chore(deps): update matrixdotorg/sygnal docker tag to v0.17.0

Relates to 904a98d56c.

Signed-off-by: The one with the braid <info@braid.business>

CHANGELOG.md

@@ -1,3 +1,11 @@
+# 2025-12-09
+
+## Traefik Cert Dumper upgrade
+
+The variable `traefik_certs_dumper_ssl_dir_path` was renamed to `traefik_certs_dumper_ssl_path`. Users who use [their own webserver with Traefik](docs/configuring-playbook-own-webserver.md) may need to adjust their configuration.
+
+The variable `traefik_certs_dumper_dumped_certificates_dir_path` was renamed to `traefik_certs_dumper_dumped_certificates_path`. Users who use [SRV Server Delegation](docs/howto-srv-server-delegation.md) may need to adjust their configuration.
+
 # 2025-11-23
 
 ## Matrix.to support

docs/configuring-playbook-own-webserver.md

@@ -51,7 +51,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
 # Adjust to point to your Traefik container
 matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container
 
-traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
+traefik_certs_dumper_ssl_path: "/path/to/your/traefiks/acme.json/directory"
 
 # Uncomment and adjust the variable below if the name of your federation entrypoint is different
 # than the default value (matrix-federation).

docs/howto-srv-server-delegation.md

@@ -112,12 +112,12 @@ matrix_coturn_container_additional_volumes: |
     (
       [
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/certificate.crt'),
          'dst': '/certificate.crt',
          'options': 'ro',
        },
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/privatekey.key'),
          'dst': '/privatekey.key',
          'options': 'ro',
        },
@@ -173,12 +173,12 @@ matrix_coturn_container_additional_volumes: |
     (
       [
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/certificate.crt'),
          'dst': '/certificate.crt',
          'options': 'ro',
        },
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/*.' + matrix_domain + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/*.' + matrix_domain + '/privatekey.key'),
          'dst': '/privatekey.key',
          'options': 'ro',
        },

group_vars/matrix_servers

@@ -2242,8 +2242,8 @@ matrix_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['a
 matrix_postmoogle_ssl_path: |-
   {{
     {
-      'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''),
-      'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''),
+      'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''),
+      'other-traefik-container': (traefik_certs_dumper_dumped_certificates_path if traefik_certs_dumper_enabled else ''),
       'none': '',
     }[matrix_playbook_reverse_proxy_type]
   }}
@@ -3088,6 +3088,8 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
 # We don't enable matrixto by default.
 matrix_matrixto_enabled: false
 
+matrix_matrixto_base_path: "{{ matrix_base_data_path }}/matrixto"
+
 # The container image is not provided at https://github.com/matrix-org/matrix.to
 matrix_matrixto_container_image_self_build: true
 
@@ -3189,12 +3191,12 @@ matrix_coturn_container_additional_volumes: |
     (
       [
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + matrix_server_fqn_matrix + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/' + matrix_server_fqn_matrix + '/certificate.crt'),
          'dst': '/certificate.crt',
          'options': 'ro',
        },
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + matrix_server_fqn_matrix + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/' + matrix_server_fqn_matrix + '/privatekey.key'),
          'dst': '/privatekey.key',
          'options': 'ro',
        },
@@ -5879,7 +5881,7 @@ traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumpe
 traefik_certs_dumper_uid: "{{ matrix_user_uid }}"
 traefik_certs_dumper_gid: "{{ matrix_user_gid }}"
 
-traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}"
+traefik_certs_dumper_ssl_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}"
 
 traefik_certs_dumper_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else traefik_certs_dumper_container_image_registry_prefix_upstream_default }}"
 
@@ -5988,12 +5990,12 @@ livekit_server_container_additional_volumes_auto: |
     (
       [
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + livekit_server_config_turn_domain + '/certificate.crt'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/' + livekit_server_config_turn_domain + '/certificate.crt'),
          'dst': livekit_server_config_turn_cert_file,
          'options': 'ro',
        },
        {
-         'src': (traefik_certs_dumper_dumped_certificates_dir_path +  '/' + livekit_server_config_turn_domain + '/privatekey.key'),
+         'src': (traefik_certs_dumper_dumped_certificates_path +  '/' + livekit_server_config_turn_domain + '/privatekey.key'),
          'dst': livekit_server_config_turn_key_file,
          'options': 'ro',
        },

i18n/requirements.txt

@@ -19,9 +19,9 @@ PyYAML==6.0.3
 requests==2.32.5
 setuptools==80.9.0
 snowballstemmer==3.0.1
-Sphinx==9.0.3
+Sphinx==9.0.4
 sphinx-intl==2.3.2
-sphinx-markdown-builder==0.6.8
+sphinx-markdown-builder==0.6.9
 sphinxcontrib-applehelp==2.0.0
 sphinxcontrib-devhelp==2.0.0
 sphinxcontrib-htmlhelp==2.1.0
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
 tabulate==0.9.0
 uc-micro-py==1.0.3
-urllib3==2.6.0
+urllib3==2.6.1

requirements.yml

@@ -70,7 +70,7 @@
   version: v3.6.4-0
   name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
-  version: v2.10.0-2
+  version: v2.10.0-3
   name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
   version: v9-0

