iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-01-27 15:13:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:element-call-stack
Branches Tags
iartamonov:master iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
..
compare: iartamonov:35881c3fa5d9172ed884ab5d8ae7817ac616178c
Branches Tags
iartamonov:master iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

2 Commits
element-ca ... 35881c3fa5

Author SHA1 Message Date
Suguru Hirahara
35881c3fa5 Merge 91bdace920 into 057bd168f4 2025-04-04 05:04:30 +00:00
Suguru Hirahara
91bdace920 Add GitHub Action "Update translations" 
This commit implements a GitHub Action to update translation files with the PR automatically created on behalf of "github-actions[bot]", so that manual intervention and inflating activity of a committer is avoided. For now, only catalog templates (POT) files will be updated based on the master branch. When we start publishing translations, we can have the action build them.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
 2025-03-31 15:56:15 +09:00
24 changed files with 123 additions and 345 deletions
Expand all files Collapse all files

23
.github/renovate.json vendored
View File

@@ -1,17 +1,12 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
"config:base"
],
"labels": [
"dependencies"
],
"customManagers": [
"labels": ["dependencies"],
"regexManagers": [
{
"customType": "regex",
"fileMatch": [
"defaults/main.yml$"
],
"fileMatch": ["defaults/main.yml$"],
"matchStrings": [
"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
]
@@ -19,11 +14,11 @@
],
"packageRules": [
{
"ignoreUnstable": false,
"matchSourceUrls": [
"https://github.com/devture/com.devture.ansible.role{/,}**",
"https://github.com/mother-of-all-self-hosting{/,}**"
]
"matchSourceUrlPrefixes": [
"https://github.com/devture/com.devture.ansible.role",
"https://github.com/mother-of-all-self-hosting"
],
"ignoreUnstable": false
}
],
"ignoreDeps": [

29
.github/workflows/lock-threads.yml vendored
View File

@@ -1,29 +0,0 @@
# SPDX-FileCopyrightText: 2017 - 2023 Armin Sebastian
#
# SPDX-License-Identifier: MIT
---
name: 'Lock Threads'
on: # yamllint disable-line rule:truthy
# Use this to do a dry run from a pull request
# pull_request:
schedule:
- cron: '0 * * * *'
workflow_dispatch:
permissions:
issues: write
pull-requests: write
concurrency:
group: lock-threads
jobs:
action:
if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v5
with:
add-issue-labels: 'outdated'
process-only: 'issues, prs'

52
.github/workflows/update-translations.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
name: Update translations
on: # yamllint disable-line rule:truthy
push:
branches:
- master
paths: # See include_patterns on conf.py
- 'docs/*.md'
- 'i18n/README.md'
- '*.md'
permissions:
contents: write
pull-requests: write
jobs:
update:
if: github.repository == 'spantaleev/matrix-docker-ansible-deploy'
name: Update translations
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2
- uses: actions/setup-python@v5.5.0
with:
python-version: '3.13'
# Setting up recommended prerequisites
# See: i18n/README.md
- uses: astral-sh/setup-uv@v5.4.1
- uses: extractions/setup-just@v3
# TODO: optimize when we start publishing translations and integrate a Weblate instance
- name: Update translation catalog templates (POT) files
run: just --justfile i18n/justfile extract-translation-templates
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7.0.8
with:
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> # Same as committer
body: This is an automatic pull request to update translation files.
branch: create-pull-request/i18n
commit-message: Automatic translations update
delete-branch: true
labels: docs
sign-commits: true
title: Automatic translations update

24
CHANGELOG.md
View File

@@ -1,27 +1,3 @@
# 2025-04-09
## Element Call frontend installation is now optional
Because all Element clients (Element Web and Element X mobile) now embed and use their own Element Call frontend application (and not the one hosted via the playbook), it makes little sense for the playbook to self-host the Element Call frontend for you. Setting up the frontend requires an additional hostname (DNS setup) and it won't be used by Element clients anyway, so **we now recommend not installing the Element Call frontend**.
💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client).
The playbook now lets you [Decide between Element Call vs just the Matrix RTC stack](./docs/configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack).
If you've already installed Element Call (via `matrix_element_call_enabled: true`), you can switch to installing just the [Matrix RTC (Real-Time Communication) stack](./docs/configuring-playbook-matrix-rtc.md) (all supporting services **without the Element Call frontend**) by:
1. Adjusting your `vars.yml` configuration like this:
```diff
-matrix_element_call_enabled: true
+matrix_rtc_enabled: true
```
2. [Re-running the playbook](./docs/installing.md) with the `setup-all` Ansible tag (e.g. `just setup-all`)
3. Getting rid of the `call.element.example.com` DNS record
# 2025-03-15
## Element Call support

18
LICENSES/MIT.txt
View File

@@ -1,18 +0,0 @@
MIT License
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
USE OR OTHER DEALINGS IN THE SOFTWARE.

