iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-03-29 19:31:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:e5dbd51b462130bf51ee89c850e6f370bc86a793
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
..
compare: iartamonov:renovate/matrixdotorg-sygnal-0.x
Branches Tags
iartamonov:master iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

1 Commits
e5dbd51b46 ... renovate/m

Author SHA1 Message Date
renovate[bot]
811b8fcba1 chore(deps): update matrixdotorg/sygnal docker tag to v0.17.0 2026-02-17 08:48:02 +00:00
313 changed files with 6081 additions and 4235 deletions
Expand all files Collapse all files

2
.codespellrc
View File

@@ -1,2 +1,2 @@
[codespell]
ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema,commet,Commet
ignore-words-list = aNULL,brose,doub,Udo,re-use,re-used,registr,shema

51
.github/workflows/matrix.yml vendored
View File

@@ -9,37 +9,34 @@ name: Matrix CI
on: [push, pull_request] # yamllint disable-line rule:truthy
permissions:
contents: read
jobs:
prek:
name: Run prek hooks
yamllint:
name: yamllint
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v6
- name: Run yamllint
uses: frenck/action-yamllint@v1.5.0
ansible-lint:
name: ansible-lint
runs-on: ubuntu-latest
container:
image: docker.io/archlinux:base-devel
steps:
# git must be installed before checkout so it does a proper clone
# (with .git directory) instead of a tarball download.
- name: Install git
run: pacman -Sy --noconfirm git
- name: Check out
uses: actions/checkout@v6
- name: Restore prek cache
uses: actions/cache@v5
- name: Run ansible-lint
uses: ansible/ansible-lint@v26.1.1
with:
path: var/prek
key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install dependencies
run: pacman -S --noconfirm --needed just mise python
- name: Run prek hooks
run: |
# The checkout action sets safe.directory using its own bundled
# git, which is separate from the pacman-installed git that prek uses.
git config --global --add safe.directory "$GITHUB_WORKSPACE"
just prek-run-on-all
args: "roles/custom"
setup_python: "true"
working_directory: ""
requirements_file: requirements.yml
precommit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Run pre-commit
uses: pre-commit/action@v3.0.1

1
.gitignore vendored
View File

@@ -4,7 +4,6 @@
.python-version
.idea/
.direnv/
/var/
# ignore roles pulled by ansible-galaxy
/roles/galaxy/*

22
.pre-commit-config.yaml
View File

@@ -1,21 +1,22 @@
---
default_install_hook_types: [pre-push]
exclude: "^(LICENSES/|var/)"
exclude: "LICENSES/"
# See: https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
hooks:
# - id: check-executables-have-shebangs
- id: check-added-large-files
- id: check-case-conflict
- id: check-json
- id: check-shebang-scripts-are-executable
- id: check-toml
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/codespell-project/codespell
rev: v2.4.2
rev: v2.4.1
hooks:
- id: codespell
args: ["--skip=*.po,*.pot,i18n/"]
@@ -23,18 +24,3 @@ repos:
rev: v6.2.0
hooks:
- id: reuse
- repo: https://github.com/ansible/ansible-lint
rev: v26.3.0
hooks:
- id: ansible-lint
files: '^roles/custom/'
args: ['roles/custom']
pass_filenames: false
- repo: local
hooks:
- id: check-examples-vars-migration-version
name: Check examples/vars.yml migration version matches expected
entry: bin/check-examples-vars-migration-version.sh
language: script
files: '(examples/vars\.yml|roles/custom/matrix_playbook_migration/defaults/main\.yml)'
pass_filenames: false

147
CHANGELOG.md
View File

@@ -1,146 +1,3 @@
# 2026-03-23
## Migration validation system introduced
Previously, when updating your setup, you had to remember to read the [CHANGELOG](CHANGELOG.md) file or risk breakage.
Now, the playbook includes a migration validation system that ensures you're aware of breaking changes before they affect your deployment.
You're now forced to acknowledge each breaking change, unless you wish to live dangerously (see below).
A new `matrix_playbook_migration_validated_version` variable has been introduced.
**New users** who started from the [example `vars.yml`](examples/vars.yml) file already have this variable set and do not need to do anything.
**Existing users** will need to add the following to their `vars.yml` file after reviewing all changelog entries up to now:
```yml
matrix_playbook_migration_validated_version: v2026.03.23.0
```
Going forward, whenever a breaking change is introduced the playbook will:
- bump its expected version value (`matrix_playbook_migration_expected_version`), causing a discrepancy with what you validated (`matrix_playbook_migration_validated_version`)
- fail when you run it with a helpful message listing what changed and linking to the relevant changelog entries
After reviewing and adapting your setup, you simply update the variable to the new version.
If you'd like to live dangerously and skip these checks (not recommended), you can set this once and be done with it:
```yml
matrix_playbook_migration_validated_version: "{{ matrix_playbook_migration_expected_version }}"
```
# 2026-03-19
## Matrix Authentication Service now prefers UNIX sockets for playbook-managed Postgres
When [Matrix Authentication Service](docs/configuring-playbook-matrix-authentication-service.md) (MAS) uses the playbook-managed Postgres service, it now connects to it via a [UNIX socket](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
This follows the same approach [applied to Synapse](#synapse-now-prefers-unix-sockets-for-playbook-managed-postgres-and-valkey) and reduces unnecessary container-network wiring, keeping local IPC off the network stack.
If you use an external Postgres server for MAS, this does not change your setup.
If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
```yaml
matrix_authentication_service_config_database_socket_enabled: false
```
# 2026-03-17
## Synapse now prefers UNIX sockets for playbook-managed Postgres and Valkey
When Synapse uses the playbook-managed Postgres and Valkey services, it now connects to them via [UNIX sockets](https://en.wikipedia.org/wiki/Unix_domain_socket) by default instead of TCP.
This reduces unnecessary container-network wiring and keeps local IPC off the network stack, which is a bit simpler and slightly more secure.
If you use an external Postgres server or external Redis/Valkey for Synapse, this does not change your setup.
If you'd like to keep the previous TCP-based behavior, add the following configuration to your `vars.yml`:
```yaml
matrix_synapse_database_socket_enabled: false
matrix_synapse_redis_path_enabled: false
```
# 2026-03-01
## (Potential BC Break) Synapse S3 media prefix is now applied consistently
The `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` variable is now wired consistently for both:
- the Synapse `s3_storage_provider` module configuration
- the `matrix-synapse-s3-storage-provider-migrate` migration script (`s3_media_upload --prefix`)
Previously, this variable could be set, but was not effectively applied by either of these paths.
**Affects**: users of [synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) who have configured a non-empty `matrix_synapse_ext_synapse_s3_storage_provider_config_prefix` value.
If your bucket data was uploaded without the prefix before this fix, enabling proper prefix usage can make existing objects appear missing until data is migrated/copied to the prefixed key namespace.
# 2026-02-26
## Internal refactor: merged the Synapse reverse-proxy companion role into `matrix-synapse`
The standalone `matrix-synapse-reverse-proxy-companion` role has been merged into the [matrix-synapse](roles/custom/matrix-synapse/) role.
This is not a user-facing change and does not change variable names (`matrix_synapse_reverse_proxy_companion_*` remain the same). The split looked clean on paper, but in practice both parts are tightly coupled through worker routing, tags (`setup-synapse`/`install-synapse`), and lifecycle ordering, so keeping them separate added coordination overhead with little practical benefit.
Compatibility note: existing companion-specific tags (`setup-synapse-reverse-proxy-companion` and `install-synapse-reverse-proxy-companion`) are still available.
With this change, Synapse and its reverse-proxy companion are managed in one role (`matrix-synapse`) while still keeping companion logic in dedicated task/template subdirectories for maintainability.
# 2026-02-21
## (BC Break) coturn is no longer auto-enabled by default
By default, the [coturn](./docs/configuring-playbook-turn.md) TURN server component is no longer enabled for every deployment.
This reduces resources and attach surface for deployments which:
- either don't need calls at all
- or use the modern [Matrix RTC](docs/configuring-playbook-matrix-rtc.md)/[Element Call](docs/configuring-playbook-element-call.md) stack.
Coturn is still auto-enabled when [Jitsi](./docs/configuring-playbook-jitsi.md) is enabled (`jitsi_enabled: true`), because Jitsi still depends on TURN for legacy Matrix integration.
Additionally, Coturn (when enabled) now defaults to using automatic IP detection of your server's external IP address, instead of assuming your Ansible inventory (`ansible_host`) points to a public address and using it for configuring `coturn_turn_external_ip_address`.
To restore the old behavior (needed for legacy call setups), add the following configuration to your `vars.yml`:
```yml
coturn_enabled: true
# If you'd like explicit control over the external IP address (like before), keep this too.
coturn_turn_external_ip_address: "{{ ansible_host }}"
```
## LiveKit TURN TLS is now automatically fronted by playbook-managed Traefik
For deployments that use the playbook-managed Traefik reverse-proxy, LiveKit TURN over TCP is now SSL-terminated at Traefik and passed as plain TCP to LiveKit (`turn.external_tls = true`) by default.
To disable this behavior, set `livekit_server_config_turn_external_tls: false` and the playbook will revert to the old behavior - using traefik-certs-dumper to extract SSL certificates out of Traefik and pass them to LiveKit for explicit SSL termination there.
If you are using `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), this change does **not** switch behavior automatically. That mode remains using certificate files in the container (Traefik certificates dumper flow) unless you explicitly set the TURN-Traefik mode variables to opt in.
# 2026-02-17
## (BC Break) prometheus-nginxlog-exporter role has been relocated and variable names need adjustments
The role for prometheus-nginxlog-exporter has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
Along with the relocation, the `matrix_prometheus_nginxlog_exporter_` prefix on its variable names has been renamed to `prometheus_nginxlog_exporter_`, so you need to adjust your `vars.yml` configuration.
As always, the playbook would let you know about this and point out any variables you may have missed.
## synapse-auto-invite-accept has been removed from the playbook
[synapse-auto-invite-accept](./docs/configuring-playbook-synapse-auto-accept-invite.md) has been removed from the playbook, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
See [this section](./docs/configuring-playbook-synapse-auto-accept-invite.md#native-alternative) for details about how to enable the function on Synapse.
If you're using any `matrix_synapse_ext_synapse_auto_accept_invite_*` variables, the playbook will let you know which one you'll need to remove from `vars.yml`.
# 2026-02-16
## matrix-appservice-slack has been removed from the playbook
@@ -847,8 +704,8 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:
```yaml
matrix_synapse_admin_container_image: "{{ matrix_synapse_admin_container_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_container_image_registry_prefix_upstream: docker.io/
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_registry_prefix_upstream: docker.io/
matrix_synapse_admin_version: 0.10.3

7
README.md
View File

@@ -64,7 +64,6 @@ Web clients for Matrix that you can host on your own domains.
| [Element Web](https://github.com/element-hq/element-web) | ✅ | Default Matrix web client, configured to connect to your own Synapse server | [Link](docs/configuring-playbook-client-element-web.md) |
| [Hydrogen](https://github.com/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
| [Cinny](https://github.com/ajbura/cinny) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
| [Sable](https://github.com/7w1/sable) | ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-sable.md) |
| [SchildiChat Web](https://schildi.chat/) | ❌ | Based on Element Web, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat-web.md) |
| [FluffyChat Web](https://fluffychat.im/) | ❌ | The cutest messenger in Matrix | [Link](docs/configuring-playbook-client-fluffychat-web.md) |
@@ -75,12 +74,13 @@ Services that run on the server to make the various parts of your installation w
| Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- |
| [PostgreSQL](https://www.postgresql.org/)| ✅ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
| [coturn](https://github.com/coturn/coturn) | ✅ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
| [Traefik](https://doc.traefik.io/traefik/) | ✅ | Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. [Using your own webserver](docs/configuring-playbook-own-webserver.md) is also possible. | [Link](docs/configuring-playbook-traefik.md) |
| [Let's Encrypt](https://letsencrypt.org/) | ✅ | Free SSL certificate, which secures the connection to all components | [Link](docs/configuring-playbook-ssl-certificates.md) |
| [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
| [coturn](https://github.com/coturn/coturn) | ❌ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
| [ddclient](https://github.com/linuxserver/docker-ddclient) | ❌ | Dynamic DNS | [Link](docs/configuring-playbook-dynamic-dns.md) |
| Matrix RTC stack | ❌ | Supporting components ([LiveKit Server](docs/configuring-playbook-livekit-server.md) and [LiveKit JWT Service](docs/configuring-playbook-livekit-jwt-service.md)) for in-app audio/video calls for Matrix clients | [Link](docs/configuring-playbook-matrix-rtc.md) |
| [LiveKit Server](https://github.com/livekit/livekit) | ❌ | WebRTC server for audio/video calls | [Link](docs/configuring-playbook-livekit-server.md) |
| [Livekit JWT Service](https://github.com/livekit/livekit-jwt-service) | ❌ | JWT service for integrating [Element Call](./configuring-playbook-element-call.md) with [LiveKit Server](./configuring-playbook-livekit-server.md) | [Link](docs/configuring-playbook-livekit-jwt-service.md) |
### Authentication
@@ -171,6 +171,7 @@ Various services that don't fit any other categories.
| Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- |
| [synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite) | ❌ | Synapse module to automatically accept invites | [Link](docs/configuring-playbook-synapse-auto-accept-invite.md) |
| [synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) | ❌ | Cli tool that automatically compresses `state_groups` database table in background | [Link](docs/configuring-playbook-synapse-auto-compressor.md) |
| [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | ❌ | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
| [Matrix.to](https://github.com/matrix-org/matrix.to) | ❌ | Simple URL redirection service for the Matrix ecosystem | [Link](docs/configuring-playbook-matrixto.md) |

35
bin/check-examples-vars-migration-version.sh
View File

@@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# Ensures that the migration validated version in examples/vars.yml
# matches the expected version in the matrix_playbook_migration role defaults.
set -euo pipefail
defaults_file="roles/custom/matrix_playbook_migration/defaults/main.yml"
examples_file="examples/vars.yml"
expected_version=$(grep -oP '^matrix_playbook_migration_expected_version:\s*"?\K[^"]+' "$defaults_file")
examples_version=$(grep -oP '^matrix_playbook_migration_validated_version:\s*"?\K[^"]+' "$examples_file")
if [ -z "$expected_version" ]; then
echo "ERROR: Could not extract matrix_playbook_migration_expected_version from $defaults_file"
exit 1
fi
if [ -z "$examples_version" ]; then
echo "ERROR: Could not extract matrix_playbook_migration_validated_version from $examples_file"
exit 1
fi
if [ "$expected_version" != "$examples_version" ]; then
echo "ERROR: Migration version mismatch!"
echo " $defaults_file has expected version: $expected_version"
echo " $examples_file has validated version: $examples_version"
echo ""
echo "Please update $examples_file to match."
exit 1
fi

0
bin/rebuild-mautrix-meta-instagram.sh Executable file → Normal file
View File

25
docs/configuring-playbook-bot-baibot.md
View File

@@ -39,35 +39,16 @@ Depending on your current `vars.yml` file and desired configuration, **you may r
To enable the bot, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
Authentication can be configured in one of two mutually-exclusive ways:
- **Password authentication** (`matrix_bot_baibot_config_user_password`) - recommended for most playbook-managed setups, because it integrates with automatic user creation flow used by the playbook, and auto-creates the bot account
- **Access-token authentication** (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) - useful for specific [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md)/OIDC setups where password authentication is not available or not desired
Even when [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md) is enabled, password authentication is still typically the best fit for baibot if you're using a playbook-managed bot account.
For upstream details, see baibot's [🔐 Authentication](https://github.com/etkecc/baibot/blob/main/docs/configuration/authentication.md) documentation.
```yaml
matrix_bot_baibot_enabled: true
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_baibot_config_user_mxid_localpart: baibot
# Authentication mode (choose exactly one):
#
# 1) Password authentication (recommended for most setups)
# Generate a strong password for the bot. You can create one with a command like `pwgen -s 64 1`.
# If you'd like to change this password subsequently, see the details below.
matrix_bot_baibot_config_user_password: 'PASSWORD_FOR_THE_BOT'
# 2) Access-token authentication (for MAS/OIDC-enabled homeservers)
# matrix_bot_baibot_config_user_access_token: 'YOUR_MAS_COMPATIBILITY_TOKEN_HERE'
# matrix_bot_baibot_config_user_device_id: 'BAIBOT'
#
# You can generate a compatibility token for MAS with:
# mas-cli manage issue-compatibility-token <username> [device_id]
# An optional passphrase to use for backing up and recovering the bot's encryption keys.
# You can create one with a command like `pwgen -s 64 1`.
#
@@ -406,15 +387,13 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-use
**Notes**:
- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used.
- If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable.
- The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account.
- The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)
- If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password.
## Usage

71
docs/configuring-playbook-client-sable.md
View File

@@ -1,71 +0,0 @@
<!--
SPDX-FileCopyrightText: 2022 MDAD project contributors
SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Sable (optional)
The playbook can install and configure the [Sable](https://github.com/7w1/sable) Matrix web client for you.
Sable is a web client focusing primarily on simple, elegant and secure interface. It can be installed alongside or instead of [Element Web](./configuring-playbook-client-element-web.md), [Cinny](./configuring-playbook-client-cinny.md) and others.
## Adjusting DNS records
By default, this playbook installs Sable on the `sable.` subdomain (`sable.example.com`) and requires you to create a CNAME record for `sable`, which targets `matrix.example.com`.
When setting, replace `example.com` with your own.
## Adjusting the playbook configuration
To enable Sable, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
sable_enabled: true
```
### Adjusting the Sable URL (optional)
By tweaking the `sable_hostname` variable, you can easily make the service available at a **different hostname** than the default one.
Example additional configuration for your `vars.yml` file:
```yaml
# Switch to a different domain (`app.example.com`) than the default one (`sable.example.com`)
sable_hostname: "app.{{ matrix_domain }}"
# Expose under the /sable subpath
# sable_path_prefix: /sable
```
After changing the domain, **you may need to adjust your DNS** records to point the Sable domain to the Matrix server.
**Note**: while there is a `sable_path_prefix` variable for changing the path where Sable is served, overriding it is [not possible](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3701), because Sable requires an application rebuild (with a tweaked build config) to be functional under a custom path. You'd need to serve Sable at a dedicated subdomain.
### Extending the configuration
There are some additional things you may wish to configure about the component.
Take a look at:
- `roles/galaxy/sable/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/galaxy/sable/templates/config.json.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `sable_configuration_extension_json` variable
## Installing
After configuring the playbook and [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
## Troubleshooting
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-sable`.

9
docs/configuring-playbook-continuwuity.md
View File

@@ -58,14 +58,9 @@ matrix_continuwuity_environment_variables_extension: |
Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.
On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:
If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
```sh
# Adjust the duration if necessary or remove the whole --since argument
journalctl -u matrix-continuwuity.service --since="10 minutes ago"
```
Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.

10
docs/configuring-playbook-email.md
View File

@@ -17,16 +17,6 @@ The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/
- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online
- 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
## Why use exim-relay?
**Benefits of using exim-relay** instead of configuring SMTP directly in each service:
1. **Final delivery capability**: Can deliver emails directly if you don't have an SMTP server
2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component
3. **Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable
## Firewall settings
No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration).

3
docs/configuring-playbook-jitsi.md
View File

@@ -18,9 +18,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure the [Jitsi](https://jitsi.org/) video-conferencing platform for you.
Because Jitsi still requires a TURN server, enabling Jitsi
automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it.
Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.
💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.

41
docs/configuring-playbook-livekit-server.md
View File

@@ -15,7 +15,7 @@ LiveKit Server is an open source project that provides scalable, multi-user conf
The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
- 📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
- 📁 `roles/galaxy/livekit-server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)
## Adjusting firewall rules
@@ -29,43 +29,10 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
- `5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below.
- `30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server.
💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly.
## TURN TLS handling
When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled.
- The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`.
- `livekit_server_config_turn_external_tls` is automatically enabled for this setup.
- Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode.
To opt out and keep TURN TLS termination in LiveKit itself, set:
```yml
livekit_server_config_turn_external_tls: false
```
In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled.
If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before.
Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:
```yml
livekit_server_config_turn_external_tls: true
livekit_server_container_labels_turn_traefik_enabled: true
livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-traffic-entrypoint>"
```
and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.
💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
## Limitations
LiveKit Server's TURN listener behavior depends on where TLS is terminated:
For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
- Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible.
- With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit.
It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).

4
docs/configuring-playbook-matrix-rtc.md
View File

@@ -17,8 +17,8 @@ The Matrix RTC stack is a set of supporting components ([LiveKit Server](configu
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
> [!WARNING]

16
docs/configuring-playbook-prometheus-grafana.md
View File

@@ -83,7 +83,7 @@ See the project's [documentation](https://github.com/martin-helmich/prometheus-n
To enable it, add the following configuration to your `vars.yml` file:
```yaml
prometheus_nginxlog_exporter_enabled: true
matrix_prometheus_nginxlog_exporter_enabled: true
```
If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be created.
@@ -95,8 +95,8 @@ If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be creat
At the moment of writing only images for `amd64` and `arm64` architectures are available. The playbook currently does not support [self-building](./self-building.md) a container image on other architectures. You can however use a custom-build image by setting:
```yaml
prometheus_nginxlog_exporter_container_image_arch_check_enabled: false
prometheus_nginxlog_exporter_container_image: path/to/docker/image:tag
matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
```
### Extending the configuration
@@ -106,7 +106,7 @@ There are some additional things you may wish to configure about Prometheus and
Take a look at:
- [Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `prometheus_configuration_extension_yaml` variable
- `roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
## Adjusting the playbook configuration — Grafana
@@ -178,11 +178,11 @@ Name | Description
`matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.example.com/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials).
`matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs.
`prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network).
`prometheus_node_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
`prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
`prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
`prometheus_postgres_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
`prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
`prometheus_nginxlog_exporter_container_labels_metrics_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
### Expose metrics of other services/roles

47
docs/configuring-playbook-synapse-auto-accept-invite.md
View File

@@ -1,26 +1,45 @@
<!--
SPDX-FileCopyrightText: 2019 Eduardo Beltrame
SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
SPDX-FileCopyrightText: 2020 Tulir Asokan
SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
SPDX-FileCopyrightText: 2022 Dennis Ciba
SPDX-FileCopyrightText: 2022 Vladimir Panteleev
SPDX-FileCopyrightText: 2023 Justin Croonenberghs
SPDX-FileCopyrightText: 2023 Kuba Orlik
SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
SPDX-FileCopyrightText: 2023 Samuel Meenzen
SPDX-FileCopyrightText: 2024 Fabio Bonelli
SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
SPDX-FileCopyrightText: 2024 MDAD project contributors
SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2024 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up Synapse Auto Invite Accept (optional, removed)
# Setting up Synapse Auto Invite Accept (optional)
🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you.
In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you.
**Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.
## Adjusting the playbook configuration
If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true
```
### Synapse worker deployments
In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:
```yaml
matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0'
```
There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
## Native alternative
Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse.
Here's example configuration for using the **native** Synapse feature:
```yaml

2
docs/configuring-playbook-synapse-s3-storage-provider.md
View File

@@ -177,8 +177,6 @@ By default, we periodically ensure that all local files are uploaded to S3 and a
- … invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
- … triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00
The same `migrate` script also prunes empty directories in the local media repository (`remote_content` and `remote_thumbnail`) after upload/delete operations.
So… you don't need to perform any maintenance yourself.
The schedule is defined in the format of systemd timer calendar. To edit the schedule, add the following configuration to your `vars.yml` file (adapt to your needs):

25
docs/configuring-playbook-synapse.md
View File

@@ -76,33 +76,10 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable.
The `matrix-synapse` role also manages the `matrix-synapse-reverse-proxy-companion` component for load-balancing with workers. This component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.
A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.
In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/element-hq/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
### Limit joining heavy rooms on constrained hosts
If your server is underpowered, joining heavy rooms can cause Synapse to consume a lot of resources and be unavailable for long (while it catches up).
To avoid this, Synapse can be configured to reject joins for remote rooms that are too complex before users enter them.
Complexity is computed as `current_state_events / 500` (Synapse state event count for current room state). When the resulting value is higher than `matrix_synapse_limit_remote_rooms_complexity` and `matrix_synapse_limit_remote_rooms_enabled` is `true`, Synapse blocks joining the room.
We recommend using this as a guardrail on low-resource servers:
```yaml
matrix_synapse_limit_remote_rooms_enabled: true
# Tweak as necessary
matrix_synapse_limit_remote_rooms_complexity: 1.0
# Uncomment and tweak if necessary
# matrix_synapse_limit_remote_rooms_complexity_error: "Your homeserver is unable to join rooms this large or complex. Please speak to your server administrator, or upgrade your instance to join this room."
# If you'd like your admins to be exempt from this limit, uncomment the line below
# matrix_synapse_limit_remote_rooms_admins_can_join: true
```
### Synapse + OpenID Connect for Single-Sign-On
💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment.

50
docs/configuring-playbook-turn.md
View File

@@ -13,50 +13,34 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Configuring a TURN server (optional, advanced)
By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default.
By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document.
