iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-03-29 19:31:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:d4e8da3e0a3f291e546b6abbe098b4c75239a29a
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
...
compare: iartamonov:create-pull-request/i18n
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

74 Commits
d4e8da3e0a ... create-pul

Author SHA1 Message Date
github-actions[bot]
258269fd03 Automatic translations update 2026-03-23 07:10:54 +00:00
Slavi Pantaleev
9f109f81ee Add pre-commit check for migration version sync between defaults and examples/vars.yml 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 09:10:01 +02:00
Slavi Pantaleev
9a9392d24a Add migration validation system to catch breaking changes early 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 09:10:01 +02:00
Slavi Pantaleev
4991ce3c90 Check shebang scripts are executable 2026-03-23 08:47:32 +02:00
Slavi Pantaleev
36d0c5d8c3 Mark rebuild helper script executable 2026-03-23 08:45:48 +02:00
renovate[bot]
4174eafd6b chore(deps): update actions/cache action to v5 2026-03-22 18:09:55 +02:00
Slavi Pantaleev
09221fd611 Cache prek hook environments in CI 2026-03-22 18:00:15 +02:00
Slavi Pantaleev
b3153fcc49 Run CI through prek on Arch 2026-03-22 16:52:39 +02:00
Slavi Pantaleev
312cfe9b41 Add prek-based pre-commit workflow 2026-03-22 16:44:04 +02:00
Slavi Pantaleev
b3a0f52824 Add conditional restart support to matrix-synapse-s3-storage-provider-migrate 
Register env, database config, scripts, and systemd service/timer results,
compute matrix_synapse_s3_storage_provider_restart_necessary, and wire it
into group_vars/matrix_servers instead of hardcoding restart_necessary: true.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 10:21:59 +02:00
Slavi Pantaleev
27a2b126bc Add conditional restart support to matrix-goofys 
Register image pull, env, and systemd service results, compute
matrix_goofys_restart_necessary, and wire it into group_vars/matrix_servers
instead of hardcoding restart_necessary: true.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 10:19:45 +02:00
Slavi Pantaleev
8ae8b83139 Wire backup_borg conditional restart variable into group_vars/matrix_servers 
Replace hardcoded restart_necessary: true with the computed
backup_borg_restart_necessary variable that the role already exposes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 10:18:16 +02:00
Slavi Pantaleev
74cc760d00 Wire jitsi conditional restart variables into group_vars/matrix_servers 
Replace hardcoded restart_necessary: true with the computed variables
(jitsi_web_restart_necessary, jitsi_prosody_restart_necessary,
jitsi_jicofo_restart_necessary, jitsi_jvb_restart_necessary) that the
jitsi role already exposes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 10:12:27 +02:00
Slavi Pantaleev
c831ce6f63 chore(deps): update MOASH role versions for pull restart fix 2026-03-22 07:41:16 +02:00
Slavi Pantaleev
d3241588e3 Add conditional restart support to 7 roles that previously always restarted 
Replace hardcoded restart_necessary: true with computed values for:
conduit, continuwuity, dendrite, element-call, media-repo,
appservice-kakaotalk, and wechat.

Each role now registers results from config, support files, systemd service,
and docker image pull tasks, then computes a restart_necessary variable
from their combined .changed state. group_vars/matrix_servers is updated
to reference these variables instead of hardcoding true.

For dendrite, the systemd service template was also separated out of the
combined support-files with_items loop so it can be independently tracked.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 06:45:58 +02:00
Slavi Pantaleev
b092e126a9 Fix docker image build results not affecting conditional restart for ldap-registration-proxy and matrixto 
These roles had conditional restart logic (restart_necessary set_fact) but
the docker_image build task result was not registered or included in the
condition, so a changed image build would not trigger a service restart.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 06:45:47 +02:00
renovate[bot]
5167507989 chore(deps): update ghcr.io/etkecc/baibot docker tag to v1.16.0 2026-03-20 19:03:52 +02:00
renovate[bot]
d7ec806b51 chore(deps): update dependency prometheus_postgres_exporter to v0.19.1-2 2026-03-20 19:01:12 +02:00
renovate[bot]
11fee5e4db chore(deps): update dependency traefik to v3.6.11-1 2026-03-20 19:00:53 +02:00
Suguru Hirahara
5523277bc1 Update prometheus-nginxlog-exporter (v1.10.0-0 → v1.10.0-1) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 18:11:25 +09:00
Suguru Hirahara
ed7be50cea Update Prometheus Node Exporter (v1.9.1-14 → v1.9.1-15) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 10:43:40 +02:00
Suguru Hirahara
4ac5266efc Update Prometheus Postgres Exporter (v0.19.1-0 → v0.19.1-1) and metrics exposure settings 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-20 10:43:40 +02:00
renovate[bot]
392ac0125f chore(deps): update dependency prometheus_node_exporter to v1.9.1-15 2026-03-20 10:42:55 +02:00
renovate[bot]
756e189141 chore(deps): update dependency prometheus_postgres_exporter to v0.19.1-1 2026-03-20 10:42:45 +02:00
renovate[bot]
c55156b394 chore(deps): update dependency traefik to v3.6.11-0 2026-03-20 08:36:23 +02:00
Slavi Pantaleev
446597aac9 Upgrade exim-relay (v4.98.1-r0-2-3 -> v4.99.1-r0-0-0) 2026-03-20 02:41:38 +02:00
Slavi Pantaleev
b942715469 fix(self-check): respect path_prefix in web client self-check URLs 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5051

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 23:31:13 +02:00
renovate[bot]
aeb71d3543 chore(deps): update ghcr.io/etkecc/honoroit docker tag to v0.9.30 2026-03-19 19:07:29 +02:00
Catalan Lover
54c0b56200 Prepare Draupnir Roles for move to GHCR. 2026-03-19 19:07:19 +02:00
Slavi Pantaleev
12af6da9d0 matrix-authentication-service: add UNIX socket support for playbook-managed Postgres 
MAS now connects to the playbook-managed Postgres via a UNIX socket by
default (when available), matching the approach already used by Synapse.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 01:05:10 +02:00
Slavi Pantaleev
f0a5393d48 fix(s3): use postgres unix socket for migrate and shell commands 2026-03-18 15:21:06 +02:00
Slavi Pantaleev
68aca96cbd docs: clarify database_host ignored when postgres sockets are enabled 2026-03-18 15:21:03 +02:00
renovate[bot]
68318ce932 chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.3.18 2026-03-18 12:11:23 +02:00
renovate[bot]
4e4bccd03a chore(deps): update oci.element.io/element-admin docker tag to v0.1.11 2026-03-17 16:48:28 +02:00
Norman Ziegner
19423864f0 synapse: add missing server_notices configuration variables 
Add support for all server_notices settings documented by Synapse:
- room_avatar_url: optional avatar for the server notices room
- room_topic: optional topic for the server notices room
- auto_join: whether users are auto-joined instead of invited (default: false)

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
 2026-03-17 16:43:14 +02:00
Slavi Pantaleev
a000abdf19 postgres: stop disabling unix socket support 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
b596319a4a postgres: drop redundant cli socket override 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
f0906e79a9 matrix-synapse: gate postgres sockets on postgres role support 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
2fff4b5b88 matrix-synapse: use clearer socket mount paths 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
e09ea540a0 matrix-synapse: prefer local sockets for db connections 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
bd614abd30 matrix-synapse: avoid network wiring for socket-based db access 2026-03-17 15:35:02 +02:00
Slavi Pantaleev
b6f8a59b50 matrix-synapse: make managed service topology explicit 2026-03-17 15:35:02 +02:00
renovate[bot]
b7d501802c chore(deps): update dependency ntfy to v2.19.2-0 2026-03-17 12:02:14 +02:00
renovate[bot]
1c98e76423 chore(deps): update dependency grafana to v11.6.5-8 2026-03-17 12:01:56 +02:00
renovate[bot]
cb7b13daad chore(deps): update dock.mau.dev/mautrix/twitter docker tag to v0.2603.0 2026-03-16 23:21:19 +02:00
renovate[bot]
7e8f3250f7 chore(deps): update dock.mau.dev/mautrix/slack docker tag to v0.2603.0 2026-03-16 23:21:06 +02:00
renovate[bot]
e145bffb7e chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2603.0 2026-03-16 23:20:31 +02:00
renovate[bot]
c3156a1a99 chore(deps): update ghcr.io/element-hq/element-call docker tag to v0.18.0 2026-03-16 23:19:11 +02:00
Slavi Pantaleev
f9811a0e0a matrix-authentication-service: mount Synapse Postgres socket for syn2mas 
syn2mas reads Synapse's homeserver.yaml and reuses the database
connection details from there.

When Synapse is configured to reach the integrated Postgres over a UNIX socket,
the temporary syn2mas container was given the config file but not the socket mount,
so migrations could fail even though Synapse itself was configured correctly.

Wire the Synapse socket settings into MAS via playbook vars and mount
the same socket path into the syn2mas container, so migrations work in
socket-based deployments without coupling the MAS role directly to
Synapse role variables.
 2026-03-16 22:43:02 +02:00
Slavi Pantaleev
1dac2b5c14 matrix-bridge-hookshot: normalize generated passkey ownership 
Similar to c6d33b819. See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
 2026-03-16 16:50:40 +02:00
Slavi Pantaleev
c6d33b819a matrix-authentication-service: normalize generated key ownership 
Fix host-generated MAS key ownership and mode after creation so installs recover cleanly when become_user is not honored. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
 2026-03-16 16:49:51 +02:00
renovate[bot]
7e0d86d2ea chore(deps): update ghcr.io/etkecc/postmoogle docker tag to v0.9.29 2026-03-16 11:27:51 +02:00
renovate[bot]
a035d77b1a chore(deps): update dependency ntfy to v2.19.1-0 2026-03-16 11:27:09 +02:00
renovate[bot]
9934bc3e39 chore(deps): update dependency charset-normalizer to v3.4.6 2026-03-16 06:45:30 +02:00
renovate[bot]
a2fd140a61 chore(deps): update dependency ntfy to v2.19.0-0 2026-03-16 06:45:21 +02:00
Slavi Pantaleev
5df7e678f7 matrix-synapse: add an explicit msc4306 feature toggle 
Expose Synapse's `msc4306_enabled` experimental flag as a first-class MDAD
variable and wire it into `homeserver.yaml` alongside the other experimental
feature toggles.

This makes thread-subscriptions support explicit in playbook configuration,
rather than requiring operators to inject the upstream flag via raw
`matrix_synapse_configuration_extension_yaml`.

The variable intentionally controls only the Synapse feature flag. It does not
change the default `thread_subscriptions` worker count, which remains `0` in the
standard presets. Keeping those as separate choices avoids auto-starting an
experimental worker just because the upstream feature toggle is enabled.

Refs:
- b99a58719b/synapse/config/experimental.py (L600-L602)
- b99a58719b/synapse/rest/client/versions.py (L183-L184)
 2026-03-15 01:26:53 +02:00
Slavi Pantaleev
9af79ce4d2 matrix-synapse: support thread_subscriptions stream writers 
Add `thread_subscriptions` as a supported web-facing stream writer in MDAD and
route its unstable client endpoints via the same explicit writer-or-main model
used for the other web-facing stream-backed APIs.

This is not just another generic worker route. Current Synapse gives thread
subscriptions their own `writers.thread_subscriptions` configuration, backs them
with a multi-writer stream, and asserts on store writes that the current
instance is an allowed thread-subscriptions writer.

Explicit early routing is also required here because the subscription endpoint is
room-scoped. In MDAD's specialized-worker model, the existing room-worker regex
would otherwise match `/_matrix/client/unstable/io.element.msc4306/rooms/...`
and steal the request before it reached the correct writer-or-main fallback.

Unlike `device_lists`, support is added without enabling a thread-subscriptions
worker by default in the standard presets. The underlying MSC4306/4308 feature
remains unstable and disabled by default upstream, so the conservative default
is to keep the worker count at `0` and let the new explicit routes fall back to
`main` unless an operator opts in.

Refs:
- b99a58719b/synapse/config/workers.py (L175-L182)
- b99a58719b/synapse/rest/client/thread_subscriptions.py (L38-L247)
- b99a58719b/synapse/storage/databases/main/thread_subscriptions.py (L66-L83)
- b99a58719b/synapse/storage/databases/main/thread_subscriptions.py (L192-L322)
 2026-03-15 01:16:24 +02:00
Slavi Pantaleev
0f687a69c5 matrix-synapse: simplify redundant SSO main-override regexes 
MDAD keeps `/_synapse/client/*` out of the broad worker-routing model.
Those paths are mounted by current Synapse on client-serving workers, but MDAD's
worker route buckets only match `/_matrix/client/*`, so `/_synapse/client/*`
requests already fall through to the main-process default.

That made the `/_synapse/client/*` branches in the dedicated SSO override regex
redundant. Remove those branches and leave the explicit SSO override focused on
the real `/_matrix/client/.../login/sso/redirect` path family, which would
otherwise be caught by the broad `/login` client-reader routing.

This also removes duplicated ownership of `login/sso/redirect` from the generic
main-override regex so the dedicated SSO override is the single place that
models that path.

Refs:
- b99a58719b/synapse/app/generic_worker.py (L197-L203)
- b99a58719b/synapse/rest/synapse/client/__init__.py (L39-L90)
- b99a58719b/synapse/rest/client/login.py (L636-L643)
 2026-03-15 01:02:19 +02:00
Slavi Pantaleev
ec36904671 matrix-synapse: route MSC3814 dehydrated-device APIs to workers 
Add the unstable MSC3814 dehydrated-device endpoints to both MDAD
worker-routing models:

- the specialized client_reader bucket
- the broad generic_worker route list

This is not a docs-driven change. Current workers.md does not meaningfully
spell out these paths, but the current Synapse code does mount them via the
normal devices servlet registration path, and non-main client workers do not
skip that servlet group.

That makes these endpoints a good fit for the same worker buckets that already
handle the surrounding device- and E2EE-related client APIs.

Refs:
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
- b99a58719b/synapse/rest/client/devices.py (L256-L459)
- b99a58719b/synapse/rest/__init__.py (L81-L129)
- b99a58719b/synapse/rest/__init__.py (L179-L197)
 2026-03-15 00:39:25 +02:00
Slavi Pantaleev
69df322f40 matrix-synapse: split client_reader routes into grouped regexes 
The client_reader route bucket had collapsed into one long alternation,
which made small worker-audit edits hard to review. Any endpoint change
rewrote the whole regex and obscured whether we were changing routing
policy or just maintaining the route list.

Refactor the variable into grouped regex entries with comments instead.
This keeps the current specialized-worker policy intact: nginx still
renders the client_reader locations in the same block, and the routes
still target the same upstream bucket. The goal here is to make future
doc/code audits, additions, and removals mechanical and reviewable.

This also matches MDAD's current worker model, where generic workers are
not mixed with the specialized room/sync/client/federation reader
routing buckets, so there is no need to derive this from the generic
worker map.

Refs:
- b99a58719b/docs/workers.md (historical-apps)
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
 2026-03-15 00:29:32 +02:00
Slavi Pantaleev
c0044a9b0a matrix-synapse: route MatrixRTC transport discovery to workers 
Current Synapse registers the MatrixRTC transport discovery endpoint on
client-serving workers when MSC4143 is enabled, but MDAD does not model
that path in either its client-reader bucket or its broader generic-
worker endpoint list.

Add the unstable MatrixRTC transport discovery route so MDAD's worker
routing matches the current upstream worker surface for this endpoint.
This is a small, isolated routing addition for a simple authenticated
GET endpoint.

Refs:
- b99a58719b/synapse/rest/client/matrixrtc.py (L30-L52)
- b99a58719b/synapse/rest/__init__.py (L81-L129)
- b99a58719b/synapse/rest/__init__.py (L179-L197)
 2026-03-15 00:11:58 +02:00
Slavi Pantaleev
63a0e8216b matrix-synapse: route account deactivation like current Synapse 
Current Synapse still documents and registers
`/_matrix/client/.../account/deactivate` on client-serving workers when
auth is not delegated. MDAD already routes neighboring account endpoints
such as `account/3pid` and `account/whoami`, but it omitted
`account/deactivate` from both its client-reader bucket and its broader
generic-worker endpoint list.

Add the missing route patterns so MDAD's worker routing matches the
current upstream worker surface in non-delegated-auth deployments. In
MAS / MSC3861 mode the endpoint is not registered upstream anyway, so
this does not expand the effective delegated-auth surface.

Refs:
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
- b99a58719b/synapse/rest/client/account.py (L284-L324)
- b99a58719b/synapse/rest/client/account.py (L913-L920)
 2026-03-14 23:49:20 +02:00
Slavi Pantaleev
975f14d2d8 matrix-synapse: route the current Nheko summary endpoint 
Synapse currently supports both the deprecated
`/_matrix/client/unstable/im.nheko.summary/rooms/<room>/summary`
route and the recommended
`/_matrix/client/unstable/im.nheko.summary/summary/<room>`
form. MDAD only matched the deprecated shape.

Add the recommended pattern alongside the old one so worker routing
matches the current upstream API surface while preserving backward
compatibility for the deprecated path.

Refs:
- b99a58719b/docs/workers.md (synapseappgeneric_worker)
- b99a58719b/synapse/rest/client/room.py (L1716-L1728)
 2026-03-14 23:32:10 +02:00
Slavi Pantaleev
d80ef72fbe matrix-synapse: remove stale client-reader residue and refresh worker comment 
Current Synapse no longer exposes device management under
`/_matrix/client/.../account/devices`. The live client API shape is
`/devices`, `/devices/{device_id}`, and `/delete_devices`, and
MDAD already routes those real device-list-sensitive endpoints through
explicit device-list handling.

Keeping `account/devices` in the old client-reader regex therefore only
preserves stale route-model residue. While touching the same area,
refresh the `/_synapse/client/*` comment to reflect current Synapse:
client-serving generic workers now mount a meaningful Synapse-specific
client tree there, but MDAD still intentionally keeps those paths out of
its broad worker regexes because they are deployment-sensitive and
auth-sensitive.

Refs:
- b99a58719b/docs/workers.md (historical-apps)
- b99a58719b/synapse/rest/client/devices.py (L49-L150)
- b99a58719b/synapse/rest/synapse/client/__init__.py (L39-L88)
 2026-03-14 23:31:51 +02:00
Slavi Pantaleev
dfe8628fbf matrix-synapse: add routing-focused reverse-proxy access log preset 2026-03-14 02:56:48 +02:00
Slavi Pantaleev
a3ff72ebff matrix-synapse: enable push_rules writer in worker presets 2026-03-14 01:50:07 +02:00
Slavi Pantaleev
df76b1cd5b matrix-synapse: enable device_lists writer in worker presets 2026-03-14 01:49:45 +02:00
Slavi Pantaleev
dafac35a0e matrix-synapse: route stream-backed client endpoints explicitly and add device_lists stream writer support 
Some client API endpoints (e.g. keys/upload) are backed by Synapse stream writers and
should not rely on broad worker regexes or route-order fallthrough for correctness.

When explicit per-stream routing is missing, requests may be captured by generic, room, or client_reader workers, instead of:
- going to the configured stream writer
- or to `main` when that stream writer is not enabled

This refactors synapse-reverse-proxy-companion's routing so that web-facing stream-backed endpoint families
are handled explicitly and early, with deterministic writer-or-main fallback.

Add first-class support for the missing `device_lists` stream writer,
generalize the same routing model to `push_rules`,
and remove stale broad-route ownership for device-list-sensitive endpoints.
 2026-03-14 01:42:08 +02:00
dependabot[bot]
980d1ccc5b Bump ansible/ansible-lint from 26.1.1 to 26.3.0 
Bumps [ansible/ansible-lint](https://github.com/ansible/ansible-lint) from 26.1.1 to 26.3.0.
- [Release notes](https://github.com/ansible/ansible-lint/releases)
- [Commits](https://github.com/ansible/ansible-lint/compare/v26.1.1...v26.3.0)

---
updated-dependencies:
- dependency-name: ansible/ansible-lint
  dependency-version: 26.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 16:11:36 +02:00
Suguru Hirahara
f9fa63fc7e Add noqa var-naming to matrix_client_fluffychat_config_defaultHomeserver 
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-03-12 14:48:43 +09:00
renovate[bot]
021285d8d2 chore(deps): update dependency cinny to v4.11.1-0 2026-03-11 20:04:50 +02:00
renovate[bot]
e2d2a341a8 chore(deps): update dependency sphinx-markdown-builder to v0.6.10 2026-03-11 14:50:14 +02:00
renovate[bot]
79a4156a78 chore(deps): update ghcr.io/element-hq/synapse docker tag to v1.149.1 2026-03-11 12:26:30 +02:00
renovate[bot]
d12970c0fd chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.3.11 2026-03-11 12:19:32 +02:00
95 changed files with 5879 additions and 4784 deletions
Expand all files Collapse all files

51
.github/workflows/matrix.yml vendored
View File

@@ -9,34 +9,37 @@ name: Matrix CI
on: [push, pull_request] # yamllint disable-line rule:truthy
permissions:
contents: read
jobs:
yamllint:
name: yamllint
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v6
- name: Run yamllint
uses: frenck/action-yamllint@v1.5.0
ansible-lint:
name: ansible-lint
prek:
name: Run prek hooks
runs-on: ubuntu-latest
container:
image: docker.io/archlinux:base-devel
steps:
# git must be installed before checkout so it does a proper clone
# (with .git directory) instead of a tarball download.
- name: Install git
run: pacman -Sy --noconfirm git
- name: Check out
uses: actions/checkout@v6
- name: Run ansible-lint
uses: ansible/ansible-lint@v26.1.1
- name: Restore prek cache
uses: actions/cache@v5
with:
args: "roles/custom"
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Run pre-commit
uses: pre-commit/action@v3.0.1
path: var/prek
key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install dependencies
run: pacman -S --noconfirm --needed just mise python
- name: Run prek hooks
run: |
# The checkout action sets safe.directory using its own bundled
# git, which is separate from the pacman-installed git that prek uses.
git config --global --add safe.directory "$GITHUB_WORKSPACE"
just prek-run-on-all

1
.gitignore vendored
View File

@@ -4,6 +4,7 @@
.python-version
.idea/
.direnv/
/var/
# ignore roles pulled by ansible-galaxy
/roles/galaxy/*

20
.pre-commit-config.yaml
View File

@@ -1,17 +1,16 @@
---
default_install_hook_types: [pre-push]
exclude: "LICENSES/"
exclude: "^(LICENSES/|var/)"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-shebang-scripts-are-executable
- id: check-toml
- id: trailing-whitespace
- id: end-of-file-fixer
@@ -24,3 +23,18 @@ repos:
rev: v6.2.0
hooks:
- id: reuse
- repo: https://github.com/ansible/ansible-lint
rev: v26.3.0
hooks:
- id: ansible-lint
files: '^roles/custom/'
args: ['roles/custom']
pass_filenames: false
- repo: local
hooks:
- id: check-examples-vars-migration-version
name: Check examples/vars.yml migration version matches expected
entry: bin/check-examples-vars-migration-version.sh
language: script
files: '(examples/vars\.yml|roles/custom/matrix_playbook_migration/defaults/main\.yml)'
pass_filenames: false

66
CHANGELOG.md
View File

@@ -1,3 +1,69 @@
# 2026-03-23
## Migration validation system introduced
Previously, when updating your setup, you had to remember to read the [CHANGELOG](CHANGELOG.md) file or risk breakage.
Now, the playbook includes a migration validation system that ensures you're aware of breaking changes before they affect your deployment.
You're now forced to acknowledge each breaking change, unless you wish to live dangerously (see below).
A new `matrix_playbook_migration_validated_version` variable has been introduced.
**New users** who started from the [example `vars.yml`](examples/vars.yml) file already have this variable set and do not need to do anything.
**Existing users** will need to add the following to their `vars.yml` file after reviewing all changelog entries up to now:
```yml
matrix_playbook_migration_validated_version: v2026.03.23.0
```
Going forward, whenever a breaking change is introduced the playbook will:
- bump its expected version value (`matrix_playbook_migration_expected_version`), causing a discrepancy with what you validated (`matrix_playbook_migration_validated_version`)
- fail when you run it with a helpful message listing what changed and linking to the relevant changelog entries
After reviewing and adapting your setup, you simply update the variable to the new version.
If you'd like to live dangerously and skip these checks (not recommended), you can set this once and be done with it:
```yml
matrix_playbook_migration_validated_version: "{{ matrix_playbook_migration_expected_version }}"
```
# 2026-03-19
## Matrix Authentication Service now prefers UNIX sockets for playbook-managed Postgres
When [Matrix Authentication Service](docs/configuring-playbook-matrix-authentication-service.md) (MAS) uses the playbook-managed Postgres service, it now connects to it via a [UNIX socket](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
This follows the same approach [applied to Synapse](#synapse-now-prefers-unix-sockets-for-playbook-managed-postgres-and-valkey) and reduces unnecessary container-network wiring, keeping local IPC off the network stack.
If you use an external Postgres server for MAS, this does not change your setup.
If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
```yaml
matrix_authentication_service_config_database_socket_enabled: false
```
# 2026-03-17
## Synapse now prefers UNIX sockets for playbook-managed Postgres and Valkey
When Synapse uses the playbook-managed Postgres and Valkey services, it now connects to them via [UNIX sockets](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
This reduces unnecessary container-network wiring and keeps local IPC off the network stack, which is a bit simpler and slightly more secure.
If you use an external Postgres server or external Redis/Valkey for Synapse, this does not change your setup.
If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
```yaml
matrix_synapse_database_socket_enabled: false
matrix_synapse_redis_path_enabled: false
```
# 2026-03-01
## (Potential BC Break) Synapse S3 media prefix is now applied consistently

35
bin/check-examples-vars-migration-version.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Ensures that the migration validated version in examples/vars.yml
# matches the expected version in the matrix_playbook_migration role defaults.
set -euo pipefail
defaults_file="roles/custom/matrix_playbook_migration/defaults/main.yml"
examples_file="examples/vars.yml"
expected_version=$(grep -oP '^matrix_playbook_migration_expected_version:\s*"?\K[^"]+' "$defaults_file")
examples_version=$(grep -oP '^matrix_playbook_migration_validated_version:\s*"?\K[^"]+' "$examples_file")
if [ -z "$expected_version" ]; then
echo "ERROR: Could not extract matrix_playbook_migration_expected_version from $defaults_file"
exit 1
fi
if [ -z "$examples_version" ]; then
echo "ERROR: Could not extract matrix_playbook_migration_validated_version from $examples_file"
exit 1
fi
if [ "$expected_version" != "$examples_version" ]; then
echo "ERROR: Migration version mismatch!"
echo " $defaults_file has expected version: $expected_version"
echo " $examples_file has validated version: $examples_version"
echo ""
echo "Please update $examples_file to match."
exit 1
fi

