feat(alertmanager_receiver): add role

README.md

@@ -10,8 +10,10 @@ Roles for deploying matrix infrastructure using ansible.
 
 ## Roles
 
+- [`alertmanager_receiver`](roles/alertmanager_receiver/README.md): a matrix-based receiver for alertmanager
 - [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
 - [`element`](roles/element/README.md): [Element](https://element.io/) Web Client
+- [`hydrogen`](roles/hydrogen/README.md): [Hydrogen](https://matrix.org/ecosystem/clients/hydrogen/) lightweight web client
 - [`synapse`](roles/synapse/README.md): [Synapse](https://github.com/element-hq/synapse/),
   a matrix homeserver implemention by Element
 

galaxy.yml

@@ -1,12 +1,23 @@
 namespace: finallycoffee
 name: matrix
-version: 0.1.0
+version: "0.1.9"
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Various matrix-related ansible roles
+dependencies:
+  "community.docker": "^4.4.0"
+  "community.general": "^10.0.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
 repository: https://git.finally.coffee/finallycoffee/matrix
 issues: https://codeberg.org/finallycoffee/ansible-collection-matrix/issues
+tags:
+  - matrix
+  - synapse
+  - homeserver
+  - element
+  - hydrogen
+  - cinny
+  - matrix_alertmanager_receiver

playbooks/alertmanager_receiver.yml

@@ -0,0 +1,7 @@
+---
+- name: Deploy matrix-alertmanager-receiver
+  hosts: "{{ matrix_alertmanager_receiver_hosts | default('matrix_alertmanager_receiver') }}"
+  become: "{{ matrix_alertmanager_receiver_become | default(false) }}"
+  gather_facts: "{{ matrix_alertmanager_receiver_gather_facts | default(false) }}"
+  roles:
+    - role: finallycoffee.matrix.alertmanager_receiver

playbooks/hydrogen.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy and configure hydrogen
+  hosts: "{{ hydrogen_hosts | default('hydrogen') }}"
+  become: "{{ hydrogen_become | default(true) }}"
+  roles:
+    - role: finallycoffee.matrix.hydrogen

roles/alertmanager_receiver/README.md

@@ -0,0 +1,17 @@
+# `finallycoffee.matrix.alertmanager_receiver` ansible role
+
+This ansible role deploys and configures
+[`matrix-alertmanager-receiver`](https://github.com/metio/matrix-alertmanager-receiver),
+a fork of [https://git.sr.ht/~fnux/matrix-alertmanager-receiver] with more features.
+For futher information, see [the project's `README`](https://github.com/metio/matrix-alertmanager-receiver?tab=readme-ov-file#matrix-alertmanager-receiver-).
+
+## Configuration
+
+### Required configuration
+
+The following variables *must* be populated or else the role will be unable to
+set up the service successfully:
+
+- `alertmanager_receiver_config_matrix_homeserver_url` - matrix homeserver URL
+- `alertmanager_receiver_config_matrix_user_id` - full userid (`@user:instance.tld`)
+- `alertmanager_receiver_config_matrix_access_token` - access token for that user

roles/alertmanager_receiver/defaults/main/config.yml

@@ -0,0 +1,52 @@
+---
+alertmanager_receiver_config_log_level: "info"
+alertmanager_receiver_config_http_address: 127.0.0.1
+alertmanager_receiver_config_http_port: 12345
+alertmanager_receiver_config_http_alerts_path_prefix: "/alerts"
+alertmanager_receiver_config_http_metrics_path: "/metrics"
+alertmanager_receiver_config_http_metric_enabled: true
+alertmanager_receiver_config_http_basic_username: "alertmanager"
+alertmanager_receiver_config_http_basic_password: ~
+alertmanager_receiver_config_http:
+  address: "{{ alertmanager_receiver_config_http_address }}"
+  port: "{{ alertmanager_receiver_config_http_port }}"
+  "alerts-path-prefix": "{{ alertmanager_receiver_config_http_alerts_path_prefix }}"
+  "metrics-path": "{{ alertmanager_receiver_config_http_metrics_path }}"
+  "metrics-enabled": "{{ alertmanager_receiver_config_http_metric_enabled }}"
+  "basic-username": "{{ alertmanager_receiver_config_http_basic_username }}"
+  "basic-password": "{{ alertmanager_receiver_config_http_basic_password }}"
+alertmanager_receiver_config_matrix_homeserver_url: ~
+alertmanager_receiver_config_matrix_user_id: ~
+alertmanager_receiver_config_matrix_access_token: ~
+alertmanager_receiver_config_matrix_proxy: ""
+alertmanager_receiver_config_matrix_room_mapping: {}
+alertmanager_receiver_config_matrix:
+  "homeserver-url": "{{ alertmanager_receiver_config_matrix_homeserver_url }}"
+  "user-id": "{{ alertmanager_receiver_config_matrix_user_id }}"
+  "access-token": "{{ alertmanager_receiver_config_matrix_access_token }}"
+  proxy: "{{ alertmanager_receiver_config_matrix_proxy }}"
+  "room-mapping": "{{ alertmanager_receiver_config_matrix_room_mapping }}"
+alertmanager_receiver_config_templating_external_url_mapping: {}
+alertmanager_receiver_config_templating_generator_url_mapping: {}
+alertmanager_receiver_config_templating_computed_values: >-2
+  {{ alertmanager_receiver_config_templating_computed_values_default }}
+alertmanager_receiver_config_templating_firing_template: >-2
+  {{ alertmanager_receiver_config_templating_firing_template_default }}
+alertmanager_receiver_config_templating_resolved_template: >-2
+  {{ alertmanager_receiver_config_templating_resolved_template_default }}
+alertmanager_receiver_config_templating:
+  "external-url-mapping": >-2
+    {{ alertmanager_receiver_config_templating_external_url_mapping }}
+  "generator-url-mapping": >-2
+    {{ alertmanager_receiver_config_templating_generator_url_mapping }}
+  "computed-values": "{{ alertmanager_receiver_config_templating_computed_values }}"
+  "firing-template": "{{ alertmanager_receiver_config_templating_firing_template }}"
+  "resolved-template": "{{ alertmanager_receiver_config_templating_resolved_template }}"
+alertmanager_receiver_default_config:
+  http: "{{ alertmanager_receiver_config_http }}"
+  matrix: "{{ alertmanager_receiver_config_matrix }}"
+  templating: "{{ alertmanager_receiver_config_templating }}"
+alertmanager_receiver_config: {}
+alertmanager_receiver_merged_config: >-2
+  {{ (alertmanager_receiver_default_config | default({}))
+    | combine(alertmanager_receiver_config | default({}), recursive=True) }}