If you explicitly need coturn while not using Jitsi, enable it with:
```yaml
coturn_enabled: true
```
and configure its IP-related settings in the section below.
If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below.
When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-matrix-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn.
## Adjusting firewall rules
To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:
- `3478/tcp`: STUN/TURN over TCP
- `3478/udp`: STUN/TURN over UDP
- `5349/tcp`: TURN over TCP
- `5349/udp`: TURN over UDP
- `49152-49172/udp`: TURN/UDP relay range
If LiveKit's embedded TURN is enabled at the same time (for MatrixRTC/Element Call), keep the Coturn relay range distinct from LiveKit's relay range (`livekit_server_config_turn_relay_range_start`/`livekit_server_config_turn_relay_range_end`).
💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself.
If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it.
## Adjusting the playbook configuration
### Define public IP manually (optional)
If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:
In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn.
If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server.
```yaml
# You can define multiple IP addresses if your server has multiple external IP addresses
coturn_turn_external_ip_addresses: ["YOUR_PUBLIC_IP"]
coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
```
If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
>[!NOTE]
> You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.
If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
```yaml
# Note: coturn_turn_external_ip_addresses is different than coturn_turn_external_ip_address
coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
```
### Change the authentication mechanism (optional)
The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better.
@@ -135,14 +119,14 @@ Take a look at:
## Disabling coturn
Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it.
To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:
If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:
```yaml
coturn_enabled: false
```
In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail.
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

6
docs/configuring-playbook.md
View File

@@ -87,8 +87,6 @@ Web clients for Matrix that you can host on your own domains.
- [Setting up Cinny](configuring-playbook-client-cinny.md), if you've enabled [Cinny](https://github.com/ajbura/cinny), a web client focusing primarily on simple, elegant and secure interface
- [Setting up Sable](configuring-playbook-client-sable.md), if you've enabled [Sable](https://github.com/7w1/sable), a web client focusing primarily on simple, elegant and secure interface
- [Setting up SchildiChat Web](configuring-playbook-client-schildichat-web.md), if you've enabled [SchildiChat Web](https://schildi.chat/), a web client based on [Element Web](https://element.io/) with some extras and tweaks
- [Setting up FluffyChat Web](configuring-playbook-client-fluffychat-web.md), if you've enabled [FluffyChat Web](https://github.com/krille-chan/fluffychat), a cute cross-platform messenger (web, iOS, Android) for Matrix written in [Flutter](https://flutter.dev/)
@@ -235,6 +233,8 @@ Various services that don't fit any other categories.
- [Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)
- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
- [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers
- [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)
@@ -290,5 +290,3 @@ Various services that don't fit any other categories.
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))
- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))
- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)

3
docs/container-images.md
View File

@@ -39,7 +39,6 @@ Web clients for Matrix that you can host on your own domains.
| [Element Web](configuring-playbook-client-element-web.md) | [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) | ✅ | Default Matrix web client, configured to connect to your own Synapse server |
| [Hydrogen](configuring-playbook-client-hydrogen.md) | [element-hq/hydrogen-web](https://ghcr.io/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support |
| [Cinny](configuring-playbook-client-cinny.md) | [ajbura/cinny](https://hub.docker.com/r/ajbura/cinny) | ❌ | Simple, elegant and secure web client |
| [Sable](configuring-playbook-client-sable.md) | [7w1/sable](https://ghcr.io/7w1/sable) | ❌ | Simple, elegant and secure web client |
| [SchildiChat Web](configuring-playbook-client-schildichat-web.md) | [etke.cc/schildichat-web](https://ghcr.io/etkecc/schildichat-web) | ❌ | Based on Element Web, with a more traditional instant messaging experience |
## Server Components
@@ -150,6 +149,7 @@ Various services that don't fit any other categories.
| Service | Container image | Default? | Description |
| ------- | --------------- | -------- | ----------- |
| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
| [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
| [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
| [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
@@ -185,4 +185,3 @@ The list of the deprecated or unmaintained services is available [here](configur
| [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
| [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
| [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |

27
docs/faq.md
View File

@@ -305,23 +305,18 @@ See [Serving the base domain](configuring-playbook-base-domain-serving.md).
### How do I optimize this setup for a low-power server?
For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md)).
You can disable some not-so-important services to save on memory.
```yaml
# Disabling this will prevent email-notifications and other such things from working.
exim_relay_enabled: false
```
If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
# You can also disable this to save more RAM,
# at the expense of audio/video calls being unreliable.
coturn_enabled: false
#### Synapse-specific optimizations
If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:
```yaml
# This makes Synapse not keep track of who is online/offline.
#
# Keeping track of this and announcing such online-status in federated rooms with
# hundreds of servers inside is insanely heavy (https://github.com/matrix-org/synapse/issues/3971).
#
@@ -329,14 +324,18 @@ If you're using [Synapse](configuring-playbook-synapse.md), you can also conside
matrix_synapse_presence_enabled: false
```
You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:
You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:
```yaml
# See: docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
matrix_synapse_limit_remote_rooms_enabled: true
matrix_synapse_limit_remote_rooms_complexity: 1.0
matrix_synapse_configuration_extension_yaml: |
limit_remote_rooms:
enabled: true
complexity: 1.0 # this limits joining complex (~large) rooms, can be
# increased, but larger values can require more RAM
```
If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
### I already have Docker on my server. Can you stop installing Docker via the playbook?
Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:

1
docs/installing.md
View File

@@ -146,7 +146,6 @@ After completing the installation, you can:
- or learn how to [maintain your server](faq.md#maintenance)
- or join some Matrix rooms:
* via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers.
For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
* or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
- or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))

2
docs/maintenance-synapse.md
View File

@@ -83,8 +83,6 @@ You should then be able to browse the adminer database administration GUI at htt
Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_presence_enabled: false` to your `vars.yml` file.
On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).
[Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.

5
docs/prerequisites.md
View File

@@ -57,7 +57,12 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- `80/tcp`: HTTP webserver
- `443/tcp` and `443/udp`: HTTPS webserver
- `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
- `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
- `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
- the range `49152-49172/udp`: TURN over UDP
- potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.
---------------------------------------------

1
docs/self-building.md
View File

@@ -30,7 +30,6 @@ Possibly outdated list of roles where self-building the Docker image is currentl
- `matrix-client-element`
- `hydrogen`
- `cinny`
- `sable`
- `matrix-registration`
- `coturn`
- `matrix-corporal`

5
examples/hosts
View File

@@ -1,3 +1,6 @@
# We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.
# If you'd rather use a local IP here, make sure to set up `coturn_turn_external_ip_address`.
#
# To connect using a non-root user (and elevate to root with sudo later),
# replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
@@ -15,4 +18,4 @@
# to the host line below.
[matrix_servers]
matrix.example.com ansible_host=<your-server's domain name or IP address> ansible_ssh_user=root
matrix.example.com ansible_host=<your-server's external IP address> ansible_ssh_user=root

25
examples/vars.yml
View File

@@ -1,9 +1,4 @@
---
# This variable acknowledges that you've reviewed breaking changes up to this version.
# The playbook will fail if this is outdated, guiding you through what changed.
# See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
matrix_playbook_migration_validated_version: v2026.03.23.0
# The bare domain name which represents your Matrix identity.
# Matrix user IDs for your server will be of the form (`@alice:example.com`).
#
@@ -58,10 +53,18 @@ devture_systemd_docker_base_ipv6_enabled: true
# The value used here must be shorter than 100 characters.
postgres_connection_password: ''
# You can limit heavy room joins on constrained hosts.
# See:
# docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
# By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.
#
# matrix_synapse_limit_remote_rooms_enabled: true
# matrix_synapse_limit_remote_rooms_complexity: 1.0
# matrix_synapse_limit_remote_rooms_admins_can_join: false
# If `ansible_host` is not the server's external IP address, you have 2 choices:
# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
# 2. Uncomment and adjust the line below to specify an IP address manually
#
# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
# Default values for this are specified in `coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
# (see `roles/galaxy/coturn/defaults/main.yml`).
#
# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
# Example: `coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
#
# coturn_turn_external_ip_address: ''

1
flake.nix
View File

@@ -19,7 +19,6 @@
devShells.default = mkShell {
buildInputs = [
just
mise
ansible
];
shellHook = ''

583
group_vars/matrix_servers
View File

File diff suppressed because it is too large Load Diff

16
i18n/requirements.txt
View File

@@ -1,13 +1,13 @@
alabaster==1.0.0
babel==2.18.0
certifi==2026.2.25
charset-normalizer==3.4.6
certifi==2026.1.4
charset-normalizer==3.4.4
click==8.3.1
docutils==0.22.4
idna==3.11
imagesize==2.0.0
imagesize==1.4.1
Jinja2==3.1.6
linkify-it-py==2.1.0
linkify-it-py==2.0.3
markdown-it-py==4.0.0
MarkupSafe==3.0.3
mdit-py-plugins==0.5.0
@@ -17,17 +17,17 @@ packaging==26.0
Pygments==2.19.2
PyYAML==6.0.3
requests==2.32.5
setuptools==82.0.1
setuptools==82.0.0
snowballstemmer==3.0.1
Sphinx==9.1.0
sphinx-intl==2.3.2
sphinx-markdown-builder==0.6.10
sphinx-markdown-builder==0.6.9
sphinxcontrib-applehelp==2.0.0
sphinxcontrib-devhelp==2.0.0
sphinxcontrib-htmlhelp==2.1.0
sphinxcontrib-jsmath==1.0.1
sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0
tabulate==0.10.0
uc-micro-py==2.0.0
tabulate==0.9.0
uc-micro-py==1.0.3
urllib3==2.6.3

50
justfile
View File

@@ -4,11 +4,6 @@
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# mise (dev tool version manager)
mise_data_dir := env("MISE_DATA_DIR", justfile_directory() / "var/mise")
mise_trusted_config_paths := justfile_directory() / "mise.toml"
prek_home := env("PREK_HOME", justfile_directory() / "var/prek")
# Shows help
default:
@{{ just_executable() }} --list --justfile "{{ justfile() }}"
@@ -44,39 +39,9 @@ update-playbook-only:
@git pull -q
@-git stash pop -q
# Invokes mise with the project-local data directory
mise *args: _ensure_mise_data_directory
#!/bin/sh
export MISE_DATA_DIR="{{ mise_data_dir }}"
export MISE_TRUSTED_CONFIG_PATHS="{{ mise_trusted_config_paths }}"
export MISE_YES=1
export PREK_HOME="{{ prek_home }}"
mise {{ args }}
# Runs prek (pre-commit hooks manager) with the given arguments
prek *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek {{ args }}
# Runs pre-commit hooks on staged files
prek-run-on-staged *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" prek run {{ args }}
# Runs pre-commit hooks on all files
prek-run-on-all *args: _ensure_mise_tools_installed
@{{ just_executable() }} --justfile "{{ justfile() }}" prek run --all-files {{ args }}
# Installs the git pre-commit hook
prek-install-git-pre-commit-hook: _ensure_mise_tools_installed
#!/usr/bin/env sh
set -eu
{{ just_executable() }} --justfile "{{ justfile() }}" mise exec -- prek install
hook="{{ justfile_directory() }}/.git/hooks/pre-commit"
