From 09bf24ade8c75f9f86989264a476b793616268b2 Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Thu, 2 Apr 2026 21:30:13 +0200 Subject: [PATCH] Update Draupnir from v2.9.0 to v3.0.0 (#5110) --- CHANGELOG.md | 19 +++++++++++++++++++ examples/vars.yml | 2 +- .../defaults/main.yml | 8 ++++---- .../templates/production-appservice.yaml.j2 | 12 +++++++++++- .../templates/production-bots.yaml.j2 | 10 +++++++++- .../matrix-bot-draupnir/defaults/main.yml | 8 ++++---- .../templates/production.yaml.j2 | 9 ++++++++- .../defaults/main.yml | 5 ++++- 8 files changed, 60 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e456a286..d76b220ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 2026-04-02 + +## (BC Break) Draupnir for all Self Service Provisioning is now disabled by default + +💡 If you don't use [Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md), then this breaking change does not concern you.. + +[Draupnir for all](./docs/configuring-playbook-appservice-draupnir-for-all.md) now ships with `allowSelfServiceProvisioning: false` as default upstream and in this playbook. + +This means users can no longer provision Draupnir instances by inviting the appservice bot unless you explicitly opt in. + +Manual provisioning by administrators is now the recommended approach. You do not want to enable Self Service Provisioning unless you have additional custom safeguards like those used by asgard.chat in place. + +If you want to enable Self Service Provisioning, add the following to your `vars.yml`: + +```yaml +matrix_appservice_draupnir_for_all_configuration_extension_yaml: | + allowSelfServiceProvisioning: true +``` + # 2026-03-23 ## Migration validation system introduced diff --git a/examples/vars.yml b/examples/vars.yml index 05259d65d..656986c0b 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -2,7 +2,7 @@ # This variable acknowledges that you've reviewed breaking changes up to this version. # The playbook will fail if this is outdated, guiding you through what changed. # See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md -matrix_playbook_migration_validated_version: v2026.03.23.0 +matrix_playbook_migration_validated_version: v2026.04.02.0 # The bare domain name which represents your Matrix identity. # Matrix user IDs for your server will be of the form (`@alice:example.com`). diff --git a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml index 31f782cf2..6cc6fa9b7 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml +++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml @@ -11,17 +11,17 @@ matrix_appservice_draupnir_for_all_enabled: true -# renovate: datasource=docker depName=gnuxie/draupnir -matrix_appservice_draupnir_for_all_version: "v2.9.0" +# renovate: datasource=docker depName=depName=ghcr.io/the-draupnir-project/draupnir +matrix_appservice_draupnir_for_all_version: "v3.0.0" matrix_appservice_draupnir_for_all_container_image_self_build: false matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_appservice_draupnir_for_all_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream }}" matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}" -matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "docker.io/" +matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}" -matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "gnuxie/draupnir" +matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "the-draupnir-project/draupnir" matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}" matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all" diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 index ea168dac9..019c7ac79 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2 @@ -1,6 +1,6 @@ {# SPDX-FileCopyrightText: 2024 MDAD project contributors -SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover +SPDX-FileCopyrightText: 2024 - 2026 Catalan Lover SPDX-FileCopyrightText: 2024 Suguru Hirahara SPDX-License-Identifier: AGPL-3.0-or-later @@ -28,5 +28,15 @@ webAPI: # The directory the bot should store various bits of information in dataPath: "/data" +# Maximum number of bots each user can provision. +# Defaults to 1 when omitted. +maxDraupnirsPerUser: 1 + +# Allow users to self-provision by inviting the appservice bot. +# When false, provisioning must be done through admin commands. +# Defaults to false when omitted. +allowSelfServiceProvisioning: false + + roomStateBackingStore: enabled: {{ matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled | to_json }} diff --git a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 index 63eb20b22..1f78c7746 100644 --- a/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 +++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2 @@ -1,6 +1,6 @@ {# SPDX-FileCopyrightText: 2024 MDAD project contributors -SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover +SPDX-FileCopyrightText: 2024 - 2026 Catalan Lover SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -61,6 +61,14 @@ commands: # will address only my_moderator_bot. allowNoPrefix: false + # Controls which symbol will prefix a secondary prefix that is described in additionalPrefixes. + # For example the `!` in `!draupnir`. + # If you wish the bot to use "slash commands" with the "/" character instead of the exclamation mark "!" change the value to `"/"` and the bot will start responding to slash commands. + + symbolPrefixes: + - "!" + + # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`. additionalPrefixes: - "draupnir-bot" diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index c10024987..77e9a9273 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -11,17 +11,17 @@ matrix_bot_draupnir_enabled: true -# renovate: datasource=docker depName=gnuxie/draupnir -matrix_bot_draupnir_version: "v2.9.0" +# renovate: datasource=docker depName=depName=ghcr.io/the-draupnir-project/draupnir +matrix_bot_draupnir_version: "v3.0.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}{{ matrix_bot_draupnir_container_image_registry_namespace_identifier }}:{{ matrix_bot_draupnir_version }}" -matrix_bot_draupnir_container_image_registry_namespace_identifier: "gnuxie/draupnir" +matrix_bot_draupnir_container_image_registry_namespace_identifier: "the-draupnir-project/draupnir" matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}" matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}" -matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "docker.io/" +matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}" matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir" diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 874a3badd..f0f24cd1c 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -1,6 +1,6 @@ {# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors -SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover +SPDX-FileCopyrightText: 2023 - 2026 Catalan Lover SPDX-FileCopyrightText: 2024 Slavi Pantaleev SPDX-FileCopyrightText: 2024 Suguru Hirahara @@ -148,6 +148,13 @@ commands: # will address only my_moderator_bot. allowNoPrefix: false + # Controls which symbol will prefix a secondary prefix that is described in additionalPrefixes. + # For example the `!` in `!draupnir`. + # If you wish the bot to use "slash commands" with the "/" character instead of the exclamation mark "!" change the value to `"/"` and the bot will start responding to slash commands. + + symbolPrefixes: + - "!" + # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`. additionalPrefixes: - "draupnir-bot" diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index 2432996ae..45b5f5d4e 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -14,10 +14,13 @@ matrix_playbook_migration_validated_version: '' # The version that the playbook expects the user to have validated against. # This is bumped whenever a breaking change is introduced. # The value configured here needs to exist in `matrix_playbook_migration_breaking_changes` as well. -matrix_playbook_migration_expected_version: "v2026.03.23.0" +matrix_playbook_migration_expected_version: "v2026.04.02.0" # A list of breaking changes, used to inform users what changed between their validated version and the expected version. matrix_playbook_migration_breaking_changes: + - version: "v2026.04.02.0" + summary: "(BC Break) Draupnir-for-all self-service provisioning is now disabled by default" + changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-02" - version: "v2026.03.23.0" summary: "Initial migration validation system" changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-03-22"