finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:master
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram
..
compare: finallycoffee:2d569b6ce394d93668c7c9b4171fc8cbc2169d5f
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram

2 Commits
master ... 2d569b6ce3

Author SHA1 Message Date
transcaffeine
2d569b6ce3 meta: move inventory structure to be more usable 2025-05-07 17:35:20 +02:00
jdreichmann
ab2f451481 meta: add own inventory, add vault-unlock with GPG 2025-05-07 17:35:19 +02:00
104 changed files with 261 additions and 397 deletions
Expand all files Collapse all files

2
.codespellrc
View File

@ -1,2 +0,0 @@
[codespell]
ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr

2
.envrc
View File

@ -1 +1 @@
use flake
use flake

9
.github/renovate.json vendored
View File

@ -9,8 +9,8 @@
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": [
"/defaults/main.yml$/"
"fileMatch": [
"defaults/main.yml$"
],
"matchStrings": [
"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
@ -28,8 +28,5 @@
],
"ignoreDeps": [
"ghcr.io/matrixgpt/matrix-chatgpt-bot"
],
"pre-commit": {
"enabled": true
}
]
}

12
.github/workflows/matrix.yml vendored
View File

@ -7,7 +7,9 @@
---
name: Matrix CI
on: [push, pull_request] # yamllint disable-line rule:truthy
on: # yamllint disable-line rule:truthy
push:
pull_request:
jobs:
yamllint:
@ -28,11 +30,3 @@ jobs:
uses: ansible-community/ansible-lint-action@v6.17.0
with:
path: roles/custom
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run pre-commit
uses: pre-commit/action@v3.0.1

20
.github/workflows/reuse.yml vendored Normal file
View File

@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
#
# SPDX-License-Identifier: CC0-1.0
---
name: REUSE Compliance Check
on: [push, pull_request] # yamllint disable-line rule:truthy
permissions:
contents: read
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@v5

26
.pre-commit-config.yaml
View File

@ -1,26 +0,0 @@
---
default_install_hook_types: [pre-push]
exclude: "LICENSES/"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-toml
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/codespell-project/codespell
rev: v2.4.1
hooks:
- id: codespell
args: ["--skip=*.po,*.pot,i18n/"]
- repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook
rev: v5.0.2
hooks:
- id: reuse

20
CHANGELOG.md
View File

@ -156,7 +156,7 @@ To **completely eliminate the problem** of DDoS amplification attacks done throu
The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**.
💡 Users may wish to further remove the (now unnecessary) firewall rule allowing access to `3478/udp`.
💡 Users may wish to further remove the (now unnnecessary) firewall rule allowing access to `3478/udp`.
If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:
@ -170,7 +170,7 @@ matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
# 2025-02-17
## FluffyChat Web support
## FluffyChat Web suport
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host.
@ -192,7 +192,7 @@ The playbook will let you know if you're using any `matrix_mautrix_hangouts_*` v
## Redis and KeyDB are no longer part of the playbook
**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly defining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly definining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
The playbook has gone through several iterations of memorystore implementations:
@ -745,7 +745,7 @@ For people building commercial products on top of Synapse, they may have to eith
We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own!
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by introducing a new Ansible variable. You can do it like this:
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this:
```yaml
# Switch the organization that Synapse container images (or source code for self-building) are pulled from.
@ -828,7 +828,7 @@ Despite these downsides (which the playbook manages automatically), we believe i
People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically.
**People running their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
**People runnning their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended.
@ -2851,7 +2851,7 @@ As always, re-running the playbook is enough to get the updated bits.
## SMS bridging requires db reset
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new required var `matrix_sms_bridge_default_region`.
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
@ -2883,7 +2883,7 @@ Until the issue gets fixed, we're making User Directory search not go to ma1sd b
This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream
made a change to how you define manual mappings. If you added a
`mapping` to your configuration, you will need to update it according
`mapping` to your configuration, you will need to update it accoring
to the [upstream
instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no
change is necessary. `mappings` is not part of the default
@ -3046,7 +3046,7 @@ As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unw
Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**.
As with anything else, these new defaults can be overridden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
# 2019-10-05
@ -3600,7 +3600,7 @@ The following changes had to be done:
- glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file.
- `matrix_postgres_use_external` has been superseded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
- `matrix_postgres_use_external` has been superceeded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
- Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`)
@ -3789,7 +3789,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widge
There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse.
You may wish to re-enable TLSv1 if you need to access Riot in older browsers.
You may wish to reenable TLSv1 if you need to access Riot in older browsers.
Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details.

2
REUSE.toml
View File

@ -13,12 +13,10 @@ path = [
"i18n/PUBLISHED_LANGUAGES",
"i18n/requirements.txt",
"roles/custom/**/*.repo",
".codespellrc",
".editorconfig",
".envrc",
".gitattributes",
".gitignore",
".pre-commit-config.yaml",
".yamllint",
"ansible.cfg",
"flake.lock",

2
YEAR-IN-REVIEW.md
View File

@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable.
AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
* complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult
* the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way.

2
docs/README.md
View File

@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Table of Contents
## ⬇️ Installation guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
There are two installation guides available for beginners and advanced users.

2
docs/ansible.md
View File

@ -117,7 +117,7 @@ Then, to be asked for the password whenever running an `ansible-playbook` comman
#### Resolve directory ownership issues
Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
> fatal: unsafe repository ('/work' is owned by someone else)
> To add an exception for this directory, call:

4
docs/configuring-playbook-appservice-draupnir-for-all.md
View File

@ -95,13 +95,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage
If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it.
If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it.
The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode.
### Granting Users the ability to use D4A
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended.
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))

2
docs/configuring-playbook-bot-baibot.md
View File

@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
```
Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.