# The installed git hook runs later under Git, outside this just/mise environment.
# Injecting PREK_HOME keeps prek's cache under var/prek instead of a global home dir,
# which is more predictable and works better in sandboxed tools like Codex/OpenCode.
if [ -f "$hook" ] && ! grep -q '^export PREK_HOME=' "$hook"; then
sed -i '2iexport PREK_HOME="{{ prek_home }}"' "$hook"
fi
# Runs ansible-lint against all roles in the playbook
lint:
ansible-lint
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
@@ -119,12 +84,3 @@ stop-group group *extra_args:
# Rebuilds the mautrix-meta-instagram Ansible role using the mautrix-meta-messenger role as a source
rebuild-mautrix-meta-instagram:
/bin/bash "{{ justfile_directory() }}/bin/rebuild-mautrix-meta-instagram.sh" "{{ justfile_directory() }}/roles/custom"
# Internal - ensures var/mise and var/prek directories exist
_ensure_mise_data_directory:
@mkdir -p "{{ mise_data_dir }}"
@mkdir -p "{{ prek_home }}"
# Internal - ensures mise tools are installed
_ensure_mise_tools_installed: _ensure_mise_data_directory
@{{ just_executable() }} --justfile "{{ justfile() }}" mise install --quiet

9
mise.toml
View File

@@ -1,9 +0,0 @@
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
[tools]
prek = "0.3.2"
[settings]
yes = true

48
requirements.yml
View File

@@ -4,20 +4,20 @@
version: v1.0.0-6
name: auxiliary
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
version: v1.4.3-2.1.3-2
version: v1.4.3-2.1.1-0
name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
version: v4.11.1-1
version: v4.10.3-0
name: cinny
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.2-4
version: v0.4.2-3
name: container_socket_proxy
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git
version: v4.9.0-1
version: v4.8.0-1
name: coturn
activation_prefix: coturn_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ddclient.git
version: v4.0.0-2
version: v4.0.0-0
name: ddclient
activation_prefix: ddclient_
- src: git+https://github.com/geerlingguy/ansible-role-docker
@@ -27,25 +27,25 @@
version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.6.1-3
version: v2.6.1-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.99.1-r0-1-0
version: v4.98.1-r0-2-3
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-9
version: v11.6.5-6
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
version: v0.5.1-2
version: v0.5.1-0
name: hydrogen
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10741-2
version: v10741-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.10.0-0
version: v1.9.11-1
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.19.2-1
version: v2.17.0-0
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 8630e4f1749bcb659c412820f754473f09055052
@@ -57,41 +57,35 @@
version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v18.3-1
version: v18.2-1
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-2
version: v18-0
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.10.0-1
version: v3.9.1-0
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
version: v1.10.0-2
name: prometheus_nginxlog_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.10.2-0
version: v1.9.1-13
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.19.1-3
version: v0.19.0-0
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
version: v1.6.0-3
name: sable
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.5.0-0
version: v1.4.1-0
name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v3.2.0-0
version: v3.0.0-1
name: systemd_service_manager
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.1.0-1
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.6.11-3
version: v3.6.8-4
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-5
name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v9.0.3-3
version: v9.0.2-0
name: valkey

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2026.3.18
matrix_alertmanager_receiver_version: 2026.2.11
matrix_alertmanager_receiver_scheme: https

15
roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
View File

@@ -1,5 +1,5 @@
# SPDX-FileCopyrightText: 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2024 - 2026 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
@@ -17,17 +17,16 @@ matrix_appservice_draupnir_for_all_version: "v2.9.0"
matrix_appservice_draupnir_for_all_container_image_self_build: false
matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
matrix_appservice_draupnir_for_all_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream }}"
matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}"
matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}"
matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "gnuxie/draupnir"
matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}"
matrix_appservice_draupnir_for_all_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream }}"
matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default: "docker.io/"
matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config"
matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data"
matrix_appservice_draupnir_for_all_container_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
matrix_appservice_draupnir_for_all_container_network: ""

16
roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
View File

@@ -22,15 +22,15 @@
- {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true}
- {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true}
- {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true}
- {path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
- {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure Draupnir Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_draupnir_for_all_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_container_image_force_pull }}"
force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}"
when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool"
register: matrix_appservice_draupnir_for_all_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -40,8 +40,8 @@
- name: Ensure Draupnir repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}"
dest: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
version: "{{ matrix_appservice_draupnir_for_all_container_image.split(':')[1] }}"
dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -50,12 +50,12 @@
- name: Ensure Draupnir Docker image is built
community.docker.docker_image:
name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
source: build
force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
pull: true
when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"

28
roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
View File

@@ -7,23 +7,6 @@
---
- name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
- {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
- {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_image', 'new': 'matrix_appservice_draupnir_for_all_container_image'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_force_pull', 'new': 'matrix_appservice_draupnir_for_all_container_image_force_pull'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_appservice_draupnir_for_all_docker_src_files_path', 'new': 'matrix_appservice_draupnir_for_all_container_src_files_path'}
- name: Fail if required matrix-bot-draupnir variables are undefined
ansible.builtin.fail:
msg: "The `{{ item }}` variable must be defined and have a non-null value."
@@ -31,3 +14,14 @@
- "matrix_appservice_draupnir_for_all_config_adminRoom"
- "matrix_bot_draupnir_container_network"
when: "lookup('vars', item, default='') == '' or lookup('vars', item, default='') is none"
- name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
- {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}

2
roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
View File

@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_draupnir_for_all_container_image }} \
{{ matrix_appservice_draupnir_for_all_docker_image }} \
appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml
{% for network in matrix_appservice_draupnir_for_all_container_additional_networks %}

15
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 1.14.0
matrix_authentication_service_version: 1.11.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -300,15 +300,6 @@ matrix_authentication_service_config_database_idle_timeout: 600
# Controls the `database.max_lifetime` configuration setting.
matrix_authentication_service_config_database_max_lifetime: 1800
# Controls whether the database connection is made via a UNIX socket.
matrix_authentication_service_config_database_socket_enabled: false
# The path to the Postgres socket's parent directory inside the MAS container.
matrix_authentication_service_config_database_socket_path: "/run-postgres"
# The path to the Postgres socket directory on the host (bind-mount source).
matrix_authentication_service_config_database_socket_path_host: ""
########################################################################################
# #
# /Database configuration #
@@ -622,10 +613,6 @@ matrix_authentication_service_syn2mas_synapse_homeserver_config_path: ""
matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}"
matrix_authentication_service_syn2mas_synapse_database_socket_enabled: false
matrix_authentication_service_syn2mas_synapse_database_socket_path: ""
matrix_authentication_service_syn2mas_synapse_database_socket_path_host: ""
# Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`).
# Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options`
#

20
roles/custom/matrix-authentication-service/tasks/install.yml
View File

@@ -33,25 +33,6 @@
loop_control:
loop_var: private_key_definition
# We intentionally do a single fixup pass here (instead of in `prepare_key.yml`)
# so that we reconcile both newly generated keys and any pre-existing keys with
# incorrect ownership/mode in one place.
#
# This primarily protects against setups where `become_user` is effectively not
# honored (for example due to inventory misconfiguration such as `ansible_become=false`),
# which can lead to host-side key generation creating root-owned files.
#
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
- name: Ensure Matrix Authentication Service private keys have correct ownership and mode
ansible.builtin.file:
path: "{{ matrix_authentication_service_data_keys_path }}/{{ item.key_file }}"
state: file
mode: '0600'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items: "{{ matrix_authentication_service_key_management_list }}"
register: matrix_authentication_service_private_keys_result
- name: Ensure Matrix Authentication Service configuration installed
ansible.builtin.copy:
content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
@@ -136,5 +117,4 @@
or matrix_authentication_service_support_files_result.changed | default(false)
or matrix_authentication_service_systemd_service_result.changed | default(false)
or matrix_authentication_service_container_image_pull_result.changed | default(false)
or matrix_authentication_service_private_keys_result.changed | default(false)
}}

6
roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
View File

@@ -71,12 +71,6 @@
--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro
--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro
--mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro
{% if matrix_authentication_service_config_database_socket_enabled %}
--mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }}
{% endif %}
{% if matrix_authentication_service_syn2mas_synapse_database_socket_enabled and (not matrix_authentication_service_config_database_socket_enabled or matrix_authentication_service_syn2mas_synapse_database_socket_path != matrix_authentication_service_config_database_socket_path) %}
--mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_database_socket_path_host }},dst={{ matrix_authentication_service_syn2mas_synapse_database_socket_path }}
{% endif %}
{{ matrix_authentication_service_container_image }}
syn2mas
--synapse-config=/homeserver.yaml

3
roles/custom/matrix-authentication-service/tasks/validate_config.yml
View File

@@ -14,8 +14,7 @@
- {'name': 'matrix_authentication_service_hostname', when: true}
- {'name': 'matrix_authentication_service_config_database_username', when: true}
- {'name': 'matrix_authentication_service_config_database_password', when: true}
- {'name': 'matrix_authentication_service_config_database_host', when: "{{ not matrix_authentication_service_config_database_socket_enabled }}"}
- {'name': 'matrix_authentication_service_config_database_socket_path_host', when: "{{ matrix_authentication_service_config_database_socket_enabled }}"}
- {'name': 'matrix_authentication_service_config_database_host', when: true}
- {'name': 'matrix_authentication_service_config_database_database', when: true}
- {'name': 'matrix_authentication_service_config_secrets_encryption', when: true}
- {'name': 'matrix_authentication_service_config_matrix_homeserver', when: true}

3
roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2
View File

@@ -28,9 +28,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--label-file={{ matrix_authentication_service_config_path }}/labels \
--mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro \
--mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro \
{% if matrix_authentication_service_config_database_socket_enabled %}
--mount type=bind,src={{ matrix_authentication_service_config_database_socket_path_host }},dst={{ matrix_authentication_service_config_database_socket_path }} \
{% endif %}
{% for arg in matrix_authentication_service_container_extra_arguments %}
{{ arg }} \
{% endfor %}

38
roles/custom/matrix-base/defaults/main.yml
View File

@@ -92,10 +92,6 @@ matrix_homeserver_enabled: true
# Note that the homeserver implementation of a server will not be able to be changed without data loss.
matrix_homeserver_implementation: synapse
# The priority that the homeserver starts with (lower = starts earlier).
# Related to the systemd_service_manager role and `devture_systemd_service_manager_services_list*` variables.
matrix_homeserver_systemd_service_manager_priority: 1000
# This contains a secret, which is used for generating various other secrets later on.
matrix_homeserver_generic_secret_key: ''
@@ -116,9 +112,6 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
# This is where you access the Cinny web client from (if enabled via cinny_enabled; disabled by default).
matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
# This is where you access the Sable web client from (if enabled via sable_enabled; disabled by default).
matrix_server_fqn_sable: "sable.{{ matrix_domain }}"
# This is where you access the SchildiChat Web from (if enabled via matrix_client_schildichat_enabled; disabled by default).
matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
@@ -246,21 +239,6 @@ matrix_integration_manager_ui_url: ~
matrix_homeserver_container_extra_arguments_auto: []
matrix_homeserver_app_service_config_files_auto: []
# These playbook-level helpers describe which managed services Synapse should be wired to.
# They are meant for orchestration concerns like container networking and systemd ordering,
# while `matrix_synapse_*` variables stay focused on actual connection parameters.
# These likely get overridden elsewhere.
matrix_playbook_synapse_uses_managed_postgres: false
matrix_playbook_synapse_uses_managed_valkey: false
matrix_playbook_synapse_auto_compressor_uses_managed_postgres: false
# This playbook-level helper describes whether Matrix Authentication Service should be wired
# to the playbook-managed Postgres instance.
# It is meant for orchestration concerns like container networking, systemd ordering, and database creation,
# while `matrix_authentication_service_*` variables stay focused on actual connection parameters.
# This likely gets overridden elsewhere.
matrix_playbook_matrix_authentication_service_uses_managed_postgres: false
# Controls whether various services should expose metrics publicly.
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
matrix_metrics_exposure_enabled: false
@@ -415,22 +393,6 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition:
host_bind_port: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port }}"
config: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config }}"
# Controls whether to enable an additional Traefik entrypoint for LiveKit TURN/TLS (TCP) traffic.
matrix_playbook_livekit_turn_traefik_entrypoint_enabled: false
matrix_playbook_livekit_turn_traefik_entrypoint_name: matrix-livekit-turn
matrix_playbook_livekit_turn_traefik_entrypoint_port: 5350
matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
matrix_playbook_livekit_turn_traefik_entrypoint_config: "{{ (matrix_playbook_livekit_turn_traefik_entrypoint_config_default | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_auto)) | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_custom, recursive=True) }}"
matrix_playbook_livekit_turn_traefik_entrypoint_config_default: {}
matrix_playbook_livekit_turn_traefik_entrypoint_config_auto: {}
matrix_playbook_livekit_turn_traefik_entrypoint_config_custom: {}
matrix_playbook_livekit_turn_traefik_entrypoint_definition:
name: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_name }}"
port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port }}"
config: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_config }}"
# Variables to Control which parts of our roles run.
run_postgres_import: true
run_postgres_upgrade: true

26
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.16.1
matrix_bot_baibot_version: v1.14.1
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -59,28 +59,8 @@ matrix_bot_baibot_config_homeserver_url: ""
# so it can start fresh.
matrix_bot_baibot_config_user_mxid_localpart: baibot
# Authentication settings (`user.*` configuration keys).
#
# baibot supports 2 mutually-exclusive authentication modes.
# Set EITHER:
# - password authentication: `matrix_bot_baibot_config_user_password`
# OR:
# - access-token authentication: `matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`
#
# Password authentication is recommended for most playbook-managed deployments,
# because it integrates with the `matrix-user-creator` role and can auto-create
# the bot account (via the `ensure-matrix-users-created` playbook tag).
# This remains true even on many MAS-enabled deployments where the bot account
# is local and playbook-managed.
# Controls the `user.password` configuration setting.
matrix_bot_baibot_config_user_password: null
# Controls the `user.access_token` configuration setting.
matrix_bot_baibot_config_user_access_token: null
# Controls the `user.device_id` configuration setting.
matrix_bot_baibot_config_user_device_id: null
matrix_bot_baibot_config_user_password: ''
# Controls the `user.name` configuration setting.
#
@@ -405,7 +385,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5.4
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-5.2
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"

53
roles/custom/matrix-bot-baibot/tasks/validate_config.yml
View File

@@ -12,6 +12,7 @@
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
with_items:
- {'name': 'matrix_bot_baibot_config_user_mxid_localpart', when: true}
- {'name': 'matrix_bot_baibot_config_user_password', when: true}
- {'name': 'matrix_bot_baibot_container_network', when: true}
- {'name': 'matrix_bot_baibot_config_homeserver_url', when: true}
@@ -25,58 +26,6 @@
- {'name': 'matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key', when: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_enabled }}"}
- name: Fail if baibot authentication mode is not configured
ansible.builtin.fail:
msg: >-
You need to configure one baibot authentication mode:
either `matrix_bot_baibot_config_user_password`
or (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`).
when: >-
(
matrix_bot_baibot_config_user_password | default('', true) | string | length == 0
)
and
(
matrix_bot_baibot_config_user_access_token | default('', true) | string | length == 0
and matrix_bot_baibot_config_user_device_id | default('', true) | string | length == 0
)
- name: Fail if baibot authentication mode is configured ambiguously
ansible.builtin.fail:
msg: >-
You need to configure exactly one baibot authentication mode.
