Apply to_json to msc4190 in mautrix configs

Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges.
Update dock.mau.dev/mautrix/signal Docker tag to v0.8.2
2026-01-27 15:13:17 +03:00 · 2025-04-16 21:44:50 +02:00 · 2025-04-16 21:23:32 +02:00 · 2025-04-16 16:15:03 +03:00 · 2025-04-16 16:09:22 +03:00 · 2025-04-16 16:08:52 +03:00
29 changed files with 105 additions and 20 deletions
--- a/docs/configuring-playbook-element-call.md
+++ b/docs/configuring-playbook-element-call.md
@@ -16,8 +16,9 @@ See the project's [documentation](https://github.com/element-hq/element-call) to
 ## Prerequisites

 - A [Synapse](configuring-playbook-synapse.md) homeserver (see the warning below)
- The [Matrix RTC (Real-Time Communication) stack](configuring-playbook-matrix-rtc.md)
+- The [Matrix RTC (Real-Time Communication) stack](configuring-playbook-matrix-rtc.md) (automatically done when Element Call is enabled)
 - A client compatible with Element Call. As of 2025-03-15, that's just [Element Web](configuring-playbook-client-element-web.md) and the Element X mobile clients (iOS and Android).
+- (Optional) Guest accounts being enabled for your Matrix server, if you'd like guests to be able to use Element Call. See [Allowing guests to use Element Call](#allowing-guests-to-use-element-call-optional)

 > [!WARNING]
 >  Because Element Call [requires](https://github.com/element-hq/element-call/blob/93ae2aed9841e0b066d515c56bd4c122d2b591b2/docs/self-hosting.md#a-matrix-homeserver) a few experimental features in the Matrix protocol, it's **very likely that it only works with the Synapse homeserver**.
@@ -27,7 +28,7 @@ See the project's [documentation](https://github.com/element-hq/element-call) to
 All clients that can currently use Element Call (Element Web and Element X on mobile) already embed the Element Call frontend within them.
 These **clients will use their own embedded Element Call frontend**, so **self-hosting the Element Call frontend by the playbook is largely unnecessary**.

-💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client).
+💡 A reason you may wish to continue installing the Element Call frontend (despite Matrix clients not making use of it), is if you need to use it standalone - directly via a browser (without a Matrix client). Note that unless you [allow guest accounts to use Element Call](#allowing-guests-to-use-element-call-optional), you will still need a Matrix user account **on the same homeserver** to be able to use Element Call.

 The playbook makes a distiction between enabling Element Call (`matrix_element_call_enabled`) and enabling the Matrix RTC Stack (`matrix_rtc_enabled`). Enabling Element Call automatically enables the Matrix RTC stack. Because installing the Element Call frontend is now unnecessary, **we recommend only installing the Matrix RTC stack, without the Element Call frontend**.

@@ -81,6 +82,28 @@ matrix_element_call_hostname: element-call.example.com
 > [!WARNING]
 > A `matrix_element_call_path_prefix` variable is also available and mean to let you configure a path prefix for the Element Call service, but [Element Call does not support running under a sub-path yet](https://github.com/element-hq/element-call/issues/3084).

+### Allowing guests to use Element Call (optional)
+
+By default, Element Call can only be used by people having accounts on your Matrix server.
+
+If you'd like guests to be able to use Element Call as well, you need to enable guest accounts support for your homeserver.
+
+> [!WARNING]
+> Enabling guest accounts means that your homeserver's user database may get polluted with guest account signups (potentially made by bots).
+> Guest accounts should be limited in what (damage) they can do to your server and the rest of the Matrix ecosystem, but it's better to not enable them unless necessary.
+
+For [Synapse](configuring-playbook-synapse.md) (the default homeserver implementation), the configuration is like this:
+
+```yml
+matrix_synapse_allow_guest_access: true
+```
+
+For [Dendrite](configuring-playbook-dendrite.md), the configuration is like this:
+
+```yml
+matrix_dendrite_guests_disabled: false
+```
+
 ## Installing

