be8fc7e8ba
chore(deps): update nginx docker tag to v1.29.8
2026-04-08 07:15:05 +03:00
3400769336
chore(deps): update nginx docker tag to v1.29.7
2026-03-25 09:40:14 +02:00
e5dbd51b46
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.150.0
2026-03-24 23:55:29 +02:00
63c4fffe65
Add Synapse support for MSC4143
2026-03-23 21:45:13 +02:00
b3a0f52824
Add conditional restart support to matrix-synapse-s3-storage-provider-migrate
...
Register env, database config, scripts, and systemd service/timer results,
compute matrix_synapse_s3_storage_provider_restart_necessary, and wire it
into group_vars/matrix_servers instead of hardcoding restart_necessary: true.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 10:21:59 +02:00
27a2b126bc
Add conditional restart support to matrix-goofys
...
Register image pull, env, and systemd service results, compute
matrix_goofys_restart_necessary, and wire it into group_vars/matrix_servers
instead of hardcoding restart_necessary: true.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 10:19:45 +02:00
68aca96cbd
docs: clarify database_host ignored when postgres sockets are enabled
2026-03-18 15:21:03 +02:00
19423864f0
synapse: add missing server_notices configuration variables
...
Add support for all server_notices settings documented by Synapse:
- room_avatar_url: optional avatar for the server notices room
- room_topic: optional topic for the server notices room
- auto_join: whether users are auto-joined instead of invited (default: false)
Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de >
2026-03-17 16:43:14 +02:00
5df7e678f7
matrix-synapse: add an explicit msc4306 feature toggle
...
Expose Synapse's `msc4306_enabled` experimental flag as a first-class MDAD
variable and wire it into `homeserver.yaml` alongside the other experimental
feature toggles.
This makes thread-subscriptions support explicit in playbook configuration,
rather than requiring operators to inject the upstream flag via raw
`matrix_synapse_configuration_extension_yaml`.
The variable intentionally controls only the Synapse feature flag. It does not
change the default `thread_subscriptions` worker count, which remains `0` in the
standard presets. Keeping those as separate choices avoids auto-starting an
experimental worker just because the upstream feature toggle is enabled.
Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/config/experimental.py#L600-L602
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/versions.py#L183-L184
2026-03-15 01:26:53 +02:00
9af79ce4d2
matrix-synapse: support thread_subscriptions stream writers
...
Add `thread_subscriptions` as a supported web-facing stream writer in MDAD and
route its unstable client endpoints via the same explicit writer-or-main model
used for the other web-facing stream-backed APIs.
This is not just another generic worker route. Current Synapse gives thread
subscriptions their own `writers.thread_subscriptions` configuration, backs them
with a multi-writer stream, and asserts on store writes that the current
instance is an allowed thread-subscriptions writer.
Explicit early routing is also required here because the subscription endpoint is
room-scoped. In MDAD's specialized-worker model, the existing room-worker regex
would otherwise match `/_matrix/client/unstable/io.element.msc4306/rooms/...`
and steal the request before it reached the correct writer-or-main fallback.
Unlike `device_lists`, support is added without enabling a thread-subscriptions
worker by default in the standard presets. The underlying MSC4306/4308 feature
remains unstable and disabled by default upstream, so the conservative default
is to keep the worker count at `0` and let the new explicit routes fall back to
`main` unless an operator opts in.
Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/config/workers.py#L175-L182
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/thread_subscriptions.py#L38-L247
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/storage/databases/main/thread_subscriptions.py#L66-L83
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/storage/databases/main/thread_subscriptions.py#L192-L322
2026-03-15 01:16:24 +02:00
0f687a69c5
matrix-synapse: simplify redundant SSO main-override regexes
...
MDAD keeps `/_synapse/client/*` out of the broad worker-routing model.
Those paths are mounted by current Synapse on client-serving workers, but MDAD's
worker route buckets only match `/_matrix/client/*`, so `/_synapse/client/*`
requests already fall through to the main-process default.
That made the `/_synapse/client/*` branches in the dedicated SSO override regex
redundant. Remove those branches and leave the explicit SSO override focused on
the real `/_matrix/client/.../login/sso/redirect` path family, which would
otherwise be caught by the broad `/login` client-reader routing.
This also removes duplicated ownership of `login/sso/redirect` from the generic
main-override regex so the dedicated SSO override is the single place that
models that path.
Refs:
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/app/generic_worker.py#L197-L203
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/synapse/client/__init__.py#L39-L90
- https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/login.py#L636-L643
2026-03-15 01:02:19 +02:00
dfe8628fbf
matrix-synapse: add routing-focused reverse-proxy access log preset
2026-03-14 02:56:48 +02:00
a3ff72ebff
matrix-synapse: enable push_rules writer in worker presets
2026-03-14 01:50:07 +02:00
df76b1cd5b
matrix-synapse: enable device_lists writer in worker presets
2026-03-14 01:49:45 +02:00
dafac35a0e
matrix-synapse: route stream-backed client endpoints explicitly and add device_lists stream writer support
...
