When fronting the playbook's integrated Traefik reverse-proxy with
another reverse-proxy (e.g. nginx), WebSocket traffic needs to be
forwarded to LiveKit Server at the `/livekit-server/` path for Matrix
RTC calls to work.
Adds a `/livekit-server/` location block to the nginx reverse-proxy
example, a section to the Matrix RTC docs explaining the requirement,
and cross-links between the two.
Reformat `{{ { ... }[engine] }}` dict-in-Jinja-expressions across
bot/bridge role defaults for consistent indentation (tabs -> spaces).
Also: fix a missing space in a Jinja `+` expression in matrix-static-files,
and fix indentation in the caddy2-in-container example.
The original PR also renamed `galaxy/<role>` role references to just
`<role>` in setup.yml and jitsi_jvb.yml; those were dropped here because
Ansible does not recurse into subdirectories of `roles/` by default and
no `roles_path` is configured in ansible.cfg, so the rename would break
role resolution.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges.
Related to:
- https://github.com/mautrix/telegram/releases/tag/v0.2604.0
- https://mau.fi/blog/2026-04-mautrix-release/
The bridge is now a Go binary with upstream-handled automatic database and
config migration on first start, so in-place upgrades on Postgres should
Just Work for users on the defaults. The lottieconverter sidecar container
is gone (bundled upstream), and the public web-based login endpoint is
gone (login happens inside Matrix now).
Upstream v0.2604.0 has a known bug in the legacy SQLite migration that
can corrupt data. The role detects legacy Python-bridge SQLite databases
(via the `telethon_sessions` table signature) and refuses to upgrade,
pointing users to switch to Postgres (playbook-managed pgloader migration)
or wait for the next upstream release. The guard is isolated in its own
`validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted
cleanly once upstream fixes the bug.
Removed variables (all caught by the deprecation check in
`validate_config.yml` with actionable rename/removal hints): the entire
`_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` /
`_appservice_public_*` / `_container_labels_public_endpoint_*` /
`_container_http_host_bind_port` family (web login endpoint is gone);
`_bot_token` (old-style relaybot is gone, use the common bridgev2 relay
mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*`
(use Appservice Double Puppet); `_username_template`, `_alias_template`,
`_displayname_template` (templates moved under `network:`, new Go-template
syntax, exposed via `_network_displayname_template`); all
`_lottieconverter_*` variables; `_appservice_database` (renamed to
`_appservice_database_uri`).
Added playbook-time validation that catches legacy permission values
(`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides
via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too),
with a mapping hint in the error message.
Other notes:
- The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db`
to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader
migration step, so users who flip to Postgres as part of this upgrade
get their data imported correctly.
- The Ketesa managed-user regex for the telegram namespace is updated to
match both regular IDs and the new `channel-<id>` form used by bridgev2.
- `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0,
with a new breaking-change entry pointing at the CHANGELOG section.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Update docs/configuring-playbook-turn.md: add a section for description about installing
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/configuring-playbook-turn.md and a related file
- Edit the introducion based on docs/configuring-playbook-client-element-web.md
- Adopt the commont format by creating the section "Adjusting the playbook configuration"
- Add the section "Extending the configuration"
- Move the section "Disabling Coturn" to the bottom
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Fix capitalization: Coturn → coturn
See: https://github.com/coturn/coturn. Note that "coturn" is not capitalized even on the start of a sentence, except some rare cases like on the releases page: https://github.com/coturn/coturn/releases
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---------
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
This commit replaces instructions to create passwords, passphrases, or secrets with common ones.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Since a casual user might want to try another homeserver than Synapse without thinking about its consequence, it is important to clarify that it is not possible to switch homeservers once specified.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Replace "Element" with "Element Web"
- If Element indicates the web application, then it is changed to Element Web.
- If it indicates clients branded with Element such as Element desktop, web, mobile clients, then it is changed to Element clients.
- If it is combined with location sharing functionality, it is not changed.
with other some changes, including:
- Change "app.element.io" anchor link to "https://github.com/element-hq/element-web" on README.md, following other documentation files
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Replace "SchildiChat" with "SchildiChat Web"
- If SchildiChat indicates the web application, then it is changed to SchildiChat Web.
- If it indicates clients branded with SchildiChat such as SchildiChat desktop, web, mobile clients, then it is changed to SchildiChat clients.
- If it is combined with location sharing functionality, it is not changed.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Rename configuring-playbook-client-schildichat.md to configuring-playbook-client-schildichat-web.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Rename configuring-playbook-client-element.md to configuring-playbook-client-element-web.md
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---------
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Added an example of fronting the playbook's integrated Traefik reverse-proxy with the existing Caddy container (not the `apt-get` or `yum` installed Caddy). Helpful for folks who have an existing server with a Caddy container already serving multiple applications.
* Update examples/reverse-proxies/caddy2-in-container/README.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update examples/reverse-proxies/caddy2-in-container/README.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update examples/reverse-proxies/caddy2-in-container/README.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Code formatted, linted with yamllint
* README.md updated
* docs/configuring-playbook-own-webserver-caddy.md removed
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* update http2 config due to deprecation
the previous way to let `http2` follow a `listen` was depracated, it
moved to `http2 on;`
* enable quic and http3
I hope the comments are somewhat understandable. if someone can describe
the `reuseport` part more concise, please do.
This reverts commit 9c01d875f3.
This is very confusing and messy.. but it's documented.
`ansible_become_*` variables actually take priority and override all `become_*`
variables set at the task level.
As such, using `ansible_become=true ansible_become_user=root` in
`inventory/hosts` causes issues because tasks that specify
`become: OTHER_USER` will be forced to run as `root` due to
`ansible_become_user`.