7
docs/configuring-playbook-dynamic-dns.md
View File

@@ -14,7 +14,7 @@ Most cloud providers / ISPs will charge you extra for a static IP address. If yo
## Prerequisite
You'll need to authenticate with your DNS provider somehow, in most cases this is simply a username and password but can differ from provider to provider. Please consult with your providers documentation and the upstream [ddclient documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in) to determine what you'll need to provide to authenticate.
You'll need to get a username and password from your DNS provider. Please consult with the provider about how to retrieve them.
## Adjusting the playbook configuration
@@ -31,8 +31,6 @@ matrix_dynamic_dns_domain_configurations:
domain: "{{ matrix_domain }}"
```
Keep in mind that certain providers may require a different configuration of the `matrix_dynamic_dns_domain_configurations` variable, for provider specific examples see the [upstream documentation](https://github.com/ddclient/ddclient/blob/main/ddclient.conf.in).
### Extending the configuration
There are some additional things you may wish to configure about the component.
@@ -59,8 +57,7 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
Additional resources:
- https://matrix.org/docs/guides/free-small-matrix-server
- https://github.com/linuxserver/docker-ddclient
## Troubleshooting
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dynamic-dns`. However, due to an [upstream issue](https://github.com/linuxserver/docker-ddclient/issues/54#issuecomment-1153143132) the logging output is not always complete. For advanced debugging purposes running the `ddclient` tool outside of the container is useful via the following: `ddclient -file ./ddclient.conf -daemon=0 -debug -verbose -noquiet`.
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-dynamic-dns`.

29
docs/configuring-playbook-element-call.md
View File

@@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Setting up Element Call (optional)
The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) and its supporting components that are part of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md).
The playbook can install and configure [Element Call](https://github.com/element-hq/element-call) for you.
Element Call is a native Matrix video conferencing application developed by [Element](https://element.io), designed for secure, scalable, privacy-respecting, and decentralized video and voice calls over the Matrix protocol. Built on MatrixRTC ([MSC4143](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)), it utilizes [MSC4195](https://github.com/hughns/matrix-spec-proposals/blob/hughns/matrixrtc-livekit/proposals/4195-matrixrtc-livekit.md) with [LiveKit Server](configuring-playbook-livekit-server.md) as its backend.
@@ -16,33 +16,18 @@ See the project's [documentation](https://github.com/element-hq/element-call) to
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- The [Matrix RTC (Real-Time Communication) stack](configuring-playbook-matrix-rtc.md)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when Element Call is enabled)
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when Element Call is enabled)
- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
> [!WARNING]
> Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
## Decide between Element Call vs just the Matrix RTC stack
All clients that can currently use Element Call (Element Web and Element X on mobile) already embed the Element Call frontend within them.
These **clients will use their own embedded Element Call frontend**, so **self-hosting the Element Call frontend by the playbook is largely unnecessary**.
💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client).
The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.
| Description / Variable | Element Call frontend | [LiveKit Server](configuring-playbook-livekit-server.md) | [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) |
|------------------------|-----------------------|----------------|---------------------|
| Description | Static website that provides the Element Call UI (but often embedded by clients) | Scalable, multi-user conferencing solution based on WebRTC | A helper component that allows Element Call to integrate with LiveKit Server |
| Required for Element Call to function | No | Yes | Yes |
| `matrix_element_call_enabled` | ✅ Installed | ✅ Installed | ✅ Installed |
| `matrix_rtc_enabled` | ❌ Not Installed, but usually unnecessary | ✅ Installed | ✅ Installed |
All documentation below assumes that you've decided to install Element Call and not just the Matrix RTC stack.
## Decide on a domain and path
By default, the Element Call frontend is configured to be served on the `call.element.example.com` domain.
By default, Element Call is configured to be served on the `call.element.example.com` domain.
If you'd like to run Element Call on another hostname, see the [Adjusting the Element Call URL](#adjusting-the-element-call-url-optional) section below.
@@ -63,8 +48,6 @@ In addition to the HTTP/HTTPS ports (which you've already exposed as per the [pr
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
# Enable the Element Call frontend UI to allow standalone use of Element Call.
# Enabling this also auto-enables the Matrix RTC stack.
matrix_element_call_enabled: true
```