0
bin/rebuild-mautrix-meta-instagram.sh Normal file → Executable file
View File

6
docs/configuring-playbook-prometheus-grafana.md
View File

@@ -178,11 +178,11 @@ Name | Description
`matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
`matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
`prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
`prometheus_node_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
`prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
`prometheus_postgres_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
`prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
`prometheus_nginxlog_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
`prometheus_nginxlog_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
### Expose metrics of other services/roles

5
examples/vars.yml
View File

@@ -1,4 +1,9 @@
---
# This variable acknowledges that you've reviewed breaking changes up to this version.
# The playbook will fail if this is outdated, guiding you through what changed.
# See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
matrix_playbook_migration_validated_version: v2026.03.23.0
# The bare domain name which represents your Matrix identity.
# Matrix user IDs for your server will be of the form (`@alice:example.com`).
#

1
flake.nix
View File

@@ -19,6 +19,7 @@
devShells.default = mkShell {
buildInputs = [
just
mise
ansible
];
shellHook = ''

133
group_vars/matrix_servers
View File

@@ -278,7 +278,7 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': (backup_borg_identifier + '.timer'),
'priority': 5000,
'restart_necessary': true,
'restart_necessary': (backup_borg_restart_necessary | bool),
'groups': ['matrix', 'backup', 'borg'],
}] if backup_borg_enabled else [])
+
@@ -383,14 +383,14 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': 'matrix-appservice-kakaotalk.service',
'priority': 2000,
'restart_necessary': true,
'restart_necessary': (matrix_appservice_kakaotalk_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'appservice-kakaotalk'],
}] if matrix_appservice_kakaotalk_enabled else [])
+
([{
'name': 'matrix-appservice-kakaotalk-node.service',
'priority': 1900,
'restart_necessary': true,
'restart_necessary': (matrix_appservice_kakaotalk_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node'],
}] if matrix_appservice_kakaotalk_enabled else [])
+
@@ -404,14 +404,14 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': 'matrix-wechat.service',
'priority': 2000,
'restart_necessary': true,
'restart_necessary': (matrix_wechat_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'wechat'],
}] if matrix_wechat_enabled else [])
+
([{
'name': 'matrix-wechat-agent.service',
'priority': 2000,
'restart_necessary': true,
'restart_necessary': (matrix_wechat_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'wechat'],
}] if matrix_wechat_enabled else [])
+
@@ -621,7 +621,12 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': ('matrix-' + matrix_homeserver_implementation + '.service'),
'priority': matrix_homeserver_systemd_service_manager_priority,
'restart_necessary': true,
'restart_necessary': (
(matrix_conduit_restart_necessary | bool) if matrix_homeserver_implementation == 'conduit'
else (matrix_continuwuity_restart_necessary | bool) if matrix_homeserver_implementation == 'continuwuity'
else (matrix_dendrite_restart_necessary | bool) if matrix_homeserver_implementation == 'dendrite'
else true
),
'groups': ['matrix', 'homeservers', matrix_homeserver_implementation],
}] if matrix_homeserver_enabled else [])
+
@@ -684,28 +689,28 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': (jitsi_identifier + '-web.service'),
'priority': 4200,
'restart_necessary': true,
'restart_necessary': (jitsi_web_restart_necessary | bool),
'groups': ['matrix', 'jitsi', 'jitsi-web'],
}] if jitsi_enabled else [])
+
([{
'name': (jitsi_identifier + '-prosody.service'),
'priority': 4000,
'restart_necessary': true,
'restart_necessary': (jitsi_prosody_restart_necessary | bool),
'groups': ['matrix', 'jitsi', 'jitsi-prosody'],
}] if jitsi_enabled else [])
+
([{
'name': (jitsi_identifier + '-jicofo.service'),
'priority': 4100,
'restart_necessary': true,
'restart_necessary': (jitsi_jicofo_restart_necessary | bool),
'groups': ['matrix', 'jitsi', 'jitsi-jicofo'],
}] if jitsi_enabled else [])
+
([{
'name': (jitsi_identifier + '-jvb.service'),
'priority': 4100,
'restart_necessary': true,
'restart_necessary': (jitsi_jvb_restart_necessary | bool),
'groups': ['matrix', 'jitsi', 'jitsi-jvb'],
}] if jitsi_enabled else [])
+
@@ -719,7 +724,7 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': (matrix_media_repo_identifier + '.service'),
'priority': 4000,
'restart_necessary': true,
'restart_necessary': (matrix_media_repo_restart_necessary | bool),
'groups': ['matrix', 'matrix-media-repo'],
}] if matrix_media_repo_enabled else [])
+
@@ -803,7 +808,7 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': 'matrix-element-call.service',
'priority': 4000,
'restart_necessary': true,
'restart_necessary': (matrix_element_call_restart_necessary | bool),
'groups': ['matrix', 'element-call'],
}] if matrix_element_call_enabled else [])
+
@@ -838,14 +843,14 @@ devture_systemd_service_manager_services_list_auto: |
([{
'name': 'matrix-goofys.service',
'priority': 800,
'restart_necessary': true,
'restart_necessary': (matrix_goofys_restart_necessary | bool),
'groups': ['matrix', 'goofys'],
}] if (matrix_synapse_enabled and matrix_s3_media_store_enabled) else [])
+
([{
'name': 'matrix-synapse-s3-storage-provider-migrate.timer',
'priority': 5000,
'restart_necessary': true,
'restart_necessary': (matrix_synapse_s3_storage_provider_restart_necessary | bool),
'groups': ['matrix'],
}] if (matrix_synapse_enabled and matrix_synapse_ext_synapse_s3_storage_provider_enabled) else [])
+
@@ -1079,9 +1084,18 @@ matrix_authentication_service_enabled: false
matrix_authentication_service_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_authentication_service_path_prefix: /auth
matrix_authentication_service_config_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_playbook_matrix_authentication_service_uses_managed_postgres: "{{ postgres_enabled }}"
matrix_authentication_service_config_database_host: "{{ matrix_authentication_service_config_database_socket_path if matrix_authentication_service_config_database_socket_enabled else (postgres_connection_hostname if matrix_playbook_matrix_authentication_service_uses_managed_postgres else '') }}"
matrix_authentication_service_config_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mas.db') | hash('sha512') | to_uuid }}"
# unix socket connection
matrix_authentication_service_config_database_socket_enabled: "{{ matrix_playbook_matrix_authentication_service_uses_managed_postgres and postgres_container_unix_socket_enabled }}"
# path to the Postgres socket's parent dir inside the MAS container
matrix_authentication_service_config_database_socket_path: "{{ '/run-postgres' if matrix_playbook_matrix_authentication_service_uses_managed_postgres else '' }}"
# path to the Postgres socket on the host
matrix_authentication_service_config_database_socket_path_host: "{{ postgres_run_path if matrix_playbook_matrix_authentication_service_uses_managed_postgres else '' }}"
matrix_authentication_service_config_matrix_homeserver: "{{ matrix_domain }}"
matrix_authentication_service_config_matrix_secret: "{{ (matrix_homeserver_generic_secret_key + ':mas.hs.secret') | hash('sha512') | to_uuid }}"
matrix_authentication_service_config_matrix_endpoint: "{{ matrix_homeserver_container_url }}"
@@ -1114,7 +1128,7 @@ matrix_authentication_service_container_network: "{{ matrix_homeserver_container
matrix_authentication_service_container_additional_networks_auto: |-
{{
(
([postgres_container_network] if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else [])
([postgres_container_network] if (matrix_playbook_matrix_authentication_service_uses_managed_postgres and not matrix_authentication_service_config_database_socket_enabled) else [])
+
([exim_relay_container_network] if (exim_relay_enabled and matrix_authentication_service_config_email_transport == 'smtp' and matrix_authentication_service_config_email_hostname == exim_relay_identifier and matrix_authentication_service_container_network != exim_relay_container_network) else [])
+
@@ -1139,7 +1153,7 @@ matrix_authentication_service_container_labels_internal_compatibility_layer_entr
# We'll put our dependency on the homeserver as a "want", rather than a requirement.
matrix_authentication_service_systemd_required_services_list_auto: |
{{
([postgres_identifier ~ '.service'] if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else [])
([postgres_identifier ~ '.service'] if matrix_playbook_matrix_authentication_service_uses_managed_postgres else [])
}}
# See more information about this homeserver "want" in the comment for `matrix_authentication_service_systemd_required_services_list_auto` above.
@@ -1150,9 +1164,12 @@ matrix_authentication_service_systemd_wanted_services_list_auto: |
([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_authentication_service_config_email_transport == 'smtp' and matrix_authentication_service_config_email_hostname == exim_relay_identifier and matrix_authentication_service_container_network != exim_relay_container_network) else [])
}}
matrix_authentication_service_syn2mas_container_network: "{{ postgres_container_network if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else matrix_authentication_service_container_network }}"
matrix_authentication_service_syn2mas_container_network: "{{ postgres_container_network if (matrix_playbook_matrix_authentication_service_uses_managed_postgres and not matrix_authentication_service_config_database_socket_enabled) else matrix_authentication_service_container_network }}"
matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "{{ matrix_synapse_config_dir_path + '/homeserver.yaml' if matrix_synapse_enabled else '' }}"
matrix_authentication_service_syn2mas_synapse_database_socket_enabled: "{{ matrix_synapse_database_socket_enabled if matrix_synapse_enabled else false }}"
matrix_authentication_service_syn2mas_synapse_database_socket_path: "{{ matrix_synapse_database_socket_path if matrix_synapse_enabled else '' }}"
matrix_authentication_service_syn2mas_synapse_database_socket_path_host: "{{ matrix_synapse_database_socket_path_host if matrix_synapse_enabled else '' }}"
######################################################################
#
@@ -3981,10 +3998,6 @@ postgres_base_path: "{{ matrix_base_data_path }}/postgres"
postgres_uid: "{{ matrix_user_uid }}"
postgres_gid: "{{ matrix_user_gid }}"
# unix socket connection, disabled by default temporarily until properly tested
postgres_container_unix_socket_enabled: false
postgres_cli_use_unix_socket_enabled: false
postgres_allowed_versions_auto: "{{ backup_borg_supported_postgres_versions | map('int') if backup_borg_enabled | default(false) and backup_borg_postgresql_enabled | default(false) else [] }}"
postgres_connection_username: matrix
@@ -4004,7 +4017,7 @@ postgres_managed_databases_auto: |
'name': matrix_synapse_database_database,
'username': matrix_synapse_database_user,
'password': matrix_synapse_database_password,
}] if (matrix_synapse_enabled and matrix_synapse_database_host == postgres_connection_hostname) else [])
}] if (matrix_synapse_enabled and matrix_playbook_synapse_uses_managed_postgres) else [])
+
([{
'name': matrix_dendrite_federation_api_database,
@@ -4048,7 +4061,7 @@ postgres_managed_databases_auto: |
'name': matrix_authentication_service_config_database_database,
'username': matrix_authentication_service_config_database_username,
'password': matrix_authentication_service_config_database_password,
}] if (matrix_authentication_service_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname) else [])
}] if (matrix_authentication_service_enabled and matrix_playbook_matrix_authentication_service_uses_managed_postgres) else [])
+
([{
'name': matrix_bot_matrix_reminder_bot_database_name,
@@ -4752,9 +4765,9 @@ matrix_synapse_container_additional_networks_auto: |
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([postgres_container_network] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else [])
([postgres_container_network] if (matrix_playbook_synapse_uses_managed_postgres and (not matrix_synapse_database_socket_enabled) and postgres_container_network != matrix_synapse_container_network) else [])
+
([valkey_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
([valkey_container_network] if (matrix_playbook_synapse_uses_managed_valkey and (not matrix_synapse_redis_path_enabled) and valkey_container_network != matrix_synapse_container_network) else [])
+
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
+
@@ -4791,18 +4804,23 @@ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: "{{
matrix_synapse_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
# Playbook-level Synapse topology wiring helpers.
matrix_playbook_synapse_uses_managed_postgres: "{{ postgres_enabled }}"
matrix_playbook_synapse_uses_managed_valkey: "{{ matrix_synapse_redis_enabled and valkey_enabled }}"
matrix_playbook_synapse_auto_compressor_uses_managed_postgres: "{{ matrix_playbook_synapse_uses_managed_postgres and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host }}"
# For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}"
matrix_synapse_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_synapse_database_host: "{{ postgres_connection_hostname if matrix_playbook_synapse_uses_managed_postgres else '' }}"
matrix_synapse_database_password: "{{ (matrix_homeserver_generic_secret_key + ':synapse.db') | hash('sha512') | to_uuid }}"
# unix socket connection, disabled by default temporarily until properly tested
matrix_synapse_database_socket_enabled: false
# unix socket connection
matrix_synapse_database_socket_enabled: "{{ matrix_playbook_synapse_uses_managed_postgres and postgres_container_unix_socket_enabled }}"
# path to the Postgres socket's parent dir inside the Synapse container
matrix_synapse_database_socket_path: "{{ '/tmp/postgres' if postgres_enabled else '' }}"
matrix_synapse_database_socket_path: "{{ '/run-postgres' if matrix_playbook_synapse_uses_managed_postgres else '' }}"
# path to the Postgres socket on the host, using Postgres
matrix_synapse_database_socket_path_host: "{{ postgres_run_path if postgres_enabled else '' }}"
matrix_synapse_database_socket_path_host: "{{ postgres_run_path if matrix_playbook_synapse_uses_managed_postgres else '' }}"
matrix_synapse_macaroon_secret_key: "{{ (matrix_homeserver_generic_secret_key + ':synapse.mac') | hash('sha512') | to_uuid }}"
@@ -4834,9 +4852,9 @@ matrix_synapse_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled
matrix_synapse_systemd_required_services_list_auto: |
{{
([postgres_identifier ~ '.service'] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else [])
([postgres_identifier ~ '.service'] if (matrix_playbook_synapse_uses_managed_postgres and postgres_container_network != matrix_synapse_container_network) else [])
+
([valkey_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else [])
([valkey_identifier ~ '.service'] if matrix_playbook_synapse_uses_managed_valkey else [])
+
(['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
+
@@ -4852,17 +4870,17 @@ matrix_synapse_systemd_wanted_services_list_auto: |
# Synapse workers (used for parallel load-scaling) need Redis for IPC.
matrix_synapse_redis_enabled: "{{ valkey_enabled }}"
matrix_synapse_redis_host: "{{ valkey_identifier if valkey_enabled else '' }}"
matrix_synapse_redis_password: "{{ valkey_connection_password if valkey_enabled else '' }}"
matrix_synapse_redis_host: "{{ valkey_identifier if matrix_playbook_synapse_uses_managed_valkey else '' }}"
matrix_synapse_redis_password: "{{ valkey_connection_password if matrix_playbook_synapse_uses_managed_valkey else '' }}"
# unix socket connection, disabled by default temporarily until properly tested
matrix_synapse_redis_path_enabled: false
# unix socket connection
matrix_synapse_redis_path_enabled: "{{ matrix_playbook_synapse_uses_managed_valkey }}"
# path to the Redis socket's parent dir inside the Synapse container
matrix_synapse_redis_path: "{{ '/tmp/valkey' if valkey_enabled else '' }}"
matrix_synapse_redis_path: "{{ '/run-valkey' if matrix_playbook_synapse_uses_managed_valkey else '' }}"
# redis socket filename
matrix_synapse_redis_path_socket: "{{ '/valkey.sock' if valkey_enabled else '' }}"
matrix_synapse_redis_path_socket: "{{ '/valkey.sock' if matrix_playbook_synapse_uses_managed_valkey else '' }}"
# path to the Redis socket on the host, using Valkey
matrix_synapse_redis_path_host: "{{ valkey_run_path if valkey_enabled else '' }}"
matrix_synapse_redis_path_host: "{{ valkey_run_path if matrix_playbook_synapse_uses_managed_valkey else '' }}"
matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
@@ -4958,7 +4976,7 @@ matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ mat
matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if matrix_playbook_synapse_auto_compressor_uses_managed_postgres else 'matrix-synapse-auto-compressor') }}"
matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}"
matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}"
@@ -4968,7 +4986,7 @@ matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_databa
matrix_synapse_auto_compressor_systemd_required_services_list_auto: |
{{
([postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == postgres_container_network) else [])
([postgres_identifier ~ '.service'] if matrix_playbook_synapse_auto_compressor_uses_managed_postgres else [])
}}
######################################################################
@@ -5208,11 +5226,10 @@ prometheus_node_exporter_container_network: "{{ matrix_monitoring_container_netw
prometheus_node_exporter_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_node_exporter_container_labels_metrics_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_node_exporter_container_labels_metrics_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_metrics_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_metrics_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
@@ -5248,14 +5265,13 @@ prometheus_postgres_exporter_container_additional_networks: |
{{
([postgres_container_network] if (postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname and prometheus_postgres_exporter_container_network != postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_traefik_enabled else [])
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_metrics_enabled else [])
}}
prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_postgres_exporter_container_labels_metrics_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_postgres_exporter_container_labels_metrics_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_metrics_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_metrics_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
@@ -5299,14 +5315,13 @@ prometheus_nginxlog_exporter_container_network_deletion_enabled: false
prometheus_nginxlog_exporter_container_additional_networks_auto: |-
{{
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and prometheus_nginxlog_exporter_container_labels_traefik_enabled) else [])
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and prometheus_nginxlog_exporter_container_labels_metrics_enabled) else [])
}}
prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_nginxlog_exporter_container_labels_metrics_enabled: "{{ matrix_metrics_exposure_enabled }}"
prometheus_nginxlog_exporter_container_labels_metrics_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_nginxlog_exporter_container_labels_metrics_entrypoints: "{{ traefik_entrypoint_primary }}"
prometheus_nginxlog_exporter_container_labels_metrics_tls_certResolver: "{{ traefik_certResolver_primary }}"
prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

4
i18n/requirements.txt
View File

@@ -1,7 +1,7 @@
alabaster==1.0.0
babel==2.18.0
certifi==2026.2.25
charset-normalizer==3.4.5
charset-normalizer==3.4.6
click==8.3.1
docutils==0.22.4
idna==3.11
@@ -21,7 +21,7 @@ setuptools==82.0.1
snowballstemmer==3.0.1
Sphinx==9.1.0
sphinx-intl==2.3.2
sphinx-markdown-builder==0.6.9
sphinx-markdown-builder==0.6.10
sphinxcontrib-applehelp==2.0.0
sphinxcontrib-devhelp==2.0.0
sphinxcontrib-htmlhelp==2.1.0

7444
i18n/translation-templates/CHANGELOG.pot
View File

File diff suppressed because it is too large Load Diff

114
i18n/translation-templates/README.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -244,6 +244,14 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-client-cinny.md)"
msgstr ""
#: ../../../README.md:0
msgid "[Sable](https://github.com/7w1/sable)"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-client-sable.md)"
msgstr ""
#: ../../../README.md:0
msgid "[SchildiChat Web](https://schildi.chat/)"
msgstr ""
@@ -268,11 +276,11 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-client-fluffychat-web.md)"
msgstr ""
#: ../../../README.md:70
#: ../../../README.md:71
msgid "Server Components"
msgstr ""
#: ../../../README.md:72
#: ../../../README.md:73
msgid "Services that run on the server to make the various parts of your installation work."
msgstr ""
@@ -288,18 +296,6 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-external-postgres.md)"
msgstr ""
#: ../../../README.md:0
msgid "[coturn](https://github.com/coturn/coturn)"
msgstr ""
#: ../../../README.md:0
msgid "STUN/TURN server for WebRTC audio/video calls"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-turn.md)"
msgstr ""
#: ../../../README.md:0
msgid "[Traefik](https://doc.traefik.io/traefik/)"
msgstr ""
@@ -336,6 +332,18 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-email.md)"
msgstr ""
#: ../../../README.md:0
msgid "[coturn](https://github.com/coturn/coturn)"
msgstr ""
#: ../../../README.md:0
msgid "STUN/TURN server for WebRTC audio/video calls"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-turn.md)"
msgstr ""
#: ../../../README.md:0
msgid "[ddclient](https://github.com/linuxserver/docker-ddclient)"
msgstr ""
@@ -349,27 +357,15 @@ msgid "[Link](docs/configuring-playbook-dynamic-dns.md)"
msgstr ""
#: ../../../README.md:0
msgid "[LiveKit Server](https://github.com/livekit/livekit)"
msgid "Matrix RTC stack"
msgstr ""
#: ../../../README.md:0
msgid "WebRTC server for audio/video calls"
msgid "Supporting components ([LiveKit Server](docs/configuring-playbook-livekit-server.md) and [LiveKit JWT Service](docs/configuring-playbook-livekit-jwt-service.md)) for in-app audio/video calls for Matrix clients"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-livekit-server.md)"
msgstr ""
#: ../../../README.md:0
msgid "[Livekit JWT Service](https://github.com/livekit/livekit-jwt-service)"
msgstr ""
#: ../../../README.md:0
msgid "JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md)"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-livekit-jwt-service.md)"
msgid "[Link](docs/configuring-playbook-matrix-rtc.md)"
msgstr ""
#: ../../../README.md:85
@@ -692,14 +688,6 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-bridge-appservice-discord.md)"
msgstr ""
#: ../../../README.md:0
msgid "[matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack)"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-bridge-appservice-slack.md)"
msgstr ""
#: ../../../README.md:0
msgid "[matrix-hookshot](https://github.com/matrix-org/matrix-hookshot)"
msgstr ""
@@ -796,11 +784,11 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-bridge-postmoogle.md)"
msgstr ""
#: ../../../README.md:140
#: ../../../README.md:139
msgid "Bots"
msgstr ""
#: ../../../README.md:142
#: ../../../README.md:141
msgid "Bots provide various additional functionality to your installation."
msgstr ""
@@ -900,11 +888,11 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-bot-buscarron.md)"
msgstr ""
#: ../../../README.md:155
#: ../../../README.md:154
msgid "Administration"
msgstr ""
#: ../../../README.md:157
#: ../../../README.md:156
msgid "Services that help you in administrating and monitoring your Matrix installation."
msgstr ""
@@ -992,26 +980,14 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-synapse-usage-exporter.md)"
msgstr ""
#: ../../../README.md:169
#: ../../../README.md:168
msgid "Misc"
msgstr ""
#: ../../../README.md:171
#: ../../../README.md:170
msgid "Various services that don't fit any other categories."
msgstr ""
#: ../../../README.md:0
msgid "[synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite)"
msgstr ""
#: ../../../README.md:0
msgid "Synapse module to automatically accept invites"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-synapse-auto-accept-invite.md)"
msgstr ""
#: ../../../README.md:0
msgid "[synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor)"
msgstr ""
@@ -1132,54 +1108,54 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-element-call.md)"
msgstr ""
#: ../../../README.md:187
#: ../../../README.md:185
msgid "🆕 Changes"
msgstr ""
#: ../../../README.md:189
#: ../../../README.md:187
msgid "This playbook evolves over time, sometimes with backward-incompatible changes."
msgstr ""
#: ../../../README.md:191
#: ../../../README.md:189
msgid "When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up with what's new."
msgstr ""
#: ../../../README.md:193
#: ../../../README.md:191
msgid "🆘 Support"
msgstr ""
#: ../../../README.md:195
#: ../../../README.md:193
msgid "Matrix room: [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com)"
msgstr ""
#: ../../../README.md:197
#: ../../../README.md:195
msgid "IRC channel: `#matrix-docker-ansible-deploy` on the [Libera Chat](https://libera.chat/) IRC network (irc.libera.chat:6697)"
msgstr ""
#: ../../../README.md:199
#: ../../../README.md:197
msgid "GitHub issues: [spantaleev/matrix-docker-ansible-deploy/issues](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues)"
msgstr ""
#: ../../../README.md:201
#: ../../../README.md:199
msgid "🌐 Translation"
msgstr ""
#: ../../../README.md:203
#: ../../../README.md:201
msgid "See the [i18n/README.md](i18n/README.md) file for more information about translation."
msgstr ""
#: ../../../README.md:205
#: ../../../README.md:203
msgid "Translations are still work in progress."
msgstr ""
#: ../../../README.md:207
#: ../../../README.md:205
msgid "🤝 Related"
msgstr ""
#: ../../../README.md:209
#: ../../../README.md:207
msgid "You may also be interested in [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) - another Ansible playbook for self-hosting non-Matrix services (see its [List of supported services](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md))."
msgstr ""
#: ../../../README.md:211
#: ../../../README.md:209
msgid "mash-playbook also makes use of [Traefik](./docs/configuring-playbook-traefik.md) as its reverse-proxy, so with minor [interoperability adjustments](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md), you can make matrix-docker-ansible-deploy and mash-playbook co-exist and host Matrix and non-Matrix services on the same server."
msgstr ""

