Merge branch 'spantaleev:master' into mautrix-discord-restricted-rooms-config

development
Samuel Meenzen 2 years ago committed by GitHub
commit c330b85de3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,3 +1,38 @@
# 2022-10-14
## synapse-s3-storage-provider support
**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.**
You can now store your Synapse media repository files on Amazon S3 (or another S3-compatible object store) using [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) - a media provider for Synapse (Python module), which should work faster and more reliably than our previous [Goofys](docs/configuring-playbook-s3-goofys.md) implementation (Goofys will continue to work).
This is not just for initial installations. Users with existing files (stored in the local filesystem) can also migrate their files to `synapse-s3-storage-provider`.
To get started, see our [Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) documentation.
## Synapse container image customization support
We now support customizing the Synapse container image by adding additional build steps to its [`Dockerfile`](https://docs.docker.com/engine/reference/builder/).
Our [synapse-s3-storage-provider support](#synapse-s3-storage-provider-support) is actually built on this. When `s3-storage-provider` is enabled, we automatically add additional build steps to install its Python module into the Synapse image.
Besides this kind of auto-added build steps (for components supported by the playbook), we also let you inject your own custom build steps using configuration like this:
```yaml
matrix_synapse_container_image_customizations_enabled: true
matrix_synapse_container_image_customizations_dockerfile_body_custom: |
RUN echo 'This is a custom step for building the customized Docker image for Synapse.'
RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.'
RUN echo 'You do NOT need to include a FROM clause yourself.'
```
People who have needed to customize Synapse previously had to fork the git repository, make their changes to the `Dockerfile` there, point the playbook to the new repository (`matrix_synapse_container_image_self_build_repo`) and enable self-building from scratch (`matrix_synapse_container_image_self_build: true`). This is harder and slower.
With the new Synapse-customization feature in the playbook, we use the original upstream (pre-built, if available) Synapse image and only build on top of it, right on the Matrix server. This is much faster than building all of Synapse from scratch.
# 2022-10-02
## matrix-ldap-registration-proxy support

@ -1,7 +1,7 @@
.PHONY: lint
help: ## Show this help.
@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
@grep -F -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -e 's/\\$$//' | sed -e 's/##//'
lint: ## Runs ansible-lint against all roles in the playbook
ansible-lint

@ -23,7 +23,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
- (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider)
- (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.

@ -26,6 +26,8 @@ Be mindful as to how long it will take for the DNS records to propagate.
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
When you're done configuring DNS, proceed to [Configuring the playbook](configuring-playbook.md).
## DNS settings for optional services/features
| Used by component | Type | Host | Priority | Weight | Port | Target |
@ -45,6 +47,8 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` |
| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` |
When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as `_matrix-identity` and protocol as `_tcp`.
## Subdomains setup
As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).

@ -56,7 +56,7 @@ where:
* USER - SSH user of a provider/server
* HOST - SSH host of a provider/server
* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`
* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`, regarding Syntax see [Remote repositories](https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls)
* PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager
* PRIVATE KEY - the content of the **private** part of the SSH key you created before. The whole key (all of its belonging lines) under `matrix_backup_borg_ssh_key_private` needs to be indented with 2 spaces
@ -73,3 +73,9 @@ After configuring the playbook, run the [installation](installing.md) command ag
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Manually start a backup
For testing your setup it can be helpful to not wait until 4am. If you want to run the backup immediately, log onto the server
and run `systemctl start matrix-backup-borg`. This will not return until the backup is done, so possibly a long time.
Consider using [tmux](https://en.wikipedia.org/wiki/Tmux) if your SSH connection is unstable.

@ -5,20 +5,6 @@ The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/bu
It's a bot you can use to setup **your own helpdesk on matrix**
It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`.
(to use a different username, adjust the `matrix_bot_buscarron_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
@ -27,7 +13,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_buscarron_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_buscarron_login: bot.buscarron
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT
# Adjust accepted forms
@ -36,10 +25,10 @@ matrix_bot_buscarron_forms:
room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted
redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission
ratelimit: 1r/m # (optional) rate limit of the form, format: <max requests>r/<interval:s,m>, eg: 1r/s or 54r/m
hasemail: 1 # (optional) form has "email" field that should be validated
extensions: [] # (optional) list of form extensions (not used yet)
matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically
matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically
matrix_bot_buscarron_spamlist: [] # (optional) list of emails/domains/hosts (with wildcards support) that should be rejected automatically
```
You will also need to add a DNS record so that buscarron can be accessed.
@ -57,9 +46,15 @@ matrix_server_fqn_buscarron: "form.{{ matrix_domain }}"
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_buscarron_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_buscarron_password` to let the bot know its new password
## Usage

@ -7,21 +7,6 @@ It's a bot you can use to setup **your own helpdesk on matrix**
See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.
(to use a different username, adjust the `matrix_bot_honoroit_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_honoroit_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_honoroit_login: honoroit
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT
# Adjust this to your room ID
@ -41,9 +29,15 @@ matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_honoroit_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_honoroit_password` to let the bot know its new password
## Usage

@ -16,7 +16,7 @@ By default, the playbook will set use the bot with a username like this: `@bot.m
(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user

@ -7,21 +7,6 @@ It's a bot you can use to **schedule one-off & recurring reminders and alarms**.
See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`.
(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_matrix_reminder_bot_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: bot.matrix-reminder-bot
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT
# Adjust this to your timezone
@ -41,9 +29,15 @@ matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_matrix_reminder_bot_matrix_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_matrix_reminder_bot_matrix_user_password` to let the bot know its new password
## Usage

@ -9,21 +9,6 @@ It's a bot/bridge you can use to forward emails to Matrix rooms
See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@postmoogle:DOMAIN`.
(to use a different username, adjust the `matrix_bot_postmoogle_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=postmoogle password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -31,7 +16,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_postmoogle_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_postmoogle_login: postmoogle
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
```
@ -43,9 +31,15 @@ See [Configuring DNS](configuring-dns.md).
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_postmoogle_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_postmoogle_password` to let the bot know its new password
## Usage

@ -8,18 +8,37 @@ See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/l
Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.
## Setup Instructions
Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.
1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below.
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
Finally, run the playbook (see [installing](installing.md)).
## Usage
Create a room and invite the Hookshot bot (`@hookshot:DOMAIN`) to it.
Make sure the bot is able to send state events (usually the Moderator power level in clients).
Send a `!hookshot help` message to see a list of help commands.
Refer to [Hookshot's documentation](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) for more details about using the brige's various features.
**Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](#urls-for-bridges-setup) below.
## More setup documentation
### URLs for bridges setup
Unless indicated otherwise, the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled).

