finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:master
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram
..
compare: finallycoffee:79bacd09501a5816d9549df8e55e36d4c1952c24
Branches Tags
finallycoffee:master finallycoffee:transcaffeine/patch-dumb-design-choices finallycoffee:feat-mx-puppet-instagram

2 Commits
master ... 79bacd0950

Author SHA1 Message Date
transcaffeine
79bacd0950 meta: move inventory structure to be more usable 2025-05-25 12:22:03 +02:00
jdreichmann
1e568bc142 meta: add own inventory, add vault-unlock with GPG 2025-05-25 12:22:00 +02:00
105 changed files with 312 additions and 578 deletions
Expand all files Collapse all files

2
.codespellrc
View File

@@ -1,2 +0,0 @@
[codespell]
ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr

2
.envrc
View File

@@ -1 +1 @@
use flake
use flake

6
.github/renovate.json vendored
View File

@@ -20,7 +20,6 @@
"packageRules": [
{
"ignoreUnstable": false,
"versioning": "loose",
"matchSourceUrls": [
"https://github.com/devture/com.devture.ansible.role{/,}**",
"https://github.com/mother-of-all-self-hosting{/,}**"
@@ -29,8 +28,5 @@
],
"ignoreDeps": [
"ghcr.io/matrixgpt/matrix-chatgpt-bot"
],
"pre-commit": {
"enabled": true
}
]
}

20
.github/workflows/matrix.yml vendored
View File

@@ -7,7 +7,9 @@
---
name: Matrix CI
on: [push, pull_request] # yamllint disable-line rule:truthy
on: # yamllint disable-line rule:truthy
push:
pull_request:
jobs:
yamllint:
@@ -24,19 +26,7 @@ jobs:
steps:
- name: Check out
uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@v25.6.1
uses: ansible-community/ansible-lint-action@v6.17.0
with:
args: "roles/custom"
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run pre-commit
uses: pre-commit/action@v3.0.1
path: roles/custom

20
.github/workflows/reuse.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
#
# SPDX-License-Identifier: CC0-1.0
---
name: REUSE Compliance Check
on: [push, pull_request] # yamllint disable-line rule:truthy
permissions:
contents: read
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@v5

26
.pre-commit-config.yaml
View File

@@ -1,26 +0,0 @@
---
default_install_hook_types: [pre-push]
exclude: "LICENSES/"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-toml
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/codespell-project/codespell
rev: v2.4.1
hooks:
- id: codespell
args: ["--skip=*.po,*.pot,i18n/"]
- repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook
rev: v5.0.2
hooks:
- id: reuse

20
CHANGELOG.md
View File

@@ -156,7 +156,7 @@ To **completely eliminate the problem** of DDoS amplification attacks done throu
The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**.
💡 Users may wish to further remove the (now unnecessary) firewall rule allowing access to `3478/udp`.
💡 Users may wish to further remove the (now unnnecessary) firewall rule allowing access to `3478/udp`.
If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:
@@ -170,7 +170,7 @@ matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
# 2025-02-17
## FluffyChat Web support
## FluffyChat Web suport
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host.
@@ -192,7 +192,7 @@ The playbook will let you know if you're using any `matrix_mautrix_hangouts_*` v
## Redis and KeyDB are no longer part of the playbook
**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly defining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly definining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
The playbook has gone through several iterations of memorystore implementations:
@@ -745,7 +745,7 @@ For people building commercial products on top of Synapse, they may have to eith
We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own!
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by introducing a new Ansible variable. You can do it like this:
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this:
```yaml
# Switch the organization that Synapse container images (or source code for self-building) are pulled from.
@@ -828,7 +828,7 @@ Despite these downsides (which the playbook manages automatically), we believe i
People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically.
**People running their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
**People runnning their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended.
@@ -2851,7 +2851,7 @@ As always, re-running the playbook is enough to get the updated bits.
## SMS bridging requires db reset
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new required var `matrix_sms_bridge_default_region`.
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
@@ -2883,7 +2883,7 @@ Until the issue gets fixed, we're making User Directory search not go to ma1sd b
This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream
made a change to how you define manual mappings. If you added a
`mapping` to your configuration, you will need to update it according
`mapping` to your configuration, you will need to update it accoring
to the [upstream
instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no
change is necessary. `mappings` is not part of the default
@@ -3046,7 +3046,7 @@ As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unw
Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**.
As with anything else, these new defaults can be overridden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
# 2019-10-05
@@ -3600,7 +3600,7 @@ The following changes had to be done:
- glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file.
- `matrix_postgres_use_external` has been superseded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
- `matrix_postgres_use_external` has been superceeded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
- Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`)
@@ -3789,7 +3789,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widge
There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse.
You may wish to re-enable TLSv1 if you need to access Riot in older browsers.
You may wish to reenable TLSv1 if you need to access Riot in older browsers.
Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details.

2
REUSE.toml
View File

@@ -13,12 +13,10 @@ path = [
"i18n/PUBLISHED_LANGUAGES",
"i18n/requirements.txt",
"roles/custom/**/*.repo",
".codespellrc",
".editorconfig",
".envrc",
".gitattributes",
".gitignore",
".pre-commit-config.yaml",
".yamllint",
"ansible.cfg",
"flake.lock",

2
YEAR-IN-REVIEW.md
View File

@@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable.
AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
* complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult
* the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way.

2
docs/README.md
View File

@@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Table of Contents
## ⬇️ Installation guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
There are two installation guides available for beginners and advanced users.

2
docs/ansible.md
View File

@@ -117,7 +117,7 @@ Then, to be asked for the password whenever running an `ansible-playbook` comman
#### Resolve directory ownership issues
Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
> fatal: unsafe repository ('/work' is owned by someone else)
> To add an exception for this directory, call:

4
docs/configuring-playbook-appservice-draupnir-for-all.md
View File

@@ -95,13 +95,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage
If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it.
If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it.
The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode.
### Granting Users the ability to use D4A
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended.
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))

2
docs/configuring-playbook-bot-baibot.md
View File

@@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
```
Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.

