# SPDX-FileCopyrightText: 2024 MDAD Team and contributors # # SPDX-License-Identifier: AGPL-3.0-or-later --- - name: Fail if required Synapse settings not defined ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] | length == 0" with_items: - {'name': 'matrix_synapse_username', when: true} - {'name': 'matrix_synapse_uid', when: true} - {'name': 'matrix_synapse_gid', when: true} - {'name': 'matrix_synapse_container_network', when: true} - {'name': 'matrix_synapse_macaroon_secret_key', when: true} - {'name': 'matrix_synapse_database_host', when: true} - {'name': 'matrix_synapse_database_user', when: true} - {'name': 'matrix_synapse_database_password', when: true} - {'name': 'matrix_synapse_database_database', when: true} - {'name': 'matrix_synapse_container_labels_public_client_root_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_root_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_root_redirection_url', when: "{{ matrix_synapse_container_labels_public_client_root_redirection_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_internal_client_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_synapse_client_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_client_synapse_admin_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_client_synapse_admin_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_hostname', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"} - {'name': 'matrix_synapse_container_labels_public_federation_api_traefik_entrypoints', when: "{{ matrix_synapse_container_labels_public_federation_api_enabled }}"} - {'name': 'matrix_synapse_metrics_proxying_hostname', when: "{{ matrix_synapse_metrics_proxying_enabled }}"} - {'name': 'matrix_synapse_metrics_proxying_path_prefix', when: "{{ matrix_synapse_metrics_proxying_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_issuer', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_client_id', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_client_auth_method', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_client_secret', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_admin_token', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_experimental_features_msc3861_account_management_url', when: "{{ matrix_synapse_experimental_features_msc3861_enabled }}"} - {'name': 'matrix_synapse_container_labels_traefik_compression_middleware_name', when: "{{ matrix_synapse_container_labels_traefik_compression_middleware_enabled }}"} - name: Fail if asking for more than 1 instance of single-instance workers ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item] | int > 1" with_items: - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_user_dir_workers_count" - "matrix_synapse_workers_background_workers_count" - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" - "matrix_synapse_workers_stream_writer_receipts_stream_workers_count" - "matrix_synapse_workers_stream_writer_presence_stream_workers_count" - name: Fail when mixing generic workers with new specialized workers ansible.builtin.fail: msg: >- Generic workers should not be mixed with the new specialized worker types (room workers, sync workers, client readers, and federation readers) when: matrix_synapse_workers_generic_workers_count | int > 0 and ((matrix_synapse_workers_room_workers_count | int + matrix_synapse_workers_sync_workers_count | int + matrix_synapse_workers_client_reader_workers_count | int + matrix_synapse_workers_federation_reader_workers_count | int) > 0) - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). when: "item.old in vars" with_items: - {'old': 'matrix_synapse_email_riot_base_url', 'new': ''} - {'old': 'matrix_synapse_container_expose_api_port', 'new': ''} - {'old': 'matrix_synapse_no_tls', 'new': ''} - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'} - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'} - {'old': 'matrix_room_list_publication_rules', 'new': 'matrix_synapse_room_list_publication_rules'} - {'old': 'matrix_synapse_rc_messages_per_second', 'new': ''} - {'old': 'matrix_synapse_rc_message_burst_count', 'new': ''} - {'old': 'matrix_synapse_federation_rc_window_size', 'new': ''} - {'old': 'matrix_synapse_federation_rc_sleep_limit', 'new': ''} - {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': ''} - {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': ''} - {'old': 'matrix_synapse_federation_rc_concurrent', 'new': ''} - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': ''} - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': ''} - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': ''} - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} - {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': ''} - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': ''} - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': ''} - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': ''} - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': ''} - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'} - {'old': 