123 Commits

Author SHA1 Message Date
Benjamin Blacher
d43f03bbca Add support for bridge self signing
This also moves msc4190 to the correct section for twitter
2025-10-18 06:41:30 +03:00
Slavi Pantaleev
2997f23e20 Remove variables controlling removed Element options (secure_backup_required & secure_backup_setup_methods) from /.well-known/matrix/client
Ref:

- https://github.com/element-hq/element-web/pull/30681
- https://github.com/element-hq/element-web/pull/30702
2025-09-23 17:34:47 +03:00
Slavi Pantaleev
2252697119 Reference Ansible facts via ansible_facts variable, not globally
This should bring better compatibility with future Ansible versions,
one of which will some day drop support for accessing facts via the global namespace.

Ref: https://github.com/geerlingguy/ansible-role-docker/pull/513
2025-08-26 15:22:34 +03:00
Slavi Pantaleev
51ab9ed9ff Adjust lstrip_blocks to use a bool value for compatibility with ansible-core>=2.19.0
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4445
2025-07-26 17:58:12 +03:00
Slavi Pantaleev
a1f6ee4dc9 Improve compatibility with ansible-core>=2.19.0 by not reaching into vars
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4445
2025-07-26 17:50:20 +03:00
Slavi Pantaleev
b13ba5b909 Use ansible.builtin.package instead of ansible.builtin.yum
`ansible.builtin.yum` is no longer available in newer Ansible versions.
We may use `ansible.builtin.dnf` instead, but `ansible.builting.package`
seems like a safer bet that should work in both older & newer RHEL-based
distros.

Ref: https://github.com/ansible/ansible-lint/issues/4251
2025-06-27 17:38:02 +03:00
Suguru Hirahara
3653f9f89b Run codespell --write-changes
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-06-03 10:36:00 +03:00
Slavi Pantaleev
51e961ce9f Add matrix_user_shell and default it to /sbin/nologin
This is a backward-incompatible change. By default, Ansible creates
users with (e.g.) `/bin/sh` on Linux, so changing to a no shell
leads to different behavior.

That said, it appears that using a shell-less user works OK with regard
to Ansible execution and starting the systemd services/containers later on.
2025-04-29 10:39:41 +03:00
Slavi Pantaleev
3ee7deb2d7 Rename variable (matrix_user_groupname -> matrix_group_name) 2025-04-29 10:39:41 +03:00
Slavi Pantaleev
9fc5cdab33 Rename variable (matrix_user_username -> matrix_user_name) 2025-04-29 10:39:41 +03:00
Slavi Pantaleev
a59383fcc7 Add matrix_group_system to configure whether the matrix group is also created as a system group
We create the `matrix` user as a system user (smaller uid), so it makes
sense to do the same for the `matrix` group.
2025-04-29 10:39:41 +03:00
Slavi Pantaleev
14aef55573 Add matrix_user_system variable for controlling if matrix user is created as a system user
This defaults to `true`, as before.
2025-04-29 10:39:41 +03:00
Virkkunen
bd405c410a Add continuwuity support (#4267)
* continuwuity support

* continuwuity support

* use main instead of commit tag

* fix docker image link

* migration from conduwuit

* fix yaml lint

* backup directories and linter fixes

* linter fixes
2025-04-26 09:12:53 +03:00
Onestacked
5eb247b5bf Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges. flag for using msc4190 on supported mautrix bridges. (#4258)
* Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges.

* Apply to_json to msc4190 in mautrix configs

* Add | to_json to mautrix bridge registration io.element.msc4190.

* require matrix_synapse_experimental_features_msc3202_device_masquerading_enabled for matrix_bridges_msc4190_enabled

* Also add msc4190 support for mautrix-telegram
2025-04-17 22:08:25 +03:00
Suguru Hirahara
c18fc93a22 Update validate_config.yml files: edit the banner message for variables name
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-03-05 13:30:50 +09:00
Suguru Hirahara
c6babc1202 Add license information to files in matrix-base
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-03-03 17:57:17 +09:00
Suguru Hirahara
2a3fee7b80 Fix some of the spacing warnings with ansible-lint
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-02-25 03:48:09 +09:00
Slavi Pantaleev
b88b6ae7a3 Introduce a new matrix_container_global_registry_prefix_override variable and make all roles respect it
`matrix_container_global_registry_prefix_override` may look similar to
the old `matrix_container_global_registry_prefix` variable
(removed in d6bf789710), but it's different.

