Make Synapse's enable_local_media_storage configurable

Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4882 - https://github.com/element-hq/synapse/pull/19204 - https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage We default it to `true`, keeping up with upstream and the old behavior. s3-storage-provider users may set `matrix_synapse_enable_local_media_storage` to `false` to disable local file caching. This likely comes at the expense of some performance. For matrix-media-repo users, it likely doesn't matter what this is set to, as for a matrix-media-repo setup, all media-related API endpoints are captured and forwarded to matrix-media-repo (before reaching Synapse).
chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.146.0
2026-01-27 23:23:16 +03:00 · 2026-01-27 22:11:06 +02:00 · 2026-01-27 22:10:25 +02:00 · 2026-01-27 21:18:40 +02:00 · 2026-01-27 16:55:38 +02:00 · 2026-01-27 12:53:38 +02:00
24 changed files with 91 additions and 99 deletions
--- a/.github/workflows/matrix.yml
+++ b/.github/workflows/matrix.yml
@@ -26,7 +26,7 @@ jobs:
        uses: actions/checkout@v6
      - name: Run ansible-lint
-        uses: ansible/ansible-lint@v25.12.2
+        uses: ansible/ansible-lint@v26.1.1
        with:
          args: "roles/custom"
          setup_python: "true"
--- a/docs/configuring-playbook-matrix-authentication-service.md
+++ b/docs/configuring-playbook-matrix-authentication-service.md
@@ -57,6 +57,10 @@ This section details what you can expect when switching to the Matrix Authentica
  - [Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again
  - [Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:
    > cannot initialize matrix bot error="olm account is marked as shared, keys seem to have disappeared from the server"
 - ❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting).
 - ⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -3648,6 +3648,8 @@ matrix_media_repo_container_additional_networks: |
      ([postgres_container_network] if (postgres_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_media_repo_container_network) else [])
      +
      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_media_repo_container_labels_traefik_enabled) else [])
      +
      ([valkey_container_network] if valkey_enabled and matrix_media_repo_redis_enabled else [])
    ) | unique
  }}
@@ -3713,6 +3715,21 @@ matrix_media_repo_homeservers_auto:
 matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
 matrix_media_repo_redis_enabled: "{{ valkey_enabled }}"
 # Use next redis index since Synapse is on 0. You can chose between index 0 and 15.
 matrix_media_repo_redis_database_number: 1
 matrix_media_repo_redis_shards: |
  {{
    ([{
          'name': 'valkey',
          'addr': (valkey_identifier + ':' + valkey_container_http_port | string),
    }])
    if valkey_enabled and matrix_media_repo_redis_enabled
    else []
  }}
 ######################################################################
 #
 # /matrix-media-repo
@@ -5838,20 +5855,6 @@ traefik_gid: "{{ matrix_user_gid }}"
 # This override (for the `web` entrypoint) also cascades to overriding the `web-secure` entrypoint and the `matrix-federation` entrypoint.
 traefik_config_entrypoint_web_transport_respondingTimeouts_readTimeout: 300s
 # Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
 # Matrix API endpoints require encoded slashes (e.g., in room keys URLs) and encoded hashes (e.g., in room directory URLs).
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 traefik_config_entrypoint_web_secure_http_encodedCharacters_enabled: true
 traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedSlash: true
 traefik_config_entrypoint_web_secure_http_encodedCharacters_allowEncodedHash: true
