Merge 1e8d4c5ba05616248098f5fd76b8c6ddb163cd51 into fb82b4672301b27bc5da9a9d3b668e37cd17a487

* Update docs/README.md: add "installation guides" section

Add the emoji to the link to quick-start.md only and not to full installation guide to emphasize the quick start guide

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: move a link to faq.md down

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add "Maintenance" section

Add a hint to join the support room under "Maintenance" header.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: create the "configuration options" section and add a note

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: sort list items

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: emphasize the anchor link to faq.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add other anchor links to the "other documentation pages" section

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: add the emoji ℹ️  before the anchor link to faq.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: explanation about FAQ

Remove the hint to check the installation guides as links to them are listed on top of this page.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Update docs/README.md: update text of the anchor link to docs/getting-the-playbook.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

.github/workflows/close-stale-issues.yml

@@ -1,11 +1,14 @@
 ---
-name: 'Close stale issues'
+name: 'Close stale issues and PRs'
 on:  # yamllint disable-line rule:truthy
+  # Use this to do a dry run from a pull request
+  # pull_request:
   schedule:
     - cron: '30 1 * * *'
 
 permissions:
   issues: write
+  pull-requests: write
 
 jobs:
   stale:
@@ -14,14 +17,34 @@ jobs:
     steps:
       - uses: actions/stale@v9
         with:
-          # Don't process pull requests at all
+          ######################################################################
-          days-before-pr-stale: -1
+          # Issues/PRs
-          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
+          ######################################################################
+          exempt-assignees: 'spantaleev,aine-etke'
+          operations-per-run: 100
+          # Use this to do a dry run from a pull request
+          # debug-only: true
+          ######################################################################
+          # Issues
+          ######################################################################
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. To exempt the issue from being marked as stale again due to inactivity, add "confirmed" label.'
           close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity. If this issue is still reproduced, feel free to provide the issue with up-to-date information.'
           stale-issue-label: 'stale'
           # Add this label to exempt the issue from being marked as stale due to inactivity
           exempt-issue-labels: 'confirmed'
           # An allow-list of label(s) to only process the issues which contain one of these label(s).
-          any-of-issue-labels: 'question,needs-info'
+          any-of-issue-labels: 'needs-info,question'
-          # Use this to do a dry run from a pull request
+          ######################################################################
-          # debug-only: true
+          # PRs
+          ######################################################################
+          days-before-pr-stale: '365'
+          days-before-pr-close: '30'
+          stale-pr-message: 'This PR is stale because it has not been provided with required information or its conflicts have not been fixed over a year. Remove stale label or this will be closed in 30 days. To exempt the PR from being marked as stale again due to inactivity, add "confirmed" label.'
+          close-pr-message: 'This PR was closed because it has been stalled for 30 days with no activity.'
+          stale-pr-label: 'stale'
+          # Add this label to exempt the PR from being marked as stale due to inactivity
+          exempt-pr-labels: 'confirmed'
+          # An allow-list of label(s) to only process the PRs which contain one of these label(s).
+          any-of-pr-labels: 'needs-info,needs-rebase'
+          # Use this to ignore updates such as comments (only to keep the PR alive by bumping)
+          ignore-pr-updates: true

docs/README.md

@@ -1,49 +1,86 @@
 # Table of Contents
 
-- [FAQ](faq.md) - lots of questions and answers. Jump to [Prerequisites](prerequisites.md) to avoid reading too much and to just start a guided installation.
+## ⬇️ Installaton guides <!-- NOTE: the 🚀 emoji is used by "Getting started" on README.md -->
 
-- [Quick start](quick-start.md) - follow the guide to set up minimum core services on your server
+There are two installation guides available for beginners and advanced users.
 
