3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-26 18:13:23 +00:00

2 Commits

495 changed files with 1677 additions and 6730 deletions

View File

@@ -1,2 +0,0 @@
[codespell]
ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr

10
.github/renovate.json vendored
View File

@@ -9,8 +9,8 @@
"customManagers": [ "customManagers": [
{ {
"customType": "regex", "customType": "regex",
"managerFilePatterns": [ "fileMatch": [
"/defaults/main.yml$/" "defaults/main.yml$"
], ],
"matchStrings": [ "matchStrings": [
"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s" "# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
@@ -20,7 +20,6 @@
"packageRules": [ "packageRules": [
{ {
"ignoreUnstable": false, "ignoreUnstable": false,
"versioning": "loose",
"matchSourceUrls": [ "matchSourceUrls": [
"https://github.com/devture/com.devture.ansible.role{/,}**", "https://github.com/devture/com.devture.ansible.role{/,}**",
"https://github.com/mother-of-all-self-hosting{/,}**" "https://github.com/mother-of-all-self-hosting{/,}**"
@@ -29,8 +28,5 @@
], ],
"ignoreDeps": [ "ignoreDeps": [
"ghcr.io/matrixgpt/matrix-chatgpt-bot" "ghcr.io/matrixgpt/matrix-chatgpt-bot"
], ]
"pre-commit": {
"enabled": true
}
} }

View File

@@ -19,7 +19,7 @@ jobs:
if: github.repository == 'spantaleev/matrix-docker-ansible-deploy' if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/stale@v10 - uses: actions/stale@v9
with: with:
###################################################################### ######################################################################
# Issues/PRs # Issues/PRs

View File

@@ -7,7 +7,9 @@
--- ---
name: Matrix CI name: Matrix CI
on: [push, pull_request] # yamllint disable-line rule:truthy on: # yamllint disable-line rule:truthy
push:
pull_request:
jobs: jobs:
yamllint: yamllint:
@@ -15,7 +17,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out - name: Check out
uses: actions/checkout@v5 uses: actions/checkout@v4
- name: Run yamllint - name: Run yamllint
uses: frenck/action-yamllint@v1.5.0 uses: frenck/action-yamllint@v1.5.0
ansible-lint: ansible-lint:
@@ -23,20 +25,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out - name: Check out
uses: actions/checkout@v5 uses: actions/checkout@v4
- name: Run ansible-lint - name: Run ansible-lint
uses: ansible/ansible-lint@v25.9.2 uses: ansible-community/ansible-lint-action@v6.17.0
with: with:
args: "roles/custom" path: roles/custom
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Run pre-commit
uses: pre-commit/action@v3.0.1

20
.github/workflows/reuse.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
#
# SPDX-License-Identifier: CC0-1.0
---
name: REUSE Compliance Check
on: [push, pull_request] # yamllint disable-line rule:truthy
permissions:
contents: read
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@v5

View File

@@ -1,26 +0,0 @@
---
default_install_hook_types: [pre-push]
exclude: "LICENSES/"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-toml
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/codespell-project/codespell
rev: v2.4.1
hooks:
- id: codespell
args: ["--skip=*.po,*.pot,i18n/"]
- repo: https://github.com/fsfe/reuse-tool # https://reuse.software/dev/#pre-commit-hook
rev: v6.1.2
hooks:
- id: reuse

View File

@@ -1,32 +1,3 @@
# 2025-10-02
## Element Admin support
The playbook now supports [Element Admin](./docs/configuring-playbook-element-admin.md) - a new web-based administration panel for Synapse and [Matrix Authentication Service](./docs/configuring-playbook-matrix-authentication-service.md).
Deployments based on Matrix Authentication Service may find it useful to run both Synapse Admin and Element Admin at the same time.
Deployments that don't rely on Matrix Authentication Service are unlikely to find anything useful in Element Admin right now (it's too basic in its current form).
# 2025-04-26
## Continuwuity support
Thanks to [Virkkunen](https://github.com/Virkkunen), we now have optional experimental [Continuwuity](./docs/configuring-playbook-continuwuity.md) homeserver support.
Continuwuity is a fork of [conduwuit](./docs/configuring-playbook-conduwuit.md), which the playbook also supports. It appears that conduwuit has been abandoned and various forks (like Continuwuity, [Tuwunel](https://github.com/matrix-construct/tuwunel) and possibly others) are continuing in its path.
Existing installations do **not** need to be updated. **Synapse is still the default homeserver implementation** installed by the playbook.
People that used to run conduwuit, may wish to:
- either [migrate from conduwuit to Continuwuity](./docs/configuring-playbook-continuwuity.md#migrating-from-conduwuit)
- or wait for some of the other forks to progress and for support for them to get added to the playbook
**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse/Conduit/Dendrite to Continuwuity) without data loss.
# 2025-04-09 # 2025-04-09
## Element Call frontend installation is now optional ## Element Call frontend installation is now optional
@@ -167,7 +138,7 @@ To **completely eliminate the problem** of DDoS amplification attacks done throu
The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**. The playbook now **only exposes the Coturn STUN port (`3478`) over TCP by default**.
💡 Users may wish to further remove the (now unnecessary) firewall rule allowing access to `3478/udp`. 💡 Users may wish to further remove the (now unnnecessary) firewall rule allowing access to `3478/udp`.
If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file: If you'd like the Coturn STUN port to be exposed over UDP like before, you can revert to the previous behavior by using the following configuration in your `vars.yml` file:
@@ -181,7 +152,7 @@ matrix_coturn_container_stun_plain_host_bind_port_udp: "3478"
# 2025-02-17 # 2025-02-17
## FluffyChat Web support ## FluffyChat Web suport
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host. Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [FluffyChat Web](https://github.com/krille-chan/fluffychat) as an additional Matrix client you can self-host.
@@ -203,7 +174,7 @@ The playbook will let you know if you're using any `matrix_mautrix_hangouts_*` v
## Redis and KeyDB are no longer part of the playbook ## Redis and KeyDB are no longer part of the playbook
**TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly defining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead. **TLDR**: The playbook now exclusively uses Valkey as its Redis-compatible memorystore implementation, removing support for Redis and KeyDB. Most users are unaffected by this change unless they explicitly configured Redis or KeyDB variables. Only users that were explicitly definining `redis_*` or `keydb_*` variables will need to update their configuration to use `valkey_*` variables instead.
The playbook has gone through several iterations of memorystore implementations: The playbook has gone through several iterations of memorystore implementations:
@@ -756,7 +727,7 @@ For people building commercial products on top of Synapse, they may have to eith
We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own! We're no lawyers and this changelog entry does not aim to give you the best legal advice, so please research on your own!
If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by introducing a new Ansible variable. You can do it like this: If you'd like to continue using the old Apache-2.0-licensed Synapse (for a while longer anyway), the playbook makes it possible by intruducing a new Ansible variable. You can do it like this:
```yaml ```yaml
# Switch the organization that Synapse container images (or source code for self-building) are pulled from. # Switch the organization that Synapse container images (or source code for self-building) are pulled from.
@@ -839,7 +810,7 @@ Despite these downsides (which the playbook manages automatically), we believe i
People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically. People running the default Traefik setup do not need to do anything to make Traefik take on this extra job. Your Traefik configuration will be updated automatically.
**People running their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below. **People runnning their own Traefik reverse-proxy need to do [minor adjustments](#people-managing-their-own-traefik-instance-need-to-do-minor-changes)**, as described in the section below.
You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended. You may disable Traefik acting as an intermediary by explicitly setting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled` to `false`. Services would then be configured to talk to the homeserver directly, giving you a slight performance boost and a "simpler" Traefik setup. However, such a configuration is less tested and will cause troubles, especially if you enable more services (like `matrix-media-repo`, etc.) in the future. As such, it's not recommended.
@@ -2862,7 +2833,7 @@ As always, re-running the playbook is enough to get the updated bits.
## SMS bridging requires db reset ## SMS bridging requires db reset
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new required var `matrix_sms_bridge_default_region`. The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information. To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
@@ -2894,7 +2865,7 @@ Until the issue gets fixed, we're making User Directory search not go to ma1sd b
This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream This upgrades matrix-appservice-irc from 0.14.1 to 0.16.0. Upstream
made a change to how you define manual mappings. If you added a made a change to how you define manual mappings. If you added a
`mapping` to your configuration, you will need to update it according `mapping` to your configuration, you will need to update it accoring
to the [upstream to the [upstream
instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no instructions](https://github.com/matrix-org/matrix-appservice-irc/blob/master/CHANGELOG.md#0150-2020-02-05). If you did not include `mappings` in your configuration for IRC, no
change is necessary. `mappings` is not part of the default change is necessary. `mappings` is not part of the default
@@ -3057,7 +3028,7 @@ As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unw
Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**. Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers. Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**.
As with anything else, these new defaults can be overridden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively. As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
# 2019-10-05 # 2019-10-05
@@ -3611,7 +3582,7 @@ The following changes had to be done:
- glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. - glue variables had to be introduced to the playbook, so it can wire together the various components. Those glue vars are stored in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file. When overriding variables for a given component (role), you need to be aware of both the role defaults (`role/ROLE/defaults/main.yml`) and the role's corresponding section in the [`group_vars/matrix-servers`](group_vars/matrix-servers) file.
- `matrix_postgres_use_external` has been superseded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement. - `matrix_postgres_use_external` has been superceeded by the more consistently named `matrix_postgres_enabled` variable and a few other `matrix_synapse_database_` variables. See the [Using an external PostgreSQL server (optional)](docs/configuring-playbook-external-postgres.md) documentation page for an up-to-date replacement.
- Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`) - Postgres tools (`matrix-postgres-cli` and `matrix-make-user-admin`) are no longer installed if you're not enabling the `matrix-postgres` role (`matrix_postgres_enabled: false`)
@@ -3800,7 +3771,7 @@ matrix_riot_web_integrations_jitsi_widget_url: "https://dimension.t2bot.io/widge
There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse. There's now a new `matrix_nginx_proxy_ssl_protocols` playbook variable, which controls the SSL protocols used to serve Riot and Synapse. Its default value is `TLSv1.1 TLSv1.2`. This playbook previously used `TLSv1 TLSv1.1 TLSv1.2` to serve Riot and Synapse.
You may wish to re-enable TLSv1 if you need to access Riot in older browsers. You may wish to reenable TLSv1 if you need to access Riot in older browsers.
Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details. Note: Currently the dockerized nginx doesn't support TLSv1.3. See https://github.com/nginxinc/docker-nginx/issues/190 for more details.

View File

@@ -1,4 +1,4 @@
[![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com&fetchMode=summary)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) [![REUSE status](https://api.reuse.software/badge/github.com/spantaleev/matrix-docker-ansible-deploy)](https://api.reuse.software/info/github.com/spantaleev/matrix-docker-ansible-deploy) [![Support room on Matrix](https://img.shields.io/matrix/matrix-docker-ansible-deploy:devture.com.svg?label=%23matrix-docker-ansible-deploy%3Adevture.com&logo=matrix&style=for-the-badge&server_fqdn=matrix.devture.com)](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) [![donate](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/s.pantaleev/donate) [![REUSE status](https://api.reuse.software/badge/github.com/spantaleev/matrix-docker-ansible-deploy)](https://api.reuse.software/info/github.com/spantaleev/matrix-docker-ansible-deploy)
# Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker # Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
@@ -53,7 +53,6 @@ The homeserver is the backbone of your Matrix system. Choose one from the follow
| [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | | [Synapse](https://github.com/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
| [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | | [Conduit](https://conduit.rs) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
| [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) | | [conduwuit](https://conduwuit.puppyirl.gay/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | [Link](docs/configuring-playbook-conduwuit.md) |
| [continuwuity](https://continuwuity.org) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. | [Link](docs/configuring-playbook-continuwuity.md) |
| [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | | [Dendrite](https://github.com/element-hq/dendrite) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
### Clients ### Clients
@@ -141,7 +140,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) | | [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) | | [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) | | [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
| [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
| [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) | | [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |
### Bots ### Bots

View File

@@ -13,12 +13,10 @@ path = [
"i18n/PUBLISHED_LANGUAGES", "i18n/PUBLISHED_LANGUAGES",
"i18n/requirements.txt", "i18n/requirements.txt",
"roles/custom/**/*.repo", "roles/custom/**/*.repo",
".codespellrc",
".editorconfig", ".editorconfig",
".envrc", ".envrc",
".gitattributes", ".gitattributes",
".gitignore", ".gitignore",
".pre-commit-config.yaml",
".yamllint", ".yamllint",
"ansible.cfg", "ansible.cfg",
"flake.lock", "flake.lock",

View File

@@ -11,7 +11,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable. 2023 is probably [the year of AI](https://journal.everypixel.com/2023-the-year-of-ai), with millions of people jumping aboard [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/chatgpt) train. matrix-docker-ansible-deploy is no stranger to this and 2023 began with a PR from [bertybuttface](https://github.com/bertybuttface) who added support for [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) (see the [changelog entry](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#chatgpt-support)). While OpenAI's chat GPT website was frequently overloaded in the past, their API was up which made using this bot both convenient and more reliable.
AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possibility of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to: AI aside, with the playbook's focus being containers, we're **doubling down on being "container native"** and becoming more interoperable for people hosting other containers on the Matrix server. In [2022](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/YEAR-IN-REVIEW.md#2022), we've announced a few sibling Ansible playbooks, their use of [Traefik](https://doc.traefik.io/traefik/) and the possiblity of matrix-docker-ansible-deploy also switching to this reverse-proxy. This prediction materialized quickly. The **largest change** in the playbook in 2023 happened way back in February - matrix-docker-ansible-deploy [starting the switch from nginx to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support) and then quickly [making Treafik the default reverse-proxy](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/850078b7e37401ce91a0f9b686f60b945f6c3a96/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now). As noted in the changelog entries, we envisioned a quick and complete elimination of `matrix-nginx-proxy`, but at the end of 2023, it hasn't happened yet. The playbook is already using Traefik as the front-most reverse-proxy, but nginx (via `matrix-nginx-proxy`) is still around - it has taken a step back and is only used internally for new setups. Work got to a stall due to:
* complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult * complexity: untangling the overly large and messy `matrix-nginx-proxy` component is difficult
* the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way. * the current setup became "good enough" because nginx has become an internal implementation detail for those who have migrated to Traefik. Traefik is already the default public reverse-proxy and gives better possibilities to people wishing to run other web-exposed containers on their Matrix server via [Docker Compose](https://docs.docker.com/compose/), other Ansible playbooks like [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) (more about this one, below) or any other way.

View File

@@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Table of Contents # Table of Contents
## ⬇️ Installation guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md --> ## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
There are two installation guides available for beginners and advanced users. There are two installation guides available for beginners and advanced users.

View File

@@ -20,13 +20,10 @@ To manually check which version of Ansible you're on, run: `ansible --version`.
For the **best experience**, we recommend getting the **latest version of Ansible available**. For the **best experience**, we recommend getting the **latest version of Ansible available**.
We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`). We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker). If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).
> [!WARNING]
> One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory.
## Upgrading Ansible ## Upgrading Ansible
Depending on your distribution, you may be able to upgrade Ansible in a few different ways: Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
@@ -74,7 +71,7 @@ docker run \
-w /work \ -w /work \
--mount type=bind,src=`pwd`,dst=/work \ --mount type=bind,src=`pwd`,dst=/work \
--entrypoint=/bin/sh \ --entrypoint=/bin/sh \
ghcr.io/devture/ansible:11.6.0-r0-0 ghcr.io/devture/ansible:11.1.0-r0-0
``` ```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code.
@@ -95,7 +92,7 @@ docker run \
--mount type=bind,src=`pwd`,dst=/work \ --mount type=bind,src=`pwd`,dst=/work \
--mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \ --mount type=bind,src$HOME/.ssh/id_ed25519,dst=/root/.ssh/id_ed25519,ro \
--entrypoint=/bin/sh \ --entrypoint=/bin/sh \
ghcr.io/devture/ansible:11.6.0-r0-0 ghcr.io/devture/ansible:11.1.0-r0-0
``` ```
The above command tries to mount an SSH key (`$HOME/.ssh/id_ed25519`) into the container (at `/root/.ssh/id_ed25519`). If your SSH key is at a different path (not in `$HOME/.ssh/id_ed25519`), adjust that part. The above command tries to mount an SSH key (`$HOME/.ssh/id_ed25519`) into the container (at `/root/.ssh/id_ed25519`). If your SSH key is at a different path (not in `$HOME/.ssh/id_ed25519`), adjust that part.
@@ -120,7 +117,7 @@ Then, to be asked for the password whenever running an `ansible-playbook` comman
#### Resolve directory ownership issues #### Resolve directory ownership issues
Because you're `root` in the container running Ansible and this likely differs from the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as: Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
> fatal: unsafe repository ('/work' is owned by someone else) > fatal: unsafe repository ('/work' is owned by someone else)
> To add an exception for this directory, call: > To add an exception for this directory, call:

View File

@@ -95,13 +95,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage ## Usage
If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have successfully installed Draupnir for All and can now start using it. If you made it through all the steps above and your main control room was joined by a user called `@draupnir-main:example.com` you have succesfully installed Draupnir for All and can now start using it.
The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode. The installation of Draupnir for all in this playbook is very much Alpha quality. Usage-wise, Draupnir for all is almost identical to Draupnir bot mode.
### Granting Users the ability to use D4A ### Granting Users the ability to use D4A
Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recommendation. Using the chat is recommended. Draupnir for all includes several security measures like that it only allows users that are on its allow list to ask for a bot. To add a user to this list we have 2 primary options. Using the chat to tell Draupnir to do this for us or if you want to automatically do it by sending `m.policy.rule.user` events that target the subject you want to allow provisioning for with the `org.matrix.mjolnir.allow` recomendation. Using the chat is recomended.
The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297)) The bot requires a powerlevel of 50 in the management room to control who is allowed to use the bot. The bot does currently not say anything if this is true or false. (This is considered a bug and is documented in issue [#297](https://github.com/the-draupnir-project/Draupnir/issues/297))

View File

@@ -242,7 +242,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust: # If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4.1 # matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
``` ```
Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`. Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`.