2
docs/configuring-playbook-bot-chatgpt.md
View File

@@ -57,7 +57,7 @@ matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE'
matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE'
# Configuring the system prompt used, needed if the bot is used for special tasks.
# Configuring the system promt used, needed if the bot is used for special tasks.
# More information: https://github.com/mustvlad/ChatGPT-System-Prompts
matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
```

2
docs/configuring-playbook-bot-draupnir.md
View File

@@ -242,7 +242,7 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`

2
docs/configuring-playbook-bot-matrix-registration-bot.md
View File

@@ -77,7 +77,7 @@ Send `help` to the bot to see the available commands.
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
If you have any questions, or if you need help setting it up, read the [troubleshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc… you can use:

2
docs/configuring-playbook-bridge-hookshot.md
View File

@@ -167,7 +167,7 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
#### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

2
docs/configuring-playbook-bridge-mautrix-wsproxy.md
View File

@@ -70,7 +70,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage
Follow the [mautrix-imessage documentation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
Follow the [mautrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
## Troubleshooting

2
docs/configuring-playbook-bridge-mx-puppet-discord.md
View File

@@ -10,7 +10,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Setting up MX Puppet Discord bridging (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) for you.

4
docs/configuring-playbook-continuwuity.md
View File

@@ -50,8 +50,8 @@ If a specific setting you'd like to change does not have a dedicated Ansible var
```yaml
matrix_continuwuity_environment_variables_extension: |
CONTINUWUITY_MAX_REQUEST_SIZE=50000000
CONTINUWUITY_REQUEST_TIMEOUT=60
continuwuity_MAX_REQUEST_SIZE=50000000
continuwuity_REQUEST_TIMEOUT=60
```
## Creating the first user account

2
docs/configuring-playbook-element-call.md
View File

@@ -30,7 +30,7 @@ These **clients will use their own embedded Element Call frontend**, so **self-h
💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call.
The playbook makes a distinction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
| Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) |
|------------------------|-----------------------|----------------|---------------------|

2
docs/configuring-playbook-jitsi.md
View File

@@ -70,7 +70,7 @@ By default the Jitsi Meet instance **does not require for anyone to log in, and
If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
### Enable Gravatar (optional)

2
docs/configuring-playbook-livekit-jwt-service.md
View File

@@ -15,4 +15,4 @@ This is a helper component which is part of the [Matrix RTC stack](configuring-p
Take a look at:
- `roles/custom/matrix-livekit-jwt-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.
- `roles/custom/matrix-livekit-jwt-service/templates/env.j2` for the component's default configuration.

2
docs/configuring-playbook-livekit-server.md
View File

@@ -35,4 +35,4 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).

6
docs/configuring-playbook-matrix-authentication-service.md
View File

@@ -41,7 +41,7 @@ Below, we'll try to **highlight some potential reasons for switching** to Matrix
## Prerequisites
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
-**disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below.
@@ -61,7 +61,7 @@ This section details what you can expect when switching to the Matrix Authentica
- ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
- ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration).
@@ -85,7 +85,7 @@ For new homeservers (which don't have any users in their Synapse database yet),
### Existing homeserver
Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet.
Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
For existing Synapse homeservers:

2
docs/configuring-playbook-matrix-corporal.md
View File

@@ -13,7 +13,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.
In short, it's a sort of automation and firewalling service, which is helpful if you're installing Matrix services in a controlled corporate environment.
In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you.

2
docs/configuring-playbook-matrix-media-repo.md
View File

@@ -60,7 +60,7 @@ To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_use
#### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics.
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

2
docs/configuring-playbook-matrix-rtc.md
View File

@@ -56,4 +56,4 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
Once installed, Matrix clients which support Element Call (like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android)) will automatically use the Matrix RTC stack.
These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser.
These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser.

2
docs/configuring-playbook-ntfy.md
View File

@@ -115,7 +115,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage
To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distributor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notifications are "distributed" from it.
To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it.
For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation.

2
docs/configuring-playbook-prometheus-grafana.md
View File

@@ -258,4 +258,4 @@ As with all other services, you can find the logs in [systemd-journald](https://
- [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
- [The PostgreSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)
- [The PostgresSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)

8
docs/configuring-playbook-s3.md
View File

@@ -22,11 +22,13 @@ Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring
## Choosing an Object Storage provider
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), [Storj](https://storj.io), etc.
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Storj](https://storj.io), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc.
Amazon S3 and Backblaze B2 are pay-as-you with no minimum charges for storing too little data. Note that Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
Amazon S3, Backblaze B2, and Storj are pay-as-you with no minimum charges for storing too little data.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). Though Storj does not set minimum amount of data to be stored, it also charges $5 minimum monthly usage fee since July 1, 2025, if your monthly usage (storage, bandwidth, and segments) totals less than $5.
All these providers have different prices, with Storj appearing to be the cheapest (as of 2024-10, storage fee is $0.004 per GB/month, and egress fee is $0.007 per GB; check actual pricing [here](https://storj.dev/dcs/pricing)). Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10).
Here are some of the important aspects of choosing the right provider:

2
docs/configuring-playbook-ssl-certificates.md
View File

@@ -15,7 +15,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
**Notes**:
- This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).

2
docs/configuring-playbook-synapse.md
View File

@@ -53,7 +53,7 @@ You may also consider [tweaking the number of workers of each type](#controlling
##### Specialized workers
The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requester's IP address, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requester and/or on the resource (room, etc.) being requested.
The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requestor's IP adddress, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requestor and/or on the resource (room, etc.) being requested.
The playbook supports these **4 types** of specialized workers:

4
docs/faq.md
View File

@@ -235,7 +235,7 @@ Running Matrix on a server with 1GB of memory is possible (especially if you dis
**We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
### Can I run this in an LXC container?
@@ -362,7 +362,7 @@ Configuration variables are defined in multiple places in this playbook and are
You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`.
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).

2
docs/howto-srv-server-delegation.md
View File

@@ -42,7 +42,7 @@ This is because with SRV federation, some servers / tools (one of which being th
### Tell Traefik which certificate to serve for the federation endpoint
Now that the federation endpoint is not bound to a domain anymore we need to explicitly tell Traefik to use a wildcard certificate in addition to one containing the base name.
Now that the federation endpoint is not bound to a domain anymore we need to explicitely tell Traefik to use a wildcard certificate in addition to one containing the base name.
This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work.

2
docs/prerequisites.md
View File

@@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

4
examples/reverse-proxies/nginx-proxy-manager/README.md
View File

@@ -23,7 +23,7 @@ If Matrix federation is enabled, then you will need to make changes to [NPM's Do
You'll need to create two proxy hosts in NPM for Matrix web and federation traffic.
Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxy's configuration like this:
Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxys configuration like this:
```md
# Details
@@ -44,7 +44,7 @@ Custom Nginx Configuration:
client_max_body_size 50M;
```
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this:
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxys configuration like this:
```md
# Details

2
i18n/README.md
View File

@@ -20,7 +20,7 @@ Currently, we support translation of:
Organization of this `i18n` directory is as follows:
- [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory)
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionally ignore translated results (`translations/<language>` directories) for languages that are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionaly ignore translated results (`translations/<language>` directories) for languages taht are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
- [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner
- [requirements.txt](requirements.txt): a list of Python packages required to work with translations
- [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files

10
i18n/requirements.txt
View File

@@ -1,6 +1,6 @@
alabaster==1.0.0
babel==2.17.0
certifi==2025.7.9
certifi==2025.4.26
charset-normalizer==3.4.2
click==8.2.1
docutils==0.21.2
@@ -14,10 +14,10 @@ mdit-py-plugins==0.4.2
mdurl==0.1.2
myst-parser==4.0.1
packaging==25.0
Pygments==2.19.2
Pygments==2.19.1
PyYAML==6.0.2
requests==2.32.4
setuptools==80.9.0
requests==2.32.3
setuptools==80.8.0
snowballstemmer==3.0.1
Sphinx==8.2.3
sphinx-intl==2.3.1
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0
tabulate==0.9.0
uc-micro-py==1.0.3
urllib3==2.5.0
urllib3==2.4.0

1
inventory/host_vars/matrix.finallycoffee.eu/postgresql.yml
View File

@@ -2,7 +2,6 @@
postgres_max_connections: 400
postgres_shared_buffers: 3145728 # (3072 MiB)
postgres_effective_cache_size: 8388608 # (8192 MiB)
postgres_container_shm_size: 1G
postgres_maintenance_work_mem: 786432 # (768 MiB)
postgres_wal_buffers: 16384 # (16 MiB)
postgres_random_page_cost: 1.3

28
requirements.yml
View File

@@ -7,7 +7,7 @@
version: v1.4.1-1.9.14-0
name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.3.0-6
version: v0.3.0-4
name: container_socket_proxy
- src: git+https://github.com/geerlingguy/ansible-role-docker
version: 7.4.7
@@ -16,22 +16,22 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.3.2-0
version: v2.3.0-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-0
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.3-1
version: v11.6.2-0
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10314-1
version: v10184-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.0-2
version: v1.8.4-5
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.13.0-0
version: v2.11.0-5
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048
@@ -43,19 +43,19 @@
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v17.5-0
version: v17.4-0
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v17-5
version: v17-3
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.4.2-1
version: v3.4.0-1
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-9
version: v1.9.1-3
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.17.1-6
version: v0.17.1-1
name: prometheus_postgres_exporter
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.4.0-0
@@ -67,11 +67,11 @@
version: v1.0.0-0
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.4.4-1
version: v3.4.0-0
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-1
version: v2.10.0-0
name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v8.1.3-0
version: v8.1.1-0
name: valkey

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2025.7.2
matrix_alertmanager_receiver_version: 2025.5.21
matrix_alertmanager_receiver_scheme: https

4
roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
View File

@@ -12,7 +12,7 @@
matrix_appservice_draupnir_for_all_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_appservice_draupnir_for_all_version: "v2.5.0"
matrix_appservice_draupnir_for_all_version: "v2.2.0"
matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -50,7 +50,7 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
# anyone in this room can use the bot - secure your room!
# This should be a room alias - not a matrix.to URL.
# Note: Draupnir is fairly verbose - expect a lot of messages from it.
# This room is different for Appservice Mode compared to normal mode.
# This room is diffrent for Appservice Mode compared to normal mode.
# In Appservice mode it provides functions like user management.
matrix_appservice_draupnir_for_all_config_adminRoom: "" # noqa var-naming

2
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 0.18.0
matrix_authentication_service_version: 0.16.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

4
roles/custom/matrix-base/defaults/main.yml
View File

@@ -217,7 +217,7 @@ matrix_homeserver_container_url: "http://{{ matrix_homeserver_container_client_a
# Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere.
# This likely gets overriden elsewhere.
matrix_homeserver_container_client_api_endpoint: ""
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
@@ -225,7 +225,7 @@ matrix_homeserver_container_federation_url: "http://{{ matrix_homeserver_contain
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere.
# This likely gets overriden elsewhere.
matrix_homeserver_container_federation_api_endpoint: ""
# Specifies the public url of the Sync v3 (sliding-sync) API.

