Merge branch 'master' into element-call-integration

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # matrix-alertmanager-receiver is a service which receives webhook payloads from Prometheus' Alertmanager and forwards them to a Matrix room.
@@ -6,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2024.11.20
+matrix_alertmanager_receiver_version: 2025.3.5
 
 matrix_alertmanager_receiver_scheme: https
 
@@ -25,11 +30,12 @@ matrix_alertmanager_receiver_container_image_self_build_repo: https://github.com
 matrix_alertmanager_receiver_container_image_self_build_repo_version: "{{ 'main' if matrix_alertmanager_receiver_version == 'main' else matrix_alertmanager_receiver_version }}"
 matrix_alertmanager_receiver_container_src_path: "{{ matrix_alertmanager_receiver_base_path }}/container-src"
 
-matrix_alertmanager_receiver_container_image: "{{ matrix_alertmanager_receiver_container_image_name_prefix }}metio/matrix-alertmanager-receiver:{{ matrix_alertmanager_receiver_container_image_tag }}"
-matrix_alertmanager_receiver_container_image_name_prefix: "{{ 'localhost/' if matrix_alertmanager_receiver_container_image_self_build else matrix_alertmanager_receiver_container_image_registry_prefix }}"
+matrix_alertmanager_receiver_container_image: "{{ matrix_alertmanager_receiver_container_image_registry_prefix }}metio/matrix-alertmanager-receiver:{{ matrix_alertmanager_receiver_container_image_tag }}"
 matrix_alertmanager_receiver_container_image_tag: "{{ matrix_alertmanager_receiver_version }}"
 matrix_alertmanager_receiver_container_image_force_pull: "{{ matrix_alertmanager_receiver_container_image.endswith(':main') }}"
-matrix_alertmanager_receiver_container_image_registry_prefix: docker.io/
+matrix_alertmanager_receiver_container_image_registry_prefix: "{{ matrix_alertmanager_receiver_container_image_registry_prefix_upstream }}"
+matrix_alertmanager_receiver_container_image_registry_prefix_upstream: "{{ matrix_alertmanager_receiver_container_image_registry_prefix_upstream_default }}"
+matrix_alertmanager_receiver_container_image_registry_prefix_upstream_default: "docker.io/"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_alertmanager_receiver_container_network: ''
@@ -218,7 +224,7 @@ matrix_alertmanager_receiver_config_templating_resolved_template: |-
 #
 # For a more advanced customization, you can extend the default (see `matrix_alertmanager_receiver_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
-matrix_alertmanager_receiver_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
+matrix_alertmanager_receiver_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 
 matrix_alertmanager_receiver_configuration_extension_yaml: |
   # Your custom YAML configuration for matrix-alertmanager-receiver goes here.

roles/custom/matrix-alertmanager-receiver/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-alertmanager-receiver paths exist

roles/custom/matrix-alertmanager-receiver/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-alertmanager-receiver/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-alertmanager-receiver service

roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: Fail if required matrix-alertmanager-receiver settings not defined
   ansible.builtin.fail:
@@ -12,3 +16,11 @@
     - {'name': 'matrix_alertmanager_receiver_container_network', when: true}
     - {'name': 'matrix_alertmanager_receiver_metrics_proxying_hostname', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}
     - {'name': 'matrix_alertmanager_receiver_metrics_proxying_path_prefix', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}
+
+- name: (Deprecation) Catch and report renamed matrix-alertmanager-receiver variables
+  ansible.builtin.fail:
+    msg: >-
+      The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead.
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'}

roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-alertmanager-receiver/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_alertmanager_receiver_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-alertmanager-receiver
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
 
 Restart=always

roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-appservice-double-puppet/defaults/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 matrix_appservice_double_puppet_enabled: true

roles/custom/matrix-appservice-double-puppet/tasks/install.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-appservice-double-puppet paths exist

roles/custom/matrix-appservice-double-puppet/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-appservice-double-puppet/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-appservice-double-puppet paths don't exist

roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: Fail if required matrix-appservice-double-puppet settings not defined
   ansible.builtin.fail:

roles/custom/matrix-appservice-double-puppet/templates/registration.yaml.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # The ID doesn't really matter, put whatever you want.
 id: {{ matrix_appservice_double_puppet_registration_id | to_json }}
 # The URL is intentionally left empty (null), as the homeserver shouldn't

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2024 - 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # A moderation tool for Matrix
 # Project source code URL: https://github.com/the-draupnir-project/Draupnir
@@ -5,13 +11,15 @@
 matrix_appservice_draupnir_for_all_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_appservice_draupnir_for_all_version: "1.87.0"
+matrix_appservice_draupnir_for_all_version: "v2.2.0"
 
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
 
-matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
-matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default: "docker.io/"
+matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
 matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
 
 matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"

roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-appservice-draupnir-for-all service

roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
@@ -7,3 +13,12 @@
     - "matrix_appservice_draupnir_for_all_master_control_room_alias"
     - "matrix_bot_draupnir_container_network"
   when: "vars[item] == '' or vars[item] is none"
+
+- name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}

roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 homeserver:
   # The Matrix server name, this will be the name of the server in your Matrix ID.
   domain: "{{ matrix_domain }}"

roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2

@@ -1,23 +1,19 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # The log level of terminal (or container) output,
 # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
 #
 # This should be at INFO or DEBUG in order to get support for Draupnir problems.
 logLevel: "INFO"
 
-# Whether or not Draupnir should synchronize policy lists immediately after startup.
-# Equivalent to running '!draupnir sync'.
-syncOnStartup: true
-
 # Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
 # Equivalent to running `!draupnir verify`.
 verifyPermissionsOnStartup: true
 