-- [Prerequisites](prerequisites.md) - go here to a guided installation using this Ansible playbook
+- ⚡ **[Quick start](quick-start.md) (for beginners)**: this is recommended for those who do not have an existing Matrix server and want to start quickly with "opinionated defaults".
+
+- **Full installation guide (for advanced users)**: if you need to import an existing Matrix server's data into the new server or want to learn more while setting up the server, follow this guide.
+
+    - [Prerequisites](prerequisites.md)
 
     - [Configuring your DNS settings](configuring-dns.md)
 
-- [Getting this playbook's source code](getting-the-playbook.md)
+    - [Getting the playbook](getting-the-playbook.md)
 
     - [Configuring the playbook](configuring-playbook.md)
 
     - [Installing](installing.md)
 
-  - **Importing data from another server installation**
+## 🛠️ Configuration options
 
-    - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
+<!--
+NOTE:
+- Avoid putting the same anchor links as configuring-playbook.md lists under the "configuration options" section. Note that most of them are linked to "configure-playbook-*.md" and their titles start with "Setting up" (e.g. "Setting up Hydrogen").
+-->
 
-    - [Importing an existing Postgres database (from another installation)](importing-postgres.md) (optional)
+You can check useful documentation for configuring components here: [Configuring the playbook](configuring-playbook.md)
 
-    - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
+- [Administration](configuring-playbook.md#administration) -  services that help you in administrating and monitoring your Matrix installation
 
-  - [Server Delegation](howto-server-delegation.md)
+- [Authentication and user-related](configuring-playbook.md#authentication-and-user-related) - extend and modify how users are authenticated on your homeserver
 
-    - Server Delegation via a well-known file (recommended): [Installing well-known files on the base domain's server](configuring-well-known.md#installing-well-known-files-on-the-base-domain-s-server)
+- [Bots](configuring-playbook.md#bots) - bots provide various additional functionality to your installation
 
-      - [Serving the base domain](configuring-playbook-base-domain-serving.md)
+- [Bridges](configuring-playbook.md#bridging-other-networks) - bridges can be used to connect your Matrix installation with third-party communication networks
 
-    - [Server Delegation via a DNS SRV record (advanced)](howto-srv-server-delegation.md)
+- [Clients](configuring-playbook.md#clients) - web clients for Matrix that you can host on your own domains
+
+- [Core service adjustments](configuring-playbook.md#core-service-adjustments) - backbone of your Matrix system
+
+- [File Storage](configuring-playbook.md#file-storage) - use alternative file storage to the default `media_store` folder
+
+<!-- NOTE: sort list items above alphabetically -->
+
+- [Other specialized services](configuring-playbook.md#other-specialized-services) - various services that don't fit any other categories
+
+## 👨‍🔧 Maintenance
+
+If your server and services experience issues, feel free to come to [our support room](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com) and ask for help.
+
+<!-- NOTE: sort list items alphabetically -->
+
+- [Checking if services work](maintenance-checking-services.md)
+
+- [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)
+
+- [PostgreSQL maintenance](maintenance-postgres.md)
+
+- [Synapse maintenance](maintenance-synapse.md)
+
+- [Upgrading services](maintenance-upgrading-services.md)
+
+## Other documentation pages <!-- NOTE: this header's title and the section below need optimization -->
+
+- ℹ️ **[FAQ](faq.md)** - various Frequently Asked Questions about Matrix, with a focus on this Ansible playbook
+
+<!-- NOTE: sort list items under faq.md alphabetically -->
+
+- [Alternative architectures](alternative-architectures.md)
+
+- [Container images used by the playbook](container-images.md)
+
+- [Obtaining an Access Token](obtaining-access-tokens.md)
 
 - [Playbook tags](playbook-tags.md)
 
 - [Registering users](registering-users.md)
 
-- [Updating users passwords](updating-users-passwords.md)
+- [Running `just` commands](just.md)
 
-- [Maintenance / checking if services work](maintenance-checking-services.md)
+- [Self-building](self-building.md)
-
-- [Maintenance / upgrading services](maintenance-upgrading-services.md)
-
-- [Maintenance / Synapse](maintenance-synapse.md)
-
-- [Maintenance / PostgreSQL](maintenance-postgres.md)
-
-- [Maintenance and Troubleshooting](maintenance-and-troubleshooting.md)
 
 - [Uninstalling](uninstalling.md)
+
+- [Updating users passwords](updating-users-passwords.md)

docs/maintenance-migrating.md

@@ -1,14 +1,67 @@
-> **Note**: This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`).
->
-> If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is not possible as it would move the raw PostgreSQL data (`/matrix/postgres/data`) between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to avoid syncing `/matrix/postgres/data` to the new host, and also dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
-
 # Migrating to new server
 