2
docs/configuring-playbook-bot-chatgpt.md
View File

@ -57,7 +57,7 @@ matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE'
matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE'
# Configuring the system prompt used, needed if the bot is used for special tasks.
# Configuring the system promt used, needed if the bot is used for special tasks.
# More information: https://github.com/mustvlad/ChatGPT-System-Prompts
matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
```

16
docs/configuring-playbook-bot-draupnir.md
View File

@ -145,20 +145,6 @@ The bot can intercept the report API endpoint of the client-server API, which re
matrix_bot_draupnir_config_web_abuseReporting: true
```
### Enabling synapse-http-antispam support
Certain protections in Draupnir require the [synapse-http-antispam](https://github.com/maunium/synapse-http-antispam) module and a Synapse homeserver plus homeserver admin status to function. This module can be enabled in the playbook via setting `matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled` to `true` and making sure that Draupnir admin API access is enabled.
```yaml
# Enables the integration between Draupnir and synapse-http-antispam module.
matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: true
# Enables draupnir to access Synapse admin APIs. This is required for the module functionality to take full effect.
matrix_bot_draupnir_admin_api_enabled: true
```
These protections need to be manually activated and consulting the [enabling protections](#enabling-built-in-protections) guide can be helpful or consulting upstream documentation.
<!--
NOTE: this is unsupported by the playbook due to the admin API being inaccessible from containers currently.
@ -242,7 +228,7 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`

2
docs/configuring-playbook-bot-matrix-registration-bot.md
View File

@ -77,7 +77,7 @@ Send `help` to the bot to see the available commands.
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
If you have any questions, or if you need help setting it up, read the [troubleshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc… you can use:

7
docs/configuring-playbook-bridge-hookshot.md
View File

@ -103,6 +103,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | Jira OAuth |
| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
@ -131,6 +132,10 @@ aux_file_definitions:
For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).
### Provisioning API
The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`.
### Collision with matrix-appservice-webhooks
If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
@ -167,7 +172,7 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
#### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

2
docs/configuring-playbook-bridge-mautrix-wsproxy.md
View File

@ -70,7 +70,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage
Follow the [mautrix-imessage documentation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
Follow the [mautrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
## Troubleshooting

2
docs/configuring-playbook-bridge-mx-puppet-discord.md
View File

@ -10,7 +10,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Setting up MX Puppet Discord bridging (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) for you.

2
docs/configuring-playbook-element-call.md
View File

@ -30,7 +30,7 @@ These **clients will use their own embedded Element Call frontend**, so **self-h
💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call.
The playbook makes a distinction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
| Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) |
|------------------------|-----------------------|----------------|---------------------|

2
docs/configuring-playbook-livekit-jwt-service.md
View File

@ -15,4 +15,4 @@ This is a helper component which is part of the [Matrix RTC stack](configuring-p
Take a look at:
- `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.
- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.

2
docs/configuring-playbook-livekit-server.md
View File

@ -35,4 +35,4 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).

6
docs/configuring-playbook-matrix-authentication-service.md
View File

@ -41,7 +41,7 @@ Below, we'll try to **highlight some potential reasons for switching** to Matrix
## Prerequisites
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
-**disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below.
@ -61,7 +61,7 @@ This section details what you can expect when switching to the Matrix Authentica
- ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
- ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration).
@ -85,7 +85,7 @@ For new homeservers (which don't have any users in their Synapse database yet),
### Existing homeserver
Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
For existing Synapse homeservers:

2
docs/configuring-playbook-matrix-corporal.md
View File

@ -13,7 +13,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.
In short, it's a sort of automation and firewalling service, which is helpful if you're installing Matrix services in a controlled corporate environment.
In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you.

2
docs/configuring-playbook-matrix-media-repo.md
View File

@ -60,7 +60,7 @@ To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_use
#### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

2
docs/configuring-playbook-matrix-rtc.md
View File

@ -56,4 +56,4 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
Once installed, Matrix clients which support Element Call (like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android)) will automatically use the Matrix RTC stack.
These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser.
These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser.

2
docs/configuring-playbook-ntfy.md
View File

@ -115,7 +115,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage
To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distributor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notifications are "distributed" from it.
To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it.
For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation.

2
docs/configuring-playbook-prometheus-grafana.md
View File

@ -258,4 +258,4 @@ As with all other services, you can find the logs in [systemd-journald](https://
- [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
- [The PostgreSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)
- [The PostgresSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)

8
docs/configuring-playbook-s3.md
View File

@ -22,11 +22,13 @@ Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring
## Choosing an Object Storage provider
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), [Storj](https://storj.io), etc.
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Storj](https://storj.io), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc.
Amazon S3 and Backblaze B2 are pay-as-you with no minimum charges for storing too little data. Note that Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
Amazon S3, Backblaze B2, and Storj are pay-as-you with no minimum charges for storing too little data.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). Though Storj does not set minimum amount of data to be stored, it also charges $5 minimum monthly usage fee since July 1, 2025, if your monthly usage (storage, bandwidth, and segments) totals less than $5.
All these providers have different prices, with Storj appearing to be the cheapest (as of 2024-10, storage fee is $0.004 per GB/month, and egress fee is $0.007 per GB; check actual pricing [here](https://storj.dev/dcs/pricing)). Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10).
Here are some of the important aspects of choosing the right provider:

2
docs/configuring-playbook-ssl-certificates.md
View File

@ -15,7 +15,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
**Notes**:
- This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).

2
docs/configuring-playbook-synapse-simple-antispam.md
View File

@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you.
It lets you fight invite-spam by automatically blocking invitations from a list of servers specified by you (blacklisting).
It lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you.

2
docs/configuring-playbook-synapse.md
View File

@ -53,7 +53,7 @@ You may also consider [tweaking the number of workers of each type](#controlling
##### Specialized workers
The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requester's IP address, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requester and/or on the resource (room, etc.) being requested.
The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requestor's IP adddress, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requestor and/or on the resource (room, etc.) being requested.
The playbook supports these **4 types** of specialized workers:

4
docs/faq.md
View File

@ -235,7 +235,7 @@ Running Matrix on a server with 1GB of memory is possible (especially if you dis
**We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
### Can I run this in an LXC container?
@ -362,7 +362,7 @@ Configuration variables are defined in multiple places in this playbook and are
You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`.
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).

2
docs/howto-srv-server-delegation.md
View File

@ -42,7 +42,7 @@ This is because with SRV federation, some servers / tools (one of which being th
### Tell Traefik which certificate to serve for the federation endpoint
Now that the federation endpoint is not bound to a domain anymore we need to explicitly tell Traefik to use a wildcard certificate in addition to one containing the base name.
Now that the federation endpoint is not bound to a domain anymore we need to explicitely tell Traefik to use a wildcard certificate in addition to one containing the base name.
This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work.