 # Doing the same for the `web` entrypoint, for people who disable SSL for the playbook
 # and actually go through this entrypoint.
 traefik_config_entrypoint_web_http_encodedCharacters_enabled: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedSlash: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_config_entrypoint_web_http_encodedCharacters_allowEncodedHash: "{{ not matrix_playbook_ssl_enabled }}"
 traefik_additional_entrypoints_auto: |
  {{
    ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -12,12 +12,12 @@ markdown-it-py==4.0.0
 MarkupSafe==3.0.3
 mdit-py-plugins==0.5.0
 mdurl==0.1.2
-myst-parser==4.0.1
+myst-parser==5.0.0
-packaging==25.0
+packaging==26.0
 Pygments==2.19.2
 PyYAML==6.0.3
 requests==2.32.5
-setuptools==80.9.0
+setuptools==80.10.2
 snowballstemmer==3.0.1
 Sphinx==9.1.0
 sphinx-intl==2.3.2
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
 tabulate==0.9.0
 uc-micro-py==1.0.3
-urllib3==2.6.2
+urllib3==2.6.3
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,37 +1,37 @@
 ---
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
-  version: v1.0.0-5
+  version: v1.0.0-6
  name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
  version: v1.4.3-2.0.13-0
  name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
-  version: v0.4.2-0
+  version: v0.4.2-1
  name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.9.0
+  version: 8.0.0
  name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
  version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
  name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.6.0-0
+  version: v2.6.1-0
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
  version: v4.98.1-r0-2-2
  name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.5-4
+  version: v11.6.5-6
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10655-0
+  version: v10710-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.9.10-0
+  version: v1.9.11-0
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.15.0-0
+  version: v2.16.0-0
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: 8630e4f1749bcb659c412820f754473f09055052
@@ -49,13 +49,13 @@
  version: v18-0
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.8.1-0
+  version: v3.9.1-0
  name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.9.1-12
+  version: v1.9.1-13
  name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.18.1-1
+  version: v0.18.1-2
  name: prometheus_postgres_exporter
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: v1.4.1-0
@@ -67,10 +67,10 @@
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.6-0
+  version: v3.6.7-1
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
-  version: v2.10.0-3
+  version: v2.10.0-4
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
  version: v9.0.1-0
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.12.24
+matrix_alertmanager_receiver_version: 2026.1.21
 matrix_alertmanager_receiver_scheme: https
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.8.0
+matrix_authentication_service_version: 1.10.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -321,13 +321,6 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
 # Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
 # Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true  # noqa: var-naming[pattern]
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true  # noqa: var-naming[pattern]
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout: "{{ traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout }}"  # noqa var-naming
@@ -337,19 +330,6 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default:
  {{
    {}
    | combine(
      (
        {
          'http': {
            'encodedCharacters': {
              'allowEncodedSlash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
              'allowEncodedHash': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
            }
          }
        }
      )
    )
    | combine(
      (
        (
@@ -412,30 +392,7 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-inter
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port: 8008
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port: ''
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config: "{{ (matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom, recursive=True) }}"
-# Traefik v3.6.3+ blocks encoded characters in request paths by default for security.
+matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default: {}
 # Matrix API endpoints require encoded slashes and hashes in endpoints containing room IDs, room aliases, etc.
 # Ref:
 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4798
 # - https://doc.traefik.io/traefik/migrate/v3/#v364
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash: true  # noqa: var-naming[pattern]
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash: true  # noqa: var-naming[pattern]
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_default: |
  {{
    {}
    | combine(
      (
        {
          'http': {
            'encodedCharacters': {
              'allowEncodedSlash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash,
              'allowEncodedHash': matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash,
            }
          }
        }
      )
    )
  }}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_auto: {}
 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_custom: {}
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -36,6 +36,11 @@
    - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
    - {'old': 'matrix_user_username', 'new': 'matrix_user_name'}
    - {'old': 'matrix_user_groupname', 'new': 'matrix_group_name'}
    - {'old': 'matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash', 'new': '<removed>'}
    - {'old': 'matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash', 'new': '<removed>'}
    - {'old': 'matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedSlash', 'new': '<removed>'}
    - {'old': 'matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config_http_encodedCharacters_allowEncodedHash', 'new': '<removed>'}
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined
--- a/roles/custom/matrix-bot-baibot/defaults/main.yml
+++ b/roles/custom/matrix-bot-baibot/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.12.0
+matrix_bot_baibot_version: v1.13.0
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml
@@ -29,7 +29,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 7.2.0
+matrix_hookshot_version: 7.3.1
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_registry_prefix }}matrix-org/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_hookshot_docker_image_registry_prefix_upstream }}"
@@ -242,6 +242,18 @@ matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration"   # noqa
 #         level: admin
 matrix_hookshot_permissions: []
