Merge remote-tracking branch 'origin/master' into hookshot

docs/configuring-playbook-bot-go-neb.md

@@ -198,8 +198,8 @@ matrix_bot_go_neb_services:
       # Each room will get the notification with the alert rendered with the given template
       rooms:
         "!someroomid:domain.tld":
-          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
-          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
+          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
           msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 ```
 

docs/configuring-playbook-bridge-mx-puppet-slack.md

@@ -1,20 +1,33 @@
 # Setting up MX Puppet Slack (optional)
 
-**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook.
+**Note**: bridging to [Slack](https://slack.com) can also happen via the
+[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)
+bridge supported by the playbook.
 
 The playbook can install and configure
 [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you.
 
 See the project page to learn what it does and why it might be useful to you.
 
-To enable the [Slack](https://slack.com/) bridge just use the following
-playbook configuration:
+## Setup
 
+To enable the [Slack](https://slack.com/) bridge:
 
+1. Follow the
+   [OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth)
+   instructions to create a new Slack app, setting the redirect URL to
+   `https://matrix.YOUR_DOMAIN/slack/oauth`.
+2. Update your `vars.yml` with the following:
     ```yaml
     matrix_mx_puppet_slack_enabled: true
+    # Client ID must be quoted so YAML does not parse it as a float.
+    matrix_mx_puppet_slack_oauth_client_id: "<SLACK_APP_CLIENT_ID>"
+    matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
+    ```
+3. Run playbooks with `setup-all` and `start` tags:
+    ```
+    ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
     ```
-
 
 ## Usage
 

group_vars/matrix_servers

@@ -1522,6 +1522,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
     +
     (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
     +
+    (['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else [])
+    +
     (['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
   }}
 

roles/matrix-base/tasks/util/ensure_openssl_installed.yml

@@ -0,0 +1,23 @@
+
+# This is for both CentOS 7 and 8
+- name: Ensure openssl installed (CentOS)
+  yum:
+    name:
+      - openssl
+    state: latest
+  when: ansible_distribution == 'CentOS'
+
+# This is for both Debian and Raspbian
+- name: Ensure openssl installed (Debian/Raspbian)
+  apt:
+    name:
+      - openssl
+    state: latest
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure openssl installed (Archlinux)
+  pacman:
+    name:
+      - openssl
+    state: latest
+  when: ansible_distribution == 'Archlinux'

roles/matrix-bot-go-neb/defaults/main.yml

@@ -203,8 +203,8 @@ matrix_bot_go_neb_services: []
 #      # Each room will get the notification with the alert rendered with the given template
 #      rooms:
 #        "!someroomid:domain.tld":
-#          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
-#          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+#          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
+#          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
 #          msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 
 # Default configuration template which covers the generic use case.

roles/matrix-bot-honoroit/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.1
+matrix_bot_honoroit_version: v0.9.4
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -83,6 +83,12 @@ matrix_bot_honoroit_sentry: ''
 # Log level
 matrix_bot_honoroit_loglevel: ''
 
+# Text prefix: open
+matrix_bot_honoroit_text_prefix_open: ''
+
+# Text prefix: done
+matrix_bot_honoroit_text_prefix_done: ''
+
 # Text: greetings
 matrix_bot_honoroit_text_greetings: ''
 

roles/matrix-bot-honoroit/templates/env.j2

@@ -7,6 +7,8 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
 HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
 HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
 HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
+HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
+HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
 HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
 HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -1,5 +1,7 @@
 ---
 
+- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
+
 - name: Ensure Appservice IRC paths exist
   file:
     path: "{{ item.path }}"

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 
-matrix_appservice_slack_version: release-1.8.0
+matrix_appservice_slack_version: release-1.10.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-slack/templates/config.yaml.j2

@@ -5,9 +5,9 @@ bot_username: "{{ matrix_appservice_slack_bot_name }}"
 username_prefix: {{ matrix_appservice_slack_user_prefix }}
 
 homeserver:
-    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
-    url: "{{ matrix_appservice_slack_homeserver_url }}"
     server_name: "{{ matrix_domain }}"
+    url: "{{ matrix_appservice_slack_homeserver_url }}"
+    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
 
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"

roles/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/
 matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile"
 