@ -12,7 +12,7 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h
## Prerequisites
For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**.
For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone **or** by using **discord account token**.
You can delete the Discord app after the authentication process.
@ -70,7 +70,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee
## Usage
1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send a `login` command
2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command.
3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.
4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..."
5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to

@ -59,3 +59,8 @@ matrix_mautrix_telegram_configuration_extension_yaml: |
More details about permissions in this example:
https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410
If you like to exclude all groups from syncing and use the Telgeram-Bridge only for direct chats, you can add the following additional playbook configuration:
```yaml
matrix_mautrix_telegram_filter_mode: whitelist
```

@ -0,0 +1,58 @@
# Configuring Conduit (optional)
By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs).
**NOTES**:
- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
## Installation
To use Conduit, you **generally** need the following additional `vars.yml` configuration:
```yaml
matrix_homeserver_implementation: conduit
```
However, since Conduit is difficult (see [famedly/conduit#276](https://gitlab.com/famedly/conduit/-/issues/276) and [famedly/conduit#354](https://gitlab.com/famedly/conduit/-/merge_requests/354)) when it comes to creating the first user account and does not support [registering users](registering-users.md) (via the command line or via the playbook) like Synapse and Dendrite do, we recommend the following flow:
1. Add `matrix_conduit_allow_registration: true` to your `vars.yml` the first time around, temporarily
2. Run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - see [Installing](installing.md))
3. Create your first user via Element or any other client which supports creating users
4. Get rid of `matrix_conduit_allow_registration: true` from your `vars.yml`
5. Run the playbook again (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-conduit,start` would be enough this time)
6. You can now use your server safely. Additional users can be created by messaging the internal Conduit bot
## Configuring bridges / appservices
Automatic appservice setup is currently unsupported when using conduit. After setting up the service as usual you may notice that it is unable to start.
You will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command.
Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`, then pass the content to conduit:
@conduit:your.server.name: register-appservice
```
as_token: <token>
de.sorunome.msc2409.push_ephemeral: true
hs_token: <token>
id: signal
namespaces:
aliases:
- exclusive: true
regex: ^#signal_.+:example\.org$
users:
- exclusive: true
regex: ^@signal_.+:example\.org$
- exclusive: true
regex: ^@signalbot:example\.org$
rate_limited: false
sender_localpart: _bot_signalbot
url: http://matrix-mautrix-signal:29328
```

@ -87,7 +87,7 @@ For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/d
By default the Jitsi Meet instance does not work with a client in LAN (Local Area Network), even if others are connected from WAN. There are no video and audio. In the case of WAN to WAN everything is ok.
The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://github.com/jitsi/docker-jitsi-meet#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `DOCKER_HOST_ADDRESS` in enviornment variable to make it work.
The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `JVB_ADVERTISE_IPS` in enviornment variable to make it work.
Here is how to do it in the playbook.
@ -95,7 +95,7 @@ Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configu
```yaml
matrix_jitsi_jvb_container_extra_arguments:
- '--env "DOCKER_HOST_ADDRESS=<Local IP adress of the host>"'
- '--env "JVB_ADVERTISE_IPS=<Local IP address of the host>"'
```
## (Optional) Fine tune Jitsi

@ -27,11 +27,23 @@ No matter which external webserver you decide to go with, you'll need to:
1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it.
2) Edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to disable the integrated nginx server:
2) Edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`)
- to disable the integrated nginx server:
```yaml
matrix_nginx_proxy_enabled: false
```
```yaml
matrix_nginx_proxy_enabled: false
```
- if using an external server on another host, add the `<service>_http_host_bind_port` or `<service>_http_bind_port` variables for the services that will be exposed by the external server on the other host. The actual name of the variable is listed in the `roles/<service>/defaults/vars.yml` file for each service. Most variables follow the `<service>_http_host_bind_port` format.
These variables will make Docker expose the ports on all network interfaces instead of localhost only.
[Keep in mind that there are some security concerns if you simply proxy everything.](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
Here are the variables required for the default configuration (Synapse and Element)
```
matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008'
matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048'
matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765"
```
3) **If you'll manage SSL certificates by yourself**, edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to disable SSL certificate retrieval:
@ -41,7 +53,6 @@ matrix_ssl_retrieval_method: none
**Note**: During [installation](installing.md), unless you've disabled SSL certificate management (`matrix_ssl_retrieval_method: none`), the playbook would need 80 to be available, in order to retrieve SSL certificates. **Please manually stop your other webserver while installing**. You can start it back up afterwards.
### Using your own external nginx webserver
Once you've followed the [Preparation](#preparation) guide above, it's time to set up your external nginx server.
@ -60,15 +71,6 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
```yaml
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose.
matrix_synapse_container_client_api_host_bind_port: ''
matrix_synapse_container_federation_api_plain_host_bind_port: ''
```
### Using your own external Apache webserver
Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration.