roles/alertmanager_receiver/defaults/main/container.yml

@@ -0,0 +1,54 @@
+---
+alertmanager_receiver_container_image_registry: "docker.io"
+alertmanager_receiver_container_image_namespace: "metio"
+alertmanager_receiver_container_image_repository: "matrix-alertmanager-receiver"
+alertmanager_receiver_container_image_name: >-2
+  {{ [
+    alertmanager_receiver_container_image_registry | default([]),
+    alertmanager_receiver_container_image_namespace | default([]),
+    alertmanager_receiver_container_image_repository
+  ] | flatten | join('/') }}
+alertmanager_receiver_container_image_tag: ~
+alertmanager_receiver_container_image: >-2
+  {{ [
+    alertmanager_receiver_container_image_name,
+    (alertmanager_receiver_container_image_tag | default(
+        alertmanager_receiver_version, true
+    ))
+  ] | join(':') }}
+alertmanager_receiver_container_image_source: "pull"
+alertmanager_receiver_container_image_force_source: >-2
+  {{ alertmanager_receiver_container_image_tag | default(false, true) | bool }}
+
+alertmanager_receiver_container_config_file_path: >-2
+  {{ alertmanager_receiver_config_file_path }}
+
+alertmanager_receiver_container_name: "matrix-alertmanager-receiver"
+alertmanager_receiver_container_env: ~
+alertmanager_receiver_container_user: >-2
+  {{ alertmanager_receiver_user_uid }}:{{ alertmanager_receiver_user_gid }}
+alertmanager_receiver_container_ports: ~
+alertmanager_receiver_container_labels: ~
+alertmanager_receiver_container_command:
+#  - "/matrix-alertmanager-receiver"
+  - "--config-path"
+  - "{{ alertmanager_receiver_container_config_file_path }}"
+  - "--log-level"
+  - "{{ alertmanager_receiver_config_log_level }}"
+alertmanager_receiver_container_volumes: []
+alertmanager_receiver_container_base_volumes:
+  - >-2
+    {{ [
+      alertmanager_receiver_config_file_path,
+      alertmanager_receiver_container_config_file_path,
+      'ro'
+    ] | join(':') }}
+alertmanager_receiver_container_merged_volumes: >-2
+  {{ (alertmanager_receiver_container_base_volumes | default([], true))
+    + (alertmanager_receiver_container_volumes | default([], true)) }}
+alertmanager_receiver_container_networks: ~
+alertmanager_receiver_container_etc_hosts: ~
+alertmanager_receiver_container_dns_servers: ~
+alertmanager_receiver_container_restart_policy: "on-failure"
+alertmanager_receiver_container_state: >-2
+  {{ (alertmanager_receiver_state == 'present') | ternary('started', 'absent') }}

roles/alertmanager_receiver/defaults/main/main.yml

@@ -0,0 +1,9 @@
+---
+alertmanager_receiver_user: "matrix-alertmanager-receiver"
+alertmanager_receiver_version: "2025.8.6"
+alertmanager_receiver_config_file_path: "/etc/matrix-alertmanager-receiver/config.yaml"
+alertmanager_receiver_config_path: >-2
+  {{ alertmanager_receiver_config_file_path | dirname }}
+
+alertmanager_receiver_state: present
+alertmanager_receiver_deployment_method: docker

