mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 01:23:24 +00:00 
			
		
		
		
	Compare commits
	
		
			211 Commits
		
	
	
		
			stabilize-
			...
			16cf98e5e2
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 16cf98e5e2 | ||
|  | d43f03bbca | ||
|  | 544d25e8c3 | ||
|  | 31f1d40a9f | ||
|  | dd70df545a | ||
|  | b2024fa7c1 | ||
|  | a254f69e56 | ||
|  | ae7847719d | ||
|  | 2fea3c3e4a | ||
|  | b50d9352c3 | ||
|  | 6190fe0ca2 | ||
|  | 3ff32ec07a | ||
|  | e9406589e6 | ||
|  | 376fcdafc2 | ||
|  | bff95835ef | ||
|  | d908d003c8 | ||
|  | 31f222823b | ||
|  | 6a3c0423e0 | ||
|  | d755b959d6 | ||
|  | 8fd2b75756 | ||
|  | 9fb28c9fd7 | ||
|  | ec5efe8c4e | ||
|  | ec3f25e8ad | ||
|  | 2719f5e806 | ||
|  | 489bf39322 | ||
|  | 525d4bc997 | ||
|  | 8511d4dfc4 | ||
|  | 1c4738b89a | ||
|  | 7caa583743 | ||
|  | f048a0f9a5 | ||
|  | b54eadb9e0 | ||
|  | 2b0ea94a72 | ||
|  | ad9c01fd5b | ||
|  | ed9bb75a52 | ||
|  | 2d05db52c7 | ||
|  | f53a3bb365 | ||
|  | 9791f8a120 | ||
|  | 4145b811a3 | ||
|  | 6e4f781995 | ||
|  | 958b0de4f1 | ||
|  | 1bd6e8d064 | ||
|  | 01d548d4a7 | ||
|  | 3a5e6d5f2e | ||
|  | feb7953132 | ||
|  | 951b27ed7f | ||
|  | b7f03aa4b2 | ||
|  | 4e21bbe064 | ||
|  | 58688bf538 | ||
|  | 14c32cad77 | ||
|  | afa003fadd | ||
|  | 03607e8dcd | ||
|  | edad6a17bd | ||
|  | dbae258970 | ||
|  | 647652852b | ||
|  | c704be1f68 | ||
|  | ba19f37cb2 | ||
|  | 7261a50892 | ||
|  | 32f9c34aeb | ||
|  | 37a0967258 | ||
|  | 4c17617397 | ||
|  | 625d246d73 | ||
|  | 931056a1dc | ||
|  | 677b1ea55b | ||
|  | 3bf56e931d | ||
|  | db54063a0c | ||
|  | 8857f78a4d | ||
|  | 1b8c153c4a | ||
|  | 704eae3040 | ||
|  | 1eaa399c65 | ||
|  | dccfbcbdf5 | ||
|  | cb6ae3de76 | ||
|  | 3467baf62f | ||
|  | 895f149a34 | ||
|  | 42aa749f14 | ||
|  | 91372da03c | ||
|  | 04773517dd | ||
|  | a0858df60f | ||
|  | 344f9bf7af | ||
|  | 796b5597f4 | ||
|  | 29d80b2243 | ||
|  | 65d41bd84d | ||
|  | 85504350af | ||
|  | 495a4e5312 | ||
|  | 6fd1119cdd | ||
|  | 31333460dc | ||
|  | b71968cf64 | ||
|  | 90d3cf78b3 | ||
|  | 70fd18079e | ||
|  | 3819cc7b13 | ||
|  | 2607714887 | ||
|  | 4cc7d8456b | ||
|  | 2997f23e20 | ||
|  | 6e5cf9f3be | ||
|  | 238cc68889 | ||
|  | 2591223b20 | ||
|  | ca69a97d08 | ||
|  | 3c3cc2bf7d | ||
|  | 3fee130331 | ||
|  | 2ea4384840 | ||
|  | 66729311db | ||
|  | 06263ddf61 | ||
|  | 9f6305db4d | ||
|  | 1d6bf63ca5 | ||
|  | 25e7cac28d | ||
|  | ba4153da97 | ||
|  | 130d756dcb | ||
|  | beaf0ba16e | ||
|  | c2e606095c | ||
|  | 84bde915c7 | ||
|  | 910cdf8a0a | ||
|  | d8eed6bfd3 | ||
|  | 38b40242c4 | ||
|  | f12d6a901c | ||
|  | c67c7d6f46 | ||
|  | a6f0f40296 | ||
|  | f65656175f | ||
|  | 24c2de23d5 | ||
|  | deb19fb67c | ||
|  | 4d15ebcffa | ||
|  | 2a2ef828c3 | ||
|  | 40813784c1 | ||
|  | 071b5789f2 | ||
|  | d2f38f04a6 | ||
|  | 840ad0171f | ||
|  | 051d77e541 | ||
|  | facdde367f | ||
|  | a008665ad5 | ||
|  | aa58c5cfd6 | ||
|  | a444d45f1e | ||
|  | a22d2cc2bf | ||
|  | cab01be63c | ||
|  | f5b1ba57eb | ||
|  | beb8e6d5f9 | ||
|  | 14b65ed7ed | ||
|  | 841e2f7c4e | ||
|  | 3ea0a10947 | ||
|  | fedb5a8cb0 | ||
|  | 60ab080147 | ||
|  | 3daf14d695 | ||
|  | 39efe79417 | ||
|  | 46a416e678 | ||
|  | 48c08f62fb | ||
|  | b85f7c61dd | ||
|  | 41043ffb1f | ||
|  | 62cef9375e | ||
|  | ab6f091f5f | ||
|  | 9357eebbf1 | ||
|  | cd6e9843e1 | ||
|  | 9354fa253e | ||
|  | de212a2211 | ||
|  | ac063d0629 | ||
|  | 814d3acc42 | ||
|  | 28deb25810 | ||
|  | b62b5c3659 | ||
|  | 153fd1f68f | ||
|  | 21766eba94 | ||
|  | c6b66d93b7 | ||
|  | 5951437e15 | ||
|  | 2253fc4d45 | ||
|  | eb8bc55dfe | ||
|  | 83165d77fa | ||
|  | 1efc2fb7ba | ||
|  | 945c4b503c | ||
|  | 824d18626d | ||
|  | 8e01a51f00 | ||
|  | 0f50f24c1b | ||
|  | 7f0c9aaf55 | ||
|  | 992f974a65 | ||
|  | 6e89e181ec | ||
|  | f136c2e5f1 | ||
|  | 5deead45cd | ||
|  | 2252697119 | ||
|  | 831a288ffc | ||
|  | ec8a7a4934 | ||
|  | 1c09eda631 | ||
|  | dd5994cfb4 | ||
|  | 8ff8e435c0 | ||
|  | 13cc78a9ac | ||
|  | bb32475f27 | ||
|  | daba4cb225 | ||
|  | 3462196eb3 | ||
|  | 0f00cddcda | ||
|  | b2c9468ac2 | ||
|  | 06ab77fdcc | ||
|  | 0ebefac8d3 | ||
|  | 5ec3257e3c | ||
|  | ddf161aa74 | ||
|  | 6ba22f5db7 | ||
|  | c2bd2ba6fc | ||
|  | 6006d1e4d8 | ||
|  | 9bcfbc13fb | ||
|  | b6f2255d49 | ||
|  | 2190e7a5ea | ||
|  | bb322ad692 | ||
|  | dd3399aa44 | ||
|  | c84a4ee28c | ||
|  | 662c477a65 | ||
|  | bb98127754 | ||
|  | 2c859b2868 | ||
|  | fccd7442d6 | ||
|  | 5711a8bda3 | ||
|  | 6bd758ec5a | ||
|  | 50abe5b92f | ||
|  | 567cd9b669 | ||
|  | e057dd93cc | ||
|  | 92ad39bf51 | ||
|  | 67b078f061 | ||
|  | 5b148e0d60 | ||
|  | c4968592d9 | ||
|  | 03b78f90b5 | ||
|  | a8a410546c | 
							
								
								
									
										2
									
								
								.github/workflows/close-stale-issues.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/close-stale-issues.yml
									
									
									
									
										vendored
									
									
								
							| @@ -19,7 +19,7 @@ jobs: | ||||
|     if: github.repository == 'spantaleev/matrix-docker-ansible-deploy' | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - uses: actions/stale@v9 | ||||
|       - uses: actions/stale@v10 | ||||
|         with: | ||||
|           ###################################################################### | ||||
|           # Issues/PRs | ||||
|   | ||||
							
								
								
									
										2
									
								
								.github/workflows/matrix.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/matrix.yml
									
									
									
									
										vendored
									
									
								
							| @@ -26,7 +26,7 @@ jobs: | ||||
|         uses: actions/checkout@v5 | ||||
|  | ||||
|       - name: Run ansible-lint | ||||
|         uses: ansible/ansible-lint@v25.8.1 | ||||
|         uses: ansible/ansible-lint@v25.9.2 | ||||
|         with: | ||||
|           args: "roles/custom" | ||||
|           setup_python: "true" | ||||
|   | ||||
| @@ -21,6 +21,6 @@ repos: | ||||
|       - id: codespell | ||||
|         args: ["--skip=*.po,*.pot,i18n/"] | ||||
|   - repo: https://github.com/fsfe/reuse-tool  # https://reuse.software/dev/#pre-commit-hook | ||||
|     rev: v5.0.2 | ||||
|     rev: v6.1.2 | ||||
|     hooks: | ||||
|       - id: reuse | ||||
|   | ||||
							
								
								
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,3 +1,14 @@ | ||||
| # 2025-10-02 | ||||
|  | ||||
| ## Element Admin support | ||||
|  | ||||
| The playbook now supports [Element Admin](./docs/configuring-playbook-element-admin.md) - a new web-based administration panel for Synapse and [Matrix Authentication Service](./docs/configuring-playbook-matrix-authentication-service.md). | ||||
|  | ||||
| Deployments based on Matrix Authentication Service may find it useful to run both Synapse Admin and Element Admin at the same time. | ||||
|  | ||||
| Deployments that don't rely on Matrix Authentication Service are unlikely to find anything useful in Element Admin right now (it's too basic in its current form). | ||||
|  | ||||
|  | ||||
| # 2025-04-26 | ||||
|  | ||||
| ## Continuwuity support | ||||
|   | ||||
| @@ -141,6 +141,7 @@ Bridges can be used to connect your Matrix installation with third-party communi | ||||
| | [mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) | | ||||
| | [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) | | ||||
| | [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) | | ||||
| | [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) | | ||||
| | [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) | | ||||
|  | ||||
| ### Bots | ||||
|   | ||||
| @@ -20,10 +20,13 @@ To manually check which version of Ansible you're on, run: `ansible --version`. | ||||
|  | ||||
| For the **best experience**, we recommend getting the **latest version of Ansible available**. | ||||
|  | ||||
| We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`). | ||||
| We're not sure what's the minimum version of Ansible that can run this playbook successfully. The lowest version that we suspect (on 2025-09-03) to be working fine is: `ansible-core` (`2.15.1`). | ||||
|  | ||||
| If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker). | ||||
|  | ||||
| > [!WARNING] | ||||
| > One reason for the version requirement being as such is that the playbook by default installs Docker for you using [this Docker role](https://github.com/geerlingguy/ansible-role-docker) which [has a hard requirement on Ansible v2.15.1](https://github.com/geerlingguy/ansible-role-docker/commit/7f44a1d9ad8132819ea9852918bca5dab8757cd0). If you install Docker yourself another way, you can tell the playbook to skip running this role (by adding `matrix_playbook_docker_installation_enabled: false` to your `vars.yml` configuration). It may then be possible to get the playbook running on an older version of Ansible. Still, this is a complication and your mileage may vary. We recommend [upgrading Ansible](#upgrading-ansible) instead of going into uncharted territory. | ||||
|  | ||||
| ## Upgrading Ansible | ||||
|  | ||||
| Depending on your distribution, you may be able to upgrade Ansible in a few different ways: | ||||
|   | ||||
| @@ -242,9 +242,12 @@ For Draupnir to do its job, you need to [give it permissions](https://the-draupn | ||||
|  | ||||
| We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms). | ||||
|  | ||||
| Policy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room. | ||||
| Policy lists are maintained in Matrix rooms. Popular ones maintained in the public are: | ||||
|  | ||||
| You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev` | ||||
| - `#community-moderation-effort-bl:neko.dev` | ||||
| - `#huginn-muninn-active-threats:feline.support` | ||||
|  | ||||
| You can tell Draupnir to subscribe to each of these by sending the following command to the Management Room: `!draupnir watch POLICY_LIST_ADDRESS_HERE` (e.g. `!draupnir watch #community-moderation-effort-bl:neko.dev`) | ||||
|  | ||||
| #### Creating your own policy lists and rules | ||||
|  | ||||
| @@ -270,14 +273,14 @@ You can undo bans with the [unban command](https://the-draupnir-project.github.i | ||||
|  | ||||
| ### Enabling built-in protections | ||||
|  | ||||
| You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only"). | ||||
| You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuitProtection` ("If X amount of users join in Y time, set the room to invite-only"). | ||||
|  | ||||
| To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room. | ||||
|  | ||||
| To **see the configuration options for a given protection**, send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuit`). | ||||
| To [**see the configuration options for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#displaying-the-protection-settings), send a `!draupnir protections show PROTECTION_NAME` (e.g. `!draupnir protections show JoinWaveShortCircuitProtection`). | ||||
|  | ||||
| To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`). | ||||
| To [**set a specific option for a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections#changing-protection-settings), send a command like this: `!draupnir protections config set PROTECTION_NAME OPTION VALUE` (e.g. `!draupnir protections config set JoinWaveShortCircuitProtection timescaleMinutes 30`). | ||||
|  | ||||
| To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`). | ||||
| To [**enable a given protection**](https://the-draupnir-project.github.io/draupnir-documentation/protections/block-invitations-on-server-protection#enabling-the-protection), send a command like this: `!draupnir protections enable PROTECTION_NAME` (e.g. `!draupnir protections enable JoinWaveShortCircuitProtection`). | ||||
|  | ||||
| To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`). | ||||
| To **disable a given protection**, send a command like this: `!draupnir protections disable PROTECTION_NAME` (e.g. `!draupnir protections disable JoinWaveShortCircuitProtection`). | ||||
|   | ||||
| @@ -37,6 +37,10 @@ matrix_synapse_enable_registration: true | ||||
|  | ||||
| # Restrict registration to users with a token | ||||
| matrix_synapse_registration_requires_token: true | ||||
|  | ||||
| # Set an optional command prefix for the bot. This can be any arbitrary string, including whitespace. | ||||
| # Example: "!regbot " | ||||
| matrix_bot_matrix_registration_bot_bot_prefix: "" | ||||
| ``` | ||||
|  | ||||
| The bot account will be created automatically. | ||||
|   | ||||
| @@ -35,7 +35,7 @@ matrix_hookshot_enabled: true | ||||
|  | ||||
| # Uncomment to enable end-to-bridge encryption. | ||||
| # See: https://matrix-org.github.io/matrix-hookshot/latest/advanced/encryption.html | ||||
| # matrix_hookshot_experimental_encryption_enabled: true | ||||
| # matrix_hookshot_encryption_enabled: true | ||||
|  | ||||
| # Uncomment and paste the contents of GitHub app private key to enable GitHub bridge. | ||||
| # Alternatively, you can use one of the other methods explained below on the "Manage GitHub Private Key with aux role" section. | ||||
|   | ||||
| @@ -7,7 +7,9 @@ SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| --> | ||||
|  | ||||
| # Setting up MX Puppet Steam bridging (optional) | ||||
| # Setting up MX Puppet Steam bridging (optional, deprecated) | ||||
|  | ||||
| **Note**: This bridge has been deprecated in favor of the [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) bridge for Steam, which can be [installed using this playbook](configuring-playbook-bridge-steam.md). Consider using that bridge instead of this one. | ||||
|  | ||||
| The playbook can install and configure [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you. | ||||
|  | ||||
|   | ||||
							
								
								
									
										48
									
								
								docs/configuring-playbook-bridge-steam.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										48
									
								
								docs/configuring-playbook-bridge-steam.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,48 @@ | ||||
| <!-- | ||||
| SPDX-FileCopyrightText: 2025 Jason LaGuidice | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| --> | ||||
|  | ||||
| # Setting up Steam bridging (optional) | ||||
|  | ||||
| The playbook can install and configure [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) for you. | ||||
|  | ||||
| See the project's [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge/blob/main/README.md) to learn what it does and why it might be useful to you. | ||||
|  | ||||
| ## Adjusting the playbook configuration | ||||
|  | ||||
| To enable the [Steam](https://steampowered.com/) bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_steam_bridge_enabled: true | ||||
| ``` | ||||
|  | ||||
| ## Installing | ||||
|  | ||||
| After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below: | ||||
|  | ||||
| <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. --> | ||||
| ```sh | ||||
| ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start | ||||
| ``` | ||||
|  | ||||
| The shortcut commands with the [`just` program](just.md) are also available: `just install-all` and `just setup-all` | ||||
|  | ||||
| `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too. | ||||
|  | ||||
| The tag for `just` commands for this bridge is `matrix-steam-bridge` - for example: `just install-service matrix-steam-bridge` | ||||
|  | ||||
| ## Usage | ||||
|  | ||||
| To use the bridge, you need to start a chat with `Steam bridge bot` with the handle `@steambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain). | ||||
|  | ||||
| The bridge supports QR code and password-based login as well as SteamGuard codes via app, SMS, or e-mail. See matrix-steam-bridge [documentation](https://github.com/jasonlaguidice/matrix-steam-bridge) for more information about how to configure the bridge. | ||||
|  | ||||
| To login, send `login [flow ID]` where possible flow IDs are `password` or `qr` | ||||
|  | ||||
| Once logged in, send `search [name]` to search through recognized Steam friends. You can send a user name, display name, or all forms of Steam ID. Send `start-chat [identifier]` to request the bridge bot to open a chat room with a user. | ||||
|  | ||||
| Chat rooms will automatically be opened as new messages are received. | ||||
|  | ||||
| Send `help` to the bot to see the available commands. | ||||
							
								
								