2
docs/prerequisites.md
View File

@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

4
examples/reverse-proxies/nginx-proxy-manager/README.md
View File

@ -23,7 +23,7 @@ If Matrix federation is enabled, then you will need to make changes to [NPM's Do
You'll need to create two proxy hosts in NPM for Matrix web and federation traffic.
Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxy's configuration like this:
Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxys configuration like this:
```md
# Details
@ -44,7 +44,7 @@ Custom Nginx Configuration:
client_max_body_size 50M;
```
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this:
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxys configuration like this:
```md
# Details

15
group_vars/matrix_servers
View File

@ -2317,6 +2317,7 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping:
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"
matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"
@ -2325,6 +2326,8 @@ matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_rev
matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
@ -3199,9 +3202,6 @@ matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook
matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
#The salt is size restricted here as a maximum salt size of 16 characters exists due to the functions used.
matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'draupnir.httpmod', rounds=655555) | to_uuid }}" # noqa var-naming
######################################################################
#
# /matrix-bot-draupnir
@ -4835,8 +4835,6 @@ matrix_synapse_container_additional_networks_auto: |
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
+
([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
+
([matrix_bot_draupnir_container_network] if (matrix_synapse_ext_synapse_http_antispam_enabled and matrix_synapse_ext_synapse_http_antispam_config_base_url == matrix_bot_draupnir_synapse_http_antispam_config_base_url and matrix_bot_draupnir_container_network != matrix_synapse_container_network) else [])
) | unique
}}
@ -4932,13 +4930,6 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
# Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
matrix_synapse_ext_synapse_http_antispam_enabled: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"
matrix_synapse_ext_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_synapse_http_antispam_config_base_url if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
matrix_synapse_ext_synapse_http_antispam_config_authorization: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: "{{ matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else [] }}"
matrix_synapse_ext_synapse_http_antispam_config_fail_open: "{{ matrix_bot_draupnir_synapse_http_antispam_config_fail_open if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
matrix_synapse_ext_synapse_http_antispam_config_async: "{{ matrix_bot_draupnir_synapse_http_antispam_config_async if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
# Enable Synapse statistics reporting when using synapse-usage-exporter
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"

2
i18n/README.md
View File

@ -20,7 +20,7 @@ Currently, we support translation of:
Organization of this `i18n` directory is as follows:
- [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory)
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionally ignore translated results (`translations/<language>` directories) for languages that are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionaly ignore translated results (`translations/<language>` directories) for languages taht are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
- [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner
- [requirements.txt](requirements.txt): a list of Python packages required to work with translations
- [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files

12
i18n/requirements.txt
View File

@ -1,8 +1,8 @@
alabaster==1.0.0
babel==2.17.0
certifi==2025.6.15
certifi==2025.4.26
charset-normalizer==3.4.2
click==8.2.1
click==8.1.8
docutils==0.21.2
idna==3.10
imagesize==1.4.1
@ -16,9 +16,9 @@ myst-parser==4.0.1
packaging==25.0
Pygments==2.19.1
PyYAML==6.0.2
requests==2.32.4
setuptools==80.9.0
snowballstemmer==3.0.1
requests==2.32.3
setuptools==80.3.1
snowballstemmer==2.2.0
Sphinx==8.2.3
sphinx-intl==2.3.1
sphinx-markdown-builder==0.6.8
@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0
tabulate==0.9.0
uc-micro-py==1.0.3
urllib3==2.5.0
urllib3==2.4.0

1
inventory/host_vars/matrix.finallycoffee.eu/postgresql.yml
View File

@ -2,7 +2,6 @@
postgres_max_connections: 400
postgres_shared_buffers: 3145728 # (3072 MiB)
postgres_effective_cache_size: 8388608 # (8192 MiB)
postgres_container_shm_size: 1G
postgres_maintenance_work_mem: 786432 # (768 MiB)
postgres_wal_buffers: 16384 # (16 MiB)
postgres_random_page_cost: 1.3

12
requirements.yml
View File

@ -22,13 +22,13 @@
version: v4.98.1-r0-2-0
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.3-0
version: v11.6.1-2
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10314-0
version: v10184-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.0-0
version: v1.8.4-5
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.11.0-5
@ -49,7 +49,7 @@
version: v17-3
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.4.1-0
version: v3.3.1-0
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-3
@ -67,11 +67,11 @@
version: v1.0.0-0
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.4.1-1
version: v3.4.0-0
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-0
name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v8.1.2-0
version: v8.1.1-0
name: valkey

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2025.5.21
matrix_alertmanager_receiver_version: 2025.4.23
matrix_alertmanager_receiver_scheme: https

4
roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
View File

@ -12,7 +12,7 @@
matrix_appservice_draupnir_for_all_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_appservice_draupnir_for_all_version: "v2.3.1"
matrix_appservice_draupnir_for_all_version: "v2.2.0"
matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@ -50,7 +50,7 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
# anyone in this room can use the bot - secure your room!
# This should be a room alias - not a matrix.to URL.
# Note: Draupnir is fairly verbose - expect a lot of messages from it.
# This room is different for Appservice Mode compared to normal mode.
# This room is diffrent for Appservice Mode compared to normal mode.
# In Appservice mode it provides functions like user management.
matrix_appservice_draupnir_for_all_config_adminRoom: "" # noqa var-naming

2
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 0.17.1
matrix_authentication_service_version: 0.16.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

4
roles/custom/matrix-base/defaults/main.yml
View File

@ -217,7 +217,7 @@ matrix_homeserver_container_url: "http://{{ matrix_homeserver_container_client_a
# Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere.
# This likely gets overriden elsewhere.
matrix_homeserver_container_client_api_endpoint: ""
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
@ -225,7 +225,7 @@ matrix_homeserver_container_federation_url: "http://{{ matrix_homeserver_contain
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere.
# This likely gets overriden elsewhere.
matrix_homeserver_container_federation_api_endpoint: ""
# Specifies the public url of the Sync v3 (sliding-sync) API.

2
roles/custom/matrix-base/tasks/validate_config.yml
View File

@ -104,7 +104,7 @@
msg: >-
Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge.
By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict.
We recommend that you disable at least one of the bridges (preferably the old mautrix-instagram bridge), or to resolve the conflict in another way.
We recommend that you disable at least one of the bridges (preferrably the old mautrix-instagram bridge), or to resolve the conflict in another way.
To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now.
when:
- matrix_mautrix_instagram_enabled | bool

9
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.7.4
matrix_bot_baibot_version: v1.6.0
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@ -389,10 +389,9 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_response_format: opus