@ -0,0 +1,137 @@
# Storing Matrix media files on Amazon S3 with Goofys (optional)
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
Another (and better performing) way to use S3 storage with Synapse is [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md).
Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server.
If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below.
## Usage
After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_s3_media_store_enabled: true
matrix_s3_media_store_bucket_name: "your-bucket-name"
matrix_s3_media_store_aws_access_key: "access-key-goes-here"
matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
matrix_s3_media_store_region: "eu-central-1"
```
You can use any S3-compatible object store by **additionally** configuring these variables:
```yaml
matrix_s3_media_store_custom_endpoint_enabled: true
matrix_s3_media_store_custom_endpoint: "https://your-custom-endpoint"
```
If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is.
## Migrating from local filesystem storage to S3
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one.
Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage:
- [Storing Matrix media files on Amazon S3 with Goofys (optional)](#storing-matrix-media-files-on-amazon-s3-with-goofys-optional)
- [Usage](#usage)
- [Migrating from local filesystem storage to S3](#migrating-from-local-filesystem-storage-to-s3)
- [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow)
- [Migrating to Backblaze B2](#migrating-to-backblaze-b2)
### Migrating to any S3-compatible storage (universal, but likely slow)
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
1. Proceed with the steps below without stopping Matrix services
2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice)
3. In addition to the base configuration you see above, add this to your `vars.yml` file:
```yaml
matrix_s3_media_store_path: /matrix/s3-media-store
```
This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store.
5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time):
```sh
sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/.
```
You may need to install `rsync` manually.
7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys`
9. Sync the files again by re-running the `rsync` command you see in step #6
10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys`
11. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above)
13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
14. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`
### Migrating to Backblaze B2
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
1. While all Matrix services are running, run the following command on the server:
(you need to adjust the 3 `--env` line below with your own data)
```sh
docker run -it --rm -w /work \
--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \
--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \
--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \
--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \
--entrypoint=/bin/sh \
docker.io/tianon/backblaze-b2:3.6.0 \
-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer'
```
This is some initial file sync, which may take a very long time.
2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
3. Run the command from step #1 again.
Doing this will sync any new files that may have been created locally in the meantime.
Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync.
4. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file
6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
7. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`

@ -1,19 +1,48 @@
# Storing Matrix media files on Amazon S3 (optional)
# Storing Synapse media files on Amazon S3 or another compatible Object Storage (optional)
By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
If that's alright, you can skip this.
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
As an alternative to storing media files on the local filesystem, you can store them on [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store.
Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server.
First, [choose an Object Storage provider](#choosing-an-object-storage-provider).
If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below.
Then, [create the S3 bucket](#bucket-creation-and-security-configuration).
Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring-playbook-s3-goofys.md) or [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)).
## Choosing an Object Storage provider
You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc.
Amazon S3 and Backblaze S3 are pay-as-you with no minimum charges for storing too little data.
All these providers have different prices, with Backblaze B2 appearing to be the cheapest.
Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that.
Digital Ocean Spaces has a minimum charge of 250GB ($5/month as of 2022-10), which is also expensive if you're storing less data than that.
Important aspects of choosing the right provider are:
- a provider by a company you like and trust (or dislike less than the others)
- a provider which has a data region close to your Matrix server (if it's farther away, high latency may cause slowdowns)
- a provider which is OK pricewise
- a provider with free or cheap egress (if you need to get the data out often, for some reason) - likely not too important for the common use-case
## Bucket creation and Security Configuration
Now that you've [chosen an Object Storage provider](#choosing-an-object-storage-provider), you need to create a storage bucket.
How you do this varies from provider to provider, with Amazon S3 being the most complicated due to its vast number of services and complicated security policies.
Below, we provider some guides for common providers. If you don't see yours, look at the others for inspiration or read some guides online about how to create a bucket. Feel free to contribute to this documentation with an update!
## Amazon S3
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example IAM security policy:
```json
{
@ -34,154 +63,45 @@ You'll need an Amazon S3 bucket and some IAM user credentials (access key + secr
}
```
You then need to enable S3 support in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
It would be something like this:
**NOTE**: This policy needs to be attached to an IAM user created from the **Security Credentials** menu. This is not a **Bucket Policy**.
```yaml
matrix_s3_media_store_enabled: true
matrix_s3_media_store_bucket_name: "your-bucket-name"
matrix_s3_media_store_aws_access_key: "access-key-goes-here"
matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
matrix_s3_media_store_region: "eu-central-1"
```
## Backblaze B2
## Using other S3-compatible object stores
To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html) you first need to sign up.
You can use any S3-compatible object store by **additionally** configuring these variables:
You [can't easily change which region (US, Europe) your Backblaze account stores files in](https://old.reddit.com/r/backblaze/comments/hi1v90/make_the_choice_for_the_b2_data_center_region/), so make sure to carefully choose the region when signing up (hint: it's a hard to see dropdown below the username/password fields in the signup form).
```yaml
matrix_s3_media_store_custom_endpoint_enabled: true
# Example: "https://storage.googleapis.com"
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
```
### Backblaze B2
To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html):
After logging in to Backblaze:
- create a new **private** bucket through its user interface (you can call it something like `matrix-DOMAIN-media-store`)
- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`)
- adjust its lifecycle rules to use the following **custom** rules:
- File Path: *empty value*
- Days Till Hide: *empty value*
- Days Till Delete: `1`
- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`).
- adjust its Lifecycle Rules to: Keep only the last version of the file
- go to [App Keys](https://secure.backblaze.com/app_keys.htm) and use the **Add a New Application Key** to create a new one
- restrict it to the previously created bucket (e.g. `matrix-DOMAIN-media-store`)
- give it *Read & Write* access
Copy the `keyID` and `applicationKey`.
You need the following *additional* playbook configuration (on top of what you see above):
```yaml
matrix_s3_media_store_bucket_name: "YOUR_BUCKET_NAME_GOES_HERE"
matrix_s3_media_store_aws_access_key: "YOUR_keyID_GOES_HERE"
matrix_s3_media_store_aws_secret_key: "YOUR_applicationKey_GOES_HERE"
matrix_s3_media_store_custom_endpoint_enabled: true
matrix_s3_media_store_custom_endpoint: "https://s3.us-west-002.backblazeb2.com" # this may be different for your bucket
```
If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is.
## Migrating from local filesystem storage to S3
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one.
Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage:
- [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow)
- [Migrating to Backblaze B2](#migrating-to-backblaze-b2)
### Migrating to any S3-compatible storage (universal, but likely slow)
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
The `keyID` value is your **Access Key** and `applicationKey` is your **Secret Key**.
1. Proceed with the steps below without stopping Matrix services
For configuring [Goofys](configuring-playbook-s3-goofys.md) or [s3-synapse-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) you will need:
2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice)
- **Endpoint URL** - this is the **Endpoint** value you saw above, but prefixed with `https://`
3. In addition to the base configuration you see above, add this to your `vars.yml` file:
- **Region** - use the value you see in the Endpoint (e.g. `us-west-002`)
```yaml
matrix_s3_media_store_path: /matrix/s3-media-store
```
This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store.
5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time):
```sh
sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/.
```
You may need to install `rsync` manually.
7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys`
9. Sync the files again by re-running the `rsync` command you see in step #6
10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys`
11. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above)
- **Storage Class** - use `STANDARD`. Backblaze B2 does not have different storage classes, so it doesn't make sense to use any other value.
13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
14. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
## Other providers
15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`
For other S3-compatible providers, you may not need to configure security policies, etc. (just like for [Backblaze B2](#backblaze-b2)).
You most likely just need to create an S3 bucket and get some credentials (access key and secret key) for accessing the bucket in a read/write manner.
### Migrating to Backblaze B2
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
1. While all Matrix services are running, run the following command on the server:
(you need to adjust the 3 `--env` line below with your own data)
```sh
docker run -it --rm -w /work \
--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \
--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \
--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \
-v /matrix/synapse/storage/media-store/:/work \
--entrypoint=/bin/sh \
docker.io/tianon/backblaze-b2:2.1.0 \
-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET > /dev/null && b2 sync /work/ b2://$B2_BUCKET_NAME'
```
This is some initial file sync, which may take a very long time.
2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
3. Run the command from step #1 again.
Doing this will sync any new files that may have been created locally in the meantime.
Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync.
4. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file
6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
## Setting up
7. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
To set up Synapse to store files in S3, follow the instructions for the method of your choice:
8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`
- using [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) (recommended)
- using [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md)

@ -99,7 +99,7 @@ The certificate files would be made available in `/matrix/ssl/config/live/<your-
For automated certificate renewal to work, each port `80` vhost for each domain you are obtaining certificates for needs to forward requests for `/.well-known/acme-challenge` to the certbot container we use for renewal.
See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf`
See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-domain.conf`
Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.

@ -0,0 +1,126 @@
# Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider (optional)
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can use the [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) media provider module for Synapse.
**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.**
An alternative (which has worse performance) is to use [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md).
## How it works?
Summarized writings here are inspired by [this article](https://quentin.dufour.io/blog/2021-09-14/matrix-synapse-s3-storage/).
The way media storage providers in Synapse work has some caveats:
- Synapse still continues to use locally-stored files (for creating thumbnails, serving files, etc)
- the media storage provider is just an extra storage mechanism (in addition to the local filesystem)
- all files are stored locally at first, and then copied to the media storage provider (either synchronously or asynchronously)
- if a file is not available on the local filesystem, it's pulled from a media storage provider
You may be thinking **if all files are stored locally as well, what's the point**?
You can run some scripts to delete the local files once in a while (which we do automatically by default - see [Periodically cleaning up the local filesystem](#periodically-cleaning-up-the-local-filesystem)), thus freeing up local disk space. If these files are needed in the future (for serving them to users, etc.), Synapse will pull them from the media storage provider on demand.
While you will need some local disk space around, it's only to accommodate usage, etc., and won't grow as large as your S3 store.
## Installing
After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_ext_synapse_s3_storage_provider_enabled: true
matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name
matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.
# For additional advanced settings, take a look at `roles/matrix-synapse/defaults/main.yml`
```
If you have existing files in Synapse's media repository (`/matrix/synapse/media-store/..`):
- new files will start being stored both locally and on the S3 store
- the existing files will remain on the local filesystem only until [migrating them to the S3 store](#migrating-your-existing-media-files-to-the-s3-store)
- at some point (and periodically in the future), you can delete local files which have been uploaded to the S3 store already
Regardless of whether you need to [Migrate your existing files to the S3 store](#migrating-your-existing-media-files-to-the-s3-store) or not, make sure you've familiarized yourself with [How it works?](#how-it-works) above and [Periodically cleaning up the local filesystem](#periodically-cleaning-up-the-local-filesystem) below.
## Migrating your existing media files to the S3 store
Migrating your existing data can happen in multiple ways:
- [using the `s3_media_upload` script from `synapse-s3-storage-provider`](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (very slow when dealing with lots of data)
- [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload) (quicker when dealing with lots of data)
### Using the `s3_media_upload` script from `synapse-s3-storage-provider`
Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload).
To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`.
This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc).
Then use the following commands (`$` values come from environment variables - they're **not placeholders** that you need to substitute):
- `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on
- `$UPDATE_DB_DURATION` is influenced by the `matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count` variable (defaults to `0`)
- `$UPDATE_DB_DURATION` defaults to `0d` (0 days), which means **include files which haven't been accessed for more than 0 days** (that is, **all files will be included**).
- `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory
- `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory
The `s3_media_upload upload` command may take a lot of time to complete.
Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because:
- it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool
- allows you to check and verify the output of each command, to catch mistakes
- includes progress bars and detailed output for each command
- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`)
### Using another tool in combination with `s3_media_upload`
To migrate your existing local data to S3, we recommend to:
- **first** use another tool ([`aws s3`](#copying-data-to-amazon-s3) or [`b2 sync`](#copying-data-to-backblaze-b2), etc.) to copy the local files to the S3 bucket
- **only then** [use the `s3_media_upload` tool to finish the migration](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (this checks to ensure all files are uploaded and then deletes the local files)
#### Copying data to Amazon S3
Generally, you need to use the `aws s3` tool.
This documentation section could use an improvement. Ideally, we'd come up with a guide like the one used in [Copying data to Backblaze B2](#copying-data-to-backblaze-b2) - running `aws s3` in a container, etc.
#### Copying data to Backblaze B2
To copy to Backblaze B2, start a container like this:
```sh
docker run -it --rm \
-w /work \
--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \
--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \
--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \
--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \
--entrypoint=/bin/sh \
tianon/backblaze-b2:3.6.0 \
-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer'
```
## Periodically cleaning up the local filesystem
As described in [How it works?](#how-it-works) above, when new media is uploaded to the Synapse homeserver, it's first stored locally and then also stored on the remote S3 storage.
By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using:
- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script
- .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
- .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00
So.. you don't need to perform any maintenance yourself.