4
docs/configuring-playbook-livekit-jwt-service.md
View File

@@ -8,9 +8,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [LiveKit JWT Service](https://github.com/element-hq/lk-jwt-service/) for you.
This is a helper component which is part of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md).
This is a helper component that allows [Element Call](configuring-playbook-element-call.md) to integrate with [LiveKit Server](configuring-playbook-livekit-server.md).
💡 LiveKit JWT Service is automatically installed and configured when either [Element Call](configuring-playbook-element-call.md) or the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) is enabled, so you don't need to do anything extra.
💡 LiveKit JWT Service is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
Take a look at:

12
docs/configuring-playbook-livekit-server.md
View File

@@ -11,7 +11,7 @@ The playbook can install and configure [LiveKit Server](https://github.com/livek
LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications.
💡 LiveKit Server is automatically installed and configured when either [Element Call](configuring-playbook-element-call.md) or the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) is enabled, so you don't need to do anything extra.
💡 LiveKit Server is automatically installed and configured when [Element Call](configuring-playbook-element-call.md) is enabled, so you don't need to do anything extra.
The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:
- 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online
@@ -25,14 +25,4 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p
- `7882/udp`: ICE/UDP Mux
- `3479/udp`: TURN/UDP. Also see the [Limitations](#limitations) section below.
- `5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below.
💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.
## Limitations
For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).