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: gpt-image-1
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: null
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: null
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality: null
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: dall-e-3
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: vivid
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: 1024x1024
########################################################################################
# #

1
roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2
View File

@ -35,5 +35,4 @@ image_generation:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id | to_json }}
style: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style | to_json }}
size: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size | to_json }}
quality: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality | to_json }}
{% endif %}

2
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
View File

@ -20,7 +20,7 @@
- name: Fail if OpenAI configuration not up-to-date.
ansible.builtin.fail:
msg: >-
Your configuration contains a variable that is no longer used.
Your configuration contains a varible that is no longer used.
Please change your configuration to remove the variable (`{{ item.name }}`).
when: "item.name in vars"
with_items:

35
roles/custom/matrix-bot-draupnir/defaults/main.yml
View File

@ -12,7 +12,7 @@
matrix_bot_draupnir_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_bot_draupnir_version: "v2.3.1"
matrix_bot_draupnir_version: "v2.2.0"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@ -28,18 +28,8 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}" # noqa var-naming
matrix_bot_draupnir_config_web_abuseReporting: false # noqa var-naming
matrix_bot_draupnir_config_web_port: 8080
# These variables are used for turning on the integration between the synapseHTTPAntispam module and Draupnir.
# Authorisation is a shared secret between Draupnir and the module just like is used by Appservices and the homeserver
# therefore the same creation mechanism is used here too.
matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: false # noqa var-naming
matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: '' # noqa var-naming
matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting }}" # noqa var-naming
matrix_bot_draupnir_config_displayReports: "{{ matrix_bot_draupnir_config_web_abuseReporting }}" # noqa var-naming
matrix_bot_draupnir_container_network: ""
@ -139,27 +129,6 @@ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand: false # noqa var-n
# This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
matrix_bot_draupnir_config_roomStateBackingStore_enabled: true # noqa var-naming
matrix_bot_draupnir_web_url: 'http://matrix-bot-draupnir'
# This controls the URL that the module targets in Draupnir.
matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_web_url }}:{{ matrix_bot_draupnir_config_web_port }}/api/1/spam_check"
# These variables control the configuration of the Synapse module as the configuration is highly consumer dependent.
# Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant.
matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks:
- check_event_for_spam
- user_may_invite
- user_may_join_room
matrix_bot_draupnir_synapse_http_antispam_config_fail_open:
check_event_for_spam: true
user_may_invite: true
user_may_join_room: true
matrix_bot_draupnir_synapse_http_antispam_config_async:
check_event_for_spam: true
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

2
roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
View File

@ -63,7 +63,7 @@
ansible.builtin.fail:
msg: >-
Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
These settings are mutually incompatible and therefore can't be used at the same time.
These settings are mutually incompatible and therefore cant be used at the same time.
when:
- matrix_bot_draupnir_pantalaimon_use
- matrix_bot_draupnir_config_experimentalRustCrypto

2
roles/custom/matrix-bot-draupnir/templates/labels.j2
View File

@ -12,7 +12,7 @@ traefik.enable=true
traefik.docker.network={{ matrix_bot_draupnir_container_labels_traefik_docker_network }}
{% endif %}
traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port={{ matrix_bot_draupnir_config_web_port }}
traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port=8080
{% if matrix_bot_draupnir_config_web_abuseReporting %}
############################################################

52
roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
View File

@ -7,8 +7,7 @@ SPDX-FileCopyrightText: 2024 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
#}
# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
# set this to the pantalaimon URL if you're using that.
# Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}
# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
@ -23,10 +22,7 @@ accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}
{% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
pantalaimon:
# Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
# set to `true` if you're using pantalaimon.
#
# Be sure to point homeserverUrl to the pantalaimon instance.
# Set to `true` when the bot is to login and fetch the access token on its own.
#
# Draupnir will log in using the given username and password once,
# then store the resulting access token in a file under dataPath.
@ -38,14 +34,13 @@ pantalaimon:
# The password Draupnir will login with.
#
# After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
# This option can be loaded from a file by passing "--pantalaimon-password-path <path>" at the command line,
# This option can be loaded from a file by passing "--password-path <path>" at the command line,
# which would allow using secret management systems such as systemd's service credentials.
password: {{ matrix_bot_draupnir_password | to_json }}
{% endif %}
# Experimental usage of the matrix-bot-sdk rust crypto.
# This can not be used with Pantalaimon.
# Make sure to setup the bot as if you are not using pantalaimon for this.
# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon.
# Make sure Pantalaimon is disabled in Draupnir's configuration.
#
# Warning: At this time this is not considered production safe.
experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}
@ -73,12 +68,22 @@ recordIgnoredInvites: false
# (see verboseLogging to adjust this a bit.)
managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}
# Deprecated and will be removed in a future version.
# Running with verboseLogging is unsupported.
# Whether Draupnir should log a lot more messages in the room,
# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
verboseLogging: false
# The log level of terminal (or container) output,
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
#
# This should be at INFO or DEBUG in order to get support for Draupnir problems.
logLevel: "INFO"
# Whether or not Draupnir should synchronize policy lists immediately after startup.
# Equivalent to running '!draupnir sync'.
syncOnStartup: true
# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
# Equivalent to running `!draupnir verify`.
verifyPermissionsOnStartup: true
@ -126,13 +131,11 @@ protectAllJoinedRooms: false
# of the homeserver may be more impacted.
backgroundDelayMS: 500
# Server administrative features. These will only work if Draupnir is
# Server administration commands, these commands will only work if Draupnir is
# a global server administrator, and the bot's server is a Synapse instance.
# Please review https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration
admin:
# Whether to enable the make admin command.
# This command allows Draupnir can temporarily take control of any eligible account
# from the local homeserver in the target room (with enough permissions) to "make" another user an admin.
# Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
# (with enough permissions) to "make" a user an admin.
#
# This only works if a local user with enough admin permissions is present in the room.
enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}
@ -263,7 +266,7 @@ web:
enabled: true
# The port to expose the webserver on. Defaults to 8080.
port: {{ matrix_bot_draupnir_config_web_port | to_json }}
port: 8080
# The address to listen for requests on. Defaults to only the current
# computer.
@ -283,24 +286,15 @@ web:
abuseReporting:
# Whether to enable this feature.
enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }}
# Whether to setup a endpoints for synapse-http-antispam
# https://github.com/maunium/synapse-http-antispam
# this is required for some features of Draupnir,
# such as support for room takedown policies.
#
# Please FOLLOW the instructions here:
# https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam
synapseHTTPAntispam:
enabled: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled | to_json }}
# This is a secret that you must place into your synapse module config
# https://github.com/maunium/synapse-http-antispam?tab=readme-ov-file#configuration
authorization: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization | to_json }}
{% endif %}
# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
# Whether or not to actively poll synapse for abuse reports, to be used
# instead of intercepting client calls to synapse's abuse endpoint, when that
# isn't possible/practical.
pollReports: false
#pollReports: false
# Whether or not new reports, received either by webapi or polling,
# should be printed to our managementRoom.

2
roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
View File

@ -25,7 +25,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--read-only \
--network={{ matrix_bot_draupnir_container_network }} \
{% if matrix_bot_draupnir_container_http_host_bind_port %}
-p {{ matrix_bot_draupnir_container_http_host_bind_port }}:{{ matrix_bot_draupnir_config_web_port }} \
-p {{ matrix_bot_draupnir_container_http_host_bind_port }}:8080 \
{% endif %}
--label-file={{ matrix_bot_draupnir_base_path }}/labels \
--mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@ -17,7 +17,7 @@
matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.10.0"
matrix_bot_mjolnir_version: "v1.9.2"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

2
roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2
View File

@ -2,7 +2,7 @@
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain|to_json }}
# This should be your publicly facing URL because Discord may use it to
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }}
# Interval at which to process users in the 'presence queue'. If you have

2
roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
View File

@ -358,7 +358,7 @@ matrix_appservice_irc_ircService_servers: [] # noqa var-naming
# # not apply an idle timeout. This value is ignored if this IRC server is
# # mirroring Matrix membership lists to IRC. Default: 172800 (48 hours)
# idleTimeout: 10800
# # The number of milliseconds to wait between consecutive reconnections if a
# # The number of millseconds to wait between consecutive reconnections if a
# # client gets disconnected. Setting to 0 will cause the scheduling to be
# # disabled, i.e. it will be scheduled immediately (with jitter.
# # Otherwise, the scheduling interval will be used such that one client

2
roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
View File

@ -224,7 +224,7 @@ logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
# empty/null = journal logging only
# empy/null = journal logging only
file_name_format:
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"

24
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: []
matrix_hookshot_container_additional_networks_custom: []
# renovate: datasource=docker depName=halfshot/matrix-hookshot
matrix_hookshot_version: 7.0.0
matrix_hookshot_version: 6.0.3
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}"
@ -74,7 +74,7 @@ matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_ho
# - support to also be enabled in the homeserver, see the documentation of Hookshot.
# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables.
# See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
matrix_hookshot_encryption_enabled: "{{ matrix_bridges_encryption_enabled }}"
matrix_hookshot_encryption_enabled: false
# Controls whether metrics are enabled in the bridge configuration.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
@ -187,6 +187,16 @@ matrix_hookshot_feeds_enabled: true
matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming
matrix_hookshot_feeds_pollTimeoutSeconds: 30 # noqa var-naming
matrix_hookshot_provisioning_enabled: false
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_provisioning_port: 9002
matrix_hookshot_provisioning_secret: ''
# Provisioning will be automatically enabled if Dimension is enabled and you have provided a provisioning secret, unless you override it
matrix_hookshot_provisioning_internal: "/v1"
matrix_hookshot_provisioning_hostname: "{{ matrix_hookshot_public_hostname }}"
matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}"
# Valid values: error, warn, info, debug
matrix_hookshot_logging_level: warn
@ -279,7 +289,15 @@ matrix_hookshot_container_labels_widgets_traefik_entrypoints: "{{ matrix_hooksho
matrix_hookshot_container_labels_widgets_traefik_tls: "{{ matrix_hookshot_container_labels_widgets_traefik_entrypoints != 'web' }}"
matrix_hookshot_container_labels_widgets_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose Hookshot's metrics endpoint
# Controls whether labels will be added that expose Hookshot's provisioning endpoint
matrix_hookshot_container_labels_provisioning_enabled: "{{ matrix_hookshot_provisioning_enabled }}"
matrix_hookshot_container_labels_provisioning_traefik_rule: "Host(`{{ matrix_hookshot_provisioning_hostname }}`) && PathPrefix(`{{ matrix_hookshot_provisioning_endpoint }}`)"
matrix_hookshot_container_labels_provisioning_traefik_priority: 0
matrix_hookshot_container_labels_provisioning_traefik_entrypoints: "{{ matrix_hookshot_container_labels_traefik_entrypoints }}"
matrix_hookshot_container_labels_provisioning_traefik_tls: "{{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints != 'web' }}"
matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose Hookshot's provisioning endpoint
matrix_hookshot_container_labels_metrics_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_hookshot_metrics_proxying_enabled }}"
matrix_hookshot_container_labels_metrics_traefik_rule: "Host(`{{ matrix_hookshot_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_hookshot_metrics_proxying_path_prefix }}`)"
matrix_hookshot_container_labels_metrics_traefik_priority: 0

15
roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml
View File

@ -39,13 +39,6 @@
- {'old': 'matrix_hookshot_queue_port', 'new': 'matrix_hookshot_cache_redis_port'}
- {'old': 'matrix_hookshot_experimental_encryption_enabled', 'new': 'matrix_hookshot_encryption_enabled'}
- {'old': 'matrix_hookshot_docker_image_name_prefix', 'new': 'matrix_hookshot_docker_image_registry_prefix'}
- {'old': 'matrix_hookshot_provisioning_enabled', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_provisioning_port', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_provisioning_secret', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_provisioning_internal', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_provisioning_hostname', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_provisioning_endpoint', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- {'old': 'matrix_hookshot_container_labels_provisioning_enabled', 'new': '<removed - see https://github.com/matrix-org/matrix-hookshot/pull/931 and the `matrix_hookshot_widgets_*` variables>'}
- name: Fail if required Hookshot settings not defined
ansible.builtin.fail:
@ -99,6 +92,14 @@
You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma.
when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0"
- name: Fail if required provisioning settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable provisioning.
when: "matrix_hookshot_provisioning_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_provisioning_secret"
- name: Fail if no Redis queue enabled when Hookshot encryption is enabled
ansible.builtin.fail:
msg: >-

14
roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2
View File

@ -89,6 +89,12 @@ feeds:
pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
provisioning:
# (Optional) Provisioning API for integration managers
#
secret: {{ matrix_hookshot_provisioning_secret | to_json }}
{% endif %}
passFile:
# A passkey used to encrypt tokens stored inside the bridge.
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
@ -137,7 +143,7 @@ permissions: {{ matrix_hookshot_permissions | to_json }}
listeners:
# (Optional) HTTP Listener configuration.
# Bind resource endpoints to ports and addresses.
# 'resources' may be any of webhooks, widgets, metrics
# 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
#
{# always enabled since all services need it #}
- port: {{ matrix_hookshot_webhook_port }}
@ -150,6 +156,12 @@ listeners:
resources:
- metrics
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
- port: {{ matrix_hookshot_provisioning_port }}
bindAddress: 0.0.0.0
resources:
- provisioning
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
- port: {{ matrix_hookshot_widgets_port }}
bindAddress: 0.0.0.0

32
roles/custom/matrix-bridge-hookshot/templates/labels.j2
View File

@ -14,6 +14,7 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ
traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }}
traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }}
traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }}
traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }}
traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }}
{% if matrix_hookshot_container_labels_webhooks_enabled %}
@ -117,6 +118,37 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot
############################################################
{% endif %}
{% if matrix_hookshot_container_labels_provisioning_enabled %}
############################################################
# #
# Provisioning #
# #
############################################################
traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }}
traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }}
traefik.http.routers.matrix-hookshot-provisioning.middlewares=matrix-hookshot-provisioning-strip-prefix
{% if matrix_hookshot_container_labels_provisioning_traefik_priority | int > 0 %}
traefik.http.routers.matrix-hookshot-provisioning.priority={{ matrix_hookshot_container_labels_provisioning_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-hookshot-provisioning.service=matrix-hookshot-provisioning
traefik.http.routers.matrix-hookshot-provisioning.entrypoints={{ matrix_hookshot_container_labels_provisioning_traefik_entrypoints }}
traefik.http.routers.matrix-hookshot-provisioning.tls={{ matrix_hookshot_container_labels_provisioning_traefik_tls | to_json }}
{% if matrix_hookshot_container_labels_provisioning_traefik_tls %}
traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hookshot_container_labels_provisioning_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Provisioning #
# #
############################################################
{% endif %}
{% if matrix_hookshot_container_labels_metrics_enabled %}
############################################################

5
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
View File

@ -21,7 +21,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
matrix_mautrix_discord_version: v0.7.4
matrix_mautrix_discord_version: v0.7.3
# See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_registry_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@ -39,8 +39,6 @@ matrix_mautrix_discord_homeserver_address: ""
matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080"
matrix_mautrix_discord_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_discord_bridge_command_prefix: "!discord"
# Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode.
@ -227,7 +225,6 @@ matrix_mautrix_discord_registration_yaml: |
regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
io.element.msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"

5
roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
View File

@ -268,11 +268,6 @@ bridge:
appservice: {{ matrix_mautrix_discord_bridge_encryption_appservice | to_json}}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_discord_bridge_encryption_require | to_json }}
# Whether to use MSC4190 instead of appservice login to create the bridge bot device.
# Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
# Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
# Changing this option requires updating the appservice registration file.
msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow | to_json }}

2
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
View File

@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.6.3
matrix_mautrix_gmessages_version: v0.6.1
# See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"

2
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
View File

@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.5.1
matrix_mautrix_meta_instagram_version: v0.4.6
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"

2
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
View File

@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.5.1
matrix_mautrix_meta_messenger_version: v0.4.6
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"

2
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.8.4
matrix_mautrix_signal_version: v0.8.2
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"

2
roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml
View File

@ -22,7 +22,7 @@
when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('')
ansible.builtin.fail:
msg: |
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflict.
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit.
To resolve the conflict, make one of these components use a different username.
Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
We recommend that you change the username for the newly-added (and yet unused) component.

2
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
View File

@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
matrix_mautrix_twitter_version: v0.4.2
matrix_mautrix_twitter_version: v0.4.0
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"

2
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
matrix_mautrix_whatsapp_version: v0.12.2
matrix_mautrix_whatsapp_version: v0.12.0
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"

2
roles/custom/matrix-cactus-comments-client/defaults/main.yml
View File

@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
matrix_cactus_comments_client_public_path_file_permissions: "0644"
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_cactus_comments_client_version: 2.37.0
matrix_cactus_comments_client_version: 2.36.1
matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"

2
roles/custom/matrix-client-cinny/defaults/main.yml
View File

@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
# renovate: datasource=docker depName=ajbura/cinny
matrix_client_cinny_version: v4.8.1
matrix_client_cinny_version: v4.6.0
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}"
matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.11.104
matrix_client_element_version: v1.11.100
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"

2
roles/custom/matrix-client-fluffychat/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
# renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
matrix_client_fluffychat_version: v2.0.0
matrix_client_fluffychat_version: v1.26.0
matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}"
matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-client-schildichat/defaults/main.yml
View File

@ -19,7 +19,7 @@ matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matr
matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
matrix_client_schildichat_version: 1.11.103-sc.0.test.0
matrix_client_schildichat_version: 1.11.86-sc.0.test.0
matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_registry_prefix }}etkecc/schildichat-web:{{ matrix_client_schildichat_version }}"
matrix_client_schildichat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else matrix_client_schildichat_docker_image_registry_prefix_upstream }}"
matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-conduit/defaults/main.yml
View File

@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg
matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}"
matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/
# renovate: datasource=docker depName=matrixconduit/matrix-conduit
matrix_conduit_docker_image_tag: "v0.10.4"
matrix_conduit_docker_image_tag: "v0.9.0"
matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

1
roles/custom/matrix-conduwuit/defaults/main.yml
View File

@ -13,6 +13,7 @@ matrix_conduwuit_enabled: true
matrix_conduwuit_hostname: ''
matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"