-1. Prepare by lowering DNS TTL for your domains (`matrix.example.com`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime
+This documentation explains how to migrate your Matrix services (server, client, bridges, etc.) and data **from an old server to a new server**.
-2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` (you might have to cd to /etc/systemd/system/ first)
+
-3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
+**Notes**:
-4. Make sure your DNS records are adjusted to point to the new server's IP address
+- This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`).
-5. Remove old server from the `inventory/hosts` file and add new server.
+
-6. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-system-user`. This will create the `matrix` user and group on the new server
+  If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is **not** possible as it would move the raw PostgreSQL data (`/matrix/postgres/data`) between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to avoid syncing `/matrix/postgres/data` to the new host, and also dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
-7. Because the `matrix` user and group are created dynamically on each server, the user/group ID may differ between the old and new server. We suggest that you adjust ownership of `/matrix` files manually by running this on the new server: `chown -R matrix:matrix /matrix`.
+- If you have any questions about migration or encountered an issue during migration, do not hesitate to ask for help on [our Matrix room](https://matrix.to/#/%23matrix-docker-ansible-deploy:devture.com). You probably might want to prepare a temporary/sub account on another Matrix server in case it becomes impossible to use your server due to migration failure by any chance.
-8. Run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` to finish the installation and start all services
+
+- You can't change the domain (specified in the `matrix_domain` variable) after the initial deployment.
+
+## Lower DNS TTL
+
+Prepare by lowering DNS TTL for your domains (`matrix.example.com`, etc.), so that DNS record changes would happen faster, leading to less downtime.
+
+## Stop services on the old server completely
+
+Before migrating, you need to stop all services on the old server and make sure they won't be starting again.
+
+To do so, it is recommended to run the `systemctl` command on the server. Running the playbook's `stop` tag also stops the services, but just once; they will start again if you reboot the server.
+
+Log in to the old server and run the command as `root` (or a user that can run it with `sudo`):
+
+```sh
+cd /etc/systemd/system/ && systemctl disable --now matrix*
+```
+
+## Copy data directory to the new server
+
+After you've confirmed that all services were stopped, copy the `/matrix` directory from the old server to the new server. When copying, make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)!
+
+## Adjust DNS records
+
+Make sure your DNS records are adjusted to point to the new server's IP address.
+
+## Update `inventory/hosts` file
+
+Having adjusted DNS records, replace the old server's external IP address on the `inventory/hosts` file with that of the new server.
+
+## Create `matrix` user and group on the new server
+
+Then, run the command below on your local computer to create the `matrix` user and group on the new server:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-system-user
+```
+
+**Note**: because the `matrix` user and group are created dynamically on each server, the user/group ID may differ between the old and new server. We suggest that you adjust ownership of `/matrix` files. To adjust the ownership, log in to the new server and run the command:
+
+```sh
+chown -R matrix:matrix /matrix
+```
+
+## Install and start all services on the new server
+
+Finally, run the command below on your local computer to finish the installation and start all services:
+
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
+```
+
+### Check if services work
+
+After starting the services, you probably might want to ensure that you've migrated things correctly and that services are running. For instructions, see: [check if services work](maintenance-checking-services.md)
+
+Having make sure that both services and federation work as expected, you can safely shutdown the old server.

docs/maintenance-upgrading-services.md

@@ -14,27 +14,37 @@ If you want to be notified when new versions of Synapse are released, you should
 
 ## Steps to upgrade the Matrix services
 
+### Check the changelog
+
 Before updating the playbook and the Ansible roles in the playbook, take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of.
 
-If it looks good to you, go to the `matrix-docker-ansible-deploy` directory, then:
+### Update the playbook and the Ansible roles
 
-- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
+If it looks good to you, go to the `matrix-docker-ansible-deploy` directory, update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) by running:
 
 - either: `just update`
 - or: a combination of `git pull` and `just roles` (or `make roles` if you have `make` program on your computer instead of `just`)
 
 If you don't have either `just` tool or `make` program, you can run the `ansible-galaxy` tool directly: `rm -rf roles/galaxy; ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force`
 
-  For details about `just` commands, take a look at: [Running `just` commands](just.md).
+**Note**: for details about `just` commands, take a look at: [Running `just` commands](just.md).
 
