mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2026-04-25 18:07:33 +00:00
5b7a1c2a6c
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges. Related to: - https://github.com/mautrix/telegram/releases/tag/v0.2604.0 - https://mau.fi/blog/2026-04-mautrix-release/ The bridge is now a Go binary with upstream-handled automatic database and config migration on first start, so in-place upgrades on Postgres should Just Work for users on the defaults. The lottieconverter sidecar container is gone (bundled upstream), and the public web-based login endpoint is gone (login happens inside Matrix now). Upstream v0.2604.0 has a known bug in the legacy SQLite migration that can corrupt data. The role detects legacy Python-bridge SQLite databases (via the `telethon_sessions` table signature) and refuses to upgrade, pointing users to switch to Postgres (playbook-managed pgloader migration) or wait for the next upstream release. The guard is isolated in its own `validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted cleanly once upstream fixes the bug. Removed variables (all caught by the deprecation check in `validate_config.yml` with actionable rename/removal hints): the entire `_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` / `_appservice_public_*` / `_container_labels_public_endpoint_*` / `_container_http_host_bind_port` family (web login endpoint is gone); `_bot_token` (old-style relaybot is gone, use the common bridgev2 relay mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*` (use Appservice Double Puppet); `_username_template`, `_alias_template`, `_displayname_template` (templates moved under `network:`, new Go-template syntax, exposed via `_network_displayname_template`); all `_lottieconverter_*` variables; `_appservice_database` (renamed to `_appservice_database_uri`). Added playbook-time validation that catches legacy permission values (`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too), with a mapping hint in the error message. Other notes: - The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db` to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader migration step, so users who flip to Postgres as part of this upgrade get their data imported correctly. - The Ketesa managed-user regex for the telegram namespace is updated to match both regular IDs and the new `channel-<id>` form used by bridgev2. - `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0, with a new breaking-change entry pointing at the CHANGELOG section. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
120 lines
7.4 KiB
YAML
120 lines
7.4 KiB
YAML
# SPDX-FileCopyrightText: 2023 - 2026 Slavi Pantaleev
|
|
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
---
|
|
|
|
# The version that the user has validated their setup against.
|
|
# When empty, the user will be prompted to set this variable.
|
|
# New users should set this to the current expected version (see below).
|
|
# See `examples/vars.yml` and `matrix_playbook_migration_expected_version` for the recommended value.
|
|
matrix_playbook_migration_validated_version: ''
|
|
|
|
# The version that the playbook expects the user to have validated against.
|
|
# This is bumped whenever a breaking change is introduced.
|
|
# The value configured here needs to exist in `matrix_playbook_migration_breaking_changes` as well.
|
|
matrix_playbook_migration_expected_version: "v2026.04.24.0"
|
|
|
|
# A list of breaking changes, used to inform users what changed between their validated version and the expected version.
|
|
matrix_playbook_migration_breaking_changes:
|
|
- version: "v2026.04.24.0"
|
|
summary: "(BC Break) mautrix-telegram has been rewritten in Go (bridgev2) — the web-based login endpoint, old-style relaybot and several variables have been removed"
|
|
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-24"
|
|
- version: "v2026.04.03.0"
|
|
summary: "(BC Break) Synapse Admin is now Ketesa — role renamed and all variables changed from matrix_synapse_admin_* to matrix_ketesa_*"
|
|
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-03"
|
|
- version: "v2026.04.02.0"
|
|
summary: "(BC Break) Draupnir-for-all self-service provisioning is now disabled by default"
|
|
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-02"
|
|
- version: "v2026.03.23.0"
|
|
summary: "Initial migration validation system"
|
|
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-03-22"
|
|
|
|
# Controls if (`matrix_prometheus_nginxlog_exporter` -> `prometheus_nginxlog_exporter`) validation will run.
|
|
matrix_playbook_migration_matrix_prometheus_nginxlog_exporter_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_prometheus_node_exporter` -> `prometheus_node_exporter`) validation will run.
|
|
matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_prometheus_postgres_exporter` -> `prometheus_postgres_exporter`) validation will run.
|
|
matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_backup_borg` -> `backup_borg`) validation will run.
|
|
matrix_playbook_migration_matrix_backup_borg_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_grafana` -> `grafana`) validation will run.
|
|
matrix_playbook_migration_matrix_grafana_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_ntfy` -> `ntfy`) validation will run.