-# Whether Draupnir should check member lists quicker (by using a different endpoint),
-# keep in mind that enabling this will miss invited (but not joined) users.
-#
-# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
-fasterMembershipChecks: false
-
 # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
 #
 # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
@@ -70,14 +66,10 @@ commands:
     - "draupnir_bot"
     - "draupnir"
 
-  # Whether or not commands with a wildcard (*) will require an additional `--force` argument
-  # in the command to be able to be submitted.
-  confirmWildcardBan: true
-
   # The default reasons to be prompted with if the reason is missing from a ban command.
   ban:
-    defaultReasons: 
+    defaultReasons:
       - "spam"
       - "brigading"
       - "harassment"
-      - "disagreement"
+      - "disagreement"

roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-draupnir-for-all
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # matrix-authentication-service (MAS) is an OAuth 2.0 and OpenID Provider server for Matrix.
@@ -17,9 +22,11 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 0.12.0
-matrix_authentication_service_container_image: "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service:{{ matrix_authentication_service_version }}"
-matrix_authentication_service_container_image_name_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
+matrix_authentication_service_version: 0.14.1
+matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
+matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
+matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_authentication_service_container_image: "{{ matrix_authentication_service_container_image_registry_prefix }}element-hq/matrix-authentication-service:{{ matrix_authentication_service_version }}"
 matrix_authentication_service_container_image_force_pull: "{{ matrix_authentication_service_container_image.endswith(':latest') }}"
 
 matrix_authentication_service_base_path: "{{ matrix_base_data_path }}/matrix-authentication-service"
@@ -161,13 +168,13 @@ matrix_authentication_service_config_email_reply_to_address: "{{ matrix_authenti
 
 # Controls the `email.transport` configuration setting.
 #
-# Valid options are: blackhole, smtp, aws_ses
+# Valid values: blackhole, smtp, aws_ses
 # Upstream reports that `sendmail` is supported as well,
 # but this is not true when running it in a container image due to the `sendmail` binary not being included.
 matrix_authentication_service_config_email_transport: blackhole
 
 # Controls the `email.mode` configuration setting for SMTP.
-# Options are 'plain', 'tls', or 'starttls'.
+# Valid values: plain, tls, starttls
 matrix_authentication_service_config_email_mode: plain
 
 # Controls the `email.hostname` configuration setting for SMTP.
@@ -220,7 +227,7 @@ matrix_authentication_service_config_account_password_change_allowed: true
 
 # Controls the `account.password_recovery_enabled` configuration setting.
 #
-# Whether email-based password recovery is enabled
+# Whether email-based password recovery is enabled.
 # This has no effect if password login is disabled.
 matrix_authentication_service_config_account_password_recovery_enabled: false
 
@@ -340,7 +347,7 @@ matrix_authentication_service_config_http_trusted_proxies:
 matrix_authentication_service_config_matrix_homeserver: ""
 
 # Controls the `matrix.endpoint` configuration setting.
-# URL to which the homeserver is accessible from the service
+# URL to which the homeserver is accessible from the service.
 matrix_authentication_service_config_matrix_endpoint: ""
 
 # Controls the `matrix.secret` configuration setting.
@@ -361,20 +368,20 @@ matrix_authentication_service_config_matrix_secret: ""
 
 # Controls the `passwords.enabled` configuration setting.
 # Whether to enable the password database.
-# If disabled, users will only be able to log in using upstream OIDC providers
+# If disabled, users will only be able to log in using upstream OIDC providers.
 matrix_authentication_service_config_passwords_enabled: true
 
 # Controls the `passwords.schemes` configuration setting.
 # List of password hashing schemes being used.
-# Only change this if you know what you're doing
+# Only change this if you know what you're doing.
 matrix_authentication_service_config_passwords_schemes:
   - version: 1
     algorithm: argon2id
 
 # Controls the `passwords.minimum_complexity` configuration setting.
-# Minimum complexity required for passwords, estimated by the zxcvbn algorithm
-# Must be between 0 and 4, default is 3
-# See https://github.com/dropbox/zxcvbn#usage for more information
+# Minimum complexity required for passwords, estimated by the zxcvbn algorithm.
+# Must be between 0 and 4. Default is 3.
+# See https://github.com/dropbox/zxcvbn#usage for more information.
 matrix_authentication_service_config_passwords_minimum_complexity: 3
 
 ########################################################################################
@@ -502,7 +509,7 @@ matrix_authentication_service_container_labels_public_main_tls_certResolver: "{{
 # - https://element-hq.github.io/matrix-authentication-service/setup/reverse-proxy.html#compatibility-layer
 #
 # Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
-# See `matrix_authentication_service_container_labels_traefik_enabled`
+# See `matrix_authentication_service_container_labels_traefik_enabled`.
 matrix_authentication_service_container_labels_public_compatibility_layer_enabled: false
 matrix_authentication_service_container_labels_public_compatibility_layer_hostname: ""
 matrix_authentication_service_container_labels_public_compatibility_layer_path_regexp: "^/_matrix/client/(?P<version>([^/]+))/(?P<endpoint>(login|logout|refresh))"
@@ -555,7 +562,7 @@ matrix_authentication_service_syn2mas_start_wait_time_seconds: 5
 matrix_authentication_service_syn2mas_dry_run: false
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas
-matrix_authentication_service_syn2mas_version: 0.12.0
+matrix_authentication_service_syn2mas_version: 0.14.1
 matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
 matrix_authentication_service_syn2mas_container_image_name_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
 matrix_authentication_service_syn2mas_container_image_force_pull: "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}"

roles/custom/matrix-authentication-service/tasks/install.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix Authentication Service paths exist

roles/custom/matrix-authentication-service/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-authentication-service/tasks/mas_cli_doctor.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix Authentication Service is started

roles/custom/matrix-authentication-service/tasks/register_user.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if playbook called incorrectly