									
										67
									
								
								docs/configuring-playbook-element-admin.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										67
									
								
								docs/configuring-playbook-element-admin.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,67 @@ | ||||
| <!-- | ||||
| SPDX-FileCopyrightText: 2024 wjbeckett | ||||
| SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| --> | ||||
|  | ||||
| # Setting up Element Admin (optional) | ||||
|  | ||||
| The playbook can install and configure [Element Admin](https://github.com/element-hq/element-admin) for you. | ||||
|  | ||||
| Element Admin is a web-based administration panel for Synapse and [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md). | ||||
|  | ||||
| See the project's [documentation](https://github.com/element-hq/element-admin) to learn more. | ||||
|  | ||||
| 💡 **Note**: This project is still very young and doesn't have many features. For now, it's recommended to use [Synapse Admin](./configuring-playbook-synapse-admin.md) instead. Deployments that use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) can use Element Admin for user-management (something that Synapse Admin can't do), while continuing to use Synapse Admin for all other purposes. | ||||
|  | ||||
| ## Prerequisites | ||||
|  | ||||
| - A [Synapse](configuring-playbook-synapse.md) homeserver with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin) | ||||
| - [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) with its Admin API enabled (the playbook automatically enables it for you when you enable Element Admin) | ||||
|  | ||||
| ## Decide on a domain and path | ||||
|  | ||||
| By default, the Element Admin is configured to be served on the `admin.element.example.com` domain. | ||||
|  | ||||
| If you'd like to run Element Admin on another hostname, see the [Adjusting the Element Admin URL](#adjusting-the-element-admin-url-optional) section below. | ||||
|  | ||||
| ## Adjusting DNS records (optional) | ||||
|  | ||||
| By default, this playbook installs Element Admin on the `admin.element.` subdomain (`admin.element.example.com`) and requires you to create a `CNAME` record for `admin.element`, which targets `matrix.example.com`. | ||||
|  | ||||
| When setting these values, replace `example.com` with your own. | ||||
|  | ||||
| ## Adjusting the playbook configuration | ||||
|  | ||||
| Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_element_admin_enabled: true | ||||
| ``` | ||||
|  | ||||
| ### Adjusting the Element Admin URL (optional) | ||||
|  | ||||
| By tweaking the `matrix_element_admin_hostname` variable, you can easily make the service available at a **different hostname** than the default one. | ||||
|  | ||||
| Example additional configuration for your `vars.yml` file: | ||||
|  | ||||
| ```yaml | ||||
| matrix_element_admin_hostname: element-admin.example.com | ||||
| ``` | ||||
|  | ||||
| > [!WARNING] | ||||
| > A `matrix_element_admin_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Admin service, but **Element Admin does not support running under a sub-path yet**. | ||||
|  | ||||
| ## Installing | ||||
|  | ||||
| After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below: | ||||
|  | ||||
| <!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. --> | ||||
| ```sh | ||||
| ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start | ||||
| ``` | ||||
|  | ||||
| The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all` | ||||
|  | ||||
| `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too. | ||||
| @@ -51,7 +51,7 @@ This section details what you can expect when switching to the Matrix Authentica | ||||
|  | ||||
| - ❌ **Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md). | ||||
|  | ||||
| - ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet. | ||||
| - ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet. You may be interested in using [Element Admin](./configuring-playbook-element-admin.md) for these purposes. | ||||
|  | ||||
| - ❌ **Some services experience issues when authenticating via MAS**: | ||||
|  | ||||
|   | ||||
| @@ -16,7 +16,6 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu | ||||
| ## Prerequisites | ||||
|  | ||||
| - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below) | ||||
| - [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146)) | ||||
| - Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled) | ||||
| - A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) | ||||
| - The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack)) | ||||
|   | ||||
| @@ -18,6 +18,8 @@ synapse-admin is a web UI tool you can use to **administrate users, rooms, media | ||||
|  | ||||
| 💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting. | ||||
|  | ||||
| 💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md). | ||||
|  | ||||
| ## Adjusting DNS records (optional) | ||||
|  | ||||
| By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section. | ||||
| @@ -40,7 +42,7 @@ matrix_synapse_admin_enabled: true | ||||
| By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable. | ||||
|  | ||||
| > [!WARNING] | ||||
| > If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all. | ||||
| > If you're using [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS) for authentication, you will be able to [log into synapse-admin with an access token](https://github.com/etkecc/synapse-admin/pull/58), but certain synapse-admin features (especially those around user management) will be limited or not work at all. You may be interested in using [Element Admin](docs/configuring-playbook-element-admin.md) for these purposes. | ||||
|  | ||||
| ### Adjusting the Synapse Admin URL (optional) | ||||
|  | ||||
|   | ||||
| @@ -184,6 +184,8 @@ Bridges can be used to connect your Matrix installation with third-party communi | ||||
|  | ||||
| - [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md) | ||||
|  | ||||
| - [Setting up Steam bridging](configuring-playbook-bridge-steam.md) | ||||
|  | ||||
| - [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) | ||||
|  | ||||
| - [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) | ||||
|   | ||||
| @@ -114,6 +114,7 @@ Bridges can be used to connect your Matrix installation with third-party communi | ||||
| | [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | | ||||
| | [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) | [mx-puppet/discord/mx-puppet-discord](https://gitlab.com/mx-puppet/discord/mx-puppet-discord/container_registry) | ❌ | Bridge to [Discord](https://discordapp.com/) | | ||||
| | [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | | ||||
| | [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | | ||||
| | [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | | ||||
| | [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge | | ||||
|  | ||||
| @@ -158,7 +159,7 @@ Various services that don't fit any other categories. | ||||
| | ------- | --------------- | -------- | ----------- | | ||||
| | [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) | | ||||
| | [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites | | ||||
| | [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [etke.cc/rust-synapse-compress-state](https://gitlab.com/etke.cc/rust-synapse-compress-state/container_registry) | ❌ | Cli tool that automatically compresses `state_groups` database table in background | | ||||
| | [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background | | ||||
| | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server | | ||||
| | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor | | ||||
| | [Jitsi](configuring-playbook-jitsi.md) | [jitsi/web](https://hub.docker.com/r/jitsi/web) | ❌ | [Jitsi](https://jitsi.org/) web UI | | ||||
|   | ||||
| @@ -104,12 +104,12 @@ To save disk space in `/tmp`, the dump file is gzipped on the fly at the expense | ||||
|  | ||||
| PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. | ||||
|  | ||||
| The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable. | ||||
| The [Postgres Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. You can manually influence some of the tuning variables. These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_default` variable. | ||||
|  | ||||
| Most users should be fine with the automatically-done tuning. However, you may wish to: | ||||
|  | ||||
| - **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable | ||||
| - **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_default` variable | ||||
|  | ||||
| - **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []` | ||||
| - **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_default: []` | ||||
|  | ||||
| - **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration | ||||
| - **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_default` defined in the Postgres role's [default configuration file](https://github.com/mother-of-all-self-hosting/ansible-role-postgres/blob/main/defaults/main.yml) for inspiration | ||||
|   | ||||
| @@ -33,6 +33,12 @@ | ||||
| 	ProxyRequests Off | ||||
| 	ProxyVia On | ||||
| 	RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} | ||||
| 	ProxyTimeout 86400 | ||||
|  | ||||
| 	RewriteEngine On | ||||
| 	RewriteCond %{HTTP:Connection} Upgrade [NC] | ||||
| 	RewriteCond %{HTTP:Upgrade} websocket [NC] | ||||
| 	RewriteRule /(.*) ws://127.0.0.1:81/$1 [P,L] | ||||
|  | ||||
| 	AllowEncodedSlashes NoDecode | ||||
| 	ProxyPass / http://127.0.0.1:81/ retry=0 nocanon | ||||
|   | ||||
| @@ -162,6 +162,8 @@ matrix_homeserver_container_extra_arguments_auto: | | ||||
|     + | ||||
|     (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else []) | ||||
|     + | ||||
|     (['--mount type=bind,src=' + matrix_steam_bridge_config_path + '/registration.yaml,dst=/matrix-steam-bridge-registration.yaml,ro'] if matrix_steam_bridge_enabled else []) | ||||
|     + | ||||
|     (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else []) | ||||
|   }} | ||||
|  | ||||
| @@ -236,6 +238,8 @@ matrix_homeserver_app_service_config_files_auto: | | ||||
|     (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else []) | ||||
|     + | ||||
|     (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else []) | ||||
|     + | ||||
|     (['/matrix-steam-bridge-registration.yaml'] if matrix_steam_bridge_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}" | ||||
| @@ -381,6 +385,8 @@ devture_systemd_service_manager_services_list_auto: | | ||||
|     + | ||||
|     ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-steam-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'matrix-steam-bridge']}] if matrix_steam_bridge_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else []) | ||||
| @@ -447,6 +453,8 @@ devture_systemd_service_manager_services_list_auto: | | ||||
|     + | ||||
|     ([{'name': 'matrix-pantalaimon.service', 'priority': 4000, 'groups': ['matrix', 'pantalaimon']}] if matrix_pantalaimon_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-element-admin.service', 'priority': 4000, 'groups': ['matrix', 'element-admin']}] if matrix_element_admin_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-element-call.service', 'priority': 4000, 'groups': ['matrix', 'element-call']}] if matrix_element_call_enabled else []) | ||||
|     + | ||||
|     ([{'name': 'matrix-livekit-jwt-service.service', 'priority': 3500, 'groups': ['matrix', 'livekit-jwt-service']}] if matrix_livekit_jwt_service_enabled else []) | ||||
| @@ -666,6 +674,7 @@ matrix_authentication_service_config_passwords_schemes: | ||||
|   - version: 1 | ||||
|     secret: "{{ matrix_synapse_password_config_pepper }}" | ||||
|     algorithm: bcrypt | ||||
|     unicode_normalization: true | ||||
|   - version: 2 | ||||
|     algorithm: argon2id | ||||
|  | ||||
| @@ -675,6 +684,8 @@ matrix_authentication_service_config_email_port: "{{ 8025 if exim_relay_enabled | ||||
| matrix_authentication_service_config_email_mode: "{{ 'plain' if exim_relay_enabled else 'starttls' }}" | ||||
| matrix_authentication_service_config_email_from_address: "{{ exim_relay_sender_address }}" | ||||
|  | ||||
| matrix_authentication_service_admin_api_enabled: "{{ matrix_element_admin_enabled }}" | ||||
|  | ||||
| matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_authentication_service_container_image_registry_prefix_upstream_default }}" | ||||
|  | ||||
| matrix_authentication_service_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" | ||||
| @@ -986,6 +997,8 @@ matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserve | ||||
| matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_appservice_kakaotalk_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" | ||||
| @@ -1035,6 +1048,8 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen | ||||
| matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_beeper_linkedin_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: |- | ||||
|   {{ | ||||
|     ({ | ||||
| @@ -1155,6 +1170,8 @@ matrix_mautrix_bluesky_appservice_token: "{{ '%s' | format(matrix_homeserver_gen | ||||
| matrix_mautrix_bluesky_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_bluesky_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'bsky.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_bluesky_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_bluesky_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.bsky.prov', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_bluesky_double_puppet_secrets_auto: |- | ||||
| @@ -1224,6 +1241,8 @@ matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_gen | ||||
| matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_discord_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_discord_bridge_avatar_proxy_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.avatar', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_discord_hostname: "{{ matrix_server_fqn_matrix }}" | ||||
| @@ -1290,6 +1309,8 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener | ||||
| matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_slack_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_slack_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     { | ||||
| @@ -1363,6 +1384,8 @@ matrix_mautrix_facebook_homeserver_address: "{{ matrix_addons_homeserver_client_ | ||||
|  | ||||
| matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_facebook_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_facebook_appservice_public_enabled: true | ||||
| matrix_mautrix_facebook_appservice_public_hostname: "{{ matrix_server_fqn_matrix }}" | ||||
| matrix_mautrix_facebook_appservice_public_prefix: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}" | ||||
| @@ -1583,6 +1606,8 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_signal_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_signal_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_signal_double_puppet_secrets_auto: |- | ||||
| @@ -1661,6 +1686,8 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c | ||||
|  | ||||
| matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_meta_messenger_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     { | ||||
| @@ -1737,6 +1764,8 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c | ||||
|  | ||||
| matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_meta_instagram_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     { | ||||
| @@ -1822,6 +1851,8 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}" | ||||
| matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |- | ||||
|   {{ | ||||
|     ({ | ||||
| @@ -1898,6 +1929,8 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen | ||||
| matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_twitter_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_twitter_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twit.prov', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_twitter_double_puppet_secrets_auto: |- | ||||
| @@ -1970,6 +2003,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g | ||||
| matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_gmessages_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     { | ||||
| @@ -2088,6 +2123,8 @@ matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secr | ||||
| matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_wechat_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" | ||||
| @@ -2149,6 +2186,8 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge | ||||
| matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_mautrix_whatsapp_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     { | ||||
| @@ -2738,6 +2777,82 @@ matrix_postmoogle_container_additional_networks_auto: |- | ||||
| # | ||||
| ###################################################################### | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # matrix-bridge-steam | ||||
| # | ||||
| ###################################################################### | ||||
|  | ||||
| # We don't enable bridges by default. | ||||
| matrix_steam_bridge_enabled: false | ||||
|  | ||||
| matrix_steam_bridge_systemd_required_services_list_auto: | | ||||
|   {{ | ||||
|     matrix_addons_homeserver_systemd_services_list | ||||
|     + | ||||
|     ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else []) | ||||
|   }} | ||||
|  | ||||
| matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}" | ||||
|  | ||||
| matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" | ||||
|  | ||||
| matrix_steam_bridge_container_network: "{{ matrix_addons_container_network }}" | ||||
|  | ||||
| matrix_steam_bridge_container_additional_networks_auto: |- | ||||
|   {{ | ||||
|     ( | ||||
|       ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) | ||||
|       + | ||||
|       ([postgres_container_network] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname and matrix_steam_bridge_container_network != postgres_container_network) else []) | ||||
|       + | ||||
|       ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_steam_bridge_container_labels_traefik_enabled else []) | ||||
|     ) | unique | ||||
|   }} | ||||
|  | ||||
| matrix_steam_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" | ||||
| matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" | ||||
| matrix_steam_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||
| matrix_steam_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||
|  | ||||
| matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" | ||||
| matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" | ||||
|  | ||||
| matrix_steam_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.as.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_steam_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" | ||||
| matrix_steam_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.hs.token', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_steam_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" | ||||
|  | ||||
| matrix_steam_bridge_public_media_signing_key: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.pub.key', rounds=655555) | to_uuid) if matrix_steam_bridge_public_media_enabled else '' }}" | ||||
|  | ||||
| matrix_steam_bridge_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'steam.prov', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| matrix_steam_bridge_double_puppet_secrets_auto: |- | ||||
|   {{ | ||||
|     ({ | ||||
|       matrix_steam_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token) | ||||
|     }) | ||||
|     if matrix_appservice_double_puppet_enabled | ||||
|     else {} | ||||
|   }} | ||||
|  | ||||
| matrix_steam_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" | ||||
|  | ||||
| matrix_steam_bridge_metrics_proxying_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}" | ||||
| matrix_steam_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" | ||||
| matrix_steam_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/matrix-steam-bridge" | ||||
|  | ||||
| matrix_steam_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" | ||||
| matrix_steam_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # /matrix-bridge-steam | ||||
| # | ||||
| ###################################################################### | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # matrix-bot-matrix-reminder-bot | ||||
| @@ -3682,10 +3797,10 @@ etherpad_systemd_required_services_list_auto: | | ||||
|     ([postgres_identifier ~ '.service'] if postgres_enabled else []) | ||||
|   }} | ||||
|  | ||||
| etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" | ||||
| etherpad_database_postgres_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" | ||||
| etherpad_database_name: matrix_etherpad | ||||
| etherpad_database_username: matrix_etherpad | ||||
| etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}" | ||||
| etherpad_database_postgres_username: matrix_etherpad | ||||
| etherpad_database_postgres_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -4367,6 +4482,12 @@ postgres_managed_databases_auto: | | ||||
|       'password': matrix_mx_puppet_groupme_database_password, | ||||
|     }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': matrix_steam_bridge_database_name, | ||||
|       'username': matrix_steam_bridge_database_username, | ||||
|       'password': matrix_steam_bridge_database_password, | ||||
|     }] if (matrix_steam_bridge_enabled and matrix_steam_bridge_database_engine == 'postgres' and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': matrix_dimension_database_name, | ||||
|       'username': matrix_dimension_database_username, | ||||
| @@ -4375,9 +4496,9 @@ postgres_managed_databases_auto: | | ||||
|     + | ||||
|     ([{ | ||||
|       'name': etherpad_database_name, | ||||
|       'username': etherpad_database_username, | ||||
|       'password': etherpad_database_password, | ||||
|     }] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else []) | ||||
|       'username': etherpad_database_postgres_username, | ||||
|       'password': etherpad_database_postgres_password, | ||||
|     }] if (etherpad_enabled and etherpad_database_type == 'postgres' and etherpad_database_postgres_hostname == postgres_connection_hostname) else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': prometheus_postgres_exporter_database_name, | ||||
| @@ -4843,7 +4964,7 @@ matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_wo | ||||
| matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matrix_synapse_container_labels_public_client_root_redirection_url != '' }}" | ||||
| matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" | ||||
|  | ||||
| matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" | ||||
| matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled or matrix_element_admin_enabled }}" | ||||
| matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ (matrix_bot_draupnir_enabled and matrix_bot_draupnir_admin_api_enabled) }}" | ||||
| matrix_synapse_container_labels_internal_client_synapse_admin_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" | ||||
|  | ||||
| @@ -4871,7 +4992,7 @@ matrix_synapse_tls_federation_listener_enabled: false | ||||
| matrix_synapse_tls_certificate_path: ~ | ||||
| matrix_synapse_tls_private_key_path: ~ | ||||
|  | ||||
| matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}" | ||||
| matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}" | ||||
|  | ||||
| matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" | ||||
|  | ||||
| @@ -4975,7 +5096,7 @@ matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_u | ||||
|  | ||||
| matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_auto_compressor_container_image_registry_prefix_upstream_default }}" | ||||
|  | ||||
| matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" | ||||
| matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" | ||||
|  | ||||
| matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}" | ||||
|  | ||||
| @@ -5095,6 +5216,8 @@ matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playboo | ||||
| matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||
| matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||
|  | ||||
| matrix_synapse_admin_config_externalAuthProvider: "{{ matrix_authentication_service_enabled | default(false) or matrix_synapse_ext_password_provider_ldap_enabled | default(false) }}" | ||||
|  | ||||
| matrix_synapse_admin_config_asManagedUsers_auto: | | ||||
|   {{ | ||||
|     ([ | ||||
| @@ -5230,7 +5353,7 @@ matrix_synapse_admin_config_asManagedUsers_auto: | | ||||
|     + | ||||
|     ([ | ||||
|       '^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', | ||||
|       '^@telegram_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', | ||||
|       '^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$', | ||||
|     ] if matrix_mautrix_telegram_enabled else []) | ||||
|     + | ||||
|     ([ | ||||
| @@ -5282,6 +5405,11 @@ matrix_synapse_admin_config_asManagedUsers_auto: | | ||||
|       '^@'+(matrix_wechat_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', | ||||
|       '^@_wechat_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', | ||||
|     ] if matrix_wechat_enabled else []) | ||||
|     + | ||||
|     ([ | ||||
|       '^@'+(matrix_steam_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', | ||||
|       '^@steam_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', | ||||
|     ] if matrix_steam_bridge_enabled else []) | ||||
|   }} | ||||
|  | ||||
| ###################################################################### | ||||
| @@ -6313,6 +6441,45 @@ traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_contai | ||||
| #                                                                      # | ||||
| ######################################################################## | ||||
|  | ||||
| ######################################################################## | ||||
| #                                                                      # | ||||
| # matrix-element-admin                                                 # | ||||
| #                                                                      # | ||||
| ######################################################################## | ||||
|  | ||||
| # We don't enable this by default. | ||||
| matrix_element_admin_enabled: false | ||||
|  | ||||
| matrix_element_admin_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" | ||||
|  | ||||
| matrix_element_admin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_element_admin_container_image_registry_prefix_upstream_default }}" | ||||
|  | ||||
| matrix_element_admin_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" | ||||
|  | ||||
| matrix_element_admin_container_network: "{{ matrix_addons_container_network }}" | ||||
|  | ||||
| matrix_element_admin_container_additional_networks_auto: |- | ||||
|   {{ | ||||
|     ( | ||||
|       ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) | ||||
|       + | ||||
|       ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_element_admin_container_labels_traefik_enabled) else []) | ||||
|     ) | unique | ||||
|   }} | ||||
|  | ||||
| matrix_element_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" | ||||
| matrix_element_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" | ||||
| matrix_element_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" | ||||
| matrix_element_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" | ||||
|  | ||||
| matrix_element_admin_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}" | ||||
|  | ||||
| ###################################################################### | ||||
| #                                                                     # | ||||
| # /matrix-element-admin                                               # | ||||
| #                                                                     # | ||||
| ###################################################################### | ||||
|  | ||||
|  | ||||
| ######################################################################## | ||||
| #                                                                      # | ||||
|   | ||||
| @@ -1,22 +1,22 @@ | ||||
| alabaster==1.0.0 | ||||
| babel==2.17.0 | ||||
| certifi==2025.8.3 | ||||
| charset-normalizer==3.4.3 | ||||
| click==8.2.2 | ||||
| docutils==0.22 | ||||
| idna==3.10 | ||||
| certifi==2025.10.5 | ||||
| charset-normalizer==3.4.4 | ||||
| click==8.3.0 | ||||
| docutils==0.22.2 | ||||
| idna==3.11 | ||||
| imagesize==1.4.1 | ||||
| Jinja2==3.1.6 | ||||
| linkify-it-py==2.0.3 | ||||
| markdown-it-py==4.0.0 | ||||
| MarkupSafe==3.0.2 | ||||
| MarkupSafe==3.0.3 | ||||
| mdit-py-plugins==0.5.0 | ||||
| mdurl==0.1.2 | ||||
| myst-parser==4.0.1 | ||||
| packaging==25.0 | ||||
| Pygments==2.19.2 | ||||
| PyYAML==6.0.2 | ||||
| requests==2.32.4 | ||||
| PyYAML==6.0.3 | ||||
| requests==2.32.5 | ||||
| setuptools==80.9.0 | ||||
| snowballstemmer==3.0.1 | ||||
| Sphinx==8.2.3 | ||||
|   | ||||
							
