iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-17 10:56:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:b0828528dff20f0ef21c34d73f220f54331cd587
Branches Tags
iartamonov:master iartamonov:renovate/dock.mau.dev-mautrix-whatsapp-0.x iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:renovate/dock.mau.dev-mautrix-twitter-0.x iartamonov:renovate/dock.mau.dev-mautrix-telegram-0.x iartamonov:renovate/dock.mau.dev-mautrix-slack-0.x iartamonov:renovate/dock.mau.dev-mautrix-meta-0.x iartamonov:renovate/dock.mau.dev-mautrix-gmessages-0.x iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
...
compare: iartamonov:4ec41c0b42c674b6f88680d1d16a081496e5289a
Branches Tags
iartamonov:master iartamonov:renovate/dock.mau.dev-mautrix-whatsapp-0.x iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:renovate/dock.mau.dev-mautrix-twitter-0.x iartamonov:renovate/dock.mau.dev-mautrix-telegram-0.x iartamonov:renovate/dock.mau.dev-mautrix-slack-0.x iartamonov:renovate/dock.mau.dev-mautrix-meta-0.x iartamonov:renovate/dock.mau.dev-mautrix-gmessages-0.x iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

9 Commits
b0828528df ... 4ec41c0b42

Author SHA1 Message Date
Aine
4ec41c0b42 Merge pull request #4909 from spantaleev/renovate/ghcr.io-element-hq-element-web-1.x 
chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.10
 2026-02-10 18:11:36 +00:00
renovate[bot]
0a08126324 chore(deps): update ghcr.io/element-hq/element-web docker tag to v1.12.10 2026-02-10 17:49:29 +00:00
renovate[bot]
482ef0fdf5 chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.147.0 2026-02-10 16:51:46 +02:00
renovate[bot]
ca356c52e2 chore(deps): update ghcr.io/element-hq/matrix-authentication-service docker tag to v1.11.0 2026-02-10 16:51:09 +02:00
Slavi Pantaleev
ecf9befc32 Adapt to the all-at-once restart mode default in systemd_service_manager v2.0.0-0 
- `install-service` no longer forces `one-by-one` restart mode

- the coturn priority condition is flipped: only `one-by-one` mode
  needs the delayed priority (1500); all other modes (including
  the new `all-at-once` default) use the normal priority (900)

Ref:

- d42cd92045
- f3e658cca3/docs/restart-mode-comparison.md
- 36445fb419
- 750cb7e29e
 2026-02-10 16:41:41 +02:00
Slavi Pantaleev
750cb7e29e Upgrade systemd_service_manager (v1.1.0-0 -> v2.0.0-0) 2026-02-10 16:21:57 +02:00
Suguru Hirahara
815b9baec6 Update notes about self-hosting services with the MASH playbook 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-02-10 22:31:11 +09:00
Suguru Hirahara
1dcd4636ff Add a note about self-hosting echoip with the MASH playbook 
Reuse 3653f9f89b/docs/configuring-playbook-ssl-certificates.md

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-02-10 22:28:08 +09:00
renovate[bot]
7f04231904 chore(deps): update ghcr.io/etkecc/baibot docker tag to v1.14.1 2026-02-10 15:18:02 +02:00
9 changed files with 20 additions and 13 deletions
Expand all files Collapse all files

2
docs/configuring-playbook-ssl-certificates.md
View File

@@ -17,7 +17,7 @@ By default, the playbook retrieves and automatically renews free SSL certificate
- This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it.
- Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/).
The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md).
The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.
## Use staging Let's Encrypt certificates

12
docs/configuring-playbook-turn.md
View File

@@ -1,9 +1,12 @@
<!--
SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2018-2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2020 Aaron Raimist
SPDX-FileCopyrightText: 2020 Christian Wolf
SPDX-FileCopyrightText: 2020 MDAD project contributors
SPDX-FileCopyrightText: 2020 Marcel Partap
SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
SPDX-FileCopyrightText: 2020-2024 MDAD project contributors
SPDX-FileCopyrightText: 2022 Alejo Diaz
SPDX-FileCopyrightText: 2022 Julian Foad
SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
-->
@@ -28,6 +31,9 @@ matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
>[!NOTE]
> You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.
If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
```yaml

6
group_vars/matrix_servers
View File

@@ -238,12 +238,14 @@ matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.ser
# (see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled`)
# - core services (the homeserver) get a level of ~1000
# - services that the homeserver depends on (database, Redis, ntfy, coturn, etc.) get a lower level — between 500 and 1000
# - coturn gets a higher level if `devture_systemd_service_manager_service_restart_mode == 'one-by-one'` to intentionally delay it, because:
# - coturn gets a higher priority level (= starts later) if `devture_systemd_service_manager_service_restart_mode == 'one-by-one'` to intentionally delay it, because:
# - starting services one by one means that the service manager role waits for each service to fully start before proceeding to the next one
# - if coturn has a lower priority than the homeserver, it would be started before it
# - since coturn is started before the homeserver, there's no container label telling Traefik to get a `matrix.example.com` certificate
# - thus, coturn would spin and wait for a certificate until it fails. We'd get a playbook failure due to it, but service manager will proceed to start all other services anyway.
# - only later, when the homeserver actually starts, would that certificate be fetched and dumped
# - this is not a problem with `all-at-once` (default) or `priority-batched` (services start concurrently),
# or with `clean-stop-start` (everything stops first, then starts in priority order — coturn at 900 is fine)
# - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
# - they can start before the reverse-proxy
@@ -352,7 +354,7 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
+
([{'name': 'matrix-coturn.service', 'priority': (900 if devture_systemd_service_manager_service_restart_mode == 'clean-stop-start' else 1500), 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
([{'name': 'matrix-coturn.service', 'priority': (1500 if devture_systemd_service_manager_service_restart_mode == 'one-by-one' else 900), 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
+
([{'name': 'matrix-matrixto.service', 'priority': 4000, 'groups': ['matrix', 'matrixto']}] if matrix_matrixto_enabled else [])
+

3
justfile
View File

@@ -50,8 +50,7 @@ install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,star
install-service service *extra_args:
{{ just_executable() }} --justfile "{{ justfile() }}" run \
--tags=install-{{ service }},start-group \
--extra-vars=group={{ service }} \
--extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
--extra-vars=group={{ service }} {{ extra_args }}
# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments
setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args)

2
requirements.yml
View File

@@ -68,7 +68,7 @@
version: v1.4.1-0
name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.1.0-0
version: v2.0.0-0
name: systemd_service_manager
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.1.0-1

2
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 1.10.0
matrix_authentication_service_version: 1.11.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"

2
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.14.0
matrix_bot_baibot_version: v1.14.1
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.12.9
matrix_client_element_version: v1.12.10
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"

2
roles/custom/matrix-synapse/defaults/main.yml
View File

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.146.0
matrix_synapse_version: v1.147.0
matrix_synapse_username: ''
matrix_synapse_uid: ''