View File

@@ -57,7 +57,7 @@ matrix_bot_chatgpt_openai_api_key: 'API_KEY_HERE'
matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE' matrix_bot_chatgpt_matrix_access_token: 'ACCESS_TOKEN_HERE'
# Configuring the system prompt used, needed if the bot is used for special tasks. # Configuring the system promt used, needed if the bot is used for special tasks.
# More information: https://github.com/mustvlad/ChatGPT-System-Prompts # More information: https://github.com/mustvlad/ChatGPT-System-Prompts
matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
``` ```

View File

@@ -145,20 +145,6 @@ The bot can intercept the report API endpoint of the client-server API, which re
matrix_bot_draupnir_config_web_abuseReporting: true matrix_bot_draupnir_config_web_abuseReporting: true
``` ```
### Enabling synapse-http-antispam support
Certain protections in Draupnir require the [synapse-http-antispam](https://github.com/maunium/synapse-http-antispam) module and a Synapse homeserver plus homeserver admin status to function. This module can be enabled in the playbook via setting `matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled` to `true` and making sure that Draupnir admin API access is enabled.
```yaml
# Enables the integration between Draupnir and synapse-http-antispam module.
matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled: true
# Enables draupnir to access Synapse admin APIs. This is required for the module functionality to take full effect.
matrix_bot_draupnir_admin_api_enabled: true
```
These protections need to be manually activated and consulting the [enabling protections](#enabling-built-in-protections) guide can be helpful or consulting upstream documentation.
<!-- <!--
NOTE: this is unsupported by the playbook due to the admin API being inaccessible from containers currently. NOTE: this is unsupported by the playbook due to the admin API being inaccessible from containers currently.
@@ -242,12 +228,9 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms). We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Policy lists are maintained in Matrix rooms. Popular ones maintained in the public are: Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
- `#community-moderation-effort-bl:neko.dev` You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
- `#huginn-muninn-active-threats:feline.support`
You can tell Draupnir to subscribe to each of these by sending the following command to the Management Room: `!draupnir watch POLICY_LIST_ADDRESS_HERE` (e.g. `!draupnir watch #community-moderation-effort-bl:neko.dev`)
#### Creating your own policy lists and rules #### Creating your own policy lists and rules
@@ -262,7 +245,7 @@ The simplest and most useful entity to target is `user`. Below are a few example
To create rules, you run commands in the Management Room (**not** in the policy list room). To create rules, you run commands in the Management Room (**not** in the policy list room).
- (ban a single user on a given homeserver): `!draupnir ban @charles:example.com my-bans Rude to others` - (ban a single user on a given homeserver): `!draupnir ban @charles:example.com my-bans Rude to others`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server, all users are fake` - (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake`
As a result of running these commands, you may observe: As a result of running these commands, you may observe:
@@ -273,14 +256,14 @@ You can undo bans with the [unban command](https://the-draupnir-project.github.i
### Enabling built-in protections ### Enabling built-in protections
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuitProtection` ("If X amount of users join in Y time, set the room to invite-only"). You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room. To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
To [**see the configuration options for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#displaying-the-protection-settings), send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuitProtection`). To **see the configuration options for a given protection**, send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuit`).
To [**set a specific option for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#changing-protection-settings), send a command like this: `!draupnir protections config set PROTECTION_NAME OPTION VALUE` (e.g. `!draupnir protections config set JoinWaveShortCircuitProtection timescaleMinutes 30`). To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
To [**enable a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/block-invitations-on-server-protection#enabling-the-protection), send a command like this: `!draupnir protections enable PROTECTION_NAME` (e.g. `!draupnir protections enable JoinWaveShortCircuitProtection`). To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
To **disable a given protection**, send a command like this: `!draupnir protections disable PROTECTION_NAME` (e.g. `!draupnir protections disable JoinWaveShortCircuitProtection`). To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).

View File

@@ -37,10 +37,6 @@ matrix_synapse_enable_registration: true
# Restrict registration to users with a token # Restrict registration to users with a token
matrix_synapse_registration_requires_token: true matrix_synapse_registration_requires_token: true
# Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace.
# Example: "!regbot "
matrix_bot_matrix_registration_bot_bot_prefix: ""
``` ```
The bot account will be created automatically. The bot account will be created automatically.
@@ -81,7 +77,7 @@ Send `help` to the bot to see the available commands.
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
If you have any questions, or if you need help setting it up, read the [troubleshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc… you can use: To clean the cache (session & encryption data) after you changed the bot's username, changed the login method from access_token to password etc… you can use:

View File

@@ -35,7 +35,7 @@ matrix_hookshot_enabled: true
# Uncomment to enable end-to-bridge encryption. # Uncomment to enable end-to-bridge encryption.
# See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html
# matrix_hookshot_encryption_enabled: true # matrix_hookshot_experimental_encryption_enabled: true
# Uncomment and paste the contents of GitHub app private key to enable GitHub bridge. # Uncomment and paste the contents of GitHub app private key to enable GitHub bridge.
# Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section. # Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section.
@@ -103,6 +103,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | Jira OAuth | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | Jira OAuth |
| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |
| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) |
| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server |
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
@@ -125,12 +126,16 @@ aux_file_definitions:
- dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}" content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}"
mode: '0400' mode: '0400'
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
``` ```
For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml). For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).
### Provisioning API
The provisioning API will be enabled automatically if you set `matrix_dimension_enabled: true` and provided a `matrix_hookshot_provisioning_secret`, unless you override it either way. To use hookshot with Dimension, you will need to enter as "Provisioning URL": `http://matrix-hookshot:9002`, which is made up of the variables `matrix_hookshot_container_url` and `matrix_hookshot_provisioning_port`.
### Collision with matrix-appservice-webhooks ### Collision with matrix-appservice-webhooks
If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`). If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).
@@ -167,7 +172,7 @@ To `matrix_hookshot_container_labels_metrics_middleware_basic_auth_users`, set t
#### Enable Grafana (optional) #### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics. Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions. To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

View File

@@ -70,7 +70,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage ## Usage
Follow the [mautrix-imessage documentation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s). Follow the [mautrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
## Troubleshooting ## Troubleshooting

View File

@@ -7,9 +7,7 @@ SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
--> -->
# Setting up MX Puppet Steam bridging (optional, deprecated) # Setting up MX Puppet Steam bridging (optional)
**Note**: This bridge has been deprecated in favor of the [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) bridge for Steam, which can be [installed using this playbook](configuring-playbook-bridge-steam.md). Consider using that bridge instead of this one.
The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you. The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.

View File

@@ -1,48 +0,0 @@
<!--
SPDX-FileCopyrightText: 2025 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Steam bridging (optional)
The playbook can install and configure [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) for you.
See the project's [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge/blob/main/README.md) to learn what it does and why it might be useful to you.
## Adjusting the playbook configuration
To enable the [Steam](https://steampowered.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_steam_bridge_enabled: true
```
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` and `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
The tag for `just` commands for this bridge is `matrix-steam-bridge` - for example: `just install-service matrix-steam-bridge`
## Usage
To use the bridge, you need to start a chat with `Steam bridge bot` with the handle `@steambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
The bridge supports QR code and password-based login as well as SteamGuard codes via app, SMS, or e-mail. See matrix-steam-bridge [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge) for more information about how to configure the bridge.
To login, send `login [flow ID]` where possible flow IDs are `password` or `qr`
Once logged in, send `search [name]` to search through recognized Steam friends. You can send a user name, display name, or all forms of Steam ID. Send `start-chat [identifier]` to request the bridge bot to open a chat room with a user.
Chat rooms will automatically be opened as new messages are received.
Send `help` to the bot to see the available commands.

View File

@@ -65,7 +65,6 @@ Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/ma
``` ```
as_token: <token> as_token: <token>
de.sorunome.msc2409.push_ephemeral: true de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
hs_token: <token> hs_token: <token>
id: signal id: signal
namespaces: namespaces:

View File

@@ -18,7 +18,6 @@ By default, the playbook installs [Synapse](https://github.com/element-hq/synaps
> [!WARNING] > [!WARNING]
> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> conduwuit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. > - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> conduwuit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding > - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
> - **the Conduwuit project appears to have been abandoned**. You may wish to install [Conduit](./configuring-playbook-conduit.md), or one of the Conduwuit successors (like [Continuwuity](configuring-playbook-continuwuity.md))
## Adjusting the playbook configuration ## Adjusting the playbook configuration
@@ -84,7 +83,6 @@ Then, send its content to the existing admin room:
``` ```
as_token: <token> as_token: <token>
de.sorunome.msc2409.push_ephemeral: true de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
hs_token: <token> hs_token: <token>
id: signal id: signal
namespaces: namespaces:

View File

@@ -1,117 +0,0 @@
<!--
SPDX-FileCopyrightText: 2025 Slavi Pantaleev
SPDX-FileCopyrightText: 2025 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Configuring Continuwuity (optional)
The playbook can install and configure the [Continuwuity](https://continuwuity.org) Matrix server for you.
See the project's [documentation](https://continuwuity.org) to learn what it does and why it might be useful to you.
By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document.
💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports.
> [!WARNING]
> - **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
> - **Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
## Adjusting the playbook configuration
To use Continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:
```yaml
matrix_homeserver_implementation: continuwuity
# Registering users can only happen via the API,
# so it makes sense to enable it, at least initially.
matrix_continuwuity_config_allow_registration: true
# Generate a strong registration token to protect the registration endpoint from abuse.
# You can create one with a command like `pwgen -s 64 1`.
matrix_continuwuity_config_registration_token: ''
```
### Extending the configuration
There are some additional things you may wish to configure about the server.
Take a look at:
- `roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration
There are various Ansible variables that control settings in the `continuwuity.toml` file.
If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:
```yaml
matrix_continuwuity_environment_variables_extension: |
CONTINUWUITY_MAX_REQUEST_SIZE=50000000
CONTINUWUITY_REQUEST_TIMEOUT=60
```
## Creating the first user account
Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.
If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.
## Configuring bridges / appservices
For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver.
For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account.
The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy.
Your first user account would already have been invited to an admin room with this bot.
Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`.
Then, send its content to the existing admin room:
!admin appservices register
```
as_token: <token>
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
hs_token: <token>
id: signal
namespaces:
aliases:
- exclusive: true
regex: ^#signal_.+:example\.org$
users:
- exclusive: true
regex: ^@signal_.+:example\.org$
- exclusive: true
regex: ^@signalbot:example\.org$
rate_limited: false
sender_localpart: _bot_signalbot
url: http://matrix-mautrix-signal:29328
```
## Migrating from conduwuit
Since Continuwuity is a drop-in replacement for [conduwuit](configuring-playbook-conduwuit.md), migration is possible.
1. Make sure that Continuwuity is properly set up on your `vars.yml` as described above
2. Make sure that Conduwuit references are removed from your `vars.yml` file
3. Run the installation in a way that installs new services and uninstalls old ones (e.g. `just setup-all`)
4. Run the playbook with the `continuwuity-migrate-from-conduwuit` tag (e.g. `just run-tags continuwuity-migrate-from-conduwuit`). This migrates data from `/matrix/conduwuit` to `/matrix/continuwuity`
## Troubleshooting
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-continuwuity`.

View File

@@ -1,67 +0,0 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Element Admin (optional)
The playbook can install and configure [Element Admin](https://github.com/element-hq/element-admin) for you.
Element Admin is a web-based administration panel for Synapse and [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
See the project's [documentation](https://github.com/element-hq/element-admin) to learn more.
💡 **Note**: This project is still very young and doesn't have many features. For now, it's recommended to use [Synapse Admin](./configuring-playbook-synapse-admin.md) instead. Deployments that use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) can use Element Admin for user-management (something that Synapse Admin can't do), while continuing to use Synapse Admin for all other purposes.
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
- [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin)
## Decide on a domain and path
By default, the Element Admin is configured to be served on the `admin.element.example.com` domain.
If you'd like to run Element Admin on another hostname, see the [Adjusting the Element Admin URL](#adjusting-the-element-admin-url-optional) section below.
## Adjusting DNS records (optional)
By default, this playbook installs Element Admin on the `admin.element.` subdomain (`admin.element.example.com`) and requires you to create a `CNAME` record for `admin.element`, which targets `matrix.example.com`.
When setting these values, replace `example.com` with your own.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_element_admin_enabled: true
```
### Adjusting the Element Admin URL (optional)
By tweaking the `matrix_element_admin_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
Example additional configuration for your `vars.yml` file:
```yaml
matrix_element_admin_hostname: element-admin.example.com
```
> [!WARNING]
> A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**.
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