2
roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml
View File

@@ -5,6 +5,6 @@
---
- name: Ensure fuse installed (RedHat)
ansible.builtin.package:
ansible.builtin.yum:
name: fuse
state: present

2
roles/custom/matrix-base/tasks/validate_config.yml
View File

@@ -104,7 +104,7 @@
msg: >-
Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge.
By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict.
We recommend that you disable at least one of the bridges (preferably the old mautrix-instagram bridge), or to resolve the conflict in another way.
We recommend that you disable at least one of the bridges (preferrably the old mautrix-instagram bridge), or to resolve the conflict in another way.
To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now.
when:
- matrix_mautrix_instagram_enabled | bool

2
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.7.6
matrix_bot_baibot_version: v1.7.2
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
View File

@@ -20,7 +20,7 @@
- name: Fail if OpenAI configuration not up-to-date.
ansible.builtin.fail:
msg: >-
Your configuration contains a variable that is no longer used.
Your configuration contains a varible that is no longer used.
Please change your configuration to remove the variable (`{{ item.name }}`).
when: "item.name in vars"
with_items:

7
roles/custom/matrix-bot-draupnir/defaults/main.yml
View File

@@ -12,7 +12,7 @@
matrix_bot_draupnir_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir
matrix_bot_draupnir_version: "v2.5.0"
matrix_bot_draupnir_version: "v2.2.0"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -148,14 +148,17 @@ matrix_bot_draupnir_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupn
# Therefore the module is configured from Draupnir because the consumer of the module determines what settings are relevant.
matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks:
- check_event_for_spam
- user_may_invite
- user_may_join_room
matrix_bot_draupnir_synapse_http_antispam_config_fail_open:
check_event_for_spam: true
user_may_invite: true
user_may_join_room: true
matrix_bot_draupnir_synapse_http_antispam_config_async: {}
matrix_bot_draupnir_synapse_http_antispam_config_async:
check_event_for_spam: true
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.

2
roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
View File

@@ -63,7 +63,7 @@
ansible.builtin.fail:
msg: >-
Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
These settings are mutually incompatible and therefore can't be used at the same time.
These settings are mutually incompatible and therefore cant be used at the same time.
when:
- matrix_bot_draupnir_pantalaimon_use
- matrix_bot_draupnir_config_experimentalRustCrypto

38
roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
View File

@@ -7,8 +7,7 @@ SPDX-FileCopyrightText: 2024 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
#}
# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
# set this to the pantalaimon URL if you're using that.
# Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}
# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
@@ -23,10 +22,7 @@ accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}
{% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
pantalaimon:
# Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
# set to `true` if you're using pantalaimon.
#
# Be sure to point homeserverUrl to the pantalaimon instance.
# Set to `true` when the bot is to login and fetch the access token on its own.
#
# Draupnir will log in using the given username and password once,
# then store the resulting access token in a file under dataPath.
@@ -38,14 +34,13 @@ pantalaimon:
# The password Draupnir will login with.
#
# After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
# This option can be loaded from a file by passing "--pantalaimon-password-path <path>" at the command line,
# This option can be loaded from a file by passing "--password-path <path>" at the command line,
# which would allow using secret management systems such as systemd's service credentials.
password: {{ matrix_bot_draupnir_password | to_json }}
{% endif %}
# Experimental usage of the matrix-bot-sdk rust crypto.
# This can not be used with Pantalaimon.
# Make sure to setup the bot as if you are not using pantalaimon for this.
# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon.
# Make sure Pantalaimon is disabled in Draupnir's configuration.
#
# Warning: At this time this is not considered production safe.
experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}
@@ -73,12 +68,22 @@ recordIgnoredInvites: false
# (see verboseLogging to adjust this a bit.)
managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}
# Deprecated and will be removed in a future version.
# Running with verboseLogging is unsupported.
# Whether Draupnir should log a lot more messages in the room,
# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
verboseLogging: false
# The log level of terminal (or container) output,
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
#
# This should be at INFO or DEBUG in order to get support for Draupnir problems.
logLevel: "INFO"
# Whether or not Draupnir should synchronize policy lists immediately after startup.
# Equivalent to running '!draupnir sync'.
syncOnStartup: true
# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
# Equivalent to running `!draupnir verify`.
verifyPermissionsOnStartup: true
@@ -126,13 +131,11 @@ protectAllJoinedRooms: false
# of the homeserver may be more impacted.
backgroundDelayMS: 500
# Server administrative features. These will only work if Draupnir is
# Server administration commands, these commands will only work if Draupnir is
# a global server administrator, and the bot's server is a Synapse instance.
# Please review https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration
admin:
# Whether to enable the make admin command.
# This command allows Draupnir can temporarily take control of any eligible account
# from the local homeserver in the target room (with enough permissions) to "make" another user an admin.
# Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
# (with enough permissions) to "make" a user an admin.
#
# This only works if a local user with enough admin permissions is present in the room.
enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}
@@ -297,10 +300,13 @@ web:
authorization: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization | to_json }}
{% endif %}
# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
# Whether or not to actively poll synapse for abuse reports, to be used
# instead of intercepting client calls to synapse's abuse endpoint, when that
# isn't possible/practical.
pollReports: false
#pollReports: false
# Whether or not new reports, received either by webapi or polling,
# should be printed to our managementRoom.

2
roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2
View File

@@ -2,7 +2,7 @@
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain|to_json }}
# This should be your publicly facing URL because Discord may use it to
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }}
# Interval at which to process users in the 'presence queue'. If you have

2
roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
View File

@@ -358,7 +358,7 @@ matrix_appservice_irc_ircService_servers: [] # noqa var-naming
# # not apply an idle timeout. This value is ignored if this IRC server is
# # mirroring Matrix membership lists to IRC. Default: 172800 (48 hours)
# idleTimeout: 10800
# # The number of milliseconds to wait between consecutive reconnections if a
# # The number of millseconds to wait between consecutive reconnections if a
# # client gets disconnected. Setting to 0 will cause the scheduling to be
# # disabled, i.e. it will be scheduled immediately (with jitter.
# # Otherwise, the scheduling interval will be used such that one client

2
roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
View File

@@ -224,7 +224,7 @@ logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
# empty/null = journal logging only
# empy/null = journal logging only
file_name_format:
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"

2
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@@ -74,7 +74,7 @@ matrix_hookshot_cache_redisUri: "{{ ('redis://' + matrix_hookshot_cache_redis_ho
# - support to also be enabled in the homeserver, see the documentation of Hookshot.
# - Hookshot to be pointed at a Redis instance via the `matrix_hookshot_cache_redis*` variables.
# See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
matrix_hookshot_encryption_enabled: "{{ matrix_bridges_encryption_enabled }}"
matrix_hookshot_encryption_enabled: false
# Controls whether metrics are enabled in the bridge configuration.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.

5
roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
View File

@@ -36,11 +36,6 @@ matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# A public address that external services can use to reach this appservice.
matrix_mautrix_bluesky_appservice_public_address: ''
# Displayname template for Bluesky users.
# {{ .DisplayName }} is replaced with the display name of the Bluesky user.
# {{ .Username }} is replaced with the username of the Bluesky user.
matrix_mautrix_bluesky_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)"
matrix_mautrix_bluesky_bridge_command_prefix: "!bs"
matrix_mautrix_bluesky_bridge_permissions: |

2
roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2
View File

@@ -11,7 +11,7 @@ network:
# {{ .DisplayName }} is replaced with the display name of the Bluesky user.
# {{ .Username }} is replaced with the username of the Bluesky user.
# {% endraw %}
displayname_template: {{ matrix_mautrix_bluesky_network_displayname_template | to_json }}
displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Bluesky)"
# Maximum number of conversations to sync on startup
conversation_sync_limit: 20

5
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
View File

@@ -21,7 +21,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
matrix_mautrix_discord_version: v0.7.4
matrix_mautrix_discord_version: v0.7.3
# See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_registry_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@@ -39,8 +39,6 @@ matrix_mautrix_discord_homeserver_address: ""
matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080"
matrix_mautrix_discord_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_discord_bridge_command_prefix: "!discord"
# Publicly accessible base URL that Discord can use to reach the bridge, used for avatars in relay mode.
@@ -227,7 +225,6 @@ matrix_mautrix_discord_registration_yaml: |
regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
io.element.msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"

5
roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2
View File

@@ -268,11 +268,6 @@ bridge:
appservice: {{ matrix_mautrix_discord_bridge_encryption_appservice | to_json}}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_discord_bridge_encryption_require | to_json }}
# Whether to use MSC4190 instead of appservice login to create the bridge bot device.
# Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
# Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
# Changing this option requires updating the appservice registration file.
msc4190: {{ matrix_mautrix_discord_msc4190_enabled | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow | to_json }}

2
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
View File

@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.6.3
matrix_mautrix_gmessages_version: v0.6.2
# See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"

2
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
View File

@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.5.1
matrix_mautrix_meta_instagram_version: v0.4.6
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"

2
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
View File

@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.5.1
matrix_mautrix_meta_messenger_version: v0.4.6
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"

10
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.8.4
matrix_mautrix_signal_version: v0.8.3
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@@ -48,14 +48,6 @@ matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_signal_command_prefix: "!signal"
# Displayname template for Signal users.
# {{.ProfileName}} - The Signal profile name set by the user.
# {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances.
# {{.PhoneNumber}} - The phone number of the user.
# {{.UUID}} - The UUID of the Signal user.
# {{.AboutEmoji}} - The emoji set by the user in their profile.
matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}"
matrix_mautrix_signal_bridge_permissions: |
{{
{'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'}

2
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View File

@@ -9,7 +9,7 @@ network:
# {{.UUID}} - The UUID of the Signal user.
# {{.AboutEmoji}} - The emoji set by the user in their profile.
# {% endraw %}
displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }}
displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}"
# Should avatars from the user's contact list be used? This is not safe on multi-user instances.
use_contact_avatars: false
# Should the bridge request the user's contact list from the phone on startup?