 # Static connections that can be configured by an administrator, as documented here:
 # https://matrix-org.github.io/matrix-hookshot/latest/usage/static_connections.html
 # Currently only generic webhooks are supported.
 # Example:
 # matrix_hookshot_connections:
 #   - connectionType: uk.half-shot.matrix-hookshot.generic.hook
 #     stateKey: my-unique-webhook-id
 #     roomId: "!room-id"
 #     state:
 #       name: My Static Webhook
 matrix_hookshot_connections: []
 matrix_hookshot_bot_displayname: Hookshot Bot
 matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d'
--- a/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-hookshot/templates/config.yaml.j2
@@ -137,6 +137,7 @@ widgets:
 {% if matrix_hookshot_permissions %}
 permissions: {{ matrix_hookshot_permissions | to_json }}
 {% endif %}
 connections: {{ matrix_hookshot_connections | to_json }}
 listeners:
  # (Optional) HTTP Listener configuration.
  # Bind resource endpoints to ports and addresses.
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.2511.0
+matrix_mautrix_gmessages_version: v0.2601.0
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.2512.0
+matrix_mautrix_signal_version: v0.2601.0
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.2512.0
+matrix_mautrix_whatsapp_version: v0.2601.0
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
--- a/roles/custom/matrix-bridge-steam/defaults/main.yml
+++ b/roles/custom/matrix-bridge-steam/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_steam_bridge_container_image_self_build_repo: "https://github.com/jasonla
 matrix_steam_bridge_container_image_self_build_repo_version: "{{ 'main' if matrix_steam_bridge_version == 'latest' else matrix_steam_bridge_version }}"
 # renovate: datasource=docker depName=ghcr.io/jasonlaguidice/matrix-steam-bridge
-matrix_steam_bridge_version: 1.0.8
+matrix_steam_bridge_version: 1.1.0
 matrix_steam_bridge_docker_image: "{{ matrix_steam_bridge_docker_image_registry_prefix }}jasonlaguidice/matrix-steam-bridge:{{ matrix_steam_bridge_version }}"
 matrix_steam_bridge_docker_image_registry_prefix: "{{ 'localhost/' if matrix_steam_bridge_container_image_self_build else matrix_steam_bridge_docker_image_registry_prefix_upstream }}"
 matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"
 # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
-matrix_client_element_version: v1.12.7
+matrix_client_element_version: v1.12.9
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"
--- a/roles/custom/matrix-client-fluffychat/defaults/main.yml
+++ b/roles/custom/matrix-client-fluffychat/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
 matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
 # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
-matrix_client_fluffychat_version: v2.3.0
+matrix_client_fluffychat_version: v2.4.0
 matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
 matrix_client_fluffychat_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_docker_image_registry_prefix_upstream }}"
 matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
+++ b/roles/custom/matrix-livekit-jwt-service/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
 matrix_livekit_jwt_service_container_additional_networks_custom: []
 # renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
-matrix_livekit_jwt_service_version: 0.4.0
+matrix_livekit_jwt_service_version: 0.4.1
 matrix_livekit_jwt_service_container_image_self_build: false
 matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
--- a/roles/custom/matrix-media-repo/defaults/main.yml
+++ b/roles/custom/matrix-media-repo/defaults/main.yml
@@ -895,13 +895,7 @@ matrix_media_repo_redis_database_number: 0
 # The Redis shards that should be used by the media repo in the ring. The names of the
 # shards are for your reference and have no bearing on the connection, but must be unique.
-matrix_media_repo_redis_shards:
+matrix_media_repo_redis_shards: []
  - name: "server1"
    addr: ":7000"
  - name: "server2"
    addr: ":7001"
  - name: "server3"
    addr: ":7002"
 # Optional sentry (https://sentry.io/) configuration for the media repo
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"
 # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
-matrix_synapse_admin_version: v0.11.1-etke50
+matrix_synapse_admin_version: v0.11.1-etke52
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}"
 matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.144.0
+matrix_synapse_version: v1.146.0
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
@@ -1092,6 +1092,11 @@ matrix_synapse_workers_media_repository_workers_container_arguments: []
 # Adjusting this value manually is generally not necessary.
 matrix_synapse_enable_media_repo: "{{ not matrix_synapse_ext_media_repo_enabled and (not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0)) }}"
 # matrix_synapse_enable_local_media_storage controls whether the local on-disk media storage provider is enabled in Synapse.