View File

@@ -16,9 +16,8 @@ See the project's [documentation](https://github.com/element-hq/element-call) to
## Prerequisites ## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- The [Matrix RTC (Real-Time Communication) stack](configuring-playbook-matrix-rtc.md) (automatically done when Element Call is enabled) - The [Matrix RTC (Real-Time Communication) stack](configuring-playbook-matrix-rtc.md)
- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android). - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
- (Optional) Guest accounts being enabled for your Matrix server, if you'd like guests to be able to use Element Call. See [Allowing guests to use Element Call](#allowing-guests-to-use-element-call-optional)
> [!WARNING] > [!WARNING]
> Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**. > Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
@@ -28,9 +27,9 @@ See the project's [documentation](https://github.com/element-hq/element-call) to
All clients that can currently use Element Call (Element Web and Element X on mobile) already embed the Element Call frontend within them. All clients that can currently use Element Call (Element Web and Element X on mobile) already embed the Element Call frontend within them.
These **clients will use their own embedded Element Call frontend**, so **self-hosting the Element Call frontend by the playbook is largely unnecessary**. These **clients will use their own embedded Element Call frontend**, so **self-hosting the Element Call frontend by the playbook is largely unnecessary**.
💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call. 💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client).
The playbook makes a distinction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**. The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
| Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) | | Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) |
|------------------------|-----------------------|----------------|---------------------| |------------------------|-----------------------|----------------|---------------------|
@@ -82,28 +81,6 @@ matrix_element_call_hostname: element-call.example.com
> [!WARNING] > [!WARNING]
> A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084). > A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084).
### Allowing guests to use Element Call (optional)
By default, Element Call can only be used by people having accounts on your Matrix server.
If you'd like guests to be able to use Element Call as well, you need to enable guest accounts support for your homeserver.
> [!WARNING]
> Enabling guest accounts means that your homeserver's user database may get polluted with guest account signups (potentially made by bots).
> Guest accounts should be limited in what (damage) they can do to your server and the rest of the Matrix ecosystem, but it's better to not enable them unless necessary.
For [Synapse](configuring-playbook-synapse.md) (the default homeserver implementation), the configuration is like this:
```yml
matrix_synapse_allow_guest_access: true
```
For [Dendrite](configuring-playbook-dendrite.md), the configuration is like this:
```yml
matrix_dendrite_guests_disabled: false
```
## Installing ## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below: After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:

View File

@@ -70,7 +70,7 @@ By default the Jitsi Meet instance **does not require for anyone to log in, and
If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode. If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode.
See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up. See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up.
### Enable Gravatar (optional) ### Enable Gravatar (optional)

View File

@@ -41,7 +41,7 @@ Below, we'll try to **highlight some potential reasons for switching** to Matrix
## Prerequisites ## Prerequisites
- ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet. - ⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
-**disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below. -**disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below.
@@ -51,17 +51,19 @@ This section details what you can expect when switching to the Matrix Authentica
-**Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md). -**Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md).
- ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes. - ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet.
-**Some services experience issues when authenticating via MAS**: -**Some services experience issues when authenticating via MAS**:
- [Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again - [Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:
> cannot initialize matrix bot error="olm account is marked as shared, keys seem to have disappeared from the server"
-**Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting). -**Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting).
- ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break. - ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
- ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch. - ⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
- ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration). - ⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration).
@@ -85,7 +87,7 @@ For new homeservers (which don't have any users in their Synapse database yet),
### Existing homeserver ### Existing homeserver
Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet. Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet.
For existing Synapse homeservers: For existing Synapse homeservers:
@@ -157,10 +159,6 @@ matrix_authentication_service_config_upstream_oauth2_providers:
- # A unique identifier for the provider - # A unique identifier for the provider
# Must be a valid ULID # Must be a valid ULID
id: 01HFVBY12TMNTYTBV8W921M5FA id: 01HFVBY12TMNTYTBV8W921M5FA
# This can be set if you're migrating an existing (legacy) Synapse OIDC configuration.
# The value used here would most likely be "oidc" or "oidc-provider".
# See: https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers
synapse_idp_id: null
# The issuer URL, which will be used to discover the provider's configuration. # The issuer URL, which will be used to discover the provider's configuration.
# If discovery is enabled, this *must* exactly match the `issuer` field # If discovery is enabled, this *must* exactly match the `issuer` field
# advertised in `<issuer>/.well-known/openid-configuration`. # advertised in `<issuer>/.well-known/openid-configuration`.
@@ -308,7 +306,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
Our migration guide is loosely based on the upstream [Migrating an existing homeserver](https://element-hq.github.io/matrix-authentication-service/setup/migration.html) guide. Our migration guide is loosely based on the upstream [Migrating an existing homeserver](https://element-hq.github.io/matrix-authentication-service/setup/migration.html) guide.
Migration is done via a sub-command called `syn2mas`, which the playbook could run for you (in a container). Migration is done via a tool called `syn2mas`, which the playbook could run for you (in a container).
The installation + migration steps are like this: The installation + migration steps are like this:
@@ -324,7 +322,7 @@ The installation + migration steps are like this:
- The `matrix-user-creator` role would be suppressed, so that it doesn't automatically attempt to create users (for bots, etc.) in the MAS database. These user accounts likely already exist in Synapse's user database and could be migrated over (via syn2mas, as per the steps below), so creating them in the MAS database would have been unnecessary and potentially problematic (conflicts during the syn2mas migration). - The `matrix-user-creator` role would be suppressed, so that it doesn't automatically attempt to create users (for bots, etc.) in the MAS database. These user accounts likely already exist in Synapse's user database and could be migrated over (via syn2mas, as per the steps below), so creating them in the MAS database would have been unnecessary and potentially problematic (conflicts during the syn2mas migration).
3. Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration command does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break. 3. Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration tool does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
4. [Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas) 4. [Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas)
@@ -344,7 +342,9 @@ The installation + migration steps are like this:
### Migrate your data from Synapse to Matrix Authentication Service using syn2mas ### Migrate your data from Synapse to Matrix Authentication Service using syn2mas
You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration). We **don't** ask you to [run the `syn2mas` migration advisor command](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#run-the-migration-advisor), because it only gives you the green light if your Synapse configuration (`homeserver.yaml`) is configured in a way that's compatible with MAS (delegating authentication to MAS; disabling Synapse's password config; etc.). Until we migrate your data with the `syn2mas` tool, we intentionally avoid doing these changes to allow existing user sessions to work.
You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration).
#### Configuring syn2mas #### Configuring syn2mas
@@ -356,9 +356,26 @@ When you're done with potentially configuring `syn2mas`, proceed to doing a [dry
##### Configuring upstream OIDC provider mapping for syn2mas ##### Configuring upstream OIDC provider mapping for syn2mas
Since Matrix Authentication Service v0.16.0 (which replaced the standalone `syn2mas` tool with a `mas-cli syn2mas` sub-command), OIDC configuration (mapping from your old OIDC configuration to your new one, etc) is meant to be configured in the Matrix Authentication Service configuration (via `matrix_authentication_service_config_upstream_oauth2_providers`) as a `synapse_idp_id` property for each provider. If you have existing OIDC users in your Synapse user database (which will be the case if when using [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)), you may need to pass an additional `--upstreamProviderMapping` argument to the `syn2mas` tool to tell it which provider (on the Synapse side) maps to which other provider on the MAS side.
You can refer to the [Map any upstream SSO providers](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers) section of the MAS documentation for figuring out how to set the `synapse_idp_id` value in `matrix_authentication_service_config_upstream_oauth2_providers` correctly. If you don't do this, `syn2mas` would report errors like this one:
> [FATAL] migrate - [Failed to import external id 4264b0f0-4f11-4ddd-aedb-b500e4d07c25 with oidc-keycloak for user @alice:example.com: Error: Unknown upstream provider oidc-keycloak]
Below is an example situation and a guide for how to solve it.
If in `matrix_synapse_oidc_providers` your provider `idp_id` is (was) named `keycloak`, in the Synapse database users would be associated with the `oidc-keycloak` provider (note the `oidc-` prefix that was added automatically by Synapse to your `idp_id` value).
The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` on the MAS side, as defined in `matrix_authentication_service_config_upstream_oauth2_providers` (see the [Upstream OAuth2 configuration](#upstream-oauth2-configuration) section above).
To tell `syn2mas` how the Synapse-configured OIDC provider maps to the new MAS-configured OIDC provider, add this additional configuration to your `vars.yml` file:
```yaml
# Adjust the mapping below to match your provider IDs on the Synapse side and the MAS side.
# Don't forget that Synapse automatically adds an `oidc-` prefix to provider ids defined in its configuration.
matrix_authentication_service_syn2mas_process_extra_arguments:
- "--upstreamProviderMapping oidc-keycloak:01HFVBY12TMNTYTBV8W921M5FA"
```
#### Performing a syn2mas dry-run #### Performing a syn2mas dry-run
@@ -369,7 +386,7 @@ A dry-run would not cause downtime, because it avoids stopping Synapse.
To perform a dry-run, run: To perform a dry-run, run:
```sh ```sh
just run-tags matrix-authentication-service-mas-cli-syn2mas -e matrix_authentication_service_syn2mas_migrate_dry_run=true just run-tags matrix-authentication-service-syn2mas -e matrix_authentication_service_syn2mas_dry_run=true
``` ```
Observe the command output (especially the last line of the the syn2mas output). If you are confident that the migration will work out as expected, you can proceed with a [real migration](#performing-a-real-syn2mas-migration). Observe the command output (especially the last line of the the syn2mas output). If you are confident that the migration will work out as expected, you can proceed with a [real migration](#performing-a-real-syn2mas-migration).
@@ -388,13 +405,13 @@ Before performing a real migration make sure:
- you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and don't see any issues in its output - you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and don't see any issues in its output
To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable: To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:
```sh ```sh
just run-tags matrix-authentication-service-mas-cli-syn2mas just run-tags matrix-authentication-service-syn2mas
``` ```
Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. "Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again."). Having performed a `syn2mas` migration once, trying to do it again will report errors for users that were already migrated (e.g. "Error: Unknown upstream provider oauth-delegated").
## Verify that Matrix Authentication Service is installed correctly ## Verify that Matrix Authentication Service is installed correctly

View File

@@ -13,7 +13,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you. The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.
In short, it's a sort of automation and firewalling service, which is helpful if you're installing Matrix services in a controlled corporate environment. In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you. See the project's [documentation](https://github.com/devture/matrix-corporal/blob/main/README.md) to learn what it does and why it might be useful to you.

View File

@@ -60,7 +60,7 @@ To `matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_use
#### Enable Grafana (optional) #### Enable Grafana (optional)
Probably you wish to enable Grafana along with Prometheus for generating graphs of the metrics. Probably you wish to enable Grafana along with Prometheus for generating graphs of the metics.
To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions. To enable Grafana, see [this section](configuring-playbook-prometheus-grafana.md#adjusting-the-playbook-configuration-grafana) for instructions.

View File

@@ -16,6 +16,7 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
## Prerequisites ## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled) - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))

View File

@@ -115,7 +115,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
## Usage ## Usage
To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distributor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notifications are "distributed" from it. To receive push notifications with UnifiedPush from the ntfy server, you need to **install [the ntfy Android app](https://docs.ntfy.sh/subscribe/phone/)** which works as the Distrubutor, **log in to the account on the ntfy app** if you have enabled the access control, and then **configure a UnifiedPush-compatible Matrix client**. After setting up the ntfy Android app, the Matrix client listens to it, and push notitications are "distributed" from it.
For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation. For details about installing and configuring the ntfy Android app, take a look at [this section](https://github.com/mother-of-all-self-hosting/ansible-role-ntfy/blob/main/docs/configuring-ntfy.md#install-the-ntfy-androidios-app) on the role's documentation.

View File

@@ -258,4 +258,4 @@ As with all other services, you can find the logs in [systemd-journald](https://
- [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2) - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana) - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs) - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
- [The PostgreSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard) - [The PostgresSQL dashboard](https://grafana.com/grafana/dashboards/9628) (generic Postgres dashboard)

View File

@@ -22,11 +22,13 @@ Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring
## Choosing an Object Storage provider ## Choosing an Object Storage provider
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), [Storj](https://storj.io), etc. You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object storage like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Storj](https://storj.io), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc.
Amazon S3 and Backblaze B2 are pay-as-you with no minimum charges for storing too little data. Note that Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress. Amazon S3, Backblaze B2, and Storj are pay-as-you with no minimum charges for storing too little data.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10). Though Storj does not set minimum amount of data to be stored, it also charges $5 minimum monthly usage fee since July 1, 2025, if your monthly usage (storage, bandwidth, and segments) totals less than $5. All these providers have different prices, with Storj appearing to be the cheapest (as of 2024-10, storage fee is $0.004 per GB/month, and egress fee is $0.007 per GB; check actual pricing [here](https://storj.dev/dcs/pricing)). Backblaze egress is free, but for only certain users for up to 3x the amount of data stored. Beyond that you will pay $0.01/GB of egress.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. Likewise, Digital Ocean Spaces has also a minimum charge of 250GB ($5/month as of 2022-10).
Here are some of the important aspects of choosing the right provider: Here are some of the important aspects of choosing the right provider:

View File

@@ -15,7 +15,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
**Notes**: **Notes**:
- This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it. - This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/). - Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiriation notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md). The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).