30
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
View File

@@ -36,27 +36,6 @@ matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# Displayname template for Slack users. Available variables:
# .Name - The username of the user
# .Team.Name - The name of the team the channel is in
# .Team.Domain - The Slack subdomain of the team the channel is in
# .ID - The internal ID of the user
# .IsBot - Whether the user is a bot
# .Profile.DisplayName - The username or real name of the user (depending on settings)
# Variables only available for users (not bots):
# .TeamID - The internal ID of the workspace the user is in
# .TZ - The timezone region of the user (e.g. Europe/London)
# .TZLabel - The label of the timezone of the user (e.g. Greenwich Mean Time)
# .TZOffset - The UTC offset of the timezone of the user (e.g. 0)
# .Profile.RealName - The real name of the user
# .Profile.FirstName - The first name of the user
# .Profile.LastName - The last name of the user
# .Profile.Title - The job title of the user
# .Profile.Pronouns - The pronouns of the user
# .Profile.Email - The email address of the user
# .Profile.Phone - The formatted phone number of the user
matrix_mautrix_slack_network_displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}'
matrix_mautrix_slack_command_prefix: "!slack"
matrix_mautrix_slack_bridge_permissions: |
@@ -189,12 +168,3 @@ matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsa
matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: ''
# Controls whether relay mode is enabled
matrix_mautrix_slack_bridge_relay_enabled: false
# Controls whether only admins can set themselves as relay users
matrix_mautrix_slack_bridge_relay_admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room
matrix_mautrix_slack_bridge_relay_default_relays: []

2
roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml
View File

@@ -22,7 +22,7 @@
when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('')
ansible.builtin.fail:
msg: |
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflict.
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit.
To resolve the conflict, make one of these components use a different username.
Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
We recommend that you change the username for the newly-added (and yet unused) component.

8
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
View File

@@ -20,7 +20,7 @@ network:
# .Profile.Pronouns - The pronouns of the user
# .Profile.Email - The email address of the user
# .Profile.Phone - The formatted phone number of the user
displayname_template: {{ matrix_mautrix_slack_network_displayname_template | to_json }}
displayname_template: '{% raw %}{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}{% endraw %}'
# Channel name template for Slack channels (all types). Available variables:
# .Name - The name of the channel
# .Team.Name - The name of the team the channel is in
@@ -113,12 +113,12 @@ bridge:
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_slack_bridge_relay_enabled | to_json }}
enabled: false
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_slack_bridge_relay_admin_only | to_json }}
admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_slack_bridge_relay_default_relays | to_json }}
default_relays: []
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.

7
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
matrix_mautrix_twitter_version: v0.4.2
matrix_mautrix_twitter_version: v0.4.1
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}"
@@ -44,11 +44,6 @@ matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# A public address that external services can use to reach this appservice.
matrix_mautrix_twitter_appservice_public_address: ''
# Displayname template for Twitter users.
# {{ .DisplayName }} is replaced with the display name of the Twitter user.
# {{ .Username }} is replaced with the username of the Twitter user.
matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"
matrix_mautrix_twitter_bridge_command_prefix: "!tw"
matrix_mautrix_twitter_bridge_permissions: |

2
roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
View File

@@ -11,7 +11,7 @@ network:
# {{ .DisplayName }} is replaced with the display name of the Twitter user.
# {{ .Username }} is replaced with the username of the Twitter user.
# {% endraw %}
displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }}
displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)"
# Maximum number of conversations to sync on startup
conversation_sync_limit: 20

9
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
matrix_mautrix_whatsapp_version: v0.12.2
matrix_mautrix_whatsapp_version: v0.12.1
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -161,13 +161,6 @@ matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_doubl
matrix_mautrix_whatsapp_double_puppet_secrets_auto: {}
matrix_mautrix_whatsapp_double_puppet_secrets_custom: {}
# Displayname template for WhatsApp users.
# {{.PushName}} - nickname set by the WhatsApp user
# {{.BusinessName}} - validated WhatsApp business name
# {{.Phone}} - phone number (international format)
# {{.FullName}} - Name you set in the contacts list
matrix_mautrix_whatsapp_network_displayname_template: '{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}'
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"

2
roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View File

@@ -22,7 +22,7 @@ network:
# {{.Phone}} - phone number (international format)
# {{.FullName}} - Name you set in the contacts list
# {% endraw %}
displayname_template: {{ matrix_mautrix_whatsapp_network_displayname_template | to_json }}
displayname_template: "{% raw %}{{or .BusinessName .PushName .Phone}} (WA){% endraw %}"
# Should incoming calls send a message to the Matrix room?
call_start_notices: true

2
roles/custom/matrix-cactus-comments-client/defaults/main.yml
View File

@@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
matrix_cactus_comments_client_public_path_file_permissions: "0644"
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_cactus_comments_client_version: 2.37.0
matrix_cactus_comments_client_version: 2.36.1
matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"

2
roles/custom/matrix-client-cinny/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
# renovate: datasource=docker depName=ajbura/cinny
matrix_client_cinny_version: v4.8.1
matrix_client_cinny_version: v4.8.0
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}"
matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.11.105
matrix_client_element_version: v1.11.101
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"

10
roles/custom/matrix-client-fluffychat/defaults/main.yml
View File

@@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
# renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
matrix_client_fluffychat_version: v2.0.0
matrix_client_fluffychat_version: v1.26.1
matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}"
matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"
@@ -33,14 +33,9 @@ matrix_client_fluffychat_container_additional_networks: "{{ matrix_client_fluffy
matrix_client_fluffychat_container_additional_networks_auto: []
matrix_client_fluffychat_container_additional_networks_custom: []
# Configures the port number used inside the container image.
matrix_client_fluffychat_container_http_port: 8080
# Controls whether the matrix-client-fluffychat container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8080"), or empty string to not expose.
#
# Also see: `matrix_client_fluffychat_container_http_port`
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
matrix_client_fluffychat_container_http_host_bind_port: ''
# matrix_client_fluffychat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
@@ -49,7 +44,6 @@ matrix_client_fluffychat_container_http_host_bind_port: ''
# To inject your own other container labels, see `matrix_client_fluffychat_container_labels_additional_labels`.
matrix_client_fluffychat_container_labels_traefik_enabled: true
matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_client_fluffychat_container_network }}"
matrix_client_fluffychat_container_labels_traefik_http_service_load_balancer_port: "{{ matrix_client_fluffychat_container_http_port }}"
matrix_client_fluffychat_container_labels_traefik_hostname: "{{ matrix_client_fluffychat_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/fluffychat`).
matrix_client_fluffychat_container_labels_traefik_path_prefix: "{{ matrix_client_fluffychat_path_prefix }}"

2
roles/custom/matrix-client-fluffychat/templates/labels.j2
View File

@@ -11,7 +11,7 @@ traefik.enable=true
traefik.docker.network={{ matrix_client_fluffychat_container_labels_traefik_docker_network }}
{% endif %}
traefik.http.services.matrix-client-fluffychat.loadbalancer.server.port={{ matrix_client_fluffychat_container_labels_traefik_http_service_load_balancer_port }}
traefik.http.services.matrix-client-fluffychat.loadbalancer.server.port=8080
{% set middlewares = [] %}

2
roles/custom/matrix-client-fluffychat/templates/systemd/matrix-client-fluffychat.service.j2
View File

@@ -22,7 +22,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--read-only \
--network={{ matrix_client_fluffychat_container_network }} \
{% if matrix_client_fluffychat_container_http_host_bind_port %}
-p {{ matrix_client_fluffychat_container_http_host_bind_port }}:{{ matrix_client_fluffychat_container_http_port }} \
-p {{ matrix_client_fluffychat_container_http_host_bind_port }}:8080 \
{% endif %}
--label-file={{ matrix_client_fluffychat_data_path }}/labels \
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \

2
roles/custom/matrix-client-schildichat/defaults/main.yml
View File

@@ -19,7 +19,7 @@ matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matr
matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web
matrix_client_schildichat_version: 1.11.103-sc.0.test.0
matrix_client_schildichat_version: 1.11.86-sc.0.test.0
matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_registry_prefix }}etkecc/schildichat-web:{{ matrix_client_schildichat_version }}"
matrix_client_schildichat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else matrix_client_schildichat_docker_image_registry_prefix_upstream }}"
matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-conduit/defaults/main.yml
View File