-matrix_appservice_webhooks_version: v1.0.2-01
+matrix_appservice_webhooks_version: v1.0.3-01
 matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}redoonetworks/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_beeper_linkedin_enabled: true
 
-matrix_beeper_linkedin_version: v0.5.1
+matrix_beeper_linkedin_version: v0.5.2
 
 # See: https://gitlab.com/beeper/linkedin/container_registry
 matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.9.0
+matrix_heisenbridge_version: 1.10.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_mautrix_instagram_enabled: true
 matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 
-matrix_mautrix_instagram_version: latest
+matrix_mautrix_instagram_version: v0.1.2
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -7,8 +7,8 @@ matrix_mautrix_signal_container_image_self_build: false
 matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
-matrix_mautrix_signal_version: latest
-matrix_mautrix_signal_daemon_version: latest
+matrix_mautrix_signal_version: v0.2.2
+matrix_mautrix_signal_daemon_version: 0.16.1
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2

@@ -26,6 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
+			--tmpfs /tmp \
 			{% if matrix_mautrix_signal_container_http_host_bind_port %}
 			-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
 			{% endif %}

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -7,13 +7,13 @@ matrix_telegram_lottieconverter_container_image_self_build: false
 matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
 matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
 matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
-matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
 
 matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.10.2
+matrix_mautrix_telegram_version: v0.11.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -225,17 +225,6 @@ bridge:
         #      notices from users listed here will be bridged.
         exceptions: []
 
-    # Some config options related to Telegram message deduplication.
-    # The default values are usually fine, but some debug messages/warnings might recommend you
-    # change these.
-    deduplication:
-        # Whether or not to check the database if the message about to be sent is a duplicate.
-        pre_db_check: false
-        # The number of latest events to keep when checking for duplicates.
-        # You might need to increase this on high-traffic bridge instances.
-        cache_queue_length: 20
-
-
     # The formats to use when sending messages to Telegram via the relay bot.
     #
     # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.

roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2

@@ -15,15 +15,6 @@ Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
-ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--network={{ matrix_docker_network }} \
-			-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
-			-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
-			{{ matrix_mautrix_telegram_docker_image }} \
-			alembic -x config=/config/config.yaml upgrade head
 
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
 ExecStartPre={{ matrix_host_command_sleep }} 5

roles/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_mautrix_twitter_enabled: true
 matrix_mautrix_twitter_container_image_self_build: false
 matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
 
-matrix_mautrix_twitter_version: latest
+matrix_mautrix_twitter_version: v0.1.3
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
-matrix_mautrix_whatsapp_version: latest
+matrix_mautrix_whatsapp_version: v0.2.3
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
 matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -27,7 +27,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
 
-matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
+matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
 
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver

roles/matrix-bridge-mx-puppet-slack/defaults/main.yml

@@ -3,6 +3,9 @@
 
 matrix_mx_puppet_slack_enabled: true
 
+matrix_mx_puppet_slack_oauth_client_id: ''
+matrix_mx_puppet_slack_oauth_client_secret: ''
+
 matrix_mx_puppet_slack_container_image_self_build: false
 matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git"
 

roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2

@@ -18,6 +18,10 @@ bridge:
 # Slack OAuth settings. Create a slack app at https://api.slack.com/apps
 oauth:
   enabled: true
+  # Slack app credentials.
+  # N.B. This must be quoted so YAML does not parse it as a float.
+  clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}'
+  clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }}
   # Path where to listen for OAuth redirect callbacks.
   redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
   # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,

roles/matrix-client-cinny/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_cinny_enabled: true
 matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
-matrix_client_cinny_version: v1.6.1
+matrix_client_cinny_version: v1.7.0
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

roles/matrix-client-element/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.9.8
+matrix_client_element_version: v1.9.9
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.2.19
+matrix_client_hydrogen_version: v0.2.23
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/tasks/setup_install.yml

@@ -32,7 +32,7 @@
 - name: Ensure Hydrogen configuration installed
   copy:
     content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}"
-    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/assets/config.json"
+    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"

roles/matrix-dynamic-dns/defaults/main.yml

@@ -4,7 +4,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.9.1-ls45
+matrix_dynamic_dns_version: v3.9.1-ls76
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

roles/matrix-jitsi/defaults/main.yml

@@ -68,7 +68,7 @@ matrix_jitsi_jibri_recorder_password: ''
 
 matrix_jitsi_enable_lobby: false
 
-matrix_jitsi_version: stable-6726-1
+matrix_jitsi_version: stable-6726-2
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
 