View File

@@ -49,8 +49,8 @@ aux_file_definitions:
content content
here here
mode: '0600' mode: '0600'
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
``` ```
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values. Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.

View File

@@ -18,8 +18,6 @@ synapse-admin is a web UI tool you can use to **administrate users, rooms, media
💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting. 💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
## Adjusting DNS records (optional) ## Adjusting DNS records (optional)
By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section. By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section.
@@ -42,7 +40,7 @@ matrix_synapse_admin_enabled: true
By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable. By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable.
> [!WARNING] > [!WARNING]
> If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all. You may be interested in using [Element Admin](docs/configuring-playbook-element-admin.md) for these purposes. > If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all.
### Adjusting the Synapse Admin URL (optional) ### Adjusting the Synapse Admin URL (optional)

View File

@@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you. The playbook can install and configure [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) for you.
It lets you fight invite-spam by automatically blocking invitations from a list of servers specified by you (blacklisting). It lets you fight invite-spam by automatically blocking invitiations from a list of servers specified by you (blacklisting).
See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you. See the project's [documentation](https://github.com/t2bot/synapse-simple-antispam/blob/master/README.md) to learn what it does and why it might be useful to you.

View File

@@ -53,7 +53,7 @@ You may also consider [tweaking the number of workers of each type](#controlling
##### Specialized workers ##### Specialized workers
The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requester's IP address, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requester and/or on the resource (room, etc.) being requested. The playbook now supports a smarter **specialized load-balancing** inspired by [Tom Foster](https://github.com/tcpipuk)'s [Synapse homeserver guide](https://tcpipuk.github.io/synapse/index.html). Instead of routing requests to one or more [generic workers](#generic-workers) based only on the requestor's IP adddress, specialized load-balancing routes to **4 different types of specialized workers** based on **smarter criteria** — the access token (username) of the requestor and/or on the resource (room, etc.) being requested.
The playbook supports these **4 types** of specialized workers: The playbook supports these **4 types** of specialized workers:

View File

@@ -53,8 +53,6 @@ For a more custom setup, see the [Other configuration options](#other-configurat
- [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation - [Configuring conduwuit](configuring-playbook-conduwuit.md), if you've switched to the [conduwuit](https://conduwuit.puppyirl.gay/) homeserver implementation
- [Configuring continuwuity](configuring-playbook-continuwuity.md), if you've switched to the [continuwuity](https://continuwuity.org) homeserver implementation
- [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation
- Server components: - Server components:
@@ -184,8 +182,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
- [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md) - [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md)
- [Setting up Steam bridging](configuring-playbook-bridge-steam.md)
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md)
- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) - [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)

View File

@@ -28,7 +28,6 @@ We try to stick to official images (provided by their respective projects) as mu
| [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | | [Synapse](configuring-playbook-synapse.md) | [element-hq/synapse](https://ghcr.io/element-hq/synapse) | ✅ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network |
| [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | | [Conduit](configuring-playbook-conduit.md) | [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements |
| [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. | | [conduwuit](configuring-playbook-conduwuit.md) | [girlbossceo/conduwuit](https://ghcr.io/girlbossceo/conduwuit) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. conduwuit is a fork of Conduit. |
| [continuwuity](configuring-playbook-continuwuity.md) | [continuwuation/continuwuity](https://forgejo.ellis.link/continuwuation/continuwuity) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. continuwuity is a continuation of conduwuit. |
| [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | | [Dendrite](configuring-playbook-dendrite.md) | [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) | ❌ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. |
## Clients ## Clients
@@ -114,7 +113,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | | [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
| [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) | | [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) |
| [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | | [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) |
| [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) |
| [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | | [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) |
| [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge | | [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge |
@@ -159,7 +157,7 @@ Various services that don't fit any other categories.
| ------- | --------------- | -------- | ----------- | | ------- | --------------- | -------- | ----------- |
| [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) | | [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites | | [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background | | [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [etke.cc/rust-synapse-compress-state](https://gitlab.com/etke.cc/rust-synapse-compress-state/container_registry) | ❌ | Cli tool that automatically compresses `state_groups` database table in background |
| [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server | | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
| [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor | | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
| [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI | | [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI |

View File

@@ -235,7 +235,7 @@ Running Matrix on a server with 1GB of memory is possible (especially if you dis
**We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea. **We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage. Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
### Can I run this in an LXC container? ### Can I run this in an LXC container?
@@ -362,7 +362,7 @@ Configuration variables are defined in multiple places in this playbook and are
You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`). You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`. As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features). Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).

View File

@@ -26,7 +26,7 @@ The up-to-date list can be accessed on [traefik's documentation](https://doc.tra
**Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels: **Note**: the changes below instruct you how to do this for a basic Synapse installation. You will need to adapt the variable name and the content of the labels:
- if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md), [continuwuity](./configuring-playbook-continuwuity.md) or [Dendrite](./configuring-playbook-dendrite.md)) - if you're using another homeserver implementation (e.g. [Conduit](./configuring-playbook-conduit.md), [conduwuit](./configuring-playbook-conduwuit.md) or [Dendrite](./configuring-playbook-dendrite.md))
- if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached - if you're using [Synapse with workers enabled](./configuring-playbook-synapse.md#load-balancing-with-workers) (`matrix_synapse_workers_enabled: true`). In that case, it's actually the `matrix-synapse-reverse-proxy-companion` service which has Traefik labels attached
Also, all instructions below are from an older version of the playbook and may not work anymore. Also, all instructions below are from an older version of the playbook and may not work anymore.
@@ -42,7 +42,7 @@ This is because with SRV federation, some servers / tools (one of which being th
### Tell Traefik which certificate to serve for the federation endpoint ### Tell Traefik which certificate to serve for the federation endpoint
Now that the federation endpoint is not bound to a domain anymore we need to explicitly tell Traefik to use a wildcard certificate in addition to one containing the base name. Now that the federation endpoint is not bound to a domain anymore we need to explicitely tell Traefik to use a wildcard certificate in addition to one containing the base name.
This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work. This is because the Matrix specification expects the federation endpoint to be served using a certificate compatible with the base domain, however, the other resources on the endpoint still need a valid certificate to work.
@@ -79,7 +79,7 @@ traefik_configuration_extension_yaml: |
- "8.8.8.8:53" - "8.8.8.8:53"
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
# 2. Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare) # 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
traefik_environment_variables: | traefik_environment_variables: |
CF_API_EMAIL=redacted CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted CF_ZONE_API_TOKEN=redacted

View File

@@ -157,8 +157,6 @@ The upstream projects, which this playbook makes use of, occasionally if not oft
Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date. Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date.
Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook.
For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md) For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)
Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match. Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match.

View File

@@ -104,12 +104,12 @@ To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_default` variable. The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to: Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_default` variable - **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_default: []` - **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_default` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration - **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration

View File

@@ -49,7 +49,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`) - [Python](https://www.python.org/). Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
- [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`, because this Ansible playbook sometimes uses the Ansible [become](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html) module to perform tasks as another user (e.g. `matrix`) and the `become` module's default implementation uses `sudo`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default. - [sudo](https://www.sudo.ws/), even when you've configured Ansible to log in as `root`. Some distributions, like a minimal Debian net install, do not include the `sudo` package by default.
- An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - An HTTPS-capable web server at the base domain name (`example.com`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
@@ -60,7 +60,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- `80/tcp`: HTTP webserver - `80/tcp`: HTTP webserver
- `443/tcp` and `443/udp`: HTTPS webserver - `443/tcp` and `443/udp`: HTTPS webserver
- `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md)) - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md)) - `3478/udp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md)) - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md)) - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
- `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**. - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.

View File

@@ -33,12 +33,6 @@
ProxyRequests Off ProxyRequests Off
ProxyVia On ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyTimeout 86400
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L]
AllowEncodedSlashes NoDecode AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:81/ retry=0 nocanon ProxyPass / http://127.0.0.1:81/ retry=0 nocanon

View File

@@ -23,7 +23,7 @@ If Matrix federation is enabled, then you will need to make changes to [NPM's Do
You'll need to create two proxy hosts in NPM for Matrix web and federation traffic. You'll need to create two proxy hosts in NPM for Matrix web and federation traffic.
Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxy's configuration like this: Open the 'Proxy Hosts' page in the NPM web interface and select `Add Proxy Host`, the first being for Matrix web traffic. Apply the proxys configuration like this:
```md ```md
# Details # Details
@@ -44,7 +44,7 @@ Custom Nginx Configuration:
client_max_body_size 50M; client_max_body_size 50M;
``` ```
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this: Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxys configuration like this:
```md ```md
# Details # Details

