iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-02-07 22:43:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
10,791 Commits 7 Branches 0 Tags
a7ddb189b52ae6f0909bd557e0828ad92c9fe984
Commit Graph

2586 Commits

Author SHA1 Message Date
Slavi Pantaleev
a7ddb189b5 Add missing license file for whoami_sync_worker_router.js.j2 2026-02-04 04:26:15 +02:00
Slavi Pantaleev
7d4536cf78 Upgrade baibot (v1.13.0 -> v1.14.0) and add built-in tools configuration support 2026-02-04 04:21:47 +02:00
Slavi Pantaleev
45c855c853 Remove old map-based user identifier extraction for sync workers 
The whoami-based approach is now the only implementation for sync worker routing.
It works with all token types (native Synapse, MAS, etc.) and is automatically
enabled when sync workers exist.

The old map-based approach only worked with native Synapse tokens (syt_<b64>_...)
and would give poor results with MAS or other auth systems.
 2026-02-04 04:06:59 +02:00
Slavi Pantaleev
5cc69ca7eb Add whoami-based sync worker routing for user-level sticky sessions 
This adds a new routing mechanism for sync workers that resolves access tokens
to usernames via Synapse's whoami endpoint, enabling true user-level sticky
routing regardless of which device or token is used.

Previously, sticky routing relied on parsing the username from native Synapse
tokens (`syt_<base64 username>_...`), which only works with native Synapse auth
and provides device-level stickiness at best. This new approach works with any
auth system (native Synapse, MAS, etc.) because Synapse handles token validation
internally.

Implementation uses nginx's auth_request module with an njs script because:
- The whoami lookup requires an async HTTP subrequest (ngx.fetch)
- js_set handlers must return synchronously and don't support async operations
- auth_request allows the async lookup to complete, then captures the result
  via response headers into nginx variables

The njs script:
- Extracts access tokens from Authorization header or query parameter
- Calls Synapse's whoami endpoint to resolve token -> username
- Caches results in a shared memory zone to minimize latency
- Returns the username via a `X-User-Identifier` header

The username is then used by nginx's upstream hash directive for consistent
worker selection. This leverages nginx's built-in health checking and failover.
 2026-02-04 04:06:59 +02:00
Aine
81f815d19b fix uid/gid vars for Synapse Admin 2026-02-03 21:40:11 +00:00
Aine
6c4b9bb3d7 Merge pull request #4886 from spantaleev/synapse-admin-etke53 
Synapse Admin v0.11.1-etke53
 2026-02-03 20:40:34 +00:00
Slavi Pantaleev
76e13f8200 Add native Sliding Sync (MSC3575) endpoint to worker routing 
The /_matrix/client/unstable/org.matrix.simplified_msc3575/sync endpoint
can be handled by generic workers, but Synapse's workers.md documentation
doesn't mention it. The code confirms it's worker-compatible:

- SlidingSyncRestServlet is registered via sync.register_servlets:
  https://github.com/element-hq/synapse/blob/0dfcffab0f/synapse/rest/client/sync.py#L1128-L1131

- sync.register_servlets is NOT in the worker exclusion list:
  https://github.com/element-hq/synapse/blob/0dfcffab0f/synapse/rest/__init__.py#L180-L194

- GenericWorkerStore includes SlidingSyncStore:
  https://github.com/element-hq/synapse/blob/0dfcffab0f/synapse/app/generic_worker.py#L168