 # When disabled, media is stored only in configured `media_storage_providers` and temporary files are used for processing (no local caching).
 # Warning: If this option is set to false and no `media_storage_providers` are configured, all media requests will return 404 errors as there will be no storage backend available.
 matrix_synapse_enable_local_media_storage: true
 # matrix_synapse_enable_authenticated_media controls if authenticated media is enabled.
 # If enabled all "old" media remains accessible over the legacy endpoints but new media is blocked.
 # while this option is enabled all media access and downloads have to be done via authenticated endpoints.
--- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -1035,11 +1035,15 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_
 #enable_media_repo: false
 enable_media_repo: {{ matrix_synapse_enable_media_repo | to_json }}
 # Enable the local on-disk media storage provider.
 # When disabled, media is stored only in configured media_storage_providers and temporary files are used for processing (no local caching).
 # Warning: If this option is set to false and no media_storage_providers are configured, all media requests will return 404 errors as there will be no storage backend available.
 enable_local_media_storage: {{ matrix_synapse_enable_local_media_storage | to_json }}
 # Enable authenticated media.
 # enable_authenticated_media blocks access to new media from the legacy endpoints
 # and freezes the unauthenticated media repo by blocking all downloads that are not using
 # the new authenticated endpoints. If this option is turned off all media reverts to being considered "old"
 enable_authenticated_media: {{ matrix_synapse_enable_authenticated_media | to_json }}
 # Directory where uploaded images and attachments are stored.
--- a/roles/custom/matrix-synapse/vars/main.yml
+++ b/roles/custom/matrix-synapse/vars/main.yml
@@ -200,12 +200,13 @@ matrix_synapse_workers_generic_worker_endpoints:
  - ^/_matrix/client/(r0|v3|unstable)/notifications$
  # Encryption requests
  # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri`
  - ^/_matrix/client/(r0|v3|unstable)/keys/query$
  - ^/_matrix/client/(r0|v3|unstable)/keys/changes$
  - ^/_matrix/client/(r0|v3|unstable)/keys/claim$
  - ^/_matrix/client/(r0|v3|unstable)/room_keys/
-  - ^/_matrix/client/(r0|v3|unstable)/keys/upload/
+  - ^/_matrix/client/(r0|v3|unstable)/keys/upload$
  - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
  - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
  # Registration/login requests
  - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
@@ -223,6 +224,12 @@ matrix_synapse_workers_generic_worker_endpoints:
  - ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/
  - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/
  # Unstable MSC4140 support
  - ^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(/.*/restart)?$
  # Admin API requests
  - ^/_synapse/admin/v2/users/[^/]+$
  # Start of intentionally-ignored-endpoints
  #
  # We ignore these below, because they're better sent to dedicated workers (various stream writers).
Author	SHA1	Message	Date
Slavi Pantaleev	460d46999f	Make Synapse's `enable_local_media_storage` configurable Ref: - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4882 - https://github.com/element-hq/synapse/pull/19204 - https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage We default it to `true`, keeping up with upstream and the old behavior. s3-storage-provider users may set `matrix_synapse_enable_local_media_storage` to `false` to disable local file caching. This likely comes at the expense of some performance. For matrix-media-repo users, it likely doesn't matter what this is set to, as for a matrix-media-repo setup, all media-related API endpoints are captured and forwarded to matrix-media-repo (before reaching Synapse).	2026-01-27 22:11:06 +02:00
renovate[bot]	93d110e61e	chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.146.0	2026-01-27 22:10:25 +02:00
renovate[bot]	6629867235	chore(deps): update ghcr.io/element-hq/matrix-authentication-service docker tag to v1.10.0	2026-01-27 21:18:40 +02:00
renovate[bot]	8a3c75b7bd	chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.9	2026-01-27 16:55:38 +02:00
renovate[bot]	b6bf91c150	chore(deps): update dependency etherpad to v2.6.1-0	2026-01-27 12:53:38 +02:00
renovate[bot]	b0e70f419f	chore(deps): update dependency setuptools to v80.10.2	2026-01-26 08:15:49 +02:00
renovate[bot]	692c34ad9b	chore(deps): update halfshot/matrix-hookshot docker tag to v7.3.1	2026-01-24 20:07:34 +02:00
Slavi Pantaleev	97c2915034	Upgrade baibot (v1.12.0 -> v1.13.0)	2026-01-23 00:52:36 +02:00
renovate[bot]	292397234a	chore(deps): update dependency packaging to v26	2026-01-22 07:52:37 +02:00
renovate[bot]	82d6f3de2c	chore(deps): update dependency setuptools to v80.10.1	2026-01-21 15:49:57 +02:00
renovate[bot]	cc9234d3ba	chore(deps): update ghcr.io/etkecc/fluffychat-web docker tag to v2.4.0	2026-01-21 15:49:48 +02:00
renovate[bot]	47322a8d52	chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.1.21	2026-01-21 08:35:31 +02:00
Slavi Pantaleev	911031e2cf	Add support for Hookshot static connections (new in v7.3.0) This adds the matrix_hookshot_connections variable for configuring static webhook connections via the config file. See: https://github.com/matrix-org/matrix-hookshot/pull/1102	2026-01-20 16:10:30 +02:00
renovate[bot]	e01a79865c	chore(deps): update halfshot/matrix-hookshot docker tag to v7.3.0	2026-01-20 15:38:23 +02:00
renovate[bot]	ab97b94245	chore(deps): update dependency ntfy to v2.16.0-0	2026-01-20 11:56:58 +02:00
renovate[bot]	c8fc504470	chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2601.0	2026-01-16 22:28:12 +02:00
renovate[bot]	a6c447ade3	chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.2601.0	2026-01-16 22:26:58 +02:00
renovate[bot]	aa69069627	chore(deps): update dock.mau.dev/mautrix/signal docker tag to v0.2601.0	2026-01-16 22:26:48 +02:00
renovate[bot]	fa22053bf1	chore(deps): update ansible/ansible-lint action to v26.1.1	2026-01-16 14:32:56 +02:00
renovate[bot]	a3ef7109b6	chore(deps): update dependency docker to v8	2026-01-15 21:29:26 +02:00
renovate[bot]	7c8a28d590	chore(deps): update ghcr.io/element-hq/lk-jwt-service docker tag to v0.4.1	2026-01-15 20:30:02 +02:00
renovate[bot]	28af19a1a7	chore(deps): update dependency myst-parser to v5	2026-01-15 14:44:50 +02:00
renovate[bot]	ea4b467cd3	chore(deps): update dependency livekit_server to v1.9.11-0	2026-01-15 14:43:30 +02:00
Slavi Pantaleev	bd6202eb65	Upgrade Traefik (v3.6.6-0 -> v3.6.7-1) and remove all (now-unnecessary) `encodedCharacters_` setting overrides All these `encodedCharacters_` settings default to `true` in Traefik v3.6.7, so we don't need to override their values. Ref: https://doc.traefik.io/traefik/v3.6/migrate/v3/#v367 Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4835	2026-01-15 14:40:38 +02:00