230
i18n/translation-templates/docs/configuring-playbook-bot-baibot.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -80,369 +80,393 @@ msgstr ""
msgid "To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:78
#: ../../../docs/configuring-playbook-bot-baibot.md:42
msgid "Authentication can be configured in one of two mutually-exclusive ways:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:44
msgid "**Password authentication** (`matrix_bot_baibot_config_user_password`) - recommended for most playbook-managed setups, because it integrates with automatic user creation flow used by the playbook, and auto-creates the bot account"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:45
msgid "**Access-token authentication** (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) - useful for specific [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md)/OIDC setups where password authentication is not available or not desired"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:47
msgid "Even when [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) is enabled, password authentication is still typically the best fit for baibot if you're using a playbook-managed bot account."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:49
msgid "For upstream details, see baibot's [🔐 Authentication](https://github.com/etkecc/baibot/blob/main/docs/configuration/authentication.md) documentation."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:97
msgid "As mentioned above, **this may not be enough**. Continue with the configuration sections below."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:80
#: ../../../docs/configuring-playbook-bot-baibot.md:99
msgid "👮‍♂️ Administrator configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:82
#: ../../../docs/configuring-playbook-bot-baibot.md:106
#: ../../../docs/configuring-playbook-bot-baibot.md:101
#: ../../../docs/configuring-playbook-bot-baibot.md:125
msgid "This is an addition to the [base configuration](#base-configuration)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:84
#: ../../../docs/configuring-playbook-bot-baibot.md:103
msgid "To specify who is considered a bot [👮‍♂️ Administrator](https://github.com/etkecc/baibot/blob/main/docs/access.md#administrators), you either need to specify `matrix_bot_baibot_config_access_admin_patterns` or `matrix_admin`. The latter is a single variable which affects all bridges and bots."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:86
#: ../../../docs/configuring-playbook-bot-baibot.md:105
msgid "If `matrix_admin` is already configured in your `vars.yml` configuration, you can skip this section."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:88
#: ../../../docs/configuring-playbook-bot-baibot.md:117
#: ../../../docs/configuring-playbook-bot-baibot.md:107
#: ../../../docs/configuring-playbook-bot-baibot.md:136
msgid "**If necessary**, add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:102
#: ../../../docs/configuring-playbook-bot-baibot.md:121
msgid "👥 Initial users configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:104
#: ../../../docs/configuring-playbook-bot-baibot.md:123
msgid "By default, **all users on your homeserver are considered allowed users**. If that's OK, you can skip this section."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:108
#: ../../../docs/configuring-playbook-bot-baibot.md:127
msgid "To specify who is considered a bot [👥 User](https://github.com/etkecc/baibot/blob/main/docs/access.md#user), you may:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:110
#: ../../../docs/configuring-playbook-bot-baibot.md:129
msgid "define an **initial** value for `matrix_bot_baibot_config_initial_global_config_user_patterns` Ansible variable, as shown below"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:111
#: ../../../docs/configuring-playbook-bot-baibot.md:130
msgid "configure the list at runtime via the bot's `!bai access set-users SPACE_SEPARATED_PATTERNS` command"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:113
#: ../../../docs/configuring-playbook-bot-baibot.md:132
msgid "Configuring `matrix_bot_baibot_config_initial_global_config_user_patterns` is optional, but it can be useful to pre-configure the bot with a list of users who should have access to the bot's features."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:115
#: ../../../docs/configuring-playbook-bot-baibot.md:134
msgid "**Note**: Once initially configured, the allowed users list **cannot be managed via Ansible anymore**. It can only be managed subsequently via bot commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:129
#: ../../../docs/configuring-playbook-bot-baibot.md:148
msgid "🤖 Configuring agents via Ansible"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:131
#: ../../../docs/configuring-playbook-bot-baibot.md:150
msgid "You are **not required** to define agents [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration) via Ansible. **To get started quickly**, you can **skip this section and define agents at runtime via chat commands** (following the bot's guidance)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:133
#: ../../../docs/configuring-playbook-bot-baibot.md:152
msgid "Privileged users (like the [👮‍♂️ Administrator](#-administrator-configuration), but potentially others too — see the upstream [🔒 access](https://github.com/etkecc/baibot/blob/main/docs/access.md) documentation) can **define agents dynamically at any time** via chat commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:135
#: ../../../docs/configuring-playbook-bot-baibot.md:154
msgid "The Ansible role includes preset variables for easily enabling some [🤖 agents](https://github.com/etkecc/baibot/blob/main/docs/agents.md) on various [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md) (e.g. OpenAI, etc)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:137
#: ../../../docs/configuring-playbook-bot-baibot.md:156
msgid "Besides the presets, the Ansible role also includes support for configuring additional statically-defined agents via the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:139
#: ../../../docs/configuring-playbook-bot-baibot.md:158
msgid "Agents defined statically and those created dynamically (via chat) are named differently, so **conflict cannot arise**."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:141
#: ../../../docs/configuring-playbook-bot-baibot.md:160
msgid "Depending on your propensity for [GitOps](https://en.wikipedia.org/wiki/DevOps#GitOps), you may prefer to define agents statically via Ansible, or you may wish to do it dynamically via chat."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:143
#: ../../../docs/configuring-playbook-bot-baibot.md:162
msgid "Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider). In short, it's probably best to go with [OpenAI](#openai)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:145
#: ../../../docs/configuring-playbook-bot-baibot.md:164
msgid "Anthropic"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:147
#: ../../../docs/configuring-playbook-bot-baibot.md:166
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Anthropic provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#anthropic) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:149
#: ../../../docs/configuring-playbook-bot-baibot.md:173
#: ../../../docs/configuring-playbook-bot-baibot.md:204
#: ../../../docs/configuring-playbook-bot-baibot.md:232
#: ../../../docs/configuring-playbook-bot-baibot.md:168
#: ../../../docs/configuring-playbook-bot-baibot.md:192
#: ../../../docs/configuring-playbook-bot-baibot.md:223
#: ../../../docs/configuring-playbook-bot-baibot.md:251
msgid "Here's an example **addition** to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:165
#: ../../../docs/configuring-playbook-bot-baibot.md:196
#: ../../../docs/configuring-playbook-bot-baibot.md:222
#: ../../../docs/configuring-playbook-bot-baibot.md:256
#: ../../../docs/configuring-playbook-bot-baibot.md:184
#: ../../../docs/configuring-playbook-bot-baibot.md:215
#: ../../../docs/configuring-playbook-bot-baibot.md:241
#: ../../../docs/configuring-playbook-bot-baibot.md:275
msgid "If you'd like to use more than one model, take a look at the [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset) section below."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:167
#: ../../../docs/configuring-playbook-bot-baibot.md:198
#: ../../../docs/configuring-playbook-bot-baibot.md:224
#: ../../../docs/configuring-playbook-bot-baibot.md:258
#: ../../../docs/configuring-playbook-bot-baibot.md:186
#: ../../../docs/configuring-playbook-bot-baibot.md:217
#: ../../../docs/configuring-playbook-bot-baibot.md:243
#: ../../../docs/configuring-playbook-bot-baibot.md:277
msgid "💡 You may also wish to use this new agent for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:169
#: ../../../docs/configuring-playbook-bot-baibot.md:188
msgid "Groq"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:171
#: ../../../docs/configuring-playbook-bot-baibot.md:190
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Groq provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#groq) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:194
#: ../../../docs/configuring-playbook-bot-baibot.md:213
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/groq`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:200
#: ../../../docs/configuring-playbook-bot-baibot.md:219
msgid "Mistral"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:202
#: ../../../docs/configuring-playbook-bot-baibot.md:221
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [🇫🇷 Mistral provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#mistral) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:220
#: ../../../docs/configuring-playbook-bot-baibot.md:239
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/mistral`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:226
#: ../../../docs/configuring-playbook-bot-baibot.md:245
msgid "OpenAI"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:228
#: ../../../docs/configuring-playbook-bot-baibot.md:247
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:230
#: ../../../docs/configuring-playbook-bot-baibot.md:249
msgid "The OpenAI provider is **only meant to be used with OpenAI's official API** and compatibility with other services (which do not fully adhere to the OpenAI API spec completely) is limited. **If you're targeting an OpenAI-compatible service**, use the [OpenAI Compatible](#openai-compatible) provider instead."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:254
#: ../../../docs/configuring-playbook-bot-baibot.md:273
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:260
#: ../../../docs/configuring-playbook-bot-baibot.md:279
msgid "OpenAI Compatible"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:262
#: ../../../docs/configuring-playbook-bot-baibot.md:281
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI Compatible provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai-compatible) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:264
#: ../../../docs/configuring-playbook-bot-baibot.md:283
msgid "This provider allows you to use OpenAI-compatible API services like [OpenRouter](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openrouter), [Together AI](https://github.com/etkecc/baibot/blob/main/docs/providers.md#together-ai), etc."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:266
#: ../../../docs/configuring-playbook-bot-baibot.md:285
msgid "Some of these popular services already have **shortcut** providers (see [supported providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md#supported-providers) leading to this one behind the scenes — this make it easier to get started."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:268
#: ../../../docs/configuring-playbook-bot-baibot.md:287
msgid "As of this moment, the playbook does not include presets for any of these services, so you'll need to [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:270
#: ../../../docs/configuring-playbook-bot-baibot.md:289
msgid "Configuring additional agents (without a preset)"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:272
#: ../../../docs/configuring-playbook-bot-baibot.md:291
msgid "The Ansible role may be lacking preset variables for some [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md), or you may wish to statically-define an agent on the same provider twice (or more) with different configuration."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:274
#: ../../../docs/configuring-playbook-bot-baibot.md:293
msgid "It's possible to inject your own agent configuration using the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:276
#: ../../../docs/configuring-playbook-bot-baibot.md:295
msgid "You can also define providers at runtime, by chatting with the bot, so using Ansible is not a requirement."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:278
#: ../../../docs/configuring-playbook-bot-baibot.md:297
msgid "Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:317
#: ../../../docs/configuring-playbook-bot-baibot.md:336
msgid "Because these are [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agents, they will be given a `static/` ID prefix and will be named `static/my-openai-gpt-3.5-turbo-agent` and `static/my-ollama-agent`, respectively."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:319
#: ../../../docs/configuring-playbook-bot-baibot.md:338
msgid "💡 To figure out what to put in the `config` section, refer to the [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md) page, which contains **sample configuration YAML for each provider**."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:321
#: ../../../docs/configuring-playbook-bot-baibot.md:340
msgid "As with any [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md), defining them means they exist. To actually make use of them, they need to be configured as handlers globally or in a specific room — see [Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:323
#: ../../../docs/configuring-playbook-bot-baibot.md:342
msgid "💡 You may also wish to use these new agents for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:325
#: ../../../docs/configuring-playbook-bot-baibot.md:344
msgid "🤝 Configuring initial default handlers"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:327
#: ../../../docs/configuring-playbook-bot-baibot.md:346
msgid "This section is only useful if you're [🤖 Configuring agents via Ansible](#-configuring-agents-via-ansible), as it lets you put these agents to use as soon as the bot starts (by adjusting the bot's **initial global configuration**)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:329
#: ../../../docs/configuring-playbook-bot-baibot.md:348
msgid "If you're not configuring agents via Ansible, you can skip this section."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:331
#: ../../../docs/configuring-playbook-bot-baibot.md:350
msgid "This section is only useful the first time around. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:333
#: ../../../docs/configuring-playbook-bot-baibot.md:352
msgid "baibot supports [various purposes](https://github.com/etkecc/baibot/blob/main/docs/features.md):"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:335
#: ../../../docs/configuring-playbook-bot-baibot.md:354
msgid "[💬 text-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-generation): communicating with you via text"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:337
#: ../../../docs/configuring-playbook-bot-baibot.md:356
msgid "[🦻 speech-to-text](https://github.com/etkecc/baibot/blob/main/docs/features.md#-speech-to-text): turning your voice messages into text"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:339
#: ../../../docs/configuring-playbook-bot-baibot.md:358
msgid "[🗣️ text-to-speech](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-to-speech): turning bot or users text messages into voice messages"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:341
#: ../../../docs/configuring-playbook-bot-baibot.md:360
msgid "[🖌️ image-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-image-generation): generating images based on instructions"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:343
#: ../../../docs/configuring-playbook-bot-baibot.md:362
msgid "❓ catch-all: special purposes, indicating use as a fallback (when no specific handler is configured)"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:345
#: ../../../docs/configuring-playbook-bot-baibot.md:364
msgid "[Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models) is made possible by the bot's ability to have different [🤝 handlers](https://github.com/etkecc/baibot/blob/main/docs/configuration/handlers.md) configured for different purposes."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:347
#: ../../../docs/configuring-playbook-bot-baibot.md:366
msgid "This configuration can be done as a global fallback, or per-room. Both of these [🛠️ configurations](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md) are managed at runtime (viat chat), but **the global configuration can have some initial defaults configured via Ansible**."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:349
#: ../../../docs/configuring-playbook-bot-baibot.md:368
msgid "You can configure the **initial values** for these via Ansible, via the `matrix_bot_baibot_config_initial_global_config_handler_*` variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:351
#: ../../../docs/configuring-playbook-bot-baibot.md:370
msgid "Example **additional** `vars.yml` configuration:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:368
#: ../../../docs/configuring-playbook-bot-baibot.md:387
msgid "**Note**: these are initial defaults for the bot's global configuration. As such, changing any of these values subsequently has no effect on the bot's behavior. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:370
#: ../../../docs/configuring-playbook-bot-baibot.md:389
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:372
#: ../../../docs/configuring-playbook-bot-baibot.md:391
msgid "There are some additional things you may wish to configure about the bot."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:374
#: ../../../docs/configuring-playbook-bot-baibot.md:393
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:376
#: ../../../docs/configuring-playbook-bot-baibot.md:395
msgid "`roles/custom/matrix-bot-baibot/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:377
#: ../../../docs/configuring-playbook-bot-baibot.md:396
msgid "`roles/custom/matrix-bot-baibot/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_baibot_configuration_extension_yaml` variable"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:379
#: ../../../docs/configuring-playbook-bot-baibot.md:398
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:381
#: ../../../docs/configuring-playbook-bot-baibot.md:400
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:388
#: ../../../docs/configuring-playbook-bot-baibot.md:407
msgid "**Notes**:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:390
msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account."
#: ../../../docs/configuring-playbook-bot-baibot.md:409
msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:392
#: ../../../docs/configuring-playbook-bot-baibot.md:411
msgid "If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:413
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:394
#: ../../../docs/configuring-playbook-bot-baibot.md:415
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:396
msgid "If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password."
#: ../../../docs/configuring-playbook-bot-baibot.md:417
msgid "If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:398
#: ../../../docs/configuring-playbook-bot-baibot.md:419
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:400
#: ../../../docs/configuring-playbook-bot-baibot.md:421
msgid "To use the bot, invite it to any existing Matrix room (`/invite @baibot:example.com` where `example.com` is your base domain, not the `matrix.` domain)."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:402
#: ../../../docs/configuring-playbook-bot-baibot.md:423
msgid "If you're an allowed bot [👥 user](https://github.com/etkecc/baibot/blob/main/docs/access.md#user) (see [👥 Initial users configuration](#-initial-users-configuration)), the bot will accept your invitation and join the room."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:404
#: ../../../docs/configuring-playbook-bot-baibot.md:425
msgid "After joining, the bot will introduce itself and show information about the [✨ features](https://github.com/etkecc/baibot/blob/main/docs/features.md) that are enabled for it."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:406
#: ../../../docs/configuring-playbook-bot-baibot.md:427
msgid "If you've [🤖 configured one or more agents via Ansible](#-configuring-agents-via-ansible) and have [🤝 configured initial default handlers](#configuring-initial-default-handlers), the bot will immediately be able to make use of these agents for this new room. Otherwise, you will need to configure agents and/or handlers via chat commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:408
#: ../../../docs/configuring-playbook-bot-baibot.md:429
msgid "Send `!bai help` to the bot in the room to see the available commands."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:410
#: ../../../docs/configuring-playbook-bot-baibot.md:431
msgid "You can also refer to the upstream [baibot](https://github.com/etkecc/baibot) project's documentation."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:412
#: ../../../docs/configuring-playbook-bot-baibot.md:433
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:414
#: ../../../docs/configuring-playbook-bot-baibot.md:435
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-baibot`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:416
#: ../../../docs/configuring-playbook-bot-baibot.md:437
msgid "Increase logging verbosity"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:418
#: ../../../docs/configuring-playbook-bot-baibot.md:439
msgid "The default logging level for this service is `info`. If you want to increase the verbosity to `debug` (or even `trace`), add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:432
#: ../../../docs/configuring-playbook-bot-baibot.md:453
msgid "**Alternatively**, you can use a single variable to set the logging level for all of the above (bot + all libraries):"
msgstr ""

232
i18n/translation-templates/docs/configuring-playbook-bridge-appservice-slack.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,242 +16,22 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:12
msgid "Setting up Appservice Slack bridging (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:14
msgid "**Notes**:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:15
msgid "Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:16
msgid "Currently (as of November, 2024) **this component is not available for new installation unless you have already created a classic Slack application** (which the bridge makes use of in order to enable bridging between Slack and Matrix), because the creation of classic Slack applications has been discontinued since June 4 2024. The author of the bridge claims [here](https://github.com/matrix-org/matrix-appservice-slack/issues/789#issuecomment-2172947787) that he plans to support the modern Slack application and until then \"the best (and only) option for new installations is to use the webhook bridging\"."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:18
msgid "The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:20
msgid "See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:22
msgid "Prerequisites"
msgid "Setting up Appservice Slack bridging (optional, removed)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:24
msgid "Create a Classic Slack App"
msgid "🪦 The playbook used to be able to install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack), but no longer includes this component, as it had been unavailable for new installation since 2024, and was finally abandoned because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:26
msgid "First, you need to create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1)."
msgid "**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:28
msgid "Name the app \"matrixbot\" (or anything else you'll remember). Select the team/workspace this app will belong to. Click on bot users and add a new bot user. We will use this account to bridge the the rooms."
msgid "Uninstalling the component manually"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:30
msgid "Then, click on Event Subscriptions and enable them and use the request url: `https://matrix.example.com/appservice-slack`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:32
msgid "Add the following events as `Bot User Events` and save:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:34
msgid "team_domain_change"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:35
msgid "message.channels"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:36
msgid "message.groups (if you want to bridge private channels)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:37
msgid "reaction_added"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:38
msgid "reaction_removed"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:40
msgid "Next, click on \"OAuth & Permissions\" and add the following scopes:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:42
msgid "chat:write:bot"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:43
msgid "users:read"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:44
msgid "reactions:write"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:45
msgid "files:write:user (if you want to bridge files)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:47
msgid "**Note**: In order to make Slack files visible to Matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:49
msgid "Click on \"Install App\" and \"Install App to Workspace\". Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:51
msgid "Create an administration control room on Matrix"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:53
msgid "Create a new Matrix room to act as the administration control room."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:55
msgid "Note its internal room ID. This can be done in Element Web by sending a message, opening the options for that message and choosing \"view source\". The room ID will be displayed near the top."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:57
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:59
msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:75
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:77
msgid "There are some additional things you may wish to configure about the bridge."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:79
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:81
msgid "`roles/custom/matrix-bridge-appservice-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:82
msgid "`roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_slack_configuration_extension_yaml` variable"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:84
msgid "For example, to change the bot's username from `slackbot`, add the following configuration to your `vars.yml` file. Replace `examplebot` with your own."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:91
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:93
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:100
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:102
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:104
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:106
msgid "To use the bridge, you need to send `/invite @slackbot:example.com` to invite the bridge bot user into the admin room."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:108
msgid "If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:110
msgid "Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID — it will look something like `!qporfwt:example.com`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:111
msgid "Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for Slack and `/invite @slackbot:example.com` for Matrix."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:112
msgid "Determine the \"channel ID\" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel ID>/details/`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:113
msgid "Issue a link command in the administration control room with these collected values as arguments:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:115
msgid "with file bridging:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:121
msgid "without file bridging:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:127
msgid "These arguments can be shortened to single-letter forms:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:133
msgid "Unlinking"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:135
msgid "Channels can be unlinked again by sending this:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:141
msgid "Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged Matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:143
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:145
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-appservice-slack`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:147
msgid "Linking: \"Room is now pending-name\""
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:149
msgid "This typically means that you haven't used the correct Slack channel ID. Unlink the room and recheck 'Determine the \"channel ID\"' from above."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:151
msgid "Messages work from Matrix to Slack, but not the other way around"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:153
msgid "Check the logs, and if you find the message like below, unlink your room, reinvite the bot and re-link it again."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:155
msgid "`WARN SlackEventHandler Ignoring message from unrecognised Slack channel ID : %s (%s) <the channel ID> <some other ID>`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-appservice-slack.md:157
msgid "This may particularly hit you, if you tried to unsuccessfully link your room multiple times without unlinking it after each failed attempt."
msgid "If you still have matrix-appservice-slack installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:"
msgstr ""

94
i18n/translation-templates/docs/configuring-playbook-bridge-mautrix-discord.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,130 +28,146 @@ msgstr ""
msgid "**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:18
msgid "For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:19
msgid "For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:21
msgid "The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:23
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:21
msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:25
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:23
msgid "Prerequisites"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:25
msgid "There are 3 ways to login to discord using this bridge, either by [scanning a QR code](https://docs.mau.fi/bridges/go/discord/authentication.html#qr-login) using the Discord mobile app, by using a [Discord token](https://docs.mau.fi/bridges/go/discord/authentication.html#token-login), **or** by using a [Discord bot token](https://docs.mau.fi/bridges/go/discord/authentication.html#bot-token-login)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:27
msgid "There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended)."
msgid "⚠️ QR code login is considered a self-bot and is forbidden by Discord. It can result in an account termination. See the [Discord policy](https://support.discord.com/hc/en-us/articles/115002192352-Automated-User-Accounts-Self-Bots)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:29
msgid "If this is a dealbreaker for you, consider using [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). This comes with its own complexity and limitations, however, so we recommend that you proceed with this one if possible."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:31
msgid "Enable Appservice Double Puppet or Shared Secret Auth (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:33
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:31
msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:35
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:33
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:37
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:35
msgid "**Note**: double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:39
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:37
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:41
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:39
msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:47
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:45
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:49
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:47
msgid "There are some additional things you may wish to configure about the bridge."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:52
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:50
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:54
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:52
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:56
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:54
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:63
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:61
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:65
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:63
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:67
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:65
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:69
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:67
msgid "To use the bridge, you need to start a chat with `@discordbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:71
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:69
msgid "You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/discord/authentication.html)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:73
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:71
msgid "After logging in, the bridge will create portal rooms for some recent direct messages."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:75
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:73
msgid "Bridge guilds"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:77
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:75
msgid "If you'd like to bridge guilds, send `guilds status` to see the list of guilds, then send `guilds bridge GUILD_ID_HERE` for each guild that you'd like bridged. Make sure to replace `GUILD_ID_HERE` with the guild's ID."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:79
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:77
msgid "After bridging, spaces will be created automatically, and rooms will be created if necessary when messages are received. You can also pass `--entire` to the bridge command to immediately create all rooms."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:81
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:79
msgid "If you want to manually bridge channels, invite the bot to the room you want to bridge, and run `!discord bridge CHANNEL_ID_HERE` to bridge the room. Make sure to replace `CHANNEL_ID_HERE` with the channel's ID."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:81
msgid "Enable relay"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:83
msgid "Troubleshooting"
msgid "The bridge supports using Discord's webhook feature to relay messages from Matrix users who haven't logged into the bridge."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:85
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-discord`."
msgid "In a room that has already been bridged, run `!discord set-relay --create`. The bridge will then create a webhook in the bridged discord channel and begin relaying messages. If the discord user does not have access to manage webhooks, run `!discord set-relay --url <url>` with the url of an already created webhook. (See Discords [Intro to webhooks](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks))"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:87
msgid "Increase logging verbosity"
msgid "More information on relaying is available on the [official documentation](https://docs.mau.fi/bridges/go/discord/relay.html)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:89
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:91
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-discord`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:93
msgid "Increase logging verbosity"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:95
msgid "The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:102
msgid "Command requires room admin rights when user is creator"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-discord.md:104
msgid "[MSC4289](https://github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/4289-privilege-creators.md), introduced in [room version 12](https://spec.matrix.org/unstable/rooms/v12/), gives creators an infinitley high powerlevel. At the time of implementation, mautrix-discord and similar applications may not identify creators as or above admins. Either a separate admin user will need to manage the bridge or the room version should be less than version 12."
msgstr ""

66
i18n/translation-templates/docs/configuring-playbook-bridge-mautrix-slack.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,117 +25,105 @@ msgid "<sup>Refer the common guide for configuring mautrix bridges: [Setting up
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:14
msgid "**Note**: bridging to [Slack](https://slack.com/) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:15
msgid "For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. Note that it is not available for new installation unless you have already created a classic Slack application, because the creation of classic Slack applications, which this bridge makes use of, has been discontinued."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:16
msgid "For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:18
msgid "The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:20
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:16
msgid "See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:22
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:18
msgid "See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:24
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:20
msgid "Prerequisites"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:26
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:22
msgid "For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:28
msgid "Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel."
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:24
msgid "Note that neither of these methods are officially supported by Slack."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:30
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:26
msgid "Enable Appservice Double Puppet (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:32
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:28
msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:34
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:30
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:36
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:32
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:38
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:34
msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:44
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:40
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:46
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:42
msgid "There are some additional things you may wish to configure about the bridge."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:48
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:44
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:50
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:46
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:52
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:48
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:59
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:55
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:61
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:57
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:63
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:59
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:65
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:61
msgid "To use the bridge, you need to start a chat with `@slackbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:67
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:63
msgid "You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/slack/authentication.html)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:69
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:65
msgid "If you authenticated using a token, the recent chats will be bridged automatically (depending on the `conversation_count` setting). Otherwise (i.e. logging with the Discord application), the chats the bot is in will be bridged automatically."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:71
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:67
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:73
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:69
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-mautrix-slack`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:75
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:71
msgid "Increase logging verbosity"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:77
#: ../../../docs/configuring-playbook-bridge-mautrix-slack.md:73
msgid "The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr ""

113
i18n/translation-templates/docs/configuring-playbook-client-sable.pot Normal file
View File

@@ -0,0 +1,113 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-client-sable.md:9
msgid "Setting up Sable (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:11
msgid "The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:13
msgid "Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:15
msgid "Adjusting DNS records"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:17
msgid "By default, this playbook installs Sable on the `sable.` subdomain (`sable.example.com`) and requires you to create a CNAME record for `sable`, which targets `matrix.example.com`."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:19
msgid "When setting, replace `example.com` with your own."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:21
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:23
msgid "To enable Sable, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:29
msgid "Adjusting the Sable URL (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:31
msgid "By tweaking the `sable_hostname` variable, you can easily make the service available at a **different hostname** than the default one."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:33
msgid "Example additional configuration for your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:43
msgid "After changing the domain, **you may need to adjust your DNS** records to point the Sable domain to the Matrix server."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:45
msgid "**Note**: while there is a `sable_path_prefix` variable for changing the path where Sable is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Sable requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Sable at a dedicated subdomain."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:47
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:49
msgid "There are some additional things you may wish to configure about the component."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:51
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:53
msgid "`roles/galaxy/sable/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:54
msgid "`roles/galaxy/sable/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `sable_configuration_extension_json` variable"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:56
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:58
msgid "After configuring the playbook and [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:65
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:67
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:69
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-client-sable.md:71
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-sable`."
msgstr ""