This adds the endpoint to both:
- matrix_synapse_workers_sync_worker_client_server_endpoints (for specialized sync workers with sticky routing)
- matrix_synapse_workers_generic_worker_endpoints (documenting generic worker capability)
 2026-02-02 15:59:00 +02:00
Aine
5bbb1930cb Synapse Admin i18n menu 2026-01-31 23:55:47 +00:00
renovate[bot]
2f66b7df94 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.1.31 2026-01-31 12:58:55 +02:00
Aine
f621eb8018 Synapse Admin v0.11.1-etke53 2026-01-30 22:39:12 +00:00
renovate[bot]
3f0ff4c510 chore(deps): update halfshot/matrix-hookshot docker tag to v7.3.2 2026-01-30 21:15:05 +02:00
Thom Wiggers
b1ff71266b Update matrix-appservice-irc to 4.0.0 with authenticated media proxy support 
- Upgrade from 1.0.1 to 4.0.0
- Add ircService.mediaProxy configuration for authenticated Matrix media
- Add Traefik integration for media proxy endpoint
- Generate signing key for authenticated media

Closes #3512

Co-authored-by: Jade Ellis <jade@ellis.link>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2026-01-29 12:08:59 +02:00
renovate[bot]
67e650b5f9 chore(deps): update coturn/coturn docker tag to v4.8.0 2026-01-27 22:46:31 +02:00
Slavi Pantaleev
18b11eea3b Try versioning=loose for the Coturn container image definition for Renovate 
Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4880#issuecomment-3807433691
 2026-01-27 22:40:47 +02:00
Sid Manat
fd6f72382d Upgrade Coturn (4.6.2-r11 -> 4.8.0-r0) 2026-01-27 22:24:54 +02:00
Slavi Pantaleev
460d46999f Make Synapse's enable_local_media_storage configurable 
Ref:
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4882
- https://github.com/element-hq/synapse/pull/19204
- https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage

We default it to `true`, keeping up with upstream and the old behavior.

s3-storage-provider users may set `matrix_synapse_enable_local_media_storage` to `false`
to disable local file caching.
This likely comes at the expense of some performance.

For matrix-media-repo users, it likely doesn't matter what this is set to,
as for a matrix-media-repo setup, all media-related API endpoints are
captured and forwarded to matrix-media-repo (before reaching Synapse).
 2026-01-27 22:11:06 +02:00
renovate[bot]
93d110e61e chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.146.0 2026-01-27 22:10:25 +02:00
renovate[bot]
6629867235 chore(deps): update ghcr.io/element-hq/matrix-authentication-service docker tag to v1.10.0 2026-01-27 21:18:40 +02:00
renovate[bot]
8a3c75b7bd chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.9 2026-01-27 16:55:38 +02:00
renovate[bot]
692c34ad9b chore(deps): update halfshot/matrix-hookshot docker tag to v7.3.1 2026-01-24 20:07:34 +02:00
Slavi Pantaleev
97c2915034 Upgrade baibot (v1.12.0 -> v1.13.0) 2026-01-23 00:52:36 +02:00
renovate[bot]
cc9234d3ba chore(deps): update ghcr.io/etkecc/fluffychat-web docker tag to v2.4.0 2026-01-21 15:49:48 +02:00
renovate[bot]
47322a8d52 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.1.21 2026-01-21 08:35:31 +02:00
Slavi Pantaleev
911031e2cf Add support for Hookshot static connections (new in v7.3.0) 
This adds the matrix_hookshot_connections variable for configuring
static webhook connections via the config file.

See: https://github.com/matrix-org/matrix-hookshot/pull/1102
 2026-01-20 16:10:30 +02:00
renovate[bot]
e01a79865c chore(deps): update halfshot/matrix-hookshot docker tag to v7.3.0 2026-01-20 15:38:23 +02:00
renovate[bot]
c8fc504470 chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2601.0 2026-01-16 22:28:12 +02:00
renovate[bot]
a6c447ade3 chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.2601.0 2026-01-16 22:26:58 +02:00
renovate[bot]
aa69069627 chore(deps): update dock.mau.dev/mautrix/signal docker tag to v0.2601.0 2026-01-16 22:26:48 +02:00
renovate[bot]
7c8a28d590 chore(deps): update ghcr.io/element-hq/lk-jwt-service docker tag to v0.4.1 2026-01-15 20:30:02 +02:00
Slavi Pantaleev
bd6202eb65 Upgrade Traefik (v3.6.6-0 -> v3.6.7-1) and remove all (now-unnecessary) encodedCharacters_* setting overrides 
All these `encodedCharacters_*` settings default to `true` in Traefik v3.6.7,
so we don't need to override their values.

