cqrenet/matrix-docker-ansible-deploy
3
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-25 18:07:33 +00:00
Code Issues Wiki Activity
Files
2949e0931f39fc1e0eb398b76668925845470966
matrix-docker-ansible-deploy/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml
Slavi Pantaleev 5b7a1c2a6c Upgrade mautrix-telegram (v0.15.3 -> v0.2604.0) (bridgev2) and adapt configuration 
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges.

Related to:
- https://github.com/mautrix/telegram/releases/tag/v0.2604.0
- https://mau.fi/blog/2026-04-mautrix-release/

The bridge is now a Go binary with upstream-handled automatic database and
config migration on first start, so in-place upgrades on Postgres should
Just Work for users on the defaults. The lottieconverter sidecar container
is gone (bundled upstream), and the public web-based login endpoint is
gone (login happens inside Matrix now).

Upstream v0.2604.0 has a known bug in the legacy SQLite migration that
can corrupt data. The role detects legacy Python-bridge SQLite databases
(via the `telethon_sessions` table signature) and refuses to upgrade,
pointing users to switch to Postgres (playbook-managed pgloader migration)
or wait for the next upstream release. The guard is isolated in its own
`validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted
cleanly once upstream fixes the bug.

Removed variables (all caught by the deprecation check in
`validate_config.yml` with actionable rename/removal hints): the entire
`_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` /
`_appservice_public_*` / `_container_labels_public_endpoint_*` /
`_container_http_host_bind_port` family (web login endpoint is gone);
`_bot_token` (old-style relaybot is gone, use the common bridgev2 relay
mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*`
(use Appservice Double Puppet); `_username_template`, `_alias_template`,
`_displayname_template` (templates moved under `network:`, new Go-template
syntax, exposed via `_network_displayname_template`); all
`_lottieconverter_*` variables; `_appservice_database` (renamed to
`_appservice_database_uri`).

Added playbook-time validation that catches legacy permission values
(`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides
via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too),
with a mapping hint in the error message.

Other notes:

- The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db`
  to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader
  migration step, so users who flip to Postgres as part of this upgrade
  get their data imported correctly.
- The Ketesa managed-user regex for the telegram namespace is updated to
  match both regular IDs and the new `channel-<id>` form used by bridgev2.
- `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0,
  with a new breaking-change entry pointing at the CHANGELOG section.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 08:45:04 +03:00