59
docs/configuring-playbook-matrix-rtc.md
View File

@@ -1,59 +0,0 @@
<!--
SPDX-FileCopyrightText: 2024 wjbeckett
SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up the Matrix RTC stack (optional)
The playbook can install and configure the Matrix RTC (Real-Time Communication) stack.
The Matrix RTC stack is a set of supporting components ([LiveKit Server](configuring-playbook-livekit-server.md) and [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md)) that allow the new [Element Call](configuring-playbook-element-call.md) audio/video calls to function.
💡 If you only plan on doing audio/video calls via Matrix client (which typically embed the Element Call frontend UI within them), you only need to install the Matrix RTC stack and don't necessarily need to install [Element Call](configuring-playbook-element-call.md). See the [Decide between Element Call vs just the Matrix RTC stack](configuring-playbook-element-call.md#decide-between-element-call-vs-just-the-matrix-rtc-stack) section of the [Element Call documentation](configuring-playbook-element-call.md) for more details.
## Prerequisites
- A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- [Federation](configuring-playbook-federation.md) being enabled for your Matrix homeserver (federation is enabled by default, unless you've explicitly disabled it), because [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) currently [requires it](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562#issuecomment-2725250554) ([relevant source code](https://github.com/element-hq/lk-jwt-service/blob/f5f5374c4bdcc00a4fb13d27c0b28e20e4c62334/main.go#L135-L146))
- Various experimental features for the Synapse homeserver which Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) (automatically done when Element Call is enabled)
- A [LiveKit Server](configuring-playbook-livekit-server.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- The [LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (automatically installed when [Element Call or the Matrix RTC stack is enabled](#decide-between-element-call-vs-just-the-matrix-rtc-stack))
- A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
> [!WARNING]
> Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
# Enable the Matrix RTC stack.
# This provides all supporting services for Element Call, without the Element Call frontend.
matrix_rtc_enabled: true
```
## Adjusting firewall rules
In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section.
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
## Usage
Once installed, Matrix clients which support Element Call (like [Element Web](configuring-playbook-client-element-web.md) and Element X on mobile (iOS and Android)) will automatically use the Matrix RTC stack.
These clients typically embed the Element Call frontend UI within them, so installing [Element Call](configuring-playbook-element-call.md) is only necessary if you'd like to use it standalone - directly via a browser.

8
docs/configuring-playbook.md
View File

@@ -237,13 +237,11 @@ Services that help you in administrating and monitoring your Matrix installation
Various services that don't fit any other categories.
- [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application, built on top of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)
- [Setting up Element Call](configuring-playbook-element-call.md) — a native Matrix video conferencing application (optional)
- [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) - a component of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)
- [Setting up LiveKit JWT Service](configuring-playbook-livekit-jwt-service.md) (optional)
- [Setting up LiveKit Server](configuring-playbook-livekit-server.md) - a component of the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) (optional)
- [Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)
- [Setting up LiveKit Server](configuring-playbook-livekit-server.md) (optional)
- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)

8
docs/prerequisites.md
View File

@@ -59,10 +59,10 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- `80/tcp`: HTTP webserver
- `443/tcp` and `443/udp`: HTTPS webserver
- `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `3478/udp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
- `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
- `3478/tcp`: STUN/TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
- `3478/udp`: STUN/TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
- `5349/tcp`: TURN over TCP (used by [coturn](./docs/configuring-playbook-turn.md))
- `5349/udp`: TURN over UDP (used by [coturn](./docs/configuring-playbook-turn.md))
- `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
- the range `49152-49172/udp`: TURN over UDP
- potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.

78
group_vars/matrix_servers
View File

@@ -3568,8 +3568,10 @@ matrix_coturn_container_additional_volumes: |
)
}}
matrix_coturn_systemd_required_services_list_auto: |
matrix_coturn_systemd_required_services_list: |
{{
[devture_systemd_docker_base_docker_service_name]
+
([traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
}}
@@ -4537,7 +4539,7 @@ ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
#
######################################################################
valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) }}"
valkey_enabled: "{{ matrix_synapse_workers_enabled or (matrix_hookshot_enabled and matrix_hookshot_encryption_enabled) or matrix_element_call_enabled }}"
valkey_identifier: matrix-valkey
@@ -4609,9 +4611,9 @@ matrix_client_element_enable_presence_by_hs_url: |-
matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
matrix_client_element_features_feature_video_rooms: "{{ matrix_rtc_enabled }}"
matrix_client_element_features_feature_group_calls: "{{ matrix_rtc_enabled }}"
matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_rtc_enabled }}"
matrix_client_element_features_feature_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_group_calls: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_element_call_video_rooms: "{{ matrix_element_call_enabled }}"
matrix_client_element_features_feature_oidc_native_flow: "{{ matrix_authentication_service_enabled }}"