# renovate: datasource=docker depName=ghcr.io/girlbossceo/conduwuit
matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4
matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"
matrix_conduwuit_docker_image_registry_prefix: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream }}"

4
roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
View File

@ -586,7 +586,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
# specifically on room joins. This option limits the exposure to a
# compromised trusted server to room joins only. The join operation
# requires gathering keys from many origin servers which can cause
# significant delays. Therefore this defaults to true to mitigate
# significant delays. Therefor this defaults to true to mitigate
# unexpected delays out-of-the-box. The security-paranoid or those willing
# to tolerate delays are advised to set this to false. Note that setting
# query_trusted_key_servers_first to true causes this option to be
@ -597,7 +597,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
# Only query trusted servers for keys and never the origin server. This is
# intended for clusters or custom deployments using their trusted_servers
# as forwarding-agents to cache and deduplicate requests. Notary servers
# do not act as forwarding-agents by default, therefore do not enable this
# do not act as forwarding-agents by default, therefor do not enable this
# unless you know exactly what you are doing.
#
#only_query_trusted_key_servers = false

3
roles/custom/matrix-continuwuity/defaults/main.yml
View File

@ -193,6 +193,3 @@ matrix_continuwuity_self_check_validate_certificates: true
# continuwuity_MAX_REQUEST_SIZE=50000000
# continuwuity_REQUEST_TIMEOUT=60
matrix_continuwuity_environment_variables_extension: ''
matrix_continuwuity_forbidden_remote_server_names: []
matrix_continuwuity_forbidden_remote_room_directory_server_names: []

8
roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
View File

@ -586,7 +586,7 @@ trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }}
# specifically on room joins. This option limits the exposure to a
# compromised trusted server to room joins only. The join operation
# requires gathering keys from many origin servers which can cause
# significant delays. Therefore this defaults to true to mitigate
# significant delays. Therefor this defaults to true to mitigate
# unexpected delays out-of-the-box. The security-paranoid or those willing
# to tolerate delays are advised to set this to false. Note that setting
# query_trusted_key_servers_first to true causes this option to be
@ -597,7 +597,7 @@ trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }}
# Only query trusted servers for keys and never the origin server. This is
# intended for clusters or custom deployments using their trusted_servers
# as forwarding-agents to cache and deduplicate requests. Notary servers
# do not act as forwarding-agents by default, therefore do not enable this
# do not act as forwarding-agents by default, therefor do not enable this
# unless you know exactly what you are doing.
#
#only_query_trusted_key_servers = false
@ -1164,13 +1164,13 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
#
# Basically "global" ACLs.
#
forbidden_remote_server_names = {{ matrix_continuwuity_forbidden_remote_server_names | to_json }}
#forbidden_remote_server_names = []
# List of forbidden server names that we will block all outgoing federated
# room directory requests for. Useful for preventing our users from
# wandering into bad servers or spaces.
#
forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_remote_room_directory_server_names | to_json }}
#forbidden_remote_room_directory_server_names = []
# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
# do not want continuwuity to send outbound requests to. Defaults to

2
roles/custom/matrix-coturn/defaults/main.yml
View File

@ -34,7 +34,7 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
# The Docker network that coturn would be put into.
#
# Because coturn relays traffic to unvalidated IP addresses,
# using a dedicated network, isolated from other Docker (and local) services is preferable.
# using a dedicated network, isolated from other Docker (and local) services is preferrable.
#
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.

2
roles/custom/matrix-dendrite/defaults/main.yml
View File

@ -355,7 +355,7 @@ matrix_dendrite_user_api_auto_join_rooms: []
# name, number of active users and some information on your deployment config.
matrix_dendrite_report_stats: false
# Controls whether thumbnails for media content are generated dynamically
# Contorls whether thumbnails for media content are generated dynamically
matrix_dendrite_media_api_dynamic_thumbnails: false
matrix_dendrite_media_api_max_thumbnail_generators: 10

2
roles/custom/matrix-dynamic-dns/defaults/main.yml
View File

@ -36,7 +36,7 @@ matrix_dynamic_dns_container_additional_networks: "{{ matrix_dynamic_dns_contain
matrix_dynamic_dns_container_additional_networks_auto: []
matrix_dynamic_dns_container_additional_networks_custom: []
# List of extra arguments to pass to the container mode
# List of extra arguments to pass to the ontainer mode
matrix_dynamic_dns_container_extra_arguments: []
# List of wanted services when running in mode

2
roles/custom/matrix-element-call/defaults/main.yml
View File

@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.12.2
matrix_element_call_version: v0.10.0
matrix_element_call_scheme: https

2
roles/custom/matrix-element-call/templates/labels.j2
View File

@ -48,4 +48,4 @@ traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call
{% endif %}
{{ matrix_element_call_container_labels_additional_labels }}
{{ matrix_element_call_container_labels_additional_labels }}

2
roles/custom/matrix-ma1sd/defaults/main.yml
View File

@ -150,7 +150,7 @@ matrix_ma1sd_database_name: 'matrix_ma1sd'
matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}'
# ma1sd has several supported identity stores.
# ma1sd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
matrix_ma1sd_synapsesql_enabled: false

4
roles/custom/matrix-media-repo/templates/grafana/media-repo.json
View File

@ -131,7 +131,7 @@
"refId": "B"
}
],
"title": "HTTP Requests",
"title": "HTTP Requsts",
"type": "timeseries"
},
{
@ -1300,4 +1300,4 @@
"uid": "xJUZ3xfmk",
"version": 15,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
View File

@ -16,7 +16,7 @@
- {'old': 'matrix_prometheus_nginxlog_exporter_container_hostname', 'new': 'matrix_prometheus_nginxlog_exporter_identifier'}
- {'old': 'matrix_prometheus_nginxlog_exporter_docker_image_name_prefix', 'new': 'matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix'}
- name: Fail if docker image not available for arch
- name: Fail if docker image not availble for arch
ansible.builtin.fail:
msg: >
'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'.

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json
View File

@ -1702,4 +1702,4 @@
"uid": "x2_jWNF4k",
"version": 12,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
View File

@ -1702,4 +1702,4 @@
"uid": "x2_jWNF4k",
"version": 12,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
View File

@ -13,7 +13,7 @@ listen:
namespaces:
- name: matrix
metrics_override:
prefix: "myprefix"
preffix: "myprefix"
namespace_label: "namespace"
format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""
# enable to print to console

2
roles/custom/matrix-static-files/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_static_files_enabled: true
matrix_static_files_identifier: matrix-static-files
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_static_files_version: 2.37.0
matrix_static_files_version: 2.36.1
matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"

2
roles/custom/matrix-synapse-admin/defaults/main.yml
View File

@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false
matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
# renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
matrix_synapse_admin_version: v0.11.1-etke44
matrix_synapse_admin_version: v0.10.3-etke39
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}"
matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-synapse-usage-exporter/templates/grafana/synapse-usage-exporter.json
View File

@ -2743,4 +2743,4 @@
"uid": "c84624d7-3935-4470-83c0-c10d1cee35ff",
"version": 2,
"weekStart": ""
}
}

44
roles/custom/matrix-synapse/defaults/main.yml