 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

roles/matrix-jitsi/tasks/setup_jitsi_base.yml

@@ -1,5 +1,7 @@
 ---
 
+- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
+
 #
 # Tasks related to setting up jitsi
 #

roles/matrix-nginx-proxy/defaults/main.yml

@@ -476,7 +476,7 @@ matrix_ssl_lets_encrypt_staging: false
 # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
 matrix_ssl_lets_encrypt_server: ''
 
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.22.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~
@@ -555,5 +555,5 @@ matrix_nginx_proxy_synapse_frontend_proxy_locations: []
 # The amount of worker processes and connections
 # Consider increasing these when you are expecting high amounts of traffic
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections
-matrix_nginx_proxy_worker_processes: 1
+matrix_nginx_proxy_worker_processes: auto
 matrix_nginx_proxy_worker_connections: 1024

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml

@@ -1,28 +1,7 @@
 ---
 
-- name: Ensure OpenSSL installed (RedHat)
-  yum:
-    name:
-      - openssl
-    state: present
-    update_cache: no
-  when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'RedHat'"
-
-- name: Ensure APT usage dependencies are installed (Debian)
-  apt:
-    name:
-      - openssl
-    state: present
-    update_cache: no
-  when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_os_family == 'Debian'"
-
-- name: Ensure OpenSSL installed (Archlinux)
-  pacman:
-    name:
-      - openssl
-    state: latest
-    update_cache: no
-  when: "matrix_ssl_retrieval_method == 'self-signed' and ansible_distribution == 'Archlinux'"
+- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
+  when: "matrix_ssl_retrieval_method == 'self-signed'"
 
 - name: Generate self-signed certificates
   include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.2.2
+matrix_prometheus_node_exporter_version: v1.3.1
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 

roles/matrix-prometheus-postgres-exporter/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_postgres_exporter_enabled: false
 
-matrix_prometheus_postgres_exporter_version: v0.10.0
+matrix_prometheus_postgres_exporter_version: v0.10.1
 matrix_prometheus_postgres_exporter_port: 9187
 
 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"

roles/matrix-sygnal/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal"
 matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config"
 matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data"
 
-matrix_sygnal_version: v0.10.1
+matrix_sygnal_version: v0.11.0
 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}"
 matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.49.2
-matrix_synapse_version_arm64: v1.49.2
+matrix_synapse_version: v1.51.0
+matrix_synapse_version_arm64: v1.51.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
@@ -517,7 +517,7 @@ matrix_synapse_ext_password_provider_ldap_default_domain: ""
 # See: https://github.com/t2bot/synapse-simple-antispam
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam"
-matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "923ca5c85b08f157181721abbae50dd89c31e4b5"
+matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "5ab711971e3a4541a7a40310ff85e17f8262cc05"
 matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: []
 
 # Enable this to activate the Mjolnir Antispam spam-checker module.
@@ -580,6 +580,8 @@ matrix_synapse_default_room_version: "6"
 # If not, you can also control its value manually.
 matrix_synapse_spam_checker: []
 
+matrix_synapse_modules: []
+
 matrix_synapse_encryption_enabled_by_default_for_room_type: off
 
 matrix_synapse_trusted_key_servers:

roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml

@@ -38,8 +38,8 @@
   become_user: "{{ matrix_user_username }}"
 
 - set_fact:
-    matrix_synapse_spam_checker: >
-      {{ matrix_synapse_spam_checker }}
+    matrix_synapse_modules: >
+      {{ matrix_synapse_modules }}
       +
       [{
         "module": "synapse_simple_antispam.AntiSpamInvites",

roles/matrix-synapse/tasks/synapse/setup_install.yml

@@ -18,6 +18,7 @@
     group: "{{ matrix_user_groupname }}"
   when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
 
+- block:
   - name: Ensure Synapse repository is present on self-build
     git:
       repo: "{{ matrix_synapse_container_image_self_build_repo }}"
@@ -25,18 +26,25 @@
       version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
       force: "yes"
     register: matrix_synapse_git_pull_results
-  when: "matrix_synapse_container_image_self_build|bool"
 
