iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-19 03:46:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
11,113 Commits 13 Branches 0 Tags
6c7944494b5922f842bbe60514b792c965280c23
Commit Graph

11113 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavi Pantaleev c831ce6f63 chore(deps): update MOASH role versions for pull restart fix 2026-03-22 07:41:16 +02:00
Slavi Pantaleev d3241588e3 Add conditional restart support to 7 roles that previously always restarted 
Replace hardcoded restart_necessary: true with computed values for:
conduit, continuwuity, dendrite, element-call, media-repo,
appservice-kakaotalk, and wechat.

Each role now registers results from config, support files, systemd service,
and docker image pull tasks, then computes a restart_necessary variable
from their combined .changed state. group_vars/matrix_servers is updated
to reference these variables instead of hardcoding true.

For dendrite, the systemd service template was also separated out of the
combined support-files with_items loop so it can be independently tracked.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 06:45:58 +02:00
Slavi Pantaleev b092e126a9 Fix docker image build results not affecting conditional restart for ldap-registration-proxy and matrixto 
These roles had conditional restart logic (restart_necessary set_fact) but
the docker_image build task result was not registered or included in the
condition, so a changed image build would not trigger a service restart.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 06:45:47 +02:00
renovate[bot] 5167507989 chore(deps): update ghcr.io/etkecc/baibot docker tag to v1.16.0 2026-03-20 19:03:52 +02:00
renovate[bot] d7ec806b51 chore(deps): update dependency prometheus_postgres_exporter to v0.19.1-2 2026-03-20 19:01:12 +02:00
renovate[bot] 11fee5e4db chore(deps): update dependency traefik to v3.6.11-1 2026-03-20 19:00:53 +02:00
Suguru Hirahara 5523277bc1 Update prometheus-nginxlog-exporter (v1.10.0-0 → v1.10.0-1) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 18:11:25 +09:00
Suguru Hirahara ed7be50cea Update Prometheus Node Exporter (v1.9.1-14 → v1.9.1-15) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 10:43:40 +02:00
Suguru Hirahara 4ac5266efc Update Prometheus Postgres Exporter (v0.19.1-0 → v0.19.1-1) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 10:43:40 +02:00
renovate[bot] 392ac0125f chore(deps): update dependency prometheus_node_exporter to v1.9.1-15 2026-03-20 10:42:55 +02:00
renovate[bot] 756e189141 chore(deps): update dependency prometheus_postgres_exporter to v0.19.1-1 2026-03-20 10:42:45 +02:00
renovate[bot] c55156b394 chore(deps): update dependency traefik to v3.6.11-0 2026-03-20 08:36:23 +02:00
Slavi Pantaleev 446597aac9 Upgrade exim-relay (v4.98.1-r0-2-3 -> v4.99.1-r0-0-0) 2026-03-20 02:41:38 +02:00
Slavi Pantaleev b942715469 fix(self-check): respect path_prefix in web client self-check URLs 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5051

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 23:31:13 +02:00
renovate[bot] aeb71d3543 chore(deps): update ghcr.io/etkecc/honoroit docker tag to v0.9.30 2026-03-19 19:07:29 +02:00
Catalan Lover 54c0b56200 Prepare Draupnir Roles for move to GHCR. 2026-03-19 19:07:19 +02:00
Slavi Pantaleev 12af6da9d0 matrix-authentication-service: add UNIX socket support for playbook-managed Postgres 
MAS now connects to the playbook-managed Postgres via a UNIX socket by
default (when available), matching the approach already used by Synapse.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 01:05:10 +02:00
Slavi Pantaleev f0a5393d48 fix(s3): use postgres unix socket for migrate and shell commands 2026-03-18 15:21:06 +02:00
Slavi Pantaleev 68aca96cbd docs: clarify database_host ignored when postgres sockets are enabled 2026-03-18 15:21:03 +02:00
renovate[bot] 68318ce932 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.3.18 2026-03-18 12:11:23 +02:00
renovate[bot] 4e4bccd03a chore(deps): update oci.element.io/element-admin docker tag to v0.1.11 2026-03-17 16:48:28 +02:00
Norman Ziegner 19423864f0 synapse: add missing server_notices configuration variables 
Add support for all server_notices settings documented by Synapse:
- room_avatar_url: optional avatar for the server notices room
- room_topic: optional topic for the server notices room
- auto_join: whether users are auto-joined instead of invited (default: false)