-- re-run the [playbook setup](installing.md#maintaining-your-setup-in-the-future) and restart all services:
+### Re-run the playbook setup
+
+After updating the Ansible roles, then re-run the [playbook setup](installing.md#maintaining-your-setup-in-the-future) and restart all services:
 
 ```sh
 ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
 ```
 
-Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
+If you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [this page on the playbook tags](playbook-tags.md) for more information.
 
-A way to invoke these `ansible-playbook` commands with less typing is to run the `just` "recipe": `just install-all` or `just setup-all`.
+#### Run `just` to execute shortcut command
 
-**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
+If you want to invoke the `ansible-playbook` command with less typing, you can run `just` to execute the shortcut command: `just install-all` (or `just setup-all`). Note that it restarts all services automatically.
+
+## PostgreSQL major version upgrade
+
+Major version upgrades to the internal PostgreSQL database are not done automatically. Upgrades must be performed manually.
+
+For details about upgrading it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

docs/quick-start.md

@@ -25,6 +25,8 @@ Please remember to replace `example.com` with your own domain before running any
 
 At first, **check prerequisites** and prepare for installation by setting up programs [on your own computer](prerequisites.md#your-local-computer) and [your server](prerequisites.md#server). You also need `root` access on your server (a user that could elevate to `root` via `sudo` also works).
 