View File

@@ -73,11 +73,11 @@ matrix_federation_traefik_entrypoint_tls: "{{ traefik_config_entrypoint_web_secu
# # # #
######################################################################## ########################################################################
aux_directory_default_owner: "{{ matrix_user_name }}" aux_directory_default_owner: "{{ matrix_user_username }}"
aux_directory_default_group: "{{ matrix_group_name }}" aux_directory_default_group: "{{ matrix_user_groupname }}"
aux_file_default_owner: "{{ matrix_user_name }}" aux_file_default_owner: "{{ matrix_user_username }}"
aux_file_default_group: "{{ matrix_group_name }}" aux_file_default_group: "{{ matrix_user_groupname }}"
######################################################################## ########################################################################
# # # #
@@ -162,8 +162,6 @@ matrix_homeserver_container_extra_arguments_auto: |
+ +
(['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else []) (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_steam_bridge_config_path + '/registration.yaml,dst=/matrix-steam-bridge-registration.yaml,ro'] if matrix_steam_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else []) (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
}} }}
@@ -238,8 +236,6 @@ matrix_homeserver_app_service_config_files_auto: |
(['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else []) (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+ +
(['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else []) (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
+
(['/matrix-steam-bridge-registration.yaml'] if matrix_steam_bridge_enabled else [])
}} }}
matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}" matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}"
@@ -247,7 +243,7 @@ matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_revers
matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}"
# Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features. # Starting from version `0.6.0` Conduit natively supports some sync v3 (sliding-sync) features.
matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit', 'continuwuity'] else '') }}" matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit', 'conduwuit'] else '') }}"
######################################################################## ########################################################################
# # # #
@@ -385,8 +381,6 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else []) ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
+ +
([{'name': 'matrix-steam-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'matrix-steam-bridge']}] if matrix_steam_bridge_enabled else [])
+
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else []) ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
+ +
([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else []) ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else [])
@@ -453,8 +447,6 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else [])
+ +
([{'name': 'matrix-element-admin.service', 'priority': 4000, 'groups': ['matrix', 'element-admin']}] if matrix_element_admin_enabled else [])
+
([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else [])
+ +
([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else []) ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else [])
@@ -575,7 +567,6 @@ matrix_homeserver_container_client_api_endpoint: |-
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string),
}[matrix_homeserver_implementation] }[matrix_homeserver_implementation]
}} }}
@@ -586,7 +577,6 @@ matrix_homeserver_container_federation_api_endpoint: |-
'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string),
'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string),
'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string), 'conduwuit': ('matrix-conduwuit:' + matrix_conduwuit_config_port_number | default('8008') | string),
'continuwuity': ('matrix-continuwuity:' + matrix_continuwuity_config_port_number | default('8008') | string),
}[matrix_homeserver_implementation] }[matrix_homeserver_implementation]
}} }}
@@ -674,20 +664,30 @@ matrix_authentication_service_config_passwords_schemes:
- version: 1 - version: 1
secret: "{{ matrix_synapse_password_config_pepper }}" secret: "{{ matrix_synapse_password_config_pepper }}"
algorithm: bcrypt algorithm: bcrypt
unicode_normalization: true
- version: 2 - version: 2
algorithm: argon2id algorithm: argon2id
matrix_authentication_service_config_clients_auto: |-
{{
([
{
'client_id': matrix_synapse_experimental_features_msc3861_client_id,
'client_auth_method': matrix_synapse_experimental_features_msc3861_client_auth_method,
'client_secret': matrix_synapse_experimental_features_msc3861_client_secret,
}
] if matrix_synapse_experimental_features_msc3861_enabled else [])
}}
matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}" matrix_authentication_service_config_email_transport: "{{ 'smtp' if exim_relay_enabled else 'blackhole' }}"
matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" matrix_authentication_service_config_email_hostname: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}" matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled else 587 }}"
matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}" matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}"
matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}" matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}"
matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_authentication_service_container_network: "{{ matrix_homeserver_container_network }}" matrix_authentication_service_container_network: "{{ matrix_homeserver_container_network }}"
@@ -997,8 +997,6 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve
matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
@@ -1048,8 +1046,6 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}" matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |- matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |-
{{ {{
({ ({
@@ -1170,8 +1166,6 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}" matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_bluesky_double_puppet_secrets_auto: |- matrix_mautrix_bluesky_double_puppet_secrets_auto: |-
@@ -1241,8 +1235,6 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}" matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}" matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}" matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}"
@@ -1309,8 +1301,6 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener
matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}" matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_slack_double_puppet_secrets_auto: |- matrix_mautrix_slack_double_puppet_secrets_auto: |-
{{ {{
{ {
@@ -1384,8 +1374,6 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_facebook_appservice_public_enabled: true matrix_mautrix_facebook_appservice_public_enabled: true
matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}" matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}" matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
@@ -1606,8 +1594,6 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_double_puppet_secrets_auto: |- matrix_mautrix_signal_double_puppet_secrets_auto: |-
@@ -1686,8 +1672,6 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c
matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}" matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |- matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |-
{{ {{
{ {
@@ -1764,8 +1748,6 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c
matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}" matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"
matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |- matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |-
{{ {{
{ {
@@ -1851,8 +1833,6 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |- matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
{{ {{
({ ({
@@ -1929,8 +1909,6 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}" matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_double_puppet_secrets_auto: |- matrix_mautrix_twitter_double_puppet_secrets_auto: |-
@@ -2003,8 +1981,6 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: |- matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
{{ {{
{ {
@@ -2123,8 +2099,6 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr
matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}" matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"
matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"
@@ -2186,8 +2160,6 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_whatsapp_double_puppet_secrets_auto: |- matrix_mautrix_whatsapp_double_puppet_secrets_auto: |-
{{ {{
{ {
@@ -2345,6 +2317,7 @@ matrix_hookshot_container_http_host_bind_ports_defaultmapping:
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_appservice_port }}:{{ matrix_hookshot_appservice_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_metrics_port }}:{{ matrix_hookshot_metrics_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}" - "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_webhook_port }}:{{ matrix_hookshot_webhook_port }}"
- "{{ matrix_playbook_service_host_bind_interface_prefix }}{{ matrix_hookshot_provisioning_port }}:{{ matrix_hookshot_provisioning_port }}"
matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}" matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_http_host_bind_ports_defaultmapping if matrix_playbook_service_host_bind_interface_prefix else [] }}"
@@ -2353,6 +2326,8 @@ matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_rev
matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}"
matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" matrix_hookshot_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}" matrix_hookshot_metrics_proxying_enabled: "{{ matrix_hookshot_metrics_enabled and matrix_metrics_exposure_enabled }}"
@@ -2777,82 +2752,6 @@ matrix_postmoogle_container_additional_networks_auto: |-
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-bridge-steam
#
######################################################################
# We don't enable bridges by default.
matrix_steam_bridge_enabled: false
matrix_steam_bridge_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
}}
matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_steam_bridge_container_network: "{{ matrix_addons_container_network }}"
matrix_steam_bridge_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([postgres_container_network] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname and matrix_steam_bridge_container_network != postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_steam_bridge_container_labels_traefik_enabled else [])
) | unique
}}
matrix_steam_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_steam_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_steam_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_steam_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.as.token', rounds=655555) | to_uuid }}"
matrix_steam_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_steam_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.hs.token', rounds=655555) | to_uuid }}"
matrix_steam_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_steam_bridge_public_media_signing_key: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.pub.key', rounds=655555) | to_uuid) if matrix_steam_bridge_public_media_enabled else '' }}"
matrix_steam_bridge_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.prov', rounds=655555) | to_uuid }}"
matrix_steam_bridge_double_puppet_secrets_auto: |-
{{
({
matrix_steam_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else {}
}}
matrix_steam_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_steam_bridge_metrics_proxying_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_steam_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_steam_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/matrix-steam-bridge"
matrix_steam_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_steam_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}"
######################################################################
#
# /matrix-bridge-steam
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-bot-matrix-reminder-bot # matrix-bot-matrix-reminder-bot
@@ -3300,11 +3199,8 @@ matrix_bot_draupnir_config_rawHomeserverUrl: "{{ matrix_addons_homeserver_client
matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_config_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_config_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
#The salt is size restricted here as a maximum salt size of 16 characters exists due to the functions used.
matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'draupnir.httpmod', rounds=655555) | to_uuid }}" # noqa var-naming
###################################################################### ######################################################################
# #
@@ -3416,7 +3312,7 @@ backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
backup_borg_username: "{{ matrix_user_name }}" backup_borg_username: "{{ matrix_user_username }}"
backup_borg_uid: "{{ matrix_user_uid }}" backup_borg_uid: "{{ matrix_user_uid }}"
backup_borg_gid: "{{ matrix_user_gid }}" backup_borg_gid: "{{ matrix_user_gid }}"
@@ -3797,10 +3693,10 @@ etherpad_systemd_required_services_list_auto: |
([postgres_identifier ~ '.service'] if postgres_enabled else []) ([postgres_identifier ~ '.service'] if postgres_enabled else [])
}} }}
etherpad_database_postgres_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad etherpad_database_name: matrix_etherpad
etherpad_database_postgres_username: matrix_etherpad etherpad_database_username: matrix_etherpad
etherpad_database_postgres_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}" etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
###################################################################### ######################################################################
# #
@@ -3845,7 +3741,7 @@ jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
jitsi_uid: "{{ matrix_user_uid }}" jitsi_uid: "{{ matrix_user_uid }}"
jitsi_gid: "{{ matrix_user_gid }}" jitsi_gid: "{{ matrix_user_gid }}"
jitsi_user_username: "{{ matrix_user_name }}" jitsi_user_username: "{{ matrix_user_username }}"
jitsi_web_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_web_container_image_registry_prefix_upstream_default }}" jitsi_web_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else jitsi_web_container_image_registry_prefix_upstream_default }}"
@@ -4482,12 +4378,6 @@ postgres_managed_databases_auto: |
'password': matrix_mx_puppet_groupme_database_password, 'password': matrix_mx_puppet_groupme_database_password,
}] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else []) }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
+ +
([{
'name': matrix_steam_bridge_database_name,
'username': matrix_steam_bridge_database_username,
'password': matrix_steam_bridge_database_password,
}] if (matrix_steam_bridge_enabled and matrix_steam_bridge_database_engine == 'postgres' and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
+
([{ ([{
'name': matrix_dimension_database_name, 'name': matrix_dimension_database_name,
'username': matrix_dimension_database_username, 'username': matrix_dimension_database_username,
@@ -4496,9 +4386,9 @@ postgres_managed_databases_auto: |
+ +
([{ ([{
'name': etherpad_database_name, 'name': etherpad_database_name,
'username': etherpad_database_postgres_username, 'username': etherpad_database_username,
'password': etherpad_database_postgres_password, 'password': etherpad_database_password,
}] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_postgres_hostname == postgres_connection_hostname) else []) }] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else [])
+ +
([{ ([{
'name': prometheus_postgres_exporter_database_name, 'name': prometheus_postgres_exporter_database_name,
@@ -4903,7 +4793,7 @@ matrix_client_fluffychat_self_check_validate_certificates: "{{ matrix_playbook_s
matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}" matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
matrix_synapse_username: "{{ matrix_user_name }}" matrix_synapse_username: "{{ matrix_user_username }}"
matrix_synapse_uid: "{{ matrix_user_uid }}" matrix_synapse_uid: "{{ matrix_user_uid }}"
matrix_synapse_gid: "{{ matrix_user_gid }}" matrix_synapse_gid: "{{ matrix_user_gid }}"
@@ -4945,8 +4835,6 @@ matrix_synapse_container_additional_networks_auto: |
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
+ +
([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else []) ([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
+
([matrix_bot_draupnir_container_network] if (matrix_synapse_ext_synapse_http_antispam_enabled and matrix_synapse_ext_synapse_http_antispam_config_base_url == matrix_bot_draupnir_synapse_http_antispam_config_base_url and matrix_bot_draupnir_container_network != matrix_synapse_container_network) else [])
) | unique ) | unique
}} }}
@@ -4964,7 +4852,7 @@ matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_wo
matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}" matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}"
matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_element_admin_enabled }}" matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}" matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}"
matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
@@ -4992,7 +4880,7 @@ matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~ matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~ matrix_synapse_tls_private_key_path: ~
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}" matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
@@ -5021,7 +4909,7 @@ matrix_synapse_systemd_required_services_list_auto: |
+ +
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
+ +
(['matrix-authentication-service.service'] if (matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_matrix_authentication_service_endpoint == matrix_authentication_service_http_base_container_url) else []) (['matrix-authentication-service.service'] if (matrix_authentication_service_enabled and matrix_synapse_experimental_features_msc3861_enabled) else [])
}} }}
matrix_synapse_systemd_wanted_services_list_auto: | matrix_synapse_systemd_wanted_services_list_auto: |
@@ -5042,22 +4930,17 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
# Disable creation of media repository Synapse worker when using media-repo # Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}" matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
matrix_synapse_ext_synapse_http_antispam_enabled: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"
matrix_synapse_ext_synapse_http_antispam_config_base_url: "{{ matrix_bot_draupnir_synapse_http_antispam_config_base_url if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
matrix_synapse_ext_synapse_http_antispam_config_authorization: "{{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else '' }}"
matrix_synapse_ext_synapse_http_antispam_config_enabled_callbacks: "{{ matrix_bot_draupnir_synapse_http_antispam_config_enabled_callbacks if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else [] }}"
matrix_synapse_ext_synapse_http_antispam_config_fail_open: "{{ matrix_bot_draupnir_synapse_http_antispam_config_fail_open if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
matrix_synapse_ext_synapse_http_antispam_config_async: "{{ matrix_bot_draupnir_synapse_http_antispam_config_async if matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled else {} }}"
# Enable Synapse statistics reporting when using synapse-usage-exporter # Enable Synapse statistics reporting when using synapse-usage-exporter
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}" matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}" matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"
matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}" matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}"
matrix_synapse_matrix_authentication_service_enabled: "{{ matrix_authentication_service_enabled }}" matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_matrix_authentication_service_endpoint: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}" matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_matrix_authentication_service_secret: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}" matrix_synapse_experimental_features_msc3861_client_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'syn.ngauth.cs', rounds=655555) | to_uuid }}"
matrix_synapse_experimental_features_msc3861_admin_token: "{{ matrix_authentication_service_config_matrix_secret if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}"
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}" matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
@@ -5069,7 +4952,7 @@ matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_rtc_enabled }}"
# Unless this is done, Synapse fails on startup with: # Unless this is done, Synapse fails on startup with:
# > Error in configuration at 'password_config.enabled': # > Error in configuration at 'password_config.enabled':
# > Password auth cannot be enabled when OAuth delegation is enabled # > Password auth cannot be enabled when OAuth delegation is enabled
matrix_synapse_password_config_enabled: "{{ not matrix_synapse_matrix_authentication_service_enabled }}" matrix_synapse_password_config_enabled: "{{ not matrix_synapse_experimental_features_msc3861_enabled }}"
matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user" matrix_synapse_register_user_script_matrix_authentication_service_path: "{{ matrix_authentication_service_bin_path }}/register-user"
@@ -5096,7 +4979,7 @@ matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_u
matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}" matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}"
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}" matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
@@ -5216,8 +5099,6 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}"
matrix_synapse_admin_config_asManagedUsers_auto: | matrix_synapse_admin_config_asManagedUsers_auto: |
{{ {{
([ ([
@@ -5353,7 +5234,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
+ +
([ ([
'^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$', '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_telegram_enabled else []) ] if matrix_mautrix_telegram_enabled else [])
+ +
([ ([
@@ -5405,11 +5286,6 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
'^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', '^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', '^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_wechat_enabled else []) ] if matrix_wechat_enabled else [])
+
([
'^@'+(matrix_steam_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@steam_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_steam_bridge_enabled else [])
}} }}
###################################################################### ######################################################################
@@ -5460,7 +5336,7 @@ prometheus_node_exporter_gid: "{{ matrix_user_gid }}"
prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}" prometheus_node_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
prometheus_node_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_node_exporter_container_image_registry_prefix_upstream_default }}" prometheus_node_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_node_exporter_docker_image_registry_prefix_upstream_default }}"
prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_network }}" prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_network }}"
@@ -5498,7 +5374,7 @@ prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}"
prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}" prometheus_postgres_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
prometheus_postgres_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_postgres_exporter_container_image_registry_prefix_upstream_default }}" prometheus_postgres_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_postgres_exporter_docker_image_registry_prefix_upstream_default }}"
prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}" prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_network }}"
@@ -5764,7 +5640,6 @@ grafana_default_home_dashboard_path: |-
'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'dendrite': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'conduit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''), 'conduwuit': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
'continuwuity': ('/etc/grafana/dashboards/node-exporter-full.json' if prometheus_node_exporter_enabled else ''),
}[matrix_homeserver_implementation] }[matrix_homeserver_implementation]
}} }}
@@ -5825,7 +5700,6 @@ matrix_registration_shared_secret: |-
'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''), 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''),
'conduit': '', 'conduit': '',
'conduwuit': '', 'conduwuit': '',
'continuwuity': '',
}[matrix_homeserver_implementation] }[matrix_homeserver_implementation]
}} }}
@@ -6103,58 +5977,6 @@ matrix_conduwuit_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabl
###################################################################### ######################################################################
######################################################################
#
# matrix-continuwuity
#
######################################################################
matrix_continuwuity_enabled: "{{ matrix_homeserver_implementation == 'continuwuity' }}"
matrix_continuwuity_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_continuwuity_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"
matrix_continuwuity_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_docker_image_registry_prefix_upstream_default }}"
matrix_continuwuity_container_network: "{{ matrix_homeserver_container_network }}"
matrix_continuwuity_container_additional_networks_auto: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_continuwuity_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
) | unique
}}
matrix_continuwuity_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}"
matrix_continuwuity_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_continuwuity_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_continuwuity_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_continuwuity_container_labels_public_client_root_redirection_enabled: "{{ matrix_continuwuity_container_labels_public_client_root_redirection_url != '' }}"
matrix_continuwuity_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
matrix_continuwuity_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
matrix_continuwuity_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
matrix_continuwuity_container_labels_public_federation_api_traefik_tls: "{{ matrix_federation_traefik_entrypoint_tls }}"
matrix_continuwuity_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_continuwuity_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
matrix_continuwuity_config_turn_uris: "{{ matrix_coturn_turn_uris if matrix_coturn_enabled else [] }}"
matrix_continuwuity_config_turn_secret: "{{ matrix_coturn_turn_static_auth_secret if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'auth-secret') else '' }}"
matrix_continuwuity_config_turn_username: "{{ matrix_coturn_lt_cred_mech_username if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_continuwuity_config_turn_password: "{{ matrix_coturn_lt_cred_mech_password if (matrix_coturn_enabled and matrix_coturn_authentication_method == 'lt-cred-mech') else '' }}"
matrix_continuwuity_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
######################################################################
#
# /matrix-continuwuity
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-user-creator # matrix-user-creator
@@ -6214,7 +6036,7 @@ matrix_user_creator_users_auto: |
([{ ([{
'username': matrix_bot_draupnir_login, 'username': matrix_bot_draupnir_login,
'initial_password': matrix_bot_draupnir_password, 'initial_password': matrix_bot_draupnir_password,
'initial_type': ('admin' if matrix_bot_draupnir_admin_api_enabled else 'bot'), 'initial_type': 'bot',
}] if matrix_bot_draupnir_enabled and matrix_bot_draupnir_password else []) }] if matrix_bot_draupnir_enabled and matrix_bot_draupnir_password else [])
}} }}
@@ -6309,7 +6131,7 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: "{{ matrix_authentication_service_enabled }}" matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_enabled: "{{ matrix_authentication_service_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: "{{ matrix_authentication_service_config_http_issuer if matrix_authentication_service_enabled else '' }}" matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_issuer: "{{ matrix_authentication_service_config_http_issuer if matrix_authentication_service_enabled else '' }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url if matrix_authentication_service_enabled else '' }}" matrix_static_files_file_matrix_client_property_org_matrix_msc2965_authentication_account: "{{ matrix_authentication_service_account_management_url }}"
matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}" matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json" matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"
@@ -6441,45 +6263,6 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai
# # # #
######################################################################## ########################################################################
########################################################################
# #
# matrix-element-admin #
# #
########################################################################
# We don't enable this by default.
matrix_element_admin_enabled: false
matrix_element_admin_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_element_admin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_admin_container_image_registry_prefix_upstream_default }}"
matrix_element_admin_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_element_admin_container_network: "{{ matrix_addons_container_network }}"
matrix_element_admin_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_element_admin_container_labels_traefik_enabled) else [])
) | unique
}}
matrix_element_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_element_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_element_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_element_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_element_admin_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
######################################################################
# #
# /matrix-element-admin #
# #
######################################################################
######################################################################## ########################################################################
# # # #
@@ -6493,8 +6276,6 @@ matrix_element_call_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'htt
matrix_element_call_container_network: "{{ matrix_addons_container_network }}" matrix_element_call_container_network: "{{ matrix_addons_container_network }}"
matrix_element_call_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_call_container_image_registry_prefix_upstream_default }}"
matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" matrix_element_call_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_element_call_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_element_call_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
@@ -6530,8 +6311,6 @@ livekit_server_path_prefix: "/livekit-server"
livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
livekit_server_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else livekit_server_container_image_registry_prefix_upstream_default }}"
livekit_server_container_network: "{{ matrix_addons_container_network }}" livekit_server_container_network: "{{ matrix_addons_container_network }}"
livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}" livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
@@ -6576,15 +6355,6 @@ livekit_server_config_keys_auto: |-
) )
}} }}
# We only wish for matrix-livekit-jwt-service to create rooms, only for users on trusted homeservers.
# See `matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers`.
#
# Ref:
# - https://github.com/element-hq/lk-jwt-service/releases/tag/v0.3.0
# - https://github.com/livekit/livekit/blob/5e483e7554e5afbf254acf84e3ec0aa6e108e758/config-sample.yaml#L168-L170
# - https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/commit/2a1b04552634097bdd26d472502a8f5bf1b8528f
livekit_server_config_room_auto_create: false
# The playbook intentionally uses a non-standard port than the default used by the role (5349), # The playbook intentionally uses a non-standard port than the default used by the role (5349),
# because Coturn is already using that port. # because Coturn is already using that port.
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`. # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
@@ -6644,8 +6414,6 @@ matrix_livekit_jwt_service_path_prefix: "/livekit-jwt-service"
matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_livekit_jwt_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_livekit_jwt_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_livekit_jwt_service_container_image_registry_prefix_upstream_default }}"
matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}" matrix_livekit_jwt_service_container_network: "{{ matrix_addons_container_network }}"
matrix_livekit_jwt_service_container_additional_networks_auto: | matrix_livekit_jwt_service_container_additional_networks_auto: |
@@ -6664,8 +6432,6 @@ matrix_livekit_jwt_service_environment_variable_livekit_key: "{{ '%s' | format(m
matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}" matrix_livekit_jwt_service_environment_variable_livekit_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'lk.secret', rounds=655555) | to_uuid }}"
matrix_livekit_jwt_service_environment_variable_livekit_full_access_homeservers_list: ["{{ matrix_domain }}"]
######################################################################## ########################################################################
# # # #
# /matrix-livekit-jwt-service # # /matrix-livekit-jwt-service #

View File

@@ -20,7 +20,7 @@ Currently, we support translation of:
Organization of this `i18n` directory is as follows: Organization of this `i18n` directory is as follows:
- [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory) - [PUBLISHED_LANGUAGES](PUBLISHED_LANGUAGES): a list of languages that we publish translations for (in the [translations/](translations/) directory)
- [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionally ignore translated results (`translations/<language>` directories) for languages that are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold. - [.gitignore](.gitignore): a list of files and directories to ignore in the `i18n` directory. We intentionaly ignore translated results (`translations/<language>` directories) for languages taht are still in progress. We only [publish translations in a new language](#publish-translations-in-a-new-language) when the translation progresses beyond a certain threshold.
- [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner - [justfile](justfile): a list of recipes for [just](https://github.com/casey/just) command runner
- [requirements.txt](requirements.txt): a list of Python packages required to work with translations - [requirements.txt](requirements.txt): a list of Python packages required to work with translations
- [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files - [translation-templates/](translation-templates/): a list of English translation templates - strings extracted from Markdown files

View File

@@ -1,134 +0,0 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community
# members
# This file is distributed under the same license as the
# matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2025.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2025-01-27 09:54+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language: bg\n"
"Language-Team: bg <LL@li.org>\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.16.0\n"
#: ../../../docs/configuring-playbook-continuwuity.md:1
msgid "Configuring continuwuity (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:3
msgid "The playbook can install and configure the [continuwuity](https://continuwuity.org/) Matrix server for you."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:5
msgid "See the project's [documentation](https://continuwuity.org/) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:7
msgid "By default, the playbook installs [Synapse](https://github.com/element-hq/synapse) as it's the only full-featured Matrix server at the moment. If that's okay, you can skip this document."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:9
msgid "💡 **Note**: continuwuity is a fork of [conduwuit](./configuring-playbook-conduwuit.md), which the playbook also supports."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:11
msgid "⚠️ **Warnings**:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:13
msgid "**You can't switch an existing Matrix server's implementation** (e.g. Synapse -> continuwuity). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:15
msgid "**Homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:17
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:19
msgid "To use continuwuity, you **generally** need to adjust the `matrix_homeserver_implementation: synapse` configuration on your `inventory/host_vars/matrix.example.com/vars.yml` file as below:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:33
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:35
msgid "There are some additional things you may wish to configure about the server."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:37
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:39
msgid "`roles/custom/matrix-continuwuity/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:40
msgid "`roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2` for the server's default configuration"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:42
msgid "There are various Ansible variables that control settings in the `continuwuity.toml` file."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:44
msgid "If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:52
msgid "Creating the first user account"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:54
msgid "Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:56
msgid "If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:58
msgid "This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:60
msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:63
msgid "Configuring bridges / appservices"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:65
msgid "For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:67
msgid "For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices#set-up-the-appservice---general-instructions) sent to the server bot account."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:69
msgid "The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. Your first user account would already have been invited to an admin room with this bot."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:72
msgid "Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:74
msgid "Then, send its content to the existing admin room:"
msgstr ""