@ -34,13 +34,18 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
- [Setting up Etherpad](configuring-playbook-etherpad.md) (optional)
- [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
- [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional)
### Core service adjustments
- [Configuring Synapse](configuring-playbook-synapse.md) (optional)
- Homeserver configuration:
- [Configuring Synapse](configuring-playbook-synapse.md), if you're going with the default/recommended homeserver implementation (optional)
- [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional)
- [Configuring Element](configuring-playbook-client-element.md) (optional)

@ -192,7 +192,7 @@ Make sure to:
## Confirming it works
No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at both of these URLs:
No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at these URLs:
- `https://<domain>/.well-known/matrix/server`
- `https://<domain>/.well-known/matrix/client`

@ -1,25 +1,64 @@
# Installing
## 1. Installing the Matrix services
If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
Run this command to install the Matrix services:
## Playbook tags introduction
```bash
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
The Ansible playbook's tasks are tagged, so that certain parts of the Ansible playbook can be run without running all other tasks.
The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --tags=COMMA_SEPARATED_TAGS_GO_HERE`
Here are some playbook tags that you should be familiar with:
- `setup-all` - runs all setup tasks for all components, but does not start/restart services
- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
- `start` - starts all systemd services and makes them start automatically in the future
- `stop` - stops all systemd services
- `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
## 1. Installing Matrix
If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the all Ansible commands
If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands
There 2 ways to start the installation process - depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data).
### Installing a brand new server (without importing data)
If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration.
This will do a full installation and start all Matrix services.
Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)
**Notes**:
- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
### Installing a server into which you'll import old data
If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet.
Starting its services or messing with its database now will affect your data import later on.
To do the installation **without** starting services, run only the `setup-all` tag:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
```
## 2. Things you might want to do after installing
When this command completes, services won't be running yet.
**Before starting the services**, you may want to do additional things like:
You can now:
- [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
@ -27,21 +66,26 @@ The above command **doesn't start any services just yet** (another step does thi
- [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
.. and then proceed to starting all services:
## 3. Starting the services
When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command:
```bash
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=start
```
## 4. Finalize the installation
Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)
## 2. Maintaining your setup in the future
Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.
## 3. Finalize the installation
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md).
## 5. Things to do next
## 4. Things to do next
After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:

@ -26,7 +26,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports:
- Some TCP/UDP ports open. This playbook (actually [Docker itself](https://docs.docker.com/network/iptables/)) configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports:
- `80/tcp`: HTTP webserver
- `443/tcp`: HTTPS webserver

@ -1,3 +1,15 @@
(cors) {
@cors_preflight method OPTIONS
handle @cors_preflight {
header Access-Control-Allow-Origin "{args.0}"
header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE"
header Access-Control-Allow-Headers "Content-Type, Authorization"
header Access-Control-Max-Age "3600"
}
}
matrix.DOMAIN.tld {
# creates letsencrypt certificate
@ -82,6 +94,13 @@ matrix.DOMAIN.tld {
file_server
}
# If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain
#handle @wellknown {
# # .well-known is handled by base domain
# reverse_proxy https://DOMAIN.tld {
# header_up Host {http.reverse_proxy.upstream.hostport}
#}
handle {
encode zstd gzip
@ -114,6 +133,8 @@ element.DOMAIN.tld {
# creates letsencrypt certificate
# tls your@email.com
import cors https://*.DOMAIN.tld
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -123,6 +144,8 @@ element.DOMAIN.tld {
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered
# Content-Security-Policy frame-src https://*.DOMAIN.tld
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
@ -144,6 +167,8 @@ element.DOMAIN.tld {
# # creates letsencrypt certificate
# # tls your@email.com
#
# import cors https://*.DOMAIN.tld
#
# header {
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -151,8 +176,8 @@ element.DOMAIN.tld {
# X-XSS-Protection "1; mode=block"
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
# X-Content-Type-Options "nosniff"
# # Disallow the site to be rendered within a frame (clickjacking protection)
# X-Frame-Options "DENY"
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection)
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
# # X-Robots-Tag
# X-Robots-Tag "noindex, noarchive, nofollow"
# }
@ -176,6 +201,8 @@ element.DOMAIN.tld {
# creates letsencrypt certificate
# tls your@email.com
#
# import cors https://*.DOMAIN.tld
#
# header {
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -185,9 +212,9 @@ element.DOMAIN.tld {
#
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
# X-Content-Type-Options "nosniff"
#
# # Disallow the site to be rendered within a frame (clickjacking protection)
# X-Frame-Options "SAMEORIGIN"
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
#
# # Disable some features
# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
@ -225,6 +252,14 @@ element.DOMAIN.tld {
# header_up Host {http.reverse_proxy.upstream.hostport}
# }
# }
# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain
# # handle /.well-known/* {
# # encode zstd gzip
# # header Cache-Control max-age=14400
# # header Content-Type application/json
# # header Access-Control-Allow-Origin *
# #}
#
# # Configration for the base domain goes here
# # handle {
# # header -Server

@ -12,7 +12,9 @@
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# The Matrix homeserver software to install.
# See `roles/matrix-base/defaults/main.yml` for valid options.
# See:
# - `roles/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.

@ -769,7 +769,7 @@ matrix_heisenbridge_systemd_wanted_services_list: |
# We don't enable bridges by default.
matrix_hookshot_enabled: false
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
@ -1167,7 +1167,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
#
@ -1198,7 +1198,7 @@ matrix_bot_buscarron_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}"
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
#
@ -1231,7 +1231,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}"
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
#
@ -2116,18 +2116,9 @@ matrix_postgres_additional_databases: |
}}
matrix_postgres_import_roles_to_ignore: |
matrix_postgres_systemd_services_to_stop_for_maintenance_list: |
{{
[matrix_postgres_connection_username]
+
matrix_postgres_additional_databases|map(attribute='username') | list
}}
matrix_postgres_import_databases_to_ignore: |
{{
[matrix_postgres_db_name]
+
matrix_postgres_additional_databases|map(attribute='name') | list
['matrix-' + matrix_homeserver_implementation + '.service']
}}
######################################################################
@ -2368,7 +2359,7 @@ matrix_synapse_systemd_required_services_list: |
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-goofys'] if matrix_s3_media_store_enabled else [])
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
}}
matrix_synapse_systemd_wanted_services_list: |
@ -2654,7 +2645,7 @@ matrix_dendrite_systemd_required_services_list: |
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-goofys'] if matrix_s3_media_store_enabled else [])
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
}}
matrix_dendrite_systemd_wanted_services_list: |
@ -2690,3 +2681,43 @@ matrix_conduit_systemd_required_services_list: |
# /matrix-conduit
#
######################################################################
######################################################################
#
# matrix-user-creator
#
######################################################################
matrix_user_creator_users_auto: |
{{
[{
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
'initial_type': 'bot',
}] if matrix_bot_matrix_reminder_bot_enabled else []
+
[{
'username': matrix_bot_honoroit_login,
'initial_password': matrix_bot_honoroit_password,
'initial_type': 'bot',
}] if matrix_bot_honoroit_enabled else []
+
[{
'username': matrix_bot_postmoogle_login,
'initial_password': matrix_bot_postmoogle_password,
'initial_type': 'bot',
}] if matrix_bot_postmoogle_enabled else []
+
[{
'username': matrix_bot_buscarron_login,
'initial_password': matrix_bot_buscarron_password,
'initial_type': 'bot',
}] if matrix_bot_buscarron_enabled else []
}}
######################################################################
#
# /matrix-user-creator
#
######################################################################

@ -50,6 +50,9 @@ matrix_aux_file_default_mode: '0640'
# then you likely need to add `/matrix/some/path` to `matrix_aux_directory_definitions` as well.
# You don't need to do this for directories that the playbook already creates for you.
#
# Use a `content` key for text content and `src` with a location to a file for binary content.
# The `content` key does not support binary content (see https://github.com/ansible/ansible/issues/11594).
#
# Example:
#
# matrix_aux_file_definitions:
@ -69,4 +72,10 @@ matrix_aux_file_default_mode: '0640'
# mode: '0600'
# owner: 'some-user'
# group: 'some-group'
#
# - dest: /matrix/aux/binary-file.dat
# src: "/path/to/binary.dat"
# mode: '0600'
# owner: 'some-user'
# group: 'some-group'
matrix_aux_file_definitions: []

@ -11,8 +11,9 @@
- name: Ensure AUX files are created
ansible.builtin.copy:
src: "{{ item.src if 'src' in item else omit }}"
content: "{{ item.content if 'content' in item else omit }}"
dest: "{{ item.dest }}"
content: "{{ item.content }}"
owner: "{{ item.owner | default(matrix_user_username) }}"
group: "{{ item.group | default(matrix_user_groupname) }}"
mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}"

@ -59,7 +59,7 @@
mode: 0600
- name: Ensure borg image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -82,7 +82,7 @@
when: "matrix_backup_borg_container_image_self_build | bool"
- name: Ensure borg image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
source: build
force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -36,6 +36,6 @@
state: absent
- name: Ensure borg Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
state: absent