View File

@ -16,7 +16,7 @@ matrix_synapse_enabled: true
matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.132.0
matrix_synapse_version: v1.129.0
matrix_synapse_username: ''
matrix_synapse_uid: ''
@ -501,7 +501,7 @@ matrix_synapse_tls_federation_listener_enabled: true
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
# Resource names used by the insecure HTTP listener. Here only the Client API
# Resource names used by the unsecure HTTP listener. Here only the Client API
# is defined, see the homeserver config for a full list of valid resource
# names.
matrix_synapse_http_listener_resource_names: ["client"]
@ -835,7 +835,7 @@ matrix_synapse_workers_enabled: false
# Specifies worker configuration that should be used when workers are enabled.
#
# The possible values (as seen in `matrix_synapse_workers_presets`) are:
# The posible values (as seen in `matrix_synapse_workers_presets`) are:
# - "little-federation-helper" - a very minimal worker configuration to improve federation performance
# - "one-of-each" - one worker of each supported type + a generic worker
# - "specialized-workers" - one worker of each supported type + specialized workers
@ -1386,7 +1386,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve
matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.10.0"
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.9.2"
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
# Flag messages sent by servers/users in the ban lists as spam. Currently
# this means that spammy messages will appear as empty to users. Default
@ -1412,38 +1412,6 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config:
ban_lists: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}"
message_max_length: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length }}"
# Enable this to activate the synapse-http-antispam module.
# See: github.com/maunium/synapse-http-antispam
matrix_synapse_ext_synapse_http_antispam_enabled: false
matrix_synapse_ext_synapse_http_antispam_git_repository_url: "https://github.com/maunium/synapse-http-antispam"
# renovate: datasource=github-releases depName=maunium/synapse-http-antispam
matrix_synapse_ext_synapse_http_antispam_git_version: "v0.4.0"
# Where Synapse can locate the consumer of the antispam API. Currently
# Draupnir is the only consumer of this API that is playbook supported.
# But https://github.com/maunium/meowlnir also supports the API.
matrix_synapse_ext_synapse_http_antispam_config_base_url: ''
# This is a shared secret that is established between the consumer and the
# homeserver a lot like how AS authentication is done. This is fully managed
# the same way AS authentication is by the playbook.
matrix_synapse_ext_synapse_http_antispam_config_authorization: ''
# This controls what callbacks are activated. This list is fully dependent on what consumer is in play.
# And what capabilities said consumer should or shouldn't have. There are also performance implications
# to these choices.
matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: []
# Controls if a loss of connectivity to the consumer results in fail open or closed.
# As in if failure results in events getting flagged automatically as spam or not.
matrix_synapse_ext_synapse_http_antispam_config_fail_open: {}
# Controls if the checking is blocking or not. This allows the homeserver to skip waiting for a consumer response.
matrix_synapse_ext_synapse_http_antispam_config_async: {}
# Actual configuration passed to the synapse-http-antispam module
matrix_synapse_ext_synapse_http_antispam_config: "{{ matrix_synapse_ext_synapse_http_antispam_config_yaml | from_yaml }}"
matrix_synapse_ext_synapse_http_antispam_config_yaml: |
base_url: {{ matrix_synapse_ext_synapse_http_antispam_config_base_url | to_json }}
authorization: {{ matrix_synapse_ext_synapse_http_antispam_config_authorization | to_json }}
enabled_callbacks: {{ matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks | to_json }}
fail_open: {{ matrix_synapse_ext_synapse_http_antispam_config_fail_open | to_json }}
async: {{ matrix_synapse_ext_synapse_http_antispam_config_async | to_json }}
# Enable this to activate the E2EE disabling Synapse module.
# See: https://github.com/digitalentity/matrix_encryption_disabler
matrix_synapse_ext_encryption_disabler_enabled: false
@ -1458,7 +1426,7 @@ matrix_synapse_ext_encryption_disabler_deny_encryption_for_rooms_of: ["{{ matrix
# Specifies whether the power levels event (setting) provided during room creation should be patched.
# This makes it impossible for anybody (locally or over federation) from enabling room encryption
# for the lifetime of rooms created while this setting is enabled (irreversible).
# Enabling this may have incompatibility consequences with servers / clients.
# Enabling this may have incompatiblity consequences with servers / clients.
# Familiarize yourself with the caveats upstream: https://github.com/digitalentity/matrix_encryption_disabler
matrix_synapse_ext_encryption_disabler_patch_power_levels: false
matrix_synapse_ext_encryption_config: "{{ matrix_synapse_ext_encryption_config_yaml | from_yaml }}"
@ -1562,7 +1530,7 @@ matrix_synapse_room_list_publication_rules:
room_id: "*"
action: allow
matrix_synapse_default_room_version: "11"
matrix_synapse_default_room_version: "10"
# Controls whether leaving a room will automatically forget it.
# The upstream default is `false`, but we try to make Synapse less wasteful of resources, so we do things differently.

13
roles/custom/matrix-synapse/tasks/ext/setup_install.yml
View File

@ -66,19 +66,6 @@
- when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
# synapse-http-antispam
- tags:
- setup-all
- setup-synapse
- install-all
- install-synapse
block:
- when: matrix_synapse_ext_synapse_http_antispam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-http-antispam/validate_config.yml"
- when: matrix_synapse_ext_synapse_http_antispam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-http-antispam/setup_install.yml"
# s3-storage-provider
- tags:
- setup-all

37
roles/custom/matrix-synapse/tasks/ext/synapse-http-antispam/setup_install.yml
View File

@ -1,37 +0,0 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Catalan Lover <catalanlover@protonmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure git installed
ansible.builtin.package:
name: git
state: present
- name: Clone synapse-http-antispam git repository
ansible.builtin.git:
repo: "{{ matrix_synapse_ext_synapse_http_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_synapse_http_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/synapse-http-antispam"
become: true
become_user: "{{ matrix_synapse_username }}"
- ansible.builtin.set_fact:
matrix_synapse_modules: >
{{
matrix_synapse_modules | default([])
+
[{
"module": "synapse_http_antispam.HTTPAntispam",
"config": matrix_synapse_ext_synapse_http_antispam_config,
}]
}}
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-http-antispam/synapse_http_antispam.py,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_http_antispam.py,ro"]
}}

11
roles/custom/matrix-synapse/tasks/ext/synapse-http-antispam/setup_uninstall.yml
View File

@ -1,11 +0,0 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Catalan Lover <catalanlover@protonmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure synapse-http-antispam doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/synapse-http-antispam"
state: absent

21
roles/custom/matrix-synapse/tasks/ext/synapse-http-antispam/validate_config.yml
View File

@ -1,21 +0,0 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Catalan Lover <catalanlover@protonmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if required synapse-http-antispam settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using synapse-http-antispam.
when: "vars[item] == ''"
with_items:
- "matrix_synapse_ext_synapse_http_antispam_enabled"
- "matrix_synapse_ext_synapse_http_antispam_config_base_url"
- "matrix_synapse_ext_synapse_http_antispam_config_authorization"
- name: Fail if required matrix_synapse_ext_synapse_http_antispam_config_base_url looks invalid
ansible.builtin.fail:
msg: >-
`matrix_synapse_ext_synapse_http_antispam_config_base_url` needs to look like a URL (`http://` or `https://` prefix).
when: "not matrix_synapse_ext_synapse_http_antispam_config_base_url.startswith('http')"

Some files were not shown because too many files have changed in this diff Show More