Set either `matrix_bot_baibot_config_user_password`,
or (`matrix_bot_baibot_config_user_access_token` + `matrix_bot_baibot_config_user_device_id`) but not both.
when: >-
(
matrix_bot_baibot_config_user_password | default('', true) | string | length > 0
)
and
(
matrix_bot_baibot_config_user_access_token | default('', true) | string | length > 0
or matrix_bot_baibot_config_user_device_id | default('', true) | string | length > 0
)
- name: Fail if baibot access token authentication is incomplete
ansible.builtin.fail:
msg: >-
Access-token authentication requires both
`matrix_bot_baibot_config_user_access_token` and `matrix_bot_baibot_config_user_device_id`.
when: >-
(
matrix_bot_baibot_config_user_password | default('', true) | string | length == 0
)
and
(
matrix_bot_baibot_config_user_access_token | default('', true) | string | length > 0
or matrix_bot_baibot_config_user_device_id | default('', true) | string | length > 0
)
and
(
matrix_bot_baibot_config_user_access_token | default('', true) | string | length == 0
or matrix_bot_baibot_config_user_device_id | default('', true) | string | length == 0
)
- name: Fail if admin patterns list is empty
ansible.builtin.fail:
msg: >-

4
roles/custom/matrix-bot-baibot/templates/config.yaml.j2
View File

@@ -15,11 +15,7 @@ homeserver:
user:
mxid_localpart: {{ matrix_bot_baibot_config_user_mxid_localpart | to_json }}
# Authentication: set EITHER password OR access_token + device_id.
password: {{ matrix_bot_baibot_config_user_password | to_json }}
access_token: {{ matrix_bot_baibot_config_user_access_token | to_json }}
device_id: {{ matrix_bot_baibot_config_user_device_id | to_json }}
# The name the bot uses as a display name and when it refers to itself.
# Leave empty to use the default (baibot).

16
roles/custom/matrix-bot-buscarron/defaults/main.yml
View File

@@ -32,15 +32,15 @@ matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store"
matrix_bot_buscarron_container_image_self_build: false
matrix_bot_buscarron_container_repo: "https://github.com/etkecc/buscarron.git"
matrix_bot_buscarron_container_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_container_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_docker_repo: "https://github.com/etkecc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_container_image: "{{ matrix_bot_buscarron_container_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_container_image_registry_prefix_upstream }}"
matrix_bot_buscarron_container_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_container_image_registry_prefix_upstream_default }}"
matrix_bot_buscarron_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_buscarron_container_image_force_pull: "{{ matrix_bot_buscarron_container_image.endswith(':latest') }}"
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_docker_image_registry_prefix_upstream }}"
matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
matrix_bot_buscarron_docker_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_bot_buscarron_container_network: matrix-bot-buscarron

18
roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
View File

@@ -45,7 +45,7 @@
- {path: "{{ matrix_bot_buscarron_config_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_data_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_container_src_files_path }}", when: true}
- {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure Buscarron support files installed
@@ -62,10 +62,10 @@
- name: Ensure Buscarron image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_container_image }}"
name: "{{ matrix_bot_buscarron_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_buscarron_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_container_image_force_pull }}"
force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
when: "not matrix_bot_buscarron_container_image_self_build | bool"
register: matrix_bot_buscarron_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -74,9 +74,9 @@
- name: Ensure Buscarron repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_buscarron_container_repo }}"
version: "{{ matrix_bot_buscarron_container_repo_version }}"
dest: "{{ matrix_bot_buscarron_container_src_files_path }}"
repo: "{{ matrix_bot_buscarron_docker_repo }}"
version: "{{ matrix_bot_buscarron_docker_repo_version }}"
dest: "{{ matrix_bot_buscarron_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -85,13 +85,13 @@
- name: Ensure Buscarron image is built
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_container_image }}"
name: "{{ matrix_bot_buscarron_docker_image }}"
source: build
force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_buscarron_container_src_files_path }}"
path: "{{ matrix_bot_buscarron_docker_src_files_path }}"
pull: true
when: "matrix_bot_buscarron_container_image_self_build | bool"

8
roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
View File

@@ -17,14 +17,6 @@
- {'old': 'matrix_bot_buscarron_spam_emails', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
- {'old': 'matrix_bot_buscarron_spam_localparts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
- {'old': 'matrix_bot_buscarron_container_image_name_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
- {'old': 'matrix_bot_buscarron_docker_image', 'new': 'matrix_bot_buscarron_container_image'}
- {'old': 'matrix_bot_buscarron_docker_image_force_pull', 'new': 'matrix_bot_buscarron_container_image_force_pull'}
- {'old': 'matrix_bot_buscarron_docker_image_registry_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
- {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_buscarron_docker_repo', 'new': 'matrix_bot_buscarron_container_repo'}
- {'old': 'matrix_bot_buscarron_docker_repo_version', 'new': 'matrix_bot_buscarron_container_repo_version'}
- {'old': 'matrix_bot_buscarron_docker_src_files_path', 'new': 'matrix_bot_buscarron_container_src_files_path'}
- name: Fail if required Buscarron settings not defined
ansible.builtin.fail:

2
roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
View File

@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_bot_buscarron_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_buscarron_container_image }}
{{ matrix_bot_buscarron_docker_image }}
{% for network in matrix_bot_buscarron_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-buscarron

15
roles/custom/matrix-bot-draupnir/defaults/main.yml
View File

@@ -1,5 +1,5 @@
# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2023 - 2026 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
# SPDX-FileCopyrightText: 2023 Samuel Meenzen
# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
#
@@ -17,17 +17,16 @@ matrix_bot_draupnir_version: "v2.9.0"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}{{ matrix_bot_draupnir_container_image_registry_namespace_identifier }}:{{ matrix_bot_draupnir_version }}"
matrix_bot_draupnir_container_image_registry_namespace_identifier: "gnuxie/draupnir"
matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}"
matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"
matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}"
matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
matrix_bot_draupnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_docker_image_registry_prefix_upstream }}"
matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
matrix_bot_draupnir_docker_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
matrix_bot_draupnir_container_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}" # noqa var-naming

16
roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
View File

@@ -22,7 +22,7 @@
- {path: "{{ matrix_bot_draupnir_base_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_config_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_data_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_container_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
- {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure matrix-bot-draupnir support files installed
@@ -39,10 +39,10 @@
- name: Ensure Draupnir Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_draupnir_container_image }}"
name: "{{ matrix_bot_draupnir_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_draupnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_container_image_force_pull }}"
force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}"
when: "not matrix_bot_draupnir_container_image_self_build | bool"
register: matrix_bot_draupnir_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,8 +52,8 @@
- name: Ensure Draupnir repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}"
dest: "{{ matrix_bot_draupnir_container_src_files_path }}"
version: "{{ matrix_bot_draupnir_container_image.split(':')[1] }}"
dest: "{{ matrix_bot_draupnir_docker_src_files_path }}"
version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -62,12 +62,12 @@
- name: Ensure Draupnir Docker image is built
community.docker.docker_image:
name: "{{ matrix_bot_draupnir_container_image }}"
name: "{{ matrix_bot_draupnir_docker_image }}"
source: build
force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_draupnir_container_src_files_path }}"
path: "{{ matrix_bot_draupnir_docker_src_files_path }}"
pull: true
when: "matrix_bot_draupnir_container_image_self_build | bool"

6
roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
View File

@@ -31,12 +31,6 @@
- {'old': 'matrix_bot_draupnir_container_labels_traefik_entrypoints', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints'}
- {'old': 'matrix_bot_draupnir_container_labels_traefik_tls', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls'}
- {'old': 'matrix_bot_draupnir_container_labels_traefik_tls_certResolver', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver'}
- {'old': 'matrix_bot_draupnir_docker_image', 'new': 'matrix_bot_draupnir_container_image'}
- {'old': 'matrix_bot_draupnir_docker_image_force_pull', 'new': 'matrix_bot_draupnir_container_image_force_pull'}
- {'old': 'matrix_bot_draupnir_docker_image_registry_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
- {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_draupnir_docker_src_files_path', 'new': 'matrix_bot_draupnir_container_src_files_path'}
- name: Fail if required matrix-bot-draupnir variables are undefined
ansible.builtin.fail:

2
roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
View File

@@ -33,7 +33,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_bot_draupnir_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_draupnir_container_image }} \
{{ matrix_bot_draupnir_docker_image }} \
bot --draupnir-config /data/config/production.yaml
{% for network in matrix_bot_draupnir_container_additional_networks %}

18
roles/custom/matrix-bot-honoroit/defaults/main.yml
View File

@@ -25,17 +25,17 @@ matrix_bot_honoroit_path_prefix: /
matrix_bot_honoroit_metrics_path: /metrics
matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_container_repo: "https://github.com/etkecc/honoroit.git"
matrix_bot_honoroit_container_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_container_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_docker_repo: "https://github.com/etkecc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
matrix_bot_honoroit_version: v0.9.30
matrix_bot_honoroit_container_image: "{{ matrix_bot_honoroit_container_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_container_image_registry_prefix_upstream }}"
matrix_bot_honoroit_container_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_container_image_registry_prefix_upstream_default }}"
matrix_bot_honoroit_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_honoroit_container_image_force_pull: "{{ matrix_bot_honoroit_container_image.endswith(':latest') }}"
matrix_bot_honoroit_version: v0.9.29
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"
matrix_bot_honoroit_docker_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"

18
roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
View File

@@ -47,7 +47,7 @@
- {path: "{{ matrix_bot_honoroit_config_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_container_src_files_path }}", when: true}
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure Honoroit support files installed
@@ -64,10 +64,10 @@
- name: Ensure Honoroit image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_container_image }}"
name: "{{ matrix_bot_honoroit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_honoroit_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_force_pull }}"
force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
when: "not matrix_bot_honoroit_container_image_self_build | bool"
register: matrix_bot_honoroit_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -76,9 +76,9 @@
- name: Ensure Honoroit repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_honoroit_container_repo }}"
version: "{{ matrix_bot_honoroit_container_repo_version }}"
dest: "{{ matrix_bot_honoroit_container_src_files_path }}"
repo: "{{ matrix_bot_honoroit_docker_repo }}"
version: "{{ matrix_bot_honoroit_docker_repo_version }}"
dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -87,13 +87,13 @@
- name: Ensure Honoroit image is built
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_container_image }}"
name: "{{ matrix_bot_honoroit_docker_image }}"
source: build
force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_self_build.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_honoroit_container_src_files_path }}"
path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
pull: true
when: "matrix_bot_honoroit_container_image_self_build | bool"

26
roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
View File

@@ -6,23 +6,6 @@
---
- name: (Deprecation) Catch and report renamed Honoroit settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
- {'old': 'matrix_bot_honoroit_docker_image', 'new': 'matrix_bot_honoroit_container_image'}
- {'old': 'matrix_bot_honoroit_docker_image_force_pull', 'new': 'matrix_bot_honoroit_container_image_force_pull'}
- {'old': 'matrix_bot_honoroit_docker_image_registry_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
- {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_honoroit_docker_repo', 'new': 'matrix_bot_honoroit_container_repo'}
- {'old': 'matrix_bot_honoroit_docker_repo_version', 'new': 'matrix_bot_honoroit_container_repo_version'}
- {'old': 'matrix_bot_honoroit_docker_src_files_path', 'new': 'matrix_bot_honoroit_container_src_files_path'}
- name: Fail if required Honoroit settings not defined
ansible.builtin.fail:
msg: >-
@@ -33,3 +16,12 @@