								
								
									
										12
									
								
								justfile
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								justfile
									
									
									
									
									
								
							| @@ -6,7 +6,7 @@ | ||||
|  | ||||
| # Shows help | ||||
| default: | ||||
|     @{{ just_executable() }} --list --justfile {{ justfile() }} | ||||
|     @{{ just_executable() }} --list --justfile "{{ justfile() }}" | ||||
|  | ||||
| # Pulls external Ansible roles | ||||
| roles: | ||||
| @@ -48,7 +48,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star | ||||
|  | ||||
| # Runs installation tasks for a single service | ||||
| install-service service *extra_args: | ||||
|     {{ just_executable() }} --justfile {{ justfile() }} run \ | ||||
|     {{ just_executable() }} --justfile "{{ justfile() }}" run \ | ||||
|     --tags=install-{{ service }},start-group \ | ||||
|     --extra-vars=group={{ service }} \ | ||||
|     --extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }} | ||||
| @@ -62,7 +62,7 @@ run +extra_args: | ||||
|  | ||||
| # Runs the playbook with the given list of comma-separated tags and optional arguments | ||||
| run-tags tags *extra_args: | ||||
|     {{ just_executable() }} --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }} | ||||
|     {{ just_executable() }} --justfile "{{ justfile() }}" run --tags={{ tags }} {{ extra_args }} | ||||
|  | ||||
| # Runs the playbook in user-registration mode | ||||
| register-user username password admin_yes_or_no *extra_args: | ||||
| @@ -73,15 +73,15 @@ start-all *extra_args: (run-tags "start-all" extra_args) | ||||
|  | ||||
| # Starts a specific service group | ||||
| start-group group *extra_args: | ||||
|     @{{ just_executable() }} --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} | ||||
|     @{{ just_executable() }} --justfile "{{ justfile() }}" run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} | ||||
|  | ||||
| # Stops all services | ||||
| stop-all *extra_args: (run-tags "stop-all" extra_args) | ||||
|  | ||||
| # Stops a specific service group | ||||
| stop-group group *extra_args: | ||||
|     @{{ just_executable() }} --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} | ||||
|     @{{ just_executable() }} --justfile "{{ justfile() }}" run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} | ||||
|  | ||||
| # Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source | ||||
| rebuild-mautrix-meta-instagram: | ||||
|     /bin/bash {{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh {{ justfile_directory() }}/roles/custom | ||||
|     /bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom" | ||||
|   | ||||
| @@ -4,34 +4,34 @@ | ||||
|   version: v1.0.0-5 | ||||
|   name: auxiliary | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git | ||||
|   version: v1.4.1-1.9.14-1 | ||||
|   version: v1.4.1-1.9.14-2 | ||||
|   name: backup_borg | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git | ||||
|   version: v0.3.0-7 | ||||
|   version: v0.4.1-1 | ||||
|   name: container_socket_proxy | ||||
| - src: git+https://github.com/geerlingguy/ansible-role-docker | ||||
|   version: 7.4.7 | ||||
|   version: 7.7.0 | ||||
|   name: docker | ||||
| - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git | ||||
|   version: 129c8590e106b83e6f4c259649a613c6279e937a | ||||
|   name: docker_sdk_for_python | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git | ||||
|   version: v2.4.2-0 | ||||
|   version: v2.5.0-3 | ||||
|   name: etherpad | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git | ||||
|   version: v4.98.1-r0-2-1 | ||||
|   version: v4.98.1-r0-2-2 | ||||
|   name: exim_relay | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git | ||||
|   version: v11.6.4-1 | ||||
|   version: v11.6.5-3 | ||||
|   name: grafana | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git | ||||
|   version: v10431-1 | ||||
|   version: v10532-1-0 | ||||
|   name: jitsi | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git | ||||
|   version: v1.9.0-5 | ||||
|   version: v1.9.2-0 | ||||
|   name: livekit_server | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git | ||||
|   version: v2.14.0-0 | ||||
|   version: v2.14.0-2 | ||||
|   name: ntfy | ||||
| - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git | ||||
|   version: 7663e3114513e56f28d3ed762059b445c678a71a | ||||
| @@ -43,19 +43,19 @@ | ||||
|   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 | ||||
|   name: playbook_state_preserver | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git | ||||
|   version: v17.5-5 | ||||
|   version: v18.0-0 | ||||
|   name: postgres | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git | ||||
|   version: v17-7 | ||||
|   version: v18-0 | ||||
|   name: postgres_backup | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git | ||||
|   version: v3.5.0-1 | ||||
|   version: v3.7.1-0 | ||||
|   name: prometheus | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git | ||||
|   version: v1.9.1-11 | ||||
|   name: prometheus_node_exporter | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git | ||||
|   version: v0.17.1-8 | ||||
|   version: v0.18.1-0 | ||||
|   name: prometheus_postgres_exporter | ||||
| - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git | ||||
|   version: v1.4.1-0 | ||||
| @@ -64,14 +64,14 @@ | ||||
|   version: v1.0.0-4 | ||||
|   name: systemd_service_manager | ||||
| - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git | ||||
|   version: v1.0.0-0 | ||||
|   version: v1.1.0-0 | ||||
|   name: timesync | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git | ||||
|   version: v3.5.0-2 | ||||
|   version: v3.5.3-0 | ||||
|   name: traefik | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git | ||||
|   version: v2.10.0-2 | ||||
|   name: traefik_certs_dumper | ||||
| - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git | ||||
|   version: v8.1.3-1 | ||||
|   version: v8.1.4-0 | ||||
|   name: valkey | ||||
|   | ||||
| @@ -11,7 +11,7 @@ | ||||
| matrix_alertmanager_receiver_enabled: true | ||||
|  | ||||
| # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver | ||||
| matrix_alertmanager_receiver_version: 2025.8.6 | ||||
| matrix_alertmanager_receiver_version: 2025.10.15 | ||||
|  | ||||
| matrix_alertmanager_receiver_scheme: https | ||||
|  | ||||
| @@ -159,30 +159,20 @@ matrix_alertmanager_receiver_config_templating_external_url_mapping: {} | ||||
| #   "http://prometheus:8081": https://another.prometheus.example.com | ||||
| matrix_alertmanager_receiver_config_templating_generator_url_mapping: {} | ||||
|  | ||||
| # Controls the `templating.computed-values` configuration setting. | ||||
| matrix_alertmanager_receiver_config_templating_computed_values: "{{ matrix_alertmanager_receiver_config_templating_computed_values_default + matrix_alertmanager_receiver_config_templating_computed_values_auto + matrix_alertmanager_receiver_config_templating_computed_values_custom }}" | ||||
| matrix_alertmanager_receiver_config_templating_computed_values_default: | ||||
|   - values:  # always set 'color' to 'yellow' | ||||
|       color: yellow | ||||
|   - values:  # set 'color' to 'orange' when alert label 'severity' is 'warning' | ||||
|       color: orange | ||||
|     when-matching-labels: | ||||
|       severity: warning | ||||
|   - values:  # set 'color' to 'red' when alert label 'severity' is 'critical' | ||||
|       color: red | ||||
|     when-matching-labels: | ||||
|       severity: critical | ||||
|   - values:  # set 'color' to 'green' when alert status is 'resolved' | ||||
|       color: green | ||||
|     when-matching-status: resolved | ||||
| matrix_alertmanager_receiver_config_templating_computed_values_auto: [] | ||||
| matrix_alertmanager_receiver_config_templating_computed_values_custom: [] | ||||
|  | ||||
| # Controls the `templating.firing-template` configuration setting. | ||||
| matrix_alertmanager_receiver_config_templating_firing_template: |- | ||||
|   {% raw %} | ||||
|   {{ $color := "yellow" }} | ||||
|   {{ if eq .Alert.Labels.severity "warning" }} | ||||
|   {{ $color = "orange" }} | ||||
|   {{ else if eq .Alert.Labels.severity "critical" }} | ||||
|   {{ $color = "red" }} | ||||
|   {{ end }} | ||||
|   {{ if eq .Alert.Status "resolved" }} | ||||
|   {{ $color = "green" }} | ||||
|   {{ end }} | ||||
|   <p> | ||||
|     <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong> | ||||
|     <strong><font color="{{ $color }}">{{ .Alert.Status | ToUpper }}</font></strong> | ||||
|     {{ if .Alert.Labels.name }} | ||||
|       {{ .Alert.Labels.name }} | ||||
|     {{ else if .Alert.Labels.alertname }} | ||||
| @@ -211,7 +201,7 @@ matrix_alertmanager_receiver_config_templating_firing_template: |- | ||||
| # Controls the `templating.resolved-template` configuration setting. | ||||
| matrix_alertmanager_receiver_config_templating_resolved_template: |- | ||||
|   {% raw %} | ||||
|   <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong> | ||||
|   <strong><font color="green">{{ .Alert.Status | ToUpper }}</font></strong> | ||||
|   {{ if .Alert.Labels.name }} | ||||
|     {{ .Alert.Labels.name }} | ||||
|   {{ else if .Alert.Labels.alertname }} | ||||
|   | ||||
| @@ -24,3 +24,6 @@ | ||||
|   when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'} | ||||
|     - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'} | ||||
|     - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_auto', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'} | ||||
|     - {'old': 'matrix_alertmanager_receiver_config_templating_computed_values_custom', 'new': '<superseded by logic in the firing or resolved template; see https://github.com/metio/matrix-alertmanager-receiver/pull/94'} | ||||
|   | ||||
| @@ -26,10 +26,6 @@ templating: | ||||
|   # value is the mapped value which will be available as '.GeneratorURL' in templates | ||||
|   generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }} | ||||
|  | ||||
|   # computation of arbitrary values based on matching alert annotations, labels, or status | ||||
|   # values will be evaluated top to bottom, last entry wins | ||||
|   computed-values: {{ matrix_alertmanager_receiver_config_templating_computed_values | to_json }} | ||||
|  | ||||
|   # template for alerts in status 'firing' | ||||
|   firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }} | ||||
|  | ||||
|   | ||||
| @@ -12,7 +12,7 @@ | ||||
| matrix_appservice_draupnir_for_all_enabled: true | ||||
|  | ||||
| # renovate: datasource=docker depName=gnuxie/draupnir | ||||
| matrix_appservice_draupnir_for_all_version: "v2.6.0" | ||||
| matrix_appservice_draupnir_for_all_version: "v2.7.1" | ||||
|  | ||||
| matrix_appservice_draupnir_for_all_container_image_self_build: false | ||||
| matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" | ||||
|   | ||||
| @@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe | ||||
| matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service | ||||
| matrix_authentication_service_version: 1.0.0 | ||||
| matrix_authentication_service_version: 1.4.1 | ||||
| matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" | ||||
| matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" | ||||
| matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" | ||||
| @@ -219,6 +219,11 @@ matrix_authentication_service_config_account_displayname_change_allowed: true | ||||
| # This has no effect if password login is disabled. | ||||
| matrix_authentication_service_config_account_password_registration_enabled: false | ||||
|  | ||||
| # Controls the `account.password_registration_email_required` configuration setting. | ||||
| # | ||||
| # Whether self-service password registrations require a valid email. | ||||
| matrix_authentication_service_config_account_password_registration_email_required: true | ||||
|  | ||||
| # Controls the `account.password_change_allowed` configuration setting. | ||||
| # | ||||
| # Whether users are allowed to change their passwords. | ||||
| @@ -231,6 +236,24 @@ matrix_authentication_service_config_account_password_change_allowed: true | ||||
| # This has no effect if password login is disabled. | ||||
| matrix_authentication_service_config_account_password_recovery_enabled: false | ||||
|  | ||||
| # Controls the `account.account_deactivation_allowed` configuration setting. | ||||
| # | ||||
| # Whether users are allowed to delete their own account | ||||
| matrix_authentication_service_config_account_account_deactivation_allowed: true | ||||
|  | ||||
| # Controls the `account.login_with_email_allowed` configuration setting. | ||||
| # | ||||
| # Whether users can log in with their email address. | ||||
| # This has no effect if password login is disabled. | ||||
| matrix_authentication_service_config_account_login_with_email_allowed: false | ||||
|  | ||||
| # Controls the `account.registration_token_required` configuration setting. | ||||
| # | ||||
| # Whether registration tokens are required for password registrations. | ||||
| # When enabled, users must provide a valid registration token during password | ||||
| # registration. This has no effect if password registration is disabled. | ||||
| matrix_authentication_service_config_account_registration_token_required: false | ||||
|  | ||||
| ######################################################################################## | ||||
| #                                                                                      # | ||||
| # /Account configuration                                                               # | ||||
| @@ -314,6 +337,24 @@ matrix_authentication_service_config_secrets_keys: |- | ||||
| #                                                                                      # | ||||
| ######################################################################################## | ||||
|  | ||||
| # Controls the resources exposed by the `web` HTTP listener. | ||||
| matrix_authentication_service_config_http_listener_web_resources: "{{ matrix_authentication_service_config_http_listener_web_resources_default + matrix_authentication_service_config_http_listener_web_resources_auto + matrix_authentication_service_config_http_listener_web_resources_custom }}" | ||||
| matrix_authentication_service_config_http_listener_web_resources_default: |- | ||||
|   {{ | ||||
|     [ | ||||
|       {'name': 'discovery'}, | ||||
|       {'name': 'human'}, | ||||
|       {'name': 'oauth'}, | ||||
|       {'name': 'compat'}, | ||||
|       {'name': 'graphql'}, | ||||
|       {'name': 'assets'}, | ||||
|     ] | ||||
|     + | ||||
|     ([{'name': 'adminapi'}] if matrix_authentication_service_admin_api_enabled else []) | ||||
|   }} | ||||
| matrix_authentication_service_config_http_listener_web_resources_auto: [] | ||||
| matrix_authentication_service_config_http_listener_web_resources_custom: [] | ||||
|  | ||||
| # Controls the `http.public_base` configuration setting. | ||||
| matrix_authentication_service_config_http_public_base: "https://{{ matrix_authentication_service_hostname }}{{ '/' if matrix_authentication_service_path_prefix == '/' else (matrix_authentication_service_path_prefix + '/') }}" | ||||
|  | ||||
| @@ -609,6 +650,10 @@ matrix_authentication_service_syn2mas_subcommand_extra_options: [] | ||||
| # - avoid setting up the "compatibility layer" (that is, avoid installing container labels that capture login endpoints like `/_matrix/client/*/login`, etc.) | ||||
| matrix_authentication_service_migration_in_progress: false | ||||
|  | ||||
| # Controls whether the admin API is enabled. | ||||
| # Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api | ||||
| matrix_authentication_service_admin_api_enabled: false | ||||
|  | ||||
| ######################################################################################## | ||||
| #                                                                                      # | ||||
| # /Misc                                                                                # | ||||
|   | ||||
| @@ -2,13 +2,7 @@ | ||||
| http: | ||||
|   listeners: | ||||
|   - name: web | ||||
|     resources: | ||||
|     - name: discovery | ||||
|     - name: human | ||||
|     - name: oauth | ||||
|     - name: compat | ||||
|     - name: graphql | ||||
|     - name: assets | ||||
|     resources: {{ matrix_authentication_service_config_http_listener_web_resources | to_json }} | ||||
|     binds: | ||||
|     - address: '[::]:8080' | ||||
|     proxy_protocol: false | ||||
| @@ -71,8 +65,12 @@ account: | ||||
|   email_change_allowed: {{ matrix_authentication_service_config_account_email_change_allowed | to_json }} | ||||
|   displayname_change_allowed: {{ matrix_authentication_service_config_account_displayname_change_allowed | to_json }} | ||||
|   password_registration_enabled: {{ matrix_authentication_service_config_account_password_registration_enabled | to_json }} | ||||
|   password_registration_email_required: {{ matrix_authentication_service_config_account_password_registration_email_required | to_json }} | ||||
|   password_change_allowed: {{ matrix_authentication_service_config_account_password_change_allowed | to_json }} | ||||
|   password_recovery_enabled: {{ matrix_authentication_service_config_account_password_recovery_enabled | to_json }} | ||||
|   account_deactivation_allowed: {{ matrix_authentication_service_config_account_account_deactivation_allowed | to_json }} | ||||
|   login_with_email_allowed: {{ matrix_authentication_service_config_account_login_with_email_allowed | to_json }} | ||||
|   registration_token_required: {{ matrix_authentication_service_config_account_registration_token_required | to_json }} | ||||
|  | ||||
| clients: {{ matrix_authentication_service_config_clients | to_json }} | ||||
|  | ||||
|   | ||||
| @@ -51,6 +51,9 @@ matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}" | ||||
| # Global var for enabling msc4190 ( On supported bridges) | ||||
| matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and matrix_bridges_encryption_enabled and matrix_synapse_experimental_features_msc3202_device_masquerading_enabled }}" | ||||
|  | ||||
| # Global var for enabling bridge self-signing ( On supported bridges) | ||||
| matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
|  | ||||
| # Global var to enable/disable relay mode across all bridges with relay mode support | ||||
| matrix_bridges_relay_enabled: false | ||||
|  | ||||
| @@ -161,7 +164,7 @@ matrix_federation_traefik_entrypoint_tls: true | ||||
| # Recognized values by us are 'amd64', 'arm32' and 'arm64'. | ||||
| # Not all architectures support all services, so your experience (on non-amd64) may vary. | ||||
| # See docs/alternative-architectures.md | ||||
| matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}" | ||||
| matrix_architecture: "{{ 'amd64' if ansible_facts.architecture == 'x86_64' else ('arm64' if ansible_facts.architecture == 'aarch64' else ('arm32' if ansible_facts.architecture.startswith('armv') else '')) }}" | ||||
|  | ||||
| # The architecture for Debian packages. | ||||
| # See: https://wiki.debian.org/SupportedArchitectures | ||||
|   | ||||
| @@ -6,11 +6,11 @@ | ||||
|  | ||||
| # This is for both RedHat 7 and 8 | ||||
| - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml" | ||||
|   when: ansible_os_family == 'RedHat' | ||||
|   when: ansible_facts.os_family == 'RedHat' | ||||
|  | ||||
| # This is for both Debian and Raspbian | ||||
| - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml" | ||||
|   when: ansible_os_family == 'Debian' | ||||
|   when: ansible_facts.os_family == 'Debian' | ||||
|  | ||||
| - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml" | ||||
|   when: ansible_os_family == 'Archlinux' | ||||
|   when: ansible_facts.os_family == 'Archlinux' | ||||
|   | ||||
| @@ -31,6 +31,8 @@ | ||||
|     - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'} | ||||
|     - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'} | ||||
|     - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'} | ||||
|     - {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'} | ||||
|     - {'old': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods', 'new': '<removed; see https://github.com/element-hq/element-web/pull/30702 and https://github.com/element-hq/element-web/pull/30681>'} | ||||
|     - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'} | ||||
|     - {'old': 'matrix_user_username', 'new': 'matrix_user_name'} | ||||
|     - {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'} | ||||
| @@ -64,7 +66,7 @@ | ||||
|  | ||||
| - name: Fail if matrix_architecture is set incorrectly | ||||
|   ansible.builtin.fail: | ||||
|     msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}." | ||||
|     msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_facts.architecture }}." | ||||
|   when: matrix_architecture not in ['amd64', 'arm32', 'arm64'] | ||||
|  | ||||
| - name: Fail if matrix_playbook_reverse_proxy_type is set incorrectly | ||||
|   | ||||
| @@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio | ||||
| matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/etkecc/baibot | ||||
| matrix_bot_baibot_version: v1.7.6 | ||||
| matrix_bot_baibot_version: v1.8.1 | ||||
| matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" | ||||
| matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" | ||||
| matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -12,7 +12,7 @@ | ||||
| matrix_bot_draupnir_enabled: true | ||||
|  | ||||
| # renovate: datasource=docker depName=gnuxie/draupnir | ||||
| matrix_bot_draupnir_version: "v2.6.0" | ||||
| matrix_bot_draupnir_version: "v2.7.1" | ||||
|  | ||||
| matrix_bot_draupnir_container_image_self_build: false | ||||
| matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" | ||||
|   | ||||
| @@ -30,7 +30,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" | ||||
| matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit | ||||
| matrix_bot_honoroit_version: v0.9.28 | ||||
| matrix_bot_honoroit_version: v0.9.29 | ||||
| matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}" | ||||
| matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}" | ||||
| matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -43,6 +43,9 @@ matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_regist | ||||
| # The bot's password (can also be used to login via a client like Element Web) | ||||
| matrix_bot_matrix_registration_bot_bot_password: '' | ||||
|  | ||||
| # Optional bot command prefix | ||||
| matrix_bot_matrix_registration_bot_bot_prefix: "" | ||||
|  | ||||
| # Homeserver base URL | ||||
| matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}" | ||||
|  | ||||
|   | ||||
| @@ -10,6 +10,7 @@ bot: | ||||
|   server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} | ||||
|   username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} | ||||
|   password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} | ||||
|   prefix: {{ matrix_bot_matrix_registration_bot_bot_prefix|to_json }} | ||||
|  | ||||
| api: | ||||
|   # API endpoint of the registration tokens | ||||
|   | ||||
| @@ -20,7 +20,7 @@ matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_m | ||||
| matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot | ||||
| matrix_bot_matrix_reminder_bot_version: v0.3.0 | ||||
| matrix_bot_matrix_reminder_bot_version: v0.4.0 | ||||
| matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}" | ||||
| matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}" | ||||
| matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -57,6 +57,9 @@ matrix_appservice_kakaotalk_command_prefix: "!kt" | ||||
|  | ||||
| matrix_appservice_kakaotalk_homeserver_address: "" | ||||
| matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_appservice_kakaotalk_homeserver_async_media: false | ||||
| matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -21,7 +21,7 @@ homeserver: | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
|     # Requires a media repo that supports MSC2246. | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_appservice_kakaotalk_homeserver_async_media | to_json }} | ||||
|  | ||||
| # Application service host/registration related details | ||||
| # Changing these values requires regeneration of the registration. | ||||
|   | ||||
| @@ -37,6 +37,9 @@ matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_pa | ||||
|  | ||||
| matrix_beeper_linkedin_homeserver_address: "" | ||||
| matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_beeper_linkedin_homeserver_async_media: false | ||||
| matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" | ||||
|  | ||||
| matrix_beeper_linkedin_bridge_presence: true | ||||
|   | ||||