Ref: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v367

Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4835
 2026-01-15 14:40:38 +02:00
Slavi Pantaleev
ac5dc5d44f Pull in some additional Synapse workers routing configuration 
Provoked by https://github.com/element-hq/synapse/pull/19281
which landed in Synapse v1.145.0, but we pull in a few other routes
that I noticed to be missing.
 2026-01-14 12:07:09 +02:00
renovate[bot]
a050107e0f chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.145.0 2026-01-14 12:06:41 +02:00
renovate[bot]
41108b57e3 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026 2026-01-14 11:55:53 +02:00
renovate[bot]
78c7b61af8 chore(deps): update ghcr.io/element-hq/matrix-authentication-service docker tag to v1.9.0 2026-01-13 19:47:45 +02:00
renovate[bot]
b5c5f34ca4 chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.8 2026-01-13 19:46:26 +02:00
akdk7
dd54691137 Automatically integate matrix-media-repo with Valkey (if enabled) (#4851) 
* This push request is about handling Traefik ipallowlist to synapse-admin application.

It's my first push request. If I forgot something please let me know. :-)

* Changed position of variable and naming for better expandebility of traefik options

* Remove useless `noqa var-naming` comment and too many blank lines at the end of the file

* If redis ist enabled for matrix media repo it failes to connect to valkey due to inproper configuration.

* Updated solution for fixing MMR redis connection

* Clean up

* Update valkey_container_network condition

---------

Co-authored-by: AkDk7 <joerg@pannbacker.email>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2026-01-10 15:07:12 +02:00
Aine
afe5b06771 Synapse Admin v0.11.1-etke52 2026-01-09 08:43:28 +00:00
renovate[bot]
65213ff497 chore(deps): update ghcr.io/jasonlaguidice/matrix-steam-bridge docker tag to v1.1.0 2026-01-08 06:56:55 +02:00
Aine
858a4ab555 Synapse Admin v0.11.1-etke51 2026-01-06 09:47:01 +00:00
Mark Monteiro
be7536390d improve notes about configuring hookshot encryption 
- clarify that Redis is configured automatically
- add note indicating that encryption is not currently supported when using MAS
 2025-12-31 08:50:36 +02:00
renovate[bot]
e7612dc0ce chore(deps): update matrixconduit/matrix-conduit docker tag to v0.10.11 2025-12-31 06:34:57 +02:00
Slavi Pantaleev
edf833627e Add matrix_coturn_hostname to allow for the Coturn domain to be different than matrix_server_fqn_matrix 2025-12-25 10:03:39 +02:00
renovate[bot]
9cbc9c6b06 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2025.12.24 2025-12-24 11:13:33 +02:00
Aine
484e94d493 add matrix_synapse_ext_s3_storage_provider_container_arguments var 2025-12-23 15:34:32 +00:00
renovate[bot]
b0f73f7966 chore(deps): update matrixconduit/matrix-conduit docker tag to v0.10.10 2025-12-23 05:38:22 +02:00
Slavi Pantaleev
66c85f63e6 Update default OpenAI image generation model for baibot (gpt-image-1 -> gpt-image-1.5) 2025-12-21 23:28:36 +02:00
Slavi Pantaleev
9ea18d6f2d Upgrade baibot (v1.11.0 -> v1.12.0) 2025-12-21 23:28:12 +02:00
Aine
a073f21a8f Postmoogle v0.9.28 2025-12-21 17:07:14 +00:00
Suguru Hirahara
68337b6f45 Remove the tasks to retrieve a nonexistent container image for Matrix.to 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2025-12-19 19:17:18 +02:00
QEDeD
a8ef76735d Narrow var-naming noqa to pattern 2025-12-19 15:01:39 +02:00