- {'name': 'matrix_bot_honoroit_password', when: true}
- {'name': 'matrix_bot_honoroit_roomid', when: true}
- {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed Honoroit settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}

2
roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
View File

@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_bot_honoroit_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_honoroit_container_image }}
{{ matrix_bot_honoroit_docker_image }}
{% for network in matrix_bot_honoroit_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-honoroit

20
roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
View File

@@ -14,19 +14,19 @@
matrix_bot_matrix_registration_bot_enabled: true
matrix_bot_matrix_registration_bot_container_image_self_build: false
matrix_bot_matrix_registration_bot_container_repo: "https://github.com/moan0s/matrix-registration-bot.git"
matrix_bot_matrix_registration_bot_container_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
matrix_bot_matrix_registration_bot_container_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
# renovate: datasource=docker depName=moanos/matrix-registration-bot
matrix_bot_matrix_registration_bot_version: 1.3.0
matrix_bot_matrix_registration_bot_container_iteration: 0
matrix_bot_matrix_registration_bot_container_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_container_iteration }}"
matrix_bot_matrix_registration_bot_container_image: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_container_tag }}"
matrix_bot_matrix_registration_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream }}"
matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default }}"
matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_matrix_registration_bot_container_image_force_pull: "{{ matrix_bot_matrix_registration_bot_container_image.endswith(':latest') }}"
matrix_bot_matrix_registration_bot_docker_iteration: 0
matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration }}"
matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
matrix_bot_matrix_registration_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream }}"
matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default }}"
matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"

18
roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
View File

@@ -18,7 +18,7 @@
with_items:
- {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
- {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
- {path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
- {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure matrix-registration-bot configuration file created
@@ -32,10 +32,10 @@
- name: Ensure matrix-registration-bot image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_registration_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_container_image_force_pull }}"
force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}"
when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool"
register: matrix_bot_matrix_registration_bot_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -46,9 +46,9 @@
block:
- name: Ensure matrix-registration-bot repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_matrix_registration_bot_container_repo }}"
version: "{{ matrix_bot_matrix_registration_bot_container_repo_version }}"
dest: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}"
version: "{{ matrix_bot_matrix_registration_bot_docker_repo_version }}"
dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -56,13 +56,13 @@
- name: Ensure matrix-registration-bot image is built
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
pull: true
- name: Ensure matrix-registration-bot container network is created

28
roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
View File

@@ -6,6 +6,15 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "lookup('vars', item, default='') == ''"
with_items:
- "matrix_bot_matrix_registration_bot_bot_password"
- "matrix_bot_matrix_registration_bot_api_base_url"
- name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
@@ -15,22 +24,3 @@
with_items:
- {'old': 'matrix_bot_matrix_registration_bot_bot_access_token', 'new': '<removed>'}
- {'old': 'matrix_bot_matrix_registration_bot_matrix_homeserver_url', 'new': 'matrix_bot_matrix_registration_bot_api_base_url'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_image', 'new': 'matrix_bot_matrix_registration_bot_container_image'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_registration_bot_container_image_force_pull'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_iteration', 'new': 'matrix_bot_matrix_registration_bot_container_iteration'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_repo', 'new': 'matrix_bot_matrix_registration_bot_container_repo'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_repo_version', 'new': 'matrix_bot_matrix_registration_bot_container_repo_version'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_registration_bot_container_src_files_path'}
- {'old': 'matrix_bot_matrix_registration_bot_docker_tag', 'new': 'matrix_bot_matrix_registration_bot_container_tag'}
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "lookup('vars', item, default='') == ''"
with_items:
- "matrix_bot_matrix_registration_bot_bot_password"
- "matrix_bot_matrix_registration_bot_api_base_url"

2
roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
View File

@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
--network={{ matrix_bot_matrix_registration_bot_container_network }} \
{{ matrix_bot_matrix_registration_bot_container_image }}
{{ matrix_bot_matrix_registration_bot_docker_image }}
{% for network in matrix_bot_matrix_registration_bot_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-matrix-registration-bot

16
roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
View File

@@ -15,17 +15,17 @@
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_container_image_self_build: false
matrix_bot_matrix_reminder_bot_container_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
matrix_bot_matrix_reminder_bot_container_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_container_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
# renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot
matrix_bot_matrix_reminder_bot_version: v0.4.0
matrix_bot_matrix_reminder_bot_container_image: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream }}"
matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default }}"
matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_matrix_reminder_bot_container_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_container_image.endswith(':latest') }}"
matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}"
matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"
matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config"

18
roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
View File

@@ -49,15 +49,15 @@
- {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true}
- {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true}
- {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true}
- {path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}", when: true}
- {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure matrix-reminder-bot image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_reminder_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_container_image_force_pull }}"
force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool"
register: matrix_bot_matrix_reminder_bot_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -66,9 +66,9 @@
- name: Ensure matrix-reminder-bot repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_matrix_reminder_bot_container_repo }}"
version: "{{ matrix_bot_matrix_reminder_bot_container_repo_version }}"
dest: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}"
version: "{{ matrix_bot_matrix_reminder_bot_docker_repo_version }}"
dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -77,13 +77,13 @@
- name: Ensure matrix-reminder-bot image is built
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_git_pull_results.changed }}"
build:
dockerfile: docker/Dockerfile
path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
pull: true
when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool"

28
roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
View File

@@ -6,24 +6,6 @@
---
- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
- {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_image', 'new': 'matrix_bot_matrix_reminder_bot_container_image'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_reminder_bot_container_image_force_pull'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_repo', 'new': 'matrix_bot_matrix_reminder_bot_container_repo'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_repo_version', 'new': 'matrix_bot_matrix_reminder_bot_container_repo_version'}
- {'old': 'matrix_bot_matrix_reminder_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_reminder_bot_container_src_files_path'}
- name: Fail if required matrix-reminder-bot settings not defined
ansible.builtin.fail:
msg: >-
@@ -35,3 +17,13 @@
- {'name': 'matrix_bot_matrix_reminder_bot_container_network', when: true}
- {'name': 'matrix_bot_matrix_reminder_bot_matrix_homeserver_url', when: true}
- {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
- {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}

2
roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
View File

@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_matrix_reminder_bot_container_image }} \
{{ matrix_bot_matrix_reminder_bot_docker_image }} \
-c "matrix-reminder-bot /config/config.yaml"
{% for network in matrix_bot_matrix_reminder_bot_container_additional_networks %}

44
roles/custom/matrix-bot-maubot/defaults/main.yml
View File

@@ -26,37 +26,37 @@ matrix_bot_maubot_hostname: ''
matrix_bot_maubot_path_prefix: /_matrix/maubot
matrix_bot_maubot_container_image_self_build: false
matrix_bot_maubot_container_repo: "https://mau.dev/maubot/maubot.git"
matrix_bot_maubot_container_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
# renovate: datasource=docker depName=dock.mau.dev/maubot/maubot
matrix_bot_maubot_version: v0.6.0
matrix_bot_maubot_container_image: "{{ matrix_bot_maubot_container_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_container_image_registry_prefix_upstream }}"
matrix_bot_maubot_container_image_registry_prefix_upstream: "{{ matrix_bot_maubot_container_image_registry_prefix_upstream_default }}"
matrix_bot_maubot_container_image_registry_prefix_upstream_default: "dock.mau.dev/"
matrix_bot_maubot_container_image_force_pull: "{{ matrix_bot_maubot_container_image.endswith(':latest') }}"
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_docker_image_registry_prefix_upstream }}"
matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}"
matrix_bot_maubot_docker_image_registry_prefix_upstream_default: "dock.mau.dev/"
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
# matrix_bot_maubot_container_image_customized is the name of the locally built maubot image
# matrix_bot_maubot_docker_image_customized is the name of the locally built maubot image
# which adds various customizations on top of the original (upstream) maubot image.
# This image will be based on the upstream `matrix_bot_maubot_container_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
matrix_bot_maubot_container_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"
# This image will be based on the upstream `matrix_bot_maubot_docker_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
matrix_bot_maubot_docker_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"
# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be force-built without layer caching enabled.
matrix_bot_maubot_container_image_customized_build_nocache: false
# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be force-built without layer caching enabled.
matrix_bot_maubot_docker_image_customized_build_nocache: false
# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be built, even if it already exists.
# Related to: matrix_bot_maubot_container_image_customized_build_nocache
matrix_bot_maubot_container_image_customized_force_source: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"
# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be built, even if it already exists.
# Related to: matrix_bot_maubot_docker_image_customized_build_nocache
matrix_bot_maubot_docker_image_customized_force_source: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
# matrix_bot_maubot_container_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
matrix_bot_maubot_container_image_final: "{{ matrix_bot_maubot_container_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_container_image }} "
# matrix_bot_maubot_docker_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
matrix_bot_maubot_docker_image_final: "{{ matrix_bot_maubot_docker_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_docker_image }} "
matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data"
matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config"
matrix_bot_maubot_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
matrix_bot_maubot_customized_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
matrix_bot_maubot_customized_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
matrix_bot_maubot_bot_server_public_url: "{{ matrix_bot_maubot_scheme }}://{{ matrix_bot_maubot_hostname }}"
matrix_bot_maubot_bot_server_base_path: "{{ matrix_bot_maubot_path_prefix }}/v1"
@@ -124,12 +124,12 @@ matrix_bot_maubot_container_additional_networks_custom: []
# See:
# - `roles/custom/matrix-bot-maubot/templates/maubot/customizations/Dockerfile.j2`
# - `matrix_bot_maubot_container_image_customizations_dockerfile_body_custom`
# - `matrix_bot_maubot_container_image_customized`
# - `matrix_bot_maubot_container_image_final`
# - `matrix_bot_maubot_docker_image_customized`
# - `matrix_bot_maubot_docker_image_final`
matrix_bot_maubot_container_image_customizations_enabled: false
# matrix_bot_maubot_container_image_customizations_dockerfile_body contains your custom Dockerfile steps
# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_container_image`).
# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_docker_image`).
# A `FROM …` clause is included automatically so you don't have to.
#
# For this to take effect, you need to enable customizations (`matrix_bot_maubot_container_image_customizations_enabled: true`).