roles/alertmanager_receiver/defaults/main/templates.yml

@@ -0,0 +1,51 @@
+---
+alertmanager_receiver_config_templating_computed_values_default:
+  - values: # always set 'color' to 'yellow'
+      color: yellow
+  - values: # set 'color' to 'orange' when alert label 'severity' is 'warning'
+      color: orange
+    when-matching-labels:
+      severity: warning
+  - values: # set 'color' to 'red' when alert label 'severity' is 'critical'
+      color: red
+    when-matching-labels:
+      severity: critical
+  - values: # set 'color' to 'green' when alert status is 'resolved'
+      color: green
+    when-matching-status: resolved
+
+alertmanager_receiver_config_templating_firing_template_default: |+2
+  {% raw -%}
+  <p>
+    <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
+    {{ if .Alert.Labels.name }}
+      {{ .Alert.Labels.name }}
+    {{ else if .Alert.Labels.alertname }}
+      {{ .Alert.Labels.alertname }}
+    {{ end }}
+    >>
+    {{ if .Alert.Labels.severity }}
+      {{ .Alert.Labels.severity | ToUpper }}: 
+    {{ end }}
+    {{ if .Alert.Annotations.description }}
+      {{ .Alert.Annotations.description }}
+    {{ else if .Alert.Annotations.summary }}
+      {{ .Alert.Annotations.summary }}
+    {{ end }}
+    >>
+    {{ if .Alert.Annotations.runbook }}
+      <a href="{{ .Alert.Annotations.runbook }}">Runbook</a> | 
+    {{ end }}
+    {{ if .Alert.Annotations.dashboard }}
+      <a href="{{ .Alert.Annotations.dashboard }}">Dashboard</a> | 
+    {{ end }}
+    <a href="{{ .SilenceURL }}">Silence</a>
+  </p>
+  {%- endraw %}
+
+alertmanager_receiver_config_templating_resolved_template_default: |+2
+  {% raw -%}
+  <strong>
+    <font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font>
+  </strong>{{ .Alert.Labels.name }}
+  {%- endraw %}

roles/alertmanager_receiver/defaults/main/user.yml

@@ -0,0 +1,11 @@
+---
+alertmanager_receiver_user_create_home: false
+alertmanager_receiver_user_system: true
+alertmanager_receiver_user_groups: []
+alertmanager_receiver_user_append: >-2
+  {{ alertmanager_receiver_user_groups | length > 0 }}
+
+alertmanager_receiver_user_uid: >-2
+  {{ alertmanager_receiver_user_info.uid | default(alertmanager_receiver_user) }}
+alertmanager_receiver_user_gid: >-2
+  {{ alertmanager_receiver_user_info.group | default(alertmanager_receiver_user) }}

roles/alertmanager_receiver/meta/main.yml

@@ -0,0 +1,14 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: alertmanager_receiver
+  description: >-2
+    `matrix-alertmanager-receiver` is a receiver for alerts generated by alertmanager.
+    This role supports both `docker` and `podman` based deployments.
+  galaxy_tags:
+    - matrix
+    - alertmanager
+    - metio
+    - docker
+    - podman

roles/alertmanager_receiver/tasks/check.yml

@@ -0,0 +1,28 @@
+---
+- name: Ensure valid alertmanager_receiver_state
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported value '{{ alertmanager_receiver_state }}' for
+      alertmanager_receiver_state. Supported values are
+      {{ alertmanager_receiver_states | map(quote) | join(', ')
+  when: alertmanager_receiver_state not in alertmanager_receiver_states
+
+- name: Ensure valid alertmanager_receiver_deployment_method
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported value '{{ alertmanager_receiver_deployment_method }}' for
+      alertmanager_receiver_deployment_method. Supported values are
+      {{ alertmanager_receiver_deployment_methods | map(quote) | join(', ')
+  when: alertmanager_receiver_deployment_method not in alertmanager_receiver_deployment_methods
+
+- name: Ensure role fails when required configuration is missing
+  ansible.builtin.fail:
+    msg: >-2
+      Required configuration key '{{ _config_key }}' is undefined
+  when: hostvars[inventory_hostname][_config_key] is undefined
+  loop:
+    - "alertmanager_receiver_config_matrix_homeserver_url"
+    - "alertmanager_receiver_config_matrix_user_id"
+    - "alertmanager_receiver_config_matrix_access_token"
+  loop_control:
+    loop_var: "_config_key"

roles/alertmanager_receiver/tasks/configure.yml

@@ -0,0 +1,12 @@
+---
+- name: Ensure configuration folder '{{ alertmanager_receiver_config_path }}' is {{ alertmanager_receiver_state }}
+  ansible.builtin.file:
+    path: "{{ alertmanager_receiver_config_path }}"
+    state: >-2
+      {{ (alertmanager_receiver_state == 'present') | ternary('directory', 'absent') }}
+
+- name: Ensure configuration file '{{ alertmanager_receiver_config_file_path }}' is written
+  ansible.builtin.copy:
+    dest: "{{ alertmanager_receiver_config_file_path }}"
+    content: "{{ alertmanager_receiver_merged_config | to_nice_yaml(indent=2, width=200) }}"
+  when: alertmanager_receiver_state == 'present'

