The derived `*_base_path` defaults concatenated `matrix_bot_maubot_path_prefix`
directly, producing `//v1` and `//plugin/` when users set the documented
`matrix_bot_maubot_path_prefix: /` (for serving on a dedicated subdomain),
which Traefik rejects. Apply the standard `'/' == path_prefix` guard already
used by other roles (honoroit, mautrix-discord, MAS, heisenbridge, etc.).
Reported by The Dark Wizard.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
These variables were being assigned in group_vars/matrix_servers to
values byte-identical (or functionally identical) to what the
respective role's defaults/main.yml already provides.
Beyond just being noise, such redundant overrides cause drift over
time. When a role's default is later updated to something saner or
better (for example, switched from a hardcoded value to a derivation
from another variable), the matching line in group_vars/matrix_servers
stays frozen at the old value and silently defeats the improvement,
because group_vars beats role defaults in Ansible's precedence order.
The maubot management hostname fix in
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5248
is an example of this: the role default had been improved to derive
from matrix_bot_maubot_hostname, but the stale group_vars override
held it back to matrix_server_fqn_matrix.
Removing these overrides lets the role defaults do their job.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5248
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
LiveKit v1.12.0 tightens TURN security: credentials now carry a TTL,
and TURN no longer relays to restricted peer CIDRs by default. The
role defaults match upstream's secure defaults and are appropriate
for typical playbook deployments.
Bumps the migration-validation gate accordingly so users are pointed
at the CHANGELOG entry on next run.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This release adds opt-in server-level enforcement of MSC4284 policy
servers via two new `[global]` keys: `enable_policy_servers` and
`policy_server_request_timeout`. Surface both as Ansible variables
matching tuwunel's upstream defaults (off, 5s timeout) and refresh the
docs section that previously claimed MSC4284 needed no playbook
configuration.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5213.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