The old `matrix_container_global_registry_prefix` variable was just a hardcode of `docker.io/` and roles that
needed to refer to `docker.io/` could use it. However, this was:

- not used by all roles, because some need another registry (not `docker.io/`)
- used only by roles within the playbook (`roles/custom`), not external roles

Overriding the old `matrix_container_global_registry_prefix` variable was rather pointless,
as it didn't cover everything.

The new `matrix_container_global_registry_prefix_override` variable, on the other hand,
lets you override the registry prefix for all components, regardless of whether they
use `docker.io/` or another registry by default.

This is useful to people who have somehow mirrored all container images to their own registry,
as it provides them with a single variable they can flip to influence the whole playbook.
2025-02-24 11:38:47 +02:00
Slavi Pantaleev
d6bf789710 Remove matrix_container_global_registry_prefix variable
This is done for a few reasons:

- less globals and more indepdendence for each role is better. We rely
  on various externally-hosted roles and they don't rely on this global
  either.

- `matrix_container_global_registry_prefix` could make people think they
  could just override this variable and have all their images pull from
  elsewhere. This is rarely the case, unless you've taken special care
  to mirror all the various components (from their respective
  registries) to your own. In such a case, you probably know what you're
  mirroring and can adjust individual variables.

- nowadays, various components live on different registries.
  With Docker Inc tightening rate limits for Docker Hub, it's even more
  likely that we'll see increased diversity in where images are hosted
2025-02-23 10:15:41 +02:00
Aine
a2111dece7 add FluffyChat (#4068)
* add FluffyChat

* capitalization

* Update group_vars/matrix_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* fix link in readme

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2025-02-17 11:15:15 +02:00
Slavi Pantaleev
0515787de2 Upgrade Traefik (v3.3.2-0 -> v3.3.2-1) and remove traefik_config_certificatesResolvers_acme_email references
Ref:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4014
- 21b36ce336

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4014
2025-01-31 14:33:34 +02:00
Virkkunen
be586f0f30 initial conduwuit support 2025-01-19 16:06:37 +02:00
László Várady
bbb58c40b6 Fix docker networking when no reverse-proxy is used
For example, synapse-admin connects to additional networks here:
c0559870b5/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 (L39-L41)

This defaults to 'traefik' through
matrix_playbook_reverse_proxy_container_network, which is not correct in
case matrix_playbook_reverse_proxy_type is set to none.
2024-12-27 17:25:47 +01:00
Suguru Hirahara
f0cc5da229 Edit user identifier examples: to @alice and @bob
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-12-09 14:40:41 +09:00
Suguru Hirahara
c1c1b3ada0 Replace triple dots with horizontal ellipsis (U+2026)
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-12-06 13:34:50 +09:00
Slavi Pantaleev
0c9fc4358d Fix variable name typos (matrix_playbook_reverse_proxy_traefik_middleware_compession_* -> matrix_playbook_reverse_proxy_traefik_middleware_compression_*)
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3803
2024-11-21 12:23:01 +02:00
Slavi Pantaleev
5cad571296 Add variables & wiring to support Traefik's compression middleware
This merely hooks the playbook to the Traefik role's compression
middleware configuration (`traefik_config_http_middlewares_compression_*`)

The Traefik role enables the `compression` middleware by default.

Actual usage will land in a future commit.
2024-11-14 15:54:10 +02:00
Slavi Pantaleev
4bb16fef54 Increase default Traefik readTimeout for web/web-secure/matrix-federation entrypoints (60s -> 300s) to accommodate large/slow file uploads 2024-11-14 15:54:10 +02:00
Suguru Hirahara
3c34418ebe Edit the note about "matrix_homeserver_implementation" variable
Since a casual user might want to try another homeserver than Synapse without thinking about its consequence, it is important to clarify that it is not possible to switch homeservers once specified.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-08 23:59:14 +09:00
Suguru Hirahara
b61d8f478f Fix capitalization: ids → IDs
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-08 20:31:07 +09:00
Suguru Hirahara
b04b658735 Add "Web" to Element and SchildiChat web application (#3755)
* Replace "Element" with "Element Web"