roles/alertmanager_receiver/tasks/deploy-docker.yml

@@ -0,0 +1,23 @@
+---
+- name: Ensure container image '{{ alertmanager_receiver_container_image }}' is {{ alertmanager_receiver_state }}
+  community.docker.docker_image:
+    name: "{{ alertmanager_receiver_container_image }}"
+    state: "{{ alertmanager_receiver_state }}"
+    source: "{{ alertmanager_receiver_container_image_source }}"
+    force_source: "{{ alertmanager_receiver_container_image_force_source }}"
+
+- name: Ensure container '{{ alertmanager_receiver_container_name }}' is {{ alertmanager_receiver_container_state }}
+  community.docker.docker_container:
+    name: "{{ alertmanager_receiver_container_name }}"
+    image: "{{ alertmanager_receiver_container_image }}"
+    env: "{{ alertmanager_receiver_container_env | default(omit, true) }}"
+    user: "{{ alertmanager_receiver_container_user | default(omit, true) }}"
+    ports: "{{ alertmanager_receiver_container_ports }}"
+    labels: "{{ alertmanager_receiver_container_labels }}"
+    command: "{{ alertmanager_receiver_container_command | default(omit, true) }}"
+    volumes: "{{ alertmanager_receiver_container_merged_volumes }}"
+    networks: "{{ alertmanager_receiver_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ alertmanager_receiver_container_etc_hosts }}"
+    dns_servers: "{{ alertmanager_receiver_container_dns_servers }}"
+    restart_policy: "{{ alertmanager_receiver_container_restart_policy }}"
+    state: "{{ alertmanager_receiver_container_state }}"

roles/alertmanager_receiver/tasks/deploy-podman.yml

@@ -0,0 +1,23 @@
+---
+- name: Ensure container image '{{ alertmanager_receiver_container_image }}' is {{ alertmanager_receiver_state }}
+  containers.podman.podman_image:
+    name: "{{ alertmanager_receiver_container_image }}"
+    state: "{{ alertmanager_receiver_state }}"
+    pull: "{{ alertmanager_receiver_container_image_source == 'pull' }}"
+    force: "{{ alertmanager_receiver_container_image_force_source }}"
+
+- name: Ensure container '{{ alertmanager_receiver_container_name }}' is {{ alertmanager_receiver_container_state }}
+  containers.podman.podman_container:
+    name: "{{ alertmanager_receiver_container_name }}"
+    image: "{{ alertmanager_receiver_container_image }}"
+    env: "{{ alertmanager_receiver_container_env | default(omit, true) }}"
+    user: "{{ alertmanager_receiver_container_user | default(omit, true) }}"
+    ports: "{{ alertmanager_receiver_container_ports }}"
+    labels: "{{ alertmanager_receiver_container_labels }}"
+    command: "{{ alertmanager_receiver_container_command | default(omit, true) }}"
+    volumes: "{{ alertmanager_receiver_container_merged_volumes }}"
+    network: "{{ alertmanager_receiver_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ alertmanager_receiver_container_etc_hosts }}"
+    dns_servers: "{{ alertmanager_receiver_container_dns_servers }}"
+    restart_policy: "{{ alertmanager_receiver_container_restart_policy }}"
+    state: "{{ alertmanager_receiver_container_state }}"

roles/alertmanager_receiver/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure preconditions are met
+  ansible.builtin.include_tasks:
+    file: "check.yml"
+
+- name: Ensure user '{{ alertmanager_receiver_user }}' is {{ alertmanager_receiver_state }}
+  ansible.builtin.user:
+    name: "{{ alertmanager_receiver_user }}"
+    state: "{{ alertmanager_receiver_state }}"
+    system: "{{ alertmanager_receiver_user_system }}"
+    create_home: "{{ alertmanager_receiver_user_create_home }}"
+    groups: "{{ alertmanager_receiver_user_groups | default(omit, true) }}"
+    append: "{{ alertmanager_receiver_user_append | default(omit) }}"
+  register: alertmanager_receiver_user_info
+
+- name: Ensure configuration is up to date
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+
+- name: Deploy using {{ alertmanager_receiver_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ alertmanager_receiver_deployment_method }}.yml"

roles/alertmanager_receiver/vars/main.yml

@@ -0,0 +1,7 @@
+---
+alertmanager_receiver_states:
+  - "present"
+  - "absent"
+alertmanager_receiver_deployment_methods:
+  - "docker"
+  - "podman"

roles/cinny/defaults/main/config.yml

@@ -1,5 +1,4 @@
 ---
-cinny_testvar: abc
 cinny_config_complete: >-
   {{ cinny_config | default({})
   | combine(cinny_default_config | default({})) }}

roles/cinny/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 cinny_user: cinny
 cinny_state: "present"
-cinny_version: "4.2.1"
+cinny_version: "4.8.1"
 cinny_deployment_method: "docker"
 
 cinny_base_path: "/opt/cinny"

roles/cinny/docs/docker.md

@@ -14,7 +14,6 @@ are available under the `cinny_container_` prefix:
 - `labels`
 - `networks`
 - `etc_hosts`
-- `purge_networks`
 