46
i18n/translation-templates/docs/configuring-playbook-continuwuity.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,69 +93,69 @@ msgid "Unlike other homeserver implementations (like Synapse and Dendrite), cont
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:61
msgid "If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:63
msgid "This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:65
msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**."
msgid "On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:68
msgid "Configuring bridges / appservices"
msgid "Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:70
msgid "The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:73
msgid "Configuring bridges / appservices"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:75
msgid "For other homeserver implementations (like Synapse and Dendrite), the playbook automatically registers appservices (for bridges, bots, etc.) with the homeserver."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:72
#: ../../../docs/configuring-playbook-continuwuity.md:77
msgid "For continuwuity, you will have to manually register appservices using the [`!admin appservices register` command](https://continuwuity.org/appservices.html#set-up-the-appservice---general-instructions) sent to the server bot account."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:74
#: ../../../docs/configuring-playbook-continuwuity.md:79
msgid "The server's bot account has a Matrix ID of `@conduit:example.com` (not `@continuwuity:example.com`!) due to continuwuity's historical legacy. Your first user account would already have been invited to an admin room with this bot."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:77
#: ../../../docs/configuring-playbook-continuwuity.md:82
msgid "Find the appservice file you'd like to register. This can be any `registration.yaml` file found in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:79
#: ../../../docs/configuring-playbook-continuwuity.md:84
msgid "Then, send its content to the existing admin room:"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:103
#: ../../../docs/configuring-playbook-continuwuity.md:108
msgid "Migrating from conduwuit"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:105
#: ../../../docs/configuring-playbook-continuwuity.md:110
msgid "Since Continuwuity is a drop-in replacement for [conduwuit](configuring-playbook-conduwuit.md), migration is possible."
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:107
#: ../../../docs/configuring-playbook-continuwuity.md:112
msgid "Make sure that Continuwuity is properly set up on your `vars.yml` as described above"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:109
#: ../../../docs/configuring-playbook-continuwuity.md:114
msgid "Make sure that Conduwuit references are removed from your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:111
#: ../../../docs/configuring-playbook-continuwuity.md:116
msgid "Run the installation in a way that installs new services and uninstalls old ones (e.g. `just setup-all`)"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:113
#: ../../../docs/configuring-playbook-continuwuity.md:118
msgid "Run the playbook with the `continuwuity-migrate-from-conduwuit` tag (e.g. `just run-tags continuwuity-migrate-from-conduwuit`). This migrates data from `/matrix/conduwuit` to `/matrix/continuwuity`"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:115
#: ../../../docs/configuring-playbook-continuwuity.md:120
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-continuwuity.md:117
#: ../../../docs/configuring-playbook-continuwuity.md:122
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-continuwuity`."
msgstr ""

64
i18n/translation-templates/docs/configuring-playbook-email.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -41,89 +41,109 @@ msgid "📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if
msgstr ""
#: ../../../docs/configuring-playbook-email.md:20
msgid "Firewall settings"
msgid "Why use exim-relay?"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:22
msgid "No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration)."
msgid "**Benefits of using exim-relay** instead of configuring SMTP directly in each service:"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:24
msgid "Docker automatically opens these ports in the server's firewall, so you likely don't need to do anything. If you use another firewall in front of the server, you may need to adjust it."
msgid "**Final delivery capability**: Can deliver emails directly if you don't have an SMTP server"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:26
msgid "Adjusting the playbook configuration"
msgid "**Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:28
msgid "Enable DKIM authentication to improve deliverability (optional)"
msgid "**Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:30
msgid "By default, exim-relay attempts to deliver emails directly. This may or may not work, depending on your domain configuration."
msgid "Firewall settings"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:32
msgid "To improve email deliverability, you can configure authentication methods such as DKIM (DomainKeys Identified Mail), SPF, and DMARC for your domain. Without setting any of these authentication methods, your outgoing email is most likely to be quarantined as spam at recipient's mail servers."
msgid "No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration)."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:34
msgid "For details about configuring DKIM, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#enable-dkim-support-optional) on the role's documentation."
msgid "Docker automatically opens these ports in the server's firewall, so you likely don't need to do anything. If you use another firewall in front of the server, you may need to adjust it."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:36
msgid "💡 If you cannot enable DKIM, SPF, or DMARC on your domain for some reason, we recommend relaying email through another SMTP server."
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:38
msgid "Relaying email through another SMTP server (optional)"
msgid "Enable DKIM authentication to improve deliverability (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:40
msgid "**On some cloud providers such as Google Cloud, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so sending email directly from your server is not possible.** In this case, you will need to relay email through another SMTP server."
msgid "By default, exim-relay attempts to deliver emails directly. This may or may not work, depending on your domain configuration."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:42
msgid "For details about configuration, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#relaying-email-through-another-smtp-server) on the role's document."
msgid "To improve email deliverability, you can configure authentication methods such as DKIM (DomainKeys Identified Mail), SPF, and DMARC for your domain. Without setting any of these authentication methods, your outgoing email is most likely to be quarantined as spam at recipient's mail servers."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:44
msgid "Disable mail service (optional)"
msgid "For details about configuring DKIM, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#enable-dkim-support-optional) on the role's documentation."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:46
msgid "For a low-power server you might probably want to disable exim-relay. To do so, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgid "💡 If you cannot enable DKIM, SPF, or DMARC on your domain for some reason, we recommend relaying email through another SMTP server."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:48
msgid "Relaying email through another SMTP server (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:50
msgid "**On some cloud providers such as Google Cloud, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so sending email directly from your server is not possible.** In this case, you will need to relay email through another SMTP server."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:52
msgid "Note that disabling exim-relay will stop email-notifications and other similar functions from working."
msgid "For details about configuration, refer [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#relaying-email-through-another-smtp-server) on the role's document."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:54
msgid "See [this entry on the FAQ](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server) for other possible optimizations for a low-power server."
msgid "Disable mail service (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:56
msgid "For a low-power server you might probably want to disable exim-relay. To do so, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:62
msgid "Note that disabling exim-relay will stop email-notifications and other similar functions from working."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:64
msgid "See [this entry on the FAQ](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server) for other possible optimizations for a low-power server."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:66
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:58
#: ../../../docs/configuring-playbook-email.md:68
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:65
#: ../../../docs/configuring-playbook-email.md:75
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:67
#: ../../../docs/configuring-playbook-email.md:77
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-email.md:69
#: ../../../docs/configuring-playbook-email.md:79
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-email.md:71
#: ../../../docs/configuring-playbook-email.md:81
msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md#troubleshooting) on the role's documentation for details."
msgstr ""

78
i18n/translation-templates/docs/configuring-playbook-jitsi.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,149 +25,153 @@ msgid "The playbook can install and configure the [Jitsi](https://jitsi.org/) vi
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:21
msgid "Because Jitsi still requires a TURN server, enabling Jitsi automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:24
msgid "Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:23
#: ../../../docs/configuring-playbook-jitsi.md:26
msgid "💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:25
#: ../../../docs/configuring-playbook-jitsi.md:28
msgid "The [Ansible role for Jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring Jitsi, you can check them via:"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:26
#: ../../../docs/configuring-playbook-jitsi.md:29
msgid "🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md) online"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:27
#: ../../../docs/configuring-playbook-jitsi.md:30
msgid "📁 `roles/galaxy/jitsi/docs/configuring-jitsi.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:29
#: ../../../docs/configuring-playbook-jitsi.md:32
msgid "Prerequisites"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:31
#: ../../../docs/configuring-playbook-jitsi.md:34
msgid "Before proceeding, make sure to check server's requirements recommended by [the official deployment guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-requirements)."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:33
#: ../../../docs/configuring-playbook-jitsi.md:36
msgid "You may need to open some ports to your server, if you use another firewall in front of the server. Refer [the role's documentation](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#prerequisites) to check which ones to be configured."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:35
#: ../../../docs/configuring-playbook-jitsi.md:38
msgid "Adjusting DNS records"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:37
#: ../../../docs/configuring-playbook-jitsi.md:40
msgid "By default, this playbook installs Jitsi on the `jitsi.` subdomain (`jitsi.example.com`) and requires you to create a CNAME record for `jitsi`, which targets `matrix.example.com`."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:39
#: ../../../docs/configuring-playbook-jitsi.md:42
msgid "When setting, replace `example.com` with your own."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:41
#: ../../../docs/configuring-playbook-jitsi.md:44
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:43
#: ../../../docs/configuring-playbook-jitsi.md:46
msgid "To enable Jitsi, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:61
#: ../../../docs/configuring-playbook-jitsi.md:64
msgid "As the most of the necessary settings for the role have been taken care of by the playbook, you can enable Jitsi on your Matrix server with this minimum configuration."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:63
#: ../../../docs/configuring-playbook-jitsi.md:66
msgid "However, **since Jitsi's performance heavily depends on server resource (bandwidth, RAM, and CPU), it is recommended to review settings and optimize them as necessary before deployment.** You can check [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#example-configurations) for an example set of configurations to set up a Jitsi instance, focusing on performance. If you will host a large conference, you probably might also want to consider to provision additional JVBs ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)). See [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#set-up-additional-jvbs-for-more-video-conferences-optional) for details about setting them up with the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:65
#: ../../../docs/configuring-playbook-jitsi.md:68
msgid "See the role's documentation for details about configuring Jitsi per your preference (such as setting [a custom hostname](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#set-the-hostname) and [the environment variable for running Jitsi in a LAN](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jvb_advertise_ips-for-running-behind-nat-or-on-a-lan-environment-optional))."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:67
#: ../../../docs/configuring-playbook-jitsi.md:70
msgid "Enable authentication and guests mode (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:69
#: ../../../docs/configuring-playbook-jitsi.md:72
msgid "By default the Jitsi Meet instance **does not require for anyone to log in, and is open to use without an account**."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:71
#: ../../../docs/configuring-playbook-jitsi.md:74
msgid "If you would like to control who is allowed to start meetings on your instance, you'd need to enable Jitsi's authentication and optionally guests mode."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:73
#: ../../../docs/configuring-playbook-jitsi.md:76
msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#configure-jitsi-authentication-and-guests-mode-optional) on the role's documentation for details about how to configure the authentication and guests mode. The recommended authentication method is `internal` as it also works in federated rooms. If you want to enable authentication with Matrix OpenID making use of [Matrix User Verification Service (UVS)](configuring-playbook-user-verification-service.md), see [here](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#authenticate-using-matrix-openid-auth-type-matrix) for details about how to set it up."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:75
#: ../../../docs/configuring-playbook-jitsi.md:78
msgid "Enable Gravatar (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:77
#: ../../../docs/configuring-playbook-jitsi.md:80
msgid "In the default Jisti Meet configuration, `gravatar.com` is enabled as an avatar service."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:79
#: ../../../docs/configuring-playbook-jitsi.md:82
msgid "Since the Element clients send the URL of configured Matrix avatars to the Jitsi instance, our configuration has disabled the Gravatar service."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:81
#: ../../../docs/configuring-playbook-jitsi.md:84
msgid "To enable the Gravatar service nevertheless, add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:87
#: ../../../docs/configuring-playbook-jitsi.md:90
msgid "[!WARNING] This will result in third party request leaking data to the Gravatar Service (`gravatar.com`, unless configured otherwise). Besides metadata, the Matrix user_id and possibly the room ID (via `referrer` header) will be also sent to the third party."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:90
#: ../../../docs/configuring-playbook-jitsi.md:93
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:92
#: ../../../docs/configuring-playbook-jitsi.md:95
msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:99
#: ../../../docs/configuring-playbook-jitsi.md:102
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:101
#: ../../../docs/configuring-playbook-jitsi.md:104
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:103
#: ../../../docs/configuring-playbook-jitsi.md:106
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:105
#: ../../../docs/configuring-playbook-jitsi.md:108
msgid "You can use the self-hosted Jitsi server in multiple ways:"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:107
#: ../../../docs/configuring-playbook-jitsi.md:110
msgid "**by adding a widget to a room via Element Web** (the one configured by the playbook at `https://element.example.com`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:109
#: ../../../docs/configuring-playbook-jitsi.md:112
msgid "**directly (without any Matrix integration)**. Just go to `https://jitsi.example.com`, and you can start a videoconference."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:111
#: ../../../docs/configuring-playbook-jitsi.md:114
msgid "Note that you'll need to log in to your Jitsi's account to start a conference if you have configured authentication with `internal` auth."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:113
#: ../../../docs/configuring-playbook-jitsi.md:116
msgid "Check [the official user guide](https://jitsi.github.io/handbook/docs/category/user-guide) for details about how to use Jitsi."
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:115
#: ../../../docs/configuring-playbook-jitsi.md:118
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-jitsi.md:117
#: ../../../docs/configuring-playbook-jitsi.md:120
msgid "See [this section](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/docs/configuring-jitsi.md#troubleshooting) on the role's documentation for details."
msgstr ""

64
i18n/translation-templates/docs/configuring-playbook-livekit-server.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -41,7 +41,7 @@ msgid "🌐 [the role's documentation at the MASH project](https://github.com/mo
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:18
msgid "📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
msgid "📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:20
@@ -69,17 +69,69 @@ msgid "`5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section be
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:32
msgid "💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly."
msgid "`30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:34
msgid "Limitations"
msgid "💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:36
msgid "For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server."
msgid "TURN TLS handling"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:38
msgid "It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
msgid "When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:40
msgid "The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:41
msgid "`livekit_server_config_turn_external_tls` is automatically enabled for this setup."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:42
msgid "Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:44
msgid "To opt out and keep TURN TLS termination in LiveKit itself, set:"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:50
msgid "In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:52
msgid "If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:54
msgid "Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:62
msgid "and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:64
msgid "Limitations"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:66
msgid "LiveKit Server's TURN listener behavior depends on where TLS is terminated:"
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:68
msgid "Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:69
msgid "With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit."
msgstr ""
#: ../../../docs/configuring-playbook-livekit-server.md:71
msgid "It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
msgstr ""

6
i18n/translation-templates/docs/configuring-playbook-matrix-rtc.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -45,11 +45,11 @@ msgid "Various experimental features for the Synapse homeserver which Element Ca
msgstr ""
#: ../../../docs/configuring-playbook-matrix-rtc.md:20
msgid "A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
msgid "A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-rtc.md:21
msgid "The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
msgid "The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-rtc.md:22

16
i18n/translation-templates/docs/configuring-playbook-prometheus-grafana.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -143,7 +143,7 @@ msgid "[Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-r
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:109
msgid "`roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgid "`roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:111
@@ -291,7 +291,7 @@ msgid "Set this to `true` to enable the node (general system stats) exporter (lo
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "`prometheus_node_exporter_container_labels_traefik_enabled`"
msgid "`prometheus_node_exporter_container_labels_metrics_enabled`"
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
@@ -307,7 +307,7 @@ msgid "Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "`prometheus_postgres_exporter_container_labels_traefik_enabled`"
msgid "`prometheus_postgres_exporter_container_labels_metrics_enabled`"
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
@@ -315,19 +315,19 @@ msgid "Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "`matrix_prometheus_nginxlog_exporter_enabled`"
msgid "`prometheus_nginxlog_exporter_enabled`"
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network)."
msgid "Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network)."
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`"
msgid "`prometheus_nginxlog_exporter_container_labels_metrics_enabled`"
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:0
msgid "Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`."
msgid "Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`."
msgstr ""
#: ../../../docs/configuring-playbook-prometheus-grafana.md:187

74
i18n/translation-templates/docs/configuring-playbook-synapse-admin.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -21,125 +21,137 @@ msgid "Setting up Synapse Admin (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:15
msgid "The playbook can install and configure [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin) (a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), community room: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)) for you."
msgid "The playbook can install and configure Synapse Admin for you."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:17
msgid "synapse-admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix server**. It's designed to work with the Synapse homeserver implementation and WON'T work with Dendrite because [Dendrite Admin API](https://element-hq.github.io/dendrite/administration/adminapi) differs from [Synapse Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/)."
msgid "Synapse Admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix homeserver**. This playbook is configured to install [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin), which is a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:19
msgid "💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting."
msgid "[!NOTE]"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:21
msgid "💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md)."
msgid "Synapse Admin does not work with other homeserver implementations than Synapse due to API's incompatibility."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:22
msgid "The latest version of Synapse Admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:23
msgid "Adjusting DNS records (optional)"
msgid "This playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). Please note that it's currently less feature-rich than Synapse Admin and requires [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:25
msgid "By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section."
msgid "Adjusting DNS records (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:27
msgid "If you wish to adjust it, see the section [below](#adjusting-the-synapse-admin-url-optional) for details about DNS configuration."
msgid "By default, this playbook installs Synapse Admin on the `matrix.` subdomain, at the `/synapse-admin` path (https://matrix.example.com/synapse-admin). This makes it easy to install it, because it **doesn't require additional DNS records to be set up**. If that's okay, you can skip this section."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:29
msgid "Adjusting the playbook configuration"
msgid "If you wish to adjust it, see the section [below](#adjusting-the-synapse-admin-url-optional) for details about DNS configuration."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:31
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:33
msgid "To enable Synapse Admin, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:37
#: ../../../docs/configuring-playbook-synapse-admin.md:39
msgid "**Note**: Synapse Admin requires Synapse's [Admin APIs](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html) to function. Access to them is restricted with a valid access token, so exposing them publicly should not be a real security concern. Still, for additional security, we normally leave them unexposed, following [official Synapse reverse-proxying recommendations](https://element-hq.github.io/synapse/latest/reverse_proxy.html#synapse-administration-endpoints). Because Synapse Admin needs these APIs to function, when installing Synapse Admin, the playbook **automatically** exposes the Synapse Admin API publicly for you. Depending on the homeserver implementation you're using (Synapse, Dendrite), this is equivalent to:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:39
#: ../../../docs/configuring-playbook-synapse-admin.md:41
msgid "for [Synapse](./configuring-playbook-synapse.md) (our default homeserver implementation): `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true`"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:40
#: ../../../docs/configuring-playbook-synapse-admin.md:42
msgid "for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: true`"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:42
#: ../../../docs/configuring-playbook-synapse-admin.md:44
msgid "By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/etkecc/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) — the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:44
#: ../../../docs/configuring-playbook-synapse-admin.md:46
msgid "Adjusting the Synapse Admin URL (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:46
#: ../../../docs/configuring-playbook-synapse-admin.md:48
msgid "By tweaking the `matrix_synapse_admin_hostname` and `matrix_synapse_admin_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:48
#: ../../../docs/configuring-playbook-synapse-admin.md:50
msgid "Example additional configuration for your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:56
#: ../../../docs/configuring-playbook-synapse-admin.md:58
msgid "If you've changed the default hostname, you may need to create a CNAME record for the Synapse Admin domain (`admin.example.com`), which targets `matrix.example.com`."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:58
#: ../../../docs/configuring-playbook-synapse-admin.md:60
msgid "When setting, replace `example.com` with your own."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:60
#: ../../../docs/configuring-playbook-synapse-admin.md:62
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:62
#: ../../../docs/configuring-playbook-synapse-admin.md:64
msgid "There are some additional things you may wish to configure about the component."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:64
#: ../../../docs/configuring-playbook-synapse-admin.md:66
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:66
#: ../../../docs/configuring-playbook-synapse-admin.md:68
msgid "`roles/custom/matrix-synapse-admin/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_synapse_admin_configuration_extension_json` variable"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:68
#: ../../../docs/configuring-playbook-synapse-admin.md:70
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:70
#: ../../../docs/configuring-playbook-synapse-admin.md:72
msgid "After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:77
#: ../../../docs/configuring-playbook-synapse-admin.md:79
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:79
#: ../../../docs/configuring-playbook-synapse-admin.md:81
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:81
#: ../../../docs/configuring-playbook-synapse-admin.md:83
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:83
#: ../../../docs/configuring-playbook-synapse-admin.md:85
msgid "After installation, Synapse Admin will be accessible at: `https://matrix.example.com/synapse-admin/`"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:85
#: ../../../docs/configuring-playbook-synapse-admin.md:87
msgid "To use Synapse Admin, you need to have [registered at least one administrator account](registering-users.md) on your server."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:87
#: ../../../docs/configuring-playbook-synapse-admin.md:89
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:89
#: ../../../docs/configuring-playbook-synapse-admin.md:91
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-synapse-admin`."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-admin.md:93
msgid "If you have questions, you can join this community room and feel free to ask: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)"
msgstr ""

50
i18n/translation-templates/docs/configuring-playbook-synapse-auto-accept-invite.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,54 +16,18 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:9
msgid "Setting up Synapse Auto Invite Accept (optional)"
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:18
msgid "Setting up Synapse Auto Invite Accept (optional, removed)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:11
msgid "The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you."
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:20
msgid "🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:13
msgid "In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:15
msgid "See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:17
msgid "**Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:19
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:21
msgid "If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:29
msgid "Synapse worker deployments"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:31
msgid "In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:37
msgid "There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:39
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:22
msgid "Native alternative"
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:41
msgid "Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:43
#: ../../../docs/configuring-playbook-synapse-auto-accept-invite.md:24
msgid "Here's example configuration for using the **native** Synapse feature:"
msgstr ""

8
i18n/translation-templates/docs/configuring-playbook-synapse-s3-storage-provider.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -293,9 +293,13 @@ msgid "… triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` t
msgstr ""
#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:180
msgid "So… you don't need to perform any maintenance yourself."
msgid "The same `migrate` script also prunes empty directories in the local media repository (`remote_content` and `remote_thumbnail`) after upload/delete operations."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:182
msgid "So… you don't need to perform any maintenance yourself."
msgstr ""
#: ../../../docs/configuring-playbook-synapse-s3-storage-provider.md:184
msgid "The schedule is defined in the format of systemd timer calendar. To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):"
msgstr ""

94
i18n/translation-templates/docs/configuring-playbook-synapse.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -149,7 +149,7 @@ msgid "When Synapse workers are enabled, the integrated [Postgres database is tu
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:79
msgid "A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly."
msgid "The `matrix-synapse` role also manages the `matrix-synapse-reverse-proxy-companion` component for load-balancing with workers. This component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:81
@@ -157,141 +157,161 @@ msgid "In case any problems occur, make sure to have a look at the [list of syna
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:83
msgid "Synapse + OpenID Connect for Single-Sign-On"
msgid "Limit joining heavy rooms on constrained hosts"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:85
msgid "💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment."
msgid "If your server is underpowered, joining heavy rooms can cause Synapse to consume a lot of resources and be unavailable for long (while it catches up)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:87
msgid "If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional configuration."
msgid "To avoid this, Synapse can be configured to reject joins for remote rooms that are too complex before users enter them."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:89
msgid "This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat."
msgid "Complexity is computed as `current_state_events / 500` (Synapse state event count for current room state). When the resulting value is higher than `matrix_synapse_limit_remote_rooms_complexity` and `matrix_synapse_limit_remote_rooms_enabled` is `true`, Synapse blocks joining the room."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:91
msgid "For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/element-hq/synapse/blob/develop/docs/openid.md#keycloak)."
msgid "We recommend using this as a guardrail on low-resource servers:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:93
msgid "In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;"
#: ../../../docs/configuring-playbook-synapse.md:106
msgid "Synapse + OpenID Connect for Single-Sign-On"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:108
msgid "💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:110
msgid "If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional configuration."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:112
msgid "This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:114
msgid "Customizing templates"
msgid "For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/element-hq/synapse/blob/develop/docs/openid.md#keycloak)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:116
msgid "In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:137
msgid "Customizing templates"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:139
msgid "[Templates](https://github.com/element-hq/synapse/blob/develop/docs/templates.md) are used by Synapse for showing **certain web pages** handled by the server, as well as for **email notifications**."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:118
#: ../../../docs/configuring-playbook-synapse.md:141
msgid "This playbook allows you to customize the default templates (see the [`synapse/res/templates` directory](https://github.com/element-hq/synapse/tree/develop/synapse/res/templates))."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:120
#: ../../../docs/configuring-playbook-synapse.md:143
msgid "If template customization is enabled, the playbook will build a custom container image based on the official one."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:122
#: ../../../docs/configuring-playbook-synapse.md:145
msgid "Your custom templates need to live in a public or private git repository. This repository will be cloned during Synapse image customization (during the playbook run)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:124
#: ../../../docs/configuring-playbook-synapse.md:147
msgid "To enable template customizations, add the following configuration to your `vars.yml` file (adapt to your needs):"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:150
#: ../../../docs/configuring-playbook-synapse.md:173
msgid "As mentioned in Synapse's Templates documentation, Synapse will fall back to its own templates if a template is not found in that directory. Due to this, it's recommended to only store and maintain template files in your repository if you need to make custom changes. Other files (which you don't need to change), should not be duplicated, so that you don't need to worry about getting out-of-sync with the original Synapse templates."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:152
#: ../../../docs/configuring-playbook-synapse.md:175
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:154
#: ../../../docs/configuring-playbook-synapse.md:177
msgid "There are some additional things you may wish to configure about the server."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:156
#: ../../../docs/configuring-playbook-synapse.md:179
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:158
#: ../../../docs/configuring-playbook-synapse.md:181
msgid "`roles/custom/matrix-synapse/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:159
#: ../../../docs/configuring-playbook-synapse.md:182
msgid "`roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2` for the server's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_synapse_configuration_extension_yaml` variable"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:161
#: ../../../docs/configuring-playbook-synapse.md:184
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:163
#: ../../../docs/configuring-playbook-synapse.md:186
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:170
#: ../../../docs/configuring-playbook-synapse.md:193
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:172
#: ../../../docs/configuring-playbook-synapse.md:195
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:174
#: ../../../docs/configuring-playbook-synapse.md:197
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:176
#: ../../../docs/configuring-playbook-synapse.md:199
msgid "Synapse Admin"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:178
#: ../../../docs/configuring-playbook-synapse.md:201
msgid "With [Synapse Admin](configuring-playbook-synapse-admin.md), certain Synapse administration tasks (managing users and rooms, etc.) can be performed via a web user-interace."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:180
#: ../../../docs/configuring-playbook-synapse.md:203
msgid "The playbook can install and configure Synapse Admin for you. For details about it, see [this page](configuring-playbook-synapse-admin.md)."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:182
#: ../../../docs/configuring-playbook-synapse.md:205
msgid "Monitoring Synapse Metrics with Prometheus and Grafana"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:184
#: ../../../docs/configuring-playbook-synapse.md:207
msgid "This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:186
#: ../../../docs/configuring-playbook-synapse.md:209
msgid "To enable Synapse runtime metrics, see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) and [its subsection](configuring-playbook-prometheus-grafana.md#expose-metrics-of-other-services-roles)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:188
#: ../../../docs/configuring-playbook-synapse.md:211
msgid "To enable Synapse usage metrics, see: [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:190
#: ../../../docs/configuring-playbook-synapse.md:213
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:192
#: ../../../docs/configuring-playbook-synapse.md:215
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-synapse`."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:194
#: ../../../docs/configuring-playbook-synapse.md:217
msgid "Increase logging verbosity"
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:196
#: ../../../docs/configuring-playbook-synapse.md:219
msgid "Because Synapse is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`."
msgstr ""
#: ../../../docs/configuring-playbook-synapse.md:198
#: ../../../docs/configuring-playbook-synapse.md:221
msgid "If you'd like to debug an issue or [report a Synapse bug](https://github.com/element-hq/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increase the logging verbosity to `INFO`. To do so, add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr ""