roles/custom/matrix-authentication-service/tasks/syn2mas.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:
@@ -106,7 +111,7 @@
 # See: https://ansibledaily.com/print-to-standard-output-without-escaping/
 #
 # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it,
-# which ruins the command (`matrix_authentication_service_syn2mas_migration_command`)
+# which ruins the command (`matrix_authentication_service_syn2mas_migration_command`).
 - name: Note about syn2mas migration
   ansible.builtin.set_fact:
     dummy: true

roles/custom/matrix-authentication-service/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-authentication-service service

roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Prepare Matrix Authentication Service private key file path ({{ private_key_definition.key_file }})

roles/custom/matrix-authentication-service/tasks/validate_config.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required matrix-authentication-service settings not defined
@@ -29,3 +34,12 @@
   ansible.builtin.fail:
     msg: "matrix_authentication_service_config_email_transport must be one of: blackhole, smtp, or aws_ses"
   when: "matrix_authentication_service_config_email_transport not in ['blackhole', 'smtp', 'aws_ses']"
+
+- name: (Deprecation) Catch and report renamed matrix-authentication-service settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'}

roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/bin/register-user.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/config.yaml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/env.j2

@@ -1 +1,7 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {{ matrix_authentication_service_environment_variables_extension }}

roles/custom/matrix-authentication-service/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_authentication_service_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-authentication-service 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-authentication-service
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-authentication-service 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/vars/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Like `matrix_authentication_service_config_http_public_base` but a private base URL only accessible from within the container network.

roles/custom/matrix-base/defaults/main.yml

@@ -1,7 +1,36 @@
+# SPDX-FileCopyrightText: 2019 - 2021 Aaron Raimist
+# SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 Dan Arnfield
+# SPDX-FileCopyrightText: 2019 Edgars Voroboks
+# SPDX-FileCopyrightText: 2019 Lyubomir Popov
+# SPDX-FileCopyrightText: 2019 Stuart Mumford
+# SPDX-FileCopyrightText: 2020 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2020 Alin Trăistaru
+# SPDX-FileCopyrightText: 2020 Chris van Dijk
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2020 Tobias Küchel
+# SPDX-FileCopyrightText: 2021 Blaž Tomažič
+# SPDX-FileCopyrightText: 2021 Krisztian Szegi
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2021 boris runakov
+# SPDX-FileCopyrightText: 2022 - 2025 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Charles Wright
+# SPDX-FileCopyrightText: 2022 Julian Foad
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2023 Benjamin Kampmann
+# SPDX-FileCopyrightText: 2023 Jayesh Nirve
+# SPDX-FileCopyrightText: 2023 Johan Swetzén
+# SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+# SPDX-FileCopyrightText: 2024 László Várady
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # The bare domain name which represents your Matrix identity.
-# Matrix user IDs for your server will be of the form (`@user:example.com`).
+# Matrix user IDs for your server will be of the form (`@alice:example.com`).
 #
 # Note: this playbook does not touch the server referenced here.
 # Installation happens on another server ("matrix.example.com", see `matrix_server_fqn_matrix`).
@@ -10,7 +39,7 @@
 matrix_domain: ~
 
 # The optional Matrix admin MXID, used in bridges' configs to set bridge admin user
-# Example value: "@someone:{{ matrix_domain }}"
+# Example value: "@alice:{{ matrix_domain }}"
 matrix_admin: ''
 
 # Global var to enable/disable encryption across all bridges with encryption support
@@ -49,7 +78,7 @@ matrix_monitoring_container_network: matrix-monitoring
 matrix_homeserver_enabled: true
 
 # This will contain the homeserver implementation that is in use.
-# Valid values: synapse, dendrite, conduit
+# Valid values: synapse, dendrite, conduit, conduwuit
 #
 # By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
 #
@@ -80,6 +109,9 @@ matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
 # This is where you access the SchildiChat Web from (if enabled via matrix_client_schildichat_enabled; disabled by default).
 matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
 
+# This is where you access the FluffyChat Web from (if enabled via matrix_client_fluffychat_enabled; disabled by default).
+matrix_server_fqn_fluffychat: "fluffychat.{{ matrix_domain }}"
+
 # This is where you access the Buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
 matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
 
@@ -133,7 +165,12 @@ matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm6
 # We just remap from our `matrix_architecture` values to what Debian and possibly other distros call things.
 matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_architecture }}"
 
-matrix_container_global_registry_prefix: "docker.io/"
+# If specified, the playbook will override the default registry prefix for all components.
+#
+# This is to be used when you've mirrored all the necessary container images (from their respective registries) by yourself.
+#
+# Example value: "registry.example.com/" (note the trailing `/`).
+matrix_container_global_registry_prefix_override: ""
 
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
@@ -217,7 +254,6 @@ matrix_metrics_exposure_http_basic_auth_users: ''
 # - `playbook-managed-traefik`
 #     - the playbook will run a managed Traefik instance (matrix-traefik)
 #     - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
-#     - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
 #
 # - `other-traefik-container`
 #     - this playbook will not install Traefik
@@ -234,7 +270,7 @@ matrix_metrics_exposure_http_basic_auth_users: ''
 matrix_playbook_reverse_proxy_type: ''
 
 # Specifies the network that the reverse-proxy is operating at
-matrix_playbook_reverse_proxy_container_network: 'traefik'
+matrix_playbook_reverse_proxy_container_network: "{{ 'traefik' if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] else '' }}"
 