+  - name: Check if Synapse Docker image exists
+    command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'"
+    register: matrix_synapse_docker_image_check_result
+
+  # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
+  # because the latter does not support BuildKit.
+  # See: https://github.com/ansible-collections/community.general/issues/514
   - name: Ensure Synapse Docker image is built
-  docker_image:
-    name: "{{ matrix_synapse_docker_image }}"
-    source: build
-    force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}"
-    build:
-      dockerfile: docker/Dockerfile
-      path: "{{ matrix_synapse_docker_src_files_path }}"
-      pull: yes
+    shell:
+      chdir: "{{ matrix_synapse_docker_src_files_path }}"
+      cmd: |
+        {{ matrix_host_command_docker }} build \
+        -t "{{ matrix_synapse_docker_image }}" \
+        -f docker/Dockerfile \
+        .
+    environment:
+      DOCKER_BUILDKIT: 1
+    when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''"
   when: "matrix_synapse_container_image_self_build|bool"
 
 - name: Ensure Synapse Docker image is pulled

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -12,15 +12,16 @@
 
 # Server admins can expand Synapse's functionality with external modules.
 #
-# See https://matrix-org.github.io/synapse/develop/modules.html for more
+# See https://matrix-org.github.io/synapse/latest/modules/index.html for more
 # documentation on how to configure or create custom modules for Synapse.
 #
-modules:
+#modules:
     # - module: my_super_module.MySuperClass
     #   config:
     #       do_thing: true
     # - module: my_other_super_module.SomeClass
     #   config: {}
+modules: {{ matrix_synapse_modules|to_json }}
 
 
 ## Server ##
@@ -49,13 +50,7 @@ server_name: "{{ matrix_domain }}"
 #
 pid_file: /homeserver.pid
 
-# The absolute URL to the web client which /_matrix/client will redirect
-# to if 'webclient' is configured under the 'listeners' configuration.
-#
-# This option can be also set to the filesystem path to the web client
-# which will be served at /_matrix/client/ if 'webclient' is configured
-# under the 'listeners' configuration, however this is a security risk:
-# https://github.com/matrix-org/synapse#security-note
+# The absolute URL to the web client which / will redirect to.
 #
 #web_client_location: https://riot.example.com/
 
@@ -139,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe
 # The default room version for newly created rooms.
 #
 # Known room versions are listed here:
-# https://matrix.org/docs/spec/#complete-list-of-room-versions
+# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
 #
 # For example, for room version 1, default_room_version should be set
 # to "1".
@@ -284,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
 #   static: static resources under synapse/static (/_matrix/static). (Mostly
 #       useful for 'fallback authentication'.)
 #
-#   webclient: A web client. Requires web_client_location to be set.
-#
 listeners:
 {% if matrix_synapse_metrics_enabled %}
   - type: metrics
@@ -1519,6 +1512,7 @@ room_prejoin_state:
    # - m.room.encryption
    # - m.room.name
    # - m.room.create
+   # - m.room.topic
    #
    # Uncomment the following to disable these defaults (so that only the event
    # types listed in 'additional_event_types' are shared). Defaults to 'false'.
@@ -1533,6 +1527,21 @@ room_prejoin_state:
    #additional_event_types:
    #  - org.example.custom.event.type
 
+# We record the IP address of clients used to access the API for various
+# reasons, including displaying it to the user in the "Where you're signed in"
+# dialog.
+#
+# By default, when puppeting another user via the admin API, the client IP
+# address is recorded against the user who created the access token (ie, the
+# admin user), and *not* the puppeted user.
+#
+# Uncomment the following to also record the IP address against the puppeted
+# user. (This also means that the puppeted user will count as an "active" user
+# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc
+# above.)
+#
+#track_puppeted_user_ips: true
+
 
 # A list of application service config files to use
 #
@@ -1898,10 +1907,13 @@ saml2_config:
 #       Defaults to false. Avoid this in production.
 #
 #   user_profile_method: Whether to fetch the user profile from the userinfo
-#       endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
+#       endpoint, or to rely on the data returned in the id_token from the
+#       token_endpoint.
 #
-#       Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
-#       included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
+#       Valid values are: 'auto' or 'userinfo_endpoint'.
+#
+#       Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
+#       not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
 #       userinfo endpoint.
 #
 #   allow_existing_users: set to 'true' to allow a user logging in via OIDC to