For each of the 34 roles (3 clients, 9 bots, 22 bridges), this commit:
- Adds `_restart_necessary: false` default variable
- Adds `register:` directives to config/image/systemd tasks
- Computes `_restart_necessary` via set_fact (OR of all .changed results)
- Wires `(_restart_necessary | bool)` in group_vars/matrix_servers
This allows the systemd service manager to skip unnecessary restarts
when running install-* tags and nothing actually changed.
Service roles and complex multi-service roles will follow separately.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This:
- brings consistency - no more mixing `_name_prefix` and `_registry_prefix`
- adds extensibility - a future patch will allow reconfiguring all registry prefixes for all roles in the playbook
We still have `_docker_` vs `_container_` inconsistencies.
These may be worked on later.
We used to pass the shared secret for double-puppeting via a
`login_shared_secret` parameter, which doesn't seem to exist anymore.
The proper way to do it is via `login_shared_secret_map`.
The comments for `login_shared_secret_map` seem to indicate that it's
only usable with the shared-secret-auth password provider.
However, this bridge is based on mautrix-python (`>=0.20.5,<0.21`) as
per its `requirements.txt`
Support for double-puppeting via arbitrary access tokens landed in
mautrix-python 0.20.1 (https://github.com/mautrix/python/blob/6f25b62e80616fa8a8a57d12a03caca51b3c89b4/CHANGELOG.md#L44-L53),
so it should be possible to use appservice double-puppet.
Related to https://github.com/mautrix/python/commit/af04ca12389e344fbda10463085ed5df4b62db69
A bunch of other parameters seem to have moved around as well.
This patch introduces some new Ansible variables for controlling
additional settings related to encryption, etc.
This is backward-compatible with what we had before. We're not changing
the SSL mode - just making it configurable.
Most components are defaulting to `sslmode=disable`, while some
(`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all.
We're making sslmode configurable, because certain external Postgres
servers may be configured to require SSL encryption.
In such cases `sslmode=disable` does not work and needs to be changed to
`sslmode=require` or something else (`verify-ca`, `verify-full`, etc).
Slavi Pantaleev
Suguru Hirahara
gardar
Samuel Meenzen
Aine
Paul ALNET
Aine