+When preparing your server, make sure to check [the server specs you need](faq.md#what-kind-of-server-specs-do-i-need). We recommend starting with a server having at least 2GB of memory.
+
 <!--
 TODO: Add one liners (or instructions, a script, etc.) for easy and consistent installation of required software. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3757
 -->
@@ -171,7 +173,7 @@ After configuring the playbook, run the command below and wait until it finishes
 ansible-playbook -i inventory/hosts setup.yml --tags=install-matrix-static-files,start
 ```
 
-💡 Running the `install-matrix-static-files` playbook tag (as done here) is an optimized version of running [the full setup command](#run-the-installation-command).
+💡 Running the `install-matrix-static-files` playbook tag (as done here) is an optimized version of running [the full setup command](#run-installation-command).
 
 After the command finishes, you can also check whether your server federates with the Matrix network by using the [Federation Tester](https://federationtester.matrix.org/) against your base domain (`example.com`), not the `matrix.example.com` subdomain.
 

group_vars/matrix_servers

@@ -1598,7 +1598,10 @@ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ tra
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_meta_messenger_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.as', rounds=655555) | to_uuid }}"
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
 
 matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
@@ -1672,7 +1675,10 @@ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ tra
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_meta_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.as', rounds=655555) | to_uuid }}"
+matrix_mautrix_meta_instagram_appservice_bridgev2_enabled: false
 
 matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 
@@ -2064,6 +2070,8 @@ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ traefik_c
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname: "{{ matrix_server_fqn_matrix }}"
+
 matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
@@ -2072,6 +2080,7 @@ matrix_mautrix_whatsapp_systemd_required_services_list_auto: |
   }}
 
 matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
+matrix_mautrix_whatsapp_appservice_bridgev2_enabled: false
 
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
@@ -5943,6 +5952,15 @@ matrix_static_files_file_matrix_client_property_cc_etke_synapse_admin_auto: "{{
 
 matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 
+# mautrix-manager auto-configuration disabled by default
+matrix_static_files_file_matrix_mautrix_enabled: false
+matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges:
+  - "https://bridges.example.com/signal"
+  # TODO populate with enabled bridges
+
+matrix_static_files_file_matrix_mautrix_property_fi_mau_external_bridge_servers:
+  []
+
 matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 
 matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"

requirements.yml

@@ -10,7 +10,7 @@
   version: v0.2.0-0
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.4.2
+  version: 7.4.3
   name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 129c8590e106b83e6f4c259649a613c6279e937a

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -55,6 +55,17 @@ matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled: "{{ matrix_mautrix_meta_instagram_appservice_bridgev2_enabled }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_meta_instagram_identifier }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_meta_instagram_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -144,6 +155,10 @@ matrix_mautrix_meta_instagram_appservice_database_uri: |-
 
 matrix_mautrix_meta_instagram_appservice_token: ''
 
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_meta_instagram_appservice_bridgev2_enabled: false
+
 # Controls which service this bridge is for.
 # Valid options:
 # * facebook - connect to FB Messenger via facebook.com

roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml

@@ -8,6 +8,7 @@
   with_items:
     - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_instagram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_instagram_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled }}"}
     - {'name': 'matrix_mautrix_meta_instagram_appservice_token', when: true}
     - {'name': 'matrix_mautrix_meta_instagram_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_meta_instagram_container_network', when: true}

roles/custom/matrix-bridge-mautrix-meta-instagram/templates/labels.j2

@@ -43,6 +43,38 @@ traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.tls.
 {% endif %}
 
 
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2-stripprefix.stripprefix.prefixes={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_stripprefix }}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.middlewares={{ matrix_mautrix_meta_instagram_identifier }}-bridgev2-stripprefix
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.rule={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.priority={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.service={{ matrix_mautrix_meta_instagram_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.tls={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_meta_instagram_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
 {% endif %}
 
 {{ matrix_mautrix_meta_instagram_container_labels_additional_labels }}

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -55,6 +55,17 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled: "{{ matrix_mautrix_meta_messenger_appservice_bridgev2_enabled }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_meta_messenger_identifier }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
@@ -144,6 +155,10 @@ matrix_mautrix_meta_messenger_appservice_database_uri: |-
 
 matrix_mautrix_meta_messenger_appservice_token: ''
 
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_meta_messenger_appservice_bridgev2_enabled: false
+
 # Controls which service this bridge is for.
 # Valid options:
 # * facebook - connect to FB Messenger via facebook.com

roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml

@@ -8,6 +8,7 @@
   with_items:
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_hostname', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_meta_messenger_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled }}"}
     - {'name': 'matrix_mautrix_meta_messenger_appservice_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_meta_messenger_container_network', when: true}

roles/custom/matrix-bridge-mautrix-meta-messenger/templates/labels.j2

@@ -43,6 +43,38 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
 {% endif %}
 
 
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-stripprefix.stripprefix.prefixes={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_stripprefix }}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-bridgev2-stripprefix
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.rule={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.priority={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
+
+
 {% endif %}
 
 {{ matrix_mautrix_meta_messenger_container_labels_additional_labels }}

roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -4,6 +4,8 @@
 
 matrix_mautrix_whatsapp_enabled: true
 
+matrix_mautrix_whatsapp_identifier: matrix-mautrix-whatsapp
+
 matrix_mautrix_whatsapp_container_image_self_build: false
 matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
@@ -23,7 +25,11 @@ matrix_mautrix_whatsapp_docker_src_files_path: "{{ matrix_mautrix_whatsapp_base_
 
 matrix_mautrix_whatsapp_homeserver_address: ""
 matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
-matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
+matrix_mautrix_whatsapp_appservice_address: "http://{{ matrix_mautrix_whatsapp_identifier }}:8080"
+
+# Whether to make public the bridgev2 API endpoints.
+# See https://spec.mau.fi/megabridge/
+matrix_mautrix_whatsapp_appservice_bridgev2_enabled: false
 
 matrix_mautrix_whatsapp_extev_polls: false
 
@@ -55,6 +61,17 @@ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled:
 # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
 matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: ''
 
+# Controls whether labels will be added that expose the bridge's bridgev2 API endpoints
+matrix_mautrix_whatsapp_container_labels_bridgev2_enabled: "{{ matrix_mautrix_whatsapp_appservice_bridgev2_enabled }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname: ""
+# Following two variables should be RegEx-escaped, see https://doc.traefik.io/traefik/middlewares/http/replacepathregex/
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_stripprefix: "/_matrix/{{ matrix_mautrix_whatsapp_identifier }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_rule: "Host(`{{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname }}`) && PathPrefix(`{{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_stripprefix }}`)"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_priority: 0
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_entrypoints: "{{ matrix_mautrix_whatsapp_container_labels_traefik_entrypoints }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls: "{{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_entrypoints != 'web' }}"
+matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls_certResolver: "{{ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+
 # matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml

@@ -22,7 +22,7 @@
               caller: "{{ role_path | basename }}"
               engine_variable_name: 'matrix_mautrix_whatsapp_database_engine'
               engine_old: 'sqlite'
-              systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
+              systemd_services_to_stop: ['{{ matrix_mautrix_whatsapp_identifier }}.service']
               pgloader_options: ['--with "quote identifiers"']
 
         - ansible.builtin.set_fact:
@@ -89,7 +89,7 @@
 
 - name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped
   ansible.builtin.service:
-    name: matrix-mautrix-whatsapp
+    name: "{{ matrix_mautrix_whatsapp_identifier }}"
     state: stopped
     enabled: false
     daemon_reload: true
@@ -146,12 +146,12 @@
 - name: Ensure matrix-mautrix-whatsapp.service installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
     mode: 0644
 
 - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary
   ansible.builtin.service:
-    name: "matrix-mautrix-whatsapp.service"
+    name: "{{ matrix_mautrix_whatsapp_identifier }}.service"
     state: restarted
     daemon_reload: true
   when: "matrix_mautrix_whatsapp_requires_restart | bool"

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml

@@ -2,19 +2,19 @@
 
 - name: Check existence of matrix-mautrix-whatsapp service
   ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+    path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
   register: matrix_mautrix_whatsapp_service_stat
 
 - when: matrix_mautrix_whatsapp_service_stat.stat.exists | bool
   block:
     - name: Ensure matrix-mautrix-whatsapp is stopped
       ansible.builtin.service:
-        name: matrix-mautrix-whatsapp
+        name: "{{ matrix_mautrix_whatsapp_identifier }}"
         state: stopped
         enabled: false
         daemon_reload: true
 
     - name: Ensure matrix-mautrix-whatsapp.service doesn't exist
       ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service"
+        path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_mautrix_whatsapp_identifier }}.service"
         state: absent

roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml

@@ -10,6 +10,7 @@
     - {'name': 'matrix_mautrix_whatsapp_homeserver_address', when: true}
     - {'name': 'matrix_mautrix_whatsapp_homeserver_token', when: true}
     - {'name': 'matrix_mautrix_whatsapp_database_hostname', when: "{{ matrix_mautrix_whatsapp_database_engine == 'postgres' }}"}
+    - {'name': 'matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_hostname', when: "{{ matrix_mautrix_whatsapp_container_labels_bridgev2_enabled }}"}
 
 - name: (Deprecation) Catch and report renamed settings
   ansible.builtin.fail:

roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2

@@ -5,7 +5,8 @@ traefik.enable=true
 traefik.docker.network={{ matrix_mautrix_whatsapp_container_labels_traefik_docker_network }}
 {% endif %}
 
-traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8001
+traefik.http.services.{{ matrix_mautrix_whatsapp_identifier }}-appservice.loadbalancer.server.port=8080
