2
roles/custom/matrix-bot-chatgpt/tasks/install.yml
View File

@@ -15,7 +15,7 @@
with_items:
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: "{{ matrix_bot_chatgpt_container_image_self_build }}"}
- {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: matrix_bot_chatgpt_container_image_self_build}
when: "item.when | bool"
- name: Ensure chatgpt environment variables file created

6
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
View File

@@ -10,7 +10,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_chatgpt_openai_api_key', when: true}
- {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true}
@@ -22,7 +22,7 @@
msg: >-
Your configuration contains a variable that is no longer used.
Please change your configuration to remove the variable (`{{ item.name }}`).
when: "lookup('ansible.builtin.varnames', ('^' + item.name + '$'), wantlist=True) | length > 0"
when: "item.name in vars"
with_items:
- {'name': 'matrix_bot_chatgpt_openai_email'}
- {'name': 'matrix_bot_chatgpt_openai_password'}
@@ -33,7 +33,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_chatgpt_docker_image', 'new': 'matrix_bot_chatgpt_container_image'}
- {'old': 'matrix_bot_chatgpt_docker_image_name_prefix', 'new': 'matrix_bot_chatgpt_container_image_name_prefix'}

2
roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix chatgpt bot
{% for service in matrix_bot_chatgpt_systemd_required_services_list %}

7
roles/custom/matrix-bot-draupnir/defaults/main.yml
View File

@@ -12,7 +12,7 @@
matrix_bot_draupnir_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_bot_draupnir_version: "v2.7.1"
matrix_bot_draupnir_version: "v2.3.1"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -148,14 +148,17 @@ matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupn
# Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant.
matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks:
- check_event_for_spam
- user_may_invite
- user_may_join_room
matrix_bot_draupnir_synapse_http_antispam_config_fail_open:
check_event_for_spam: true
user_may_invite: true
user_may_join_room: true
matrix_bot_draupnir_synapse_http_antispam_config_async: {}
matrix_bot_draupnir_synapse_http_antispam_config_async:
check_event_for_spam: true
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.

4
roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
View File

@@ -11,7 +11,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
- {'old': 'matrix_bot_draupnir_enable_room_state_backing_store', 'new': 'matrix_bot_draupnir_config_roomStateBackingStore_enabled'}
@@ -36,7 +36,7 @@
ansible.builtin.fail:
msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
with_items:
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use and not matrix_bot_draupnir_login_native }}"}
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
- {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_config_experimentalRustCrypto }}"}
- {'name': 'matrix_bot_draupnir_config_managementRoom', when: true}
- {'name': 'matrix_bot_draupnir_container_network', when: true}

2
roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Draupnir bot
{% for service in matrix_bot_draupnir_systemd_wanted_services_list %}

2
roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Go-NEB bot
{% for service in matrix_bot_go_neb_systemd_required_services_list %}

2
roles/custom/matrix-bot-honoroit/defaults/main.yml
View File

@@ -30,7 +30,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
matrix_bot_honoroit_version: v0.9.29
matrix_bot_honoroit_version: v0.9.28
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"

4
roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
View File

@@ -10,7 +10,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_honoroit_homeserver', when: true}
- {'name': 'matrix_bot_honoroit_password', when: true}
@@ -22,6 +22,6 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}

2
roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix helpdesk bot
{% for service in matrix_bot_honoroit_systemd_required_services_list %}

3
roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
View File

@@ -43,9 +43,6 @@ matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_regist
# The bot's password (can also be used to login via a client like Element Web)
matrix_bot_matrix_registration_bot_bot_password: ''
# Optional bot command prefix
matrix_bot_matrix_registration_bot_bot_prefix: ""
# Homeserver base URL
matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}"

2
roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
View File

@@ -20,7 +20,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_matrix_registration_bot_bot_access_token', 'new': '<removed>'}
- {'old': 'matrix_bot_matrix_registration_bot_matrix_homeserver_url', 'new': 'matrix_bot_matrix_registration_bot_api_base_url'}

1
roles/custom/matrix-bot-matrix-registration-bot/templates/config.yaml.j2
View File

@@ -10,7 +10,6 @@ bot:
server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
prefix: {{ matrix_bot_matrix_registration_bot_bot_prefix|to_json }}
api:
# API endpoint of the registration tokens

2
roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix registration bot
{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %}

2
roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
View File

@@ -20,7 +20,7 @@ matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_m
matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
# renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot
matrix_bot_matrix_reminder_bot_version: v0.4.0
matrix_bot_matrix_reminder_bot_version: v0.3.0
matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}"
matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"