 The following variables are pre-populated by the role, so override them with care:
 

roles/cinny/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: cinny
+  description: Deploy cinny, a matrix web client, using podman, docker or a raw tarball to serve from your webserver
+  galaxy_tags:
+    - cinny
+    - matrix
+    - matrix-client
+    - docker
+    - podman

roles/cinny/tasks/deploy-docker.yml

@@ -30,4 +30,3 @@
     networks: "{{ cinny_container_networks | default(omit) }}"
     etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}"
     restart_policy: "{{ cinny_container_restart_policy }}"
-    purge_networks: "{{ cinny_container_purge_networks | default(omit) }}"

roles/element/defaults/main/container.yml

@@ -11,12 +11,15 @@ element_container_image_registry: "docker.io"
 element_container_image_namespace: "vectorim"
 element_container_image_name: "element-web"
 element_container_image_tag: ~
+element_container_image_source: pull
+element_container_image_force_source: >-2
+  {{ element_container_image_tag | default(false, true) | bool }}
 element_container_name: "element-web"
 element_container_restart_policy: >-
   {{ (element_deployment_method == 'docker')
       | ternary('unless-stopped',
         (element_deployment_method == 'podman' |
-          ternary('on-failure', 'always'))
+          ternary('on-failure', 'always')))
   }}
 element_container_full_volumes: >-
   {{ element_container_default_volumes

roles/element/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 element_user: element
 element_state: "present"
-element_version: "1.11.77"
+element_version: "1.11.108"
 element_deployment_method: "docker"
 
 element_base_path: "/opt/element"
@@ -10,9 +10,9 @@ element_dist_path: "{{ element_source_path }}/dist"
 element_config_path: "{{ element_base_path }}/config"
 element_config_file: "{{ element_config_path }}/config.json"
 
-element_host_uid: >-
-  {{ element_user_info is defined
+element_host_uid: >-2
+  {{ ((element_user_info is defined) and ('uid' in element_user_info))
   | ternary(element_user_info.uid, element_user) }}
-element_host_gid: >-
-  {{ element_user_info is defined
+element_host_gid: >-2
+  {{ ((element_user_info is defined) and ('uid' in element_user_info))
   | ternary(element_user_info.group, element_user) }}

roles/element/docs/docker.md

@@ -14,7 +14,6 @@ are available under the `element_container_` prefix:
 - `labels`
 - `networks`
 - `etc_hosts`
-- `purge_networks`
 
 The following variables are pre-populated by the role, so override them with care:
 

roles/element/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: element
+  description: Deploy element, a matrix web client, using either docker, podman or a raw tarball to serve with your webserver
+  galaxy_tags:
+    - element
+    - matrix
+    - matrix-client
+    - docker
+    - podman

roles/element/tasks/deploy-docker.yml

@@ -14,8 +14,8 @@
   community.docker.docker_image:
     name: "{{ element_container_image }}"
     state: "{{ element_state }}"
-    source: "{{ element_container_source }}"
-    force_source: "{{ element_container_image_tag | default(false, true) }}"
+    source: "{{ element_container_image_source }}"
+    force_source: "{{ element_container_image_force_source }}"
 
 - name: Ensure container '{{ element_container_name }}' is {{ element_state }}
   community.docker.docker_container:
@@ -23,11 +23,10 @@
     image: "{{ element_container_image }}"
     state: "{{ (element_state == 'present') | ternary('started', 'absent') }}"
     env: "{{ element_container_env | default(omit) }}"
-    user: "{{ element_container_user }}"
+    user: "{{ element_container_user | default(omit) }}"
     ports: "{{ element_container_ports | default(omit) }}"
     labels: "{{ element_container_labels | default(omit) }}"
     volumes: "{{ element_container_full_volumes }}"
     networks: "{{ element_container_networks | default(omit) }}"
     etc_hosts: "{{ element_container_etc_hosts | default(omit) }}"
     restart_policy: "{{ element_container_restart_policy }}"
-    purge_networks: "{{ element_container_purge_networks | default(omit) }}"

roles/element/tasks/deploy-podman.yml

@@ -3,8 +3,8 @@
   containers.podman.podman_image:
     name: "{{ element_container_image }}"
     state: "{{ element_state }}"
-    pull: "{{ element_container_source == 'pull' }}"
-    force: "{{ element_container_image_tag | default(false, true) }}"
+    pull: "{{ element_container_image_source == 'pull' }}"
+    force: "{{ element_container_image_force_source }}"
 