160
i18n/translation-templates/docs/configuring-playbook-turn.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -21,173 +21,213 @@ msgid "Configuring a TURN server (optional, advanced)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:16
msgid "By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document."
msgid "By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:18
msgid "If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:20
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:22
msgid "Define public IP manually (optional)"
msgid "If you explicitly need coturn while not using Jitsi, enable it with:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:24
msgid "In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn."
msgid "and configure its IP-related settings in the section below."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:26
msgid "If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server."
msgid "If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:28
msgid "When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-matrix-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:30
msgid "Adjusting firewall rules"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:32
msgid "If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable."
msgid "To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:34
msgid "[!NOTE] You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview."
msgid "`3478/tcp`: STUN/TURN over TCP"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:35
msgid "`3478/udp`: STUN/TURN over UDP"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:36
msgid "`5349/tcp`: TURN over TCP"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:37
msgid "If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:"
msgid "`5349/udp`: TURN over UDP"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:38
msgid "`49152-49172/udp`: TURN/UDP relay range"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:40
msgid "If LiveKit's embedded TURN is enabled at the same time (for MatrixRTC/Element Call), keep the Coturn relay range distinct from LiveKit's relay range (`livekit_server_config_turn_relay_range_start`/`livekit_server_config_turn_relay_range_end`)."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:42
msgid "💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:44
msgid "Change the authentication mechanism (optional)"
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:46
msgid "The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better."
msgid "Define public IP manually (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:48
msgid "To do so, add the following configuration to your `vars.yml` file:"
msgid "If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:54
msgid "Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and coturn."
#: ../../../docs/configuring-playbook-turn.md:55
msgid "If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:56
msgid "If [Jitsi](configuring-playbook-jitsi.md) is installed, note that switching to `lt-cred-mech` will disable the integration between Jitsi and your coturn server, as Jitsi seems to support the `auth-secret` authentication method only."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:58
msgid "Customize the Coturn hostname (optional)"
#: ../../../docs/configuring-playbook-turn.md:57
msgid "[!NOTE] You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:60
msgid "By default, Coturn uses the same hostname as your Matrix homeserver (the value of `matrix_server_fqn_matrix`, which is typically `matrix.example.com`)."
msgid "Change the authentication mechanism (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:62
msgid "If you'd like to use a custom subdomain for Coturn (e.g., `turn.example.com` or `t.matrix.example.com`), add the following configuration to your `vars.yml` file:"
msgid "The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:68
msgid "The playbook will automatically:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:69
msgid "Configure Coturn to use this hostname"
#: ../../../docs/configuring-playbook-turn.md:64
msgid "To do so, add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:70
msgid "Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and coturn."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:72
msgid "If [Jitsi](configuring-playbook-jitsi.md) is installed, note that switching to `lt-cred-mech` will disable the integration between Jitsi and your coturn server, as Jitsi seems to support the `auth-secret` authentication method only."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:74
msgid "Customize the Coturn hostname (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:76
msgid "By default, Coturn uses the same hostname as your Matrix homeserver (the value of `matrix_server_fqn_matrix`, which is typically `matrix.example.com`)."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:78
msgid "If you'd like to use a custom subdomain for Coturn (e.g., `turn.example.com` or `t.matrix.example.com`), add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:84
msgid "The playbook will automatically:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:85
msgid "Configure Coturn to use this hostname"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:86
msgid "Obtain an SSL certificate for the custom domain via Traefik"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:71
#: ../../../docs/configuring-playbook-turn.md:87
msgid "Update all TURN URIs to point to the custom domain"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:73
#: ../../../docs/configuring-playbook-turn.md:89
msgid "**Note**: Make sure the custom hostname resolves to your server's IP address via DNS before running the playbook."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:75
#: ../../../docs/configuring-playbook-turn.md:91
msgid "Use your own external coturn server (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:77
#: ../../../docs/configuring-playbook-turn.md:93
msgid "If you'd like to use another TURN server (be it coturn or some other one), add the following configuration to your `vars.yml` file. Make sure to replace `HOSTNAME_OR_IP` with your own."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:91
#: ../../../docs/configuring-playbook-turn.md:107
msgid "If you have or want to enable Jitsi, you might want to enable the TURN server there too. If you do not do it, Jitsi will fall back to an upstream service."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:98
#: ../../../docs/configuring-playbook-turn.md:114
msgid "You can put multiple host/port combinations if you'd like to."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:100
#: ../../../docs/configuring-playbook-turn.md:116
msgid "Edit the reloading schedule (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:102
#: ../../../docs/configuring-playbook-turn.md:118
msgid "By default the service is reloaded on 6:30 a.m. every day based on the `coturn_reload_schedule` variable so that new SSL certificates can kick in. It is defined in the format of systemd timer calendar."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:104
#: ../../../docs/configuring-playbook-turn.md:120
msgid "To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:110
#: ../../../docs/configuring-playbook-turn.md:126
msgid "**Note**: the actual job may run with a delay. See `coturn_reload_schedule_randomized_delay_sec` for its default value."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:112
#: ../../../docs/configuring-playbook-turn.md:128
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:114
#: ../../../docs/configuring-playbook-turn.md:130
msgid "There are some additional things you may wish to configure about the TURN server."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:116
#: ../../../docs/configuring-playbook-turn.md:132
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:118
#: ../../../docs/configuring-playbook-turn.md:134
msgid "`roles/galaxy/coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:120
#: ../../../docs/configuring-playbook-turn.md:136
msgid "Disabling coturn"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:122
msgid "If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:"
#: ../../../docs/configuring-playbook-turn.md:138
msgid "Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:128
msgid "In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail."
#: ../../../docs/configuring-playbook-turn.md:140
msgid "To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:130
#: ../../../docs/configuring-playbook-turn.md:146
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:132
#: ../../../docs/configuring-playbook-turn.md:148
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:139
#: ../../../docs/configuring-playbook-turn.md:155
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:141
#: ../../../docs/configuring-playbook-turn.md:157
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:143
#: ../../../docs/configuring-playbook-turn.md:159
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-turn.md:145
#: ../../../docs/configuring-playbook-turn.md:161
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-coturn`."
msgstr ""

118
i18n/translation-templates/docs/configuring-playbook.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -169,155 +169,155 @@ msgid "[Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabl
msgstr ""
#: ../../../docs/configuring-playbook.md:90
msgid "[Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks"
msgid "[Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface"
msgstr ""
#: ../../../docs/configuring-playbook.md:92
msgid "[Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks"
msgstr ""
#: ../../../docs/configuring-playbook.md:94
msgid "[Setting up FluffyChat Web](configuring-playbook-client-fluffychat-web.md), if you've enabled [FluffyChat Web](https://github.com/krille-chan/fluffychat), a cute cross-platform messenger (web, iOS, Android) for Matrix written in [Flutter](https://flutter.dev/)"
msgstr ""
#: ../../../docs/configuring-playbook.md:95
#: ../../../docs/configuring-playbook.md:97
msgid "Authentication and user-related"
msgstr ""
#: ../../../docs/configuring-playbook.md:97
#: ../../../docs/configuring-playbook.md:99
msgid "Extend and modify how users are authenticated on your homeserver."
msgstr ""
#: ../../../docs/configuring-playbook.md:99
#: ../../../docs/configuring-playbook.md:101
msgid "[Setting up Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) (Next-generation auth for Matrix, based on OAuth 2.0/OIDC)"
msgstr ""
#: ../../../docs/configuring-playbook.md:101
#: ../../../docs/configuring-playbook.md:103
msgid "[Setting up Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:103
#: ../../../docs/configuring-playbook.md:105
msgid "[Setting up Synapse Admin](configuring-playbook-synapse-admin.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:105
#: ../../../docs/configuring-playbook.md:107
msgid "[Setting up matrix-registration](configuring-playbook-matrix-registration.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:107
#: ../../../docs/configuring-playbook.md:109
msgid "[Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:109
#: ../../../docs/configuring-playbook.md:111
msgid "[Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:111
#: ../../../docs/configuring-playbook.md:113
msgid "[Setting up the LDAP authentication password provider module](configuring-playbook-ldap-auth.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:113
#: ../../../docs/configuring-playbook.md:115
msgid "[Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:115
#: ../../../docs/configuring-playbook.md:117
msgid "[Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:117
#: ../../../docs/configuring-playbook.md:119
msgid "[Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:119
#: ../../../docs/configuring-playbook.md:121
msgid "File Storage"
msgstr ""
#: ../../../docs/configuring-playbook.md:121
#: ../../../docs/configuring-playbook.md:123
msgid "Use alternative file storage to the default `media_store` folder."
msgstr ""
#: ../../../docs/configuring-playbook.md:123
#: ../../../docs/configuring-playbook.md:125
msgid "[Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:125
#: ../../../docs/configuring-playbook.md:127
msgid "[Storing Synapse media files on Amazon S3 or another compatible Object Storage](configuring-playbook-s3.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:127
#: ../../../docs/configuring-playbook.md:129
msgid "[Storing Synapse media files on Amazon S3 with Goofys](configuring-playbook-s3-goofys.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:129
#: ../../../docs/configuring-playbook.md:131
msgid "[Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:131
#: ../../../docs/configuring-playbook.md:133
msgid "Bridging other networks"
msgstr ""
#: ../../../docs/configuring-playbook.md:133
#: ../../../docs/configuring-playbook.md:135
msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
msgstr ""
#: ../../../docs/configuring-playbook.md:135
#: ../../../docs/configuring-playbook.md:137
msgid "[Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md) — a common guide for configuring mautrix bridges"
msgstr ""
#: ../../../docs/configuring-playbook.md:137
#: ../../../docs/configuring-playbook.md:139
msgid "[Setting up Mautrix Bluesky bridging](configuring-playbook-bridge-mautrix-bluesky.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:139
#: ../../../docs/configuring-playbook.md:141
msgid "[Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:141
#: ../../../docs/configuring-playbook.md:143
msgid "[Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:143
#: ../../../docs/configuring-playbook.md:145
msgid "[Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:145
#: ../../../docs/configuring-playbook.md:147
msgid "[Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:147
#: ../../../docs/configuring-playbook.md:149
msgid "[Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:149
#: ../../../docs/configuring-playbook.md:151
msgid "[Setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:151
#: ../../../docs/configuring-playbook.md:153
msgid "[Setting up Messenger bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-messenger.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:153
#: ../../../docs/configuring-playbook.md:155
msgid "[Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:155
#: ../../../docs/configuring-playbook.md:157
msgid "[Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:157
#: ../../../docs/configuring-playbook.md:159
msgid "[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:159
#: ../../../docs/configuring-playbook.md:161
msgid "[Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:161
#: ../../../docs/configuring-playbook.md:163
msgid "[Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:163
msgid "[Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:165
msgid "[Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md)"
msgid "[Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:167
@@ -465,61 +465,61 @@ msgid "[Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)"
msgstr ""
#: ../../../docs/configuring-playbook.md:238
msgid "[Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:240
msgid "[Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers"
msgstr ""
#: ../../../docs/configuring-playbook.md:242
#: ../../../docs/configuring-playbook.md:240
msgid "[Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:244
#: ../../../docs/configuring-playbook.md:242
msgid "[Setting up Matrix.to](configuring-playbook-matrixto.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:246
#: ../../../docs/configuring-playbook.md:244
msgid "[Setting up Etherpad](configuring-playbook-etherpad.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:248
#: ../../../docs/configuring-playbook.md:246
msgid "[Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:250
#: ../../../docs/configuring-playbook.md:248
msgid "[Setting up Cactus Comments](configuring-playbook-cactus-comments.md) — a federated comment system built on Matrix"
msgstr ""
#: ../../../docs/configuring-playbook.md:252
#: ../../../docs/configuring-playbook.md:250
msgid "[Setting up Pantalaimon (E2EE aware proxy daemon)](configuring-playbook-pantalaimon.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:254
#: ../../../docs/configuring-playbook.md:252
msgid "[Setting up the Sygnal push gateway](configuring-playbook-sygnal.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:256
#: ../../../docs/configuring-playbook.md:254
msgid "[Setting up the ntfy push notifications server](configuring-playbook-ntfy.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:258
#: ../../../docs/configuring-playbook.md:256
msgid "Deprecated / unmaintained / removed services"
msgstr ""
#: ../../../docs/configuring-playbook.md:260
#: ../../../docs/configuring-playbook.md:258
msgid "**Note**: since a deprecated or unmaintained service will not be updated, its bug or vulnerability will be unlikely to get patched. It is recommended to migrate from the service to an alternative if any, and make sure to do your own research before you decide to keep it running nonetheless."
msgstr ""
#: ../../../docs/configuring-playbook.md:262
#: ../../../docs/configuring-playbook.md:260
msgid "[Configuring conduwuit](configuring-playbook-conduwuit.md) (removed; this component has been abandoned and unmaintained)"
msgstr ""
#: ../../../docs/configuring-playbook.md:264
#: ../../../docs/configuring-playbook.md:262
msgid "[Setting up the Sliding Sync proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like old Element X versions, before it got switched to Simplified Sliding Sync)"
msgstr ""
#: ../../../docs/configuring-playbook.md:264
msgid "[Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (removed; this component has been discontinued)"
msgstr ""
#: ../../../docs/configuring-playbook.md:266
msgid "[Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (deprecated; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))"
msgstr ""
@@ -575,3 +575,7 @@ msgstr ""
#: ../../../docs/configuring-playbook.md:292
msgid "[Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))"
msgstr ""
#: ../../../docs/configuring-playbook.md:294
msgid "[Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)"
msgstr ""

62
i18n/translation-templates/docs/container-images.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -148,6 +148,14 @@ msgstr ""
msgid "Simple, elegant and secure web client"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[Sable](configuring-playbook-client-sable.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[7w1/sable](https://ghcr.io/7w1/sable)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[SchildiChat Web](configuring-playbook-client-schildichat-web.md)"
msgstr ""
@@ -160,11 +168,11 @@ msgstr ""
msgid "Based on Element Web, with a more traditional instant messaging experience"
msgstr ""
#: ../../../docs/container-images.md:44
#: ../../../docs/container-images.md:45
msgid "Server Components"
msgstr ""
#: ../../../docs/container-images.md:46
#: ../../../docs/container-images.md:47
msgid "Services that run on the server to make the various parts of your installation work."
msgstr ""
@@ -264,11 +272,11 @@ msgstr ""
msgid "JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md)"
msgstr ""
#: ../../../docs/container-images.md:59
#: ../../../docs/container-images.md:60
msgid "Authentication"
msgstr ""
#: ../../../docs/container-images.md:61
#: ../../../docs/container-images.md:62
msgid "Extend and modify how users are authenticated on your homeserver."
msgstr ""
@@ -344,11 +352,11 @@ msgstr ""
msgid "Spam checker module"
msgstr ""
#: ../../../docs/container-images.md:73
#: ../../../docs/container-images.md:74
msgid "File Storage"
msgstr ""
#: ../../../docs/container-images.md:75
#: ../../../docs/container-images.md:76
msgid "Use alternative file storage to the default `media_store` folder."
msgstr ""
@@ -380,11 +388,11 @@ msgstr ""
msgid "Highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification."
msgstr ""
#: ../../../docs/container-images.md:83
#: ../../../docs/container-images.md:84
msgid "Bridges"
msgstr ""
#: ../../../docs/container-images.md:85
#: ../../../docs/container-images.md:86
msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
msgstr ""
@@ -568,14 +576,6 @@ msgstr ""
msgid "Bridge to [Discord](https://discordapp.com/)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-hookshot](configuring-playbook-bridge-hookshot.md)"
msgstr ""
@@ -908,14 +908,6 @@ msgstr ""
msgid "Various services that don't fit any other categories."
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "Synapse module to automatically accept invites"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md)"
msgstr ""
@@ -1052,11 +1044,11 @@ msgstr ""
msgid "A native Matrix video conferencing application"
msgstr ""
#: ../../../docs/container-images.md:168
#: ../../../docs/container-images.md:167
msgid "Container images of deprecated / unmaintained services"
msgstr ""
#: ../../../docs/container-images.md:170
#: ../../../docs/container-images.md:169
msgid "The list of the deprecated or unmaintained services is available [here](configuring-playbook.md#deprecated--unmaintained--removed-services)."
msgstr ""
@@ -1120,6 +1112,14 @@ msgstr ""
msgid "Matrix Identity Server"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md)"
msgstr ""
@@ -1223,3 +1223,11 @@ msgstr ""
#: ../../../docs/container-images.md:0
msgid "Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "Synapse module to automatically accept invites"
msgstr ""

146
i18n/translation-templates/docs/faq.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -573,254 +573,266 @@ msgid "How do I optimize this setup for a low-power server?"
msgstr ""
#: ../../../docs/faq.md:308
msgid "For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md))."
msgstr ""
#: ../../../docs/faq.md:310
msgid "You can disable some not-so-important services to save on memory."
msgstr ""
#: ../../../docs/faq.md:327
msgid "You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:"
msgstr ""
#: ../../../docs/faq.md:337
#: ../../../docs/faq.md:317
msgid "If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform."
msgstr ""
#: ../../../docs/faq.md:339
#: ../../../docs/faq.md:320
msgid "Synapse-specific optimizations"
msgstr ""
#: ../../../docs/faq.md:322
msgid "If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:"
msgstr ""
#: ../../../docs/faq.md:332
msgid "You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:"
msgstr ""
#: ../../../docs/faq.md:340
msgid "I already have Docker on my server. Can you stop installing Docker via the playbook?"
msgstr ""
#: ../../../docs/faq.md:341
#: ../../../docs/faq.md:342
msgid "Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:"
msgstr ""
#: ../../../docs/faq.md:347
#: ../../../docs/faq.md:348
msgid "I run another webserver on the same server where I wish to install Matrix. What now?"
msgstr ""
#: ../../../docs/faq.md:349
#: ../../../docs/faq.md:350
msgid "By default, we install a webserver for you ([Traefik](https://doc.traefik.io/traefik/)), but you can also use [your own webserver](configuring-playbook-own-webserver.md)."
msgstr ""
#: ../../../docs/faq.md:351
#: ../../../docs/faq.md:352
msgid "How is the effective configuration determined?"
msgstr ""
#: ../../../docs/faq.md:353
#: ../../../docs/faq.md:354
msgid "Configuration variables are defined in multiple places in this playbook and are considered in this order:"
msgstr ""
#: ../../../docs/faq.md:355
#: ../../../docs/faq.md:356
msgid "there are defaults coming from each role's defaults file (`role/matrix*/defaults/main.yml`). These variable values aim to be good defaults for when the role is used standalone (outside of this collection of roles, also called playbook)."
msgstr ""
#: ../../../docs/faq.md:357
#: ../../../docs/faq.md:358
msgid "then, there are overrides in `group_vars/matrix_servers`, which aim to adjust these \"standalone role defaults\" to something which better fits the playbook in its entirety."
msgstr ""
#: ../../../docs/faq.md:359
#: ../../../docs/faq.md:360
msgid "finally, there's your `inventory/host_vars/matrix.example.com/vars.yml` file, which is the ultimate override"
msgstr ""
#: ../../../docs/faq.md:361
#: ../../../docs/faq.md:362
msgid "What configuration variables are available?"
msgstr ""
#: ../../../docs/faq.md:363
#: ../../../docs/faq.md:364
msgid "You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`)."
msgstr ""
#: ../../../docs/faq.md:365
#: ../../../docs/faq.md:366
msgid "As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overridden by values defined in `group_vars/matrix_servers`."
msgstr ""
#: ../../../docs/faq.md:367
#: ../../../docs/faq.md:368
msgid "Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.example.com/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features)."
msgstr ""
#: ../../../docs/faq.md:369
#: ../../../docs/faq.md:381
#: ../../../docs/faq.md:370
#: ../../../docs/faq.md:382
msgid "**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`) or `just update` (which automatically does `git pull` and `just roles`)."
msgstr ""
#: ../../../docs/faq.md:371
#: ../../../docs/faq.md:372
msgid "I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?"
msgstr ""
#: ../../../docs/faq.md:373
#: ../../../docs/faq.md:374
msgid "The playbook doesn't aim to expose all configuration settings for all services using variables. Doing so would amount to hundreds of variables that we have to create and maintain."
msgstr ""
#: ../../../docs/faq.md:375
#: ../../../docs/faq.md:376
msgid "Instead, we only try to make some important basics configurable using dedicated variables you can see in each role. See [What configuration variables are available?](#what-configuration-variables-are-available)."
msgstr ""
#: ../../../docs/faq.md:377
#: ../../../docs/faq.md:378
msgid "Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_configuration_extension_yaml` (or `matrix_SOME_COMPONENT_configuration_extension_json`) variable, which can be used to override the configuration."
msgstr ""
#: ../../../docs/faq.md:379
#: ../../../docs/faq.md:380
msgid "Check each role's `roles/*/*/defaults/main.yml` for the corresponding variable and an example for how use it."
msgstr ""
#: ../../../docs/faq.md:383
#: ../../../docs/faq.md:384
msgid "Installation"
msgstr ""
#: ../../../docs/faq.md:385
#: ../../../docs/faq.md:386
msgid "How do I run the installation?"
msgstr ""
#: ../../../docs/faq.md:387
#: ../../../docs/faq.md:388
msgid "See [Installing](installing.md) to learn how to use Ansible to install Matrix services."
msgstr ""
#: ../../../docs/faq.md:389
#: ../../../docs/faq.md:390
msgid "However, we recommend you to follow our installation guide, instead of jumping straight to installing."
msgstr ""
#: ../../../docs/faq.md:391
#: ../../../docs/faq.md:392
msgid "There are two guides available:"
msgstr ""
#: ../../../docs/faq.md:393
#: ../../../docs/faq.md:394
msgid "⚡ **[Quick start](quick-start.md)** (for beginners): this is recommended for those who do not have an existing Matrix server and want to start quickly with \"opinionated defaults\"."
msgstr ""
#: ../../../docs/faq.md:395
#: ../../../docs/faq.md:396
msgid "**Full installation guide (for advanced users)**: if you need to import an existing Matrix server's data into the new server or want to learn more while setting up the server, follow this guide by starting with the **[Prerequisites](prerequisites.md)** documentation page."
msgstr ""
#: ../../../docs/faq.md:397
#: ../../../docs/faq.md:398
msgid "I installed Synapse some other way. Can I migrate such a setup to the playbook?"
msgstr ""
#: ../../../docs/faq.md:399
#: ../../../docs/faq.md:400
msgid "Yes, you can."
msgstr ""
#: ../../../docs/faq.md:401
#: ../../../docs/faq.md:402
msgid "You generally need to do a playbook installation. It's recommended to follow the full installation guide (starting at the [Prerequisites](prerequisites.md) page), not the [Quick start](quick-start.md) guide. The full installation guide will tell you when it's time to import your existing data into the newly-prepared server."
msgstr ""
#: ../../../docs/faq.md:403
#: ../../../docs/faq.md:404
msgid "This Ansible playbook guides you into installing a server for `example.com` (user IDs are like this: `@alice:example.com`), while the server is at `matrix.example.com`. If your existing setup has a server name (`server_name` configuration setting in Synapse's `homeserver.yaml` file) other than the base `example.com`, you may need to tweak some additional variables. This FAQ entry may be of use if you're dealing with a more complicated setup — [How do I install on matrix.example.com without involving the base domain?](#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain)"
msgstr ""
#: ../../../docs/faq.md:405
#: ../../../docs/faq.md:406
msgid "After configuring the playbook and installing and **before starting** services (done with `ansible-playbook … --tags=start`) you'd import [your SQLite](importing-synapse-sqlite.md) (or [Postgres](importing-postgres.md)) database and also [import your media store](importing-synapse-media-store.md)."
msgstr ""
#: ../../../docs/faq.md:407
#: ../../../docs/faq.md:408
msgid "I've downloaded Ansible and the playbook on the server. It can't connect using SSH."
msgstr ""
#: ../../../docs/faq.md:409
#: ../../../docs/faq.md:410
msgid "If you're using the playbook directly on the server, then Ansible doesn't need to connect using SSH."
msgstr ""
#: ../../../docs/faq.md:411
#: ../../../docs/faq.md:412
msgid "It can perform a local connection instead. Just set `ansible_connection=local` at the end of the server line in `inventory/hosts` and re-run the playbook."
msgstr ""
#: ../../../docs/faq.md:413
#: ../../../docs/faq.md:414
msgid "If you're running Ansible from within a container (one of the possibilities we list on our [dedicated Ansible documentation page](ansible.md)), then using `ansible_connection=local` is not possible."
msgstr ""
#: ../../../docs/faq.md:415
#: ../../../docs/faq.md:416
msgid "Maintenance and Troubleshooting"
msgstr ""
#: ../../../docs/faq.md:417
#: ../../../docs/faq.md:418
msgid "💡 Also see this page for generic information about maintaining the services and troubleshooting: [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)"
msgstr ""
#: ../../../docs/faq.md:419
#: ../../../docs/faq.md:420
msgid "Do I need to do anything to keep my Matrix server updated?"
msgstr ""
#: ../../../docs/faq.md:421
#: ../../../docs/faq.md:422
msgid "Yes. We don't update anything for you automatically."
msgstr ""
#: ../../../docs/faq.md:423
#: ../../../docs/faq.md:424
msgid "See our [documentation page about upgrading services](maintenance-upgrading-services.md)."
msgstr ""
#: ../../../docs/faq.md:425
#: ../../../docs/faq.md:426
msgid "How do I move my existing installation to another (VM) server?"
msgstr ""
#: ../../../docs/faq.md:427
#: ../../../docs/faq.md:428
msgid "If you have an existing installation done using this Ansible playbook, you can easily migrate that to another server following [our dedicated server migration guide](maintenance-migrating.md)."
msgstr ""
#: ../../../docs/faq.md:429
#: ../../../docs/faq.md:430
msgid "If your previous installation is done in some other way (not using this Ansible playbook), see [I installed Synapse some other way. Can I migrate such a setup to the playbook?](#i-installed-synapse-some-other-way-can-i-migrate-such-a-setup-to-the-playbook)."
msgstr ""
#: ../../../docs/faq.md:431
#: ../../../docs/faq.md:432
msgid "What is this `/matrix/postgres/data-auto-upgrade-backup` directory that is taking up so much space?"
msgstr ""
#: ../../../docs/faq.md:433
#: ../../../docs/faq.md:434
msgid "When you [perform a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql), we save the the old data files in `/matrix/postgres/data-auto-upgrade-backup`, just so you could easily restore them should something have gone wrong."
msgstr ""
#: ../../../docs/faq.md:435
#: ../../../docs/faq.md:436
msgid "After verifying that everything still works after the Postgres upgrade, you can safely delete `/matrix/postgres/data-auto-upgrade-backup`"
msgstr ""
#: ../../../docs/faq.md:437
#: ../../../docs/faq.md:438
msgid "I get \"Error response from daemon: configured logging driver does not support reading\" when I run `docker logs matrix-synapse`. Why?"
msgstr ""
#: ../../../docs/faq.md:439
#: ../../../docs/faq.md:440
msgid "To prevent double-logging, Docker logging is disabled by explicitly passing `--log-driver=none` to all containers. Due to this, you cannot view logs using `docker logs matrix-*`."
msgstr ""
#: ../../../docs/faq.md:441
#: ../../../docs/faq.md:442
msgid "See [this section](maintenance-and-troubleshooting.md#how-to-see-the-logs) on the page for maintenance and troubleshooting for more details to see the logs."
msgstr ""
#: ../../../docs/faq.md:443
#: ../../../docs/faq.md:444
msgid "The server fails to start due to the `Unable to start service matrix-coturn.service` error. Why and how to solve it?"
msgstr ""
#: ../../../docs/faq.md:445
#: ../../../docs/faq.md:446
msgid "The error is most likely because Traefik cannot obtain SSL certificates due to certain reasons such as wrong domain name configuration or port 80 being unavailable due to other services."
msgstr ""
#: ../../../docs/faq.md:447
#: ../../../docs/faq.md:448
msgid "If Traefik fails to obtain an SSL certificate for domain names such as `matrix.`, Traefik Certs Dumper cannot extract the SSL certificate out of there, and coturn cannot be started and the error occurs. Refer to these comments for details:"
msgstr ""
#: ../../../docs/faq.md:449
#: ../../../docs/faq.md:450
msgid "<https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3957#issuecomment-2599590441>"
msgstr ""
#: ../../../docs/faq.md:450
#: ../../../docs/faq.md:451
msgid "<https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4570#issuecomment-3364111466>"
msgstr ""
#: ../../../docs/faq.md:452
#: ../../../docs/faq.md:453
msgid "If you are not sure what the problem is, at first make sure that you have set the \"base domain\" (`example.com`, **not `matrix.example.com`**) to `matrix_domain`. You should be able to find it at the top of your `vars.yml`."
msgstr ""
#: ../../../docs/faq.md:454
#: ../../../docs/faq.md:455
msgid "If it is correctly specified, look Traefik's logs (`journalctl -fu matrix-traefik.service`) for errors by Let's Encrypt for troubleshooting."
msgstr ""
#: ../../../docs/faq.md:456
#: ../../../docs/faq.md:457
msgid "Miscellaneous"
msgstr ""
#: ../../../docs/faq.md:458
#: ../../../docs/faq.md:459
msgid "I would like to see this favorite service of mine integrated and become available on my Matrix server. How can I request it?"
msgstr ""
#: ../../../docs/faq.md:460
#: ../../../docs/faq.md:461
msgid "You can freely create an issue for feature request on the repository at GitHub [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/new/choose). Note this is a community project with no financial backing, and there is not assurance that your request would be eventually picked up by others and the requested feature would become available. The easiest way to get a feature into this project is to just develop it yourself."
msgstr ""
#: ../../../docs/faq.md:462
#: ../../../docs/faq.md:463
msgid "Also, please note that this playbook intends to focus solely on Matrix and Matrix-related services. If your request is not specific to Matrix, you may as well to consider to submit it to the [mash-playbook](https://github.com/mother-of-all-self-hosting/mash-playbook), maintained by the members behind this matrix-docker-ansible-deploy project. [This document on the interoperability](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/interoperability.md) describes how to deploy services along with the Matrix services easily."
msgstr ""