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
 2026-03-17 16:43:14 +02:00
Slavi Pantaleev a000abdf19 postgres: stop disabling unix socket support 2026-03-17 15:35:02 +02:00
Slavi Pantaleev b596319a4a postgres: drop redundant cli socket override 2026-03-17 15:35:02 +02:00
Slavi Pantaleev f0906e79a9 matrix-synapse: gate postgres sockets on postgres role support 2026-03-17 15:35:02 +02:00
Slavi Pantaleev 2fff4b5b88 matrix-synapse: use clearer socket mount paths 2026-03-17 15:35:02 +02:00
Slavi Pantaleev e09ea540a0 matrix-synapse: prefer local sockets for db connections 2026-03-17 15:35:02 +02:00
Slavi Pantaleev bd614abd30 matrix-synapse: avoid network wiring for socket-based db access 2026-03-17 15:35:02 +02:00
Slavi Pantaleev b6f8a59b50 matrix-synapse: make managed service topology explicit 2026-03-17 15:35:02 +02:00
renovate[bot] b7d501802c chore(deps): update dependency ntfy to v2.19.2-0 2026-03-17 12:02:14 +02:00
renovate[bot] 1c98e76423 chore(deps): update dependency grafana to v11.6.5-8 2026-03-17 12:01:56 +02:00
renovate[bot] cb7b13daad chore(deps): update dock.mau.dev/mautrix/twitter docker tag to v0.2603.0 2026-03-16 23:21:19 +02:00
renovate[bot] 7e8f3250f7 chore(deps): update dock.mau.dev/mautrix/slack docker tag to v0.2603.0 2026-03-16 23:21:06 +02:00
renovate[bot] e145bffb7e chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2603.0 2026-03-16 23:20:31 +02:00
renovate[bot] c3156a1a99 chore(deps): update ghcr.io/element-hq/element-call docker tag to v0.18.0 2026-03-16 23:19:11 +02:00
Slavi Pantaleev f9811a0e0a matrix-authentication-service: mount Synapse Postgres socket for syn2mas 
syn2mas reads Synapse's homeserver.yaml and reuses the database
connection details from there.

When Synapse is configured to reach the integrated Postgres over a UNIX socket,
the temporary syn2mas container was given the config file but not the socket mount,
so migrations could fail even though Synapse itself was configured correctly.

Wire the Synapse socket settings into MAS via playbook vars and mount
the same socket path into the syn2mas container, so migrations work in
socket-based deployments without coupling the MAS role directly to
Synapse role variables.
 2026-03-16 22:43:02 +02:00
Slavi Pantaleev 1dac2b5c14 matrix-bridge-hookshot: normalize generated passkey ownership 
Similar to c6d33b819. See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
 2026-03-16 16:50:40 +02:00
Slavi Pantaleev c6d33b819a matrix-authentication-service: normalize generated key ownership 
Fix host-generated MAS key ownership and mode after creation so installs recover cleanly when become_user is not honored. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
 2026-03-16 16:49:51 +02:00
renovate[bot] 7e0d86d2ea chore(deps): update ghcr.io/etkecc/postmoogle docker tag to v0.9.29 2026-03-16 11:27:51 +02:00
renovate[bot] a035d77b1a chore(deps): update dependency ntfy to v2.19.1-0 2026-03-16 11:27:09 +02:00
renovate[bot] 9934bc3e39 chore(deps): update dependency charset-normalizer to v3.4.6 2026-03-16 06:45:30 +02:00
renovate[bot] a2fd140a61 chore(deps): update dependency ntfy to v2.19.0-0 2026-03-16 06:45:21 +02:00
Slavi Pantaleev 5df7e678f7 matrix-synapse: add an explicit msc4306 feature toggle 
Expose Synapse's `msc4306_enabled` experimental flag as a first-class MDAD
variable and wire it into `homeserver.yaml` alongside the other experimental
feature toggles.

This makes thread-subscriptions support explicit in playbook configuration,
rather than requiring operators to inject the upstream flag via raw
`matrix_synapse_configuration_extension_yaml`.

The variable intentionally controls only the Synapse feature flag. It does not
change the default `thread_subscriptions` worker count, which remains `0` in the
standard presets. Keeping those as separate choices avoids auto-starting an
experimental worker just because the upstream feature toggle is enabled.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/config/experimental.py#L600-L602
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/versions.py#L183-L184
 2026-03-15 01:26:53 +02:00
Slavi Pantaleev 9af79ce4d2 matrix-synapse: support thread_subscriptions stream writers 
Add `thread_subscriptions` as a supported web-facing stream writer in MDAD and
route its unstable client endpoints via the same explicit writer-or-main model
used for the other web-facing stream-backed APIs.

This is not just another generic worker route. Current Synapse gives thread
subscriptions their own `writers.thread_subscriptions` configuration, backs them
with a multi-writer stream, and asserts on store writes that the current
instance is an allowed thread-subscriptions writer.

Explicit early routing is also required here because the subscription endpoint is
room-scoped. In MDAD's specialized-worker model, the existing room-worker regex
would otherwise match `/_matrix/client/unstable/io.element.msc4306/rooms/...`
and steal the request before it reached the correct writer-or-main fallback.

