Merge 9d24643a8f3b77ee5f4c8f8915b0889e0c84f19f into d5556260f02e71a91b700c992a84c1845675958d

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3863

docs/configuring-playbook-bridge-mautrix-hangouts.md

@@ -1,6 +1,6 @@
 # Setting up Mautrix Hangouts bridging (optional, deprecated)
 
-**Note**: This bridge has been deprecated in favor of [Google Chat bridge](https://github.com/mautrix/googlechat), which can be installed using [this playbook](configuring-playbook-bridge-mautrix-googlechat.md). Consider using that bridge instead of this one.
+💡 **Note**: This bridge has been deprecated in favor of [Google Chat bridge](https://github.com/mautrix/googlechat), which can be installed using [this playbook](configuring-playbook-bridge-mautrix-googlechat.md). Installing the mautrix-hangouts bridge is **no longer possible**. For now, this documentation page remains here for historical purposes.
 
 The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you.
 

group_vars/matrix_servers

@@ -3065,6 +3065,8 @@ matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in [
 
 matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"
 
+matrix_bot_draupnir_admin_api_enabled: "{{ matrix_bot_draupnir_room_hijack_enabled }}"
+
 matrix_bot_draupnir_container_additional_networks_auto: |-
   {{
     (
@@ -4720,6 +4722,7 @@ matrix_synapse_container_labels_public_client_root_redirection_enabled: "{{ matr
 matrix_synapse_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}"
 
 matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
+matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_bot_draupnir_admin_api_enabled }}"
 
 matrix_synapse_container_labels_public_federation_api_traefik_hostname: "{{ matrix_server_fqn_matrix_federation }}"
 matrix_synapse_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_federation_traefik_entrypoint_name }}"
@@ -4911,6 +4914,7 @@ matrix_synapse_reverse_proxy_companion_container_labels_traefik_compression_midd
 
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"
+matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled: "{{ matrix_synapse_container_labels_internal_client_synapse_admin_api_enabled }}"
 
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_synapse_container_labels_public_federation_api_traefik_entrypoints }}"
 matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_traefik_tls: "{{ matrix_synapse_container_labels_public_federation_api_traefik_tls }}"

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -84,6 +84,13 @@ matrix_bot_draupnir_raw_homeserver_url: ""
 # Its Exposed here because its common enough to be valid to expose.
 matrix_bot_draupnir_disable_server_acl: "false"
 
+# Used to control if the Synapse Admin API is exposed internally to the containers and therefore giving Draupnir Access.
+matrix_bot_draupnir_admin_api_enabled: false
+
+# Controls if the draupnir room hijack command is activated or not. This also automatically enables the internal admin API
+# in the process of activation.
+matrix_bot_draupnir_room_hijack_enabled: false
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -138,7 +138,7 @@ admin:
   # (with enough permissions) to "make" a user an admin.
   #
   # This only works if a local user with enough admin permissions is present in the room.
-  enableMakeRoomAdminCommand: false
+  enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_room_hijack_enabled | to_json }}
 
 # Misc options for command handling and commands
 commands:

roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml

@@ -1,5 +1,18 @@
 ---
 
+- ansible.builtin.fail:
+    msg: |-
+      The Google Hangouts service was discontinued on November 1st, 2022.
+      The mautrix-hangouts bridge (which you have enabled via the `matrix_mautrix_hangouts_enabled` variable) will be removed from the playbook soon (in February 2025).
+
+      We suggest that you uninstall this bridge by:
+      1. Tweaking your `vars.yml` file - setting `matrix_mautrix_hangouts_enabled` to `false` or better yet removing all `matrix_mautrix_hangouts_*` variables
+      2. Re-running the playbook with the `setup-all` (e.g. `just setup-all`) or `setup-mautrix-hangouts` tag (e.g. `just run-tags setup-mautrix-hangouts`), so that uninstallation tasks will run.
+
+      In the future, an error will be raised for any `matrix_mautrix_hangouts_*` variables that the playbook detects in your `vars.yml` configuration file.
+
+      Also see: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3863
+
 - name: Fail if required mautrix-hangouts settings not defined
   ansible.builtin.fail:
     msg: >-

roles/custom/matrix-synapse-reverse-proxy-companion/templates/labels.j2

@@ -149,6 +149,44 @@ traefik.http.routers.matrix-synapse-reverse-proxy-companion-public-client-synaps
 ############################################################
 {% endif %}
 
+{% if matrix_synapse_reverse_proxy_companion_container_labels_internal_client_synapse_admin_api_enabled %}
+############################################################
+#                                                          #
+# Internal Synapse Admin API (/_synapse/client)            #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.rule=PathPrefix(`/_synapse/client`)
+
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.service=matrix-synapse-reverse-proxy-companion-client-api
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-client-api.entrypoints=matrix-internal-matrix-client-api
+
+############################################################
+#                                                          #
+# /Internal Synapse Admin API (/_synapse/client)           #
+#                                                          #
+############################################################
+
+
+############################################################
+#                                                          #
+# Internal Synapse Admin API (/_synapse/admin)             #
+#                                                          #
+############################################################
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.rule=PathPrefix(`/_synapse/admin`)
+
+
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.service=matrix-synapse-reverse-proxy-companion-client-api
+traefik.http.routers.matrix-synapse-reverse-proxy-companion-internal-client-synapse-admin-api.entrypoints=matrix-internal-matrix-client-api
+
+############################################################
+#                                                          #
+# /Internal Synapse Admin API (/_synapse/admin)            #
+#                                                          #
+############################################################
+{% endif %}
 
 {% if matrix_synapse_reverse_proxy_companion_container_labels_public_federation_api_enabled %}
 ############################################################