|
|
matrix_playbook_migration_matrix_ntfy_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_redis` -> `redis`) validation will run.
|
|
matrix_playbook_migration_matrix_redis_migration_validation_enabled: true
|
|
|
|
# Controls if (`redis` -> `valkey`) validation will run.
|
|
matrix_playbook_migration_redis_valkey_migration_validation_enabled: true
|
|
|
|
# Controls if (`keydb` -> `valkey`) validation will run.
|
|
matrix_playbook_migration_keydb_valkey_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_etherpad` -> `etherpad`) validation will run.
|
|
matrix_playbook_migration_matrix_etherpad_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_aux` -> `aux`) validation will run.
|
|
matrix_playbook_migration_matrix_aux_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_jitsi` -> `jitsi`) validation will run.
|
|
matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true
|
|
|
|
# Controls if (`matrix_bot_postmoogle_` -> `matrix_postmoogle_`) validation will run.
|
|
matrix_playbook_migration_matrix_postmoogle_migration_validation_enabled: true
|
|
|
|
# Controls if the old apt repository (likely without a `signed-by` option) on Debian-based systems will be removed.
|
|
#
|
|
# Older versions of the Docker role (5.x, 6.x) used to install a repository at a path like: `/etc/apt/sources.list.d/download_docker_com_linux_*`
|
|
# For 6.x, the repository included a `signed-by` option, but for earlier versions it did not.
|
|
#
|
|
# New versions of the Docker role (7.0+) install a new apt repository with `signed-by` option to a different path (`/etc/apt/sources.list.d/docker.list`),
|
|
# but if a non-signed-by repository exists at the old path, a conflict will arise.
|
|
#
|
|
# Our workaround is to just delete the old repository file. Later, when the Docker role runs, it will install a new one at the new path.
|
|
#
|
|
# See:
|
|
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2999
|
|
# - https://github.com/geerlingguy/ansible-role-docker/pull/410
|
|
matrix_playbook_migration_debian_signedby_migration_enabled: true
|
|
matrix_playbook_migration_debian_signedby_migration_repository_path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ ansible_facts['distribution'] | lower }}.list"
|
|
|
|
# Controls if the old apt repository for Docker (`signed-by=/etc/apt/trusted.gpg.d/docker.asc`) will be removed,
|
|
# so that the Docker role (7.2.0+) can install a new non-conflicting one (`signed-by=/etc/apt/keyrings/docker.asc`).
|
|
#
|
|
# Without this migration, the role would choke at the "galaxy/docker : Add Docker repository." task when trying to add the repository again:
|
|
# > An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/trusted.gpg.d/docker.asc != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.
|
|
#
|
|
# Related to: https://github.com/geerlingguy/ansible-role-docker/pull/436
|
|
matrix_playbook_migration_docker_trusted_gpg_d_migration_enabled: true
|
|
matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path: "/etc/apt/sources.list.d/docker.list"
|
|
|
|
matrix_playbook_migration_matrix_synapse_admin_ketesa_variable_transition_checks_enabled: true
|
|
|
|
# Controls if variable transition checks (related to the matrix-nginx-proxy elimination) will run.
|
|
# If you'd like to keep some `matrix_nginx_proxy` and other variables around and not be warned about them, disable this.
|
|
# Note: this is not just about `matrix_nginx_proxy_*` variables, but about various other variables that were removed
|
|
# during the matrix-nginx-proxy elimination.
|
|
matrix_playbook_migration_matrix_nginx_proxy_elimination_variable_transition_checks_enabled: true
|
|
|
|
# Controls if (`matrix_nginx_proxy`) leftover variable checks will run.
|
|
# If you'd like to keep some `matrix_nginx_proxy` variables around and not be warned about them, disable this.
|
|
matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled: true
|
|
|
|
# Controls if (`matrix_ssl_`) leftover variable checks will run.
|
|
matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: true
|
|
|
|
# Controls whether this role will delete old files left over from `matrix-nginx-proxy`.
|
|
# Regardless of this value, if discovered, a `matrix-nginx-proxy.service` systemd service will be stopped and removed.
|
|
matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: true
|
|
|
|
# Controls whether this role will try to detect and clean up the /matrix/ssl files.
|
|
matrix_playbook_migration_matrix_ssl_uninstallation_enabled: true
|