 - name: Ensure container '{{ element_container_name }}' is {{ element_state }}
   containers.podman.podman_container:
@@ -12,7 +12,7 @@
     image: "{{ element_container_image }}"
     state: "{{ (element_state == 'present') | ternary('started', 'absent') }}"
     env: "{{ element_container_env | default(omit) }}"
-    user: "{{ element_container_user }}"
+    user: "{{ element_container_user | default(omit) }}"
     ports: "{{ element_container_ports | default(omit) }}"
     labels: "{{ element_container_labels | default(omit) }}"
     volumes: "{{ element_container_full_volumes }}"

roles/element/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-element_state:
+element_states:
   - present
   - absent
 

roles/hydrogen/README.md

@@ -0,0 +1,13 @@
+# `finallycoffee.matrix.hydrogen` ansible role
+
+Deploy [hydrogen](https://matrix.org/ecosystem/clients/hydrogen/),
+a lightweight matrix web client with SSO, multi-account and E2EE
+Support.
+
+## Configuration
+
+All configuration keys which would be written in the `config.json`
+are available under the `hydrogen_config_*` as flattened camelcase keys.
+As an alternative, the entire config structure can be passed into
+`hydrogen_config` (in combine mode) or `hydrogen_full_config` (ignores
+all defaults).

roles/hydrogen/defaults/main/container.yml

@@ -0,0 +1,42 @@
+---
+hydrogen_container_name: hydrogen
+hydrogen_container_image_server: ghcr.io
+hydrogen_container_image_namespace: element-hq
+hydrogen_container_image_name: hydrogen-web
+hydrogen_container_image_tag: ~
+hydrogen_container_image: >-2
+  {{
+    ([
+      hydrogen_container_image_server,
+      hydrogen_container_image_namespace,
+      hydrogen_container_image_name,
+    ] | join('/'))
+    + ':' + (hydrogen_container_image_tag
+      | default('v' + hydrogen_version, true))
+  }}
+
+hydrogen_container_working_directory: "/usr/share/nginx/html"
+hydrogen_container_config_file: >-2
+  {{ hydrogen_container_working_directory }}/config.json
+hydrogen_container_base_volumes:
+  - "{{ hydrogen_config_file }}:{{ hydrogen_container_config_file }}:ro"
+hydrogen_container_full_volumes: >-2
+  {{ hydrogen_container_base_volumes | default([], true)
+    + (hydrogen_container_volumes | default([], true))
+
+hydrogen_container_image_source: pull
+hydrogen_container_image_force_source: >-2
+  {{ hydrogen_container_image_tag | default(false, true) | bool }}
+hydrogen_container_state: >-2
+  {{ (hydrogen_state == 'present') | ternary('started', 'absent') }}
+hydrogen_container_env: ~
+hydrogen_container_user: >-2
+  {{ hydrogen_run_user_id }}:{{ hydrogen_run_group_id }}
+hydrogen_container_ports: ~
+hydrogen_container_labels: ~
+hydrogen_container_ulimits: ~
+hydrogen_container_volumes: ~
+hydrogen_container_networks: ~
+hydrogen_container_dns_servers: ~
+hydrogen_container_etc_hosts: ~
+hydrogen_container_restart_policy: unless-stopped

roles/hydrogen/defaults/main/main.yml

@@ -0,0 +1,21 @@
+---
+hydrogen_state: present
+hydrogen_user: hydrogen
+hydrogen_version: "0.5.1"
+hydrogen_deployment_method: docker
+
+hydrogen_config_file: "/etc/hydrogen/config.json"
+
+hydrogen_config: ~
+hydrogen_config_default_home_server: matrix.org
+hydrogen_config_default_theme_light: "element-light"
+hydrogen_config_default_theme_dark: "element-dark"
+hydrogen_config_default_theme:
+  light: "{{ hydrogen_config_default_theme_light }}"
+  dark: "{{ hydrogen_config_default_theme_dark }}"
+hydrogen_base_config:
+  defaultHomeServer: "{{ hydrogen_config_default_home_server }}"
+  defaultTheme: "{{ hydrogen_config_default_theme }}"
+hydrogen_full_config: >-2
+  {{ hydrogen_base_config | default({}, true)
+      | combine(hydrogen_config | default({}, true)) }}

roles/hydrogen/defaults/main/user.yml

@@ -0,0 +1,5 @@
+---
+hydrogen_run_user_id: >-2
+  {{ hydrogen_user_info.uid | default(hydrogen_user) }}
+hydrogen_run_group_id: >-2
+  {{ hydrogen_user_info.group | default(hydrogen_user) }}

roles/hydrogen/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: hydrogen
+  description: Deploy hydrogen, a lightweight matrix web client
+  galaxy_tags:
+    - hydrogen
+    - matrix
+    - matrix-client
+    - docker
+    - podman