36
i18n/translation-templates/docs/installing.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -249,61 +249,61 @@ msgid "or join some Matrix rooms:"
msgstr ""
#: ../../../docs/installing.md:148
msgid "via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers."
msgstr ""
#: ../../../docs/installing.md:149
msgid "or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting."
msgid "via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers. For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts)."
msgstr ""
#: ../../../docs/installing.md:150
msgid "or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting."
msgstr ""
#: ../../../docs/installing.md:151
msgid "or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))"
msgstr ""
#: ../../../docs/installing.md:152
#: ../../../docs/installing.md:153
msgid "⚠️ Keep the playbook and services up-to-date"
msgstr ""
#: ../../../docs/installing.md:154
#: ../../../docs/installing.md:155
msgid "While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**."
msgstr ""
#: ../../../docs/installing.md:156
#: ../../../docs/installing.md:157
msgid "The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities."
msgstr ""
#: ../../../docs/installing.md:158
#: ../../../docs/installing.md:159
msgid "Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date."
msgstr ""
#: ../../../docs/installing.md:160
#: ../../../docs/installing.md:161
msgid "Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook."
msgstr ""
#: ../../../docs/installing.md:162
#: ../../../docs/installing.md:163
msgid "For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)"
msgstr ""
#: ../../../docs/installing.md:164
#: ../../../docs/installing.md:165
msgid "Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match."
msgstr ""
#: ../../../docs/installing.md:170
#: ../../../docs/installing.md:171
msgid "**Note**: see [this page on the playbook tags](playbook-tags.md) for more information about those tags."
msgstr ""
#: ../../../docs/installing.md:172
#: ../../../docs/installing.md:173
msgid "Make full use of `just` shortcut commands"
msgstr ""
#: ../../../docs/installing.md:174
#: ../../../docs/installing.md:175
msgid "After you get familiar with reconfiguring and re-running the playbook to maintain the server, upgrade its services, etc., you probably would like to make use of `just` shortcut commands for faster input."
msgstr ""
#: ../../../docs/installing.md:176
#: ../../../docs/installing.md:177
msgid "For example, `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
msgstr ""
#: ../../../docs/installing.md:178
#: ../../../docs/installing.md:179
msgid "You can learn about the shortcut commands on this page: [Running `just` commands](just.md)"
msgstr ""

10
i18n/translation-templates/docs/just.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -162,17 +162,17 @@ msgid "Conditional service restart"
msgstr ""
#: ../../../docs/just.md:49
msgid "When using `just install-all` or `just install-service`, only services whose configuration or container image actually changed during the playbook run will be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime."
msgid "When running `install-all` or `install-service` (whether via `just` or raw `ansible-playbook`), only services whose configuration or container image actually changed during the playbook run will be restarted. Unchanged services are left running (or get started if they were stopped). This reduces unnecessary downtime."
msgstr ""
#: ../../../docs/just.md:51
msgid "When using `just setup-all`, all services are unconditionally restarted regardless of whether changes were detected. This is appropriate for `setup-all`'s thorough \"full setup\" semantics."
msgid "When running with `setup-*` tags (e.g. `setup-all`, `setup-synapse`), all services are unconditionally restarted regardless of whether changes were detected. This is appropriate for setup's thorough \"full setup\" semantics."
msgstr ""
#: ../../../docs/just.md:53
msgid "`just start-all` and `just start-group` always restart all targeted services, since no installation tasks run during these commands."
msgid "`start-all` and `start-group` always restart all targeted services, since no installation tasks run during these commands."
msgstr ""
#: ../../../docs/just.md:55
msgid "This behavior is controlled by the `devture_systemd_service_manager_conditional_restart_enabled` variable (default: `true`). To force unconditional restarts during installation, pass: `just install-all --extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'`"
msgid "This behavior is automatically determined based on the playbook tags in use. It can be overridden with the `devture_systemd_service_manager_conditional_restart_enabled` variable. For example, to force unconditional restarts during installation: `just install-all --extra-vars='devture_systemd_service_manager_conditional_restart_enabled=false'`"
msgstr ""

38
i18n/translation-templates/docs/maintenance-synapse.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -145,57 +145,61 @@ msgid "Synapse's presence feature which tracks which users are online and which
msgstr ""
#: ../../../docs/maintenance-synapse.md:86
msgid "If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers)."
msgid "On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts)."
msgstr ""
#: ../../../docs/maintenance-synapse.md:88
msgid "[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually."
msgid "If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers)."
msgstr ""
#: ../../../docs/maintenance-synapse.md:90
msgid "Tuning caches and cache autotuning"
msgid "[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually."
msgstr ""
#: ../../../docs/maintenance-synapse.md:92
msgid "Tuning Synapse's cache factor is useful for performance increases but also as part of controlling Synapse's memory use. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor as part of this process."
msgid "Tuning caches and cache autotuning"
msgstr ""
#: ../../../docs/maintenance-synapse.md:94
msgid "**The playbook defaults the global cache factor to a large value** (e.g. `10`). A smaller value (e.g. `0.5`) will decrease the amount used for caches, but will [not necessarily decrease RAM usage as a whole](https://github.com/matrix-org/synapse/issues/3939)."
msgid "Tuning Synapse's cache factor is useful for performance increases but also as part of controlling Synapse's memory use. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor as part of this process."
msgstr ""
#: ../../../docs/maintenance-synapse.md:96
msgid "Tuning the cache factor is useful only to a limited degree (as its crude to do in isolation) and therefore users who are tuning their cache factor should likely look into tuning autotune variables as well (see below)."
msgid "**The playbook defaults the global cache factor to a large value** (e.g. `10`). A smaller value (e.g. `0.5`) will decrease the amount used for caches, but will [not necessarily decrease RAM usage as a whole](https://github.com/matrix-org/synapse/issues/3939)."
msgstr ""
#: ../../../docs/maintenance-synapse.md:98
msgid "Cache autotuning is **enabled by default** and controlled via the following variables:"
msgid "Tuning the cache factor is useful only to a limited degree (as its crude to do in isolation) and therefore users who are tuning their cache factor should likely look into tuning autotune variables as well (see below)."
msgstr ""
#: ../../../docs/maintenance-synapse.md:100
msgid "`matrix_synapse_cache_autotuning_max_cache_memory_usage` — defaults to 1/8 of total RAM with a cap of 2GB; values are specified in bytes"
msgstr ""
#: ../../../docs/maintenance-synapse.md:101
msgid "`matrix_synapse_cache_autotuning_target_cache_memory_usage` — defaults to 1/16 of total RAM with a cap of 1GB; values are specified in bytes"
msgid "Cache autotuning is **enabled by default** and controlled via the following variables:"
msgstr ""
#: ../../../docs/maintenance-synapse.md:102
msgid "`matrix_synapse_cache_autotuning_min_cache_ttl` — defaults to `30s`"
msgid "`matrix_synapse_cache_autotuning_max_cache_memory_usage` — defaults to 1/8 of total RAM with a cap of 2GB; values are specified in bytes"
msgstr ""
#: ../../../docs/maintenance-synapse.md:103
msgid "`matrix_synapse_cache_autotuning_target_cache_memory_usage` — defaults to 1/16 of total RAM with a cap of 1GB; values are specified in bytes"
msgstr ""
#: ../../../docs/maintenance-synapse.md:104
msgid "You can **learn more about cache-autotuning and the global cache factor settings** in the [Synapse's documentation on caches and associated values](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#caches-and-associated-values)."
msgid "`matrix_synapse_cache_autotuning_min_cache_ttl` — defaults to `30s`"
msgstr ""
#: ../../../docs/maintenance-synapse.md:106
msgid "You can **learn more about cache-autotuning and the global cache factor settings** in the [Synapse's documentation on caches and associated values](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#caches-and-associated-values)."
msgstr ""
#: ../../../docs/maintenance-synapse.md:108
msgid "To **disable cache auto-tuning**, unset all values:"
msgstr ""
#: ../../../docs/maintenance-synapse.md:114
#: ../../../docs/maintenance-synapse.md:116
msgid "Users who wish to lower Synapse's RAM footprint should look into lowering the global cache factor and tweaking the autotune variables (or disabling auto-tuning). If your cache factor is too low for a given auto tune setting your caches will not reach autotune thresholds and autotune won't be able to do its job. Therefore, when auto-tuning is enabled (which it is by default), it's recommended to have your cache factor be large."
msgstr ""
#: ../../../docs/maintenance-synapse.md:116
#: ../../../docs/maintenance-synapse.md:118
msgid "See also [How do I optimize this setup for a low-power server?](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server)."
msgstr ""

26
i18n/translation-templates/docs/prerequisites.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -125,33 +125,13 @@ msgid "`443/tcp` and `443/udp`: HTTPS webserver"
msgstr ""
#: ../../../docs/prerequisites.md:60
msgid "`3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))"
msgstr ""
#: ../../../docs/prerequisites.md:61
msgid "`3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))"
msgstr ""
#: ../../../docs/prerequisites.md:62
msgid "`5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))"
msgstr ""
#: ../../../docs/prerequisites.md:63
msgid "`5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))"
msgstr ""
#: ../../../docs/prerequisites.md:64
msgid "`8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**."
msgstr ""
#: ../../../docs/prerequisites.md:65
msgid "the range `49152-49172/udp`: TURN over UDP"
msgstr ""
#: ../../../docs/prerequisites.md:66
#: ../../../docs/prerequisites.md:61
msgid "potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that."
msgstr ""
#: ../../../docs/prerequisites.md:70
#: ../../../docs/prerequisites.md:65
msgid "[▶️](configuring-dns.md) When ready to proceed, continue with [Configuring DNS](configuring-dns.md)."
msgstr ""

16
i18n/translation-templates/docs/self-building.pot
View File

@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n"
"POT-Creation-Date: 2026-03-23 07:10+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -65,31 +65,31 @@ msgid "`cinny`"
msgstr ""
#: ../../../docs/self-building.md:33
msgid "`matrix-registration`"
msgid "`sable`"
msgstr ""
#: ../../../docs/self-building.md:34
msgid "`coturn`"
msgid "`matrix-registration`"
msgstr ""
#: ../../../docs/self-building.md:35
msgid "`matrix-corporal`"
msgid "`coturn`"
msgstr ""
#: ../../../docs/self-building.md:36
msgid "`exim-relay`"
msgid "`matrix-corporal`"
msgstr ""
#: ../../../docs/self-building.md:37
msgid "`matrix-bridge-hookshot`"
msgid "`exim-relay`"
msgstr ""
#: ../../../docs/self-building.md:38
msgid "`matrix-bridge-appservice-irc`"
msgid "`matrix-bridge-hookshot`"
msgstr ""
#: ../../../docs/self-building.md:39
msgid "`matrix-bridge-appservice-slack`"
msgid "`matrix-bridge-appservice-irc`"
msgstr ""
#: ../../../docs/self-building.md:40

50
justfile
View File

@@ -4,6 +4,11 @@
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# mise (dev tool version manager)
mise_data_dir := env("MISE_DATA_DIR", justfile_directory() / "var/mise")
mise_trusted_config_paths := justfile_directory() / "mise.toml"
prek_home := env("PREK_HOME", justfile_directory() / "var/prek")
# Shows help
default:
@{{ just_executable() }} --list --justfile "{{ justfile() }}"
@@ -39,9 +44,39 @@ update-playbook-only:
@git pull -q
@-git stash pop -q
# Runs ansible-lint against all roles in the playbook
lint:
ansible-lint
# Invokes mise with the project-local data directory
mise *args: _ensure_mise_data_directory
#!/bin/sh
export MISE_DATA_DIR="{{ mise_data_dir }}"
export MISE_TRUSTED_CONFIG_PATHS="{{ mise_trusted_config_paths }}"
export MISE_YES=1
export PREK_HOME="{{ prek_home }}"
mise {{ args }}
# Runs prek (pre-commit hooks manager) with the given arguments
prek *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek {{ args }}
# Runs pre-commit hooks on staged files
prek-run-on-staged *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" prek run {{ args }}
# Runs pre-commit hooks on all files
prek-run-on-all *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" prek run --all-files {{ args }}
# Installs the git pre-commit hook
prek-install-git-pre-commit-hook: _ensure_mise_tools_installed
#!/usr/bin/env sh
set -eu
{{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek install
hook="{{ justfile_directory() }}/.git/hooks/pre-commit"
# The installed git hook runs later under Git, outside this just/mise environment.
# Injecting PREK_HOME keeps prek's cache under var/prek instead of a global home dir,
# which is more predictable and works better in sandboxed tools like Codex/OpenCode.
if [ -f "$hook" ] && ! grep -q '^export PREK_HOME=' "$hook"; then
sed -i '2iexport PREK_HOME="{{ prek_home }}"' "$hook"
fi
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
@@ -84,3 +119,12 @@ stop-group group *extra_args:
# Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
rebuild-mautrix-meta-instagram:
/bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom"
# Internal - ensures var/mise and var/prek directories exist
_ensure_mise_data_directory:
@mkdir -p "{{ mise_data_dir }}"
@mkdir -p "{{ prek_home }}"
# Internal - ensures mise tools are installed
_ensure_mise_tools_installed: _ensure_mise_data_directory
@{{ just_executable() }} --justfile "{{ justfile() }}" mise install --quiet

9
mise.toml Normal file
View File

@@ -0,0 +1,9 @@
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
[tools]
prek = "0.3.2"
[settings]
yes = true

40
requirements.yml
View File

@@ -4,20 +4,20 @@
version: v1.0.0-6
name: auxiliary
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
version: v1.4.3-2.1.3-1
version: v1.4.3-2.1.3-2
name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
version: v4.10.5-0
version: v4.11.1-1
name: cinny
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.2-3
version: v0.4.2-4
name: container_socket_proxy
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git
version: v4.9.0-0
version: v4.9.0-1
name: coturn
activation_prefix: coturn_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ddclient.git
version: v4.0.0-1
version: v4.0.0-2
name: ddclient
activation_prefix: ddclient_
- src: git+https://github.com/geerlingguy/ansible-role-docker
@@ -27,25 +27,25 @@
version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.6.1-2
version: v2.6.1-3
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-3
version: v4.99.1-r0-0-1
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-7
version: v11.6.5-9
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
version: v0.5.1-1
version: v0.5.1-2
name: hydrogen
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10741-1
version: v10741-2
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.12-0
version: v1.9.12-1
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.18.0-0
version: v2.19.2-1
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 8630e4f1749bcb659c412820f754473f09055052
@@ -60,22 +60,22 @@
version: v18.3-1
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-1
version: v18-2
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.10.0-0
version: v3.10.0-1
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
version: v1.10.0-0
version: v1.10.0-2
name: prometheus_nginxlog_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.9.1-14
version: v1.10.2-0
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.19.1-0
version: v0.19.1-3
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
version: v1.6.0-1
version: v1.6.0-2
name: sable
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.5.0-0
@@ -87,11 +87,11 @@
version: v1.1.0-1
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.6.10-1
version: v3.6.11-2
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-5
name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v9.0.3-2
version: v9.0.3-3
name: valkey

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2026.3.4
matrix_alertmanager_receiver_version: 2026.3.18
matrix_alertmanager_receiver_scheme: https

5
roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
View File

@@ -1,5 +1,5 @@
# SPDX-FileCopyrightText: 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2024 - 2026 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
@@ -20,7 +20,8 @@ matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://git
matrix_appservice_draupnir_for_all_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream }}"
matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}"
matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}"
matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "gnuxie/draupnir"
matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}"
matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"

13
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -300,6 +300,15 @@ matrix_authentication_service_config_database_idle_timeout: 600
# Controls the `database.max_lifetime` configuration setting.
matrix_authentication_service_config_database_max_lifetime: 1800
# Controls whether the database connection is made via a UNIX socket.
matrix_authentication_service_config_database_socket_enabled: false
# The path to the Postgres socket's parent directory inside the MAS container.
matrix_authentication_service_config_database_socket_path: "/run-postgres"
# The path to the Postgres socket directory on the host (bind-mount source).
matrix_authentication_service_config_database_socket_path_host: ""
########################################################################################
# #
# /Database configuration #
@@ -613,6 +622,10 @@ matrix_authentication_service_syn2mas_synapse_homeserver_config_path: ""
matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}"
matrix_authentication_service_syn2mas_synapse_database_socket_enabled: false
matrix_authentication_service_syn2mas_synapse_database_socket_path: ""
matrix_authentication_service_syn2mas_synapse_database_socket_path_host: ""
# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`).
# Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options`
#

20
roles/custom/matrix-authentication-service/tasks/install.yml
View File

@@ -33,6 +33,25 @@
loop_control:
loop_var: private_key_definition
# We intentionally do a single fixup pass here (instead of in `prepare_key.yml`)
# so that we reconcile both newly generated keys and any pre-existing keys with
# incorrect ownership/mode in one place.
#
# This primarily protects against setups where `become_user` is effectively not
# honored (for example due to inventory misconfiguration such as `ansible_become=false`),
# which can lead to host-side key generation creating root-owned files.
#
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
- name: Ensure Matrix Authentication Service private keys have correct ownership and mode
ansible.builtin.file:
path: "{{ matrix_authentication_service_data_keys_path }}/{{ item.key_file }}"
state: file
mode: '0600'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items: "{{ matrix_authentication_service_key_management_list }}"
register: matrix_authentication_service_private_keys_result
- name: Ensure Matrix Authentication Service configuration installed
ansible.builtin.copy:
content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
@@ -117,4 +136,5 @@
or matrix_authentication_service_support_files_result.changed | default(false)
or matrix_authentication_service_systemd_service_result.changed | default(false)
or matrix_authentication_service_container_image_pull_result.changed | default(false)
or matrix_authentication_service_private_keys_result.changed | default(false)
}}

6
roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
View File

@@ -71,6 +71,12 @@
--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro
--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro
--mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro
{% if matrix_authentication_service_config_database_socket_enabled %}
--mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }}
{% endif %}
{% if matrix_authentication_service_syn2mas_synapse_database_socket_enabled and (not matrix_authentication_service_config_database_socket_enabled or matrix_authentication_service_syn2mas_synapse_database_socket_path != matrix_authentication_service_config_database_socket_path) %}
--mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_database_socket_path_host }},dst={{ matrix_authentication_service_syn2mas_synapse_database_socket_path }}
{% endif %}
{{ matrix_authentication_service_container_image }}
syn2mas
--synapse-config=/homeserver.yaml

3
roles/custom/matrix-authentication-service/tasks/validate_config.yml
View File

@@ -14,7 +14,8 @@
- {'name': 'matrix_authentication_service_hostname', when: true}
- {'name': 'matrix_authentication_service_config_database_username', when: true}
- {'name': 'matrix_authentication_service_config_database_password', when: true}
- {'name': 'matrix_authentication_service_config_database_host', when: true}
- {'name': 'matrix_authentication_service_config_database_host', when: "{{ not matrix_authentication_service_config_database_socket_enabled }}"}
- {'name': 'matrix_authentication_service_config_database_socket_path_host', when: "{{ matrix_authentication_service_config_database_socket_enabled }}"}
- {'name': 'matrix_authentication_service_config_database_database', when: true}
- {'name': 'matrix_authentication_service_config_secrets_encryption', when: true}
- {'name': 'matrix_authentication_service_config_matrix_homeserver', when: true}

3
roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2
View File

@@ -28,6 +28,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--label-file={{ matrix_authentication_service_config_path }}/labels \
--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro \
--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro \
{% if matrix_authentication_service_config_database_socket_enabled %}
--mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }} \
{% endif %}
{% for arg in matrix_authentication_service_container_extra_arguments %}
{{ arg }} \
{% endfor %}

15
roles/custom/matrix-base/defaults/main.yml
View File

@@ -246,6 +246,21 @@ matrix_integration_manager_ui_url: ~
matrix_homeserver_container_extra_arguments_auto: []
matrix_homeserver_app_service_config_files_auto: []
# These playbook-level helpers describe which managed services Synapse should be wired to.
# They are meant for orchestration concerns like container networking and systemd ordering,
# while `matrix_synapse_*` variables stay focused on actual connection parameters.
# These likely get overridden elsewhere.
matrix_playbook_synapse_uses_managed_postgres: false
matrix_playbook_synapse_uses_managed_valkey: false
matrix_playbook_synapse_auto_compressor_uses_managed_postgres: false
# This playbook-level helper describes whether Matrix Authentication Service should be wired
# to the playbook-managed Postgres instance.
# It is meant for orchestration concerns like container networking, systemd ordering, and database creation,
# while `matrix_authentication_service_*` variables stay focused on actual connection parameters.
# This likely gets overridden elsewhere.
matrix_playbook_matrix_authentication_service_uses_managed_postgres: false
# Controls whether various services should expose metrics publicly.
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
matrix_metrics_exposure_enabled: false

2
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.15.0
matrix_bot_baibot_version: v1.16.0
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"

5
roles/custom/matrix-bot-draupnir/defaults/main.yml
View File

@@ -1,5 +1,5 @@
# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2023 - 2026 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2023 Samuel Meenzen
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
@@ -17,7 +17,8 @@ matrix_bot_draupnir_version: "v2.9.0"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}{{ matrix_bot_draupnir_container_image_registry_namespace_identifier }}:{{ matrix_bot_draupnir_version }}"
matrix_bot_draupnir_container_image_registry_namespace_identifier: "gnuxie/draupnir"
matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}"
matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"
matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "docker.io/"

2
roles/custom/matrix-bot-honoroit/defaults/main.yml
View File

@@ -30,7 +30,7 @@ matrix_bot_honoroit_container_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_container_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
matrix_bot_honoroit_version: v0.9.29
matrix_bot_honoroit_version: v0.9.30
matrix_bot_honoroit_container_image: "{{ matrix_bot_honoroit_container_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_container_image_registry_prefix_upstream }}"
matrix_bot_honoroit_container_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_container_image_registry_prefix_upstream_default }}"

10
roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
View File

@@ -225,3 +225,13 @@ matrix_appservice_kakaotalk_registration_yaml: |
rate_limited: false
matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}"
# matrix_appservice_kakaotalk_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_appservice_kakaotalk_restart_necessary: false

25
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View File

@@ -13,10 +13,10 @@
force_source: "{{ matrix_appservice_kakaotalk_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_container_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: result
register: matrix_appservice_kakaotalk_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_appservice_kakaotalk_container_image_pull_result is not failed
- name: Ensure matrix-appservice-kakaotalk-node image is pulled
community.docker.docker_image:
@@ -25,10 +25,10 @@
force_source: "{{ matrix_appservice_kakaotalk_node_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_container_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: result
register: matrix_appservice_kakaotalk_node_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_appservice_kakaotalk_node_container_image_pull_result is not failed
- name: Ensure matrix-appservice-kakaotalk paths exist
ansible.builtin.file:
@@ -86,6 +86,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_node_config_result
- name: Ensure matrix-appservice-kakaotalk config.yaml installed
ansible.builtin.copy:
@@ -94,6 +95,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_config_result
- name: Ensure matrix-appservice-kakaotalk registration.yaml installed
ansible.builtin.copy:
@@ -102,6 +104,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_registration_result
- name: Ensure matrix-appservice-kakaotalk container network is created
community.general.docker_network:
@@ -122,3 +125,17 @@
src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
mode: '0644'
register: matrix_appservice_kakaotalk_systemd_service_result
- name: Determine whether matrix-appservice-kakaotalk needs a restart
ansible.builtin.set_fact:
matrix_appservice_kakaotalk_restart_necessary: >-
{{
matrix_appservice_kakaotalk_node_config_result.changed | default(false)
or matrix_appservice_kakaotalk_config_result.changed | default(false)
or matrix_appservice_kakaotalk_registration_result.changed | default(false)
or matrix_appservice_kakaotalk_node_systemd_service_result.changed | default(false)
or matrix_appservice_kakaotalk_systemd_service_result.changed | default(false)
or matrix_appservice_kakaotalk_container_image_pull_result.changed | default(false)
or matrix_appservice_kakaotalk_node_container_image_pull_result.changed | default(false)
}}