matrix_client_element_element_call_enabled: "{{ matrix_element_call_enabled }}"
@@ -4934,7 +4936,7 @@ matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "{{ (('http://' + matrix_synapse_usage_exporter_identifier + ':' + matrix_synapse_usage_exporter_container_port | string + '/report-usage-stats/push') if matrix_synapse_usage_exporter_enabled else '') }}"
matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_rtc_enabled }}"
matrix_synapse_experimental_features_msc3266_enabled: "{{ matrix_element_call_enabled }}"
matrix_synapse_experimental_features_msc3861_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc3861_issuer: "{{ matrix_authentication_service_http_base_container_url if matrix_authentication_service_enabled else '' }}"
@@ -4944,9 +4946,9 @@ matrix_synapse_experimental_features_msc3861_account_management_url: "{{ matrix_
matrix_synapse_experimental_features_msc4108_enabled: "{{ matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress }}"
matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_rtc_enabled }}"
matrix_synapse_experimental_features_msc4140_enabled: "{{ matrix_element_call_enabled }}"
matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_rtc_enabled }}"
matrix_synapse_experimental_features_msc4222_enabled: "{{ matrix_element_call_enabled }}"
# Disable password authentication when delegating authentication to Matrix Authentication Service.
# Unless this is done, Synapse fails on startup with:
@@ -6140,7 +6142,7 @@ matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{
# See: https://github.com/etkecc/synapse-admin/pull/126
matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{ matrix_synapse_admin_configuration if matrix_homeserver_implementation == 'synapse' else {} }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_livekit_jwt_service_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled: "{{ matrix_element_call_enabled }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: |-
{{
(
@@ -6297,7 +6299,7 @@ matrix_element_call_config_livekit_livekit_service_url: "{{ matrix_livekit_jwt_s
# #
########################################################################
livekit_server_enabled: "{{ matrix_rtc_enabled }}"
livekit_server_enabled: "{{ matrix_element_call_enabled }}"
livekit_server_identifier: matrix-livekit-server
@@ -6314,38 +6316,11 @@ livekit_server_container_image_self_build: "{{ matrix_architecture not in ['arm6
livekit_server_container_network: "{{ matrix_addons_container_network }}"
livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
livekit_server_container_additional_volumes_auto: |
{{
(
[
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/certificate.crt'),
'dst': livekit_server_config_turn_cert_file,
'options': 'ro',
},
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + livekit_server_config_turn_domain + '/privatekey.key'),
'dst': livekit_server_config_turn_key_file,
'options': 'ro',
},
] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled and (livekit_server_config_turn_cert_file and livekit_server_config_turn_key_file)) else []
)
}}
livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
livekit_server_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
livekit_server_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
livekit_server_metrics_proxying_enabled: "{{ livekit_server_config_prometheus_enabled and matrix_metrics_exposure_enabled }}"
livekit_server_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
livekit_server_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/livekit-server"
livekit_server_config_prometheus_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
livekit_server_config_keys_auto: |-
{{
{}
@@ -6365,33 +6340,6 @@ livekit_server_config_turn_tls_port: 5350
# Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
livekit_server_config_turn_udp_port: 3479
# LiveKit's TURN implementation requires SSL certificates.
# We only enable it if we can provide them automatically via Traefik + Traefik Certs Dumper.
livekit_server_config_turn_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled }}"
livekit_server_config_turn_cert_file: |-
{{
{
'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
livekit_server_config_turn_key_file: |-
{{
{
'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
'none': '',
}[matrix_playbook_reverse_proxy_type]
}}
livekit_server_systemd_required_services_list_auto: |
{{
([traefik_certs_dumper_identifier + '-wait-for-domain@' + livekit_server_config_turn_domain + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled else [])
}}
########################################################################
# #
# /livekit-server #
@@ -6405,7 +6353,7 @@ livekit_server_systemd_required_services_list_auto: |
# #
########################################################################
matrix_livekit_jwt_service_enabled: "{{ matrix_rtc_enabled and livekit_server_enabled }}"
matrix_livekit_jwt_service_enabled: "{{ matrix_element_call_enabled and livekit_server_enabled }}"
matrix_livekit_jwt_service_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

8
requirements.yml
View File

@@ -16,7 +16,7 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.3.0-0
version: v2.2.7-4
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-0
@@ -25,13 +25,13 @@
version: v11.6.0-0
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v10169-0
version: v10133-1-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.8.4-5
version: v1.8.4-2
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.11.0-5
version: v2.11.0-4
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048

2
roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2
View File

@@ -13,8 +13,6 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-googlechat 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.11.97
matrix_client_element_version: v1.11.96
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"

5
roles/custom/matrix-coturn/defaults/main.yml
View File

@@ -56,10 +56,7 @@ matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
# List of systemd services that matrix-coturn.service depends on
matrix_coturn_systemd_required_services_list: "{{ matrix_coturn_systemd_required_services_list_default + matrix_coturn_systemd_required_services_list_auto + matrix_coturn_systemd_required_services_list_custom }}"