'matrix_synapse_send_federation', 'new': ''} - {'old': 'matrix_synapse_start_pushers', 'new': ''} - {'old': 'matrix_synapse_spam_checker', 'new': ''} - {'old': 'matrix_synapse_caches_autotuning_max_cache_memory_usage', 'new': 'matrix_synapse_cache_autotuning_max_cache_memory_usage'} - {'old': 'matrix_synapse_caches_autotuning_target_cache_memory_usage', 'new': 'matrix_synapse_cache_autotuning_target_cache_memory_usage'} - {'old': 'matrix_synapse_caches_autotuning_min_cache_ttl', 'new': 'matrix_synapse_cache_autotuning_min_cache_ttl'} - {'old': 'matrix_synapse_memtotal_kb', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: msg: >- Your matrix_synapse_configuration_extension_yaml configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). when: "item.old in matrix_synapse_configuration_extension" with_items: - {'old': 'federation_ip_range_blacklist', 'new': 'ip_range_blacklist'} - when: matrix_synapse_container_image_customizations_templates_enabled | bool block: - name: Fail if required `matrix_synapse_container_image_customizations_templates_*` settings not defined ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) when enabling `matrix_synapse_container_image_customizations_templates_enabled`. when: "vars[item] == ''" with_items: - matrix_synapse_container_image_customizations_templates_git_repository_url - matrix_synapse_container_image_customizations_templates_git_repository_branch - name: Fail if required `matrix_synapse_container_image_customizations_templates_git_repository_keyscan_*` settings not defined ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`) when enabling `matrix_synapse_container_image_customizations_templates_git_repository_keyscan`. when: "matrix_synapse_container_image_customizations_templates_git_repository_keyscan_enabled | bool and vars[item] == ''" with_items: - matrix_synapse_container_image_customizations_templates_git_repository_keyscan_hostname - name: Fail when auto-accept-invite enabled as a native feature and a module at the same time ansible.builtin.fail: msg: >- Your configuration enables the auto-accept invites feature both as a native Synapse feature (`matrix_synapse_auto_accept_invites_enabled`) and a 3rd party module (`matrix_synapse_ext_synapse_auto_accept_invite_enabled`). This is unnecessary, since they both do the same and the native feature is built on top of the 3rd party module anyway. Enabling both at the same time will lead to issues. We recommend leaving `matrix_synapse_auto_accept_invites_enabled` in your configuration and removing `matrix_synapse_ext_synapse_auto_accept_invite_enabled`. when: - matrix_synapse_auto_accept_invites_enabled - matrix_synapse_ext_synapse_auto_accept_invite_enabled - name: Fail if known Synapse password provider modules are enabled when auth is delegated to Matrix Authentication Service ansible.builtin.fail: msg: "When Synapse is delegating authentication to Matrix Authentication Service, it does not make sense to enable password provider modules, because it is not Synapse that is handling authentication. Please disable {{ item }} before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise." when: matrix_synapse_experimental_features_msc3861_enabled and vars[item] | bool with_items: - matrix_synapse_ext_password_provider_rest_auth_enabled - matrix_synapse_ext_password_provider_shared_secret_auth_enabled - matrix_synapse_ext_password_provider_ldap_enabled - name: Fail if password config is enabled for Synapse when auth is delegated to Matrix Authentication Service ansible.builtin.fail: msg: "When Synapse is delegating authentication to Matrix Authentication Service, it doesn't make sense to enable the password config (`matrix_synapse_password_config_enabled: true`), because it is not Synapse that is handling authentication. Please remove your `matrix_synapse_password_config_enabled: true` setting before enabling Matrix Authentication Service integration for Synapse. Synapse will refuse to start otherwise." when: matrix_synapse_experimental_features_msc3861_enabled and matrix_synapse_password_config_enabled - name: Fail if QR code login (MSC4108) is enabled while Next-Gen Auth (MSC3861) is not ansible.builtin.fail: msg: "When Synapse QR code login is enabled (MSC4108 via `matrix_synapse_experimental_features_msc4108_enabled`), Next-Gen auth (MSC3861 via `matrix_synapse_experimental_features_msc3861_enabled`) must also be enabled." when: matrix_synapse_experimental_features_msc4108_enabled and not matrix_synapse_experimental_features_msc3861_enabled