@@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg
matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}"
matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/
# renovate: datasource=docker depName=matrixconduit/matrix-conduit
matrix_conduit_docker_image_tag: "v0.10.6"
matrix_conduit_docker_image_tag: "v0.10.3"
matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

1
roles/custom/matrix-conduwuit/defaults/main.yml
View File

@@ -13,6 +13,7 @@ matrix_conduwuit_enabled: true
matrix_conduwuit_hostname: ''
matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}"
# renovate: datasource=docker depName=ghcr.io/girlbossceo/conduwuit
matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4
matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}"
matrix_conduwuit_docker_image_registry_prefix: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream }}"

4
roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
View File

@@ -586,7 +586,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
# specifically on room joins. This option limits the exposure to a
# compromised trusted server to room joins only. The join operation
# requires gathering keys from many origin servers which can cause
# significant delays. Therefore this defaults to true to mitigate
# significant delays. Therefor this defaults to true to mitigate
# unexpected delays out-of-the-box. The security-paranoid or those willing
# to tolerate delays are advised to set this to false. Note that setting
# query_trusted_key_servers_first to true causes this option to be
@@ -597,7 +597,7 @@ trusted_servers = {{ matrix_conduwuit_trusted_servers | to_json }}
# Only query trusted servers for keys and never the origin server. This is
# intended for clusters or custom deployments using their trusted_servers
# as forwarding-agents to cache and deduplicate requests. Notary servers
# do not act as forwarding-agents by default, therefore do not enable this
# do not act as forwarding-agents by default, therefor do not enable this
# unless you know exactly what you are doing.
#
#only_query_trusted_key_servers = false

28
roles/custom/matrix-continuwuity/defaults/main.yml
View File

@@ -143,9 +143,6 @@ matrix_continuwuity_config_max_request_size: 20_000_000
# Enables registration. If set to false, no users can register on this server.
matrix_continuwuity_config_allow_registration: false
# Controls if newly registered users are automatically suspended, requiring admin approval.
matrix_continuwuity_config_suspend_on_register: false
# Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting.
# This is only used when `matrix_continuwuity_config_allow_registration` is set to true and no registration token is configured.
matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false
@@ -169,11 +166,12 @@ matrix_continuwuity_config_allow_check_for_updates: false
# Controls the `emergency_password` setting.
matrix_continuwuity_config_emergency_password: ''
# Controls the `matrix_continuwuity_trusted_servers`` setting.
matrix_continuwuity_config_trusted_servers:
# Controls the `allow_federation` setting.
matrix_continuwuity_config_allow_federation: true
matrix_continuwuity_trusted_servers:
- "matrix.org"
# Controls the `matrix_continuwuity_config_log` setting.
matrix_continuwuity_config_log: "info,state_res=warn,rocket=off,_=off,sled=off"
# TURN integration.
@@ -186,23 +184,15 @@ matrix_continuwuity_config_turn_password: ''
# Controls whether the self-check feature should validate SSL certificates.
matrix_continuwuity_self_check_validate_certificates: true
# Controls server (de)federation settings.
matrix_continuwuity_config_allow_federation: true
matrix_continuwuity_config_allowed_remote_server_names: []
matrix_continuwuity_config_forbidden_remote_server_names: []
matrix_continuwuity_config_forbidden_remote_room_directory_server_names: []
matrix_continuwuity_config_prevent_media_downloads_from: []
matrix_continuwuity_config_ignore_messages_from_server_names: []
# Controls the `url_preview_domain_contains_allowlist` setting.
matrix_continuwuity_config_url_preview_domain_contains_allowlist: []
# Additional environment variables to pass to the container.
#
# Environment variables take priority over settings in the configuration file.
#
# Example:
# matrix_continuwuity_environment_variables_extension: |
# CONTINUWUITY_MAX_REQUEST_SIZE=50000000
# CONTINUWUITY_REQUEST_TIMEOUT=60
# continuwuity_MAX_REQUEST_SIZE=50000000
# continuwuity_REQUEST_TIMEOUT=60
matrix_continuwuity_environment_variables_extension: ''
matrix_continuwuity_forbidden_remote_server_names: []
matrix_continuwuity_forbidden_remote_room_directory_server_names: []

15
roles/custom/matrix-continuwuity/tasks/validate_config.yml
View File

@@ -13,18 +13,3 @@
- {'name': 'matrix_continuwuity_hostname', when: true}
- {'name': 'matrix_continuwuity_container_network', when: true}
- {'name': 'matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_continuwuity_container_labels_internal_client_api_enabled }}"}
- name: (Deprecation) Catch and report renamed Continuwuity settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "item.old in vars"
with_items:
- {'old': 'matrix_continuwuity_allowed_remote_server_names', 'new': 'matrix_continuwuity_config_allowed_remote_server_names'}
- {'old': 'matrix_continuwuity_forbidden_remote_room_directory_server_names', 'new': 'matrix_continuwuity_config_forbidden_remote_room_directory_server_names'}
- {'old': 'matrix_continuwuity_forbidden_remote_server_names', 'new': 'matrix_continuwuity_config_forbidden_remote_server_names'}
- {'old': 'matrix_continuwuity_ignore_messages_from_server_names', 'new': 'matrix_continuwuity_config_ignore_messages_from_server_names'}
- {'old': 'matrix_continuwuity_prevent_media_downloads_from', 'new': 'matrix_continuwuity_config_prevent_media_downloads_from'}
- {'old': 'matrix_continuwuity_trusted_servers', 'new': 'matrix_continuwuity_config_trusted_servers'}
- {'old': 'matrix_continuwuity_url_preview_domain_contains_allowlist', 'new': 'matrix_continuwuity_config_url_preview_domain_contains_allowlist'}