 # Specifies the hostname that the reverse-proxy is available at
 matrix_playbook_reverse_proxy_hostname: 'matrix-traefik'
@@ -271,7 +307,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name: "{{ matrix
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout: "{{ traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout }}"  # noqa var-naming

roles/custom/matrix-base/tasks/ensure_fuse_installed.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # This is for both RedHat 7 and 8

roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (Archlinux)

roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (Debian/Raspbian)

roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (RedHat)

roles/custom/matrix-base/tasks/ensure_openssl_installed.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure openssl installed

roles/custom/matrix-base/tasks/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 Dan Arnfield
+# SPDX-FileCopyrightText: 2020 MDAD project contributors
+# SPDX-FileCopyrightText: 2020 Marcel Partap
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Warren Bailey
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-base/tasks/setup_matrix_base.yml

@@ -1,3 +1,15 @@
+# SPDX-FileCopyrightText: 2017 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2018 - 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2019 Stuart Mumford
+# SPDX-FileCopyrightText: 2020 Béla Becker
+# SPDX-FileCopyrightText: 2020 Chris van Dijk
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+# SPDX-FileCopyrightText: 2024 László Várady
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix base paths exists

roles/custom/matrix-base/tasks/setup_matrix_user.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix group is created

roles/custom/matrix-base/tasks/validate_config.yml

@@ -1,15 +1,25 @@
+# SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2020 - 2021 Aaron Raimist
+# SPDX-FileCopyrightText: 2020 Christian Wolf
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2022 Charles Wright
+# SPDX-FileCopyrightText: 2022 Warren Bailey
+# SPDX-FileCopyrightText: 2023 Jayesh Nirve
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if invalid homeserver implementation
   ansible.builtin.fail:
     msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
-  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
+  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit', 'conduwuit']"
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
@@ -21,6 +31,7 @@
     - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
+    - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
 
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined

roles/custom/matrix-base/templates/bin/remove-all.j2

@@ -6,7 +6,7 @@ if [ "$(id -u)" != "0" ]; then
 	exit 1
 fi
 
-echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images,..."
+echo "WARNING! You are about to remove everything the playbook installs for {{ matrix_server_fqn_matrix }}: matrix, docker images, …"
 echo -n "If you're sure you want to do this, type: 'Yes, I really want to remove everything!'"
 read sure
 

roles/custom/matrix-base/templates/bin/remove-all.j2.license

@@ -0,0 +1,6 @@
+SPDX-FileCopyrightText: 2018 - 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Hugues De Keyzer
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/defaults/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2024 Nikita Chernyi
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # baibot is a bot exposing the power of Large Language Models to you.
@@ -11,9 +17,11 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.4.0
-matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
-matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_baibot_version: v1.5.0
+matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
+matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
+matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_baibot_container_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}"
 
 matrix_bot_baibot_base_path: "{{ matrix_base_data_path }}/baibot"
@@ -87,6 +95,10 @@ matrix_bot_baibot_config_user_encryption_recovery_reset_allowed: false
 # If you leave this empty, the bot will use the default (!bai).
 matrix_bot_baibot_config_command_prefix: "!bai"
 
+# Controls the `room.post_join_self_introduction_enabled` configuration setting.
+# Influences whether the bot should send an introduction message after joining a room.
+matrix_bot_baibot_config_room_post_join_self_introduction_enabled: true
+
 # Controls the `access.admin_patterns` configuration setting.
 # A space-separated list of MXID patterns which specify who is an admin.
 #
@@ -167,7 +179,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_anthropic_id: anthropic
 matrix_bot_baibot_config_agents_static_definitions_anthropic_provider: anthropic
 
-matrix_bot_baibot_config_agents_static_definitions_anthropic_config: "{{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_anthropic_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_anthropic_config: "{{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_anthropic_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml: "{{ lookup('template', 'templates/provider/anthropic-config.yml.j2') }}"
 
@@ -193,7 +205,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: ""
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_enabled: true
 # For valid model choices, see: https://platform.anthropic.com/docs/models
-matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
+matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-7-sonnet-20250219
 # The prompt text to use (can be null or empty to not use a prompt).
 # See: https://huggingface.co/docs/transformers/en/tasks/prompting
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
@@ -220,7 +232,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_groq_id: groq
 matrix_bot_baibot_config_agents_static_definitions_groq_provider: groq
 
-matrix_bot_baibot_config_agents_static_definitions_groq_config: "{{ matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_groq_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_groq_config: "{{ matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_groq_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml: "{{ lookup('template', 'templates/provider/groq-config.yml.j2') }}"
 
@@ -276,7 +288,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_mistral_id: mistral
 matrix_bot_baibot_config_agents_static_definitions_mistral_provider: mistral
 
-matrix_bot_baibot_config_agents_static_definitions_mistral_config: "{{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_mistral_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_mistral_config: "{{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_mistral_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml: "{{ lookup('template', 'templates/provider/mistral-config.yml.j2') }}"
 
@@ -329,7 +341,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_openai_id: openai
 matrix_bot_baibot_config_agents_static_definitions_openai_provider: openai
 
-matrix_bot_baibot_config_agents_static_definitions_openai_config: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_openai_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_openai_config: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_openai_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml: "{{ lookup('template', 'templates/provider/openai-config.yml.j2') }}"
 
@@ -364,6 +376,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation
 # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: 16384
+matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: ~
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 128000
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true
@@ -461,7 +474,7 @@ matrix_bot_baibot_configuration: "{{ matrix_bot_baibot_configuration_yaml | from
 #
 # For a more advanced customization, you can extend the default (see `matrix_bot_baibot_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
-matrix_bot_baibot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
+matrix_bot_baibot_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 
 matrix_bot_baibot_configuration_extension_yaml: |
   # Your custom YAML configuration for baibot goes here.

roles/custom/matrix-bot-baibot/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure baibot paths exist
@@ -70,6 +75,7 @@
     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_baibot_container_network }}"
     driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 
 - name: Ensure matrix-bot-baibot.service installed
   ansible.builtin.template:

roles/custom/matrix-bot-baibot/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-baibot/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-baibot service

roles/custom/matrix-bot-baibot/tasks/validate_config.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required baibot settings not defined
@@ -26,3 +31,12 @@
     msg: >-
       You need to define a required configuration setting (`matrix_bot_baibot_config_access_admin_patterns`) to specify which users are bot administrators.
   when: "matrix_bot_baibot_config_access_admin_patterns | length == 0"
+
+- name: (Deprecation) Catch and report renamed baibot settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'}

roles/custom/matrix-bot-baibot/templates/config.yaml.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # Default configuration for baibot.
 # To extend it, use `matrix_bot_baibot_configuration_extension_yaml`.
 