+traefik.http.services.{{ matrix_mautrix_whatsapp_identifier }}-metrics.loadbalancer.server.port=8001
 
 {% if matrix_mautrix_whatsapp_container_labels_metrics_enabled %}
 ############################################################
@@ -15,22 +16,22 @@ traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8
 ############################################################
 
 {% if matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled %}
-traefik.http.middlewares.matrix-mautrix-whatsapp-metrics-basic-auth.basicauth.users={{ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users }}
+traefik.http.middlewares.{{ matrix_mautrix_whatsapp_identifier }}-metrics-basic-auth.basicauth.users={{ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users }}
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.middlewares=matrix-mautrix-whatsapp-metrics-basic-auth
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.middlewares={{ matrix_mautrix_whatsapp_identifier }}-metrics-basic-auth
 {% endif %}
 
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.rule={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_rule }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.rule={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_rule }}
 
 {% if matrix_mautrix_whatsapp_container_labels_metrics_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.priority={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_priority }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.priority={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_priority }}
 {% endif %}
 
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.service=matrix-mautrix-whatsapp-metrics
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.service={{ matrix_mautrix_whatsapp_identifier }}-metrics
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.entrypoints={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_entrypoints }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.entrypoints={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_entrypoints }}
 
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_tls | to_json }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.tls={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_tls | to_json }}
 {% if matrix_mautrix_whatsapp_container_labels_metrics_traefik_tls %}
-traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_tls_certResolver }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-metrics.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_metrics_traefik_tls_certResolver }}
 {% endif %}
 
 ############################################################
@@ -40,6 +41,36 @@ traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls.certResolver={{ matrix_
 ############################################################
 {% endif %}
 
+{% if matrix_mautrix_whatsapp_container_labels_bridgev2_enabled %}
+############################################################
+#                                                          #
+# Appservice Bridgev2 API                                  #
+#                                                          #
+############################################################
+
+traefik.http.middlewares.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2-stripprefix.stripprefix.prefixes={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_stripprefix }}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.middlewares={{ matrix_mautrix_whatsapp_identifier }}-bridgev2-stripprefix
+
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.rule={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_rule }}
+
+{% if matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_priority | int > 0 %}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.priority={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.service={{ matrix_mautrix_whatsapp_identifier }}-appservice
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.entrypoints={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_entrypoints }}
+
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.tls={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls | to_json }}
+{% if matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls %}
+traefik.http.routers.{{ matrix_mautrix_whatsapp_identifier }}-bridgev2.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_bridgev2_traefik_tls_certResolver }}
+{% endif %}
+
+############################################################
+#                                                          #
+# /Appservice Bridgev2 API                                 #
+#                                                          #
+############################################################
+{% endif %}
 
 {% endif %}
 

roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2

@@ -13,12 +13,12 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_mautrix_whatsapp_identifier }} 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_mautrix_whatsapp_identifier }} 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
-			--name=matrix-mautrix-whatsapp \
+			--name={{ matrix_mautrix_whatsapp_identifier }} \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
@@ -34,16 +34,16 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
 
 {% for network in matrix_mautrix_whatsapp_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-whatsapp
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_mautrix_whatsapp_identifier }}
 {% endfor %}
 
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-mautrix-whatsapp
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_mautrix_whatsapp_identifier }}
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-whatsapp 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_mautrix_whatsapp_identifier }} 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_mautrix_whatsapp_identifier }} 2>/dev/null || true'
 Restart=always
 RestartSec=30
-SyslogIdentifier=matrix-mautrix-whatsapp
+SyslogIdentifier={{ matrix_mautrix_whatsapp_identifier }}
 
 [Install]
 WantedBy=multi-user.target

roles/custom/matrix-static-files/defaults/main.yml

@@ -349,6 +349,65 @@ matrix_static_files_file_matrix_support_configuration: "{{ matrix_static_files_f
 #                                                                      #
 ########################################################################
 