View File

@@ -435,7 +435,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340
msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342
@@ -535,7 +535,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407

View File

@@ -434,7 +434,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340
msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342
@@ -534,7 +534,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407

View File

@@ -1,26 +1,26 @@
alabaster==1.0.0 alabaster==1.0.0
babel==2.17.0 babel==2.17.0
certifi==2025.10.5 certifi==2025.1.31
charset-normalizer==3.4.3 charset-normalizer==3.4.1
click==8.3.0 click==8.1.8
docutils==0.22.2 docutils==0.21.2
idna==3.11 idna==3.10
imagesize==1.4.1 imagesize==1.4.1
Jinja2==3.1.6 Jinja2==3.1.6
linkify-it-py==2.0.3 linkify-it-py==2.0.3
markdown-it-py==4.0.0 markdown-it-py==3.0.0
MarkupSafe==3.0.3 MarkupSafe==3.0.2
mdit-py-plugins==0.5.0 mdit-py-plugins==0.4.2
mdurl==0.1.2 mdurl==0.1.2
myst-parser==4.0.1 myst-parser==4.0.1
packaging==25.0 packaging==24.2
Pygments==2.19.2 Pygments==2.19.1
PyYAML==6.0.3 PyYAML==6.0.2
requests==2.32.5 requests==2.32.3
setuptools==80.9.0 setuptools==78.1.0
snowballstemmer==3.0.1 snowballstemmer==2.2.0
Sphinx==8.2.3 Sphinx==8.2.3
sphinx-intl==2.3.2 sphinx-intl==2.3.1
sphinx-markdown-builder==0.6.8 sphinx-markdown-builder==0.6.8
sphinxcontrib-applehelp==2.0.0 sphinxcontrib-applehelp==2.0.0
sphinxcontrib-devhelp==2.0.0 sphinxcontrib-devhelp==2.0.0
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0 sphinxcontrib-serializinghtml==2.0.0
tabulate==0.9.0 tabulate==0.9.0
uc-micro-py==1.0.3 uc-micro-py==1.0.3
urllib3==2.5.0 urllib3==2.3.0

View File

@@ -430,7 +430,7 @@ msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](htt
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:340 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:340
msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)." msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:342 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:342
@@ -530,7 +530,7 @@ msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and d
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:" msgid "To perform a real migration, run the `matrix-authentication-service-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_dry_run` variable:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407 #: ../../../docs/configuring-playbook-matrix-authentication-service.md:407

View File

@@ -6,7 +6,7 @@
# Shows help # Shows help
default: default:
@{{ just_executable() }} --list --justfile "{{ justfile() }}" @{{ just_executable() }} --list --justfile {{ justfile() }}
# Pulls external Ansible roles # Pulls external Ansible roles
roles: roles:
@@ -48,7 +48,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star
# Runs installation tasks for a single service # Runs installation tasks for a single service
install-service service *extra_args: install-service service *extra_args:
{{ just_executable() }} --justfile "{{ justfile() }}" run \ {{ just_executable() }} --justfile {{ justfile() }} run \
--tags=install-{{ service }},start-group \ --tags=install-{{ service }},start-group \
--extra-vars=group={{ service }} \ --extra-vars=group={{ service }} \
--extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }} --extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
@@ -62,7 +62,7 @@ run +extra_args:
# Runs the playbook with the given list of comma-separated tags and optional arguments # Runs the playbook with the given list of comma-separated tags and optional arguments
run-tags tags *extra_args: run-tags tags *extra_args:
{{ just_executable() }} --justfile "{{ justfile() }}" run --tags={{ tags }} {{ extra_args }} {{ just_executable() }} --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
# Runs the playbook in user-registration mode # Runs the playbook in user-registration mode
register-user username password admin_yes_or_no *extra_args: register-user username password admin_yes_or_no *extra_args:
@@ -73,15 +73,15 @@ start-all *extra_args: (run-tags "start-all" extra_args)
# Starts a specific service group # Starts a specific service group
start-group group *extra_args: start-group group *extra_args:
@{{ just_executable() }} --justfile "{{ justfile() }}" run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} @{{ just_executable() }} --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
# Stops all services # Stops all services
stop-all *extra_args: (run-tags "stop-all" extra_args) stop-all *extra_args: (run-tags "stop-all" extra_args)
# Stops a specific service group # Stops a specific service group
stop-group group *extra_args: stop-group group *extra_args:
@{{ just_executable() }} --justfile "{{ justfile() }}" run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} @{{ just_executable() }} --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
# Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source # Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
rebuild-mautrix-meta-instagram: rebuild-mautrix-meta-instagram:
/bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom" /bin/bash {{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh {{ justfile_directory() }}/roles/custom

View File

@@ -4,37 +4,37 @@
version: v1.0.0-5 version: v1.0.0-5
name: auxiliary name: auxiliary
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
version: v1.4.1-1.9.14-2 version: v1.4.0-1.9.13-1
name: backup_borg name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.1-1 version: v0.3.0-4
name: container_socket_proxy name: container_socket_proxy
- src: git+https://github.com/geerlingguy/ansible-role-docker - src: git+https://github.com/geerlingguy/ansible-role-docker
version: 7.6.0 version: 7.4.7
name: docker name: docker
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 129c8590e106b83e6f4c259649a613c6279e937a version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.5.0-3 version: v2.3.0-0
name: etherpad name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-2 version: v4.98.1-r0-2-0
name: exim_relay name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-3 version: v11.6.0-0
name: grafana name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10532-1-0 version: v10169-0
name: jitsi name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.1-0 version: v1.8.4-5
name: livekit_server name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.14.0-2 version: v2.11.0-5
name: ntfy name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 7663e3114513e56f28d3ed762059b445c678a71a version: 201c939eed363de269a83ba29784fc3244846048
name: playbook_help name: playbook_help
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
@@ -43,35 +43,35 @@
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v18.0-0 version: v17.4-0
name: postgres name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-0 version: v17-3
name: postgres_backup name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.6.0-0 version: v2.55.1-3
name: prometheus name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-11 version: v1.9.1-0
name: prometheus_node_exporter name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.18.1-0 version: v0.14.0-9
name: prometheus_postgres_exporter name: prometheus_postgres_exporter
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.4.1-0 version: v1.4.0-0
name: systemd_docker_base name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-4 version: v1.0.0-4
name: systemd_service_manager name: systemd_service_manager
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.1.0-0 version: v1.0.0-0
name: timesync name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.5.3-0 version: v3.3.5-0
name: traefik name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-2 version: v2.10.0-0
name: traefik_certs_dumper name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v8.1.4-0 version: v8.0.1-3
name: valkey name: valkey

View File

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2025.9.24 matrix_alertmanager_receiver_version: 2025.3.26
matrix_alertmanager_receiver_scheme: https matrix_alertmanager_receiver_scheme: https
@@ -159,20 +159,30 @@ matrix_alertmanager_receiver_config_templating_external_url_mapping: {}
# "http://prometheus:8081": https://another.prometheus.example.com # "http://prometheus:8081": https://another.prometheus.example.com
matrix_alertmanager_receiver_config_templating_generator_url_mapping: {} matrix_alertmanager_receiver_config_templating_generator_url_mapping: {}
# Controls the `templating.computed-values` configuration setting.
matrix_alertmanager_receiver_config_templating_computed_values: "{{ matrix_alertmanager_receiver_config_templating_computed_values_default + matrix_alertmanager_receiver_config_templating_computed_values_auto + matrix_alertmanager_receiver_config_templating_computed_values_custom }}"
matrix_alertmanager_receiver_config_templating_computed_values_default:
- values: # always set 'color' to 'yellow'
color: yellow
- values: # set 'color' to 'orange' when alert label 'severity' is 'warning'
color: orange
when-matching-labels:
severity: warning
- values: # set 'color' to 'red' when alert label 'severity' is 'critical'
color: red
when-matching-labels:
severity: critical
- values: # set 'color' to 'green' when alert status is 'resolved'
color: green
when-matching-status: resolved
matrix_alertmanager_receiver_config_templating_computed_values_auto: []
matrix_alertmanager_receiver_config_templating_computed_values_custom: []
# Controls the `templating.firing-template` configuration setting. # Controls the `templating.firing-template` configuration setting.
matrix_alertmanager_receiver_config_templating_firing_template: |- matrix_alertmanager_receiver_config_templating_firing_template: |-
{% raw %} {% raw %}
{{ $color := "yellow" }}
{{ if eq .Alert.Labels.severity "warning" }}
{{ $color = "orange" }}
{{ else if eq .Alert.Labels.severity "critical" }}
{{ $color = "red" }}
{{ end }}
{{ if eq .Alert.Status "resolved" }}
{{ $color = "green" }}
{{ end }}
<p> <p>
<strong><font color="{{ $color }}">{{ .Alert.Status | ToUpper }}</font></strong> <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
{{ if .Alert.Labels.name }} {{ if .Alert.Labels.name }}
{{ .Alert.Labels.name }} {{ .Alert.Labels.name }}
{{ else if .Alert.Labels.alertname }} {{ else if .Alert.Labels.alertname }}
@@ -201,7 +211,7 @@ matrix_alertmanager_receiver_config_templating_firing_template: |-
# Controls the `templating.resolved-template` configuration setting. # Controls the `templating.resolved-template` configuration setting.
matrix_alertmanager_receiver_config_templating_resolved_template: |- matrix_alertmanager_receiver_config_templating_resolved_template: |-
{% raw %} {% raw %}
<strong><font color="green">{{ .Alert.Status | ToUpper }}</font></strong> <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
{{ if .Alert.Labels.name }} {{ if .Alert.Labels.name }}
{{ .Alert.Labels.name }} {{ .Alert.Labels.name }}
{{ else if .Alert.Labels.alertname }} {{ else if .Alert.Labels.alertname }}

View File

@@ -10,8 +10,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- path: "{{ matrix_alertmanager_receiver_base_path }}" - path: "{{ matrix_alertmanager_receiver_base_path }}"
when: true when: true
@@ -26,16 +26,16 @@
content: "{{ matrix_alertmanager_receiver_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_alertmanager_receiver_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_alertmanager_receiver_config_path }}/config.yml" dest: "{{ matrix_alertmanager_receiver_config_path }}/config.yml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-alertmanager-receiver support files installed - name: Ensure matrix-alertmanager-receiver support files installed
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2" src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_alertmanager_receiver_base_path }}/{{ item }}" dest: "{{ matrix_alertmanager_receiver_base_path }}/{{ item }}"
mode: 0640 mode: 0640
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- labels - labels
@@ -60,7 +60,7 @@
dest: "{{ matrix_alertmanager_receiver_container_src_path }}" dest: "{{ matrix_alertmanager_receiver_container_src_path }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"
register: matrix_alertmanager_receiver_git_pull_results register: matrix_alertmanager_receiver_git_pull_results
- name: Ensure matrix-alertmanager-receiver container image is built - name: Ensure matrix-alertmanager-receiver container image is built

View File

@@ -7,7 +7,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: > msg: >
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- {'name': 'matrix_alertmanager_receiver_hostname', when: true} - {'name': 'matrix_alertmanager_receiver_hostname', when: true}
- {'name': 'matrix_alertmanager_receiver_path_prefix', when: true} - {'name': 'matrix_alertmanager_receiver_path_prefix', when: true}
@@ -21,9 +21,6 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead. The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead.
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'} - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_auto', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}
- {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_custom', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
# configuration of the HTTP server # configuration of the HTTP server
http: http:
address: 0.0.0.0 # bind address for this service. Can be left unspecified to bind on all interfaces address: 0.0.0.0 # bind address for this service. Can be left unspecified to bind on all interfaces
@@ -26,6 +26,10 @@ templating:
# value is the mapped value which will be available as '.GeneratorURL' in templates # value is the mapped value which will be available as '.GeneratorURL' in templates
generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }} generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }}
# computation of arbitrary values based on matching alert annotations, labels, or status
# values will be evaluated top to bottom, last entry wins
computed-values: {{ matrix_alertmanager_receiver_config_templating_computed_values | to_json }}
# template for alerts in status 'firing' # template for alerts in status 'firing'
firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }} firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=matrix-alertmanager-receiver Description=matrix-alertmanager-receiver
{% for service in matrix_alertmanager_receiver_systemd_required_services_list %} {% for service in matrix_alertmanager_receiver_systemd_required_services_list %}

View File

@@ -9,8 +9,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- path: "{{ matrix_appservice_double_puppet_base_path }}" - path: "{{ matrix_appservice_double_puppet_base_path }}"
when: true when: true
@@ -23,5 +23,5 @@
content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml" dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"

View File

@@ -7,7 +7,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: > msg: >
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true} - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true} - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}

View File

@@ -12,7 +12,7 @@
matrix_appservice_draupnir_for_all_enabled: true matrix_appservice_draupnir_for_all_enabled: true
# renovate: datasource=docker depName=gnuxie/draupnir # renovate: datasource=docker depName=gnuxie/draupnir
matrix_appservice_draupnir_for_all_version: "v2.7.0" matrix_appservice_draupnir_for_all_version: "v2.2.0"
matrix_appservice_draupnir_for_all_container_image_self_build: false matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
@@ -50,7 +50,7 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
# anyone in this room can use the bot - secure your room! # anyone in this room can use the bot - secure your room!
# This should be a room alias - not a matrix.to URL. # This should be a room alias - not a matrix.to URL.
# Note: Draupnir is fairly verbose - expect a lot of messages from it. # Note: Draupnir is fairly verbose - expect a lot of messages from it.
# This room is different for Appservice Mode compared to normal mode. # This room is diffrent for Appservice Mode compared to normal mode.
# In Appservice mode it provides functions like user management. # In Appservice mode it provides functions like user management.
matrix_appservice_draupnir_for_all_config_adminRoom: "" # noqa var-naming matrix_appservice_draupnir_for_all_config_adminRoom: "" # noqa var-naming

View File

@@ -16,8 +16,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true} - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true}
- {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true} - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true}
@@ -44,7 +44,7 @@
version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}" version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"
register: matrix_appservice_draupnir_for_all_git_pull_results register: matrix_appservice_draupnir_for_all_git_pull_results
when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool" when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
@@ -64,24 +64,24 @@
content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-draupnir-for-all bot config installed - name: Ensure matrix-appservice-draupnir-for-all bot config installed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed - name: Ensure matrix-appservice-draupnir-for-all registration.yaml installed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml" dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-draupnir-for-all container network is created - name: Ensure matrix-appservice-draupnir-for-all container network is created
community.general.docker_network: community.general.docker_network:

View File

@@ -20,7 +20,7 @@
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'} - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'} - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=Matrix Draupnir for All appservice Description=Matrix Draupnir for All appservice
{% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %} {% for service in matrix_appservice_draupnir_for_all_systemd_wanted_services_list %}