@@ -35,6 +42,10 @@ user:
 # Command prefix. Leave empty to use the default (!bai).
 command_prefix: {{ matrix_bot_baibot_config_command_prefix | to_json }}
 
+room:
+  # Whether the bot should send an introduction message after joining a room.
+  post_join_self_introduction_enabled: {{ matrix_bot_baibot_config_room_post_join_self_introduction_enabled | to_json }}
+
 access:
   # Space-separated list of MXID patterns which specify who is an admin.
   admin_patterns: {{ matrix_bot_baibot_config_access_admin_patterns | to_json }}

roles/custom/matrix-bot-baibot/templates/env.j2

@@ -1 +1,7 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {{ matrix_bot_baibot_environment_variables_extension }}

roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2

@@ -8,7 +8,12 @@ text_generation:
   model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id | to_json }}
   prompt: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt | to_json }}
   temperature: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature | to_json }}
+  {% if matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens %}
   max_response_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens | int | to_json }}
+  {% endif %}
+  {% if matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens %}
+  max_completion_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens | int | to_json }}
+  {% endif %}
   max_context_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens | int | to_json }}
 {% endif %}
 

roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-baibot 2>/dev/null || true'
 
 {#
@@ -43,7 +43,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-baibot
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-baibot 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-buscarron/defaults/main.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2022 - 2024 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Buscarron is a Web forms (HTTP POST) to Matrix service.
@@ -29,8 +36,10 @@ matrix_bot_buscarron_docker_repo: "https://github.com/etkecc/buscarron.git"
 matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 
-matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_docker_image_registry_prefix_upstream }}"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.

roles/custom/matrix-bot-buscarron/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-buscarron/tasks/setup_install.yml

@@ -1,3 +1,11 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - ansible.builtin.set_fact:
     matrix_bot_buscarron_requires_restart: false

roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-buscarron service

roles/custom/matrix-bot-buscarron/tasks/validate_config.yml

@@ -1,15 +1,22 @@
+# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: (Deprecation) Catch and report renamed Buscarron settings
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_bot_buscarron_noencryption', 'new': '<removed>'}
     - {'old': 'matrix_bot_buscarron_spam_hosts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
     - {'old': 'matrix_bot_buscarron_spam_emails', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
     - {'old': 'matrix_bot_buscarron_spam_localparts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
+    - {'old': 'matrix_bot_buscarron_container_image_name_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
 
 - name: Fail if required Buscarron settings not defined
   ansible.builtin.fail:

roles/custom/matrix-bot-buscarron/templates/env.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2022 - 2024 Nikita Chernyi
+SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }}
 BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }}
 BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }}

roles/custom/matrix-bot-buscarron/templates/labels.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2023 Nikita Chernyi
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_bot_buscarron_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-buscarron
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 
 Restart=always

roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2022 Nikita Chernyi
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-chatgpt/defaults/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2023 Joe Kappus
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Nikita Chernyi
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # chatgpt is a bot for chatting to openAI chatgpt Matrix bot
 # Project source code URL: https://github.com/matrixgpt/matrix-chatgpt-bot
@@ -11,11 +20,12 @@ matrix_bot_chatgpt_container_image_self_build: false
 matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
 matrix_bot_chatgpt_container_image_self_build_repo_version: "{{ 'main' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
 
-matrix_bot_chatgpt_container_image: "{{ matrix_bot_chatgpt_container_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_container_image_tag }}"
-matrix_bot_chatgpt_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else matrix_bot_chatgpt_container_image_registry_prefix }}"
+matrix_bot_chatgpt_container_image: "{{ matrix_bot_chatgpt_container_image_registry_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_container_image_tag }}"
+matrix_bot_chatgpt_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else matrix_bot_chatgpt_container_image_registry_prefix_upstream }}"
+matrix_bot_chatgpt_container_image_registry_prefix_upstream: "{{ matrix_bot_chatgpt_container_image_registry_prefix_upstream_default }}"
+matrix_bot_chatgpt_container_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_chatgpt_container_image_tag: "{{ matrix_bot_chatgpt_version }}"
 matrix_bot_chatgpt_container_image_force_pull: "{{ matrix_bot_chatgpt_container_image.endswith(':latest') }}"
-matrix_bot_chatgpt_container_image_registry_prefix: ghcr.io/
 
 matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt"
 matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"
@@ -57,7 +67,7 @@ matrix_bot_chatgpt_keyv_bot_storage: true
 # Matrix Static Settings (required, see notes)
 # Defaults to "https://matrix.org"
 matrix_bot_chatgpt_matrix_homeserver_url: ""  # MATRIX_HOMESERVER_URL=
-# With the @ and :example.com, ie @SOMETHING:example.com, needs to be set, created manually beforehand.
+# With the @ and :example.com, ie @bot.chatgpt:example.com, needs to be set, created manually beforehand.
 matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt'
 matrix_bot_chatgpt_matrix_bot_username: "@{{ matrix_bot_chatgpt_matrix_bot_username_localpart }}:{{ matrix_domain }}"  # MATRIX_BOT_USERNAME=
 # Set `MATRIX_BOT_PASSWORD` the bot will print an `MATRIX_ACCESS_TOKEN` to the terminal
@@ -87,8 +97,8 @@ matrix_bot_chatgpt_matrix_rich_text: true  # MATRIX_RICH_TEXT=true
 # A list of admins
 # Example set of rules:
 # matrix_bot_chatgpt_admins:
-# - @someone:example.com
-# - @another:example.com
+# - @alice:example.com
+# - @bob:example.com
 # - @bot.*:example.com
 # - @*:example.net
 # matrix_bot_chatgpt_admins: "{{ [matrix_admin] if matrix_admin else [] }}"