372
roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
View File

@@ -7,8 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
#}
### continuwuity Configuration
### For more information, see:
### https://continuwuity.org/configuration.html
### See:
### https://continuwuity.org/configuration
[global]
@@ -16,7 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# suffix for user and room IDs/aliases.
#
# See the docs for reverse proxying and delegation:
# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
# https://continuwuity.org/deploying/generic#setting-up-the-reverse-proxy
#
# Also see the `[global.well_known]` config section at the very bottom.
#
@@ -27,7 +27,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
# WIPE.
#
# example: "continuwuity.org"
# example: "continuwuity.woof"
#
server_name = {{ matrix_continuwuity_config_server_name | to_json }}
@@ -44,7 +44,7 @@ address = "0.0.0.0"
# The port(s) continuwuity will listen on.
#
# For reverse proxying, see:
# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
# https://continuwuity.org/deploying/generic#setting-up-the-reverse-proxy
#
# If you are using Docker, don't change this, you'll need to map an
# external port to this.
@@ -59,9 +59,8 @@ port = {{ matrix_continuwuity_config_port_number }}
# listening on a UNIX socket, you MUST remove/comment the `address` key.
#
# Remember to make sure that your reverse proxy has access to this socket
# file, either by adding your reverse proxy to the appropriate user group
# or granting world R/W permissions with `unix_socket_perms` (666
# minimum).
# file, either by adding your reverse proxy to the 'continuwuity' group or
# granting world R/W permissions with `unix_socket_perms` (666 minimum).
#
# example: "/run/continuwuity/continuwuity.sock"
#
@@ -71,8 +70,8 @@ port = {{ matrix_continuwuity_config_port_number }}
#
#unix_socket_perms = 660
# This is the only directory where continuwuity will save its data,
# including media. Note: this was previously "/var/lib/matrix-conduit".
# This is the only directory where continuwuity will save its data, including
# media. Note: this was previously "/var/lib/matrix-conduit".
#
# YOU NEED TO EDIT THIS.
#
@@ -80,9 +79,9 @@ port = {{ matrix_continuwuity_config_port_number }}
#
database_path = "/var/lib/continuwuity"
# continuwuity supports online database backups using RocksDB's Backup
# engine API. To use this, set a database backup path that continuwuity
# can write to.
# continuwuity supports online database backups using RocksDB's Backup engine
# API. To use this, set a database backup path that continuwuity can write
# to.
#
# For more information, see:
# https://continuwuity.org/maintenance.html#backups
@@ -109,13 +108,17 @@ database_path = "/var/lib/continuwuity"
new_user_displayname_suffix = {{ matrix_continuwuity_config_new_user_displayname_suffix | to_json }}
# If enabled, continuwuity will send a simple GET request periodically to
# `https://continuwuity.org/.well-known/continuwuity/announcements` for any new
# announcements or major updates. This is not an update check endpoint.
# `https://pupbrain.dev/check-for-updates/stable` for any new
# announcements made. Despite the name, this is not an update check
# endpoint, it is simply an announcement check endpoint.
#
# This is disabled by default as this is rarely used except for security
# updates or major updates.
#
allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates | to_json }}
# Set this to any float value to multiply continuwuity's in-memory LRU
# caches with such as "auth_chain_cache_capacity".
# Set this to any float value to multiply continuwuity's in-memory LRU caches
# with such as "auth_chain_cache_capacity".
#
# May be useful if you have significant memory to spare to increase
# performance.
@@ -187,6 +190,14 @@ allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates
#
#servernameevent_data_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it.
#
#server_visibility_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it.
#
#user_visibility_cache_capacity = varies by system
# This item is undocumented. Please contribute documentation for it.
#
#stateinfo_cache_capacity = varies by system
@@ -248,7 +259,7 @@ allow_check_for_updates = {{ matrix_continuwuity_config_allow_check_for_updates
#
# If you are running continuwuity in a container environment, this config
# option may need to be enabled. For more details, see:
# https://continuwuity.org/troubleshooting.html#potential-dns-issues-when-using-docker
# https://continuwuity.org/troubleshooting#potential-dns-issues-when-using-docker
#
#query_over_tcp_only = false
@@ -361,26 +372,6 @@ max_request_size = {{ matrix_continuwuity_config_max_request_size }}
#
#pusher_idle_timeout = 15
# Maximum time to receive a request from a client (seconds).
#
#client_receive_timeout = 75
# Maximum time to process a request received from a client (seconds).
#
#client_request_timeout = 180
# Maximum time to transmit a response to a client (seconds)
#
#client_response_timeout = 120
# Grace period for clean shutdown of client requests (seconds).
#
#client_shutdown_timeout = 10
# Grace period for clean shutdown of federation requests (seconds).
#
#sender_shutdown_timeout = 5
# Enables registration. If set to false, no users can register on this
# server.
#
@@ -393,27 +384,17 @@ max_request_size = {{ matrix_continuwuity_config_max_request_size }}
#
allow_registration = {{ matrix_continuwuity_config_allow_registration | to_json }}
# If registration is enabled, and this setting is true, new users
# registered after the first admin user will be automatically suspended
# and will require an admin to run `!admin users unsuspend <user_id>`.
#
# Suspended users are still able to read messages, make profile updates,
# leave rooms, and deactivate their account, however cannot send messages,
# invites, or create/join or otherwise modify rooms.
# They are effectively read-only.
#
suspend_on_register = {{ matrix_continuwuity_config_suspend_on_register | to_json }}
# Enabling this setting opens registration to anyone without restrictions.
# This makes your server vulnerable to abuse
#
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = {{ matrix_continuwuity_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse | to_json }}
allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
# This item is undocumented. Please contribute documentation for it.
#
#yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false
# A static registration token that new users will have to provide when
# creating an account. If unset and `allow_registration` is true,
# you must set
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
# to true to allow open registration without any conditions.
# registration is open without any condition.
#
# YOU NEED TO EDIT THIS OR USE registration_token_file.
#
@@ -421,9 +402,8 @@ yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = {{ m
#
registration_token = {{ matrix_continuwuity_config_registration_token | to_json }}
# Path to a file on the system that gets read for additional registration
# tokens. Multiple tokens can be added if you separate them with
# whitespace
# Path to a file on the system that gets read for the registration token.
# this config option takes precedence/priority over "registration_token".
#
# continuwuity must be able to access the file, and it must not be empty
#
@@ -438,21 +418,12 @@ registration_token = {{ matrix_continuwuity_config_registration_token | to_json
# Controls whether federation is allowed or not. It is not recommended to
# disable this after the fact due to potential federation breakage.
#
allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
#allow_federation = true
# Allows federation requests to be made to itself
#
# This isn't intended and is very likely a bug if federation requests are
# being sent to yourself. This currently mainly exists for development
# purposes.
# This item is undocumented. Please contribute documentation for it.
#
#federation_loopback = false
# Always calls /forget on behalf of the user if leaving a room. This is a
# part of MSC4267 "Automatically forgetting rooms on leave"
#
#forget_forced_upon_leave = false
# Set this to true to require authentication on the normally
# unauthenticated profile retrieval endpoints (GET)
# "/_matrix/client/v3/profile/{userId}".
@@ -530,9 +501,9 @@ allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
# Default room version continuwuity will create rooms with.
#
# Per spec, room version 11 is the default.
# Per spec, room version 10 is the default.
#
#default_room_version = 11
#default_room_version = 10
# This item is undocumented. Please contribute documentation for it.
#
@@ -597,9 +568,9 @@ allow_federation = {{ matrix_continuwuity_config_allow_federation | to_json }}
# Currently, continuwuity doesn't support inbound batched key requests, so
# this list should only contain other Synapse servers.
#
# example: ["matrix.org", "tchncs.de"]
# example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"]
#
trusted_servers = {{ matrix_continuwuity_config_trusted_servers | to_json }}
trusted_servers = {{ matrix_continuwuity_trusted_servers | to_json }}
# Whether to query the servers listed in trusted_servers first or query
# the origin server first. For best security, querying the origin server
@@ -615,7 +586,7 @@ trusted_servers = {{ matrix_continuwuity_config_trusted_servers | to_json }}
# specifically on room joins. This option limits the exposure to a
# compromised trusted server to room joins only. The join operation
# requires gathering keys from many origin servers which can cause
# significant delays. Therefore this defaults to true to mitigate
# significant delays. Therefor this defaults to true to mitigate
# unexpected delays out-of-the-box. The security-paranoid or those willing
# to tolerate delays are advised to set this to false. Note that setting
# query_trusted_key_servers_first to true causes this option to be
@@ -626,7 +597,7 @@ trusted_servers = {{ matrix_continuwuity_config_trusted_servers | to_json }}
# Only query trusted servers for keys and never the origin server. This is
# intended for clusters or custom deployments using their trusted_servers
# as forwarding-agents to cache and deduplicate requests. Notary servers
# do not act as forwarding-agents by default, therefore do not enable this
# do not act as forwarding-agents by default, therefor do not enable this
# unless you know exactly what you are doing.
#
#only_query_trusted_key_servers = false
@@ -656,9 +627,8 @@ log = {{ matrix_continuwuity_config_log | to_json }}
#
#log_span_events = "none"
# Configures whether CONTINUWUITY_LOG EnvFilter matches values using
# regular expressions. See the tracing_subscriber documentation on
# Directives.
# Configures whether continuwuity_LOG EnvFilter matches values using regular
# expressions. See the tracing_subscriber documentation on Directives.
#
#log_filter_regex = true
@@ -694,17 +664,13 @@ log = {{ matrix_continuwuity_config_log | to_json }}
# ("turn_secret"), It is recommended to use a shared secret over static
# credentials.
#
{% if matrix_continuwuity_config_turn_username != '' %}
turn_username = {{ matrix_continuwuity_config_turn_username | to_json }}
{% endif %}
#turn_username = false
# Static TURN password to provide the client if not using a shared secret
# ("turn_secret"). It is recommended to use a shared secret over static
# credentials.
#
{% if matrix_continuwuity_config_turn_password != '' %}
turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
{% endif %}
#turn_password = false
# Vector list of TURN URIs/servers to use.
#
@@ -723,10 +689,18 @@ turn_uris = {{ matrix_continuwuity_config_turn_uris | to_json }}
# This is more secure, but if needed you can use traditional static
# username/password credentials.
#
#turn_secret = false
{% if matrix_continuwuity_config_turn_secret != '' %}
turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
{% endif %}
# If you have your TURN server configured to use a username and password
# you can provide these information too. In this case comment out `turn_secret above`!
{% if matrix_continuwuity_config_turn_username != '' or matrix_continuwuity_config_turn_password != '' %}
turn_username = {{ matrix_continuwuity_config_turn_username | to_json }}
turn_password = {{ matrix_continuwuity_config_turn_password | to_json }}
{% endif %}
# TURN secret to use that's read from the file path specified.
#
# This takes priority over "turn_secret" first, and falls back to
@@ -740,12 +714,12 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
#turn_ttl = 86400
# List/vector of room IDs or room aliases that continuwuity will make
# newly registered users join. The rooms specified must be rooms that you
# have joined at least once on the server, and must be public.
# List/vector of room IDs or room aliases that continuwuity will make newly
# registered users join. The rooms specified must be rooms that you have
# joined at least once on the server, and must be public.
#
# example: ["#continuwuity:continuwuity.org",
# "!main-1:continuwuity.org"]
# example: ["#continuwuity:puppygock.gay",
# "!eoIzvAvVwY23LPDay8:puppygock.gay"]
#
#auto_join_rooms = []
@@ -768,10 +742,10 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
#auto_deactivate_banned_room_attempts = false
# RocksDB log level. This is not the same as continuwuity's log level.
# This is the log level for the RocksDB engine/library which show up in
# your database folder/path as `LOG` files. continuwuity will log RocksDB
# errors as normal through tracing or panics if severe for safety.
# RocksDB log level. This is not the same as continuwuity's log level. This
# is the log level for the RocksDB engine/library which show up in your
# database folder/path as `LOG` files. continuwuity will log RocksDB errors
# as normal through tracing or panics if severe for safety.
#
#rocksdb_log_level = "error"
@@ -832,7 +806,7 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
# Type of RocksDB database compression to use.
#
# Available options are "zstd", "bz2", "lz4", or "none".
# Available options are "zstd", "zlib", "bz2", "lz4", or "none".
#
# It is best to use ZSTD as an overall good balance between
# speed/performance, storage, IO amplification, and CPU usage. For more
@@ -853,9 +827,6 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
# magic number and translated to the library's default compression level
# as they all differ. See their `kDefaultCompressionLevel`.
#
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_compression_level = 32767