- If Element indicates the web application, then it is changed to Element Web.
- If it indicates clients branded with Element such as Element desktop, web, mobile clients, then it is changed to Element clients.
- If it is combined with location sharing functionality, it is not changed.

with other some changes, including:

- Change "app.element.io" anchor link to "https://github.com/element-hq/element-web" on README.md, following other documentation files

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Replace "SchildiChat" with "SchildiChat Web"

- If SchildiChat indicates the web application, then it is changed to SchildiChat Web.
- If it indicates clients branded with SchildiChat such as SchildiChat desktop, web, mobile clients, then it is changed to SchildiChat clients.
- If it is combined with location sharing functionality, it is not changed.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Rename configuring-playbook-client-schildichat.md to configuring-playbook-client-schildichat-web.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Rename configuring-playbook-client-element.md to configuring-playbook-client-element-web.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-07 16:31:26 +02:00
Suguru Hirahara
601406ddda Fix capitalization: buscarron → Buscarron
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-28 04:00:30 +09:00
Suguru Hirahara
55fcaac1f1 Fix capitalization: matrix → Matrix
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 23:35:10 +09:00
Suguru Hirahara
faa441029c Replace <matrix-domain> with example.com
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 04:02:18 +09:00
Suguru Hirahara
90cfdabb2b Replace DOMAIN with example.com
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 04:02:02 +09:00
Suguru Hirahara
844d8ef4c3 Fix capitalization: etherpad → Etherpad
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-17 02:25:35 +09:00
Suguru Hirahara
174b18be9a Fix capitalization: id → ID
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-16 02:25:03 +09:00
Suguru Hirahara
2a443046c8 Fix capitalization: schildichat → SchildiChat
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-14 15:59:16 +09:00
Slavi Pantaleev
54b715e7fe Fix endpoint URL in comment 2024-09-27 10:15:49 +03:00
Slavi Pantaleev
f93101f791 Switch traefik/traefik-certs-dumper Ansible role sources and adjust variable names (devture_traefik_ -> traefik_) 2024-09-27 10:14:29 +03:00
Slavi Pantaleev
c87bb206da Fix ansible-lint-reported error 2024-07-06 11:15:38 +03:00
Slavi Pantaleev
9b5be6825d Enable HTTP/3 by default for web-secure and matrix-federation
HTTP/3 is no longer considered experimental in Traefik v3,
so it's a good time to enable it.
2024-07-06 11:05:19 +03:00
Slavi Pantaleev
7891268873 Do not hardcode https:// in all remaining places, refer to matrix_static_files_scheme
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3333
2024-05-25 16:14:26 +03:00
gardar
23aee07cf4 feat: global option to configure all bridges encryption default
Signed-off-by: gardar <gardar@users.noreply.github.com>
2024-03-24 02:58:03 +00:00
Slavi Pantaleev
4ae2e95772 Add validation task for potential conflict between mautrix-instagram and mautrix-meta-instagram
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3138 and 367af472ea
2024-02-19 10:34:09 +02:00
Slavi Pantaleev
aed641e694 Disable addons communicating with the homeserver via Traefik if there is no Traefik at all 2024-01-18 12:12:41 +02:00
Slavi Pantaleev
a4bea66553 Remove references to other-nginx-non-container/other-on-same-host/other-on-another-host reverse proxy types 2024-01-15 16:14:12 +02:00
Slavi Pantaleev
b91ad453be Adjust TLS variables for homeservers to follow devture_traefik_config_entrypoint_web_secure_enabled (via matrix_federation_traefik_entrypoint_tls) 2024-01-15 09:39:36 +02:00
Slavi Pantaleev
f4f3d57520 Remove all traces of matrix-nginx-proxy, add validation & uninstallation tasks 2024-01-14 18:42:14 +02:00
Slavi Pantaleev
c238978ac8 Add new global variable for controlling federation regardless of homeserver implementation
The old variables still work. The global lets us avoid
auto-detection logic like we're currently doing for
`matrix_nginx_proxy_proxy_matrix_federation_api_enabled`.

In the future, we'd just be able to reference
`matrix_homeserver_federation_enabled` and know the up-to-date value
regardless of homeserver.
2024-01-14 11:52:40 +02:00