matrix_coturn_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_coturn_systemd_required_services_list_auto: []
matrix_coturn_systemd_required_services_list_custom: []
matrix_coturn_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically at runtime. You can provide a different default value,

16
roles/custom/matrix-dynamic-dns/defaults/main.yml
View File

@@ -55,18 +55,6 @@ matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"
# Config options
matrix_dynamic_dns_use: "web"
# The endpoint to use to determine your external IP
matrix_dynamic_dns_web: "https://cloudflare.com/cdn-cgi/trace"
# The field to extract the IP from
# If your endpoint defined in `matrix_dynamic_dns_web` doesn't need this, just set it to ""
matrix_dynamic_dns_web_skip: "ip="
matrix_dynamic_dns_additional_configuration_blocks: []
# Holds the configurations (the domains to update DNS for, the providers they use, etc.)
#
# Example:
@@ -77,3 +65,7 @@ matrix_dynamic_dns_additional_configuration_blocks: []
# password: XXXXXXXXXXXXXXXX
# domain: "{{ matrix_domain }}"
matrix_dynamic_dns_domain_configurations: []
# Config options
matrix_dynamic_dns_additional_configuration_blocks: []
matrix_dynamic_dns_use: "web"

4
roles/custom/matrix-dynamic-dns/tasks/validate_config.yml
View File

@@ -14,8 +14,8 @@
- name: Fail if required matrix-dynamic-dns settings not defined in configuration blocks
ansible.builtin.fail:
msg: >-
One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, protocol).
when: "'domain' not in configuration or 'protocol' not in configuration"
One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol).
when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration"
with_items: "{{ matrix_dynamic_dns_domain_configurations }}"
loop_control:
loop_var: configuration

65
roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2
View File

@@ -10,57 +10,24 @@ syslog=no
pid=/var/run/ddclient/ddclient.pid
ssl=yes
use={{ matrix_dynamic_dns_use }}
web='{{ matrix_dynamic_dns_web }}'
{% if matrix_dynamic_dns_web_skip %}
web-skip='{{ matrix_dynamic_dns_web_skip }}'
{% endif %}
{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
{{ matrix_dynamic_dns_additional_configuration }}
{% endfor %}
{% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %}
protocol={{ dynamic_dns_domain_configuration.protocol }}
{% if 'provider' in dynamic_dns_domain_configuration %}
server={{ dynamic_dns_domain_configuration.provider }}
{% endif %}
{% if 'username' in dynamic_dns_domain_configuration %}
login='{{ dynamic_dns_domain_configuration.username }}'
{% endif %}
{% if 'password' in dynamic_dns_domain_configuration %}
password='{{ dynamic_dns_domain_configuration.password }}'
{% endif %}
{% if 'static' in dynamic_dns_domain_configuration %}
static=yes
{% endif %}
{% if 'custom' in dynamic_dns_domain_configuration %}
custom=yes
{% endif %}
{% if 'zone' in dynamic_dns_domain_configuration %}
zone={{ dynamic_dns_domain_configuration.zone }}
{% endif %}
{% if 'ttl' in dynamic_dns_domain_configuration %}
ttl={{ dynamic_dns_domain_configuration.ttl }}
{% endif %}
{% if 'mx' in dynamic_dns_domain_configuration %}
mx={{ dynamic_dns_domain_configuration.mx }}
{% endif %}
{% if 'wildcard' in dynamic_dns_domain_configuration %}
wildcard=yes
{% endif %}
{% if 'script' in dynamic_dns_domain_configuration %}
script={{ dynamic_dns_domain_configuration.script }}
{% endif %}
server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %}
login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %}
password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %}
static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %}
custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %}
zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %}
ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %}
mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %}
wildcard=yes {% endif %}
{{ dynamic_dns_domain_configuration.domain }}
{% endfor %}
{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
{{ matrix_dynamic_dns_additional_configuration }}
{% endfor %}

2
roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
View File

@@ -23,7 +23,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--network={{ matrix_dynamic_dns_container_network }} \
-e PUID={{ matrix_user_uid }} \
-e PGID={{ matrix_user_gid }} \
--mount type=bind,src={{ matrix_dynamic_dns_config_path }},dst=/config \
--mount type=bind,src={{ matrix_dynamic_dns_config_path }},dst=/config/ddclient \
{% for arg in matrix_dynamic_dns_container_extra_arguments %}
{{ arg }} \
{% endfor %}

9
roles/custom/matrix-element-call/defaults/main.yml
View File

@@ -11,15 +11,6 @@
matrix_element_call_enabled: false
# Controls whether the Element Call stack (various services around Element Call, without the Element Call frontend itself) are to be installed.
# This affects enablement of other services around Element Call.
#
# By default, we enable the rest of the stack when Element Call itself is enabled,
# but people may wish to enable the stack by itself and avoid installing the Element Call frontend.
# This is useful to do, because self-hosting the Element Call frontend is mostly useless, because
# various clients tend to embed and preferusing their own embedded Element Call frontend, instead of a self-hosted one.
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.9.0

2
roles/custom/matrix-livekit-jwt-service/defaults/main.yml
View File

@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
matrix_livekit_jwt_service_container_additional_networks_custom: []
# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
matrix_livekit_jwt_service_version: 0.2.3
matrix_livekit_jwt_service_version: 0.2.2
matrix_livekit_jwt_service_container_image_self_build: false
matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"

2
roles/custom/matrix-synapse/defaults/main.yml
View File

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
matrix_synapse_github_org_and_repo: element-hq/synapse
# renovate: datasource=docker depName=ghcr.io/element-hq/synapse
matrix_synapse_version: v1.128.0
matrix_synapse_version: v1.127.1
matrix_synapse_username: ''
matrix_synapse_uid: ''