Aine	4d0cf32151	grafana: add /tmp tmpfs	2026-01-15 09:12:17 +00:00
renovate[bot]	1890f3a01a	chore(deps): update dependency jitsi to v10710	2026-01-14 16:52:49 +02:00
Slavi Pantaleev	ac5dc5d44f	Pull in some additional Synapse workers routing configuration Provoked by https://github.com/element-hq/synapse/pull/19281 which landed in Synapse v1.145.0, but we pull in a few other routes that I noticed to be missing.	2026-01-14 12:07:09 +02:00
renovate[bot]	a050107e0f	chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.145.0	2026-01-14 12:06:41 +02:00
renovate[bot]	41108b57e3	chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026	2026-01-14 11:55:53 +02:00
renovate[bot]	78c7b61af8	chore(deps): update ghcr.io/element-hq/matrix-authentication-service docker tag to v1.9.0	2026-01-13 19:47:45 +02:00
renovate[bot]	b5c5f34ca4	chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.8	2026-01-13 19:46:26 +02:00
Slavi Pantaleev	e1bf0aebd2	Upgrade LiveKit (v1.9.10-0 -> v1.9.10-1)	2026-01-12 10:10:14 +02:00
Slavi Pantaleev	8a02d791ea	Add missing `:` to `matrix_media_repo_redis_shards` entry Ref: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/4851#issuecomment-3732696383	2026-01-10 15:10:09 +02:00
akdk7	dd54691137	Automatically integate matrix-media-repo with Valkey (if enabled) (#4851 ) * This push request is about handling Traefik ipallowlist to synapse-admin application. It's my first push request. If I forgot something please let me know. :-) * Changed position of variable and naming for better expandebility of traefik options * Remove useless `noqa var-naming` comment and too many blank lines at the end of the file * If redis ist enabled for matrix media repo it failes to connect to valkey due to inproper configuration. * Updated solution for fixing MMR redis connection * Clean up * Update valkey_container_network condition --------- Co-authored-by: AkDk7 <joerg@pannbacker.email> Co-authored-by: Slavi Pantaleev <slavi@devture.com>	2026-01-10 15:07:12 +02:00
renovate[bot]	a3a2c568d0	chore(deps): update dependency prometheus_node_exporter to v1.9.1-13	2026-01-09 15:12:53 +02:00
renovate[bot]	0bc84a7129	chore(deps): update dependency prometheus_postgres_exporter to v0.18.1-2	2026-01-09 15:12:45 +02:00
Aine	afe5b06771	Synapse Admin v0.11.1-etke52	2026-01-09 08:43:28 +00:00
renovate[bot]	e4d0d42f04	chore(deps): update dependency traefik_certs_dumper to v2.10.0-4	2026-01-09 08:50:29 +02:00
dependabot[bot]	91711669c6	Bump ansible/ansible-lint from 25.12.2 to 26.1.0 Bumps [ansible/ansible-lint](https://github.com/ansible/ansible-lint) from 25.12.2 to 26.1.0. - [Release notes](https://github.com/ansible/ansible-lint/releases) - [Commits](https://github.com/ansible/ansible-lint/compare/v25.12.2...v26.1.0) --- updated-dependencies: - dependency-name: ansible/ansible-lint dependency-version: 26.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-08 18:43:23 +02:00
renovate[bot]	5fe789cd96	chore(deps): update dependency etherpad to v2.6.0-1	2026-01-08 18:43:00 +02:00
renovate[bot]	e4abe50daf	chore(deps): update dependency grafana to v11.6.5-5	2026-01-08 18:42:38 +02:00
renovate[bot]	e70d0d7673	chore(deps): update dependency auxiliary to v1.0.0-6	2026-01-08 15:12:39 +02:00
renovate[bot]	ae88c51dd7	chore(deps): update dependency container_socket_proxy to v0.4.2-1	2026-01-08 15:12:21 +02:00
renovate[bot]	9d7c224021	chore(deps): update dependency prometheus to v3.9.1-0	2026-01-08 12:07:41 +02:00
renovate[bot]	65213ff497	chore(deps): update ghcr.io/jasonlaguidice/matrix-steam-bridge docker tag to v1.1.0	2026-01-08 06:56:55 +02:00
renovate[bot]	13727bc0a2	chore(deps): update dependency urllib3 to v2.6.3	2026-01-07 21:23:23 +02:00
renovate[bot]	ed87ef7e50	chore(deps): update dependency prometheus to v3.9.0-0	2026-01-07 11:09:11 +02:00
Aine	858a4ab555	Synapse Admin v0.11.1-etke51	2026-01-06 09:47:01 +00:00
Slavi Pantaleev	5f3f57197e	Revert "Remove outdated warning about Postmoogle not working well with Matrix Authentication Service" This reverts commit `81b371e690`. Ref: `81b371e690 (commitcomment-173871096)`	2026-01-06 09:28:28 +02:00