| @@ -21,7 +21,7 @@ homeserver: | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
|     # Requires a media repo that supports MSC2246. | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_beeper_linkedin_homeserver_async_media | to_json }} | ||||
|  | ||||
| # Application service host/registration related details | ||||
| # Changing these values requires regeneration of the registration. | ||||
|   | ||||
| @@ -19,7 +19,7 @@ matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}" | ||||
| matrix_heisenbridge_path_prefix: "/heisenbridge" | ||||
|  | ||||
| # renovate: datasource=docker depName=hif1/heisenbridge | ||||
| matrix_heisenbridge_version: 1.15.3 | ||||
| matrix_heisenbridge_version: 1.15.4 | ||||
| matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" | ||||
| matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}" | ||||
| matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: [] | ||||
| matrix_hookshot_container_additional_networks_custom: [] | ||||
|  | ||||
| # renovate: datasource=docker depName=halfshot/matrix-hookshot | ||||
| matrix_hookshot_version: 7.0.0 | ||||
| matrix_hookshot_version: 7.2.0 | ||||
|  | ||||
| matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}" | ||||
| matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}" | ||||
| @@ -181,6 +181,9 @@ matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hoo | ||||
| matrix_hookshot_generic_userIdPrefix: '_webhooks_'  # noqa var-naming | ||||
| matrix_hookshot_generic_allowJsTransformationFunctions: false  # noqa var-naming | ||||
| matrix_hookshot_generic_waitForComplete: false  # noqa var-naming | ||||
| matrix_hookshot_generic_sendExpiryNotice: false  # noqa var-naming | ||||
| matrix_hookshot_generic_requireExpiryTime: false  # noqa var-naming | ||||
| matrix_hookshot_generic_maxExpiryTime: "30d"  # noqa var-naming | ||||
|  | ||||
|  | ||||
| matrix_hookshot_feeds_enabled: true | ||||
|   | ||||
| @@ -80,6 +80,9 @@ generic: | ||||
|   userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }} | ||||
|   allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }} | ||||
|   waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }} | ||||
|   sendExpiryNotice: {{ matrix_hookshot_generic_sendExpiryNotice | to_json }} | ||||
|   requireExpiryTime: {{ matrix_hookshot_generic_requireExpiryTime | to_json }} | ||||
|   maxExpiryTime: {{ matrix_hookshot_generic_maxExpiryTime | to_json }} | ||||
| {% endif %} | ||||
| {% if matrix_hookshot_feeds_enabled %} | ||||
| feeds: | ||||
|   | ||||
| @@ -14,7 +14,7 @@ matrix_mautrix_bluesky_container_image_self_build_repo: "https://github.com/maut | ||||
| matrix_mautrix_bluesky_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_bluesky_version == 'latest' else matrix_mautrix_bluesky_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/bluesky | ||||
| matrix_mautrix_bluesky_version: v0.1.2 | ||||
| matrix_mautrix_bluesky_version: v0.2510.0 | ||||
| # See: https://mau.dev/tulir/mautrix-bluesky/container_registry | ||||
| matrix_mautrix_bluesky_docker_image: "{{ matrix_mautrix_bluesky_docker_image_registry_prefix }}mautrix/bluesky:{{ matrix_mautrix_bluesky_version }}" | ||||
| matrix_mautrix_bluesky_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_bluesky_container_image_self_build else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream }}" | ||||
| @@ -28,10 +28,14 @@ matrix_mautrix_bluesky_data_path: "{{ matrix_mautrix_bluesky_base_path }}/data" | ||||
| matrix_mautrix_bluesky_docker_src_files_path: "{{ matrix_mautrix_bluesky_base_path }}/docker-src" | ||||
|  | ||||
| matrix_mautrix_bluesky_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_bluesky_homeserver_async_media: false | ||||
| matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340' | ||||
|  | ||||
| matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| # A public address that external services can use to reach this appservice. | ||||
| matrix_mautrix_bluesky_appservice_public_address: '' | ||||
|   | ||||
| @@ -164,7 +164,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_bluesky_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -359,6 +359,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_bluesky_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_bluesky_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -36,6 +36,9 @@ matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" | ||||
| matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" | ||||
|  | ||||
| matrix_mautrix_discord_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_discord_homeserver_async_media: false | ||||
| matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" | ||||
| matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" | ||||
|  | ||||
| @@ -56,7 +59,7 @@ matrix_mautrix_discord_bridge_avatar_proxy_key: '' | ||||
| matrix_mautrix_discord_bridge_username_template: "{% raw %}discord_{{.}}{% endraw %}" | ||||
|  | ||||
| # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. | ||||
| matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{% endraw %}" | ||||
| matrix_mautrix_discord_bridge_displayname_template: "{% raw %}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}} (Discord){% endraw %}" | ||||
|  | ||||
| # Displayname template for Discord channels (bridged as rooms, or spaces when type=4). | ||||
| matrix_mautrix_discord_bridge_channel_name_template: "{% raw %}{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}{% endraw %}" | ||||
|   | ||||
| @@ -16,7 +16,7 @@ homeserver: | ||||
|     # Endpoint for reporting per-message status. | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_discord_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
|   | ||||
| @@ -37,6 +37,9 @@ matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_ | ||||
| matrix_mautrix_facebook_command_prefix: "!fb" | ||||
|  | ||||
| matrix_mautrix_facebook_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_facebook_homeserver_async_media: false | ||||
| matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' | ||||
|  | ||||
| # Whether or not the public-facing endpoints should be enabled (web-based login) | ||||
|   | ||||
| @@ -14,7 +14,7 @@ homeserver: | ||||
|     asmux: false | ||||
|     # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
|     # Requires a media repo that supports MSC2246. | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_facebook_homeserver_async_media | to_json }} | ||||
|  | ||||
| # Application service host/registration related details | ||||
| # Changing these values requires regeneration of the registration. | ||||
|   | ||||
| @@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma | ||||
| matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages | ||||
| matrix_mautrix_gmessages_version: v0.6.4 | ||||
| matrix_mautrix_gmessages_version: v0.2510.0 | ||||
|  | ||||
| # See: https://mau.dev/mautrix/gmessages/container_registry | ||||
| matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" | ||||
| @@ -33,10 +33,14 @@ matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/da | ||||
| matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src" | ||||
|  | ||||
| matrix_mautrix_gmessages_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_gmessages_homeserver_async_media: false | ||||
| matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" | ||||
| matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" | ||||
|  | ||||
| matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| matrix_mautrix_gmessages_backfill_enabled: true | ||||
| matrix_mautrix_gmessages_backfill_max_initial_messages: 50 | ||||
| @@ -164,7 +168,7 @@ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix | ||||
| # For compatibility with the older Gmessages bridge, you may wish to set the pickle key to: "go.mau.fi/mautrix-gmessages" | ||||
| matrix_mautrix_gmessages_bridge_encryption_pickle_key: mautrix.bridge.e2ee | ||||
|  | ||||
| matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}" | ||||
| matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}} (GMessages){% endraw %}" | ||||
| matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}" | ||||
|  | ||||
| matrix_mautrix_gmessages_public_media_signing_key: '' | ||||
|   | ||||
| @@ -2,9 +2,6 @@ | ||||
| # Network-specific config options | ||||
| network: | ||||
|     # Displayname template for SMS users. | ||||
|     # {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone | ||||
|     # {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone | ||||
|     # {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone | ||||
|     displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }} | ||||
|     # Settings for how the bridge appears to the phone. | ||||
|     device_meta: | ||||
| @@ -168,7 +165,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_gmessages_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -359,6 +356,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_gmessages_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| 			{{ matrix_mautrix_gmessages_docker_image }} \ | ||||
| 			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml | ||||
| 			/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml --no-update | ||||
|  | ||||
| {% for network in matrix_mautrix_gmessages_container_additional_networks %} | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-gmessages | ||||
|   | ||||
| @@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true | ||||
| matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta | ||||
| matrix_mautrix_meta_instagram_version: v0.5.2 | ||||
| matrix_mautrix_meta_instagram_version: v0.2510.0 | ||||
|  | ||||
| matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" | ||||
| matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" | ||||
| @@ -116,6 +116,9 @@ matrix_mautrix_meta_instagram_database_sslmode: disable | ||||
| matrix_mautrix_meta_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_meta_instagram_database_username }}:{{ matrix_mautrix_meta_instagram_database_password }}@{{ matrix_mautrix_meta_instagram_database_hostname }}:{{ matrix_mautrix_meta_instagram_database_port }}/{{ matrix_mautrix_meta_instagram_database_name }}?sslmode={{ matrix_mautrix_meta_instagram_database_sslmode }}' | ||||
|  | ||||
| matrix_mautrix_meta_instagram_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_meta_instagram_homeserver_async_media: false | ||||
| matrix_mautrix_meta_instagram_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_meta_instagram_homeserver_token: '' | ||||
|  | ||||
| @@ -124,6 +127,7 @@ matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta | ||||
| matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}" | ||||
|  | ||||
| matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_meta_instagram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons: | ||||
| # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger | ||||
|   | ||||
| @@ -181,7 +181,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_meta_instagram_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -372,6 +372,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_meta_instagram_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }} | ||||
|   | ||||
| @@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true | ||||
| matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta | ||||
| matrix_mautrix_meta_messenger_version: v0.5.2 | ||||
| matrix_mautrix_meta_messenger_version: v0.2510.0 | ||||
|  | ||||
| matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" | ||||
| matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" | ||||
| @@ -117,6 +117,9 @@ matrix_mautrix_meta_messenger_database_connection_string: 'postgres://{{ matrix_ | ||||
|  | ||||
| matrix_mautrix_meta_messenger_homeserver_address: "" | ||||
| matrix_mautrix_meta_messenger_homeserver_domain: '{{ matrix_domain }}' | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_meta_messenger_homeserver_async_media: false | ||||
| matrix_mautrix_meta_messenger_homeserver_token: '' | ||||
|  | ||||
| matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319" | ||||
| @@ -124,6 +127,7 @@ matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta | ||||
| matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}" | ||||
|  | ||||
| matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_meta_messenger_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons: | ||||
| # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger | ||||
|   | ||||
| @@ -181,7 +181,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_meta_messenger_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -372,6 +372,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_meta_messenger_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }} | ||||
|   | ||||
| @@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/ | ||||
| matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal | ||||
| matrix_mautrix_signal_version: v0.8.5 | ||||
| matrix_mautrix_signal_version: v0.2510.0 | ||||
|  | ||||
| # See: https://mau.dev/mautrix/signal/container_registry | ||||
| matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}" | ||||
| @@ -42,9 +42,13 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_mautrix_signal_base_path | ||||
|  | ||||
| matrix_mautrix_signal_homeserver_address: "" | ||||
| matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_signal_homeserver_async_media: false | ||||
| matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080" | ||||
|  | ||||
| matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| matrix_mautrix_signal_command_prefix: "!signal" | ||||
|  | ||||
| @@ -54,7 +58,7 @@ matrix_mautrix_signal_command_prefix: "!signal" | ||||
| # {{.PhoneNumber}} - The phone number of the user. | ||||
| # {{.UUID}} - The UUID of the Signal user. | ||||
| # {{.AboutEmoji}} - The emoji set by the user in their profile. | ||||
| matrix_mautrix_signal_network_displayname_template: "{% raw %}{{or .ProfileName .PhoneNumber 'Unknown user'}} (Signal){% endraw %}" | ||||
| matrix_mautrix_signal_network_displayname_template: '{% raw %}{{or .ProfileName .PhoneNumber "Unknown user"}} (Signal){% endraw %}' | ||||
|  | ||||
| matrix_mautrix_signal_bridge_permissions: | | ||||
|   {{ | ||||
|   | ||||
| @@ -2,13 +2,6 @@ | ||||
| # Network-specific config options | ||||
| network: | ||||
|     # Displayname template for Signal users. | ||||
|     # {% raw %} | ||||
|     # {{.ProfileName}} - The Signal profile name set by the user. | ||||
|     # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. | ||||
|     # {{.PhoneNumber}} - The phone number of the user. | ||||
|     # {{.UUID}} - The UUID of the Signal user. | ||||
|     # {{.AboutEmoji}} - The emoji set by the user in their profile. | ||||
|     # {% endraw %} | ||||
|     displayname_template: {{ matrix_mautrix_signal_network_displayname_template | to_json }} | ||||
|     # Should avatars from the user's contact list be used? This is not safe on multi-user instances. | ||||
|     use_contact_avatars: false | ||||
| @@ -159,7 +152,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_signal_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -339,6 +332,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_signal_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s | ||||
| matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack | ||||
| matrix_mautrix_slack_version: v0.2.2 | ||||
| matrix_mautrix_slack_version: v0.2510.0 | ||||
| # See: https://mau.dev/mautrix/slack/container_registry | ||||
| matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" | ||||
| matrix_mautrix_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_docker_image_registry_prefix_upstream }}" | ||||
| @@ -32,9 +32,13 @@ matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path } | ||||
|  | ||||
| matrix_mautrix_slack_homeserver_address: "" | ||||
| matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_slack_homeserver_async_media: false | ||||
| matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080" | ||||
|  | ||||
| matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_slack_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| # Displayname template for Slack users. Available variables: | ||||
| #  .Name - The username of the user | ||||
|   | ||||
| @@ -197,7 +197,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_slack_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -376,6 +376,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_slack_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -79,6 +79,9 @@ matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix | ||||
|  | ||||
| matrix_mautrix_telegram_homeserver_address: "" | ||||
| matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_telegram_homeserver_async_media: false | ||||
| matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' | ||||
| matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}' | ||||
|  | ||||
| @@ -230,12 +233,12 @@ matrix_mautrix_telegram_registration_yaml: | | ||||
|   namespaces: | ||||
|       users: | ||||
|       - exclusive: true | ||||
|         regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' | ||||
|         regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' | ||||
|       - exclusive: true | ||||
|         regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' | ||||
|       aliases: | ||||
|       - exclusive: true | ||||
|         regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' | ||||
|         regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$' | ||||
|   # See https://github.com/mautrix/signal/issues/43 | ||||
|   sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} | ||||
|   url: {{ matrix_mautrix_telegram_appservice_address }} | ||||
|   | ||||
| @@ -21,7 +21,7 @@ homeserver: | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
|     # Requires a media repo that supports MSC2246. | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_telegram_homeserver_async_media | to_json }} | ||||
|  | ||||
| # Application service host/registration related details | ||||
| # Changing these values requires regeneration of the registration. | ||||
|   | ||||
| @@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut | ||||
| matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter | ||||
| matrix_mautrix_twitter_version: v0.4.3 | ||||
| matrix_mautrix_twitter_version: v0.2510.0 | ||||
| # See: https://mau.dev/tulir/mautrix-twitter/container_registry | ||||
| matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" | ||||
| matrix_mautrix_twitter_docker_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_docker_image_registry_prefix_upstream }}" | ||||
| @@ -36,10 +36,14 @@ matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data" | ||||
| matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src" | ||||
|  | ||||
| matrix_mautrix_twitter_homeserver_address: "" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_twitter_homeserver_async_media: false | ||||
| matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' | ||||
|  | ||||
| matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| # A public address that external services can use to reach this appservice. | ||||
| matrix_mautrix_twitter_appservice_public_address: '' | ||||
| @@ -47,7 +51,7 @@ matrix_mautrix_twitter_appservice_public_address: '' | ||||
| # Displayname template for Twitter users. | ||||
| # {{ .DisplayName }} is replaced with the display name of the Twitter user. | ||||
| # {{ .Username }} is replaced with the username of the Twitter user. | ||||
| matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }}{% endraw %} (Twitter)" | ||||
| matrix_mautrix_twitter_network_displayname_template: "{% raw %}{{ .DisplayName }} (Twitter){% endraw %}" | ||||
|  | ||||
| matrix_mautrix_twitter_bridge_command_prefix: "!tw" | ||||
|  | ||||
|   | ||||
| @@ -7,10 +7,6 @@ network: | ||||
|     get_proxy_url: null | ||||
|  | ||||
|     # Displayname template for Twitter users. | ||||
|     # {% raw %} | ||||
|     # {{ .DisplayName }} is replaced with the display name of the Twitter user. | ||||
|     # {{ .Username }} is replaced with the username of the Twitter user. | ||||
|     # {% endraw %} | ||||
|     displayname_template: {{ matrix_mautrix_twitter_network_displayname_template | to_json }} | ||||
|  | ||||
|     # Maximum number of conversations to sync on startup | ||||
| @@ -164,7 +160,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_twitter_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -209,11 +205,6 @@ appservice: | ||||
|     # However, messages will not be guaranteed to be bridged in the same order they were sent in. | ||||
|     # This value doesn't affect the registration file. | ||||
|     async_transactions: false | ||||
|     # Whether to use MSC4190 instead of appservice login to create the bridge bot device. | ||||
|     # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }} | ||||
|  | ||||
|     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||||
|     as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }} | ||||
| @@ -359,6 +350,14 @@ encryption: | ||||
|     # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. | ||||
|     # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. | ||||
|     appservice: {{ matrix_mautrix_twitter_bridge_encryption_appservice | to_json }} | ||||
|     # Whether to use MSC4190 instead of appservice login to create the bridge bot device. | ||||
|     # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_twitter_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri | ||||
| matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp | ||||
| matrix_mautrix_whatsapp_version: v0.12.3 | ||||
| matrix_mautrix_whatsapp_version: v0.2510.0 | ||||
|  | ||||
| # See: https://mau.dev/mautrix/whatsapp/container_registry | ||||
| matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" | ||||
| @@ -44,9 +44,13 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_ | ||||
|  | ||||
| matrix_mautrix_whatsapp_homeserver_address: "" | ||||
| matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_mautrix_whatsapp_homeserver_async_media: false | ||||
| matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" | ||||
|  | ||||
| matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
| matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" | ||||
|  | ||||
| matrix_mautrix_whatsapp_extev_polls: false | ||||
|  | ||||
|   | ||||
| @@ -16,12 +16,6 @@ network: | ||||
|     proxy_only_login: false | ||||
|  | ||||
|     # Displayname template for WhatsApp users. | ||||
|     # {% raw %} | ||||
|     # {{.PushName}}     - nickname set by the WhatsApp user | ||||
|     # {{.BusinessName}} - validated WhatsApp business name | ||||
|     # {{.Phone}}        - phone number (international format) | ||||
|     # {{.FullName}}     - Name you set in the contacts list | ||||
|     # {% endraw %} | ||||
|     displayname_template: {{ matrix_mautrix_whatsapp_network_displayname_template | to_json }} | ||||
|  | ||||
|     # Should incoming calls send a message to the Matrix room? | ||||
| @@ -255,7 +249,7 @@ homeserver: | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_mautrix_whatsapp_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
| @@ -450,6 +444,9 @@ encryption: | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }} | ||||
|     # Whether to enable self-signing for bridges (Only the bridge bot uses this for now) | ||||
|     # Requires msc4190 to replace keys on reset | ||||
|     self_sign: {{ matrix_mautrix_whatsapp_self_sign_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }} | ||||
|   | ||||
| @@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| 			{{ matrix_mautrix_whatsapp_docker_image }} \ | ||||
| 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml | ||||
| 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml --no-update | ||||
|  | ||||
| {% for network in matrix_mautrix_whatsapp_container_additional_networks %} | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-whatsapp | ||||
|   | ||||
| @@ -18,7 +18,7 @@ matrix_postmoogle_docker_repo_version: "{{ 'main' if matrix_postmoogle_version = | ||||
| matrix_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle | ||||
| matrix_postmoogle_version: v0.9.26 | ||||
| matrix_postmoogle_version: v0.9.27 | ||||
| matrix_postmoogle_docker_image: "{{ matrix_postmoogle_docker_image_registry_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}" | ||||
| matrix_postmoogle_docker_image_registry_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else matrix_postmoogle_docker_image_registry_prefix_upstream }}" | ||||
| matrix_postmoogle_docker_image_registry_prefix_upstream: "{{ matrix_postmoogle_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
							