Unlike `device_lists`, support is added without enabling a thread-subscriptions
worker by default in the standard presets. The underlying MSC4306/4308 feature
remains unstable and disabled by default upstream, so the conservative default
is to keep the worker count at `0` and let the new explicit routes fall back to
`main` unless an operator opts in.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/config/workers.py#L175-L182
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/thread_subscriptions.py#L38-L247
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/storage/databases/main/thread_subscriptions.py#L66-L83
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/storage/databases/main/thread_subscriptions.py#L192-L322
 2026-03-15 01:16:24 +02:00
Slavi Pantaleev 0f687a69c5 matrix-synapse: simplify redundant SSO main-override regexes 
MDAD keeps `/_synapse/client/*` out of the broad worker-routing model.
Those paths are mounted by current Synapse on client-serving workers, but MDAD's
worker route buckets only match `/_matrix/client/*`, so `/_synapse/client/*`
requests already fall through to the main-process default.

That made the `/_synapse/client/*` branches in the dedicated SSO override regex
redundant. Remove those branches and leave the explicit SSO override focused on
the real `/_matrix/client/.../login/sso/redirect` path family, which would
otherwise be caught by the broad `/login` client-reader routing.

This also removes duplicated ownership of `login/sso/redirect` from the generic
main-override regex so the dedicated SSO override is the single place that
models that path.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/app/generic_worker.py#L197-L203
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/synapse/client/__init__.py#L39-L90
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/login.py#L636-L643
 2026-03-15 01:02:19 +02:00
Slavi Pantaleev ec36904671 matrix-synapse: route MSC3814 dehydrated-device APIs to workers 
Add the unstable MSC3814 dehydrated-device endpoints to both MDAD
worker-routing models:

- the specialized client_reader bucket
- the broad generic_worker route list

This is not a docs-driven change. Current workers.md does not meaningfully
spell out these paths, but the current Synapse code does mount them via the
normal devices servlet registration path, and non-main client workers do not
skip that servlet group.

That makes these endpoints a good fit for the same worker buckets that already
handle the surrounding device- and E2EE-related client APIs.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#synapseappgeneric_worker
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/devices.py#L256-L459
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/__init__.py#L81-L129
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/__init__.py#L179-L197
 2026-03-15 00:39:25 +02:00
Slavi Pantaleev 69df322f40 matrix-synapse: split client_reader routes into grouped regexes 
The client_reader route bucket had collapsed into one long alternation,
which made small worker-audit edits hard to review. Any endpoint change
rewrote the whole regex and obscured whether we were changing routing
policy or just maintaining the route list.

Refactor the variable into grouped regex entries with comments instead.
This keeps the current specialized-worker policy intact: nginx still
renders the client_reader locations in the same block, and the routes
still target the same upstream bucket. The goal here is to make future
doc/code audits, additions, and removals mechanical and reviewable.

This also matches MDAD's current worker model, where generic workers are
not mixed with the specialized room/sync/client/federation reader
routing buckets, so there is no need to derive this from the generic
worker map.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#historical-apps
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#synapseappgeneric_worker
 2026-03-15 00:29:32 +02:00
Slavi Pantaleev c0044a9b0a matrix-synapse: route MatrixRTC transport discovery to workers 
Current Synapse registers the MatrixRTC transport discovery endpoint on
client-serving workers when MSC4143 is enabled, but MDAD does not model
that path in either its client-reader bucket or its broader generic-
worker endpoint list.

Add the unstable MatrixRTC transport discovery route so MDAD's worker
routing matches the current upstream worker surface for this endpoint.
This is a small, isolated routing addition for a simple authenticated
GET endpoint.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/matrixrtc.py#L30-L52
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/__init__.py#L81-L129
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/__init__.py#L179-L197
 2026-03-15 00:11:58 +02:00
Slavi Pantaleev 63a0e8216b matrix-synapse: route account deactivation like current Synapse 
Current Synapse still documents and registers
`/_matrix/client/.../account/deactivate` on client-serving workers when
auth is not delegated. MDAD already routes neighboring account endpoints
such as `account/3pid` and `account/whoami`, but it omitted
`account/deactivate` from both its client-reader bucket and its broader
generic-worker endpoint list.

Add the missing route patterns so MDAD's worker routing matches the
current upstream worker surface in non-delegated-auth deployments. In
MAS / MSC3861 mode the endpoint is not registered upstream anyway, so
this does not expand the effective delegated-auth surface.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#synapseappgeneric_worker
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/account.py#L284-L324
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/account.py#L913-L920
 2026-03-14 23:49:20 +02:00
Slavi Pantaleev 975f14d2d8 matrix-synapse: route the current Nheko summary endpoint 
Synapse currently supports both the deprecated
`/_matrix/client/unstable/im.nheko.summary/rooms/<room>/summary`
route and the recommended
`/_matrix/client/unstable/im.nheko.summary/summary/<room>`
form. MDAD only matched the deprecated shape.

Add the recommended pattern alongside the old one so worker routing
matches the current upstream API surface while preserving backward
compatibility for the deprecated path.

Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#synapseappgeneric_worker
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/room.py#L1716-L1728
 2026-03-14 23:32:10 +02:00