 After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
--- a/docs/howto-srv-server-delegation.md
+++ b/docs/howto-srv-server-delegation.md
@@ -79,7 +79,7 @@ traefik_configuration_extension_yaml: |
            - "8.8.8.8:53"
        storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}

-# 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
+# 2. Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare)
 traefik_environment_variables: |
  CF_API_EMAIL=redacted
  CF_ZONE_API_TOKEN=redacted
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -30,4 +30,4 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
 tabulate==0.9.0
 uc-micro-py==1.0.3
-urllib3==2.3.0
+urllib3==2.4.0
--- a/requirements.yml
+++ b/requirements.yml
@@ -25,7 +25,7 @@
  version: v11.6.0-0
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v10169-0
+  version: v10184-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
  version: v1.8.4-5
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true

 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2025.3.26
+matrix_alertmanager_receiver_version: 2025.4.16

 matrix_alertmanager_receiver_scheme: https

--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -48,6 +48,9 @@ matrix_bridges_encryption_enabled: false
 # Global var to make encryption default/optional across all bridges with encryption support
 matrix_bridges_encryption_default: "{{ matrix_bridges_encryption_enabled }}"

+# Global var for enabling msc4190 ( On supported bridges)
+matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled && matrix_bridges_encryption_enabled }}"
+
 # Global var to enable/disable relay mode across all bridges with relay mode support
 matrix_bridges_relay_enabled: false

--- a/roles/custom/matrix-bot-baibot/defaults/main.yml
+++ b/roles/custom/matrix-bot-baibot/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"

 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.5.1
+matrix_bot_baibot_version: v1.6.0
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -30,7 +30,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"

 # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
-matrix_bot_honoroit_version: v0.9.27
+matrix_bot_honoroit_version: v0.9.28
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
 matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@@ -19,7 +19,7 @@ matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_heisenbridge_path_prefix: "/heisenbridge"

 # renovate: datasource=docker depName=hif1/heisenbridge
-matrix_heisenbridge_version: 1.15.2
+matrix_heisenbridge_version: 1.15.3
 matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
 matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
@@ -31,6 +31,8 @@ matrix_mautrix_bluesky_homeserver_address: ""
 matrix_mautrix_bluesky_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'

+matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_bluesky_appservice_public_address: ''

@@ -187,6 +189,7 @@ matrix_mautrix_bluesky_registration_yaml: |
  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
  receive_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled }}

 matrix_mautrix_bluesky_registration: "{{ matrix_mautrix_bluesky_registration_yaml | from_yaml }}"

--- a/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-bluesky/templates/config.yaml.j2
@@ -209,10 +209,6 @@ appservice:
    # However, messages will not be guaranteed to be bridged in the same order they were sent in.
    # This value doesn't affect the registration file.
    async_transactions: false
-    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
-    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
-    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
-    msc4190: false

    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: {{ matrix_mautrix_bluesky_appservice_token | to_json }}
@@ -358,6 +354,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: {{ matrix_mautrix_bluesky_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_bluesky_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_bluesky_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -21,7 +21,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
-matrix_mautrix_discord_version: v0.7.2
+matrix_mautrix_discord_version: v0.7.3

 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_registry_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -36,6 +36,8 @@ matrix_mautrix_gmessages_homeserver_address: ""
 matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"

+matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 matrix_mautrix_gmessages_backfill_enabled: true
 matrix_mautrix_gmessages_backfill_max_initial_messages: 50
 matrix_mautrix_gmessages_backfill_max_catchup_messages: 500
@@ -212,5 +214,6 @@ matrix_mautrix_gmessages_registration_yaml: |
      - exclusive: true
        regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled }}

 matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
@@ -354,6 +354,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: {{ matrix_mautrix_gmessages_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_gmessages_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.4.5
+matrix_mautrix_meta_instagram_version: v0.4.6

 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -123,6 +123,8 @@ matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta

 matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"

+matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger
 # - it's easy for users - you may change the mode, but the bot is always at `@messengerbot:example.com`
@@ -297,5 +299,6 @@ matrix_mautrix_meta_instagram_registration_yaml: |
  sender_localpart: _bot_{{ matrix_mautrix_meta_instagram_appservice_username }}
  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled }}

 matrix_mautrix_meta_instagram_registration: "{{ matrix_mautrix_meta_instagram_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
@@ -367,6 +367,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_meta_instagram_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.4.5
+matrix_mautrix_meta_messenger_version: v0.4.6

 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -123,6 +123,8 @@ matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta

 matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"

+matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 # For Facebook/Messenger, we use the same `@messengerbot:example.com` username regardless of how bridging happens for multiple reasons:
 # - it's consistent - regardless of how bridging happens, the bridged service is actually Messenger
 # - it's easy for users - you may change the mode, but the bot is always at `@messengerbot:example.com`
@@ -297,5 +299,6 @@ matrix_mautrix_meta_messenger_registration_yaml: |
  sender_localpart: _bot_{{ matrix_mautrix_meta_messenger_appservice_username }}
  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled }}

 matrix_mautrix_meta_messenger_registration: "{{ matrix_mautrix_meta_messenger_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
@@ -367,6 +367,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_meta_messenger_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.8.1
+matrix_mautrix_signal_version: v0.8.2

 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@@ -44,6 +44,8 @@ matrix_mautrix_signal_homeserver_address: ""
 matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"

+matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 matrix_mautrix_signal_command_prefix: "!signal"

 matrix_mautrix_signal_bridge_permissions: |
@@ -210,6 +212,7 @@ matrix_mautrix_signal_registration_yaml: |
      - exclusive: true
        regex: '^@{{ matrix_mautrix_signal_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_signal_msc4190_enabled }}

 matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml | from_yaml }}"

--- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -334,6 +334,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: false
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_signal_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
@@ -34,6 +34,8 @@ matrix_mautrix_slack_homeserver_address: ""
 matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"

+matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 matrix_mautrix_slack_command_prefix: "!slack"

 matrix_mautrix_slack_bridge_permissions: |
@@ -151,6 +153,7 @@ matrix_mautrix_slack_registration_yaml: |
      - exclusive: true
        regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_slack_msc4190_enabled }}

 matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"

--- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
@@ -371,6 +371,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: false
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_slack_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -39,6 +39,8 @@ matrix_mautrix_twitter_homeserver_address: ""
 matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'

+matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 # A public address that external services can use to reach this appservice.
 matrix_mautrix_twitter_appservice_public_address: ''

@@ -196,6 +198,7 @@ matrix_mautrix_twitter_registration_yaml: |
  rate_limited: false
  de.sorunome.msc2409.push_ephemeral: true
  receive_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_twitter_msc4190_enabled }}

 matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"

--- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
@@ -212,7 +212,8 @@ appservice:
    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
-    msc4190: false
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_twitter_msc4190_enabled | to_json }}

    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: {{ matrix_mautrix_twitter_appservice_token | to_json }}
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -46,6 +46,8 @@ matrix_mautrix_whatsapp_homeserver_address: ""
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"

+matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
+
 matrix_mautrix_whatsapp_extev_polls: false

 matrix_mautrix_whatsapp_command_prefix: "!wa"
@@ -229,5 +231,6 @@ matrix_mautrix_whatsapp_registration_yaml: |
      - exclusive: true
        regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain | regex_escape }}$'
  de.sorunome.msc2409.push_ephemeral: true
+  io.element.msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled }}

 matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}"
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
@@ -445,6 +445,11 @@ encryption:
    # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
    # This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
    appservice: false
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    # Changing this option requires updating the appservice registration file.
+    msc4190: {{ matrix_mautrix_whatsapp_msc4190_enabled | to_json }}
    # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
    # You must use a client that supports requesting keys from other users to use this feature.
    allow_key_sharing: {{ matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow | to_json }}
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@@ -240,6 +240,9 @@ matrix_dendrite_client_api_rate_limiting_cooloff_ms: 500
 # Controls whether people with access to the homeserver can register by themselves.
 matrix_dendrite_client_api_registration_disabled: true