								
								
									
										242
									
								
								roles/custom/matrix-bridge-steam/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										242
									
								
								roles/custom/matrix-bridge-steam/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,242 @@ | ||||
| # SPDX-FileCopyrightText: 2025 Jason LaGuidice | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
| # matrix-steam-bridge is a Matrix <-> Steam bridge | ||||
| # See: https://github.com/jasonlaguidice/matrix-steam-bridge | ||||
|  | ||||
| matrix_steam_bridge_enabled: true | ||||
|  | ||||
| matrix_steam_bridge_container_image_self_build: false | ||||
| matrix_steam_bridge_container_image_self_build_repo: "https://github.com/jasonlaguidice/matrix-steam-bridge.git" | ||||
| matrix_steam_bridge_container_image_self_build_repo_version: "{{ 'main' if matrix_steam_bridge_version == 'latest' else matrix_steam_bridge_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/jasonlaguidice/matrix-steam-bridge | ||||
| matrix_steam_bridge_version: 1.0.5 | ||||
| matrix_steam_bridge_docker_image: "{{ matrix_steam_bridge_docker_image_registry_prefix }}jasonlaguidice/matrix-steam-bridge:{{ matrix_steam_bridge_version }}" | ||||
| matrix_steam_bridge_docker_image_registry_prefix: "{{ 'localhost/' if matrix_steam_bridge_container_image_self_build else matrix_steam_bridge_docker_image_registry_prefix_upstream }}" | ||||
| matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}" | ||||
| matrix_steam_bridge_docker_image_registry_prefix_upstream_default: "ghcr.io/" | ||||
| matrix_steam_bridge_docker_image_tag: "{{ matrix_steam_bridge_version }}" | ||||
| matrix_steam_bridge_docker_image_force_pull: "{{ matrix_steam_bridge_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| matrix_steam_bridge_base_path: "{{ matrix_base_data_path }}/matrix-steam-bridge" | ||||
| matrix_steam_bridge_config_path: "{{ matrix_steam_bridge_base_path }}/config" | ||||
| matrix_steam_bridge_data_path: "{{ matrix_steam_bridge_base_path }}/data" | ||||
| matrix_steam_bridge_docker_src_files_path: "{{ matrix_steam_bridge_base_path }}/docker-src" | ||||
|  | ||||
| matrix_steam_bridge_homeserver_address: "" | ||||
| matrix_steam_bridge_homeserver_domain: "{{ matrix_domain }}" | ||||
| matrix_steam_bridge_appservice_address: "http://matrix-steam-bridge:{{ matrix_steam_bridge_appservice_port }}" | ||||
| matrix_steam_bridge_appservice_port: "8080" | ||||
|  | ||||
| matrix_steam_bridge_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" | ||||
|  | ||||
| # A public address that external services can use to reach this appservice | ||||
| matrix_steam_bridge_appservice_public_address: "https://{{ matrix_server_fqn_matrix }}" | ||||
|  | ||||
| # Public media configuration for external access to bridge media | ||||
| matrix_steam_bridge_public_media_enabled: true | ||||
| # A key for signing public media URLs. If set to "generate", a random key will be generated. | ||||
| # This will be auto-generated deterministically if matrix_homeserver_generic_secret_key is set. | ||||
| matrix_steam_bridge_public_media_signing_key: '' | ||||
| # Number of seconds that public media URLs are valid for. If set to 0, URLs will never expire. | ||||
| matrix_steam_bridge_public_media_expiry: 0 | ||||
| matrix_steam_bridge_public_media_hash_length: 32 | ||||
|  | ||||
| # Displayname template for Steam users | ||||
| # {{ .DisplayName }} is replaced with the display name of the Steam user | ||||
| # {{ .Username }} is replaced with the username of the Steam user | ||||
| matrix_steam_bridge_network_displayname_template: "{% raw %}{{ .DisplayName }} (Steam){% endraw %}" | ||||
|  | ||||
| matrix_steam_bridge_command_prefix: "!steam" | ||||
|  | ||||
| matrix_steam_bridge_bridge_permissions: | | ||||
|   {{ | ||||
|     {matrix_steam_bridge_homeserver_domain: 'user'} | ||||
|     | combine ({matrix_admin: 'admin'} if matrix_admin else {}) | ||||
|   }} | ||||
|  | ||||
| # TODO: May need to set network for public media? | ||||
| matrix_steam_bridge_container_network: "" | ||||
|  | ||||
| matrix_steam_bridge_container_additional_networks: "{{ matrix_steam_bridge_container_additional_networks_auto + matrix_steam_bridge_container_additional_networks_custom }}" | ||||
| matrix_steam_bridge_container_additional_networks_auto: [] | ||||
| matrix_steam_bridge_container_additional_networks_custom: [] | ||||
|  | ||||
| # matrix_steam_bridge_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. | ||||
| # See `../templates/labels.j2` for details. | ||||
| # | ||||
| # To inject your own other container labels, see `matrix_steam_bridge_container_labels_additional_labels`. | ||||
| matrix_steam_bridge_container_labels_traefik_enabled: true | ||||
| matrix_steam_bridge_container_labels_traefik_docker_network: "{{ matrix_steam_bridge_container_network }}" | ||||
| matrix_steam_bridge_container_labels_traefik_entrypoints: web-secure | ||||
| matrix_steam_bridge_container_labels_traefik_tls: "{{ matrix_steam_bridge_container_labels_traefik_entrypoints != 'web' }}" | ||||
| matrix_steam_bridge_container_labels_traefik_tls_certResolver: default  # noqa var-naming | ||||
|  | ||||
| # Controls whether labels will be added that expose mautrix-instagram's metrics | ||||
| matrix_steam_bridge_container_labels_metrics_enabled: "{{ matrix_steam_bridge_metrics_enabled and matrix_steam_bridge_metrics_proxying_enabled }}" | ||||
| matrix_steam_bridge_container_labels_metrics_traefik_rule: "Host(`{{ matrix_steam_bridge_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_steam_bridge_metrics_proxying_path_prefix }}`)" | ||||
| matrix_steam_bridge_container_labels_metrics_traefik_priority: 0 | ||||
| matrix_steam_bridge_container_labels_metrics_traefik_entrypoints: "{{ matrix_steam_bridge_container_labels_traefik_entrypoints }}" | ||||
| matrix_steam_bridge_container_labels_metrics_traefik_tls: "{{ matrix_steam_bridge_container_labels_metrics_traefik_entrypoints != 'web' }}" | ||||
| matrix_steam_bridge_container_labels_metrics_traefik_tls_certResolver: "{{ matrix_steam_bridge_container_labels_traefik_tls_certResolver }}"  # noqa var-naming | ||||
| matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled: false | ||||
| # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users | ||||
| matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users: '' | ||||
|  | ||||
| # matrix_steam_bridge_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | ||||
| # See `../templates/labels.j2` for details. | ||||
| # | ||||
| # Example: | ||||
| # matrix_steam_bridge_container_labels_additional_labels: | | ||||
| #   my.label=1 | ||||
| #   another.label="here" | ||||
| matrix_steam_bridge_container_labels_additional_labels: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_steam_bridge_container_extra_arguments: [] | ||||
|  | ||||
| # List of systemd services that matrix_steam_bridge.service depends on. | ||||
| matrix_steam_bridge_systemd_required_services_list: "{{ matrix_steam_bridge_systemd_required_services_list_default + matrix_steam_bridge_systemd_required_services_list_auto + matrix_steam_bridge_systemd_required_services_list_custom }}" | ||||
| matrix_steam_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | ||||
| matrix_steam_bridge_systemd_required_services_list_auto: [] | ||||
| matrix_steam_bridge_systemd_required_services_list_custom: [] | ||||
|  | ||||
| # List of systemd services that matrix_steam_bridge.service wants | ||||
| matrix_steam_bridge_systemd_wanted_services_list: [] | ||||
|  | ||||
| matrix_steam_bridge_appservice_token: '' | ||||
| matrix_steam_bridge_homeserver_token: '' | ||||
|  | ||||
| # Whether or not created rooms should have federation enabled. | ||||
| # If false, created portal rooms will never be federated. | ||||
| matrix_steam_bridge_matrix_federate_rooms: false | ||||
|  | ||||
| # Bridge configuration options | ||||
| # Should every user have their own portals rather than sharing them? | ||||
| matrix_steam_bridge_bridge_split_portals: false | ||||
|  | ||||
| # Cleanup on logout configuration | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_enabled: false | ||||
| # Valid values for cleanup actions: nothing, kick, unbridge, delete | ||||
| #   nothing - Do nothing, let the user stay in the portals | ||||
| #   kick - Remove the user from the portal rooms, but don't delete them | ||||
| #   unbridge - Remove all ghosts in the room and disassociate it from the remote chat | ||||
| #   delete - Remove all ghosts and users from the room (i.e. delete it) | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_manual_private: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_manual_relayed: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_no_users: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_has_users: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_private: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_relayed: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_no_users: nothing | ||||
| matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_has_users: nothing | ||||
|  | ||||
| # Homeserver configuration options | ||||
| # Does the homeserver support MSC2246 (async media uploads)? | ||||
| matrix_steam_bridge_homeserver_async_media: false | ||||
|  | ||||
| # Database-related configuration fields. | ||||
| # | ||||
| # To use Postgres: | ||||
| # - adjust your database credentials via the `matrix_steam_bridge_postgres_*` variables | ||||
| matrix_steam_bridge_database_engine: 'postgres' | ||||
|  | ||||
| matrix_steam_bridge_database_username: 'matrix_steam_bridge' | ||||
| matrix_steam_bridge_database_password: 'some-password' | ||||
| matrix_steam_bridge_database_hostname: '' | ||||
| matrix_steam_bridge_database_port: 5432 | ||||
| matrix_steam_bridge_database_name: 'matrix_steam_bridge' | ||||
| matrix_steam_bridge_database_sslmode: disable | ||||
|  | ||||
| matrix_steam_bridge_database_connection_string: 'postgres://{{ matrix_steam_bridge_database_username }}:{{ matrix_steam_bridge_database_password }}@{{ matrix_steam_bridge_database_hostname }}:{{ matrix_steam_bridge_database_port }}/{{ matrix_steam_bridge_database_name }}?sslmode={{ matrix_steam_bridge_database_sslmode }}' | ||||
|  | ||||
| matrix_steam_bridge_database_uri: "{{ | ||||
| 	{ | ||||
| 		'postgres': matrix_steam_bridge_database_connection_string, | ||||
| 	}[matrix_steam_bridge_database_engine] | ||||
| }}" | ||||
|  | ||||
| matrix_steam_bridge_double_puppet_secrets: "{{ matrix_steam_bridge_double_puppet_secrets_auto | combine(matrix_steam_bridge_double_puppet_secrets_custom) }}" | ||||
| matrix_steam_bridge_double_puppet_secrets_auto: {} | ||||
| matrix_steam_bridge_double_puppet_secrets_custom: {} | ||||
|  | ||||
| matrix_steam_bridge_appservice_bot_username: steambot | ||||
| matrix_steam_bridge_appservice_bot_displayname: Steam bridge bot | ||||
| matrix_steam_bridge_appservice_bot_avatar: mxc://shadowdrake.org/EeNKAcrmByNubPwoyceQsBaN | ||||
|  | ||||
| matrix_steam_bridge_backfill_enabled: true | ||||
| # Maximum number of messages to backfill in empty rooms | ||||
| matrix_steam_bridge_backfill_max_initial_messages: 50 | ||||
|  | ||||
| # Maximum number of missed messages to backfill after bridge restarts | ||||
| matrix_steam_bridge_backfill_max_catchup_messages: 500 | ||||
|  | ||||
| # Shared secret for authentication of provisioning API requests. | ||||
| # If set to "disable", the provisioning API will be disabled. | ||||
| matrix_steam_bridge_provisioning_shared_secret: disable | ||||
|  | ||||
| # Minimum severity of journal log messages. | ||||
| # Valid values: fatal, error, warn, info, debug, trace | ||||
| matrix_steam_bridge_logging_level: 'warn' | ||||
|  | ||||
| # Whether or not metrics endpoint should be enabled. | ||||
| # Enabling them is usually enough for a local (in-container) Prometheus to consume them. | ||||
| # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_steam_bridge_metrics_proxying_enabled`. | ||||
| matrix_steam_bridge_metrics_enabled: false | ||||
|  | ||||
| # Controls whether metrics should be exposed on a public URL. | ||||
| matrix_steam_bridge_metrics_proxying_enabled: false | ||||
| matrix_steam_bridge_metrics_proxying_hostname: '' | ||||
| matrix_steam_bridge_metrics_proxying_path_prefix: '' | ||||
|  | ||||
| # Default configuration template which covers the generic use case. | ||||
| # You can customize it by controlling the various variables inside it. | ||||
| # | ||||
| # For a more advanced customization, you can extend the default (see `matrix_steam_bridge_configuration_extension_yaml`) | ||||
| # or completely replace this variable with your own template. | ||||
| matrix_steam_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||
|  | ||||
| matrix_steam_bridge_configuration_extension_yaml: | | ||||
|   # Your custom YAML configuration goes here. | ||||
|   # This configuration extends the default starting configuration (`matrix_steam_bridge_configuration_yaml`). | ||||
|   # | ||||
|   # You can override individual variables from the default configuration, or introduce new ones. | ||||
|   # | ||||
|   # If you need something more special, you can take full control by | ||||
|   # completely redefining `matrix_steam_bridge_configuration_yaml`. | ||||
|  | ||||
| matrix_steam_bridge_configuration_extension: "{{ matrix_steam_bridge_configuration_extension_yaml | from_yaml if matrix_steam_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}" | ||||
|  | ||||
| # Holds the final configuration (a combination of the default and its extension). | ||||
| # You most likely don't need to touch this variable. Instead, see `matrix_steam_bridge_configuration_yaml`. | ||||
| matrix_steam_bridge_configuration: "{{ matrix_steam_bridge_configuration_yaml | from_yaml | combine(matrix_steam_bridge_configuration_extension, recursive=True) }}" | ||||
|  | ||||
| matrix_steam_bridge_registration_yaml: | | ||||
|   id: steam | ||||
|   as_token: "{{ matrix_steam_bridge_appservice_token }}" | ||||
|   hs_token: "{{ matrix_steam_bridge_homeserver_token }}" | ||||
|   namespaces: | ||||
|     users: | ||||
|     - exclusive: true | ||||
|       regex: '^@steam_.+:{{ matrix_steam_bridge_homeserver_domain | regex_escape }}$' | ||||
|     - exclusive: true | ||||
|       regex: '^@{{ matrix_steam_bridge_appservice_bot_username | regex_escape }}:{{ matrix_steam_bridge_homeserver_domain | regex_escape }}$' | ||||
|   url: {{ matrix_steam_bridge_appservice_address }} | ||||
|   sender_localpart: _bot_{{ matrix_steam_bridge_appservice_bot_username }} | ||||
|   rate_limited: false | ||||
|   de.sorunome.msc2409.push_ephemeral: true | ||||
|   receive_ephemeral: true | ||||
|   io.element.msc4190: {{ matrix_steam_bridge_msc4190_enabled | to_json }} | ||||
|  | ||||
| matrix_steam_bridge_registration: "{{ matrix_steam_bridge_registration_yaml | from_yaml }}" | ||||
|  | ||||
| # Enable End-to-bridge encryption | ||||
| matrix_steam_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" | ||||
| matrix_steam_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" | ||||
| matrix_steam_bridge_bridge_encryption_require: false | ||||
| matrix_steam_bridge_bridge_encryption_appservice: false | ||||
| matrix_steam_bridge_bridge_encryption_key_sharing_allow: "{{ matrix_steam_bridge_bridge_encryption_allow }}" | ||||
| matrix_steam_bridge_bridge_encryption_pickle_key: mautrix.bridge.e2ee | ||||
							
								
								
									
										24
									
								
								roles/custom/matrix-bridge-steam/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								roles/custom/matrix-bridge-steam/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - tags: | ||||
|     - setup-all | ||||
|     - setup-matrix-steam-bridge | ||||
|     - install-all | ||||
|     - install-matrix-steam-bridge | ||||
|   block: | ||||
|     - when: matrix_steam_bridge_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||
|  | ||||
|     - when: matrix_steam_bridge_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" | ||||
|  | ||||
| - tags: | ||||
|     - setup-all | ||||
|     - setup-matrix-steam-bridge | ||||
|   block: | ||||
|     - when: not matrix_steam_bridge_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" | ||||
							
								
								