View File

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 1.3.0 matrix_authentication_service_version: 0.14.1
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -231,24 +231,6 @@ matrix_authentication_service_config_account_password_change_allowed: true
# This has no effect if password login is disabled. # This has no effect if password login is disabled.
matrix_authentication_service_config_account_password_recovery_enabled: false matrix_authentication_service_config_account_password_recovery_enabled: false
# Controls the `account.account_deactivation_allowed` configuration setting.
#
# Whether users are allowed to delete their own account
matrix_authentication_service_config_account_account_deactivation_allowed: true
# Controls the `account.login_with_email_allowed` configuration setting.
#
# Whether users can log in with their email address.
# This has no effect if password login is disabled.
matrix_authentication_service_config_account_login_with_email_allowed: false
# Controls the `account.registration_token_required` configuration setting.
#
# Whether registration tokens are required for password registrations.
# When enabled, users must provide a valid registration token during password
# registration. This has no effect if password registration is disabled.
matrix_authentication_service_config_account_registration_token_required: false
######################################################################################## ########################################################################################
# # # #
# /Account configuration # # /Account configuration #
@@ -332,24 +314,6 @@ matrix_authentication_service_config_secrets_keys: |-
# # # #
######################################################################################## ########################################################################################
# Controls the resources exposed by the `web` HTTP listener.
matrix_authentication_service_config_http_listener_web_resources: "{{ matrix_authentication_service_config_http_listener_web_resources_default + matrix_authentication_service_config_http_listener_web_resources_auto + matrix_authentication_service_config_http_listener_web_resources_custom }}"
matrix_authentication_service_config_http_listener_web_resources_default: |-
{{
[
{'name': 'discovery'},
{'name': 'human'},
{'name': 'oauth'},
{'name': 'compat'},
{'name': 'graphql'},
{'name': 'assets'},
]
+
([{'name': 'adminapi'}] if matrix_authentication_service_admin_api_enabled else [])
}}
matrix_authentication_service_config_http_listener_web_resources_auto: []
matrix_authentication_service_config_http_listener_web_resources_custom: []
# Controls the `http.public_base` configuration setting. # Controls the `http.public_base` configuration setting.
matrix_authentication_service_config_http_public_base: "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}" matrix_authentication_service_config_http_public_base: "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}"
@@ -595,34 +559,29 @@ matrix_authentication_service_container_labels_additional_labels: ''
matrix_authentication_service_syn2mas_start_wait_time_seconds: 5 matrix_authentication_service_syn2mas_start_wait_time_seconds: 5
# The syn2mas sub-command to run. matrix_authentication_service_syn2mas_dry_run: false
# Valid values: migrate, check
matrix_authentication_service_syn2mas_subcommand: migrate
# Whether to pass a `--dry-run` flag to the 'migrate' sub-command. # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas
# See `matrix_authentication_service_syn2mas_subcommand` matrix_authentication_service_syn2mas_version: 0.14.1
matrix_authentication_service_syn2mas_migrate_dry_run: false matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
matrix_authentication_service_syn2mas_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream }}"
matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default: ghcr.io/
matrix_authentication_service_syn2mas_container_image_force_pull: "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}"
matrix_authentication_service_syn2mas_container_image_self_build: "{{ matrix_authentication_service_container_image_self_build }}"
matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}"
# Path to Synapse's homeserver.yaml configuration file. # Path to Synapse's homeserver.yaml configuration file.
matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "" matrix_authentication_service_syn2mas_synapse_homeserver_config_path: ""
matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}" # Additional arguments passed to the syn2mas process.
# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`).
# Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options`
# #
# Example: # Example:
# matrix_authentication_service_syn2mas_command_extra_options: # matrix_authentication_service_syn2mas_process_extra_arguments:
# - "--something" # - "--upstreamProviderMapping oidc-keycloak:01H8PKNWKKRPCBW4YGH1RWV279"
matrix_authentication_service_syn2mas_command_extra_options: [] matrix_authentication_service_syn2mas_process_extra_arguments: []
# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas migrate|check [OPTIONS]`).
# Also see: `matrix_authentication_service_syn2mas_command_extra_options`
#
# Example:
# matrix_authentication_service_syn2mas_subcommand_extra_options:
# - "--dry-run"
matrix_authentication_service_syn2mas_subcommand_extra_options: []
######################################################################################## ########################################################################################
# # # #
@@ -645,10 +604,6 @@ matrix_authentication_service_syn2mas_subcommand_extra_options: []
# - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.) # - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.)
matrix_authentication_service_migration_in_progress: false matrix_authentication_service_migration_in_progress: false
# Controls whether the admin API is enabled.
# Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api
matrix_authentication_service_admin_api_enabled: false
######################################################################################## ########################################################################################
# # # #
# /Misc # # /Misc #

View File

@@ -9,8 +9,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- {path: "{{ matrix_authentication_service_base_path }}", when: true} - {path: "{{ matrix_authentication_service_base_path }}", when: true}
- {path: "{{ matrix_authentication_service_bin_path }}", when: true} - {path: "{{ matrix_authentication_service_bin_path }}", when: true}
@@ -38,16 +38,16 @@
content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_authentication_service_config_path }}/config.yaml" dest: "{{ matrix_authentication_service_config_path }}/config.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure Matrix Authentication Service support files created - name: Ensure Matrix Authentication Service support files created
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- src: "{{ role_path }}/templates/env.j2" - src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_authentication_service_config_path }}/env" dest: "{{ matrix_authentication_service_config_path }}/env"
@@ -83,7 +83,7 @@
dest: "{{ matrix_authentication_service_container_src_files_path }}" dest: "{{ matrix_authentication_service_container_src_files_path }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"
- name: Ensure Matrix Authentication Service container image is built - name: Ensure Matrix Authentication Service container image is built
ansible.builtin.command: ansible.builtin.command:

View File

@@ -9,33 +9,18 @@
- setup-matrix-authentication-service - setup-matrix-authentication-service
- install-all - install-all
- install-matrix-authentication-service - install-matrix-authentication-service
- matrix-authentication-service-mas-cli-syn2mas
block: block:
- when: matrix_authentication_service_enabled | bool - when: matrix_authentication_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- tags:
- setup-all
- setup-matrix-authentication-service
- install-all
- install-matrix-authentication-service
block:
- when: matrix_authentication_service_enabled | bool - when: matrix_authentication_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
# The tag 'matrix-authentication-service-syn2mas' has been replaced by the tag 'matrix-authentication-service-mas-cli-syn2mas'.
- tags: - tags:
- matrix-authentication-service-syn2mas - matrix-authentication-service-syn2mas
block:
- name: Warn about deprecated tag
ansible.builtin.fail:
msg: "WARNING: The 'matrix-authentication-service-syn2mas' tag has been replaced by 'matrix-authentication-service-mas-cli-syn2mas'. Please update your command."
- tags:
- matrix-authentication-service-mas-cli-syn2mas
block: block:
- when: matrix_authentication_service_enabled | bool - when: matrix_authentication_service_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/mas_cli_syn2mas.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/syn2mas.yml"
- tags: - tags:
- matrix-authentication-service-mas-cli-doctor - matrix-authentication-service-mas-cli-doctor

View File

@@ -6,7 +6,7 @@
--- ---
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_authentication_service_syn2mas_migrate_dry_run: "{{ matrix_authentication_service_syn2mas_migrate_dry_run | bool }}" matrix_authentication_service_syn2mas_dry_run: "{{ matrix_authentication_service_syn2mas_dry_run | bool }}"
- name: Abort, if not using Synapse - name: Abort, if not using Synapse
when: not matrix_synapse_enabled | bool when: not matrix_synapse_enabled | bool
@@ -19,7 +19,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | string | length == 0" when: "item.when | bool and vars[item.name] | length == 0"
with_items: with_items:
- {'name': 'matrix_authentication_service_syn2mas_synapse_homeserver_config_path', when: true} - {'name': 'matrix_authentication_service_syn2mas_synapse_homeserver_config_path', when: true}
@@ -33,8 +33,41 @@
msg: "The Synapse homeserver config file does not exist at the specified path: {{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }}" msg: "The Synapse homeserver config file does not exist at the specified path: {{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }}"
when: not matrix_authentication_service_syn2mas_synapse_config_stat.stat.exists when: not matrix_authentication_service_syn2mas_synapse_config_stat.stat.exists
- name: Ensure Matrix Authentication Service syn2mas container image is pulled
community.docker.docker_image:
name: "{{ matrix_authentication_service_syn2mas_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_authentication_service_syn2mas_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_authentication_service_syn2mas_container_image_force_pull }}"
when: "not matrix_authentication_service_syn2mas_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- when: "matrix_authentication_service_syn2mas_container_image_self_build | bool"
block:
- name: Ensure Matrix Authentication Service repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_authentication_service_container_repo }}"
version: "{{ matrix_authentication_service_container_repo_version }}"
dest: "{{ matrix_authentication_service_container_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_authentication_service_git_pull_results
- name: Ensure Matrix Authentication Service syn2mas container image is built
ansible.builtin.command:
cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} buildx build
--tag={{ matrix_authentication_service_syn2mas_container_image }}
--file={{ matrix_authentication_service_container_src_files_path }}/tools/syn2mas/Dockerfile
{{ matrix_authentication_service_container_src_files_path }}/tools/syn2mas
changed_when: true
- name: Ensure Synapse is stopped - name: Ensure Synapse is stopped
when: not matrix_authentication_service_syn2mas_migrate_dry_run | bool when: not matrix_authentication_service_syn2mas_dry_run | bool
ansible.builtin.service: ansible.builtin.service:
name: matrix-synapse name: matrix-synapse
state: stopped state: stopped
@@ -48,19 +81,14 @@
# #
# Still, it's probably safer to stop it anyway. # Still, it's probably safer to stop it anyway.
- name: Ensure Matrix Authentication Service is stopped - name: Ensure Matrix Authentication Service is stopped
when: not matrix_authentication_service_syn2mas_migrate_dry_run | bool
ansible.builtin.service: ansible.builtin.service:
name: matrix-authentication-service name: matrix-authentication-service
state: stopped state: stopped
register: matrix_authentication_service_mas_ensure_stopped_result register: matrix_authentication_service_mas_ensure_stopped_result
# This is similar to the command found in the systemd service file.
#
# We cannot use `docker exec` with the existing Matrix Authentication Service container here,
# because we need an additional mount (the Synapse homeserver config).
- name: Generate syn2mas migration command - name: Generate syn2mas migration command
ansible.builtin.set_fact: ansible.builtin.set_fact:
matrix_authentication_service_mas_cli_syn2mas_command: >- matrix_authentication_service_syn2mas_migration_command: >-
{{ devture_systemd_docker_base_host_command_docker }} run {{ devture_systemd_docker_base_host_command_docker }} run
--rm --rm
--name=matrix-authentication-service-syn2mas --name=matrix-authentication-service-syn2mas
@@ -68,16 +96,14 @@
--user={{ matrix_authentication_service_uid }}:{{ matrix_authentication_service_gid }} --user={{ matrix_authentication_service_uid }}:{{ matrix_authentication_service_gid }}
--cap-drop=ALL --cap-drop=ALL
--network={{ matrix_authentication_service_syn2mas_container_network }} --network={{ matrix_authentication_service_syn2mas_container_network }}
--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro
--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro
--mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro
{{ matrix_authentication_service_container_image }} --mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/mas-config.yaml,ro
syn2mas {{ matrix_authentication_service_syn2mas_container_image }}
--synapse-config=/homeserver.yaml --command=migrate
{{ matrix_authentication_service_syn2mas_command_extra_options | join(' ') }} --synapseConfigFile=/homeserver.yaml
{{ matrix_authentication_service_syn2mas_subcommand }} --masConfigFile=/mas-config.yaml
{{ '--dry-run' if matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_syn2mas_subcommand == 'migrate' else '' }} {{ matrix_authentication_service_syn2mas_process_extra_arguments | join(' ') }}
{{ matrix_authentication_service_syn2mas_subcommand_extra_options | join(' ') }} {% if matrix_authentication_service_syn2mas_dry_run | bool %}--dryRun{% endif %}
tags: tags:
- skip_ansible_lint - skip_ansible_lint
@@ -85,33 +111,33 @@
# See: https://ansibledaily.com/print-to-standard-output-without-escaping/ # See: https://ansibledaily.com/print-to-standard-output-without-escaping/
# #
# We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it,
# which ruins the command (`matrix_authentication_service_mas_cli_syn2mas_command`). # which ruins the command (`matrix_authentication_service_syn2mas_migration_command`).
- name: Note about syn2mas migration - name: Note about syn2mas migration
ansible.builtin.set_fact: ansible.builtin.set_fact:
dummy: true dummy: true
with_items: with_items:
- >- - >-
Running syn2mas migration using the following command: `{{ matrix_authentication_service_mas_cli_syn2mas_command }}`. Running syn2mas migration using the following command: `{{ matrix_authentication_service_syn2mas_migration_command }}`.
If this crashes, you can stop Synapse (`systemctl stop matrix-synapse`), start Matrix Authentication Service (`systemctl start matrix-authentication-service`) and run the command manually. If this crashes, you can stop Synapse (`systemctl stop matrix-synapse`) and run the command manually.
- name: Perform syn2mas migration - name: Perform syn2mas migration
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ matrix_authentication_service_mas_cli_syn2mas_command }}" cmd: "{{ matrix_authentication_service_syn2mas_migration_command }}"
register: matrix_authentication_service_mas_cli_syn2mas_command_result register: matrix_authentication_service_syn2mas_migration_command_result
changed_when: matrix_authentication_service_mas_cli_syn2mas_command_result.rc == 0 changed_when: matrix_authentication_service_syn2mas_migration_command_result.rc == 0
- name: Print syn2mas migration command result - name: Print syn2mas migration command result
ansible.builtin.debug: ansible.builtin.debug:
var: matrix_authentication_service_mas_cli_syn2mas_command_result var: matrix_authentication_service_syn2mas_migration_command_result
- name: Ensure Synapse is started (if it previously was) - name: Ensure Synapse is started (if it previously was)
when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_cli_syn2mas_command_result.changed" when: "not matrix_authentication_service_syn2mas_dry_run and matrix_authentication_service_synapse_ensure_stopped_result.changed"
ansible.builtin.service: ansible.builtin.service:
name: matrix-synapse name: matrix-synapse
state: started state: started
- name: Ensure Matrix Authentication Service is started (if it previously was) - name: Ensure Matrix Authentication Service is started (if it previously was)
when: "not matrix_authentication_service_syn2mas_migrate_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed" when: "not matrix_authentication_service_syn2mas_dry_run and matrix_authentication_service_mas_ensure_stopped_result.changed"
ansible.builtin.service: ansible.builtin.service:
name: matrix-authentication-service name: matrix-authentication-service
state: started state: started

View File

@@ -13,4 +13,4 @@
cmd: "{{ private_key_definition.generation_command | replace('__KEY_FILE_PATH__', matrix_authentication_service_private_key_file_path) }}" cmd: "{{ private_key_definition.generation_command | replace('__KEY_FILE_PATH__', matrix_authentication_service_private_key_file_path) }}"
creates: "{{ matrix_authentication_service_private_key_file_path }}" creates: "{{ matrix_authentication_service_private_key_file_path }}"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"

