Upgrade mautrix-telegram (v0.15.3 -> v0.2604.0) (bridgev2) and adapt configuration

Matches the earlier Python -> Go rewrites of the other mautrix-* bridges. Related to: - https://github.com/mautrix/telegram/releases/tag/v0.2604.0 - https://mau.fi/blog/2026-04-mautrix-release/ The bridge is now a Go binary with upstream-handled automatic database and config migration on first start, so in-place upgrades on Postgres should Just Work for users on the defaults. The lottieconverter sidecar container is gone (bundled upstream), and the public web-based login endpoint is gone (login happens inside Matrix now). Upstream v0.2604.0 has a known bug in the legacy SQLite migration that can corrupt data. The role detects legacy Python-bridge SQLite databases (via the `telethon_sessions` table signature) and refuses to upgrade, pointing users to switch to Postgres (playbook-managed pgloader migration) or wait for the next upstream release. The guard is isolated in its own `validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted cleanly once upstream fixes the bug. Removed variables (all caught by the deprecation check in `validate_config.yml` with actionable rename/removal hints): the entire `_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` / `_appservice_public_*` / `_container_labels_public_endpoint_*` / `_container_http_host_bind_port` family (web login endpoint is gone); `_bot_token` (old-style relaybot is gone, use the common bridgev2 relay mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*` (use Appservice Double Puppet); `_username_template`, `_alias_template`, `_displayname_template` (templates moved under `network:`, new Go-template syntax, exposed via `_network_displayname_template`); all `_lottieconverter_*` variables; `_appservice_database` (renamed to `_appservice_database_uri`). Added playbook-time validation that catches legacy permission values (`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too), with a mapping hint in the error message. Other notes: - The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db` to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader migration step, so users who flip to Postgres as part of this upgrade get their data imported correctly. - The Ketesa managed-user regex for the telegram namespace is updated to match both regular IDs and the new `channel-<id>` form used by bridgev2. - `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0, with a new breaking-change entry pointing at the CHANGELOG section. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 09:57:35 +00:00 · 2026-04-24 08:43:57 +03:00
parent ce0c194cd3
commit 5b7a1c2a6c
12 changed files with 854 additions and 881 deletions
--- a/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
--- a/roles/custom/matrix-bridge-mautrix-telegram/templates/labels.j2
+++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/labels.j2
@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev

 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -11,36 +11,7 @@ traefik.enable=true
 traefik.docker.network={{ matrix_mautrix_telegram_container_labels_traefik_docker_network }}
 {% endif %}

-{% if matrix_mautrix_telegram_container_labels_public_endpoint_enabled %}
-############################################################
-#                                                          #
-# Public                                                   #
-#                                                          #
-############################################################
-
-traefik.http.services.matrix-mautrix-telegram-appservice.loadbalancer.server.port=8080
-
-traefik.http.routers.matrix-mautrix-telegram-public.rule={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule }}
-
-{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-telegram-public.priority={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-mautrix-telegram-public.service=matrix-mautrix-telegram-appservice
-traefik.http.routers.matrix-mautrix-telegram-public.entrypoints={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints }}
-
-traefik.http.routers.matrix-mautrix-telegram-public.tls={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls | to_json }}
-{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls %}
-traefik.http.routers.matrix-mautrix-telegram-public.tls.certResolver={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Public                                                  #
-#                                                          #
-############################################################
-{% endif %}
-
+traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8001

 {% if matrix_mautrix_telegram_container_labels_metrics_enabled %}
 ############################################################
@@ -49,8 +20,6 @@ traefik.http.routers.matrix-mautrix-telegram-public.tls.certResolver={{ matrix_m
 #                                                          #
 ############################################################

-traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8000
-
 {% if matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled %}
 traefik.http.middlewares.matrix-mautrix-telegram-metrics-basic-auth.basicauth.users={{ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users }}
 traefik.http.routers.matrix-mautrix-telegram-metrics.middlewares=matrix-mautrix-telegram-metrics-basic-auth
--- a/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
+++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
@@ -23,17 +23,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_mautrix_telegram_container_network }} \
-			{% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %}
-			-p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \
-			{% endif %}
 			--mount type=bind,src={{ matrix_mautrix_telegram_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_mautrix_telegram_data_path }},dst=/data \
 			--label-file={{ matrix_mautrix_telegram_base_path }}/labels \
+			--workdir=/data \
 			{% for arg in matrix_mautrix_telegram_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mautrix_telegram_container_image }} \
-			python3 -m mautrix_telegram -c /config/config.yaml --no-update
+			/usr/bin/mautrix-telegram -c /config/config.yaml -r /config/registration.yaml --no-update

 {% for network in matrix_mautrix_telegram_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-telegram