@ -284,6 +284,11 @@ matrix_docker_installation_enabled: true
# Possible values are "docker-ce" (default) and "docker.io" (Debian).
matrix_docker_package_name: docker-ce
# Controls whether the current playbook's commit hash is saved in `git_hash.yml` on the target
# Set this to false if GIT is not installed on the local system (the system where the ansible command is run on)
# to suppress the warning message.
matrix_playbook_commit_hash_preservation_enabled: true
# Variables to Control which parts of our roles run.
run_postgres_import: true
run_postgres_upgrade: true

@ -21,7 +21,8 @@
register: lsb_release_installation_result
- name: Reread ansible_lsb facts if lsb-release got installed
ansible.builtin.setup: filter=ansible_lsb*
ansible.builtin.setup:
filter: ansible_lsb*
when: lsb_release_installation_result.changed
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"

@ -1,7 +1,7 @@
---
- name: Install host dependencies
pacman:
community.general.pacman:
name:
- python-docker
- python-dnspython
@ -9,7 +9,7 @@
update_cache: true
- name: Ensure Docker is installed
pacman:
community.general.pacman:
name:
- docker
state: present

@ -19,8 +19,54 @@
mode: '0660'
when: "matrix_vars_yml_snapshotting_enabled | bool"
- name: Save current git-repo status on the target to aid with restoring in case of problems
when: "matrix_playbook_commit_hash_preservation_enabled|bool"
block:
- name: Get local git hash # noqa command-instead-of-module
delegate_to: 127.0.0.1
become: false
register: git_describe
changed_when: false
ansible.builtin.shell:
git describe
--always
--tags
--dirty
--long
--all
- ansible.builtin.set_fact:
git_hash: "{{ git_describe.stdout }}"
- name: Git hash
ansible.builtin.debug:
msg: "Git hash: {{ git_hash }}"
- name: Save git_hash.yml on target
ansible.builtin.copy:
content: "{{ git_hash }}"
dest: "{{ matrix_base_data_path }}/git_hash.yml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: '0660'
rescue:
- name: GIT not found error
ansible.builtin.debug:
msg: >-
Couldn't find GIT on the local machine. Continuing without saving the GIT hash.
You can disable saving the GIT hash by setting 'matrix_playbook_commit_hash_preservation_enabled: false' in vars.yml
when: "git_describe.stderr.find('git: not found') != -1"
- name: Get GIT hash error
ansible.builtin.fail:
msg: >-
Error when trying to get the GIT hash. Please consult the error message above.
You can disable saving the GIT hash by setting 'matrix_playbook_commit_hash_preservation_enabled: false' in vars.yml
when: "git_describe.stderr.find('git: not found') == -1"
- name: Ensure Matrix network is created in Docker
docker_network:
community.docker.docker_network:
name: "{{ matrix_docker_network }}"
driver: bridge

@ -16,7 +16,7 @@
when: ansible_os_family == 'Debian'
- name: Ensure fuse installed (Archlinux)
pacman:
community.general.pacman:
name:
- fuse3
state: present

@ -16,7 +16,7 @@
when: ansible_os_family == 'Debian'
- name: Ensure openssl installed (Archlinux)
pacman:
community.general.pacman:
name:
- openssl
state: present

@ -9,7 +9,7 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_version: v1.2.1
matrix_bot_buscarron_version: v1.3.0
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
@ -78,37 +78,49 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}"
matrix_bot_buscarron_forms: []
# Disable encryption
matrix_bot_buscarron_noencryption:
matrix_bot_buscarron_noencryption: false
# Sentry DSN
matrix_bot_buscarron_sentry:
matrix_bot_buscarron_sentry: ''
# Log level
matrix_bot_buscarron_loglevel: INFO
# spam hosts/domains
# list of spammers with wildcards support, eg: *@spam.com spam@*, spam@spam.com
matrix_bot_buscarron_spamlist: []
# spam hosts/domains.
# deprecated, use matrix_bot_buscarron_spamlist
matrix_bot_buscarron_spam_hosts: []
# spam email addresses
# deprecated, use matrix_bot_buscarron_spamlist
matrix_bot_buscarron_spam_emails: []
# spam email localparts
# deprecated, use matrix_bot_buscarron_spamlist
matrix_bot_buscarron_spam_localparts: []
# Ban duration in hours
matrix_bot_buscarron_ban_duration: 24
# Banlist size
matrix_bot_buscarron_ban_size: 10000
# Permanent banlist
matrix_bot_buscarron_ban_list: []
# Postmark token (confirmation emails)
matrix_bot_buscarron_pm_token:
matrix_bot_buscarron_pm_token: ''
# Postmark sender signature
matrix_bot_buscarron_pm_from:
matrix_bot_buscarron_pm_from: ''
# Postmark confirmation email's reply-to
matrix_bot_buscarron_pm_replyto:
matrix_bot_buscarron_pm_replyto: ''
# email address (from) for SMTP validation. Must be valid email on valid SMTP server, otherwise it will be rejected by other servers
matrix_bot_buscarron_smtp_from: ''
# enforce SMTP validation
matrix_bot_buscarron_smtp_validation: false
# Additional environment variables to pass to the buscarron container
#

@ -50,7 +50,7 @@
mode: 0640
- name: Ensure buscarron image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -73,7 +73,7 @@
when: "matrix_bot_buscarron_container_image_self_build | bool"
- name: Ensure buscarron image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
source: build
force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure buscarron Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
state: absent

@ -3,22 +3,26 @@ BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }}
BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }}
BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }}
BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }}
BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }}
BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }}
BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }}
BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }}
BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }}
BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }}
BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }}
BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }}
BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }}
BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }}
{% set forms = [] %}
{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}
BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }}
BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }}
BUSCARRON_{{ form.name|upper }}_HASEMAIL={{ form.hasemail|default('') }}
BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }}
BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }}
BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }}

@ -17,7 +17,7 @@
when: "item.when | bool"
- name: Ensure go-neb image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_go_neb_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure go-neb Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_go_neb_docker_image }}"
state: absent

@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.15
matrix_bot_honoroit_version: v0.9.16
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

@ -50,7 +50,7 @@
mode: 0640
- name: Ensure honoroit image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -73,7 +73,7 @@
when: "matrix_bot_honoroit_container_image_self_build | bool"
- name: Ensure honoroit image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
source: build
force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure honoroit Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
state: absent

@ -22,7 +22,7 @@
mode: 0640
- name: Ensure matrix-registration-bot image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -45,7 +45,7 @@
when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool"
- name: Ensure matrix-registration-bot image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure matrix-registration-bot Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
state: absent