# Level of compression the specified compression algorithm for the
@@ -869,9 +840,6 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
# less likely for this data to be used. Research your chosen compression
# algorithm.
#
# Note when using the default value we may override it with a setting
# tailored specifically for continuwuity.
#
#rocksdb_bottommost_compression_level = 32767
# Whether to enable RocksDB's "bottommost_compression".
@@ -883,7 +851,7 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
# See https://github.com/facebook/rocksdb/wiki/Compression for more details.
#
#rocksdb_bottommost_compression = true
#rocksdb_bottommost_compression = false
# Database recovery mode (for RocksDB WAL corruption).
#
@@ -910,7 +878,7 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
# 0 = AbsoluteConsistency
# 1 = TolerateCorruptedTailRecords (default)
# 2 = PointInTime (use me if trying to recover)
# 3 = SkipAnyCorruptedRecord (you now voided your Continuwuity warranty)
# 3 = SkipAnyCorruptedRecord (you now voided your continuwuity warranty)
#
# For more information on these modes, see:
# https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
@@ -929,20 +897,6 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
#rocksdb_paranoid_file_checks = false
# Enables or disables checksum verification in rocksdb at runtime.
# Checksums are usually hardware accelerated with low overhead; they are
# enabled in rocksdb by default. Older or slower platforms may see gains
# from disabling.
#
#rocksdb_checksums = true
# Enables the "atomic flush" mode in rocksdb. This option is not intended
# for users. It may be removed or ignored in future versions. Atomic flush
# may be enabled by the paranoid to possibly improve database integrity at
# the cost of performance.
#
#rocksdb_atomic_flush = false
# Database repair mode (for RocksDB SST corruption).
#
# Use this option when the server reports corruption while running or
@@ -980,10 +934,10 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
#rocksdb_compaction_ioprio_idle = true
# Enables RocksDB compaction. You should never ever have to set this
# option to false. If you for some reason find yourself needing to use
# this option as part of troubleshooting or a bug, please reach out to us
# in the continuwuity Matrix room with information and details.
# Disables RocksDB compaction. You should never ever have to set this
# option to true. If you for some reason find yourself needing to use this
# option as part of troubleshooting or a bug, please reach out to us in
# the continuwuity Matrix room with information and details.
#
# Disabling compaction will lead to a significantly bloated and
# explosively large database, gradually poor performance, unnecessarily
@@ -1016,9 +970,7 @@ turn_secret = {{ matrix_continuwuity_config_turn_secret | to_json }}
#
# example: "F670$2CP@Hw8mG7RY1$%!#Ic7YA"
#
{% if matrix_continuwuity_config_emergency_password != '' %}
emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json }}
{% endif %}
# This item is undocumented. Please contribute documentation for it.
#
@@ -1026,8 +978,8 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# Allow local (your server only) presence updates/requests.
#
# Note that presence on continuwuity is very fast unlike Synapse's. If
# using outgoing presence, this MUST be enabled.
# Note that presence on continuwuity is very fast unlike Synapse's. If using
# outgoing presence, this MUST be enabled.
#
#allow_local_presence = true
@@ -1043,8 +995,8 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
#
# This option sends presence updates to other servers, but does not
# receive any unless `allow_incoming_presence` is true. Note that presence
# on continuwuity is very fast unlike Synapse's. If using outgoing
# presence, you MUST enable `allow_local_presence` as well.
# on continuwuity is very fast unlike Synapse's. If using outgoing presence,
# you MUST enable `allow_local_presence` as well.
#
#allow_outgoing_presence = true
@@ -1163,7 +1115,7 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
# Check consistency of the media directory at startup:
# 1. When `media_compat_file_link` is enabled, this check will upgrade
# media when switching back and forth between Conduit and conduwuit.
# media when switching back and forth between Conduit and continuwuity.
# Both options must be enabled to handle this.
# 2. When media is deleted from the directory, this check will also delete
# its database entry.
@@ -1198,71 +1150,27 @@ emergency_password = {{ matrix_continuwuity_config_emergency_password | to_json
#
#prune_missing_media = false
# List of forbidden server names via regex patterns that we will block
# incoming AND outgoing federation with, and block client room joins /
# remote user invites.
# Vector list of servers that continuwuity will refuse to download remote
# media from.
#
# Note that your messages can still make it to forbidden servers through
# backfilling. Events we receive from forbidden servers via backfill
# from servers we *do* federate with will be stored in the database.
#prevent_media_downloads_from = []
# List of forbidden server names that we will block incoming AND outgoing
# federation with, and block client room joins / remote user invites.
#
# This check is applied on the room ID, room alias, sender server name,
# sender user's server name, inbound federation X-Matrix origin, and
# outbound federation handler.
#
# You can set this to ["*"] to block all servers by default, and then
# use `allowed_remote_server_names` to allow only specific servers.
# Basically "global" ACLs.
#
# example: ["badserver\\.tld$", "badphrase", "19dollarfortnitecards"]
#
forbidden_remote_server_names = {{ matrix_continuwuity_config_forbidden_remote_server_names | to_json }}
forbidden_remote_server_names = {{ matrix_continuwuity_forbidden_remote_server_names | to_json }}
# List of allowed server names via regex patterns that we will allow,
# regardless of if they match `forbidden_remote_server_names`.
# List of forbidden server names that we will block all outgoing federated
# room directory requests for. Useful for preventing our users from
# wandering into bad servers or spaces.
#
# This option has no effect if `forbidden_remote_server_names` is empty.
#
# example: ["goodserver\\.tld$", "goodphrase"]
#
allowed_remote_server_names = {{ matrix_continuwuity_config_allowed_remote_server_names | to_json }}
# Vector list of regex patterns of server names that continuwuity will
# refuse to download remote media from.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
prevent_media_downloads_from = {{ matrix_continuwuity_config_prevent_media_downloads_from | to_json }}
# List of forbidden server names via regex patterns that we will block all
# outgoing federated room directory requests for. Useful for preventing
# our users from wandering into bad servers or spaces.
#
# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
#
forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_config_forbidden_remote_room_directory_server_names | to_json }}
# Vector list of regex patterns of server names that continuwuity will not
# send messages to the client from.
#
# Note that there is no way for clients to receive messages once a server
# has become unignored without doing a full sync. This is a protocol
# limitation with the current sync protocols. This means this is somewhat
# of a nuclear option.
#
# example: ["reallybadserver\.tld$", "reallybadphrase",
# "69dollarfortnitecards"]
#
ignore_messages_from_server_names = {{ matrix_continuwuity_config_ignore_messages_from_server_names | to_json }}
# Send messages from users that the user has ignored to the client.
#
# There is no way for clients to receive messages sent while a user was
# ignored without doing a full sync. This is a protocol limitation with
# the current sync protocols. Disabling this option will move
# responsibility of ignoring messages to the client, which can avoid this
# limitation.
#
#send_messages_from_ignored_users_to_client = false
forbidden_remote_room_directory_server_names = {{ matrix_continuwuity_forbidden_remote_room_directory_server_names | to_json }}
# Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
# do not want continuwuity to send outbound requests to. Defaults to
@@ -1307,7 +1215,7 @@ ignore_messages_from_server_names = {{ matrix_continuwuity_config_ignore_message
# attack surface to your server, you are expected to be aware of the risks
# by doing so.
#
url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_preview_domain_contains_allowlist | to_json }}
#url_preview_domain_contains_allowlist = []
# Vector list of explicit domains allowed to send requests to for URL
# previews.
@@ -1371,7 +1279,7 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
# used, and startup as warnings if any room aliases in your database have
# a forbidden room alias/ID.
#
# example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
# example: ["19dollarfortnitecards", "b[4a]droom"]
#
#forbidden_alias_names = []
@@ -1384,7 +1292,7 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
# startup as warnings if any local users in your database have a forbidden
# username.
#
# example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
# example: ["administrator", "b[a4]dusernam[3e]"]
#
#forbidden_usernames = []
@@ -1415,8 +1323,8 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
# Allow admins to enter commands in rooms other than "#admins" (admin
# room) by prefixing your message with "\!admin" or "\\!admin" followed up
# a normal continuwuity admin command. The reply will be publicly visible
# to the room, originating from the sender.
# a normal continuwuity admin command. The reply will be publicly visible to
# the room, originating from the sender.
#
# example: \\!admin debug ping puppygock.gay
#
@@ -1433,8 +1341,8 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
# This option can also be configured with the `--execute` continuwuity
# argument and can take standard shell commands and environment variables
#
# For example: `./continuwuity --execute "server admin-notice continuwuity
# has started up at $(date)"`
# For example: `./continuwuity --execute "server admin-notice continuwuity has
# started up at $(date)"`
#
# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
#
@@ -1447,13 +1355,6 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
#
#admin_execute_errors_ignore = false
# List of admin commands to execute on SIGUSR2.
#
# Similar to admin_execute, but these commands are executed when the
# server receives SIGUSR2 on supporting platforms.
#
#admin_signal_execute = []
# Controls the max log level for admin command log captures (logs
# generated from running admin commands). Defaults to "info" on release
# builds, else "debug" on debug builds.
@@ -1463,20 +1364,21 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
# The default room tag to apply on the admin room.
#
# On some clients like Element, the room tag "m.server_notice" is a
# special pinned room at the very bottom of your room list. The
# continuwuity admin room can be pinned here so you always have an
# easy-to-access shortcut dedicated to your admin room.
# special pinned room at the very bottom of your room list. The continuwuity
# admin room can be pinned here so you always have an easy-to-access
# shortcut dedicated to your admin room.
#
#admin_room_tag = "m.server_notice"
# Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
# This is NOT enabled by default.
# This is NOT enabled by default. continuwuity's default Sentry reporting
# endpoint domain is `o4506996327251968.ingest.us.sentry.io`.
#
#sentry = false
# Sentry reporting URL, if a custom one is desired.
#
#sentry_endpoint = ""
#sentry_endpoint = "https://fe2eb4536aa04949e28eff3128d64757@o4506996327251968.ingest.us.sentry.io/4506996334657536"
# Report your continuwuity server_name in Sentry.io crash reports and
# metrics.
@@ -1610,34 +1512,6 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
#
#sender_workers = 0
# Enables listener sockets; can be set to false to disable listening. This
# option is intended for developer/diagnostic purposes only.
#
#listening = true
# Enables configuration reload when the server receives SIGUSR1 on
# supporting platforms.
#
#config_reload_signal = true
[global.tls]
# Path to a valid TLS certificate file.
#
# example: "/path/to/my/certificate.crt"
#
#certs =
# Path to a valid TLS certificate private key.
#
# example: "/path/to/my/certificate.key"
#
#key =
# Whether to listen and allow for HTTP and HTTPS connections (insecure!)
#
#dual_protocol = false
[global.well_known]
# The server URL that the client well-known file will serve. This should
@@ -1655,46 +1529,18 @@ url_preview_domain_contains_allowlist = {{ matrix_continuwuity_config_url_previe
#
#server =
# URL to a support page for the server, which will be served as part of
# the MSC1929 server support endpoint at /.well-known/matrix/support.
# Will be included alongside any contact information
# This item is undocumented. Please contribute documentation for it.
#
#support_page =
# Role string for server support contacts, to be served as part of the
# MSC1929 server support endpoint at /.well-known/matrix/support.
# This item is undocumented. Please contribute documentation for it.
#
#support_role = "m.role.admin"
#support_role =
# Email address for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_mxid if specified.
# This item is undocumented. Please contribute documentation for it.
#
#support_email =
# Matrix ID for server support contacts, to be served as part of the
# MSC1929 server support endpoint.
# This will be used along with support_email if specified.
#
# If no email or mxid is specified, all of the server's admins will be
# listed.
# This item is undocumented. Please contribute documentation for it.
#
#support_mxid =
[global.blurhashing]
# blurhashing x component, 4 is recommended by https://blurha.sh/
#
#components_x = 4
# blurhashing y component, 3 is recommended by https://blurha.sh/
#
#components_y = 3
# Max raw size that the server will blurhash, this is the size of the
# image after converting it to raw data, it should be higher than the
# upload limit but not too high. The higher it is the higher the
# potential load will be for clients requesting blurhashes. The default
# is 33.55MB. Setting it to 0 disables blurhashing.
#
#blurhash_max_raw_size = 33554432