142 lines
14 KiB
YAML
Raw Blame History

# SPDX-FileCopyrightText: 2019 - 2026 Slavi Pantaleev
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: (Deprecation) Catch and report renamed mautrix-telegram variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
- {'old': 'matrix_mautrix_telegram_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_telegram_docker_image_name_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
- {'old': 'matrix_mautrix_telegram_docker_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
- {'old': 'matrix_mautrix_telegram_docker_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
- {'old': 'matrix_mautrix_telegram_docker_src_files_path', 'new': 'matrix_mautrix_telegram_container_src_files_path'}
- {'old': 'matrix_mautrix_telegram_docker_image', 'new': 'matrix_mautrix_telegram_container_image'}
- {'old': 'matrix_mautrix_telegram_docker_image_force_pull', 'new': 'matrix_mautrix_telegram_container_image_force_pull'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream_default', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_mautrix_telegram_container_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
- {'old': 'matrix_mautrix_telegram_container_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
# Variables removed in the bridgev2 (Go) rewrite — mautrix-telegram no longer has a Python runtime,
# a separate lottieconverter container or a web-based login endpoint.
- {'old': 'matrix_mautrix_telegram_scheme', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_public_endpoint', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_appservice_public_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_appservice_public_external', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_http_host_bind_port', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_filter_mode', 'new': '<removed (not available in the bridgev2 rewrite of mautrix-telegram)>'}
- {'old': 'matrix_mautrix_telegram_bot_token', 'new': '<removed; the old-style relaybot is gone — use the common bridge relay mode (matrix_mautrix_telegram_bridge_relay_enabled) instead>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_auto', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_auto>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_telegram_username_template', 'new': '<removed (no longer configurable via a single variable; use matrix_mautrix_telegram_configuration_extension_yaml if needed)>'}
- {'old': 'matrix_mautrix_telegram_alias_template', 'new': '<removed (room aliases are no longer created by the bridgev2 rewrite of mautrix-telegram)>'}
- {'old': 'matrix_mautrix_telegram_displayname_template', 'new': '<superseded by matrix_mautrix_telegram_network_displayname_template (note: the syntax has changed to Go templates)>'}
- {'old': 'matrix_mautrix_telegram_appservice_database', 'new': '<superseded by matrix_mautrix_telegram_appservice_database_uri>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
# Historical lottieconverter aliases from before the _docker_ → _container_ rename:
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_name_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
# Even older aliases (no `_mautrix` infix):
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- name: Fail if required mautrix-telegram settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
with_items:
- {'name': 'matrix_mautrix_telegram_api_id', when: true}
- {'name': 'matrix_mautrix_telegram_api_hash', when: true}
- {'name': 'matrix_mautrix_telegram_appservice_token', when: true}
- {'name': 'matrix_mautrix_telegram_homeserver_address', when: true}
- {'name': 'matrix_mautrix_telegram_homeserver_token', when: true}
- {'name': 'matrix_mautrix_telegram_container_network', when: true}
- {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"}
- {'name': 'matrix_mautrix_telegram_metrics_proxying_hostname', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
- {'name': 'matrix_mautrix_telegram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
# Temporary workaround for an upstream SQLite legacy-migration bug in mautrix-telegram v0.2604.0.
# See the separate task file for details; the whole file (and this include) can be deleted once
# upstream ships a release that fixes the bug.
- name: Guard against the upstream mautrix-telegram v0.2604.0 SQLite legacy-migration bug
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config_sqlite_legacy_migration_bug.yml"
when:
- "matrix_mautrix_telegram_database_engine == 'sqlite'"
- "not (matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed | default(false) | bool)"
# Bridgev2 permission values are: block, relay, commands, user, admin.
# The old Python bridge had different levels (relaybot, user, puppeting, full, admin).
# `user` and `admin` still exist in both but with different semantics (the new `user` is
# equivalent to the old `full`/`puppeting`). `relaybot`, `puppeting` and `full` don't exist
# in bridgev2 and will cause the bridge to reject its config at startup.
#
# We check the fully-merged configuration (not just `matrix_mautrix_telegram_bridge_permissions`)
# because users commonly override permissions via `matrix_mautrix_telegram_configuration_extension_yaml`,
# and those overrides would otherwise slip through validation.
- name: Fail if bridge permissions still reference legacy Python-bridge permission levels
ansible.builtin.fail:
msg: |-
Your final mautrix-telegram configuration contains a `bridge.permissions` entry with
value `{{ item.value }}` (for `{{ item.key }}`). This was a permission level in the legacy
(Python) mautrix-telegram bridge but is not valid in the bridgev2 rewrite shipped in v0.2604.0
— the bridge would reject this at startup.
Valid values are: `relay`, `commands`, `user`, `admin` (plus `block`).
Rough mapping from the old levels:
relaybot -> relay
user -> user (semantics changed: this now grants full puppeting, like the old `full`)
puppeting -> user
full -> user
admin -> admin
See https://docs.mau.fi/bridges/general/permissions.html and the bridge's example config
for details. Update either `matrix_mautrix_telegram_bridge_permissions` or the `bridge.permissions`
section inside `matrix_mautrix_telegram_configuration_extension_yaml` — whichever you use.
when: "item.value in ['relaybot', 'puppeting', 'full']"
loop: "{{ (matrix_mautrix_telegram_configuration.bridge.permissions | default({})) | dict2items }}"
loop_control:
label: "{{ item.key }}"
Reference in New Issue View Git Blame Copy Permalink