This release adds opt-in server-level enforcement of MSC4284 policy
servers via two new `[global]` keys: `enable_policy_servers` and
`policy_server_request_timeout`. Surface both as Ansible variables
matching tuwunel's upstream defaults (off, 5s timeout) and refresh the
docs section that previously claimed MSC4284 needed no playbook
configuration.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5213.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The former conduwuit maintainer (@x86pup, formerly @girlbossceo)
clarified in the PR thread that they endorse Tuwunel as conduwuit's
successor, and the archived conduwuit repo's README points there too.
Update the migration section in the conduwuit doc and the Tuwunel
CHANGELOG entry to reflect this with attribution.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Upstream stopped publishing rolling major/minor tags (v8, v8.0) as
of their v8.0.0 release for supply-chain security reasons, breaking
our workflow which referenced @v8.
Adds a top-level entry mirroring the style of the past Continuwuity
announcement: brief intro, the conduwuit-fork lineage, the migration
path via the binary-swap tag, and the standard caveat about not being
able to swap homeserver implementations on an existing deployment.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previously only Continuwuity was offered as a migration path. Tuwunel
is a fork of conduwuit which reads the database directly via the new
`tuwunel-migrate-from-conduwuit` tag, so it deserves a parallel entry.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Tuwunel is a Matrix homeserver maintained by the matrix-construct
organisation. See https://matrix-construct.github.io/tuwunel/.
The rendered TOML emits only keys exposed as Ansible variables; the
rest fall back to tuwunel's upstream defaults. Anything not surfaced
can be set via the TUWUNEL_* env extension or by overriding the
template path.
Popular features Tuwunel adds variables for:
- OAuth2/OIDC identity providers (a list of `[[global.identity_provider]]`
blocks; brand-aware defaults for Google, GitHub, Keycloak, MAS, etc)
- LDAP and JWT authentication
- Media storage providers (native local and S3 with multipart upload)
- RocksDB tuning (compression, direct_io, parallelism, online backups)
- Native TLS dual-protocol mode
- Blurhashing, Sentry crash reporting
Auto-wired from existing playbook globals: well-known client URL,
TURN/coturn, MatrixRTC LiveKit URL, federation.
The `tuwunel-migrate-from-conduwuit` tag performs a binary-swap
migration. Migration from any other Conduit derivative is unsupported
and would corrupt the database.
Signed-off-by: Jason Volk <jason@zemos.net>
These external roles were modernized to switch off the deprecated-shape
`community.docker.docker_image` module in favour of `docker_image_pull`
and `docker_image_build`, matching the in-tree role sweep.
Roles bumped: backup_borg, cinny, container_socket_proxy, coturn,
ddclient, etherpad, exim_relay, grafana, hydrogen, jitsi, livekit_server,
ntfy, postgres, postgres_backup, prometheus, prometheus_nginxlog_exporter,
prometheus_node_exporter, prometheus_postgres_exporter, sable, traefik,
traefik_certs_dumper, valkey.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules across all
four task files (synapse, reverse_proxy_companion, goofys,
rust-synapse-compress-state). Drops the `ansible_version` compatibility
ladder and removes four `_container_image_force_pull` variables (the new
pull module handles registry refresh natively via `pull: always`).
The Synapse self-build path uses `ansible.builtin.shell` for BuildKit
support and is left as-is. The customizations image build (which builds
on top of the locally-tagged synapse image) is converted to
`docker_image_build` with `pull: false`, preserving its existing
rebuild-trigger semantics.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