@ -43,7 +43,7 @@
when: "item.when | bool"
- name: Ensure matrix-reminder-bot image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -66,7 +66,7 @@
when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool"
- name: Ensure matrix-reminder-bot image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure matrix-reminder-bot Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
state: absent

@ -26,7 +26,7 @@
mode: "u=rwx"
- name: Ensure maubot image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_maubot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -49,7 +49,7 @@
when: "matrix_bot_maubot_container_image_self_build|bool"
- name: Ensure maubot image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_maubot_docker_image }}"
source: build
force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure maubot Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_maubot_docker_image }}"
state: absent

@ -18,7 +18,7 @@
when: "item.when | bool"
- name: Ensure mjolnir Docker image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -41,7 +41,7 @@
when: "matrix_bot_mjolnir_container_image_self_build | bool"
- name: Ensure mjolnir Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: build
force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure mjolnir Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
state: absent

@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.5
matrix_bot_postmoogle_version: v0.9.8
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

@ -46,7 +46,7 @@
mode: 0640
- name: Ensure postmoogle image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_postmoogle_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -69,7 +69,7 @@
when: "matrix_bot_postmoogle_container_image_self_build | bool"
- name: Ensure postmoogle image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
source: build
force_source: "{{ matrix_bot_postmoogle_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure postmoogle Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
state: absent

@ -29,7 +29,7 @@
matrix_appservice_discord_requires_restart: true
- name: Ensure Appservice Discord image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -22,5 +22,6 @@
- {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
- name: Require a valid database engine
ansible.builtin.fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'"
ansible.builtin.fail:
msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'"
when: "matrix_appservice_discord_database_engine not in ['sqlite', 'postgres']"

@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below.
matrix_appservice_irc_version: 0.35.1
matrix_appservice_irc_version: 0.36.0
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

@ -64,7 +64,7 @@
matrix_appservice_irc_requires_restart: true
- name: Ensure Appservice IRC image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -87,7 +87,7 @@
when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool"
- name: Ensure matrix-appservice-irc Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: build
force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -9,7 +9,7 @@
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure matrix-appservice-kakaotalk image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -21,7 +21,7 @@
until: result is not failed
- name: Ensure matrix-appservice-kakaotalk-node image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -58,7 +58,7 @@
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk-node Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -70,7 +70,7 @@
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -85,7 +85,7 @@
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ something }}`
Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

@ -32,7 +32,7 @@
matrix_appservice_slack_requires_restart: true
- name: Ensure Appservice Slack image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -55,7 +55,7 @@
when: "matrix_appservice_slack_container_image_self_build | bool"
- name: Ensure matrix-appservice-slack Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_slack_docker_image }}"
source: build
force_source: "{{ matrix_appservice_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -15,7 +15,7 @@
when: "item.when | bool"
- name: Ensure Appservice webhooks image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_webhooks_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -39,7 +39,7 @@
register: matrix_appservice_webhooks_git_pull_results
- name: Ensure Appservice webhooks Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_appservice_webhooks_docker_image }}"
source: build
force_source: "{{ matrix_appservice_webhooks_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -23,7 +23,7 @@
- name: Ensure Beeper LinkedIn image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -62,7 +62,7 @@
changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0
- name: Ensure Beeper LinkedIn Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: build
force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -52,7 +52,7 @@
when: item.when | bool
- name: Ensure Go Skype Bridge image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_go_skype_bridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -75,7 +75,7 @@
when: "matrix_go_skype_bridge_container_image_self_build | bool"
- name: Ensure Go Skype Bridge Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_go_skype_bridge_docker_image }}"
source: build
force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -1,7 +1,7 @@
---
- name: Ensure heisenbridge image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_heisenbridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.3.0
matrix_hookshot_version: 2.4.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@ -128,9 +128,9 @@ matrix_hookshot_generic_allow_js_transformation_functions: false
matrix_hookshot_generic_user_id_prefix: '_webhooks_'
matrix_hookshot_feeds_enabled: false
# polling interval in seconds
matrix_hookshot_feeds_interval: 600
matrix_hookshot_feeds_enabled: true
matrix_hookshot_feeds_pollIntervalSeconds: 600 # no-qa var-naming
matrix_hookshot_feeds_pollTimeoutSeconds: 10 # no-qa var-naming
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.

@ -15,7 +15,7 @@
when: item.when | bool
- name: Ensure hookshot image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -38,7 +38,7 @@
when: "matrix_hookshot_container_image_self_build | bool"
- name: Ensure hookshot Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: build
force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -58,6 +58,15 @@
with_items:
- "matrix_hookshot_provisioning_secret"
- name: (Deprecation) Catch and report renamed Hookshot variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
- name: (Deprecation) Catch and report old metrics usage
ansible.builtin.fail:
msg: >-

@ -82,8 +82,9 @@ generic:
feeds:
# (Optional) Configure this to enable RSS/Atom feed support
#
enabled: {{ matrix_hookshot_feeds_enabled }}
pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }}
enabled: {{ matrix_hookshot_feeds_enabled | to_json }}
pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
provisioning:
@ -108,7 +109,7 @@ metrics:
logging:
# (Optional) Logging settings. You can have a severity debug,info,warn,error
#
level: info
level: warn
{% if matrix_hookshot_widgets_enabled %}
widgets:
# (Optional) EXPERIMENTAL support for complimentary widgets

@ -52,7 +52,7 @@
when: item.when | bool
- name: Ensure Mautrix Discord image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -75,7 +75,7 @@
when: "matrix_mautrix_discord_container_image_self_build | bool"
- name: Ensure Mautrix discord Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_discord_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -37,7 +37,7 @@
matrix_mautrix_facebook_requires_restart: true
- name: Ensure Mautrix Facebook image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_facebook_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -74,7 +74,7 @@
when: "matrix_mautrix_facebook_container_image_self_build | bool"
- name: Ensure Mautrix Facebook Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_facebook_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -37,7 +37,7 @@
matrix_mautrix_googlechat_requires_restart: true
- name: Ensure Mautrix googlechat image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -74,7 +74,7 @@
when: "matrix_mautrix_googlechat_container_image_self_build | bool"
- name: Ensure Mautrix googlechat Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_googlechat_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -37,7 +37,7 @@
matrix_mautrix_hangouts_requires_restart: true
- name: Ensure Mautrix Hangouts image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_hangouts_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -74,7 +74,7 @@
when: "matrix_mautrix_hangouts_container_image_self_build | bool"
- name: Ensure Mautrix Hangouts Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_hangouts_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_version: v0.2.1
matrix_mautrix_instagram_version: v0.2.2
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