30
roles/custom/matrix-bot-maubot/tasks/setup_install.yml
View File

@@ -23,8 +23,8 @@
- {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true}
- {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true}
- {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true}
- {path: "{{ matrix_bot_maubot_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
- {path: "{{ matrix_bot_maubot_customized_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
- {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
- {path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
when: "item.when|bool"
- name: Ensure maubot configuration file created
@@ -38,10 +38,10 @@
- name: Ensure maubot image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_maubot_container_image }}"
name: "{{ matrix_bot_maubot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_maubot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_container_image_force_pull }}"
force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}"
when: "not matrix_bot_maubot_container_image_self_build|bool"
register: matrix_bot_maubot_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,9 +52,9 @@
block:
- name: Ensure maubot repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_maubot_container_repo }}"
version: "{{ matrix_bot_maubot_container_repo_version }}"
dest: "{{ matrix_bot_maubot_container_src_files_path }}"
repo: "{{ matrix_bot_maubot_docker_repo }}"
version: "{{ matrix_bot_maubot_docker_repo_version }}"
dest: "{{ matrix_bot_maubot_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -62,13 +62,13 @@
- name: Ensure maubot image is built
community.docker.docker_image:
name: "{{ matrix_bot_maubot_container_image }}"
name: "{{ matrix_bot_maubot_docker_image }}"
source: build
force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_maubot_container_src_files_path }}"
path: "{{ matrix_bot_maubot_docker_src_files_path }}"
pull: true
- when: "matrix_bot_maubot_container_image_customizations_enabled | bool"
@@ -76,7 +76,7 @@
- name: Ensure customizations Dockerfile is created
ansible.builtin.template:
src: "{{ role_path }}/templates/customizations/Dockerfile.j2"
dest: "{{ matrix_bot_maubot_customized_container_src_files_path }}/Dockerfile"
dest: "{{ matrix_bot_maubot_customized_docker_src_files_path }}/Dockerfile"
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
mode: '0640'
@@ -84,13 +84,13 @@
- name: Ensure customized Docker image for maubot is built
community.docker.docker_image:
name: "{{ matrix_bot_maubot_container_image_customized }}"
name: "{{ matrix_bot_maubot_docker_image_customized }}"
source: build
force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_container_image_customized_force_source }}"
force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_docker_image_customized_force_source }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_maubot_customized_container_src_files_path }}"
nocache: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"
path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}"
nocache: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
- name: Ensure maubot support files installed
ansible.builtin.template:

13
roles/custom/matrix-bot-maubot/tasks/validate_config.yml
View File

@@ -18,19 +18,6 @@
- {'old': 'matrix_bot_maubot_management_interface_http_bind_port', 'new': 'matrix_bot_maubot_container_management_interface_http_bind_port'}
- {'old': 'matrix_bot_maubot_registration_shared_secret', 'new': 'matrix_bot_maubot_homeserver_secret'}
- {'old': 'matrix_bot_maubot_container_image_name_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
- {'old': 'matrix_bot_maubot_docker_image', 'new': 'matrix_bot_maubot_container_image'}
- {'old': 'matrix_bot_maubot_docker_image_customized', 'new': 'matrix_bot_maubot_container_image_customized'}
- {'old': 'matrix_bot_maubot_docker_image_customized_build_nocache', 'new': 'matrix_bot_maubot_container_image_customized_build_nocache'}
- {'old': 'matrix_bot_maubot_docker_image_customized_force_source', 'new': 'matrix_bot_maubot_container_image_customized_force_source'}
- {'old': 'matrix_bot_maubot_docker_image_final', 'new': 'matrix_bot_maubot_container_image_final'}
- {'old': 'matrix_bot_maubot_docker_image_force_pull', 'new': 'matrix_bot_maubot_container_image_force_pull'}
- {'old': 'matrix_bot_maubot_docker_image_registry_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
- {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_maubot_docker_repo', 'new': 'matrix_bot_maubot_container_repo'}
- {'old': 'matrix_bot_maubot_docker_repo_version', 'new': 'matrix_bot_maubot_container_repo_version'}
- {'old': 'matrix_bot_maubot_docker_src_files_path', 'new': 'matrix_bot_maubot_container_src_files_path'}
- {'old': 'matrix_bot_maubot_customized_docker_src_files_path', 'new': 'matrix_bot_maubot_customized_container_src_files_path'}
- name: Fail if required maubot settings not defined
ansible.builtin.fail:

2
roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
View File

@@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: True
FROM {{ matrix_bot_maubot_container_image }}
FROM {{ matrix_bot_maubot_docker_image }}
{{ matrix_bot_maubot_container_image_customizations_dockerfile_body_custom }}

2
roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
View File

@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% if matrix_bot_maubot_container_management_interface_http_bind_port %}
-p {{ matrix_bot_maubot_container_management_interface_http_bind_port }}:{{ matrix_bot_maubot_server_port }} \
{% endif %}
{{ matrix_bot_maubot_container_image_final }} \
{{ matrix_bot_maubot_docker_image_final }} \
python3 -m maubot -c /config/config.yaml --no-update
{% for network in matrix_bot_maubot_container_additional_networks %}

14
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@@ -17,21 +17,21 @@
matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.12.1"
matrix_bot_mjolnir_version: "v1.11.0"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_container_image: "{{ matrix_bot_mjolnir_container_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_container_image_registry_prefix_upstream }}"
matrix_bot_mjolnir_container_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_container_image_registry_prefix_upstream_default }}"
matrix_bot_mjolnir_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_mjolnir_container_image_force_pull: "{{ matrix_bot_mjolnir_container_image.endswith(':latest') }}"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_docker_image_registry_prefix_upstream }}"
matrix_bot_mjolnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default }}"
matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default: "docker.io/"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
matrix_bot_mjolnir_container_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
matrix_bot_mjolnir_container_network: ""

16
roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
View File

@@ -24,15 +24,15 @@
- {path: "{{ matrix_bot_mjolnir_base_path }}", when: true}
- {path: "{{ matrix_bot_mjolnir_config_path }}", when: true}
- {path: "{{ matrix_bot_mjolnir_data_path }}", when: true}
- {path: "{{ matrix_bot_mjolnir_container_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
- {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure mjolnir Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_container_image }}"
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_mjolnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_container_image_force_pull }}"
force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
when: "not matrix_bot_mjolnir_container_image_self_build | bool"
register: matrix_bot_mjolnir_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -42,8 +42,8 @@
- name: Ensure mjolnir repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
dest: "{{ matrix_bot_mjolnir_container_src_files_path }}"
version: "{{ matrix_bot_mjolnir_container_image.split(':')[1] }}"
dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -52,12 +52,12 @@
- name: Ensure mjolnir Docker image is built
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_container_image }}"
name: "{{ matrix_bot_mjolnir_docker_image }}"
source: build
force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_mjolnir_container_src_files_path }}"
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
pull: true
when: "matrix_bot_mjolnir_container_image_self_build | bool"

24
roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
View File

@@ -7,21 +7,6 @@
---
- name: (Deprecation) Catch and report renamed Mjolnir settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
- {'old': 'matrix_bot_mjolnir_docker_image', 'new': 'matrix_bot_mjolnir_container_image'}
- {'old': 'matrix_bot_mjolnir_docker_image_force_pull', 'new': 'matrix_bot_mjolnir_container_image_force_pull'}
- {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
- {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream'}
- {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_bot_mjolnir_docker_src_files_path', 'new': 'matrix_bot_mjolnir_container_src_files_path'}
- name: Fail if required matrix-bot-mjolnir variables are undefined
ansible.builtin.fail:
msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
@@ -41,3 +26,12 @@
with_items:
- {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
when: "item.when | bool and not (lookup('vars', item.name, default='') == '' or lookup('vars', item.name, default='') is none)"
- name: (Deprecation) Catch and report renamed Mjolnir settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}

2
roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
View File

@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_bot_mjolnir_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_mjolnir_container_image }} \
{{ matrix_bot_mjolnir_docker_image }} \
bot --mjolnir-config /data/config/production.yaml
{% for network in matrix_bot_mjolnir_container_additional_networks %}

10
roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
View File

@@ -20,11 +20,11 @@ matrix_appservice_discord_container_image_self_build: false
# renovate: datasource=docker depName=ghcr.io/matrix-org/matrix-appservice-discord
matrix_appservice_discord_version: v4.0.0
matrix_appservice_discord_container_image: "{{ matrix_appservice_discord_container_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
matrix_appservice_discord_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_container_image_registry_prefix_upstream }}"
matrix_appservice_discord_container_image_registry_prefix_upstream: "{{ matrix_appservice_discord_container_image_registry_prefix_upstream_default }}"
matrix_appservice_discord_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_appservice_discord_container_image_force_pull: "{{ matrix_appservice_discord_container_image.endswith(':latest') }}"
matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
matrix_appservice_discord_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_docker_image_registry_prefix_upstream }}"
matrix_appservice_discord_docker_image_registry_prefix_upstream: "{{ matrix_appservice_discord_docker_image_registry_prefix_upstream_default }}"
matrix_appservice_discord_docker_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
matrix_appservice_discord_config_path: "{{ matrix_base_data_path }}/appservice-discord/config"

8
roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@@ -42,10 +42,10 @@
- name: Ensure Appservice Discord image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_discord_container_image }}"
name: "{{ matrix_appservice_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_discord_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_container_image_force_pull }}"
force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}"
register: matrix_appservice_discord_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -115,7 +115,7 @@
--cap-drop=ALL
--mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg
-w /cfg
{{ matrix_appservice_discord_container_image }}
{{ matrix_appservice_discord_docker_image }}
/bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link"
changed_when: false

25
roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
View File

@@ -5,21 +5,6 @@
---
- name: (Deprecation) Catch and report renamed appservice-discord variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
- {'old': 'matrix_appservice_discord_docker_image', 'new': 'matrix_appservice_discord_container_image'}
- {'old': 'matrix_appservice_discord_docker_image_force_pull', 'new': 'matrix_appservice_discord_container_image_force_pull'}
- {'old': 'matrix_appservice_discord_docker_image_registry_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
- {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream'}
- {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream_default'}
- name: Fail if required appservice-discord settings not defined
ansible.builtin.fail:
msg: >-
@@ -34,6 +19,16 @@
- {'name': 'matrix_appservice_discord_container_network', when: true}
- {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed appservice-discord variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_docker_image_registry_prefix'}
- name: Require a valid database engine
ansible.builtin.fail:
msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'"

2
roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View File

@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_appservice_discord_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_discord_container_image }} \
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
{% for network in matrix_appservice_discord_container_additional_networks %}

18
roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
View File

@@ -26,20 +26,20 @@
matrix_appservice_irc_enabled: true
matrix_appservice_irc_container_image_self_build: false
matrix_appservice_irc_container_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_container_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
matrix_appservice_irc_container_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below.
# renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-irc
matrix_appservice_irc_version: 4.0.0
matrix_appservice_irc_container_image: "{{ matrix_appservice_irc_container_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_container_image_tag }}"
matrix_appservice_irc_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_container_image_registry_prefix_upstream }}"
matrix_appservice_irc_container_image_registry_prefix_upstream: "{{ matrix_appservice_irc_container_image_registry_prefix_upstream_default }}"
matrix_appservice_irc_container_image_registry_prefix_upstream_default: docker.io/
matrix_appservice_irc_container_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_container_image_force_pull: "{{ matrix_appservice_irc_container_image.endswith(':latest') }}"
matrix_appservice_irc_docker_image: "{{ matrix_appservice_irc_docker_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
matrix_appservice_irc_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_docker_image_registry_prefix_upstream }}"
matrix_appservice_irc_docker_image_registry_prefix_upstream: "{{ matrix_appservice_irc_docker_image_registry_prefix_upstream_default }}"
matrix_appservice_irc_docker_image_registry_prefix_upstream_default: docker.io/
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"

2
roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
View File

@@ -58,7 +58,7 @@
{% endif %}
--mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
--entrypoint=/bin/sh
{{ matrix_appservice_irc_container_image }}
{{ matrix_appservice_irc_docker_image }}
-c
'/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}'
register: matrix_appservice_irc_import_nedb_to_postgres_result

22
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@@ -29,7 +29,7 @@
- {path: "{{ matrix_appservice_irc_base_path }}", when: true}
- {path: "{{ matrix_appservice_irc_config_path }}", when: true}
- {path: "{{ matrix_appservice_irc_data_path }}", when: true}
- {path: "{{ matrix_appservice_irc_container_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
- {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
when: item.when | bool
- name: Check if an old passkey file already exists
@@ -81,10 +81,10 @@
- name: Ensure Appservice IRC image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_irc_container_image }}"
name: "{{ matrix_appservice_irc_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_container_image_force_pull }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool"
register: matrix_appservice_irc_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -93,9 +93,9 @@
- name: Ensure matrix-appservice-irc repository is present when self-building
ansible.builtin.git:
repo: "{{ matrix_appservice_irc_container_repo }}"
version: "{{ matrix_appservice_irc_container_repo_version }}"
dest: "{{ matrix_appservice_irc_container_src_files_path }}"
repo: "{{ matrix_appservice_irc_docker_repo }}"
version: "{{ matrix_appservice_irc_docker_repo_version }}"
dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
@@ -104,13 +104,13 @@
- name: Ensure matrix-appservice-irc Docker image is built
community.docker.docker_image:
name: "{{ matrix_appservice_irc_container_image }}"
name: "{{ matrix_appservice_irc_docker_image }}"
source: build
force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_container_src_files_path }}"
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: true
when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool and matrix_appservice_irc_git_pull_results.changed"
@@ -149,7 +149,7 @@
- name: Generate IRC appservice signing key for authenticated media
community.docker.docker_container:
name: "create-auth-media-jwk-key"
image: "{{ matrix_appservice_irc_container_image }}"
image: "{{ matrix_appservice_irc_docker_image }}"
cleanup: true
network_mode: none
entrypoint: "/usr/local/bin/node"
@@ -210,7 +210,7 @@
--mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config
--mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
--entrypoint=/bin/bash
{{ matrix_appservice_irc_container_image }}
{{ matrix_appservice_irc_docker_image }}
-c
'node app.js
-r

34
roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
View File

@@ -6,27 +6,6 @@
---
- name: (Deprecation) Catch and report renamed appservice-irc variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
- {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
- {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
- {'old': 'matrix_appservice_irc_docker_image', 'new': 'matrix_appservice_irc_container_image'}
- {'old': 'matrix_appservice_irc_docker_image_force_pull', 'new': 'matrix_appservice_irc_container_image_force_pull'}
- {'old': 'matrix_appservice_irc_docker_image_registry_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
- {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream'}
- {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_appservice_irc_docker_image_tag', 'new': 'matrix_appservice_irc_container_image_tag'}
- {'old': 'matrix_appservice_irc_docker_repo', 'new': 'matrix_appservice_irc_container_repo'}
- {'old': 'matrix_appservice_irc_docker_repo_version', 'new': 'matrix_appservice_irc_container_repo_version'}
- {'old': 'matrix_appservice_irc_docker_src_files_path', 'new': 'matrix_appservice_irc_container_src_files_path'}
- name: Fail if required appservice-irc settings not defined
ansible.builtin.fail:
msg: >-
@@ -46,7 +25,6 @@
# we'd fail generating the registration.yaml file with a non-helpful error.
#
# This is a safety check to ensure we fail earlier and in a nicer way.
- name: Fail if no additional configuration provided
ansible.builtin.fail:
msg: >-
@@ -56,6 +34,18 @@
Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
when: "matrix_appservice_irc_configuration.ircService.servers | length == 0"
- name: (Deprecation) Catch and report renamed appservice-irc variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
- {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
- name: Fail if matrix_appservice_irc_ircService_mediaProxy_publicUrl_pathPrefix does not start with a slash
ansible.builtin.fail:
msg: >-

2
roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
View File

@@ -36,7 +36,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{{ arg }} \
{% endfor %}
--entrypoint=/bin/bash \
{{ matrix_appservice_irc_container_image }} \
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
{% for network in matrix_appservice_irc_container_additional_networks %}

32
roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
View File

@@ -35,23 +35,23 @@ matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscwo
matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_node_container_image: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
matrix_appservice_kakaotalk_node_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream }}"
matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default }}"
matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default: ""
matrix_appservice_kakaotalk_node_container_image_force_pull: "{{ matrix_appservice_kakaotalk_node_container_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
matrix_appservice_kakaotalk_node_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream }}"
matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default }}"
matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default: ""
matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e
matrix_appservice_kakaotalk_container_image: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_container_image_registry_prefix_upstream }}"
matrix_appservice_kakaotalk_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default }}"
matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default: ""
matrix_appservice_kakaotalk_container_image_force_pull: "{{ matrix_appservice_kakaotalk_container_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream }}"
matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default }}"
matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default: ""
matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk"
matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config"
matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data"
matrix_appservice_kakaotalk_container_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
matrix_appservice_kakaotalk_command_prefix: "!kt"
@@ -225,13 +225,3 @@ matrix_appservice_kakaotalk_registration_yaml: |
rate_limited: false
matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}"
# matrix_appservice_kakaotalk_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_appservice_kakaotalk_restart_necessary: false

49
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View File

@@ -8,27 +8,27 @@
- name: Ensure matrix-appservice-kakaotalk image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_container_image }}"
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_container_image_force_pull }}"
force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: matrix_appservice_kakaotalk_container_image_pull_result
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: matrix_appservice_kakaotalk_container_image_pull_result is not failed
until: result is not failed
- name: Ensure matrix-appservice-kakaotalk-node image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_node_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_container_image_force_pull }}"
force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: matrix_appservice_kakaotalk_node_container_image_pull_result
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: matrix_appservice_kakaotalk_node_container_image_pull_result is not failed
until: result is not failed
- name: Ensure matrix-appservice-kakaotalk paths exist
ansible.builtin.file:
@@ -41,13 +41,13 @@
- {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
- {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
when: item.when | bool
- name: Ensure matrix-appservice-kakaotalk repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}"
dest: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}"
force: "yes"
become: true
@@ -57,25 +57,25 @@
- name: Ensure matrix-appservice-kakaotalk-node Docker image is built
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}/node"
path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node"
pull: true
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk Docker image is built
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_container_image }}"
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
pull: true
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
@@ -86,7 +86,6 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_node_config_result
- name: Ensure matrix-appservice-kakaotalk config.yaml installed
ansible.builtin.copy:
@@ -95,7 +94,6 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_config_result
- name: Ensure matrix-appservice-kakaotalk registration.yaml installed
ansible.builtin.copy:
@@ -104,7 +102,6 @@
mode: '0644'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_appservice_kakaotalk_registration_result
- name: Ensure matrix-appservice-kakaotalk container network is created
community.general.docker_network:
@@ -125,17 +122,3 @@
src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
mode: '0644'
register: matrix_appservice_kakaotalk_systemd_service_result
- name: Determine whether matrix-appservice-kakaotalk needs a restart
ansible.builtin.set_fact:
matrix_appservice_kakaotalk_restart_necessary: >-
{{
matrix_appservice_kakaotalk_node_config_result.changed | default(false)
or matrix_appservice_kakaotalk_config_result.changed | default(false)
or matrix_appservice_kakaotalk_registration_result.changed | default(false)
or matrix_appservice_kakaotalk_node_systemd_service_result.changed | default(false)
or matrix_appservice_kakaotalk_systemd_service_result.changed | default(false)
or matrix_appservice_kakaotalk_container_image_pull_result.changed | default(false)
or matrix_appservice_kakaotalk_node_container_image_pull_result.changed | default(false)
}}

31
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
View File

@@ -5,27 +5,6 @@
---
- name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_docker_image', 'new': 'matrix_appservice_kakaotalk_container_image'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_container_image_force_pull'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_appservice_kakaotalk_docker_src_files_path', 'new': 'matrix_appservice_kakaotalk_container_src_files_path'}
- {'old': 'matrix_appservice_kakaotalk_node_docker_image', 'new': 'matrix_appservice_kakaotalk_node_container_image'}
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_node_container_image_force_pull'}
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream'}
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default'}
- name: Fail if required appservice-kakaotalk settings not defined
ansible.builtin.fail:
msg: >-
@@ -37,3 +16,13 @@
- {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true}
- {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"}
- {'name': 'matrix_appservice_kakaotalk_container_network', when: true}
- name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix'}
- {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_docker_image_registry_prefix'}

2
roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
View File

@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_kakaotalk_node_container_image }} \
{{ matrix_appservice_kakaotalk_node_docker_image }} \
node src/main.js --config /config.json
{% for network in matrix_appservice_kakaotalk_container_additional_networks %}

2
roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
View File

@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_appservice_kakaotalk_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_kakaotalk_container_image }} \
{{ matrix_appservice_kakaotalk_docker_image }} \
python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update
{% for network in matrix_appservice_discord_container_additional_networks %}

14
roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
View File

@@ -19,12 +19,12 @@ matrix_beeper_linkedin_enabled: true
matrix_beeper_linkedin_version: latest
# See: https://github.com/beeper/linkedin/pkgs/container/linkedin
matrix_beeper_linkedin_container_image: "{{ matrix_beeper_linkedin_container_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_container_image_tag }}"
matrix_beeper_linkedin_container_image_force_pull: "{{ matrix_beeper_linkedin_container_image_tag.startswith('latest') }}"
matrix_beeper_linkedin_container_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_container_image_registry_prefix_upstream }}"
matrix_beeper_linkedin_container_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_container_image_registry_prefix_upstream_default }}"
matrix_beeper_linkedin_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_beeper_linkedin_container_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
matrix_beeper_linkedin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_docker_image_registry_prefix_upstream }}"
matrix_beeper_linkedin_docker_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default }}"
matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_container_image_self_build: false
matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin"
@@ -33,7 +33,7 @@ matrix_beeper_linkedin_container_image_self_build_branch: "{{ 'master' if matrix
matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
matrix_beeper_linkedin_container_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
matrix_beeper_linkedin_homeserver_address: ""
matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"

16
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View File

@@ -22,7 +22,7 @@
- {path: "{{ matrix_beeper_linkedin_base_path }}", when: true}
- {path: "{{ matrix_beeper_linkedin_config_path }}", when: true}
- {path: "{{ matrix_beeper_linkedin_data_path }}", when: true}
- {path: "{{ matrix_beeper_linkedin_container_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
- {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure beeper-linkedin config.yaml installed
@@ -45,10 +45,10 @@
- name: Ensure Beeper LinkedIn container image is pulled
community.docker.docker_image:
name: "{{ matrix_beeper_linkedin_container_image }}"
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_beeper_linkedin_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_container_image_force_pull }}"
force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
when: "not matrix_beeper_linkedin_container_image_self_build | bool"
register: matrix_beeper_linkedin_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -60,7 +60,7 @@
- name: Ensure Beeper LinkedIn repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
dest: "{{ matrix_beeper_linkedin_container_src_files_path }}"
dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
force: "yes"
become: true
@@ -75,7 +75,7 @@
{{ devture_systemd_docker_base_host_command_docker }} run
--rm
--entrypoint=/bin/sh
--mount type=bind,src={{ matrix_beeper_linkedin_container_src_files_path }},dst=/work
--mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work
-w /work
docker.io/python:3.9.6-buster
-c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
@@ -84,13 +84,13 @@
- name: Ensure Beeper LinkedIn container image is built
community.docker.docker_image:
name: "{{ matrix_beeper_linkedin_container_image }}"
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: build
force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_beeper_linkedin_container_src_files_path }}"
path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
pull: true
args:
TARGETARCH: "{{ matrix_architecture }}"

27
roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
View File

@@ -7,23 +7,6 @@
---
- name: (Deprecation) Catch and report renamed beeper-linkedin settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
- {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
- {'old': 'matrix_beeper_linkedin_docker_image', 'new': 'matrix_beeper_linkedin_container_image'}
- {'old': 'matrix_beeper_linkedin_docker_image_force_pull', 'new': 'matrix_beeper_linkedin_container_image_force_pull'}
- {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
- {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream'}
- {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_beeper_linkedin_docker_image_tag', 'new': 'matrix_beeper_linkedin_container_image_tag'}
- {'old': 'matrix_beeper_linkedin_docker_src_files_path', 'new': 'matrix_beeper_linkedin_container_src_files_path'}
- name: Fail if required beeper-linkedin settings not defined
ansible.builtin.fail:
msg: >-
@@ -35,3 +18,13 @@
- {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
- {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}
- {'name': 'matrix_beeper_linkedin_container_network', when: true}
- name: (Deprecation) Catch and report renamed beeper-linkedin settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
- {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_docker_image_registry_prefix'}

2
roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
View File

@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_beeper_linkedin_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_beeper_linkedin_container_image }} \
{{ matrix_beeper_linkedin_docker_image }} \
python3 -m linkedin_matrix -c /config/config.yaml -r /config/registration.yaml --no-update
{% for network in matrix_beeper_linkedin_container_additional_networks %}

10
roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
View File

@@ -20,11 +20,11 @@ matrix_heisenbridge_path_prefix: "/heisenbridge"
# renovate: datasource=docker depName=hif1/heisenbridge
matrix_heisenbridge_version: 1.15.4
matrix_heisenbridge_container_image: "{{ matrix_heisenbridge_container_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_container_image_registry_prefix: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream }}"
matrix_heisenbridge_container_image_registry_prefix_upstream: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream_default }}"
matrix_heisenbridge_container_image_registry_prefix_upstream_default: "docker.io/"
matrix_heisenbridge_container_image_force_pull: "{{ matrix_heisenbridge_container_image.endswith(':latest') }}"
matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
matrix_heisenbridge_docker_image_registry_prefix_upstream_default: "docker.io/"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
# Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
matrix_heisenbridge_owner: ""

6
roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
View File

@@ -12,10 +12,10 @@
- name: Ensure Heisenbridge image is pulled
community.docker.docker_image:
name: "{{ matrix_heisenbridge_container_image }}"
name: "{{ matrix_heisenbridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_heisenbridge_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_container_image_force_pull }}"
force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}"
register: matrix_heisenbridge_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"

14
roles/custom/matrix-bridge-heisenbridge/tasks/validate_config.yml
View File

@@ -5,20 +5,6 @@
---
- name: (Deprecation) Catch and report renamed Heisenbridge settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_heisenbridge_docker_image', 'new': 'matrix_heisenbridge_container_image'}
- {'old': 'matrix_heisenbridge_docker_image_force_pull', 'new': 'matrix_heisenbridge_container_image_force_pull'}
- {'old': 'matrix_heisenbridge_docker_image_registry_prefix', 'new': 'matrix_heisenbridge_container_image_registry_prefix'}
- {'old': 'matrix_heisenbridge_docker_image_registry_prefix_upstream', 'new': 'matrix_heisenbridge_container_image_registry_prefix_upstream'}
- {'old': 'matrix_heisenbridge_docker_image_registry_prefix_upstream_default', 'new': 'matrix_heisenbridge_container_image_registry_prefix_upstream_default'}
- name: Fail if required Heisenbridge settings not defined
ansible.builtin.fail:
msg: >-

2
roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
View File

@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% for arg in matrix_heisenbridge_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_heisenbridge_container_image }} \
{{ matrix_heisenbridge_docker_image }} \
{% if matrix_heisenbridge_identd_enabled %}
--identd \
--identd-port 13113 \

Some files were not shown because too many files have changed in this diff Show More