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.7.0
+matrix_authentication_service_version: 1.8.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

roles/custom/matrix-base/defaults/main.yml

@@ -273,7 +273,7 @@ matrix_metrics_exposure_http_basic_auth_users: ''
 #     - nevertheless, the playbook expects that you would install Traefik yourself via other means
 #     - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
 #     - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
-#     - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`)
+#     - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_path`)
 #
 # - `none`
 #     - no reverse-proxy will be installed

roles/custom/matrix-cactus-comments-client/defaults/main.yml

@@ -18,7 +18,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.40.0
+matrix_cactus_comments_client_version: 2.40.1
 
 matrix_cactus_comments_client_container_image: "{{ matrix_cactus_comments_client_container_image_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_registry_prefix: "{{ matrix_cactus_comments_client_container_image_registry_prefix_upstream }}"

roles/custom/matrix-livekit-jwt-service/defaults/main.yml

@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.3.0
+matrix_livekit_jwt_service_version: 0.4.0
 
 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
@@ -68,8 +68,15 @@ matrix_livekit_jwt_service_container_labels_additional_labels: ''
 # A list of extra arguments to pass to the container
 matrix_livekit_jwt_service_container_extra_arguments: []
 
-# Controls the LK_JWT_PORT environment variable
-matrix_livekit_jwt_service_environment_variable_livekit_jwt_port: 8080
+# Controls the port that the service listens on internally in the container.
+# This is still used for Traefik configuration and container port binding.
+matrix_livekit_jwt_service_container_port: 8080
+
+# Controls the LIVEKIT_JWT_BIND environment variable.
+# This is the preferred method in v0.4.0+, replacing the deprecated LIVEKIT_JWT_PORT.
+# Format: "host:port" or ":port" (to bind to all interfaces).
+# The default ":8080" binds to all interfaces on port 8080.
+matrix_livekit_jwt_service_environment_variable_livekit_jwt_bind: ":{{ matrix_livekit_jwt_service_container_port }}"
 
 # Controls the LIVEKIT_KEY environment variable
 matrix_livekit_jwt_service_environment_variable_livekit_key: ""

roles/custom/matrix-livekit-jwt-service/tasks/main.yml

@@ -8,7 +8,7 @@
 
 - tags:
     - setup-all
-    - setup-jwt-service
+    - setup-livekit-jwt-service
     - install-all
     - install-livekit-jwt-service
   block:

roles/custom/matrix-livekit-jwt-service/tasks/validate_config.yml

@@ -6,6 +6,15 @@
 
 ---
 
+- name: (Deprecation) Catch and report renamed LiveKit JWT Service settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_livekit_jwt_service_environment_variable_livekit_jwt_port', 'new': 'matrix_livekit_jwt_service_container_port'}
+
 - name: Fail if required LiveKit JWT Service settings are not defined
   ansible.builtin.fail:
     msg: >

roles/custom/matrix-livekit-jwt-service/templates/env.j2

@@ -5,7 +5,7 @@ SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-LIVEKIT_JWT_PORT={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port | int | to_json }}
+LIVEKIT_JWT_BIND={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_bind }}
 
 LIVEKIT_KEY={{ matrix_livekit_jwt_service_environment_variable_livekit_key }}
 LIVEKIT_URL={{ matrix_livekit_jwt_service_environment_variable_livekit_url }}

roles/custom/matrix-livekit-jwt-service/templates/labels.j2

@@ -10,7 +10,7 @@ traefik.enable=true
 
 traefik.docker.network={{ matrix_livekit_jwt_service_container_labels_traefik_docker_network }}
 
-traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }}
+traefik.http.services.matrix-livekit-jwt-service.loadbalancer.server.port={{ matrix_livekit_jwt_service_container_port }}
 
 {% set middlewares = [] %}
 

roles/custom/matrix-livekit-jwt-service/templates/systemd/matrix-livekit-jwt-service.service.j2

@@ -20,7 +20,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
     --cap-drop=ALL \
     --network={{ matrix_livekit_jwt_service_container_network }} \
     {% if matrix_livekit_jwt_service_container_http_host_bind_port %}
-    -p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_environment_variable_livekit_jwt_port }} \
+    -p {{ matrix_livekit_jwt_service_container_http_host_bind_port }}:{{ matrix_livekit_jwt_service_container_port }} \
     {% endif %}
     --env-file={{ matrix_livekit_jwt_service_base_path }}/env \
     --label-file={{ matrix_livekit_jwt_service_base_path }}/labels \

roles/custom/matrix-static-files/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.40.0
+matrix_static_files_version: 2.40.1
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"

roles/custom/matrix-sygnal/defaults/main.yml

@@ -22,7 +22,7 @@ matrix_sygnal_hostname: ''
 matrix_sygnal_path_prefix: /
 
 # renovate: datasource=docker depName=matrixdotorg/sygnal
-matrix_sygnal_version: v0.15.1
+matrix_sygnal_version: v0.17.0
 
 matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"

roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml

@@ -24,7 +24,7 @@
 matrix_synapse_reverse_proxy_companion_enabled: true
 
 # renovate: datasource=docker depName=nginx
-matrix_synapse_reverse_proxy_companion_version: 1.29.3-alpine
+matrix_synapse_reverse_proxy_companion_version: 1.29.4-alpine
 
 matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
 matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.143.0
+matrix_synapse_version: v1.144.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''