Merge remote-tracking branch 'upstream/master' into fix

Update ghcr.io/element-hq/synapse Docker tag to v1.118.0

docs/configuring-playbook-matrix-authentication-service.md

@@ -51,7 +51,14 @@ This section details what you can expect when switching to the Matrix Authentica
 
 - ❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet.
 
-- ❌ **Some services** (e.g. [Postmoogle](./configuring-playbook-bridge-postmoogle.md), but possibly others - the list is yet to be determined) appear to **experience issues when authenticating via MAS**. We're still investigating what breaks and why.
+- ❌ **Some services experience issues when authenticating via MAS**:
+
+  - [Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:
+
+    > cannot initialize matrix bot error="olm account is marked as shared, keys seem to have disappeared from the server"
+
+  - [matrix-reminder-bot](./configuring-playbook-bot-matrix-reminder-bot.md) fails to start (see [element-hq/matrix-authentication-service#3439](https://github.com/element-hq/matrix-authentication-service/issues/3439))
+  - Other services may be similarly affected. This list is not exhaustive.
 
 - ❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting).
 
@@ -59,6 +66,8 @@ This section details what you can expect when switching to the Matrix Authentica
 
 - ⚠ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break.
 
+- ⚠ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) does not currently seem to preserve the "admin" flag for users (as found in the Synapse database). All users are imported as non-admin - see [element-hq/matrix-authentication-service#3440](https://github.com/element-hq/matrix-authentication-service/issues/3440). You may need update the Matrix Authentication Service's database manually and adjust the `can_request_admin` column in the `users` table to `true` for users that need to be administrators (e.g. `UPDATE users SET can_request_admin = true WHERE username = 'someone';`)
+
 - ⚠ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch.
 
 - ⚠ If you've got [OIDC configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 configuration](#upstream-oauth2-configuration).

requirements.yml

@@ -16,7 +16,7 @@
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.2.5-0
+  version: v2.2.6-0
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
   version: v4.98-r0-1-1

roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_bot_matrix_reminder_bot_enabled: true
 
 matrix_bot_matrix_reminder_bot_container_image_self_build: false
 matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
-matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ matrix_bot_matrix_reminder_bot_version }}"
+matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
 matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
 
 # renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot

roles/custom/matrix-bridge-postmoogle/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_postmoogle_docker_repo_version: "{{ 'main' if matrix_postmoogle_version =
 matrix_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
-matrix_postmoogle_version: v0.9.22
+matrix_postmoogle_version: v0.9.23
 matrix_postmoogle_docker_image: "{{ matrix_postmoogle_docker_image_name_prefix }}etkecc/postmoogle:{{ matrix_postmoogle_version }}"
 matrix_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_postmoogle_container_image_self_build else 'ghcr.io/' }}"
 matrix_postmoogle_docker_image_force_pull: "{{ matrix_postmoogle_docker_image.endswith(':latest') }}"

roles/custom/matrix-client-element/defaults/main.yml

@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=vectorim/element-web
-matrix_client_element_version: v1.11.82
+matrix_client_element_version: v1.11.83
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

roles/custom/matrix-synapse/defaults/main.yml

@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.117.0
+matrix_synapse_version: v1.118.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''