									
										102
									
								
								roles/custom/matrix-bridge-steam/tasks/setup_install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										102
									
								
								roles/custom/matrix-bridge-steam/tasks/setup_install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,102 @@ | ||||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - ansible.builtin.set_fact: | ||||
|     matrix_steam_bridge_requires_restart: false | ||||
|  | ||||
| - name: Ensure Steam bridge image is pulled | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ matrix_steam_bridge_docker_image }}" | ||||
|     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||
|     force_source: "{{ matrix_steam_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_steam_bridge_docker_image_force_pull }}" | ||||
|   when: matrix_steam_bridge_enabled | bool and not matrix_steam_bridge_container_image_self_build | ||||
|   register: result | ||||
|   retries: "{{ devture_playbook_help_container_retries_count }}" | ||||
|   delay: "{{ devture_playbook_help_container_retries_delay }}" | ||||
|   until: result is not failed | ||||
|  | ||||
| - name: Ensure Steam bridge paths exist | ||||
|   ansible.builtin.file: | ||||
|     path: "{{ item.path }}" | ||||
|     state: directory | ||||
|     mode: 0750 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|   with_items: | ||||
|     - {path: "{{ matrix_steam_bridge_base_path }}", when: true} | ||||
|     - {path: "{{ matrix_steam_bridge_config_path }}", when: true} | ||||
|     - {path: "{{ matrix_steam_bridge_data_path }}", when: true} | ||||
|     - {path: "{{ matrix_steam_bridge_docker_src_files_path }}", when: "{{ matrix_steam_bridge_container_image_self_build }}"} | ||||
|   when: item.when | bool | ||||
|  | ||||
| - name: Ensure Steam bridge repository is present on self-build | ||||
|   ansible.builtin.git: | ||||
|     repo: "{{ matrix_steam_bridge_container_image_self_build_repo }}" | ||||
|     version: "{{ matrix_steam_bridge_container_image_self_build_repo_version }}" | ||||
|     dest: "{{ matrix_steam_bridge_docker_src_files_path }}" | ||||
|     force: "yes" | ||||
|   become: true | ||||
|   become_user: "{{ matrix_user_name }}" | ||||
|   register: matrix_steam_bridge_git_pull_results | ||||
|   when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build" | ||||
|  | ||||
| - name: Ensure Steam bridge Docker image is built | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ matrix_steam_bridge_docker_image }}" | ||||
|     source: build | ||||
|     force_source: "{{ matrix_steam_bridge_git_pull_results.changed }}" | ||||
|     build: | ||||
|       dockerfile: Dockerfile | ||||
|       path: "{{ matrix_steam_bridge_docker_src_files_path }}" | ||||
|       pull: true | ||||
|   when: "matrix_steam_bridge_enabled | bool and matrix_steam_bridge_container_image_self_build | bool" | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge config.yaml installed | ||||
|   ansible.builtin.copy: | ||||
|     content: "{{ matrix_steam_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}" | ||||
|     dest: "{{ matrix_steam_bridge_config_path }}/config.yaml" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge registration.yaml installed | ||||
|   ansible.builtin.copy: | ||||
|     content: "{{ matrix_steam_bridge_registration | to_nice_yaml(indent=2, width=999999) }}" | ||||
|     dest: "{{ matrix_steam_bridge_config_path }}/registration.yaml" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge support files installed | ||||
|   ansible.builtin.template: | ||||
|     src: "{{ role_path }}/templates/{{ item }}.j2" | ||||
|     dest: "{{ matrix_steam_bridge_base_path }}/{{ item }}" | ||||
|     mode: 0640 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|   with_items: | ||||
|     - labels | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge container network is created | ||||
|   community.general.docker_network: | ||||
|     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | ||||
|     name: "{{ matrix_steam_bridge_container_network }}" | ||||
|     driver: bridge | ||||
|     driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge.service installed | ||||
|   ansible.builtin.template: | ||||
|     src: "{{ role_path }}/templates/systemd/matrix-steam-bridge.service.j2" | ||||
|     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service" | ||||
|     mode: 0644 | ||||
|  | ||||
| - name: Ensure matrix-steam-bridge.service restarted, if necessary | ||||
|   ansible.builtin.service: | ||||
|     name: "matrix-steam-bridge.service" | ||||
|     state: restarted | ||||
|     daemon_reload: true | ||||
|   when: "matrix_steam_bridge_requires_restart | bool" | ||||
							
								
								
									
										23
									
								
								roles/custom/matrix-bridge-steam/tasks/setup_uninstall.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								roles/custom/matrix-bridge-steam/tasks/setup_uninstall.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - name: Check existence of matrix-steam-bridge service | ||||
|   ansible.builtin.stat: | ||||
|     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service" | ||||
|   register: matrix_steam_bridge_service_stat | ||||
|  | ||||
| - when: matrix_steam_bridge_service_stat.stat.exists | bool | ||||
|   block: | ||||
|     - name: Ensure matrix-steam-bridge is stopped | ||||
|       ansible.builtin.service: | ||||
|         name: matrix-steam-bridge | ||||
|         state: stopped | ||||
|         daemon_reload: true | ||||
|  | ||||
|     - name: Ensure matrix-steam-bridge.service doesn't exist | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-steam-bridge.service" | ||||
|         state: absent | ||||
							
								
								
									
										29
									
								
								roles/custom/matrix-bridge-steam/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								roles/custom/matrix-bridge-steam/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - name: Fail if required matrix_steam_bridge settings not defined | ||||
|   ansible.builtin.fail: | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item.name }}`). | ||||
|   when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" | ||||
|   with_items: | ||||
|     - {'name': 'matrix_steam_bridge_appservice_token', when: true} | ||||
|     - {'name': 'matrix_steam_bridge_homeserver_address', when: true} | ||||
|     - {'name': 'matrix_steam_bridge_homeserver_token', when: true} | ||||
|     - {'name': 'matrix_steam_bridge_database_hostname', when: "{{ matrix_steam_bridge_database_engine == 'postgres' }}"} | ||||
|     - {'name': 'matrix_steam_bridge_container_network', when: true} | ||||
|     - {'name': 'matrix_steam_bridge_metrics_proxying_hostname', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"} | ||||
|     - {'name': 'matrix_steam_bridge_metrics_proxying_path_prefix', when: "{{ matrix_steam_bridge_metrics_proxying_enabled }}"} | ||||
| # TODO: Confirm additional config isn't mandatory for public_media | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed matrix-steam-bridge variables | ||||
|   ansible.builtin.fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml). | ||||
|   when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_steam_bridge_docker_image_name_prefix', 'new': 'matrix_steam_bridge_docker_image_registry_prefix'} | ||||
							
								
								
									
										446
									
								
								roles/custom/matrix-bridge-steam/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										446
									
								
								roles/custom/matrix-bridge-steam/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,446 @@ | ||||
| #jinja2: lstrip_blocks: True | ||||
| # Network-specific config options | ||||
| network: | ||||
|     # Proxy to use for all Steam connections. | ||||
|     proxy: null | ||||
|     # Alternative to proxy: an HTTP endpoint that returns the proxy URL to use for Steam connections. | ||||
|     get_proxy_url: null | ||||
|  | ||||
|     # Displayname template for Steam users. | ||||
|     displayname_template: {{ matrix_steam_bridge_network_displayname_template | to_json }} | ||||
|  | ||||
|     # Maximum number of conversations to sync on startup | ||||
|     conversation_sync_limit: 20 | ||||
|  | ||||
|     steam_bridge_path: ./ | ||||
|     steam_bridge_address: localhost:50051 | ||||
|     steam_bridge_auto_start: true | ||||
|     steam_bridge_startup_timeout: 30 | ||||
|  | ||||
| # Config options that affect the central bridge module. | ||||
| bridge: | ||||
|     # The prefix for commands. Only required in non-management rooms. | ||||
|     command_prefix: {{ matrix_steam_bridge_command_prefix | to_json }} | ||||
|     # Should the bridge create a space for each login containing the rooms that account is in? | ||||
|     personal_filtering_spaces: true | ||||
|     # Whether the bridge should set names and avatars explicitly for DM portals. | ||||
|     # This is only necessary when using clients that don't support MSC4171. | ||||
|     private_chat_portal_meta: true | ||||
|     # Should events be handled asynchronously within portal rooms? | ||||
|     # If true, events may end up being out of order, but slow events won't block other ones. | ||||
|     # This is not yet safe to use. | ||||
|     async_events: false | ||||
|     # Should every user have their own portals rather than sharing them? | ||||
|     # By default, users who are in the same group on the remote network will be | ||||
|     # in the same Matrix room bridged to that group. If this is set to true, | ||||
|     # every user will get their own Matrix room instead. | ||||
|     split_portals: {{ matrix_steam_bridge_bridge_split_portals | to_json }} | ||||
|     # Should the bridge resend `m.bridge` events to all portals on startup? | ||||
|     resend_bridge_info: false | ||||
|     # Should `m.bridge` events be sent without a state key? | ||||
|     # By default, the bridge uses a unique key that won't conflict with other bridges. | ||||
|     no_bridge_info_state_key: false | ||||
|     # Should bridge connection status be sent to the management room as `m.notice` events? | ||||
|     # These contain the same data that can be posted to an external HTTP server using homeserver -> status_endpoint. | ||||
|     # Allowed values: none, errors, all | ||||
|     bridge_status_notices: errors | ||||
|     # How long after an unknown error should the bridge attempt a full reconnect? | ||||
|     # Must be at least 1 minute. The bridge will add an extra ±20% jitter to this value. | ||||
|     unknown_error_auto_reconnect: null | ||||
|  | ||||
|     # Should leaving Matrix rooms be bridged as leaving groups on the remote network? | ||||
|     bridge_matrix_leave: false | ||||
|     # Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority. | ||||
|     # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone. | ||||
|     tag_only_on_create: true | ||||
|     # List of tags to allow bridging. If empty, no tags will be bridged. | ||||
|     only_bridge_tags: [m.favourite, m.lowpriority] | ||||
|     # Should room mute status only be synced when creating the portal? | ||||
|     # Like tags, mutes can't currently be synced back to the remote network. | ||||
|     mute_only_on_create: true | ||||
|     # Should the bridge check the db to ensure that incoming events haven't been handled before | ||||
|     deduplicate_matrix_messages: false | ||||
|     # Should cross-room reply metadata be bridged? | ||||
|     # Most Matrix clients don't support this and servers may reject such messages too. | ||||
|     cross_room_replies: false | ||||
|  | ||||
|  | ||||
|     # What should be done to portal rooms when a user logs out or is logged out? | ||||
|     # Permitted values: | ||||
|     #   nothing - Do nothing, let the user stay in the portals | ||||
|     #   kick - Remove the user from the portal rooms, but don't delete them | ||||
|     #   unbridge - Remove all ghosts in the room and disassociate it from the remote chat | ||||
|     #   delete - Remove all ghosts and users from the room (i.e. delete it) | ||||
|     cleanup_on_logout: | ||||
|         # Should cleanup on logout be enabled at all? | ||||
|         enabled: {{ matrix_steam_bridge_bridge_cleanup_on_logout_enabled | to_json }} | ||||
|         # Settings for manual logouts (explicitly initiated by the Matrix user) | ||||
|         manual: | ||||
|             # Action for private portals which will never be shared with other Matrix users. | ||||
|             private: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_private | to_json }} | ||||
|             # Action for portals with a relay user configured. | ||||
|             relayed: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_relayed | to_json }} | ||||
|             # Action for portals which may be shared, but don't currently have any other Matrix users. | ||||
|             shared_no_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_no_users | to_json }} | ||||
|             # Action for portals which have other logged-in Matrix users. | ||||
|             shared_has_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_manual_shared_has_users | to_json }} | ||||
|         # Settings for credentials being invalidated (initiated by the remote network, possibly through user action). | ||||
|         # Keys have the same meanings as in the manual section. | ||||
|         bad_credentials: | ||||
|             private: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_private | to_json }} | ||||
|             relayed: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_relayed | to_json }} | ||||
|             shared_no_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_no_users | to_json }} | ||||
|             shared_has_users: {{ matrix_steam_bridge_bridge_cleanup_on_logout_bad_credentials_shared_has_users | to_json }} | ||||
|  | ||||
|     # Settings for relay mode | ||||
|     relay: | ||||
|         # Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any | ||||
|         # authenticated user into a relaybot for that chat. | ||||
|         enabled: false | ||||
|         # Should only admins be allowed to set themselves as relay users? | ||||
|         # If true, non-admins can only set users listed in default_relays as relays in a room. | ||||
|         admin_only: true | ||||
|         # List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. | ||||
|         default_relays: [] | ||||
|         # The formats to use when sending messages via the relaybot. | ||||
|         # Available variables: | ||||
|         #   .Sender.UserID - The Matrix user ID of the sender. | ||||
|         #   .Sender.Displayname - The display name of the sender (if set). | ||||
|         #   .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room. | ||||
|         #   .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set, | ||||
|         #                               plus the user ID in parentheses if the displayname is not unique. | ||||
|         #                               If the displayname is not set, this is just the user ID. | ||||
|         #   .Message - The `formatted_body` field of the message. | ||||
|         #   .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string. | ||||
|         #   .FileName - The name of the file being sent. | ||||
|         message_formats: | ||||
|             m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}" | ||||
|             m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}" | ||||
|             m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}" | ||||
|             m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}" | ||||
|             m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}" | ||||
|             m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}" | ||||
|             m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}" | ||||
|             m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}" | ||||
|         # For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names. | ||||
|         # This has all the Sender variables available under message_formats (but without the .Sender prefix). | ||||
|         # Note that you need to manually remove the displayname from message_formats above. | ||||
|         displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}" | ||||
|  | ||||
|     # Permissions for using the bridge. | ||||
|     # Permitted values: | ||||
|     #    relay - Talk through the relaybot (if enabled), no access otherwise | ||||
|     # commands - Access to use commands in the bridge, but not login. | ||||
|     #     user - Access to use the bridge with puppeting. | ||||
|     #    admin - Full access, user level with some additional administration tools. | ||||
|     # Permitted keys: | ||||
|     #        * - All Matrix users | ||||
|     #   domain - All users on that homeserver | ||||
|     #     mxid - Specific user | ||||
|     permissions: {{ matrix_steam_bridge_bridge_permissions | to_json }} | ||||
|  | ||||
| # Config for the bridge's database. | ||||
| database: | ||||
|     # The database type. "sqlite3-fk-wal" and "postgres" are supported. | ||||
|     type: postgres | ||||
|     # The database URI. | ||||
|     #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended. | ||||
|     #           https://github.com/mattn/go-sqlite3#connection-string | ||||
|     #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable | ||||
|     #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql | ||||
|     uri: {{ matrix_steam_bridge_database_uri | to_json }} | ||||
|     # Maximum number of connections. | ||||
|     max_open_conns: 5 | ||||
|     max_idle_conns: 2 | ||||
|     # Maximum connection idle time and lifetime before they're closed. Disabled if null. | ||||
|     # Parsed with https://pkg.go.dev/time#ParseDuration | ||||
|     max_conn_idle_time: null | ||||
|     max_conn_lifetime: null | ||||
|  | ||||
| # Homeserver details. | ||||
| homeserver: | ||||
|     # The address that this appservice can use to connect to the homeserver. | ||||
|     # Local addresses without HTTPS are generally recommended when the bridge is running on the same machine, | ||||
|     # but https also works if they run on different machines. | ||||
|     address: {{ matrix_steam_bridge_homeserver_address | to_json }} | ||||
|     # The domain of the homeserver (also known as server_name, used for MXIDs, etc). | ||||
|     domain: {{ matrix_steam_bridge_homeserver_domain | to_json }} | ||||
|  | ||||
|     # What software is the homeserver running? | ||||
|     # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. | ||||
|     software: standard | ||||
|     # The URL to push real-time bridge status to. | ||||
|     # If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes. | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     status_endpoint: | ||||
|     # Endpoint for reporting per-message status. | ||||
|     # If set, the bridge will make POST requests to this URL when processing a message from Matrix. | ||||
|     # It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable | ||||
|     # (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported. | ||||
|     # The bridge will use the appservice as_token to authorize requests. | ||||
|     message_send_checkpoint_endpoint: | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: {{ matrix_steam_bridge_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
|     # mautrix-asmux (deprecated), and hungryserv (proprietary). | ||||
|     websocket: false | ||||
|     # How often should the websocket be pinged? Pinging will be disabled if this is zero. | ||||
|     ping_interval_seconds: 0 | ||||
|  | ||||
| # Application service host/registration related details. | ||||
| # Changing these values requires regeneration of the registration (except when noted otherwise) | ||||
| appservice: | ||||
|     # The address that the homeserver can use to connect to this appservice. | ||||
|     # Like the homeserver address, a local non-https address is recommended when the bridge is on the same machine. | ||||
|     # If the bridge is elsewhere, you must secure the connection yourself (e.g. with https or wireguard) | ||||
|     # If you want to use https, you need to use a reverse proxy. The bridge does not have TLS support built in. | ||||
|     address: {{ matrix_steam_bridge_appservice_address | to_json }} | ||||
|     # A public address that external services can use to reach this appservice. | ||||
|     # This is only needed for things like public media. A reverse proxy is generally necessary when using this field. | ||||
|     # This value doesn't affect the registration file. | ||||
|     public_address: {{ matrix_steam_bridge_appservice_public_address | to_json }} | ||||
|  | ||||
|     # The hostname and port where this appservice should listen. | ||||
|     # For Docker, you generally have to change the hostname to 0.0.0.0. | ||||
|     hostname: 0.0.0.0 | ||||
|     port: {{ matrix_steam_bridge_appservice_port }} | ||||
|  | ||||
|     # The unique ID of this appservice. | ||||
|     id: steam | ||||
|     # Appservice bot details. | ||||
|     bot: | ||||
|         # Username of the appservice bot. | ||||
|         username: {{ matrix_steam_bridge_appservice_bot_username | to_json }} | ||||
|         # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||
|         # to leave display name/avatar as-is. | ||||
|         displayname: {{ matrix_steam_bridge_appservice_bot_displayname | to_json(ensure_ascii=False) }} | ||||
|         avatar: {{ matrix_steam_bridge_appservice_bot_avatar | to_json }} | ||||
|  | ||||
|     # Whether to receive ephemeral events via appservice transactions. | ||||
|     ephemeral_events: true | ||||
|     # Should incoming events be handled asynchronously? | ||||
|     # This may be necessary for large public instances with lots of messages going through. | ||||
|     # However, messages will not be guaranteed to be bridged in the same order they were sent in. | ||||
|     # This value doesn't affect the registration file. | ||||
|     async_transactions: false | ||||
|  | ||||
|     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||||
|     as_token: {{ matrix_steam_bridge_appservice_token | to_json }} | ||||
|     hs_token: {{ matrix_steam_bridge_homeserver_token | to_json }} | ||||
|  | ||||
|     # Localpart template of MXIDs for remote users. | ||||
|     # {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user. | ||||
|     username_template: "{% raw %}steam_{{.}}{% endraw %}" | ||||
|  | ||||
| # Config options that affect the Matrix connector of the bridge. | ||||
| matrix: | ||||
|     # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. | ||||
|     message_status_events: false | ||||
|     # Whether the bridge should send a read receipt after successfully bridging a message. | ||||
|     delivery_receipts: false | ||||
|     # Whether the bridge should send error notices via m.notice events when a message fails to bridge. | ||||
|     message_error_notices: true | ||||
|     # Whether the bridge should update the m.direct account data event when double puppeting is enabled. | ||||
|     sync_direct_chat_list: true | ||||
|     # Whether created rooms should have federation enabled. If false, created portal rooms | ||||
|     # will never be federated. Changing this option requires recreating rooms. | ||||
|     federate_rooms: {{ matrix_steam_bridge_matrix_federate_rooms | to_json }} | ||||
|     # The threshold as bytes after which the bridge should roundtrip uploads via the disk | ||||
|     # rather than keeping the whole file in memory. | ||||
|     upload_file_threshold: 5242880 | ||||
|  | ||||
| # Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors. | ||||
| analytics: | ||||
|     # API key to send with tracking requests. Tracking is disabled if this is null. | ||||
|     token: null | ||||
|     # Address to send tracking requests to. | ||||
|     url: https://api.segment.io/v1/track | ||||
|     # Optional user ID for tracking events. If null, defaults to using Matrix user ID. | ||||
|     user_id: null | ||||
|  | ||||
| # Settings for provisioning API | ||||
| provisioning: | ||||
|     # Prefix for the provisioning API paths. | ||||
|     prefix: /_matrix/provision | ||||
|     # Shared secret for authentication. If set to "generate" or null, a random secret will be generated, | ||||
|     # or if set to "disable", the provisioning API will be disabled. | ||||
|     shared_secret: {{ matrix_steam_bridge_provisioning_shared_secret | to_json }} | ||||
|     # Whether to allow provisioning API requests to be authed using Matrix access tokens. | ||||
|     # This follows the same rules as double puppeting to determine which server to contact to check the token, | ||||
|     # which means that by default, it only works for users on the same server as the bridge. | ||||
|     allow_matrix_auth: true | ||||
|     # Enable debug API at /debug with provisioning authentication. | ||||
|     debug_endpoints: false | ||||
|  | ||||
| # Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks). | ||||
| # These settings control whether the bridge will provide such public media access. | ||||
| # TODO: Update with public_media config once it's figured out | ||||
| public_media: | ||||
|     # Should public media be enabled at all? | ||||
|     # The public_address field under the appservice section MUST be set when enabling public media. | ||||
|     enabled: {{ matrix_steam_bridge_public_media_enabled | to_json }} | ||||
|     # A key for signing public media URLs. | ||||
|     # If set to "generate", a random key will be generated. | ||||
|     signing_key: {{ matrix_steam_bridge_public_media_signing_key | to_json }} | ||||
|     # Number of seconds that public media URLs are valid for. | ||||
|     # If set to 0, URLs will never expire. | ||||
|     expiry: {{ matrix_steam_bridge_public_media_expiry | to_json }} | ||||
|     # Length of hash to use for public media URLs. Must be between 0 and 32. | ||||
|     hash_length: {{ matrix_steam_bridge_public_media_hash_length | to_json }} | ||||
|  | ||||
| # Settings for converting remote media to custom mxc:// URIs instead of reuploading. | ||||
| # More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html | ||||
| direct_media: | ||||
|     # Should custom mxc:// URIs be used instead of reuploading media? | ||||
|     enabled: false | ||||
|     # The server name to use for the custom mxc:// URIs. | ||||
|     # This server name will effectively be a real Matrix server, it just won't implement anything other than media. | ||||
|     # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge. | ||||
|     server_name: media.example.com | ||||
|     # Optionally a custom .well-known response. This defaults to `server_name:443` | ||||
|     well_known_response: | ||||
|     # Optionally specify a custom prefix for the media ID part of the MXC URI. | ||||
|     media_id_prefix: | ||||
|     # If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916 | ||||
|     # media download redirects if the requester supports it. Optionally, you can force redirects | ||||
|     # and not allow proxying at all by setting this to false. | ||||
|     # This option does nothing if the remote network does not support media downloads over HTTP. | ||||
|     allow_proxy: true | ||||
|     # Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. | ||||
|     # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. | ||||
|     server_key: "" | ||||
|  | ||||
| # Settings for backfilling messages. | ||||
| # Note that the exact way settings are applied depends on the network connector. | ||||
| # See https://docs.mau.fi/bridges/general/backfill.html for more details. | ||||
| backfill: | ||||
|     # Whether to do backfilling at all. | ||||
|     enabled: {{ matrix_steam_bridge_backfill_enabled | to_json }} | ||||
|     # Maximum number of messages to backfill in empty rooms. | ||||
|     max_initial_messages: {{ matrix_steam_bridge_backfill_max_initial_messages | to_json }} | ||||
|     # Maximum number of missed messages to backfill after bridge restarts. | ||||
|     max_catchup_messages: {{ matrix_steam_bridge_backfill_max_catchup_messages | to_json }} | ||||
|     # If a backfilled chat is older than this number of hours, | ||||
|     # mark it as read even if it's unread on the remote network. | ||||
|     unread_hours_threshold: 720 | ||||
|     # Settings for backfilling threads within other backfills. | ||||
|     threads: | ||||
|         # Maximum number of messages to backfill in a new thread. | ||||
|         max_initial_messages: 50 | ||||
|     # Settings for the backwards backfill queue. This only applies when connecting to | ||||
|     # Beeper as standard Matrix servers don't support inserting messages into history. | ||||
|     queue: | ||||
|         # Should the backfill queue be enabled? | ||||
|         enabled: false | ||||
|         # Number of messages to backfill in one batch. | ||||
|         batch_size: 100 | ||||
|         # Delay between batches in seconds. | ||||
|         batch_delay: 20 | ||||
|         # Maximum number of batches to backfill per portal. | ||||
|         # If set to -1, all available messages will be backfilled. | ||||
|         max_batches: -1 | ||||
|         # Optional network-specific overrides for max batches. | ||||
|         # Interpretation of this field depends on the network connector. | ||||
|         max_batches_override: {} | ||||
|  | ||||
| # Settings for enabling double puppeting | ||||
| double_puppet: | ||||
|     # Servers to always allow double puppeting from. | ||||
|     # This is only for other servers and should NOT contain the server the bridge is on. | ||||
|     servers: {} | ||||
|     # Whether to allow client API URL discovery for other servers. When using this option, | ||||
|     # users on other servers can use double puppeting even if their server URLs aren't | ||||
|     # explicitly added to the servers map above. | ||||
|     allow_discovery: false | ||||
|     # Shared secrets for automatic double puppeting. | ||||
|     # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. | ||||
|     secrets: {{ matrix_steam_bridge_double_puppet_secrets | to_json }} | ||||
|  | ||||
| # End-to-bridge encryption support options. | ||||
| # | ||||
| # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. | ||||
| encryption: | ||||
|     # Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms. | ||||
|     allow: {{ matrix_steam_bridge_bridge_encryption_allow | to_json }} | ||||
|     # Whether to force-enable encryption in all bridged rooms. | ||||
|     default: {{ matrix_steam_bridge_bridge_encryption_default | to_json }} | ||||
|     # Whether to require all messages to be encrypted and drop any unencrypted messages. | ||||
|     require: {{ matrix_steam_bridge_bridge_encryption_require | to_json }} | ||||
|     # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. | ||||
|     # This option is not yet compatible with standard Matrix servers like Synapse and should not be used. | ||||
|     appservice: {{ matrix_steam_bridge_bridge_encryption_appservice | to_json }} | ||||
|     # Whether to use MSC4190 instead of appservice login to create the bridge bot device. | ||||
|     # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202. | ||||
|     # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861). | ||||
|     # Changing this option requires updating the appservice registration file. | ||||
|     msc4190: {{ matrix_steam_bridge_msc4190_enabled | to_json }} | ||||
|     # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|     # You must use a client that supports requesting keys from other users to use this feature. | ||||
|     allow_key_sharing: {{ matrix_steam_bridge_bridge_encryption_key_sharing_allow | to_json }} | ||||
|     # Pickle key for encrypting encryption keys in the bridge database. | ||||
|     # If set to generate, a random key will be generated. | ||||
|     pickle_key: {{ matrix_steam_bridge_bridge_encryption_pickle_key | to_json }} | ||||
|     # Options for deleting megolm sessions from the bridge. | ||||
|     delete_keys: | ||||
|         # Beeper-specific: delete outbound sessions when hungryserv confirms | ||||
|         # that the user has uploaded the key to key backup. | ||||
|         delete_outbound_on_ack: false | ||||
|         # Don't store outbound sessions in the inbound table. | ||||
|         dont_store_outbound: false | ||||
|         # Ratchet megolm sessions forward after decrypting messages. | ||||
|         ratchet_on_decrypt: false | ||||
|         # Delete fully used keys (index >= max_messages) after decrypting messages. | ||||
|         delete_fully_used_on_decrypt: false | ||||
|         # Delete previous megolm sessions from same device when receiving a new one. | ||||
|         delete_prev_on_new_session: false | ||||
|         # Delete megolm sessions received from a device when the device is deleted. | ||||
|         delete_on_device_delete: false | ||||
|         # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. | ||||
|         periodically_delete_expired: false | ||||
|         # Delete inbound megolm sessions that don't have the received_at field used for | ||||
|         # automatic ratcheting and expired session deletion. This is meant as a migration | ||||
|         # to delete old keys prior to the bridge update. | ||||
|         delete_outdated_inbound: false | ||||
|     # What level of device verification should be required from users? | ||||
|     # | ||||
|     # Valid levels: | ||||
|     #   unverified - Send keys to all device in the room. | ||||
|     #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. | ||||
|     #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). | ||||
|     #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. | ||||
|     #                           Note that creating user signatures from the bridge bot is not currently possible. | ||||
|     #   verified - Require manual per-device verification | ||||
|     #              (currently only possible by modifying the `trust` column in the `crypto_device` database table). | ||||
|     verification_levels: | ||||
|         # Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix. | ||||
|         receive: unverified | ||||
|         # Minimum level that the bridge should accept for incoming Matrix messages. | ||||
|         send: unverified | ||||
|         # Minimum level that the bridge should require for accepting key requests. | ||||
|         share: cross-signed-tofu | ||||
|     # Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content. | ||||
|     # See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event. | ||||
|     rotation: | ||||
|         # Enable custom Megolm room key rotation settings. Note that these | ||||
|         # settings will only apply to rooms created after this option is set. | ||||
|         enable_custom: false | ||||
|         # The maximum number of milliseconds a session should be used | ||||
|         # before changing it. The Matrix spec recommends 604800000 (a week) | ||||
|         # as the default. | ||||
|         milliseconds: 604800000 | ||||
|         # The maximum number of messages that should be sent with a given a | ||||
|         # session before changing it. The Matrix spec recommends 100 as the | ||||
|         # default. | ||||
|         messages: 100 | ||||
|         # Disable rotating keys when a user's devices change? | ||||
|         # You should not enable this option unless you understand all the implications. | ||||
|         disable_device_change_key_rotation: false | ||||
|  | ||||
| # Logging config. See https://github.com/tulir/zeroconfig for details. | ||||
| logging: | ||||
|     min_level: {{ matrix_steam_bridge_logging_level | to_json }} | ||||
|     writers: | ||||
|         - type: stdout | ||||
|           format: pretty-colored | ||||
| @@ -0,0 +1,3 @@ | ||||
| SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
							