View File

@@ -9,7 +9,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] | string | length == 0" when: "item.when | bool and vars[item.name] | length == 0"
with_items: with_items:
- {'name': 'matrix_authentication_service_hostname', when: true} - {'name': 'matrix_authentication_service_hostname', when: true}
- {'name': 'matrix_authentication_service_config_database_username', when: true} - {'name': 'matrix_authentication_service_config_database_username', when: true}
@@ -40,15 +40,7 @@
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'} - {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'} - {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'}
- {'old': 'matrix_authentication_service_syn2mas_container_image', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_force_pull', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_container_image_self_build', 'new': '<removed>'}
- {'old': 'matrix_authentication_service_syn2mas_process_extra_arguments', 'new': 'matrix_authentication_service_syn2mas_command_extra_options or matrix_authentication_service_syn2mas_subcommand_extra_options'}
- {'old': 'matrix_authentication_service_syn2mas_dry_run', 'new': 'matrix_authentication_service_syn2mas_migrate_dry_run'}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
#!/bin/bash #!/bin/bash
args=$@ args=$@

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
#!/bin/bash #!/bin/bash
if [ $# -ne 3 ]; then if [ $# -ne 3 ]; then

View File

@@ -1,8 +1,14 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
http: http:
listeners: listeners:
- name: web - name: web
resources: {{ matrix_authentication_service_config_http_listener_web_resources | to_json }} resources:
- name: discovery
- name: human
- name: oauth
- name: compat
- name: graphql
- name: assets
binds: binds:
- address: '[::]:8080' - address: '[::]:8080'
proxy_protocol: false proxy_protocol: false
@@ -67,9 +73,6 @@ account:
password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }} password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }}
password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }} password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }}
password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }} password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }}
account_deactivation_allowed: {{ matrix_authentication_service_config_account_account_deactivation_allowed | to_json }}
login_with_email_allowed: {{ matrix_authentication_service_config_account_login_with_email_allowed | to_json }}
registration_token_required: {{ matrix_authentication_service_config_account_registration_token_required | to_json }}
clients: {{ matrix_authentication_service_config_clients | to_json }} clients: {{ matrix_authentication_service_config_clients | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_base_url | to_json }} base_url: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_api_key | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_anthropic_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_base_url | to_json }} base_url: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_api_key | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_groq_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_base_url | to_json }} base_url: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_api_key | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_mistral_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_base_url | to_json }} base_url: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_base_url | to_json }}
api_key: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_api_key | to_json }} api_key: {{ matrix_authentication_service_config_agents_static_definitions_openai_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=Matrix Authentication Service Description=Matrix Authentication Service
{% for service in matrix_authentication_service_systemd_required_services_list %} {% for service in matrix_authentication_service_systemd_required_services_list %}

View File

@@ -48,9 +48,6 @@ matrix_bridges_encryption_enabled: false
# Global var to make encryption default/optional across all bridges with encryption support # Global var to make encryption default/optional across all bridges with encryption support
matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}" matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"
# Global var for enabling msc4190 ( On supported bridges)
matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}"
# Global var to enable/disable relay mode across all bridges with relay mode support # Global var to enable/disable relay mode across all bridges with relay mode support
matrix_bridges_relay_enabled: false matrix_bridges_relay_enabled: false
@@ -81,7 +78,7 @@ matrix_monitoring_container_network: matrix-monitoring
matrix_homeserver_enabled: true matrix_homeserver_enabled: true
# This will contain the homeserver implementation that is in use. # This will contain the homeserver implementation that is in use.
# Valid values: synapse, dendrite, conduit, conduwuit, continuwuity # Valid values: synapse, dendrite, conduit, conduwuit
# #
# By default, we use Synapse, because it's the only full-featured Matrix server at the moment. # By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
# #
@@ -161,7 +158,7 @@ matrix_federation_traefik_entrypoint_tls: true
# Recognized values by us are 'amd64', 'arm32' and 'arm64'. # Recognized values by us are 'amd64', 'arm32' and 'arm64'.
# Not all architectures support all services, so your experience (on non-amd64) may vary. # Not all architectures support all services, so your experience (on non-amd64) may vary.
# See docs/alternative-architectures.md # See docs/alternative-architectures.md
matrix_architecture: "{{ 'amd64' if ansible_facts.architecture == 'x86_64' else ('arm64' if ansible_facts.architecture == 'aarch64' else ('arm32' if ansible_facts.architecture.startswith('armv') else '')) }}" matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
# The architecture for Debian packages. # The architecture for Debian packages.
# See: https://wiki.debian.org/SupportedArchitectures # See: https://wiki.debian.org/SupportedArchitectures
@@ -175,15 +172,11 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar
# Example value: "registry.example.com/" (note the trailing `/`). # Example value: "registry.example.com/" (note the trailing `/`).
matrix_container_global_registry_prefix_override: "" matrix_container_global_registry_prefix_override: ""
matrix_user_name: "matrix" matrix_user_username: "matrix"
matrix_user_system: true matrix_user_groupname: "matrix"
matrix_user_shell: /sbin/nologin
matrix_group_name: "matrix" # By default, the playbook creates the user (`matrix_user_username`)
matrix_group_system: true # and group (`matrix_user_groupname`) with a random ID.
# By default, the playbook creates the user (`matrix_user_name`)
# and group (`matrix_group_name`) with a random ID.
# To use a specific user/group ID, override these variables. # To use a specific user/group ID, override these variables.
matrix_user_uid: ~ matrix_user_uid: ~
matrix_user_gid: ~ matrix_user_gid: ~
@@ -217,7 +210,7 @@ matrix_homeserver_container_url: "http://{{ matrix_homeserver_container_client_a
# Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network). # Specifies where the homeserver's Client-Server API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc. # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere. # This likely gets overriden elsewhere.
matrix_homeserver_container_client_api_endpoint: "" matrix_homeserver_container_client_api_endpoint: ""
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network). # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
@@ -225,7 +218,7 @@ matrix_homeserver_container_federation_url: "http://{{ matrix_homeserver_contain
# Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network). # Specifies where the homeserver's Federation API is on the container network (matrix_homeserver_container_network).
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc. # Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overridden elsewhere. # This likely gets overriden elsewhere.
matrix_homeserver_container_federation_api_endpoint: "" matrix_homeserver_container_federation_api_endpoint: ""
# Specifies the public url of the Sync v3 (sliding-sync) API. # Specifies the public url of the Sync v3 (sliding-sync) API.

View File

@@ -6,11 +6,11 @@
# This is for both RedHat 7 and 8 # This is for both RedHat 7 and 8
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml" - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml"
when: ansible_facts.os_family == 'RedHat' when: ansible_os_family == 'RedHat'
# This is for both Debian and Raspbian # This is for both Debian and Raspbian
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml" - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml"
when: ansible_facts.os_family == 'Debian' when: ansible_os_family == 'Debian'
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml" - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml"
when: ansible_facts.os_family == 'Archlinux' when: ansible_os_family == 'Archlinux'

View File

@@ -5,6 +5,6 @@
--- ---
- name: Ensure fuse installed (RedHat) - name: Ensure fuse installed (RedHat)
ansible.builtin.package: ansible.builtin.yum:
name: fuse name: fuse
state: present state: present

View File

@@ -17,8 +17,8 @@
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
mode: "{{ matrix_base_data_path_mode }}" mode: "{{ matrix_base_data_path_mode }}"
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- "{{ matrix_base_data_path }}" - "{{ matrix_base_data_path }}"
- "{{ matrix_bin_path }}" - "{{ matrix_bin_path }}"

View File

@@ -7,22 +7,20 @@
- name: Ensure Matrix group is created - name: Ensure Matrix group is created
ansible.builtin.group: ansible.builtin.group:
name: "{{ matrix_group_name }}" name: "{{ matrix_user_groupname }}"
gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}" gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
state: present state: present
system: "{{ matrix_group_system }}"
register: matrix_group register: matrix_group
- name: Ensure Matrix user is created - name: Ensure Matrix user is created
ansible.builtin.user: ansible.builtin.user:
name: "{{ matrix_user_name }}" name: "{{ matrix_user_username }}"
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present state: present
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
home: "{{ matrix_base_data_path }}" home: "{{ matrix_base_data_path }}"
create_home: false create_home: false
system: "{{ matrix_user_system }}" system: true
shell: "{{ matrix_user_shell }}"
register: matrix_user register: matrix_user
- name: Initialize matrix_user_uid and matrix_user_gid - name: Initialize matrix_user_uid and matrix_user_gid

View File

@@ -13,14 +13,14 @@
- name: Fail if invalid homeserver implementation - name: Fail if invalid homeserver implementation
ansible.builtin.fail: ansible.builtin.fail:
msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit', 'continuwuity']" when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit']"
- name: (Deprecation) Catch and report renamed settings - name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'} - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
- {'old': 'hostname_identity', 'new': 'matrix_domain'} - {'old': 'hostname_identity', 'new': 'matrix_domain'}
@@ -31,11 +31,7 @@
- {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'} - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
- {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'} - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
- {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'} - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
- {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
- {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'}
- {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'} - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
- {'old': 'matrix_user_username', 'new': 'matrix_user_name'}
- {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'}
# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
- name: Fail if matrix_homeserver_generic_secret_key is undefined - name: Fail if matrix_homeserver_generic_secret_key is undefined
@@ -66,7 +62,7 @@
- name: Fail if matrix_architecture is set incorrectly - name: Fail if matrix_architecture is set incorrectly
ansible.builtin.fail: ansible.builtin.fail:
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_facts.architecture }}." msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
when: matrix_architecture not in ['amd64', 'arm32', 'arm64'] when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
- name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly - name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly
@@ -99,14 +95,14 @@
To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration. To get rid of this error, remove all `matrix_mx_puppet_*` references from your configuration.
To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal. To clean up your server from mx-puppet-skype's presence, see this changelog entry: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#mx-puppet-skype-removal.
If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`. If you still need bridging to Skype, consider switching to the go-skype bridge instead. See `docs/configuring-playbook-bridge-go-skype-bridge.md`.
when: "lookup('ansible.builtin.varnames', '^matrix_mx_puppet_skype_enabled$', wantlist=True) | length > 0" when: "'matrix_mx_puppet_skype_enabled' in vars"
- name: Fail if mautrix-instagram and mautrix-meta-instagram are in conflict - name: Fail if mautrix-instagram and mautrix-meta-instagram are in conflict
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge. Your configuration enables both the old mautrix-instagram bridge and the new mautrix-meta-instagram bridge.
By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict. By default, both bridges are configured to use the same bridge bot username (`@{{ matrix_mautrix_meta_instagram_appservice_username }}:{{ matrix_domain }}`) which is a conflict.
We recommend that you disable at least one of the bridges (preferably the old mautrix-instagram bridge), or to resolve the conflict in another way. We recommend that you disable at least one of the bridges (preferrably the old mautrix-instagram bridge), or to resolve the conflict in another way.
To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now. To resolve the conflict without disabling a bridge, consider adjusting one of `matrix_mautrix_instagram_appservice_bot_username` or `matrix_mautrix_meta_instagram_appservice_username` - they both have a value of {{ matrix_mautrix_meta_instagram_appservice_username }} right now.
when: when:
- matrix_mautrix_instagram_enabled | bool - matrix_mautrix_instagram_enabled | bool

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
#!/bin/bash #!/bin/bash
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then

View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.8.1 matrix_bot_baibot_version: v1.5.1
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -368,16 +368,16 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models # For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# The prompt text to use (can be null or empty to not use a prompt). # The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting # See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}" matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text. # The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: ~ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: 16384
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: 128000 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: ~
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 400000 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 128000
matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_model_id: whisper-1 matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_model_id: whisper-1
@@ -389,10 +389,9 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_response_format: opus matrix_bot_baibot_config_agents_static_definitions_openai_config_text_to_speech_response_format: opus
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_enabled: true matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: gpt-image-1 matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id: dall-e-3
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: null matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style: vivid
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: null matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size: 1024x1024
matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality: null
######################################################################################## ########################################################################################
# # # #

View File

@@ -10,8 +10,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- {path: "{{ matrix_bot_baibot_base_path }}", when: true} - {path: "{{ matrix_bot_baibot_base_path }}", when: true}
- {path: "{{ matrix_bot_baibot_config_path }}", when: true} - {path: "{{ matrix_bot_baibot_config_path }}", when: true}
@@ -24,15 +24,15 @@
content: "{{ matrix_bot_baibot_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_bot_baibot_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_bot_baibot_config_path }}/config.yml" dest: "{{ matrix_bot_baibot_config_path }}/config.yml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
- name: Ensure baibot environment variables file created - name: Ensure baibot environment variables file created
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2" src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_baibot_config_path }}/env" dest: "{{ matrix_bot_baibot_config_path }}/env"
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
mode: 0640 mode: 0640
- name: Ensure baibot container image is pulled - name: Ensure baibot container image is pulled
@@ -56,7 +56,7 @@
dest: "{{ matrix_bot_baibot_container_src_files_path }}" dest: "{{ matrix_bot_baibot_container_src_files_path }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"
register: matrix_bot_baibot_git_pull_results register: matrix_bot_baibot_git_pull_results
- name: Ensure baibot container image is built - name: Ensure baibot container image is built

View File

@@ -9,7 +9,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true} - {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true}
- {'name': 'matrix_bot_baibot_config_user_password', when: true} - {'name': 'matrix_bot_baibot_config_user_password', when: true}
@@ -37,6 +37,6 @@
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'} - {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_base_url | to_json }} base_url: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_base_url | to_json }} base_url: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_base_url | to_json }} base_url: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key | to_json }}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_base_url | to_json }} base_url: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key | to_json }} api_key: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key | to_json }}
@@ -35,5 +35,4 @@ image_generation:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id | to_json }} model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_model_id | to_json }}
style: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style | to_json }} style: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_style | to_json }}
size: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size | to_json }} size: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_size | to_json }}
quality: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generation_quality | to_json }}
{% endif %} {% endif %}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=Matrix baibot bot Description=Matrix baibot bot
{% for service in matrix_bot_baibot_systemd_required_services_list %} {% for service in matrix_bot_baibot_systemd_required_services_list %}

View File

@@ -39,8 +39,8 @@
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- {path: "{{ matrix_bot_buscarron_config_path }}", when: true} - {path: "{{ matrix_bot_buscarron_config_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_data_path }}", when: true} - {path: "{{ matrix_bot_buscarron_data_path }}", when: true}
@@ -52,8 +52,8 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2" src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_bot_buscarron_config_path }}/{{ item }}" dest: "{{ matrix_bot_buscarron_config_path }}/{{ item }}"
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_user_groupname }}"
mode: 0640 mode: 0640
with_items: with_items:
- env - env
@@ -78,7 +78,7 @@
dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" dest: "{{ matrix_bot_buscarron_docker_src_files_path }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_name }}" become_user: "{{ matrix_user_username }}"
register: matrix_bot_buscarron_git_pull_results register: matrix_bot_buscarron_git_pull_results
when: "matrix_bot_buscarron_container_image_self_build | bool" when: "matrix_bot_buscarron_container_image_self_build | bool"

View File

@@ -10,7 +10,7 @@
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_bot_buscarron_noencryption', 'new': '<removed>'} - {'old': 'matrix_bot_buscarron_noencryption', 'new': '<removed>'}
- {'old': 'matrix_bot_buscarron_spam_hosts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'} - {'old': 'matrix_bot_buscarron_spam_hosts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
@@ -22,7 +22,7 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- {'name': 'matrix_bot_buscarron_password', when: true} - {'name': 'matrix_bot_buscarron_password', when: true}
- {'name': 'matrix_bot_buscarron_hostname', when: true} - {'name': 'matrix_bot_buscarron_hostname', when: true}

View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=Matrix web forms bot Description=Matrix web forms bot
{% for service in matrix_bot_buscarron_systemd_required_services_list %} {% for service in matrix_bot_buscarron_systemd_required_services_list %}

Some files were not shown because too many files have changed in this diff Show More