roles/hydrogen/tasks/deploy-docker.yml

@@ -0,0 +1,31 @@
+---
+- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host
+  community.docker.docker_image:
+    name: "{{ hydrogen_container_image }}"
+    state: "{{ hydrogen_state }}"
+    source: "{{ hydrogen_container_image_source }}"
+    force_source: >-2
+      {{ hydrogen_container_image_force_source }}
+  register: hydrogen_container_image_info
+  until: hydrogen_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }}
+  community.docker.docker_container:
+    name: "{{ hydrogen_container_name }}"
+    image: "{{ hydrogen_container_image }}"
+    env: "{{ hydrogen_container_env | default(omit, true) }}"
+    user: "{{ hydrogen_container_user }}"
+    ports: "{{ hydrogen_container_ports | default(omit, true) }}"
+    labels: "{{ hydrogen_container_labels | default(omit, true) }}"
+    ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}"
+    volumes: "{{ hydrogen_container_volumes }}"
+    networks: "{{ hydrogen_container_networks | default(omit, true) }}"
+    dns_servers: >-2
+      {{ hydrogen_container_dns_servers | default(omit, true) }}
+    etc_hosts: >-2
+      {{ hydrogen_container_etc_hosts | default(omit, true) }}
+    restart_policy: >-2
+      {{ hydrogen_container_restart_policy | default(omit, true) }}
+    state: "{{ hydrogen_container_state }}"

roles/hydrogen/tasks/deploy-podman.yml

@@ -0,0 +1,30 @@
+---
+- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host
+  containers.podman.podman_image:
+    name: "{{ hydrogen_container_image }}"
+    state: "{{ hydrogen_state }}"
+    pull: "{{ hydrogen_container_image_source == 'pull' }}"
+    force: "{{ hydrogen_container_image_force_source }}"
+  register: hydrogen_container_image_info
+  until: hydrogen_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }}
+  containers.podman.podman_container:
+    name: "{{ hydrogen_container_name }}"
+    image: "{{ hydrogen_container_image }}"
+    env: "{{ hydrogen_container_env | default(omit, true) }}"
+    user: "{{ hydrogen_container_user }}"
+    ports: "{{ hydrogen_container_ports | default(omit, true) }}"
+    labels: "{{ hydrogen_container_labels | default(omit, true) }}"
+    ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}"
+    volumes: "{{ hydrogen_container_volumes }}"
+    network: "{{ hydrogen_container_networks | default(omit, true) }}"
+    dns_servers: >-2
+      {{ hydrogen_container_dns_servers | default(omit, true) }}
+    etc_hosts: >-2
+      {{ hydrogen_container_etc_hosts | default(omit, true) }}
+    restart_policy: >-2
+      {{ hydrogen_container_restart_policy | default(omit, true) }}
+    state: "{{ hydrogen_container_state }}"

roles/hydrogen/tasks/main.yml

@@ -0,0 +1,57 @@
+---
+- name: Check if deployment method is supported
+  ansible.builtin.fail:
+    msg: >-2
+      Deployment method '{{ hydrogen_deployment_method }}'
+      is not supported. Support methods are
+      {{ hydrogen_deployment_methods | join(', ') }}.
+  when: hydrogen_deployment_method not in hydrogen_deployment_methods
+
+- name: Check if state is supported
+  ansible.builtin.fail:
+    msg: >-2
+      State '{{ hydrogen_state }}' is not supported.
+      Supported states are: {{ hydrogen_states | join(', ') }}
+  when: hydrogen_state not in hydrogen_states
+
+- name: Ensure hydrogen user '{{ hydrogen_user }}' is {{ hydrogen_state }}
+  ansible.builtin.user:
+    name: "{{ hydrogen_user }}"
+    system: "{{ hydrogen_user_system | default(true, true) }}"
+    groups: "{{ hydrogen_user_groups | default(omit, true) }}"
+    append: >-2
+      {{ hydrogen_user_append_groups
+        | default(hydrogen_user_groups | default([]) | length > 0, true)
+        | bool
+      }}
+    state: "{{ hydrogen_state }}"
+  register: hydrogen_user_info
+
+- name: Ensure hydrogen config file is {{ hydrogen_state }}
+  ansible.builtin.file:
+    path: "{{ hydrogen_config_file }}"
+    state: "{{ hydrogen_state }}"
+  when: hydrogen_state == 'absent'
+
+- name: Ensure hydrogen config folder is {{ hydrogen_state }}
+  ansible.builtin.file:
+    path: "{{ hydrogen_config_file | ansible.builtin.basename }}"
+    state: >-2
+      {{ (hydrogen_state == 'present')
+        | ternary('directory', 'absent') }}
+    owner: "{{ hydrogen_run_user_id }}"
+    group: "{{ hydrogen_run_group_id }}"
+    mode: "0755"
+
+- name: Ensure hydrogen config file is {{ hydrogen_state }}
+  ansible.builtin.copy:
+    dest: "{{ hydrogen_config_file }}"
+    content: "{{ hydrogen_config | to_nice_json }}"
+    owner: "{{ hydrogen_run_user_id }}"
+    group: "{{ hydrogen_run_group_id }}"
+    mode: "0640"
+  when: hydrogen_state == 'present'
+
+- name: Deploy using {{ hydrogen_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ hydrogen_deployment_method }}.yml"

roles/hydrogen/vars/main.yml

@@ -0,0 +1,7 @@
+---
+hydrogen_states:
+  - present
+  - absent
+hydrogen_deployment_methods:
+  - docker
+  - podman