								
								
									
										78
									
								
								roles/custom/matrix-bridge-steam/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										78
									
								
								roles/custom/matrix-bridge-steam/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,78 @@ | ||||
| {# | ||||
| SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| #} | ||||
|  | ||||
| {% if matrix_steam_bridge_container_labels_traefik_enabled %} | ||||
| traefik.enable=true | ||||
|  | ||||
| {% if matrix_steam_bridge_container_labels_traefik_docker_network %} | ||||
| traefik.docker.network={{ matrix_steam_bridge_container_labels_traefik_docker_network }} | ||||
| {% endif %} | ||||
|  | ||||
| traefik.http.services.matrix-steam-bridge.loadbalancer.server.port={{ matrix_steam_bridge_appservice_port }} | ||||
| traefik.http.services.matrix-steam-bridge-metrics.loadbalancer.server.port=8000 | ||||
|  | ||||
| {% if matrix_steam_bridge_container_labels_metrics_enabled %} | ||||
| ############################################################ | ||||
| #                                                          # | ||||
| # Metrics                                                  # | ||||
| #                                                          # | ||||
| ############################################################ | ||||
|  | ||||
| {% if matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_enabled %} | ||||
| traefik.http.middlewares.matrix-steam-bridge-metrics-basic-auth.basicauth.users={{ matrix_steam_bridge_container_labels_metrics_middleware_basic_auth_users }} | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.middlewares=matrix-steam-bridge-metrics-basic-auth | ||||
| {% endif %} | ||||
|  | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.rule={{ matrix_steam_bridge_container_labels_metrics_traefik_rule }} | ||||
|  | ||||
| {% if matrix_steam_bridge_container_labels_metrics_traefik_priority | int > 0 %} | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.priority={{ matrix_steam_bridge_container_labels_metrics_traefik_priority }} | ||||
| {% endif %} | ||||
|  | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.service=matrix-steam-bridge-metrics | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.entrypoints={{ matrix_steam_bridge_container_labels_metrics_traefik_entrypoints }} | ||||
|  | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.tls={{ matrix_steam_bridge_container_labels_metrics_traefik_tls | to_json }} | ||||
| {% if matrix_steam_bridge_container_labels_metrics_traefik_tls %} | ||||
| traefik.http.routers.matrix-steam-bridge-metrics.tls.certResolver={{ matrix_steam_bridge_container_labels_metrics_traefik_tls_certResolver }} | ||||
| {% endif %} | ||||
|  | ||||
| ############################################################ | ||||
| #                                                          # | ||||
| # /Metrics                                                 # | ||||
| #                                                          # | ||||
| ############################################################ | ||||
| {% endif %} | ||||
|  | ||||
|  | ||||
| {% if matrix_steam_bridge_public_media_enabled %} | ||||
| ############################################################ | ||||
| #                                                          # | ||||
| # Public Media                                             # | ||||
| #                                                          # | ||||
| ############################################################ | ||||
|  | ||||
| # Router for public media | ||||
| traefik.http.routers.matrix-steam-bridge-public-media.rule=Host(`{{ matrix_server_fqn_matrix }}`) && PathPrefix(`/_mautrix/publicmedia/{{ matrix_domain }}/`) | ||||
| traefik.http.routers.matrix-steam-bridge-public-media.service=matrix-steam-bridge | ||||
| traefik.http.routers.matrix-steam-bridge-public-media.entrypoints={{ matrix_steam_bridge_container_labels_traefik_entrypoints }} | ||||
| traefik.http.routers.matrix-steam-bridge-public-media.tls={{ matrix_steam_bridge_container_labels_traefik_tls | to_json }} | ||||
| {% if matrix_steam_bridge_container_labels_traefik_tls %} | ||||
| traefik.http.routers.matrix-steam-bridge-public-media.tls.certResolver={{ matrix_steam_bridge_container_labels_traefik_tls_certResolver }} | ||||
| {% endif %} | ||||
|  | ||||
|  | ||||
| ############################################################ | ||||
| #                                                          # | ||||
| # /Public Media                                            # | ||||
| #                                                          # | ||||
| ############################################################ | ||||
| {% endif %} | ||||
|  | ||||
|  | ||||
| {% endif %} | ||||
|  | ||||
| {{ matrix_steam_bridge_container_labels_additional_labels }} | ||||
| @@ -0,0 +1,48 @@ | ||||
| #jinja2: lstrip_blocks: True | ||||
| [Unit] | ||||
| Description=Matrix Steam bridge | ||||
| {% for service in matrix_steam_bridge_systemd_required_services_list %} | ||||
| Requires={{ service }} | ||||
| After={{ service }} | ||||
| {% endfor %} | ||||
| {% for service in matrix_steam_bridge_systemd_wanted_services_list %} | ||||
| Wants={{ service }} | ||||
| {% endfor %} | ||||
| DefaultDependencies=no | ||||
|  | ||||
| [Service] | ||||
| Type=simple | ||||
| Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" | ||||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-steam-bridge 2>/dev/null || true' | ||||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-steam-bridge 2>/dev/null || true' | ||||
|  | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||
| 			--rm \ | ||||
| 			--name=matrix-steam-bridge \ | ||||
| 			--log-driver=none \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--network={{ matrix_steam_bridge_container_network }} \ | ||||
| 			--mount type=bind,src={{ matrix_steam_bridge_config_path }},dst=/app/config,ro \ | ||||
| 			--mount type=bind,src={{ matrix_steam_bridge_data_path }},dst=/app/data \ | ||||
| 			--label-file={{ matrix_steam_bridge_base_path }}/labels \ | ||||
| 			{% for arg in matrix_steam_bridge_container_extra_arguments %} | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| 			{{ matrix_steam_bridge_docker_image }} \ | ||||
| 			/usr/bin/steam -c /app/config/config.yaml -r /app/config/registration.yaml --no-update | ||||
|  | ||||
| {% for network in matrix_steam_bridge_container_additional_networks %} | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-steam-bridge | ||||
| {% endfor %} | ||||
|  | ||||
| ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-steam-bridge | ||||
|  | ||||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-steam-bridge 2>/dev/null || true' | ||||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-steam-bridge 2>/dev/null || true' | ||||
| Restart=always | ||||
| RestartSec=30 | ||||
| SyslogIdentifier=matrix-steam-bridge | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
| @@ -0,0 +1,3 @@ | ||||
| SPDX-FileCopyrightText: 2025 MDAD project contributors | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| @@ -47,6 +47,9 @@ matrix_wechat_agent_container_src_files_path: "{{ matrix_wechat_base_path }}/age | ||||
|  | ||||
| matrix_wechat_homeserver_address: "" | ||||
| matrix_wechat_homeserver_domain: "{{ matrix_domain }}" | ||||
| # Whether asynchronous uploads via MSC2246 should be enabled for media. | ||||
| # Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246). | ||||
| matrix_wechat_homeserver_async_media: false | ||||
| matrix_wechat_appservice_address: 'http://matrix-wechat:8080' | ||||
|  | ||||
| matrix_wechat_container_network: "" | ||||
|   | ||||
| @@ -16,7 +16,7 @@ homeserver: | ||||
|     # Endpoint for reporting per-message status. | ||||
|     message_send_checkpoint_endpoint: null | ||||
|     # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | ||||
|     async_media: false | ||||
|     async_media: {{ matrix_wechat_homeserver_async_media | to_json }} | ||||
|  | ||||
|     # Should the bridge use a websocket for connecting to the homeserver? | ||||
|     # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, | ||||
|   | ||||
| @@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas | ||||
| matrix_cactus_comments_client_public_path_file_permissions: "0644" | ||||
|  | ||||
| # renovate: datasource=docker depName=joseluisq/static-web-server | ||||
| matrix_cactus_comments_client_version: 2.38.0 | ||||
| matrix_cactus_comments_client_version: 2.38.1 | ||||
|  | ||||
| matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" | ||||
| matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}" | ||||
|   | ||||
| @@ -17,7 +17,7 @@ matrix_client_cinny_container_image_self_build: false | ||||
| matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" | ||||
|  | ||||
| # renovate: datasource=docker depName=ajbura/cinny | ||||
| matrix_client_cinny_version: v4.9.0 | ||||
| matrix_client_cinny_version: v4.10.1 | ||||
| matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_registry_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" | ||||
| matrix_client_cinny_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_client_cinny_docker_image_registry_prefix_upstream }}" | ||||
| matrix_client_cinny_docker_image_registry_prefix_upstream: "{{ matrix_client_cinny_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme | ||||
| matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/element-hq/element-web | ||||
| matrix_client_element_version: v1.11.109 | ||||
| matrix_client_element_version: v1.12.1 | ||||
|  | ||||
| matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}" | ||||
| matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}" | ||||
| @@ -186,6 +186,7 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" | ||||
| matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] | ||||
| matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" | ||||
| matrix_client_element_permalink_prefix: "https://matrix.to"  # noqa var-naming | ||||
| matrix_client_element_mobile_guide_app_variant: "element" | ||||
| matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" | ||||
| matrix_client_element_show_lab_settings: true  # noqa var-naming | ||||
| # Element public room directory server(s) | ||||
|   | ||||
| @@ -11,6 +11,7 @@ | ||||
| 	"setting_defaults": { | ||||
| 		"custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }} | ||||
| 	}, | ||||
| 	"mobile_guide_app_variant": {{ matrix_client_element_mobile_guide_app_variant | string | to_json }}, | ||||
| 	"default_theme": {{ matrix_client_element_default_theme | string | to_json }}, | ||||
| 	"default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, | ||||
| 	"permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }}, | ||||
|   | ||||
| @@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et | ||||
| matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web | ||||
| matrix_client_fluffychat_version: v2.0.0 | ||||
| matrix_client_fluffychat_version: v2.1.1 | ||||
| matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}" | ||||
| matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}" | ||||
| matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -19,7 +19,7 @@ matrix_client_schildichat_container_image_self_build_version: "{{ 'lite' if matr | ||||
| matrix_client_schildichat_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/etkecc/schildichat-web | ||||
| matrix_client_schildichat_version: 1.11.103-sc.0.test.0 | ||||
| matrix_client_schildichat_version: 1.11.109-sc.0.test.0 | ||||
| matrix_client_schildichat_docker_image: "{{ matrix_client_schildichat_docker_image_registry_prefix }}etkecc/schildichat-web:{{ matrix_client_schildichat_version }}" | ||||
| matrix_client_schildichat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_schildichat_container_image_self_build else matrix_client_schildichat_docker_image_registry_prefix_upstream }}" | ||||
| matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}" | ||||
|   | ||||
| @@ -19,7 +19,7 @@ matrix_conduit_docker_image_registry_prefix: "{{ matrix_conduit_docker_image_reg | ||||
| matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_conduit_docker_image_registry_prefix_upstream_default }}" | ||||
| matrix_conduit_docker_image_registry_prefix_upstream_default: docker.io/ | ||||
| # renovate: datasource=docker depName=matrixconduit/matrix-conduit | ||||
| matrix_conduit_docker_image_tag: "v0.10.8" | ||||
| matrix_conduit_docker_image_tag: "v0.10.9" | ||||
| matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" | ||||
|   | ||||
| @@ -16,7 +16,7 @@ | ||||
| matrix_corporal_enabled: true | ||||
|  | ||||
| # renovate: datasource=docker depName=ghcr.io/devture/matrix-corporal | ||||
| matrix_corporal_version: 3.1.4 | ||||
| matrix_corporal_version: 3.1.7 | ||||
|  | ||||
| matrix_corporal_container_image_self_build: false | ||||
| matrix_corporal_container_image_self_build_repo: "https://github.com/devture/matrix-corporal.git" | ||||
|   | ||||
| @@ -29,7 +29,7 @@ matrix_dendrite_docker_image_registry_prefix: "{{ 'localhost/' if matrix_dendrit | ||||
| matrix_dendrite_docker_image_registry_prefix_upstream: "{{ matrix_dendrite_docker_image_registry_prefix_upstream_default }}" | ||||
| matrix_dendrite_docker_image_registry_prefix_upstream_default: docker.io/ | ||||
| # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith | ||||
| matrix_dendrite_docker_image_tag: "v0.15.1" | ||||
| matrix_dendrite_docker_image_tag: "v0.15.2" | ||||
| matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" | ||||
|   | ||||
| @@ -22,6 +22,18 @@ web-skip='{{ matrix_dynamic_dns_web_skip }}' | ||||
| {% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %} | ||||
| protocol={{ dynamic_dns_domain_configuration.protocol }} | ||||
|  | ||||
| {% if 'apikey' in dynamic_dns_domain_configuration %} | ||||
| apikey={{ dynamic_dns_domain_configuration.apikey }} | ||||
| {% endif %} | ||||
|  | ||||
| {% if 'secretapikey' in dynamic_dns_domain_configuration %} | ||||
| secretapikey={{ dynamic_dns_domain_configuration.secretapikey }} | ||||
| {% endif %} | ||||
|  | ||||
| {% if 'rootdomain' in dynamic_dns_domain_configuration %} | ||||
| root-domain={{ dynamic_dns_domain_configuration.rootdomain }} | ||||
| {% endif %} | ||||
|  | ||||
| {% if 'provider' in dynamic_dns_domain_configuration %} | ||||
| server={{ dynamic_dns_domain_configuration.provider }} | ||||
| {% endif %} | ||||
|   | ||||
							