Some client API endpoints (e.g. keys/upload) are backed by Synapse stream writers and
should not rely on broad worker regexes or route-order fallthrough for correctness.
When explicit per-stream routing is missing, requests may be captured by generic, room, or client_reader workers, instead of:
- going to the configured stream writer
- or to `main` when that stream writer is not enabled
This refactors synapse-reverse-proxy-companion's routing so that web-facing stream-backed endpoint families
are handled explicitly and early, with deterministic writer-or-main fallback.
Add first-class support for the missing `device_lists` stream writer,
generalize the same routing model to `push_rules`,
and remove stale broad-route ownership for device-list-sensitive endpoints.
2026-03-14 01:42:08 +02:00
79a4156a78
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.149.1
2026-03-11 12:26:30 +02:00
0320e671e3
chore(deps): update nginx docker tag to v1.29.6
2026-03-11 01:47:55 +02:00
4e3658bb98
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.149.0
2026-03-10 22:43:44 +02:00
12d8015bc4
optional postgres unix socket with synapse
2026-03-10 17:38:16 +00:00
81b944540b
chore(deps): update matrixdotorg/mjolnir docker tag to v1.12.1
2026-03-10 07:38:57 +02:00
df5b84588b
Add support for sticky events (experimental)
2026-03-09 15:51:38 +02:00
82caf3a7d3
improve synapse redis socket mounting
2026-03-08 09:56:26 +00:00
45d5ebd008
fix comments
2026-03-08 08:09:17 +00:00
0c40a03efc
allow synapse to use redis unix socket instead of tcp
2026-03-08 07:24:33 +00:00
1ee5c1f416
feat(synapse): add ca_certs_file support for LDAP TLS
...
Add matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file
variable to allow specifying a custom CA certificate file for LDAP TLS
verification. Useful when Synapse is running in a container that does not
trust a private/internal CA by default.
Example usage:
matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file: /etc/ssl/certs/my-ca.crt
2026-03-05 14:06:52 +02:00
a949605518
Remove duplicate "Project source code URL" from roles/custom/matrix-synapse/defaults/main.yml
...
This was causing issues when it's parsed out by certain tools.
Regression since 28afbde971
2026-02-26 12:40:45 +02:00
28afbde971
Merge Synapse reverse-proxy companion role into matrix-synapse
...
The companion role was tightly coupled to Synapse through shared tags, worker routing, and lifecycle ordering. Keeping them separate added coordination overhead without practical benefits, especially for parallelized execution.
This merges the role into matrix-synapse while keeping companion logic organized under dedicated reverse_proxy_companion task/template subdirectories.
Compatibility is preserved:
- matrix_synapse_reverse_proxy_companion_* variable names remain unchanged
- install/setup companion-specific tags remain available
Cross-role/global wiring is now in group_vars (matrix-synapse section), while role defaults provide sensible standalone defaults and self-wiring for Synapse-owned values.
2026-02-26 06:51:47 +02:00
8c6c544c90
chore(deps): update matrixdotorg/mjolnir docker tag to v1.12.0
2026-02-24 22:57:33 +02:00
ee243a8aab
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.148.0
2026-02-24 16:52:17 +02:00
2c29027868
Add configurable Synapse room complexity limit variables
2026-02-21 17:44:31 +02:00
a1dc468004
Have the Synapse healthcheck be more patient to accommodate slow servers
2026-02-19 13:49:17 +02:00
ff2a0be559
Rename matrix_s3_goofys _docker_image vars to _container_image
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-18 10:36:17 +02:00
ca2b6b0a27
Rename _docker_ vars to _container_ for kakaotalk, telegram, synapse
...
These three roles have multiple variable prefixes each:
- kakaotalk: matrix_appservice_kakaotalk + matrix_appservice_kakaotalk_node
- telegram: matrix_mautrix_telegram + matrix_mautrix_telegram_lottieconverter
- synapse: matrix_synapse + matrix_synapse_customized + matrix_synapse_rust_synapse_compress_state
For each: renamed _docker_image* to _container_image* (and _docker_src*,
_docker_repo* where applicable), added deprecation entries in
validate_config.yml, updated group_vars references, and moved
deprecation tasks to the front of validate_config.yml.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-18 09:48:38 +02:00
e5b48f22db
Remove synapse-auto-invite-accept ( #4943 )
...