roles/synapse/defaults/main/container.yml

@@ -30,7 +30,6 @@ synapse_container_ports: ~
 synapse_container_labels: ~
 synapse_container_ulimits: ~
 synapse_container_networks: ~
-synapse_container_purge_networks: ~
 synapse_container_dns_servers: ~
 synapse_container_etc_hosts: ~
 synapse_container_memory: ~

roles/synapse/defaults/main/homeserver.config.yml

@@ -23,8 +23,9 @@ synapse_default_config: >-
     | combine(synapse_metrics_config)
     | combine(synapse_api_config)
     | combine(synapse_push_config)
+    | combine(synapse_registration_config)
   }}
 
 synapse_homeserver_config: >-
   {{ synapse_default_config
-    | combine(synapse_config | default({})) }}
+    | combine(synapse_config | default({}), recursive=True) }}

roles/synapse/defaults/main/homeserver.registration.yml

@@ -0,0 +1,41 @@
+---
+synapse_config_enable_registration: false
+synapse_config_enable_registration_without_verification: false
+synapse_config_registrations_require_3pid: []
+synapse_config_registration_requires_token: true
+synapse_config_registration_shared_secret: ~
+synapse_config_registration_shared_secret_path: ~
+synapse_config_allowed_local_3pids: []
+synapse_config_enable_3pid_lookup: true
+
+synapse_config_bcrypt_rounds: 14
+synapse_config_allow_guest_access: false
+synapse_config_default_identity_server: ~
+synapse_config_enable_set_displayname: true
+synapse_config_enable_set_avatar_url: true
+synapse_config_enable_3pid_changes: true
+
+synapse_registration_base_config:
+  enable_set_displayname: "{{ synapse_config_enable_set_displayname }}"
+  enable_set_avatar_url: "{{ synapse_config_enable_set_avatar_url }}"
+  enable_3pid_changes: "{{ synapse_config_enable_3pid_changes }}"
+  allow_guest_access: "{{ synapse_config_allow_guest_access }}"
+  enable_registration: "{{ synapse_config_enable_registration }}"
+  enable_registration_without_verification: >-2
+    {{ synapse_config_enable_registration_without_verification }}
+  allowed_local_3pids: "{{ synapse_config_allowed_local_3pids }}"
+  enable_3pid_lookup: "{{ synapse_config_enable_3pid_lookup }}"
+  registrations_require_3pid: "{{ synapse_config_registrations_require_3pid }}"
+  registration_requires_token: "{{ synapse_config_registration_requires_token }}"
+  registration_shared_secret: "{{ synapse_config_registration_shared_secret }}"
+  registration_shared_secret_path: >-2
+    {{ synapse_config_registration_shared_secret_path }}
+  bcrypt_rounds: "{{ synapse_config_bcrypt_rounds }}"
+
+synapse_registration_config: >-2
+  {{
+    synapse_registration_base_config
+    | combine(({"default_identity_server": synapse_config_default_identity_server})
+      if (synapse_config_default_identity_server | default(false, true)
+        and synapse_config_default_identity_server | length > 0) else {})
+  }}

roles/synapse/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 synapse_user: synapse
 synapse_group: synapse
-synapse_version: "1.116.0"
+synapse_version: "1.135.0"
 synapse_state: "present"
 synapse_deployment_method: "docker"
 

roles/synapse/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: synapse
+  description: Deploy synapse, a matrix homeserver. Supports docker, podman, virtualenv
+  galaxy_tags:
+    - synapse
+    - matrix
+    - homeserver
+    - docker
+    - podman

roles/synapse/tasks/check.yml

@@ -17,8 +17,8 @@
     msg: "Required variable '{{ item }}' is undefined!"
   loop: "{{ synapse_required_variables }}"
   when: >-2
-    item not in hostvars[ansible_host]
-    or hostvars[ansible_host][item] | length == 0
+    item not in hostvars[inventory_hostname]
+    or hostvars[inventory_hostname][item] | length == 0
 
 - name: Ensure conditionally required variables are given
   ansible.builtin.fail:
@@ -28,5 +28,5 @@
     label: "{{ item.name }}"
   when: >-2
     item.when
-    and (item.name not in hostvars[ansible_host]
-        or hostvars[ansible_host][item.name] | length == 0)
+    and (item.name not in hostvars[inventory_hostname]
+        or hostvars[inventory_hostname][item.name] | length == 0)

roles/synapse/tasks/deploy-docker.yml

@@ -22,7 +22,6 @@
     ulimits: "{{ synapse_container_ulimits | default(omit, true) }}"
     volumes: "{{ synapse_container_all_volumes }}"
     networks: "{{ synapse_container_networks | default(omit, true) }}"
-    purge_networks: "{{ synapse_container_purge_networks | default(omit, true) }}"
     dns_servers: "{{ synapse_container_dns_servers | default(omit, true) }}"
     etc_hosts: "{{ synapse_container_etc_hosts | default(omit, true) }}"
     memory: "{{ synapse_container_memory | default(omit, true) }}"