								
								
									
										97
									
								
								roles/custom/matrix-element-admin/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								roles/custom/matrix-element-admin/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | ||||
| # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
| # SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| # Element Admin is a web-based administration panel for Synapse and Matrix Authentication Service | ||||
| # Project source code URL: https://github.com/element-hq/element-admin | ||||
|  | ||||
| matrix_element_admin_enabled: true | ||||
|  | ||||
| # renovate: datasource=docker depName=oci.element.io/element-admin | ||||
| matrix_element_admin_version: 0.1.5 | ||||
|  | ||||
| matrix_element_admin_scheme: https | ||||
|  | ||||
| # The hostname at which Element Admin is served. | ||||
| matrix_element_admin_hostname: "admin.{{ matrix_server_fqn_element }}" | ||||
|  | ||||
| # The path at which Element Admin is served. | ||||
| # This value must either be `/` or not end with a slash (e.g. `/element-admin`). | ||||
| matrix_element_admin_path_prefix: / | ||||
|  | ||||
| matrix_element_admin_base_path: "{{ matrix_base_data_path }}/element-admin" | ||||
|  | ||||
| matrix_element_admin_container_image_self_build: false | ||||
| matrix_element_admin_container_image_self_build_repo: https://github.com/element-hq/element-admin | ||||
| matrix_element_admin_container_image_self_build_repo_version: "{{ 'main' if matrix_element_admin_version == 'main' else matrix_element_admin_version }}" | ||||
| matrix_element_admin_container_src_path: "{{ matrix_element_admin_base_path }}/container-src" | ||||
|  | ||||
| matrix_element_admin_container_image: "{{ matrix_element_admin_container_image_registry_prefix }}element-admin:{{ matrix_element_admin_container_image_tag }}" | ||||
| matrix_element_admin_container_image_tag: "{{ matrix_element_admin_version }}" | ||||
| matrix_element_admin_container_image_force_pull: "{{ matrix_element_admin_container_image.endswith(':main') }}" | ||||
| matrix_element_admin_container_image_registry_prefix: "{{ matrix_element_admin_container_image_registry_prefix_upstream }}" | ||||
| matrix_element_admin_container_image_registry_prefix_upstream: "{{ matrix_element_admin_container_image_registry_prefix_upstream_default }}" | ||||
| matrix_element_admin_container_image_registry_prefix_upstream_default: "oci.element.io/" | ||||
|  | ||||
| # The base container network. It will be auto-created by this role if it doesn't exist already. | ||||
| matrix_element_admin_container_network: '' | ||||
|  | ||||
| # A list of additional container networks that the container would be connected to. | ||||
| # The role does not create these networks, so make sure they already exist. | ||||
| matrix_element_admin_container_additional_networks: "{{ matrix_element_admin_container_additional_networks_default + matrix_element_admin_container_additional_networks_auto + matrix_element_admin_container_additional_networks_custom }}" | ||||
| matrix_element_admin_container_additional_networks_default: [] | ||||
| matrix_element_admin_container_additional_networks_auto: [] | ||||
| matrix_element_admin_container_additional_networks_custom: [] | ||||
|  | ||||
| # matrix_element_admin_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. | ||||
| # See `../templates/labels.j2` for details. | ||||
| # | ||||
| # To inject your own other container labels, see `matrix_element_admin_container_labels_additional_labels`. | ||||
| matrix_element_admin_container_labels_traefik_enabled: true | ||||
| matrix_element_admin_container_labels_traefik_docker_network: "{{ matrix_element_admin_container_network }}" | ||||
| matrix_element_admin_container_labels_traefik_hostname: "{{ matrix_element_admin_hostname }}" | ||||
| # The path prefix must either be `/` or not end with a slash (e.g. `/element-admin`). | ||||
| matrix_element_admin_container_labels_traefik_path_prefix: "{{ matrix_element_admin_path_prefix }}" | ||||
| matrix_element_admin_container_labels_traefik_rule: "Host(`{{ matrix_element_admin_container_labels_traefik_hostname }}`){% if matrix_element_admin_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_element_admin_container_labels_traefik_path_prefix }}`){% endif %}" | ||||
| matrix_element_admin_container_labels_traefik_priority: 0 | ||||
| matrix_element_admin_container_labels_traefik_entrypoints: web-secure | ||||
| matrix_element_admin_container_labels_traefik_tls: "{{ matrix_element_admin_container_labels_traefik_entrypoints != 'web' }}" | ||||
| matrix_element_admin_container_labels_traefik_tls_certResolver: default  # noqa var-naming | ||||
|  | ||||
| # matrix_element_admin_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | ||||
| # See `../templates/labels.j2` for details. | ||||
| # | ||||
| # Example: | ||||
| # matrix_element_admin_container_labels_additional_labels: | | ||||
| #   my.label=1 | ||||
| #   another.label="here" | ||||
| matrix_element_admin_container_labels_additional_labels: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_element_admin_container_extra_arguments: [] | ||||
|  | ||||
| # A list of extra arguments to pass to the container process. | ||||
| matrix_element_admin_container_process_extra_arguments: [] | ||||
|  | ||||
| # List of systemd services that the Element Admin service depends on | ||||
| matrix_element_admin_systemd_required_services_list: "{{ matrix_element_admin_systemd_required_services_list_default + matrix_element_admin_systemd_required_services_list_auto + matrix_element_admin_systemd_required_services_list_custom }}" | ||||
| matrix_element_admin_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | ||||
| matrix_element_admin_systemd_required_services_list_auto: [] | ||||
| matrix_element_admin_systemd_required_services_list_custom: [] | ||||
|  | ||||
| # List of systemd services that the Element Admin service wants | ||||
| matrix_element_admin_systemd_wanted_services_list: [] | ||||
|  | ||||
| # Controls the `SERVER_NAME` environment variable, which should point to a Matrix homeserver domain name. | ||||
| matrix_element_admin_environment_variable_server_name: "{{ matrix_domain }}" | ||||
|  | ||||
| # Additional environment variables. | ||||
| # | ||||
| # Example: | ||||
| # matrix_element_admin_environment_variables_additional_variables: | | ||||
| #   SOMETHING=1 | ||||
| #   ANOTHER="here" | ||||
| matrix_element_admin_environment_variables_additional_variables: '' | ||||
							
								
								
									
										77
									
								
								roles/custom/matrix-element-admin/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								roles/custom/matrix-element-admin/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,77 @@ | ||||
| # SPDX-FileCopyrightText: 2024 David Mehren | ||||
| # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - name: Ensure Element Admin paths exist | ||||
|   ansible.builtin.file: | ||||
|     path: "{{ item.path }}" | ||||
|     state: directory | ||||
|     mode: 0750 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|   with_items: | ||||
|     - path: "{{ matrix_element_admin_base_path }}" | ||||
|       when: true | ||||
|     - path: "{{ matrix_element_admin_container_src_path }}" | ||||
|       when: "{{ matrix_element_admin_container_image_self_build }}" | ||||
|   when: item.when | bool | ||||
|  | ||||
| - name: Ensure Element Admin support files installed | ||||
|   ansible.builtin.template: | ||||
|     src: "{{ role_path }}/templates/{{ item }}.j2" | ||||
|     dest: "{{ matrix_element_admin_base_path }}/{{ item }}" | ||||
|     mode: 0640 | ||||
|     owner: "{{ matrix_user_name }}" | ||||
|     group: "{{ matrix_group_name }}" | ||||
|   with_items: | ||||
|     - labels | ||||
|     - env | ||||
|  | ||||
| - name: Ensure Element Admin container image is pulled | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ matrix_element_admin_container_image }}" | ||||
|     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||
|     force_source: "{{ matrix_element_admin_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_element_admin_container_image_force_pull }}" | ||||
|   when: "not matrix_element_admin_container_image_self_build | bool" | ||||
|   register: result | ||||
|   retries: "{{ devture_playbook_help_container_retries_count }}" | ||||
|   delay: "{{ devture_playbook_help_container_retries_delay }}" | ||||
|   until: result is not failed | ||||
|  | ||||
| - when: matrix_element_admin_container_image_self_build | bool | ||||
|   block: | ||||
|     - name: Ensure Element Admin repository is present on self-build | ||||
|       ansible.builtin.git: | ||||
|         repo: "{{ matrix_element_admin_container_image_self_build_repo }}" | ||||
|         version: "{{ matrix_element_admin_container_image_self_build_repo_version }}" | ||||
|         dest: "{{ matrix_element_admin_container_src_path }}" | ||||
|         force: "yes" | ||||
|       become: true | ||||
|       become_user: "{{ matrix_user_name }}" | ||||
|       register: matrix_element_admin_git_pull_results | ||||
|  | ||||
|     - name: Ensure Element Admin container image is built | ||||
|       ansible.builtin.command: | ||||
|         cmd: |- | ||||
|           {{ devture_systemd_docker_base_host_command_docker }} buildx build | ||||
|           --tag={{ matrix_element_admin_container_image }} | ||||
|           --file={{ matrix_element_admin_container_src_path }}/Dockerfile | ||||
|           {{ matrix_element_admin_container_src_path }} | ||||
|       changed_when: true | ||||
|  | ||||
| - name: Ensure Element Admin container network is created | ||||
|   community.general.docker_network: | ||||
|     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | ||||
|     name: "{{ matrix_element_admin_container_network }}" | ||||
|     driver: bridge | ||||
|     driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | ||||
|  | ||||
| - name: Ensure Element Admin systemd service installed | ||||
|   ansible.builtin.template: | ||||
|     src: "{{ role_path }}/templates/systemd/matrix-element-admin.service.j2" | ||||
|     dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-admin.service" | ||||
|     mode: 0644 | ||||
							
								
								
									
										24
									
								
								roles/custom/matrix-element-admin/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								roles/custom/matrix-element-admin/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| # SPDX-FileCopyrightText: 2024 Slavi Pantaleev | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - tags: | ||||
|     - setup-all | ||||
|     - setup-element-admin | ||||
|     - install-all | ||||
|     - install-element-admin | ||||
|   block: | ||||
|     - when: matrix_element_admin_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||
|  | ||||
|     - when: matrix_element_admin_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" | ||||
|  | ||||
| - tags: | ||||
|     - setup-all | ||||
|     - setup-element-admin | ||||
|   block: | ||||
|     - when: not matrix_element_admin_enabled | bool | ||||
|       ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" | ||||
							
								
								
									
										29
									
								
								roles/custom/matrix-element-admin/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								roles/custom/matrix-element-admin/tasks/uninstall.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - name: Check existence of Element Admin service | ||||
|   ansible.builtin.stat: | ||||
|     path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-admin.service" | ||||
|   register: matrix_element_admin_service_stat | ||||
|  | ||||
| - when: matrix_element_admin_service_stat.stat.exists | bool | ||||
|   block: | ||||
|     - name: Ensure Element Admin is stopped | ||||
|       ansible.builtin.service: | ||||
|         name: matrix-element-admin | ||||
|         state: stopped | ||||
|         enabled: false | ||||
|         daemon_reload: true | ||||
|  | ||||
|     - name: Ensure Element Admin systemd service doesn't exist | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-admin.service" | ||||
|         state: absent | ||||
|  | ||||
|     - name: Ensure Element Admin paths don't exist | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ matrix_element_admin_base_path }}" | ||||
|         state: absent | ||||
							
								
								
									
										26
									
								
								roles/custom/matrix-element-admin/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								roles/custom/matrix-element-admin/tasks/validate_config.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| # SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
| # | ||||
| # SPDX-License-Identifier: AGPL-3.0-or-later | ||||
|  | ||||
| --- | ||||
|  | ||||
| - name: Fail if required Element Admin settings not defined | ||||
|   ansible.builtin.fail: | ||||
|     msg: > | ||||
|       You need to define a required configuration setting (`{{ item.name }}`). | ||||
|   when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" | ||||
|   with_items: | ||||
|     - {'name': 'matrix_element_admin_hostname', when: true} | ||||
|     - {'name': 'matrix_element_admin_path_prefix', when: true} | ||||
|     - {'name': 'matrix_element_admin_container_network', when: true} | ||||
|     - {'name': 'matrix_element_admin_environment_variable_server_name', when: true} | ||||
|  | ||||
| # Element Admin appears to hardcode all paths to `/` (e.g. `/config.json`, `/assets/...`). | ||||
| # While we can properly serve the homepage and handle stripping the path prefix on our side, | ||||
| # the hardcoded URLs in the Element Admin are pointing people to the wrong place, which is a problem. | ||||
| - name: Fail if Element Admin path prefix is different than / | ||||
|   ansible.builtin.fail: | ||||
|     msg: >- | ||||
|       Element Admin with a path prefix other than '/' is not supported yet. | ||||
|       You have configured matrix_element_admin_path_prefix to '{{ matrix_element_admin_path_prefix }}'. | ||||
|   when: "matrix_element_admin_path_prefix != '/'" | ||||
							
								
								
									
										9
									
								
								roles/custom/matrix-element-admin/templates/env.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								roles/custom/matrix-element-admin/templates/env.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| {# | ||||
| SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| #} | ||||
|  | ||||
| SERVER_NAME={{ matrix_element_admin_environment_variable_server_name }} | ||||
|  | ||||
| {{ matrix_element_admin_environment_variables_additional_variables }} | ||||
							
								
								
									
										45
									
								
								roles/custom/matrix-element-admin/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								roles/custom/matrix-element-admin/templates/labels.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| {# | ||||
| SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev | ||||
|  | ||||
| SPDX-License-Identifier: AGPL-3.0-or-later | ||||
| #} | ||||
|  | ||||
| {% if matrix_element_admin_container_labels_traefik_enabled %} | ||||
| traefik.enable=true | ||||
|  | ||||
| {% if matrix_element_admin_container_labels_traefik_docker_network %} | ||||
| traefik.docker.network={{ matrix_element_admin_container_labels_traefik_docker_network }} | ||||
| {% endif %} | ||||
|  | ||||
| traefik.http.services.matrix-element-admin.loadbalancer.server.port=8080 | ||||
|  | ||||
| {% set middlewares = [] %} | ||||
|  | ||||
| {% if matrix_element_admin_container_labels_traefik_path_prefix != '/' %} | ||||
| traefik.http.middlewares.matrix-element-admin-slashless-redirect.redirectregex.regex=({{ matrix_element_admin_container_labels_traefik_path_prefix | quote }})$ | ||||
| traefik.http.middlewares.matrix-element-admin-slashless-redirect.redirectregex.replacement=${1}/ | ||||
| {% set middlewares = middlewares + ['matrix-element-admin-slashless-redirect'] %} | ||||
| {% endif %} | ||||
|  | ||||
| {% if matrix_element_admin_container_labels_traefik_path_prefix != '/' %} | ||||
| traefik.http.middlewares.matrix-element-admin-strip-prefix.stripprefix.prefixes={{ matrix_element_admin_container_labels_traefik_path_prefix }} | ||||
| {% set middlewares = middlewares + ['matrix-element-admin-strip-prefix'] %} | ||||
| {% endif %} | ||||
|  | ||||
| traefik.http.routers.matrix-element-admin.rule={{ matrix_element_admin_container_labels_traefik_rule }} | ||||
| {% if matrix_element_admin_container_labels_traefik_priority | int > 0 %} | ||||
| traefik.http.routers.matrix-element-admin.priority={{ matrix_element_admin_container_labels_traefik_priority }} | ||||
| {% endif %} | ||||
| traefik.http.routers.matrix-element-admin.service=matrix-element-admin | ||||
| {% if middlewares | length > 0 %} | ||||
| traefik.http.routers.matrix-element-admin.middlewares={{ middlewares | join(',') }} | ||||
| {% endif %} | ||||
| traefik.http.routers.matrix-element-admin.entrypoints={{ matrix_element_admin_container_labels_traefik_entrypoints }} | ||||
| traefik.http.routers.matrix-element-admin.tls={{ matrix_element_admin_container_labels_traefik_tls | to_json }} | ||||
| {% if matrix_element_admin_container_labels_traefik_tls %} | ||||
| traefik.http.routers.matrix-element-admin.tls.certResolver={{ matrix_element_admin_container_labels_traefik_tls_certResolver }} | ||||
| {% endif %} | ||||
|  | ||||
| {% endif %} | ||||
|  | ||||
| {{ matrix_element_admin_container_labels_additional_labels }} | ||||
| @@ -0,0 +1,52 @@ | ||||
| #jinja2: lstrip_blocks: True | ||||
| [Unit] | ||||
| Description=Element Admin | ||||
| {% for service in matrix_element_admin_systemd_required_services_list %} | ||||
| Requires={{ service }} | ||||
| After={{ service }} | ||||
| {% endfor %} | ||||
| {% for service in matrix_element_admin_systemd_wanted_services_list %} | ||||
| Wants={{ service }} | ||||
| {% endfor %} | ||||
| DefaultDependencies=no | ||||
|  | ||||
| [Service] | ||||
| Type=simple | ||||
| Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" | ||||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-admin 2>/dev/null || true' | ||||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-admin 2>/dev/null || true' | ||||
|  | ||||
| {# | ||||
| 	We mount a tmpfs at /tmp, because `/docker-entrypoint.d/replace-config.sh` writes temporary files there. | ||||
| #} | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | ||||
| 			--rm \ | ||||
| 			--name=matrix-element-admin \ | ||||
| 			--log-driver=none \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--read-only \ | ||||
| 			--network={{ matrix_element_admin_container_network }} \ | ||||
| 			--env-file={{ matrix_element_admin_base_path }}/env \ | ||||
| 			--label-file={{ matrix_element_admin_base_path }}/labels \ | ||||
| 			--tmpfs=/tmp:rw,noexec,nosuid,size=1024m \ | ||||
| 			{% for arg in matrix_element_admin_container_extra_arguments %} | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| 			{{ matrix_element_admin_container_image }} {{ matrix_element_admin_container_process_extra_arguments | join(' ') }} | ||||
|  | ||||
| {% for network in matrix_element_admin_container_additional_networks %} | ||||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-element-admin | ||||
| {% endfor %} | ||||
|  | ||||
| ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-element-admin | ||||
|  | ||||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-element-admin 2>/dev/null || true' | ||||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-element-admin 2>/dev/null || true' | ||||
|  | ||||
| Restart=always | ||||
| RestartSec=30 | ||||
| SyslogIdentifier=matrix-element-admin | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user