* Remove `matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove `matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove `matrix_synapse_ext_synapse_auto_accept_invite_enabled`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove `matrix_synapse_container_image_customizations_auto_accept_invite_installation_enabled`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove `matrix_synapse_ext_synapse_auto_accept_invite_version`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove `matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_from_local_users`
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove roles/custom/matrix-synapse/tasks/ext/synapse-auto-accept-invite
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update README.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update container-images.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update configuring-playbook.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update configuring-playbook-synapse-auto-accept-invite.md
Reuse https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/bf744319e0fd3ab889070ab327ab3324824647fc/docs/configuring-playbook-sliding-sync-proxy.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update validate_config.yml
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update CHANGELOG.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
---------
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
2026-02-17 14:37:46 +02:00
409c7393a0
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.147.1
2026-02-12 20:12:35 +02:00
a4c40979d2
Remove Dimension ( #4916 )
...
* Remove roles/custom/matrix-dimension
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Remove mentions to Dimension
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update configuring-playbook-dimension.md
Reuse https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/0f5015a33c4afcc7487fa0e7bc4d2431b0d5a2a0/docs/configuring-playbook-bridge-mx-puppet-twitter.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update validate_config.yml
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update CHANGELOG.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
---------
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
2026-02-12 20:05:51 +02:00
a77a8753d9
Derive Synapse post-start delay from Traefik's providersThrottleDuration
...
After Synapse's systemd health check passes, Traefik still needs
providers.providersThrottleDuration to register routes. Derive the
post-start delay from this setting (+1s for healthcheck polling gap)
instead of using a hardcoded value. Defaults to 0 when no Traefik
reverse proxy is used.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-12 00:54:46 +02:00
9d9e9e9177
Use docker inspect for Synapse systemd health check and lower health interval
...
Switch the systemd ExecStartPost health check from docker exec + curl
to polling docker inspect for container health status. This piggybacks
on the container image's built-in HEALTHCHECK instead of duplicating it.
Also add a configurable container health interval (5s for Traefik setups,
15s otherwise) to speed up startup readiness detection without affecting
non-Traefik deployments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-12 00:13:02 +02:00
59e70b8ca9
Add systemd-healthcheck to Synapse systemd service in an effort to increase reliability (of Synapse-dependant services)
...
Previously, we had a 10-second magical delay.
Now we first do a healthcheck to figure out when it really is up.
Then, we do the same 10-second magical delay to account for the time it
may take for a reverse-proxy (like Traefik) to pick up Synapse's routes.
2026-02-11 23:32:33 +02:00
dd26f8a12a
Add systemd dependencies to s3-storage-provider-migrate service
...
The migrate service now declares Requires/After on matrix-synapse.service,
ensuring Synapse (and its transitive dependencies like Postgres and Docker)
are running before the migration triggers.
2026-02-11 16:50:29 +02:00
482ef0fdf5
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.147.0
2026-02-10 16:51:46 +02:00
4310fb83c1
Remove ma1sd ( #4898 )
...
* Remove ma1sd
Reuse https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/6d1ec58a8213b586f6292136a9d8938c258d2f76/docs/configuring-playbook-bridge-mautrix-instagram.md
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update configuring-playbook-ma1sd.pot
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update changelog entry date for ma1sd removal
---------
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Slavi Pantaleev <slavi@devture.com >
2026-02-08 09:35:51 +02:00
adf521f8cb
add matrix_synapse_email_enable_notifs and matrix_synapse_email_notif_for_new_users
2026-02-05 19:09:51 +00:00
460d46999f
Make Synapse's enable_local_media_storage configurable
...
Ref:
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4882
- https://github.com/element-hq/synapse/pull/19204
- https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage
We default it to `true`, keeping up with upstream and the old behavior.
s3-storage-provider users may set `matrix_synapse_enable_local_media_storage` to `false`
to disable local file caching.
This likely comes at the expense of some performance.
For matrix-media-repo users, it likely doesn't matter what this is set to,
as for a matrix-media-repo setup, all media-related API endpoints are
captured and forwarded to matrix-media-repo (before reaching Synapse).
2026-01-27 22:11:06 +02:00
93d110e61e
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.146.0
2026-01-27 22:10:25 +02:00
a050107e0f
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.145.0
2026-01-14 12:06:41 +02:00
484e94d493
add matrix_synapse_ext_s3_storage_provider_container_arguments var
2025-12-23 15:34:32 +00:00
aec4185135
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.144.0
2025-12-10 06:47:15 +02:00
ddf0fe7167
Fix Ansible inject_facts_as_vars deprecation warning
2025-11-26 11:56:57 +02:00
1f2f7e468e
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.143.0
Lock Threads / action (push) Has been cancelled
Matrix CI / yamllint (push) Has been cancelled
Matrix CI / ansible-lint (push) Has been cancelled
Matrix CI / Run pre-commit (push) Has been cancelled
2025-11-26 06:12:17 +02:00
renovate[bot]
Slavi Pantaleev
Norman Ziegner
Aine
Benjamin Blacher
mikhail.sarnov
Suguru Hirahara