roles/custom/matrix-bot-chatgpt/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 David Mehren
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure chatgpt paths exist

roles/custom/matrix-bot-chatgpt/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 -

roles/custom/matrix-bot-chatgpt/tasks/uninstall.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-chatgpt service

roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required Chatgpt settings not defined
@@ -26,7 +32,7 @@
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_bot_chatgpt_docker_image', 'new': 'matrix_bot_chatgpt_container_image'}
@@ -35,3 +41,4 @@
     - {'old': 'matrix_bot_chatgpt_docker_repo', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo'}
     - {'old': 'matrix_bot_chatgpt_docker_repo_version', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo_version'}
     - {'old': 'matrix_bot_chatgpt_docker_src_files_path', 'new': 'matrix_bot_chatgpt_container_src_path'}
+    - {'old': 'matrix_bot_chatgpt_container_image_name_prefix', 'new': 'matrix_bot_chatgpt_container_image_registry_prefix'}

roles/custom/matrix-bot-chatgpt/templates/env.j2

@@ -1,3 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 Joe Kappus
+SPDX-FileCopyrightText: 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }}
 MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }}
 
@@ -10,7 +19,7 @@ KEYV_URL={{ matrix_bot_chatgpt_keyv_url }}
 KEYV_BOT_ENCRYPTION={{ matrix_bot_chatgpt_keyv_bot_encryption|lower }}
 KEYV_BOT_STORAGE={{ matrix_bot_chatgpt_keyv_bot_storage|lower }}
 
-# With the @ and :example.com, ie @SOMETHING:example.com
+# With the @ and :example.com, ie @bot.chatgpt:example.com
 MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }}
 MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }}
 

roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-chatgpt
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2.license

@@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2023 Vladimir Panteleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # A moderation tool for Matrix
 # Project source code URL: https://github.com/the-draupnir-project/Draupnir
@@ -5,13 +11,15 @@
 matrix_bot_draupnir_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v1.87.0"
+matrix_bot_draupnir_version: "v2.2.0"
 
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
 
-matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
-matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
+matrix_bot_draupnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_docker_image_registry_prefix_upstream }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream_default: "docker.io/"
 matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
 
 matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
@@ -49,17 +57,39 @@ matrix_bot_draupnir_systemd_wanted_services_list: []
 # Whether Draupnir should talk to the homeserver through Pantalaimon
 # If true, then other variables must be provided including pointing
 # `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL.
+#
+# The upstream project discourages enabling this option, because it is
+# known that running Draupnir along with Pantalaimon breaks all workflows that involve
+# answering prompts with reactions. (Hint: a lot of workflows rely on them.)
 matrix_bot_draupnir_pantalaimon_use: false
 
-# The access token for the bot user. Required when NOT using Pantalaimon.
+# If you choose to accept the risks of using Pantalaimon in your installation
+# against the upstream advice, you can enable this to disable the warning about using it.
+matrix_bot_draupnir_pantalaimon_breakage_ignore: false
+
+# Tells the bot if it should use its native E2EE support in the form of experimental Rust Crypto in the bot SDK.
+# This option is mutually exclusive with `matrix_bot_draupnir_pantalaimon_use`.
+# Rust Crypto requires a clean access token that has not touched E2EE so curl is recommended as a method to obtain it.
+matrix_bot_draupnir_enable_experimental_rust_crypto: false
+
+# The access token for the bot user. Required if Pantalaimon is NOT used.
 # (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.)
 matrix_bot_draupnir_access_token: ""
 
-# User name and password for the bot. Required when using Pantalaimon.
+# Username and password for the bot. Required if Pantalaimon is used.
 # (Otherwise provide `matrix_bot_draupnir_access_token` instead.)
 matrix_bot_draupnir_pantalaimon_username: ""
 matrix_bot_draupnir_pantalaimon_password: ""
 
+# Username and password the bot uses for logging in directly. If Pantalaimon is used,
+# these values become the values of `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password`
+matrix_bot_draupnir_login: "{{ matrix_bot_draupnir_pantalaimon_username if matrix_bot_draupnir_pantalaimon_use == 'true' else 'bot.draupnir' }}"
+matrix_bot_draupnir_password: "{{ matrix_bot_draupnir_pantalaimon_password }}"
+
+# Controls if we activate the config block for Pantalaimon for now. Its name will
+# probably be changed for our usecase due to Draupnir's push to scrub Pantalaimon from the codebase.
+matrix_bot_draupnir_login_native: ""
+
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
@@ -67,23 +97,28 @@ matrix_bot_draupnir_pantalaimon_password: ""
 matrix_bot_draupnir_management_room: ""
 
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API).
-# Set this to the pantalaimon URL if you're using that.
+# Set this to the Pantalaimon URL if you're using that.
 matrix_bot_draupnir_homeserver_url: ""
 
-# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
-# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/).
+# Only set this to the public-internet homeserver client API URL. Do NOT set this to the Pantalaimon URL.
 matrix_bot_draupnir_raw_homeserver_url: ""
 
-# Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot.
-# This setting is described the following way in the Configuration.
+# Disable Server ACL is used if you do not want to give the bot the right to apply Server ACLs in rooms without complaints from the bot.
+# This setting is described the following way in the configuration.
 #
 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
+# It is recommended to consult with people from the upstream project beforehand.
 #
-# Please follow the advice of upstream and only change this value if you know what your doing.
-# Its Exposed here because its common enough to be valid to expose.
+# It is exposed here because it is common enough to be valid to expose.
 matrix_bot_draupnir_disable_server_acl: "false"
 
+# Controls if the room state backing store is activated.
+# Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia.
+# This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
+matrix_bot_draupnir_enable_room_state_backing_store: "true"
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bot-draupnir/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-draupnir/tasks/setup_install.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:

roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-bot-draupnir service

roles/custom/matrix-bot-draupnir/tasks/validate_config.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 - 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
@@ -5,6 +10,7 @@
     msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
   with_items:
     - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
     - {'name': 'matrix_bot_draupnir_management_room', when: true}
     - {'name': 'matrix_bot_draupnir_container_network', when: true}
     - {'name': 'matrix_bot_draupnir_homeserver_url', when: true}
@@ -18,4 +24,28 @@
     msg: "The `{{ item.name }}` variable must be undefined or have a null value."
   with_items:
     - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_login_native }}"}
+    - {'name': 'matrix_bot_draupnir_pantalaimon_use', when: "{{  matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
   when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"
+
+- when: "matrix_bot_draupnir_pantalaimon_use == 'true' and matrix_bot_draupnir_pantalaimon_breakage_ignore == 'false'"
+  block:
+    - name: Inject warning if Pantalaimon is used together with Draupnir
+      ansible.builtin.set_fact:
+        devture_playbook_runtime_messages_list: |
+          {{
+            devture_playbook_runtime_messages_list | default([])
+            +
+            [
+              "Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_enable_experimental_rust_crypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
+            ]
+          }}
+
+- name: (Deprecation) Catch and report renamed Draupnir settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}

roles/custom/matrix-bot-draupnir/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_bot_draupnir_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -1,5 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
-# set this to the pantalaimon URL if you're using that.
 homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
 
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
@@ -7,29 +14,36 @@ homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
 rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}
 
 # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
+# This option can be loaded from a file by passing "--access-token-path <path>" at the command line,
+# which would allow using secret management systems such as systemd's service credentials.
 accessToken: {{ matrix_bot_draupnir_access_token | to_json }}
 
-{% if matrix_bot_draupnir_pantalaimon_use %}
+{% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
 pantalaimon:
-  # Whether or not Draupnir will use pantalaimon to access the Matrix homeserver,
-  # set to `true` if you're using pantalaimon.
-  #
-  # Be sure to point homeserverUrl to the pantalaimon instance.
+  # Set to `true` when the bot is to login and fetch the access token on its own.
   #
   # Draupnir will log in using the given username and password once,
   # then store the resulting access token in a file under dataPath.
   use: true
 
   # The username to login with.
-  username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }}
+  username: {{ matrix_bot_draupnir_login | to_json }}
 
   # The password Draupnir will login with.
   #
   # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
-  password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }}
+  # This option can be loaded from a file by passing "--password-path <path>" at the command line,
+  # which would allow using secret management systems such as systemd's service credentials.
+  password: {{ matrix_bot_draupnir_password | to_json }}
 {% endif %}
 
+# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon.
+# Make sure Pantalaimon is disabled in Draupnir's configuration.
+#
+# Warning: At this time this is not considered production safe.
+experimentalRustCrypto: {{ matrix_bot_draupnir_enable_experimental_rust_crypto | to_json }}
+
 # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
 
@@ -57,7 +71,7 @@ managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}
 # Running with verboseLogging is unsupported.
 # Whether Draupnir should log a lot more messages in the room,
 # mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
-#verboseLogging: false
+verboseLogging: false
 
 # The log level of terminal (or container) output,
 # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
@@ -81,12 +95,6 @@ noop: false
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
 disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}
 
-# Whether Draupnir should check member lists quicker (by using a different endpoint),
-# keep in mind that enabling this will miss invited (but not joined) users.
-#
-# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
-fasterMembershipChecks: false
-
 # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
 #
 # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
@@ -102,15 +110,6 @@ automaticallyRedactForReasons:
   - "spam"
   - "advertising"
 
-# A list of rooms to protect. Draupnir will add this to the list it knows from its account data.
-#
-# It won't, however, add it to the account data.
-# Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes.
-#
-# Note: These must be matrix.to URLs
-#protectedRooms:
-#  - "https://matrix.to/#/#matrix:example.org"
-
 # Whether or not to add all joined rooms to the "protected rooms" list
 # (excluding the management room and watched policy list rooms, see below).
 #
@@ -131,15 +130,18 @@ protectAllJoinedRooms: false
 # of the homeserver may be more impacted.
 backgroundDelayMS: 500
 
+# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
+# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
+# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
 # Server administration commands, these commands will only work if Draupnir is
 # a global server administrator, and the bot's server is a Synapse instance.
-admin:
-  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
-  # (with enough permissions) to "make" a user an admin.
-  #
-  # This only works if a local user with enough admin permissions is present in the room.
-  enableMakeRoomAdminCommand: false
-
+#admin:
+#  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
+#  # (with enough permissions) to "make" a user an admin.
+#  #
+#  # This only works if a local user with enough admin permissions is present in the room.
+#  enableMakeRoomAdminCommand: false
+#
 # Misc options for command handling and commands
 commands:
   # Whether or not the `!draupnir` prefix is necessary to submit commands.
@@ -157,10 +159,6 @@ commands:
     - "draupnir_bot"
     - "draupnir"
 