2
roles/custom/matrix-coturn/defaults/main.yml
View File

@@ -34,7 +34,7 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
# The Docker network that coturn would be put into.
#
# Because coturn relays traffic to unvalidated IP addresses,
# using a dedicated network, isolated from other Docker (and local) services is preferable.
# using a dedicated network, isolated from other Docker (and local) services is preferrable.
#
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.

2
roles/custom/matrix-dendrite/defaults/main.yml
View File

@@ -355,7 +355,7 @@ matrix_dendrite_user_api_auto_join_rooms: []
# name, number of active users and some information on your deployment config.
matrix_dendrite_report_stats: false
# Controls whether thumbnails for media content are generated dynamically
# Contorls whether thumbnails for media content are generated dynamically
matrix_dendrite_media_api_dynamic_thumbnails: false
matrix_dendrite_media_api_max_thumbnail_generators: 10

2
roles/custom/matrix-dynamic-dns/defaults/main.yml
View File

@@ -36,7 +36,7 @@ matrix_dynamic_dns_container_additional_networks: "{{ matrix_dynamic_dns_contain
matrix_dynamic_dns_container_additional_networks_auto: []
matrix_dynamic_dns_container_additional_networks_custom: []
# List of extra arguments to pass to the container mode
# List of extra arguments to pass to the ontainer mode
matrix_dynamic_dns_container_extra_arguments: []
# List of wanted services when running in mode

2
roles/custom/matrix-element-call/defaults/main.yml
View File

@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.13.1
matrix_element_call_version: v0.11.1
matrix_element_call_scheme: https

2
roles/custom/matrix-element-call/templates/labels.j2
View File

@@ -48,4 +48,4 @@ traefik.http.routers.matrix-element-call.tls.certResolver={{ matrix_element_call
{% endif %}
{{ matrix_element_call_container_labels_additional_labels }}
{{ matrix_element_call_container_labels_additional_labels }}

2
roles/custom/matrix-ma1sd/defaults/main.yml
View File

@@ -150,7 +150,7 @@ matrix_ma1sd_database_name: 'matrix_ma1sd'
matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}'
# ma1sd has several supported identity stores.
# ma1sd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
matrix_ma1sd_synapsesql_enabled: false

4
roles/custom/matrix-media-repo/templates/grafana/media-repo.json
View File

@@ -131,7 +131,7 @@
"refId": "B"
}
],
"title": "HTTP Requests",
"title": "HTTP Requsts",
"type": "timeseries"
},
{
@@ -1300,4 +1300,4 @@
"uid": "xJUZ3xfmk",
"version": 15,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
View File

@@ -16,7 +16,7 @@
- {'old': 'matrix_prometheus_nginxlog_exporter_container_hostname', 'new': 'matrix_prometheus_nginxlog_exporter_identifier'}
- {'old': 'matrix_prometheus_nginxlog_exporter_docker_image_name_prefix', 'new': 'matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix'}
- name: Fail if docker image not available for arch
- name: Fail if docker image not availble for arch
ansible.builtin.fail:
msg: >
'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'.

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json
View File

@@ -1702,4 +1702,4 @@
"uid": "x2_jWNF4k",
"version": 12,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
View File

@@ -1702,4 +1702,4 @@
"uid": "x2_jWNF4k",
"version": 12,
"weekStart": ""
}
}

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
View File

@@ -13,7 +13,7 @@ listen:
namespaces:
- name: matrix
metrics_override:
prefix: "myprefix"
preffix: "myprefix"
namespace_label: "namespace"
format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""
# enable to print to console

2
roles/custom/matrix-static-files/defaults/main.yml
View File

@@ -13,7 +13,7 @@ matrix_static_files_enabled: true
matrix_static_files_identifier: matrix-static-files
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_static_files_version: 2.37.0
matrix_static_files_version: 2.36.1
matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"

2
roles/custom/matrix-synapse-admin/defaults/main.yml
View File

@@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false
matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
# renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
matrix_synapse_admin_version: v0.11.1-etke44
matrix_synapse_admin_version: v0.10.4-etke41
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}"
matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
View File

@@ -24,7 +24,7 @@
matrix_synapse_reverse_proxy_companion_enabled: true
# renovate: datasource=docker depName=nginx
matrix_synapse_reverse_proxy_companion_version: 1.29.0-alpine
matrix_synapse_reverse_proxy_companion_version: 1.28.0-alpine
matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

2
roles/custom/matrix-synapse-usage-exporter/templates/grafana/synapse-usage-exporter.json
View File

@@ -2743,4 +2743,4 @@
"uid": "c84624d7-3935-4470-83c0-c10d1cee35ff",
"version": 2,
"weekStart": ""
}
}

Some files were not shown because too many files have changed in this diff Show More