4
roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
View File

@@ -10,7 +10,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_matrix_reminder_bot_matrix_user_password', when: true}
- {'name': 'matrix_bot_matrix_reminder_bot_reminders_timezone', when: true}
@@ -23,7 +23,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
- {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}

2
roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix reminder bot
{% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %}

4
roles/custom/matrix-bot-maubot/tasks/validate_config.yml
View File

@@ -12,7 +12,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_maubot_management_interface_port', 'new': 'matrix_bot_maubot_server_port'}
- {'old': 'matrix_bot_maubot_management_interface_http_bind_port', 'new': 'matrix_bot_maubot_container_management_interface_http_bind_port'}
@@ -23,7 +23,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_maubot_hostname', when: true}
- {'name': 'matrix_bot_maubot_path_prefix', when: true}

2
roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
FROM {{ matrix_bot_maubot_docker_image }}
{{ matrix_bot_maubot_container_image_customizations_dockerfile_body_custom }}

2
roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Maubot
{% for service in matrix_bot_maubot_systemd_required_services_list %}

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@@ -17,7 +17,7 @@
matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.11.0"
matrix_bot_mjolnir_version: "v1.10.0"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

2
roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
View File

@@ -32,6 +32,6 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}

2
roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mjolnir bot
{% for service in matrix_bot_mjolnir_systemd_wanted_services_list %}

2
roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
View File

@@ -119,7 +119,7 @@ matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord
matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml | from_yaml | combine(matrix_appservice_discord_configuration_extension, recursive=True) }}"
matrix_appservice_discord_registration_yaml: |
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
id: appservice-discord
as_token: "{{ matrix_appservice_discord_appservice_token }}"
hs_token: "{{ matrix_appservice_discord_homeserver_token }}"

4
roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
View File

@@ -9,7 +9,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_appservice_discord_client_id', when: true}
- {'name': 'matrix_appservice_discord_bot_token', when: true}
@@ -24,7 +24,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_docker_image_registry_prefix'}

2
roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain|to_json }}

2
roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Appservice Discord bridge
{% for service in matrix_appservice_discord_systemd_required_services_list %}

2
roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
View File

@@ -80,6 +80,6 @@
devture_playbook_runtime_messages_list | default([])
+
[
"Note: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `" + matrix_appservice_irc_data_path + "/*.db` to `" + matrix_appservice_irc_data_path + "/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files."
"Note: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files."
]
}}

4
roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
View File

@@ -10,7 +10,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_appservice_irc_appservice_token', when: true}
- {'name': 'matrix_appservice_irc_homeserver_url', when: true}
@@ -39,7 +39,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}

2
roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Appservice IRC bridge
{% for service in matrix_appservice_irc_systemd_required_services_list %}

5
roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
View File

@@ -57,9 +57,6 @@ matrix_appservice_kakaotalk_command_prefix: "!kt"
matrix_appservice_kakaotalk_homeserver_address: ""
matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}'
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
matrix_appservice_kakaotalk_homeserver_async_media: false
matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115'
@@ -185,7 +182,7 @@ matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_confi
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2', convert_data=False) | from_json }}"
matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}"
# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`).

4
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
View File

@@ -9,7 +9,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_appservice_kakaotalk_appservice_token', when: true}
- {'name': 'matrix_appservice_kakaotalk_homeserver_address', when: true}
@@ -22,7 +22,7 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_docker_image_registry_prefix'}

2
roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
View File

@@ -21,7 +21,7 @@ homeserver:
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: {{ matrix_appservice_kakaotalk_homeserver_async_media | to_json }}
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.

2
roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=appservice-kakaotalk-node bridge helper
{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %}

2
roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
#jinja2: lstrip_blocks: "True"
[Unit]
Description=appservice-kakaotalk bridge
{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %}

2
roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
View File

@@ -75,6 +75,6 @@
devture_playbook_runtime_messages_list | default([])
+
[
"Note: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `" + matrix_appservice_slack_data_path + "/*.db` to `" + matrix_appservice_slack_data_path + "/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files."
"Note: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files."
]
}}

4
roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
View File

@@ -11,7 +11,7 @@
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_appservice_slack_control_room_id', when: true}
- {'name': 'matrix_appservice_slack_appservice_token', when: true}
@@ -28,6 +28,6 @@
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'}

Some files were not shown because too many files have changed in this diff Show More