@ -8,7 +8,7 @@
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure Mautrix instagram image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_instagram_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -45,7 +45,7 @@
when: "matrix_mautrix_instagram_container_image_self_build | bool"
- name: Ensure Mautrix instagram Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_instagram_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -9,8 +9,8 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: v0.4.0
matrix_mautrix_signal_daemon_version: 0.22.2
matrix_mautrix_signal_version: v0.4.1
matrix_mautrix_signal_daemon_version: 0.23.0
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"

@ -9,7 +9,7 @@
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure Mautrix Signal image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -33,7 +33,7 @@
when: "matrix_mautrix_signal_container_image_self_build | bool"
- name: Ensure Mautrix Signal image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -46,7 +46,7 @@
- name: Ensure Mautrix Signal Daemon image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -66,7 +66,7 @@
when: "matrix_mautrix_signal_daemon_container_image_self_build | bool"
- name: Ensure Mautrix Signal Daemon image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -38,6 +38,9 @@ matrix_mautrix_telegram_api_id: ''
matrix_mautrix_telegram_api_hash: ''
matrix_mautrix_telegram_bot_token: disabled
# Define the filter-mode
matrix_mautrix_telegram_filter_mode: "blacklist"
# Whether or not the public-facing endpoints should be enabled (web-based login)
matrix_mautrix_telegram_appservice_public_enabled: true

@ -51,7 +51,7 @@
when: item.when | bool
- name: Ensure Mautrix Telegram image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_telegram_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -74,7 +74,7 @@
when: "matrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure lottieconverter Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_telegram_lottieconverter_docker_image }}"
source: build
force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -97,7 +97,7 @@
when: "matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure matrix-mautrix-telegram Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_telegram_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_telegram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -273,12 +273,12 @@ bridge:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
mode: {{ matrix_mautrix_telegram_filter_mode | to_json }}
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}"
command_prefix: {{ matrix_mautrix_telegram_command_prefix | to_json }}
# Permissions for using the bridge.
# Permitted values:
@ -291,7 +291,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }}
permissions: {{ matrix_mautrix_telegram_bridge_permissions | to_json }}
# Options related to the message relay Telegram bot.
relaybot:

@ -12,7 +12,7 @@
matrix_mautrix_twitter_requires_restart: false
- name: Ensure Mautrix Twitter image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -49,7 +49,7 @@
when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build"
- name: Ensure Mautrix Twitter Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}"

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.7.0
matrix_mautrix_whatsapp_version: v0.7.1
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

@ -52,7 +52,7 @@
when: item.when | bool
- name: Ensure Mautrix Whatsapp image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_whatsapp_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -75,7 +75,7 @@
when: "matrix_mautrix_whatsapp_container_image_self_build | bool"
- name: Ensure Mautrix Whatsapp Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mautrix_whatsapp_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_whatsapp_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -147,6 +147,12 @@ bridge:
# provisioning endpoint is used or when a message comes in from that
# chat.
max_initial_conversations: -1
# If this value is greater than 0, then if the conversation's last
# message was more than this number of hours ago, then the conversation
# will automatically be marked it as read.
# Conversations that have a last message that is less than this number
# of hours ago will have their unread status synced from WhatsApp.
unread_hours_threshold: 0
# Settings for immediate backfills. These backfills should generally be
# small and their main purpose is to populate each of the initial chats
# (as configured by max_initial_conversations) with a few messages so
@ -228,7 +234,10 @@ bridge:
# manually.
login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }}
# Should the bridge explicitly set the avatar and room name for private chat portal rooms?
# This is implicitly enabled in encrypted rooms.
private_chat_portal_meta: false
# Should group members be synced in parallel? This makes member sync faster
parallel_member_sync: false
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
@ -281,6 +290,9 @@ bridge:
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Should Matrix edits be bridged to WhatsApp edits?
# Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away.
send_whatsapp_edits: false
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
message_handling_timeout:

@ -71,7 +71,7 @@
matrix_mx_puppet_discord_requires_restart: true
- name: Ensure MX Puppet Discord image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -94,7 +94,7 @@
when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build"
- name: Ensure MX Puppet Discord Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_discord_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -69,7 +69,7 @@
matrix_mx_puppet_groupme_requires_restart: true
- name: Ensure MX Puppet Groupme image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -92,7 +92,7 @@
when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build"
- name: Ensure MX Puppet Groupme Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -38,7 +38,7 @@
matrix_mx_puppet_instagram_requires_restart: true
- name: Ensure mx-puppet-instagram image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_instagram_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -75,7 +75,7 @@
when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool"
- name: Ensure mx-puppet-instagram Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_instagram_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -65,7 +65,7 @@
matrix_mx_puppet_slack_requires_restart: true
- name: Ensure MX Puppet Slack image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -88,7 +88,7 @@
when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build"
- name: Ensure MX Puppet Slack Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_slack_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -69,7 +69,7 @@
matrix_mx_puppet_steam_requires_restart: true
- name: Ensure MX Puppet Steam image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_steam_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -92,7 +92,7 @@
when: "matrix_mx_puppet_steam_enabled | bool and matrix_mx_puppet_steam_container_image_self_build"
- name: Ensure MX Puppet Steam Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_steam_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -69,7 +69,7 @@
matrix_mx_puppet_twitter_requires_restart: true
- name: Ensure MX Puppet Twitter image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_twitter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -92,7 +92,7 @@
when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build"
- name: Ensure MX Puppet Twitter Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_mx_puppet_twitter_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -1,7 +1,7 @@
---
- name: Ensure matrix-sms-bridge image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_sms_bridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
register: result

@ -31,7 +31,7 @@
mode: 0640
- name: Ensure cactus comments image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_cactus_comments_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_cactus_comments_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -54,7 +54,7 @@
when: "matrix_cactus_comments_container_image_self_build | bool"
- name: Ensure cactus comments image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_cactus_comments_docker_image }}"
source: build
force_source: "{{ matrix_cactus_comments_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

@ -31,6 +31,6 @@
state: absent
- name: Ensure cactus comments Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_cactus_comments_docker_image }}"
state: absent

@ -12,7 +12,7 @@
when: "item.when | bool"
- name: Ensure Cinny Docker image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_client_cinny_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -54,7 +54,7 @@
when: "item.src is not none"
- name: Ensure Cinny Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_client_cinny_docker_image }}"
source: build
force_source: "{{ matrix_client_cinny_git_pull_results.changed }}"

@ -30,6 +30,6 @@
state: absent
- name: Ensure Cinny Docker image doesn't exist
docker_image:
community.docker.docker_image:
name: "{{ matrix_client_cinny_docker_image }}"
state: absent

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.8
matrix_client_element_version: v1.11.13
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

@ -13,7 +13,7 @@
when: "item.when | bool"
- name: Ensure Element Docker image is pulled
docker_image:
community.docker.docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
@ -50,7 +50,7 @@
when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool"
- name: Ensure Element Docker image is built
docker_image:
community.docker.docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: build
force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save