15
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View File

@@ -76,6 +76,20 @@
become_user: "{{ matrix_user_name }}"
when: "not hookshot_passkey_file.stat.exists"
# We intentionally reconcile the passkey ownership/mode after generation,
# because some setups can end up creating host-side files as the SSH user
# instead of `matrix` when `become_user` is effectively not honored.
#
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
- name: Ensure hookshot passkey has correct ownership and mode
ansible.builtin.file:
path: "{{ matrix_hookshot_base_path }}/passkey.pem"
state: file
mode: '0600'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_hookshot_passkey_result
- name: Ensure hookshot config.yml installed if provided
ansible.builtin.copy:
content: "{{ matrix_hookshot_configuration | to_nice_yaml(indent=2, width=999999) }}"
@@ -154,6 +168,7 @@
matrix_hookshot_config_result.changed | default(false)
or matrix_hookshot_registration_result.changed | default(false)
or matrix_hookshot_github_key_result.changed | default(false)
or matrix_hookshot_passkey_result.changed | default(false)
or matrix_hookshot_support_files_result.changed | default(false)
or matrix_hookshot_systemd_service_result.changed | default(false)
or matrix_hookshot_container_image_pull_result.changed | default(false)

2
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.2602.0
matrix_mautrix_slack_version: v0.2603.0
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_container_image: "{{ matrix_mautrix_slack_container_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_container_image_registry_prefix_upstream }}"

2
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
matrix_mautrix_twitter_version: v0.2511.0
matrix_mautrix_twitter_version: v0.2603.0
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_container_image: "{{ matrix_mautrix_twitter_container_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_container_image_registry_prefix_upstream }}"

2
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
matrix_mautrix_whatsapp_version: v0.2602.0
matrix_mautrix_whatsapp_version: v0.2603.0
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_container_image: "{{ matrix_mautrix_whatsapp_container_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"

2
roles/custom/matrix-bridge-postmoogle/defaults/main.yml
View File

@@ -18,7 +18,7 @@ matrix_postmoogle_container_repo_version: "{{ 'main' if matrix_postmoogle_versio
matrix_postmoogle_container_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
matrix_postmoogle_version: v0.9.28
matrix_postmoogle_version: v0.9.29
matrix_postmoogle_container_image: "{{ matrix_postmoogle_container_image_registry_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}"
matrix_postmoogle_container_image_registry_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else matrix_postmoogle_container_image_registry_prefix_upstream }}"
matrix_postmoogle_container_image_registry_prefix_upstream: "{{ matrix_postmoogle_container_image_registry_prefix_upstream_default }}"

10
roles/custom/matrix-bridge-wechat/defaults/main.yml
View File

@@ -163,3 +163,13 @@ matrix_wechat_agent_service_secret: "{{ matrix_wechat_bridge_listen_secret }}"
matrix_wechat_agent_configuration_yaml: "{{ lookup('template', 'templates/agent-config.yaml.j2') }}"
matrix_wechat_agent_configuration: "{{ matrix_wechat_agent_configuration_yaml | from_yaml }}"
# matrix_wechat_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_wechat_restart_necessary: false

24
roles/custom/matrix-bridge-wechat/tasks/install.yml
View File

@@ -27,10 +27,10 @@
force_source: "{{ matrix_wechat_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_container_image_force_pull }}"
when: not matrix_wechat_container_image_self_build
register: result
register: matrix_wechat_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_wechat_container_image_pull_result is not failed
- when: matrix_wechat_container_image_self_build | bool
block:
@@ -62,10 +62,10 @@
force_source: "{{ matrix_wechat_agent_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_wechat_agent_container_image_force_pull }}"
when: not matrix_wechat_agent_container_image_self_build
register: result
register: matrix_wechat_agent_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_wechat_agent_container_image_pull_result is not failed
- when: matrix_wechat_agent_container_image_self_build | bool
block:
@@ -97,6 +97,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_wechat_config_result
- name: Ensure WeChat registration.yaml installed
ansible.builtin.copy:
@@ -105,6 +106,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_wechat_registration_result
- name: Ensure Wechat Agent configuration installed
ansible.builtin.copy:
@@ -113,6 +115,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_wechat_agent_config_result
- name: Ensure matrix-wechat container network is created
community.general.docker_network:
@@ -134,3 +137,16 @@
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-wechat-agent.service"
mode: '0644'
register: matrix_wechat_agent_systemd_service_result
- name: Determine whether WeChat Bridge needs a restart
ansible.builtin.set_fact:
matrix_wechat_restart_necessary: >-
{{
matrix_wechat_config_result.changed | default(false)
or matrix_wechat_registration_result.changed | default(false)
or matrix_wechat_agent_config_result.changed | default(false)
or matrix_wechat_systemd_service_result.changed | default(false)
or matrix_wechat_agent_systemd_service_result.changed | default(false)
or matrix_wechat_container_image_pull_result.changed | default(false)
or matrix_wechat_agent_container_image_pull_result.changed | default(false)
}}

3
roles/custom/matrix-client-element/tasks/self_check.yml
View File

@@ -5,9 +5,6 @@
---
- ansible.builtin.set_fact:
matrix_client_element_url_endpoint_public: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}/config.json"
- name: Check Element Web
ansible.builtin.uri:
url: "{{ matrix_client_element_url_endpoint_public }}"

2
roles/custom/matrix-client-element/vars/main.yml
View File

@@ -5,3 +5,5 @@
---
matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"
matrix_client_element_url_endpoint_public: "{{ matrix_client_element_scheme }}://{{ matrix_client_element_hostname }}{{ matrix_client_element_path_prefix }}{% if matrix_client_element_path_prefix != '/' %}/{% endif %}config.json"

2
roles/custom/matrix-client-fluffychat/defaults/main.yml
View File

@@ -151,7 +151,7 @@ matrix_client_fluffychat_path_prefix: /
matrix_client_fluffychat_self_check_validate_certificates: true
# Controls the default homeserver domain (not URL) used in the FluffyChat Web configuration.
matrix_client_fluffychat_config_defaultHomeserver: ~
matrix_client_fluffychat_config_defaultHomeserver: ~ # noqa var-naming
# matrix_client_fluffychat_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the

3
roles/custom/matrix-client-fluffychat/tasks/self_check.yml
View File

@@ -4,9 +4,6 @@
---
- ansible.builtin.set_fact:
matrix_client_fluffychat_url_endpoint_public: "{{ matrix_client_fluffychat_scheme }}://{{ matrix_client_fluffychat_hostname }}/"
- name: Check FluffyChat Web
ansible.builtin.uri:
url: "{{ matrix_client_fluffychat_url_endpoint_public }}"

7
roles/custom/matrix-client-fluffychat/vars/main.yml Normal file
View File

@@ -0,0 +1,7 @@
# SPDX-FileCopyrightText: 2025 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
matrix_client_fluffychat_url_endpoint_public: "{{ matrix_client_fluffychat_scheme }}://{{ matrix_client_fluffychat_hostname }}{{ matrix_client_fluffychat_path_prefix }}{% if matrix_client_fluffychat_path_prefix != '/' %}/{% endif %}"

3
roles/custom/matrix-client-schildichat/tasks/self_check.yml
View File

@@ -6,9 +6,6 @@
---
- ansible.builtin.set_fact:
matrix_client_schildichat_url_endpoint_public: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}/config.json"
- name: Check SchildiChat Web
ansible.builtin.uri:
url: "{{ matrix_client_schildichat_url_endpoint_public }}"

2
roles/custom/matrix-client-schildichat/vars/main.yml
View File

@@ -5,3 +5,5 @@
---
matrix_client_schildichat_embedded_pages_home_url: "{{ ('' if matrix_client_schildichat_embedded_pages_home_path is none else 'home.html') }}"
matrix_client_schildichat_url_endpoint_public: "{{ matrix_client_schildichat_scheme }}://{{ matrix_client_schildichat_hostname }}{{ matrix_client_schildichat_path_prefix }}{% if matrix_client_schildichat_path_prefix != '/' %}/{% endif %}config.json"

10
roles/custom/matrix-conduit/defaults/main.yml
View File

@@ -154,3 +154,13 @@ matrix_conduit_turn_uris: []
matrix_conduit_turn_secret: ''
matrix_conduit_turn_username: ''
matrix_conduit_turn_password: ''
# matrix_conduit_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_conduit_restart_necessary: false

17
roles/custom/matrix-conduit/tasks/setup_install.yml
View File

@@ -31,6 +31,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_conduit_config_result
- name: Ensure Conduit support files installed
ansible.builtin.template:
@@ -41,6 +42,7 @@
group: "{{ matrix_group_name }}"
with_items:
- labels
register: matrix_conduit_support_files_result
- name: Ensure Conduit container network is created
community.general.docker_network:
@@ -55,13 +57,24 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_conduit_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_container_image_force_pull }}"
register: result
register: matrix_conduit_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_conduit_container_image_pull_result is not failed
- name: Ensure matrix-conduit.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-conduit.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service"
mode: '0644'
register: matrix_conduit_systemd_service_result
- name: Determine whether Conduit needs a restart
ansible.builtin.set_fact:
matrix_conduit_restart_necessary: >-
{{
matrix_conduit_config_result.changed | default(false)
or matrix_conduit_support_files_result.changed | default(false)
or matrix_conduit_systemd_service_result.changed | default(false)
or matrix_conduit_container_image_pull_result.changed | default(false)
}}

10
roles/custom/matrix-continuwuity/defaults/main.yml
View File

@@ -208,3 +208,13 @@ matrix_continuwuity_config_url_preview_domain_contains_allowlist: []
# CONTINUWUITY_MAX_REQUEST_SIZE=50000000
# CONTINUWUITY_REQUEST_TIMEOUT=60
matrix_continuwuity_environment_variables_extension: ''
# matrix_continuwuity_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_continuwuity_restart_necessary: false

17
roles/custom/matrix-continuwuity/tasks/install.yml
View File

@@ -27,6 +27,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_continuwuity_config_result
- name: Ensure continuwuity support files installed
ansible.builtin.template:
@@ -38,6 +39,7 @@
with_items:
- labels
- env
register: matrix_continuwuity_support_files_result
- name: Ensure continuwuity container network is created
community.general.docker_network:
@@ -52,13 +54,24 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_continuwuity_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_continuwuity_container_image_force_pull }}"
register: result
register: matrix_continuwuity_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_continuwuity_container_image_pull_result is not failed
- name: Ensure matrix-continuwuity.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-continuwuity.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-continuwuity.service"
mode: '0644'
register: matrix_continuwuity_systemd_service_result
- name: Determine whether continuwuity needs a restart
ansible.builtin.set_fact:
matrix_continuwuity_restart_necessary: >-
{{
matrix_continuwuity_config_result.changed | default(false)
or matrix_continuwuity_support_files_result.changed | default(false)
or matrix_continuwuity_systemd_service_result.changed | default(false)
or matrix_continuwuity_container_image_pull_result.changed | default(false)
}}

10
roles/custom/matrix-dendrite/defaults/main.yml
View File

@@ -361,3 +361,13 @@ matrix_dendrite_media_api_max_thumbnail_generators: 10
# Controls whether the full-text search engine is enabled
matrix_dendrite_sync_api_search_enabled: false
# matrix_dendrite_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_dendrite_restart_necessary: false

26
roles/custom/matrix-dendrite/tasks/setup_install.yml
View File

@@ -55,10 +55,10 @@
force_source: "{{ matrix_dendrite_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_container_image_force_pull }}"
when: "not matrix_dendrite_container_image_self_build | bool"
register: result
register: matrix_dendrite_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_dendrite_container_image_pull_result is not failed
# We do this so that the signing key would get generated.
# We don't use the `docker_container` module, because using it with `cap_drop` requires
@@ -89,6 +89,7 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_dendrite_config_result
- when: "matrix_dendrite_container_image_self_build | bool"
block:
@@ -139,6 +140,21 @@
- src: bin/create-account.j2
dest: "{{ matrix_dendrite_bin_path }}/create-account"
mode: "0750"
- src: systemd/matrix-dendrite.service.j2
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
mode: "0644"
register: matrix_dendrite_support_files_result
- name: Ensure matrix-dendrite.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-dendrite.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service"
mode: '0644'
register: matrix_dendrite_systemd_service_result
- name: Determine whether Dendrite needs a restart
ansible.builtin.set_fact:
matrix_dendrite_restart_necessary: >-
{{
matrix_dendrite_config_result.changed | default(false)
or matrix_dendrite_support_files_result.changed | default(false)
or matrix_dendrite_systemd_service_result.changed | default(false)
or matrix_dendrite_container_image_pull_result.changed | default(false)
}}

2
roles/custom/matrix-element-admin/defaults/main.yml
View File

@@ -11,7 +11,7 @@
matrix_element_admin_enabled: true
# renovate: datasource=docker depName=oci.element.io/element-admin
matrix_element_admin_version: 0.1.10
matrix_element_admin_version: 0.1.11
matrix_element_admin_scheme: https

12
roles/custom/matrix-element-call/defaults/main.yml
View File

@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.17.0
matrix_element_call_version: v0.18.0
matrix_element_call_scheme: https
@@ -153,3 +153,13 @@ matrix_element_call_config_default_server_config_m_homeserver_server_name: "{{ m
# Controls the livekit/livekit_service_url property in the config.json file.
matrix_element_call_config_livekit_livekit_service_url: ""
# matrix_element_call_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_element_call_restart_necessary: false

17
roles/custom/matrix-element-call/tasks/install.yml
View File

@@ -23,6 +23,7 @@
mode: '0640'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_element_call_config_result
- name: Ensure Element Call container labels file is in place
ansible.builtin.template:
@@ -31,16 +32,17 @@
mode: '0640'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_element_call_support_files_result
- name: Ensure Element Call container image is pulled
community.docker.docker_image:
name: "{{ matrix_element_call_container_image }}"
source: pull
force_source: "{{ matrix_element_call_container_image_force_pull }}"
register: element_call_image_result
register: matrix_element_call_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: element_call_image_result is not failed
until: matrix_element_call_container_image_pull_result is not failed
- name: Ensure Element Call container network is created
community.general.docker_network:
@@ -54,3 +56,14 @@
src: "{{ role_path }}/templates/systemd/matrix-element-call.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-element-call.service"
mode: '0644'
register: matrix_element_call_systemd_service_result
- name: Determine whether Element Call needs a restart
ansible.builtin.set_fact:
matrix_element_call_restart_necessary: >-
{{
matrix_element_call_config_result.changed | default(false)
or matrix_element_call_support_files_result.changed | default(false)
or matrix_element_call_systemd_service_result.changed | default(false)
or matrix_element_call_container_image_pull_result.changed | default(false)
}}

2
roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml
View File

@@ -40,6 +40,7 @@
path: "{{ matrix_ldap_registration_proxy_container_src_files_path }}"
pull: true
when: true
register: matrix_ldap_registration_proxy_container_image_build_result
- name: Ensure matrix_ldap_registration_proxy config installed
ansible.builtin.template:
@@ -82,4 +83,5 @@
matrix_ldap_registration_proxy_config_result.changed | default(false)
or matrix_ldap_registration_proxy_support_files_result.changed | default(false)
or matrix_ldap_registration_proxy_systemd_service_result.changed | default(false)
or matrix_ldap_registration_proxy_container_image_build_result.changed | default(false)
}}

2
roles/custom/matrix-matrixto/tasks/install.yml
View File

@@ -45,6 +45,7 @@
path: "{{ matrix_matrixto_container_image_self_build_src_files_path }}"
pull: true
args:
register: matrix_matrixto_container_image_build_result
- name: Ensure Matrix.to container network is created via community.docker.docker_network
when: devture_systemd_docker_base_container_network_creation_method == 'ansible-module'
@@ -79,4 +80,5 @@
{{
matrix_matrixto_support_files_result.changed | default(false)
or matrix_matrixto_systemd_service_result.changed | default(false)
or matrix_matrixto_container_image_build_result.changed | default(false)
}}

10
roles/custom/matrix-media-repo/defaults/main.yml
View File

@@ -939,3 +939,13 @@ matrix_media_repo_pgo_submit_key: "INSERT_VALUE_HERE"
# Specifies whether the homeserver supports federation
matrix_media_repo_homeserver_federation_enabled: true
# matrix_media_repo_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_media_repo_restart_necessary: false

17
roles/custom/matrix-media-repo/tasks/setup_install.yml
View File

@@ -35,6 +35,7 @@
with_items:
- env
- labels
register: matrix_media_repo_support_files_result
- name: Ensure media-repo configuration installed
ansible.builtin.template:
@@ -43,6 +44,7 @@
mode: '0640'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_media_repo_config_result
- name: Ensure media-repo Docker image is pulled
community.docker.docker_image:
@@ -51,10 +53,10 @@
force_source: "{{ matrix_media_repo_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_media_repo_container_image_force_pull }}"
when: "not matrix_media_repo_container_image_self_build | bool"
register: result
register: matrix_media_repo_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_media_repo_container_image_pull_result is not failed
- when: "matrix_media_repo_container_image_self_build | bool"
block:
@@ -153,3 +155,14 @@
src: "{{ role_path }}/templates/media-repo/systemd/matrix-media-repo.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service"
mode: '0640'
register: matrix_media_repo_systemd_service_result
- name: Determine whether media-repo needs a restart
ansible.builtin.set_fact:
matrix_media_repo_restart_necessary: >-
{{
matrix_media_repo_config_result.changed | default(false)
or matrix_media_repo_support_files_result.changed | default(false)
or matrix_media_repo_systemd_service_result.changed | default(false)
or matrix_media_repo_container_image_pull_result.changed | default(false)
}}

103
roles/custom/matrix-synapse/defaults/main.yml
View File

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.149.0
matrix_synapse_version: v1.149.1
matrix_synapse_username: ''
matrix_synapse_uid: ''
@@ -125,6 +125,17 @@ matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_stor
# extra arguments to pass to s3-storage-provider script when starting Synapse container
matrix_synapse_ext_s3_storage_provider_container_arguments: []
# matrix_synapse_s3_storage_provider_restart_necessary controls whether the
# s3-storage-provider migrate timer will be restarted (when true) or merely
# started (when false) by the systemd service manager role (when conditional
# restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files or the systemd service/timer files changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_synapse_s3_storage_provider_restart_necessary: false
matrix_synapse_container_client_api_port: 8008
# Controls the `x_forwarded` setting for the "Insecure HTTP listener (Client API)".
@@ -934,6 +945,11 @@ matrix_synapse_workers_presets:
stream_writer_account_data_stream_workers_count: 0
stream_writer_receipts_stream_workers_count: 0
stream_writer_presence_stream_workers_count: 0
stream_writer_push_rules_stream_workers_count: 0
stream_writer_device_lists_stream_workers_count: 0
# Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
# and disabled in upstream Synapse unless explicitly opted in.
stream_writer_thread_subscriptions_stream_workers_count: 0
one-of-each:
room_workers_count: 0
sync_workers_count: 0
@@ -952,6 +968,11 @@ matrix_synapse_workers_presets:
stream_writer_account_data_stream_workers_count: 1
stream_writer_receipts_stream_workers_count: 1
stream_writer_presence_stream_workers_count: 1
stream_writer_push_rules_stream_workers_count: 1
stream_writer_device_lists_stream_workers_count: 1
# Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
# and disabled in upstream Synapse unless explicitly opted in.
stream_writer_thread_subscriptions_stream_workers_count: 0
specialized-workers:
room_workers_count: 1
sync_workers_count: 1
@@ -970,6 +991,11 @@ matrix_synapse_workers_presets:
stream_writer_account_data_stream_workers_count: 1
stream_writer_receipts_stream_workers_count: 1
stream_writer_presence_stream_workers_count: 1
stream_writer_push_rules_stream_workers_count: 1
stream_writer_device_lists_stream_workers_count: 1
# Keep disabled by default: MSC4306/4308 thread subscriptions are unstable
# and disabled in upstream Synapse unless explicitly opted in.
stream_writer_thread_subscriptions_stream_workers_count: 0
# Controls whether the matrix-synapse container exposes the various worker ports
# (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container.
@@ -1064,6 +1090,18 @@ matrix_synapse_workers_stream_writer_receipts_stream_workers_count: "{{ matrix_s
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_presence_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_presence_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_push_rules_stream_workers_count controls how many stream writers that handle the `push_rules` stream to spawn.
# The count of these workers can only be 0 or 1.
matrix_synapse_workers_stream_writer_push_rules_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_push_rules_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_device_lists_stream_workers_count controls how many stream writers that handle the `device_lists` stream to spawn.
# More than 1 worker is also supported of this type.
matrix_synapse_workers_stream_writer_device_lists_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_device_lists_stream_workers_count'] }}"
# matrix_synapse_workers_stream_writer_thread_subscriptions_stream_workers_count controls how many stream writers that handle the `thread_subscriptions` stream to spawn.
# More than 1 worker is also supported of this type.
matrix_synapse_workers_stream_writer_thread_subscriptions_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_thread_subscriptions_stream_workers_count'] }}"
# A list of stream writer workers to enable. This list is built automatically based on other variables.
# You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually.
matrix_synapse_workers_stream_writers: |
@@ -1081,6 +1119,12 @@ matrix_synapse_workers_stream_writers: |
([{'stream': 'receipts'}] * matrix_synapse_workers_stream_writer_receipts_stream_workers_count | int)
+
([{'stream': 'presence'}] * matrix_synapse_workers_stream_writer_presence_stream_workers_count | int)
+
([{'stream': 'push_rules'}] * matrix_synapse_workers_stream_writer_push_rules_stream_workers_count | int)
+
([{'stream': 'device_lists'}] * matrix_synapse_workers_stream_writer_device_lists_stream_workers_count | int)
+
([{'stream': 'thread_subscriptions'}] * matrix_synapse_workers_stream_writer_thread_subscriptions_stream_workers_count | int)
}}
matrix_synapse_workers_stream_writers_container_arguments: []
@@ -1277,6 +1321,10 @@ matrix_synapse_sentry_dsn: ""
# Postgres database information
matrix_synapse_database_txn_limit: 0
#
# Use this hostname for TCP-based Postgres connections.
# When `matrix_synapse_database_socket_enabled` is true, this is ignored and
# `matrix_synapse_database_socket_path` is used instead.
matrix_synapse_database_host: ''
matrix_synapse_database_port: 5432
matrix_synapse_database_cp_min: 5
@@ -1390,6 +1438,16 @@ matrix_synapse_max_event_delay_duration: 24h
# See https://github.com/matrix-org/matrix-spec-proposals/pull/4222
matrix_synapse_experimental_features_msc4222_enabled: false
# Controls whether to enable the MSC4306 experimental feature ("thread subscriptions").
#
# In current Synapse, this also enables the MSC4308 thread-subscriptions extension
# to Sliding Sync under the same upstream feature flag.
#
# See:
# - https://github.com/matrix-org/matrix-spec-proposals/pull/4306
# - https://github.com/matrix-org/matrix-spec-proposals/pull/4308
matrix_synapse_experimental_features_msc4306_enabled: false
# Controls whether to enable the MSC4354 experimental feature (sticky events).
#
# This is implemented since Synapse v1.148.0 and can be used by element-call v0.17.0+
@@ -1601,6 +1659,16 @@ matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
matrix_s3_media_store_region: "eu-central-1"
matrix_s3_media_store_path: "{{ matrix_synapse_media_store_path }}"
# matrix_goofys_restart_necessary controls whether the Goofys service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_goofys_restart_necessary: false
# Controls whether the self-check feature should validate SSL certificates.
matrix_synapse_self_check_validate_certificates: true
@@ -1614,6 +1682,12 @@ matrix_synapse_server_notices_system_mxid_display_name: "Server Notices"
matrix_synapse_server_notices_system_mxid_avatar_url: ~
# The name of the room where server notices will be sent, this room will be created if it doesn't exist.
matrix_synapse_server_notices_room_name: "Server Notices"
# Optional avatar URL for the server notices room, example: mxc://example.com/abc123
matrix_synapse_server_notices_room_avatar_url: ~
# Optional topic for the server notices room.
matrix_synapse_server_notices_room_topic: ~
# If true, users will be automatically joined to the server notices room instead of being invited.
matrix_synapse_server_notices_auto_join: false
# Controls whether searching the public room list is enabled.
matrix_synapse_enable_room_list_search: true
@@ -1902,6 +1976,26 @@ matrix_synapse_reverse_proxy_companion_worker_connections: 1024
# Option to disable the access log
matrix_synapse_reverse_proxy_companion_access_log_enabled: true
# Controls the regular nginx access log format used for `/var/log/nginx/access.log`.
# `routing_debug` is the default because it includes the chosen upstream label,
# the resolved backend address, and timing data, which makes it much easier to
# verify request routing in worker deployments.
# This does not affect the separate syslog integration format used by prometheus-nginxlog-exporter.
matrix_synapse_reverse_proxy_companion_access_log_format: routing_debug
# The available values for `matrix_synapse_reverse_proxy_companion_access_log_format`.
# You can override this map to define custom formats, but that is fragile and discouraged.
matrix_synapse_reverse_proxy_companion_access_log_format_presets:
main:
- '$remote_addr - $remote_user [$time_local] "$request"'
- '$status $body_bytes_sent "$http_referer"'
- ' "$http_user_agent" "$http_x_forwarded_for"'
routing_debug:
- '$remote_addr - $remote_user [$time_local] "$request"'
- '$status $body_bytes_sent "$http_referer"'
- ' "$http_user_agent" "$http_x_forwarded_for"'
- ' "$host" "$matrix_upstream_label" "$upstream_addr" "$upstream_status" "$request_time" "$upstream_response_time"'
# Controls whether to send access logs to a remote syslog-compatible server
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: false
matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: ''
@@ -1998,10 +2092,13 @@ matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_wo
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_push_rules_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_push_rules_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_device_lists_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_device_lists_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_thread_subscriptions_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_thread_subscriptions_stream_worker_client_server_endpoints }}"
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{ matrix_synapse_workers_media_repository_endpoints | default([]) }}"
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints | default([]) }}"
matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|pushrules/|rooms/[^/]+/(forget|upgrade|report)|login/sso/redirect/|register)
matrix_synapse_reverse_proxy_companion_client_server_sso_override_locations_regex: ^(/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect|/_synapse/client/(pick_username|(new_user_consent|oidc/callback|pick_idp|sso_register)$))
matrix_synapse_reverse_proxy_companion_client_server_main_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register)
matrix_synapse_reverse_proxy_companion_client_server_sso_override_locations_regex: ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect(/|$)
# Related to MSC4108 (https://github.com/matrix-org/matrix-spec-proposals/pull/4108)
matrix_synapse_reverse_proxy_companion_client_server_qr_code_login_locations_regex: ^(/_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous|/_synapse/client/rendezvous)$