+########################################################################
+#                                                                      #
+# Related to /.well-known/matrix/mautrix                               #
+#                                                                      #
+########################################################################
+
+# Controls whether a `/.well-known/matrix/mautrix` file is generated and used at all.
+# For details about this file, see mautrix/manager auto-configuration section : https://github.com/mautrix/manager#auto-configuration
+#
+# This is not enabled by default, as for it to be useful, other information is necessary.
+# See `matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges`, `matrix_static_files_file_matrix_mautrix_property_fi_mau_external_bridge_servers`, etc.
+matrix_static_files_file_matrix_mautrix_enabled: false
+
+# Controls the fi.mau.bridges property in the /.well-known/matrix/mautrix file
+# It indexes local bridges implementing the bridgev2 API
+# Example entry : https://bridges.example.com/signal
+matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges: []
+
+# Controls the fi.mau.external_bridge_servers property in the /.well-known/matrix/mautrix file
+# It indexes remote servers with bridges implementing the bridgev2 API
+# Example entry : anotherserver.example.org
+matrix_static_files_file_matrix_mautrix_property_fi_mau_external_bridge_servers:
+  []
+
+# Default /.well-known/matrix/mautrix configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_static_files_file_matrix_mautrix_configuration_extension_json`)
+# or completely replace this variable with your own template.
+matrix_static_files_file_matrix_mautrix_configuration_json: "{{ lookup('template', 'templates/public/.well-known/matrix/mautrix.j2') }}"
+
+# Your custom JSON configuration for /.well-known/matrix/mautrix should go to `matrix_static_files_file_matrix_mautrix_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_static_files_file_matrix_mautrix_configuration_extension_json`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_static_files_file_matrix_mautrix_configuration_json`.
+#
+# Example configuration extension follows:
+#
+# matrix_static_files_file_matrix_mautrix_configuration_extension_json: |
+#   {
+#     "m.another": "value",
+#     "m.yet_another": 3
+#   }
+matrix_static_files_file_matrix_mautrix_configuration_extension_json: "{}"
+
+matrix_static_files_file_matrix_mautrix_configuration_extension: "{{ matrix_static_files_file_matrix_mautrix_configuration_extension_json | from_json if matrix_static_files_file_matrix_mautrix_configuration_extension_json | from_json is mapping else {} }}"
+
+# Holds the final /.well-known/matrix/mautrix configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_static_files_file_matrix_mautrix_configuration_json` or `matrix_static_files_file_matrix_mautrix_configuration_extension_json`.
+matrix_static_files_file_matrix_mautrix_configuration: "{{ matrix_static_files_file_matrix_mautrix_configuration_json | combine(matrix_static_files_file_matrix_mautrix_configuration_extension, recursive=True) }}"
+
+########################################################################
+#                                                                      #
+# /Related to /.well-known/matrix/mautrix                              #
+#                                                                      #
+########################################################################
 
 ########################################################################
 #                                                                      #

roles/custom/matrix-static-files/tasks/install.yml

@@ -52,6 +52,10 @@
       dest: "{{ matrix_static_files_public_well_known_matrix_path }}/support"
       when: "{{ matrix_static_files_file_matrix_support_enabled }}"
 
+    - content: "{{ matrix_static_files_file_matrix_mautrix_configuration | to_nice_json }}"
+      dest: "{{ matrix_static_files_public_well_known_matrix_path }}/mautrix"
+      when: "{{ matrix_static_files_file_matrix_mautrix_enabled }}"
+
     # This one will not be deleted if `matrix_static_files_file_index_html_enabled` flips to `false`.
     # See the comment for `matrix_static_files_file_index_html_enabled` to learn why.
     - content: "{{ matrix_static_files_file_index_html_template }}"
@@ -70,6 +74,12 @@
     state: absent
   when: "not matrix_static_files_file_matrix_support_enabled | bool"
 
+- name: Ensure /.well-known/matrix/mautrix file deleted if not enabled
+  ansible.builtin.file:
+    path: "{{ matrix_static_files_public_well_known_matrix_path }}/mautrix"
+    state: absent
+  when: "not matrix_static_files_file_matrix_mautrix_enabled | bool"
+
 - name: Ensure matrix-static-files container image is pulled
   community.docker.docker_image:
     name: "{{ matrix_static_files_container_image }}"

roles/custom/matrix-static-files/tasks/self_check_well_known.yml

@@ -24,6 +24,21 @@
       ansible.builtin.set_fact:
         well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
 
+- when: matrix_static_files_file_matrix_mautrix_enabled | bool
+  block:
+    - name: Prepare /.well-known/matrix/mautrix to well-known files to check, if enabled
+      ansible.builtin.set_fact:
+        well_known_file_check_matrix_mautrix:
+          path: /.well-known/matrix/mautrix
+          purpose: Mautrix bridge discovery
+          cors: true
+          follow_redirects: safe
+          validate_certs: "{{ matrix_static_files_self_check_validate_certificates }}"
+
+    - name: Inject /.well-known/matrix/mautrix to well-known files to check, if enabled
+      ansible.builtin.set_fact:
+        well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_mautrix] }}"
+
 - name: Perform well-known checks
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
   with_items: "{{ well_known_file_checks }}"

roles/custom/matrix-static-files/templates/public/.well-known/matrix/mautrix.j2

@@ -0,0 +1,4 @@
+{
+  "fi.mau.bridges": {{ matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges|to_json }},
+  "fi.mau.external_bridge_servers": {{ matrix_static_files_file_matrix_mautrix_property_fi_mau_external_bridge_servers|to_json }}
+}