+# Controls whether guest accounts are disabled
+matrix_dendrite_guests_disabled: true
+
 # reCAPTCHA API for validating registration attempts
 matrix_dendrite_client_api_enable_registration_captcha: false
 matrix_dendrite_client_api_recaptcha_public_key: ""
--- a/roles/custom/matrix-dendrite/templates/dendrite.yaml.j2
+++ b/roles/custom/matrix-dendrite/templates/dendrite.yaml.j2
@@ -189,7 +189,7 @@ client_api:

  # Prevents new guest accounts from being created. Guest registration is also
  # disabled implicitly by setting 'registration_disabled' above.
-  guests_disabled: true
+  guests_disabled: {{ matrix_dendrite_guests_disabled | to_json }}

  # If set, allows registration by anyone who knows the shared secret, regardless of
  # whether registration is otherwise disabled.
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@@ -25,7 +25,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git"

 # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin
-matrix_synapse_admin_version: v0.10.3-etke38
+matrix_synapse_admin_version: v0.10.3-etke39
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_synapse_admin_docker_image_registry_prefix_upstream }}"
 matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"
Author	SHA1	Message	Date
onestacked	de1a18e197	Apply to_json to msc4190 in mautrix configs	2025-04-16 21:44:50 +02:00
onestacked	6fdc712e4b	Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges.	2025-04-16 21:23:32 +02:00
renovate[bot]	c4da60c4e4	Update dock.mau.dev/mautrix/signal Docker tag to v0.8.2 Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-16 16:15:03 +03:00
renovate[bot]	0d30d315e3	Update dock.mau.dev/mautrix/meta Docker tag to v0.4.6	2025-04-16 16:09:22 +03:00
renovate[bot]	1317e5632a	Update dock.mau.dev/mautrix/discord Docker tag to v0.7.3	2025-04-16 16:08:52 +03:00
renovate[bot]	6ed5db1464	Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2025.4.16 Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-16 09:09:04 +03:00
QEDeD	b35289cae8	Update howto-srv-server-delegation.md Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run Fix single typo Rraefik --> Traefik	2025-04-16 00:01:07 +03:00
Aine	222f877261	Honoroit v0.9.28 Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-14 22:51:01 +03:00
Aine	00cb1e5c0c	Synapse Admin v0.10.3-etke39	2025-04-14 18:12:25 +03:00
Slavi Pantaleev	e02dd74e3a	Upgrade baibot (v1.5.1 -> v1.6.0) Some checks failed Matrix CI / yamllint (push) Has been cancelled Matrix CI / ansible-lint (push) Has been cancelled REUSE Compliance Check / reuse-compliance-check (push) Has been cancelled	2025-04-12 08:10:54 +03:00
renovate[bot]	08b68e93dc	Update hif1/heisenbridge Docker tag to v1.15.3	2025-04-12 07:04:42 +03:00
adam-kress	60b291f197	Upgrade Jitsi (v10169-0 -> v10184-0) Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-11 13:24:54 +03:00
renovate[bot]	8378e6f164	Update dependency urllib3 to v2.4.0 Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-10 22:46:43 +03:00
Slavi Pantaleev	40dd8f7785	Add a section on guest accounts and Element Call Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-10 12:54:54 +03:00
Slavi Pantaleev	761e6d4cd6	Add `matrix_dendrite_guests_disabled`	2025-04-10 12:52:44 +03:00
Slavi Pantaleev	7cb33c5519	Add support for easily installing the Matrix RTC stack, without the Element Call frontend (#4242 ) Some checks are pending Matrix CI / yamllint (push) Waiting to run Matrix CI / ansible-lint (push) Waiting to run REUSE Compliance Check / reuse-compliance-check (push) Waiting to run	2025-04-09 16:49:18 +03:00