13
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml
View File

@@ -27,12 +27,14 @@
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env"
mode: '0640'
register: matrix_synapse_s3_storage_provider_env_result
- name: Ensure s3-storage-provider database.yaml file installed
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2"
dest: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}/database.yaml"
mode: '0640'
register: matrix_synapse_s3_storage_provider_database_config_result
- name: Ensure s3-storage-provider scripts installed
ansible.builtin.template:
@@ -42,6 +44,7 @@
with_items:
- shell
- migrate
register: matrix_synapse_s3_storage_provider_scripts_result
- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed
ansible.builtin.template:
@@ -52,3 +55,13 @@
- matrix-synapse-s3-storage-provider-migrate.service
- matrix-synapse-s3-storage-provider-migrate.timer
register: matrix_synapse_s3_storage_provider_systemd_service_result
- name: Determine whether s3-storage-provider migrate timer needs a restart
ansible.builtin.set_fact:
matrix_synapse_s3_storage_provider_restart_necessary: >-
{{
matrix_synapse_s3_storage_provider_env_result.changed | default(false)
or matrix_synapse_s3_storage_provider_database_config_result.changed | default(false)
or matrix_synapse_s3_storage_provider_scripts_result.changed | default(false)
or matrix_synapse_s3_storage_provider_systemd_service_result.changed | default(false)
}}

15
roles/custom/matrix-synapse/tasks/goofys/setup_install.yml
View File

@@ -20,10 +20,10 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_s3_goofys_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_container_image_force_pull }}"
register: result
register: matrix_goofys_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
until: matrix_goofys_container_image_pull_result is not failed
# This will throw a Permission Denied error if already mounted
- name: Check Matrix Goofys external storage mountpoint path
@@ -47,9 +47,20 @@
dest: "{{ matrix_synapse_config_dir_path }}/env-goofys"
owner: root
mode: '0600'
register: matrix_goofys_env_result
- name: Ensure matrix-goofys.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
mode: '0644'
register: matrix_goofys_systemd_service_result
- name: Determine whether Goofys needs a restart
ansible.builtin.set_fact:
matrix_goofys_restart_necessary: >-
{{
matrix_goofys_env_result.changed | default(false)
or matrix_goofys_systemd_service_result.changed | default(false)
or matrix_goofys_container_image_pull_result.changed | default(false)
}}

8
roles/custom/matrix-synapse/tasks/validate_config.yml
View File

@@ -149,6 +149,14 @@
- "matrix_synapse_workers_stream_writer_account_data_stream_workers_count"
- "matrix_synapse_workers_stream_writer_receipts_stream_workers_count"
- "matrix_synapse_workers_stream_writer_presence_stream_workers_count"
- "matrix_synapse_workers_stream_writer_push_rules_stream_workers_count"
- name: Fail if matrix-synapse-reverse-proxy-companion access log format is invalid
ansible.builtin.fail:
msg: >-
`matrix_synapse_reverse_proxy_companion_access_log_format` must be one of:
{{ matrix_synapse_reverse_proxy_companion_access_log_format_presets.keys() | sort | join(', ') }}
when: "matrix_synapse_reverse_proxy_companion_access_log_format not in matrix_synapse_reverse_proxy_companion_access_log_format_presets"
- name: Fail when mixing generic workers with new specialized workers
ansible.builtin.fail:

152
roles/custom/matrix-synapse/templates/reverse_proxy_companion/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2
View File

@@ -10,8 +10,61 @@
{% set stream_writer_account_data_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %}
{% set stream_writer_receipts_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %}
{% set stream_writer_presence_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %}
{% set stream_writer_push_rules_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'push_rules') | list %}
{% set stream_writer_device_lists_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'device_lists') | list %}
{% set stream_writer_thread_subscriptions_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'thread_subscriptions') | list %}
{% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
{% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
{% set stream_writer_client_server_routes = [
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream',
'workers': stream_writer_typing_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations,
'upstream': 'stream_writer_typing_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream',
'workers': stream_writer_to_device_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations,
'upstream': 'stream_writer_to_device_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream',
'workers': stream_writer_account_data_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations,
'upstream': 'stream_writer_account_data_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream',
'workers': stream_writer_receipts_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations,
'upstream': 'stream_writer_receipts_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream',
'workers': stream_writer_presence_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations,
'upstream': 'stream_writer_presence_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-push_rules-stream',
'workers': stream_writer_push_rules_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_push_rules_stream_worker_client_server_locations,
'upstream': 'stream_writer_push_rules_stream_workers_upstream',
},
{
'doc_url': 'https://matrix-org.github.io/synapse/latest/workers.html#the-device_lists-stream',
'workers': stream_writer_device_lists_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_device_lists_stream_worker_client_server_locations,
'upstream': 'stream_writer_device_lists_stream_workers_upstream',
},
{
'doc_url': 'https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/thread_subscriptions.py#L38-L247',
'workers': stream_writer_thread_subscriptions_stream_workers,
'locations': matrix_synapse_reverse_proxy_companion_synapse_stream_writer_thread_subscriptions_stream_worker_client_server_locations,
'upstream': 'stream_writer_thread_subscriptions_stream_workers_upstream',
},
] %}
{% macro render_worker_upstream(name, workers, load_balance) %}
upstream {{ name }} {
@@ -34,6 +87,7 @@
{% macro render_locations_to_upstream(locations, upstream_name) %}
{% for location in locations %}
location ~ {{ location }} {
set $matrix_upstream_label "{{ upstream_name }}";
proxy_pass http://{{ upstream_name }}$request_uri;
proxy_http_version 1.1;
proxy_set_header Connection "";
@@ -41,9 +95,28 @@
{% endfor %}
{% endmacro %}
{% macro render_locations_to_upstream_or_main(locations, workers, upstream_name) %}
{% for location in locations %}
location ~ {{ location }} {
{% if workers | length > 0 %}
set $matrix_upstream_label "{{ upstream_name }}";
proxy_pass http://{{ upstream_name }}$request_uri;
proxy_http_version 1.1;
proxy_set_header Connection "";
{% else %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
set $backend "{{ matrix_synapse_reverse_proxy_companion_client_api_addr }}";
proxy_pass http://$backend;
{% endif %}
}
{% endfor %}
{% endmacro %}
{% macro render_locations_to_upstream_with_whoami_sync_worker_router(locations, upstream_name) %}
{% for location in locations %}
location ~ {{ location }} {
set $matrix_upstream_label "{{ upstream_name }}";
# Use auth_request to call the whoami sync worker router.
# The handler resolves the access token to a user identifier and returns it
# in the X-User-Identifier header, which is then used for upstream hashing.
@@ -52,6 +125,7 @@
{% if matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_debug_headers_enabled %}
add_header X-Sync-Worker-Router-User-Identifier $user_identifier always;
add_header X-Sync-Worker-Router-Upstream-Label $matrix_upstream_label always;
add_header X-Sync-Worker-Router-Upstream $upstream_addr always;
{% endif %}
@@ -100,25 +174,11 @@ map $request_uri $room_name {
{{- render_worker_upstream('generic_workers_upstream', generic_workers, 'hash $http_x_forwarded_for;') }}
{% endif %}
{% if stream_writer_typing_stream_workers | length > 0 %}
{{- render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, '') }}
{% endif %}
{% if stream_writer_to_device_stream_workers | length > 0 %}
{{- render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, '') }}
{% endif %}
{% if stream_writer_account_data_stream_workers | length > 0 %}
{{- render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, '') }}
{% endif %}
{% if stream_writer_receipts_stream_workers | length > 0 %}
{{- render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, '') }}
{% endif %}
{% if stream_writer_presence_stream_workers | length > 0 %}
{{- render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, '') }}
{% for stream_writer_client_server_route in stream_writer_client_server_routes %}
{% if stream_writer_client_server_route.workers | length > 0 %}
{{- render_worker_upstream(stream_writer_client_server_route.upstream, stream_writer_client_server_route.workers, '') }}
{% endif %}
{% endfor %}
{% if media_repository_workers | length > 0 %}
{{- render_worker_upstream('media_repository_workers_upstream', media_repository_workers, 'least_conn;') }}
@@ -142,6 +202,7 @@ server {
proxy_buffering on;
proxy_max_temp_file_size 0;
proxy_set_header Host $host;
set $matrix_upstream_label "synapse_main_client_api";
{% if matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_enabled %}
# Internal location for whoami-based sync worker routing.
@@ -186,36 +247,16 @@ server {
{# Workers redirects BEGIN #}
{% for stream_writer_client_server_route in stream_writer_client_server_routes %}
# {{ stream_writer_client_server_route.doc_url }}
{{ render_locations_to_upstream_or_main(stream_writer_client_server_route.locations, stream_writer_client_server_route.workers, stream_writer_client_server_route.upstream) }}
{% endfor %}
{% if generic_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }}
{% endif %}
{% if stream_writer_typing_stream_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }}
{% endif %}
{% if stream_writer_to_device_stream_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }}
{% endif %}
{% if stream_writer_account_data_stream_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }}
{% endif %}
{% if stream_writer_receipts_stream_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }}
{% endif %}
{% if stream_writer_presence_stream_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }}
{% endif %}
{% if room_workers | length > 0 %}
# room workers
# https://tcpipuk.github.io/synapse/deployment/workers.html
@@ -237,13 +278,14 @@ server {
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_client_reader_client_server_locations, 'client_reader_workers_upstream') }}
{% endif %}
{% if media_repository_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
location ~ {{ location }} {
proxy_pass http://media_repository_workers_upstream$request_uri;
{% if media_repository_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
location ~ {{ location }} {
set $matrix_upstream_label "media_repository_workers_upstream";
proxy_pass http://media_repository_workers_upstream$request_uri;
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
proxy_cache {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
proxy_cache_valid any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
proxy_force_ranges on;
@@ -287,6 +329,7 @@ server {
proxy_buffering on;
proxy_max_temp_file_size 0;
proxy_set_header Host $host;
set $matrix_upstream_label "synapse_main_federation_api";
{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
# Federation overrides — These locations must go to the main Synapse process
@@ -308,11 +351,12 @@ server {
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }}
{% endif %}
{% if media_repository_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
location ~ {{ location }} {
proxy_pass http://media_repository_workers_upstream$request_uri;
{% if media_repository_workers | length > 0 %}
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
location ~ {{ location }} {
set $matrix_upstream_label "media_repository_workers_upstream";
proxy_pass http://media_repository_workers_upstream$request_uri;
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
proxy_buffering on;

10
roles/custom/matrix-synapse/templates/reverse_proxy_companion/nginx/nginx.conf.j2
View File

@@ -48,12 +48,14 @@ http {
js_shared_dict_zone zone=whoami_sync_worker_router_cache:{{ matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_cache_size_mb }}m;
{% endif %}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
{% set access_log_format_fragments = matrix_synapse_reverse_proxy_companion_access_log_format_presets[matrix_synapse_reverse_proxy_companion_access_log_format] %}
log_format access_log_fmt
{% for fragment in access_log_format_fragments %}
'{{ fragment }}'{% if loop.last %};{% endif %}
{% endfor %}
{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/access.log access_log_fmt;
{% else %}
access_log off;
{% endif %}

5
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
View File

@@ -8,6 +8,9 @@ container_id=$(\
--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
{% if matrix_synapse_database_socket_enabled %}
--mount type=bind,src={{ matrix_synapse_database_socket_path_host }},dst={{ matrix_synapse_database_socket_path }} \
{% endif %}
--workdir=/data \
--network={{ matrix_synapse_container_network }} \
--entrypoint=/bin/bash \
@@ -18,7 +21,7 @@ container_id=$(\
-c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_prefix %}--prefix $PREFIX {% endif %}{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}' \
)
{# We need to connect to the Postgres network, which should be in this list. #}
{# Additional container networks (for example, Postgres) should be connected here when needed. #}
{% for network in matrix_synapse_container_additional_networks %}
{{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} $container_id
{% endfor %}

5
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2
View File

@@ -10,13 +10,16 @@ container_id=$(\
--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
{% if matrix_synapse_database_socket_enabled %}
--mount type=bind,src={{ matrix_synapse_database_socket_path_host }},dst={{ matrix_synapse_database_socket_path }} \
{% endif %}
--workdir=/data \
--network={{ matrix_synapse_container_network }} \
--entrypoint=/bin/bash \
{{ matrix_synapse_container_image_final }} \
)
{# We need to connect to the Postgres network, which should be in this list. #}
{# Additional container networks (for example, Postgres) should be connected here when needed. #}
{% for network in matrix_synapse_container_additional_networks %}
{{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} $container_id
{% endfor %}

2
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2
View File

@@ -7,5 +7,5 @@ SPDX-License-Identifier: AGPL-3.0-or-later
user: {{ matrix_synapse_database_user | to_json }}
password: {{ matrix_synapse_database_password | to_json }}
database: {{ matrix_synapse_database_database | to_json }}
host: {{ matrix_synapse_database_host | to_json }}
host: {{ (matrix_synapse_database_socket_path if matrix_synapse_database_socket_enabled else matrix_synapse_database_host) | to_json }}
port: {{ matrix_synapse_database_port | to_json }}

10
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@@ -2730,6 +2730,13 @@ server_notices:
system_mxid_avatar_url: {{ matrix_synapse_server_notices_system_mxid_avatar_url | string | to_json }}
{% endif %}
room_name: {{ matrix_synapse_server_notices_room_name | string | to_json }}
{% if matrix_synapse_server_notices_room_avatar_url %}
room_avatar_url: {{ matrix_synapse_server_notices_room_avatar_url | string | to_json }}
{% endif %}
{% if matrix_synapse_server_notices_room_topic %}
room_topic: {{ matrix_synapse_server_notices_room_topic | string | to_json }}
{% endif %}
auto_join: {{ matrix_synapse_server_notices_auto_join | to_json }}
{% endif %}
@@ -3006,6 +3013,9 @@ experimental_features:
{% if matrix_synapse_experimental_features_msc4222_enabled %}
msc4222_enabled: true
{% endif %}
{% if matrix_synapse_experimental_features_msc4306_enabled %}
msc4306_enabled: true
{% endif %}
{% if matrix_synapse_experimental_features_msc4354_enabled %}
msc4354_enabled: true
{% endif %}

101
roles/custom/matrix-synapse/vars/main.yml
View File

@@ -31,7 +31,36 @@ matrix_synapse_workers_sync_worker_client_server_endpoints:
# Client reader workers handle generic client-server endpoints that don't contain a roomid or sync
matrix_synapse_workers_client_reader_client_server_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/(room_keys/|keys/(query|changes|claim|upload/|room_keys/)|login|register(/available|/m.login.registration_token/validity|)|password_policy|profile|rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick))|createRoom|publicRooms|account/(3pid|whoami|devices)|versions|voip/turnServer|joined_rooms|search|user/.*/filter(/|$)|directory/room/.*|capabilities)
# Keep these as grouped regex entries instead of a single huge alternation.
# This preserves the existing specialized-routing policy while making future audits
# and endpoint-specific edits reviewable.
# Encryption and room-key APIs
- ^/_matrix/client/(api/v1|r0|v3|unstable)/room_keys/
- ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/(query|changes|claim|room_keys/)
# MSC3814 dehydrated-device APIs:
# Ref: https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/devices.py#L256-L459
- ^/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device$
- ^/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/[^/]*/events$
# Login, registration, account, and profile APIs
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login
- ^/_matrix/client/(api/v1|r0|v3|unstable)/register(/available|/m.login.registration_token/validity|)?
- ^/_matrix/client/(api/v1|r0|v3|unstable)/password_policy
- ^/_matrix/client/(api/v1|r0|v3|unstable)/profile
- ^/_matrix/client/(api/v1|r0|v3|unstable)/account/(3pid|whoami|deactivate)
# Room-scoped client APIs handled by client readers in the specialized-worker model
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick))
# Generic client discovery and lookup APIs
- ^/_matrix/client/(api/v1|r0|v3|unstable)/(createRoom|publicRooms|versions|voip/turnServer|joined_rooms|search|directory/room/.*|capabilities)
- ^/_matrix/client/(api/v1|r0|v3|unstable)/user/.*/filter(/|$)
# MatrixRTC transport discovery:
# Ref: https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/matrixrtc.py#L30-L52
- ^/_matrix/client/unstable/org.matrix.msc4143/rtc/transports$
# Federation reader workers handle generic federation endpoints that don't contain a roomid
matrix_synapse_workers_federation_reader_federation_endpoints:
@@ -47,12 +76,10 @@ matrix_synapse_workers_federation_reader_federation_endpoints:
# because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc.
# While /_synapse/client/ endpoints are somewhat client-server API-related, they're:
# - neither part of the client-server API spec (and are thus, different)
# - nor always OK to forward to a worker (we're supposed to obey `matrix_synapse_companion_container_labels_client_synapse_client_api_enabled`)
# - and they now include a meaningful Synapse-specific tree (`pick_idp`, `pick_username`, OIDC/SAML callbacks, rendezvous, etc.)
# - some of these paths are auth-sensitive or deployment-sensitive, so we intentionally keep them out of the broad worker route model unless explicitly handled elsewhere
#
# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24),
# so it's not that important whether we forward them or not.
#
# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much.
# Basically, we aim to cover most spec client APIs here. Skipping `/_synapse/client` is intentional and conservative.
matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}"
# A Synapse generic worker can handle both federation and client-server API endpoints.
@@ -93,6 +120,26 @@ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoi
matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
# matrix_synapse_workers_stream_writer_push_rules_stream_worker_client_server_endpoints contains the endpoints serviced by the `push_rules` stream writer.
# See: https://matrix-org.github.io/synapse/latest/workers.html#the-push_rules-stream
matrix_synapse_workers_stream_writer_push_rules_stream_worker_client_server_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
# matrix_synapse_workers_stream_writer_device_lists_stream_worker_client_server_endpoints contains the endpoints serviced by the `device_lists` stream writer.
# See: https://matrix-org.github.io/synapse/latest/workers.html#the-device_lists-stream
matrix_synapse_workers_stream_writer_device_lists_stream_worker_client_server_endpoints:
- ^/_matrix/client/(r0|v3)/delete_devices$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$)
- ^/_matrix/client/(r0|v3|unstable)/keys/upload(/|$)
- ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
# matrix_synapse_workers_stream_writer_thread_subscriptions_stream_worker_client_server_endpoints contains the endpoints serviced by the `thread_subscriptions` stream writer.
# Ref: https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/thread_subscriptions.py#L38-L247
matrix_synapse_workers_stream_writer_thread_subscriptions_stream_worker_client_server_endpoints:
- ^/_matrix/client/unstable/io.element.msc4306/rooms/.*/thread/.*/subscription$
- ^/_matrix/client/unstable/io.element.msc4308/thread_subscriptions$
# matrix_synapse_workers_user_dir_worker_client_server_endpoints contains the endpoints serviced by the `type = user_dir` (`app = generic_worker`) worker.
# See: https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
matrix_synapse_workers_user_dir_worker_client_server_endpoints:
@@ -101,11 +148,11 @@ matrix_synapse_workers_user_dir_worker_client_server_endpoints:
# matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes.
# This is used for validation purposes. If adding support for a new type, besides adding it to this list,
# don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc).
matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence']
matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions']
# matrix_synapse_workers_webserving_stream_writer_types contains a list of stream writer types that serve web (client) requests.
# Not all stream writers serve web requests. Some just perform background tasks.
matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence']
matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence', 'push_rules', 'device_lists', 'thread_subscriptions']
# matrix_synapse_workers_systemd_services_list contains a list of systemd services (one for each worker systemd service which serves web requests).
# This list is built during runtime.
@@ -188,9 +235,11 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(v1|unstable)/rooms/.*/relations/
- ^/_matrix/client/v1/rooms/.*/threads$
- ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
- ^/_matrix/client/unstable/im.nheko.summary/summary/.*$
- ^/_matrix/client/unstable/org.matrix.msc4143/rtc/transports$
- ^/_matrix/client/(r0|v3|unstable)/account/3pid$
- ^/_matrix/client/(r0|v3|unstable)/account/whoami$
- ^/_matrix/client/(r0|v3|unstable)/devices$
- ^/_matrix/client/(r0|v3|unstable)/account/deactivate$
- ^/_matrix/client/versions$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
@@ -208,9 +257,10 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(r0|v3|unstable)/keys/changes$
- ^/_matrix/client/(r0|v3|unstable)/keys/claim$
- ^/_matrix/client/(r0|v3|unstable)/room_keys/
- ^/_matrix/client/(r0|v3|unstable)/keys/upload$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
# MSC3814 dehydrated-device support:
# Ref: https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/devices.py#L256-L459
- ^/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device$
- ^/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/[^/]*/events$
# Registration/login requests
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
@@ -236,11 +286,14 @@ matrix_synapse_workers_generic_worker_endpoints:
# Start of intentionally-ignored-endpoints
#
# We ignore these below, because they're better sent to dedicated workers (various stream writers).
# If a stream writer is enabled, the endpoint should be routed to the stream writer, not to a generic worker.
# If a stream writer of a given type is not enabled, then a generic worker may process it.
# Because it's difficult to handle these individually based on which stream writer is enabled and which isn't,
# we just disable them here.
# We ignore these below, because they are now supposed to be owned by explicit
# early stream-backed routing in the reverse proxy.
#
# The intended behavior is:
# - if a stream writer is enabled, route to that stream writer
# - otherwise, route to Synapse `main`
#
# Broad generic-worker routing must not decide fallback behavior for these.
#
# # Account data requests
# - ^/_matrix/client/(r0|v3|unstable)/.*/tags
@@ -253,6 +306,20 @@ matrix_synapse_workers_generic_worker_endpoints:
# # Presence requests
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
#
# # Push rules requests
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
#
# # Device lists requests
# - ^/_matrix/client/(r0|v3)/delete_devices$
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$)
# - ^/_matrix/client/(r0|v3|unstable)/keys/upload(/|$)
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
#
# # Thread subscriptions requests
# - ^/_matrix/client/unstable/io.element.msc4306/rooms/.*/thread/.*/subscription$
# - ^/_matrix/client/unstable/io.element.msc4308/thread_subscriptions$
#
# # User directory search requests
# - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$
# End of intentionally-ignored-endpoints

20
roles/custom/matrix_playbook_migration/defaults/main.yml
View File

@@ -1,9 +1,27 @@
# SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2023 - 2026 Slavi Pantaleev
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# The version that the user has validated their setup against.
# When empty, the user will be prompted to set this variable.
# New users should set this to the current expected version (see below).
# See `examples/vars.yml` and `matrix_playbook_migration_expected_version` for the recommended value.
matrix_playbook_migration_validated_version: ''
# The version that the playbook expects the user to have validated against.
# This is bumped whenever a breaking change is introduced.
# The value configured here needs to exist in `matrix_playbook_migration_breaking_changes` as well.
matrix_playbook_migration_expected_version: "v2026.03.23.0"
# A list of breaking changes, used to inform users what changed between their validated version and the expected version.
matrix_playbook_migration_breaking_changes:
- version: "v2026.03.23.0"
summary: "Initial migration validation system"
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-03-22"
# Controls if (`matrix_prometheus_nginxlog_exporter` -> `prometheus_nginxlog_exporter`) validation will run.
matrix_playbook_migration_matrix_prometheus_nginxlog_exporter_migration_validation_enabled: true

7
roles/custom/matrix_playbook_migration/tasks/main.yml
View File

@@ -1,9 +1,14 @@
# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2022 - 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- tags:
- always
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_migration_version.yml"
- tags:
- setup-all
- install-all

10
roles/custom/matrix_playbook_migration/tasks/validate_config.yml
View File

@@ -40,8 +40,8 @@
- {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'}
- {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'}
- {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'}
- {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': '<prometheus_node_exporter_container_labels_traefik_enabled or matrix_metrics_exposure_enabled>'}
- {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': '<prometheus_postgres_exporter_container_labels_traefik_enabled or matrix_metrics_exposure_enabled>'}
- {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': '<prometheus_node_exporter_container_labels_metrics_enabled or matrix_metrics_exposure_enabled>'}
- {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': '<prometheus_postgres_exporter_container_labels_metrics_enabled or matrix_metrics_exposure_enabled>'}
- {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'traefik_certs_dumper_enabled'}
- {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'traefik_enabled'}
@@ -100,9 +100,9 @@
- {'old': 'prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream', 'new': 'prometheus_nginxlog_exporter_container_image_registry_prefix_upstream'}
- {'old': 'prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream_default', 'new': 'prometheus_nginxlog_exporter_container_image_registry_prefix_upstream_default'}
- {'old': 'prometheus_nginxlog_exporter_docker_image_arch_check_enabled', 'new': 'prometheus_nginxlog_exporter_container_image_arch_check_enabled'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_enabled', 'new': 'prometheus_nginxlog_exporter_container_labels_traefik_enabled'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_hostname', 'new': 'prometheus_nginxlog_exporter_container_labels_traefik_hostname'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_path_prefix', 'new': 'prometheus_nginxlog_exporter_container_labels_traefik_path_prefix'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_enabled', 'new': 'prometheus_nginxlog_exporter_container_labels_metrics_enabled'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_hostname', 'new': 'prometheus_nginxlog_exporter_container_labels_metrics_hostname'}
- {'old': 'prometheus_nginxlog_exporter_metrics_proxying_path_prefix', 'new': 'prometheus_nginxlog_exporter_container_labels_metrics_path_prefix'}
- {'old': 'prometheus_nginxlog_exporter_config_namespaces_matrix_source_tags_custom', 'new': 'prometheus_nginxlog_exporter_config_namespaces_source_tags_custom'}
- name: (Deprecation) Catch and report matrix_postgres variables

34
roles/custom/matrix_playbook_migration/tasks/validate_migration_version.yml Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if migration version is not validated (first-time onboarding)
ansible.builtin.fail:
msg: >-
This playbook now uses a migration validation system to help you stay aware of breaking changes.
It appears that you haven't configured the `matrix_playbook_migration_validated_version` variable yet.
Please review the changelog (https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md)
and then add the following to your vars.yml file:
matrix_playbook_migration_validated_version: {{ matrix_playbook_migration_expected_version }}
when: "matrix_playbook_migration_validated_version == ''"
- name: Fail if migration version is outdated
ansible.builtin.fail:
msg: |-
Your validated migration version ({{ matrix_playbook_migration_validated_version }}) is behind the expected version ({{ matrix_playbook_migration_expected_version }}).
The following breaking changes have been introduced since your last validation:
{% for item in matrix_playbook_migration_breaking_changes | selectattr('version', '>', matrix_playbook_migration_validated_version) | sort(attribute='version') %}
- {{ item.version }}: {{ item.summary }} ({{ item.changelog_url }})
{% endfor %}
After reviewing the above changes and adapting your setup, update your vars.yml:
matrix_playbook_migration_validated_version: "{{ matrix_playbook_migration_expected_version }}"
when: "matrix_playbook_migration_validated_version != '' and matrix_playbook_migration_validated_version < matrix_playbook_migration_expected_version"