-  # Whether or not commands with a wildcard (*) will require an additional `--force` argument
-  # in the command to be able to be submitted.
-  confirmWildcardBan: true
-
   # The default reasons to be prompted with if the reason is missing from a ban command.
   ban:
     defaultReasons:
@@ -178,10 +176,9 @@ commands:
 #    #
 #    # WordList will ban users who use these words when first joining a room, so take caution when selecting them.
 #    #
-#    # For advanced usage, regex can also be used, see the following links for more information;
-#    #  - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions
-#    #  - https://regexr.com/
-#    #  - https://regexone.com/
+#    # The word list protection does not support regular expressions at this time.
+#    # The configuration in the past stated support for Regex erroneously.
+#    #
 #    words:
 #      - "LoReM"
 #      - "IpSuM"
@@ -196,6 +193,31 @@ commands:
 #    # (users will always be banned if they say a bad word)
 #    minutesBeforeTrusting: 20
 
+# The room state backing store writes a copy of the room state for all protected
+# rooms to the data directory.
+# It is recommended to enable this option unless you deploy Draupnir close to the
+# homeserver and know that Draupnir is starting up quickly. If your homeserver can
+# respond quickly to Draupnir's requests for `/state` then you might not need this option.
+roomStateBackingStore:
+  enabled: {{ matrix_bot_draupnir_enable_room_state_backing_store | to_json }}
+
+# Safe mode provides recovery options for some failure modes when Draupnir
+# fails to start. For example, if the bot fails to resolve a room alias in
+# a watched list, or if the server has parted from a protected room and can't
+# find a way back in. Safe mode will provide different options to recover from
+# these. Such as unprotecting the room or unwatching the policy list.
+# By default Draupnir will boot into safe mode only when the failure mode
+# is recoverable.
+# It may be desirable to prevent the bot from starting into safe mode if you have
+# a pager system when Draupnir is down, as Draupnir could prevent your monitoring
+# system from identifying a failure to start.
+#safeMode:
+#  # The option for entering safe mode when Draupnir fails to start up.
+#  # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default.
+#  # - "Never" will never start the bot in safe mode when Draupnir fails to start normally.
+#  # - "Always" will always start the bot in safe mode when Draupnir fails to start normally.
+#  bootOption: RecoveryOnly
+
 # Options for advanced monitoring of the health of the bot.
 health:
   # healthz options. These options are best for use in container environments
@@ -227,6 +249,18 @@ health:
     # Defaults to 418.
     unhealthyStatus: 418
 
+  # Sentry options. Sentry is a tool used to receive/collate/triage runtime
+  # errors and performance issues. Skip this section if you do not wish to use
+  # Sentry.
+  sentry:
+    # The key used to upload Sentry data to the server.
+    # dsn: "https://XXXXXXXXX@example.com/YYY
+
+    # Frequency of performance monitoring.
+    # A number in [0.0, 1.0], where 0.0 means "don't bother with tracing"
+    # and 1.0 means "trace performance at every opportunity".
+    # tracesSampleRate: 0.5
+
 {% if matrix_bot_draupnir_web_enabled %}
 # Options for exposing web APIs.
 web:
@@ -238,7 +272,12 @@ web:
 
   # The address to listen for requests on. Defaults to only the current
   # computer.
-  address: 0.0.0.0
+  address: "0.0.0.0"
+
+  # Alternative setting to open to the entire web. Be careful,
+  # as this will increase your security perimeter:
+  #
+  #  address: "0.0.0.0"
 
   # A web API designed to intercept Matrix API
   # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
@@ -251,10 +290,13 @@ web:
     enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}
 {% endif %}
 
+# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
+# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
+# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
 # Whether or not to actively poll synapse for abuse reports, to be used
 # instead of intercepting client calls to synapse's abuse endpoint, when that
 # isn't possible/practical.
-pollReports: false
+#pollReports: false
 
 # Whether or not new reports, received either by webapi or polling,
 # should be printed to our managementRoom.

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -42,7 +42,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-draupnir
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-go-neb/defaults/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
@@ -28,7 +37,9 @@ matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
 matrix_bot_go_neb_container_image: "{{ matrix_bot_go_neb_container_image_registry_prefix }}matrixdotorg/go-neb:{{ matrix_bot_go_neb_container_image_tag }}"
 matrix_bot_go_neb_container_image_tag: "{{ matrix_bot_go_neb_version }}"
 matrix_bot_go_neb_container_image_force_pull: "{{ matrix_bot_go_neb_container_image.endswith(':latest') }}"
-matrix_bot_go_neb_container_image_registry_prefix: docker.io/
+matrix_bot_go_neb_container_image_registry_prefix: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream }}"
+matrix_bot_go_neb_container_image_registry_prefix_upstream: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream_default }}"
+matrix_bot_go_neb_container_image_registry_prefix_upstream_default: "docker.io/"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_bot_go_neb_container_network: matrix-bot-go-neb
@@ -200,7 +211,7 @@ matrix_bot_go_neb_realms: []
 matrix_bot_go_neb_sessions: []
 #  - SessionID: "your_github_session"
 #    RealmID: "github_realm"
-#    UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
+#    UserID: "@alice:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
 #    Config:
 #      # Populate these fields by generating a "Personal Access Token" on github.com
 #      AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
@@ -286,7 +297,7 @@ matrix_bot_go_neb_services: []
 #    UserID: "@another_goneb:{{ matrix_domain }}"
 #    Config:
 #      RealmID: "github_realm"
-#      ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
+#      ClientUserID: "@alice:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
 #      Rooms:
 #        "!qporfwt:example.com":
 #          Repos:

roles/custom/matrix-bot-go-neb/tasks/install.yml

@@ -1,3 +1,13 @@
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Jim Myhrberg
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 David Mehren
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure go-neb paths exist