Mergefix.

CHANGELOG.md

@@ -1,3 +1,80 @@
+# 2022-01-07
+
+## Dendrite support
+
+**TLDR**: We now have optional experimental [Dendrite](https://github.com/matrix-org/dendrite) homeserver support for new installations. **Existing (Synapse) installations need to be updated**, because some internals changed. See [Adapting the configuration for existing Synapse installations](#adapting-the-configuration-for-existing-synapse-installations).
+
+[Jip J. Dekker](https://github.com/Dekker1) did the [initial work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/818) of adding [Dendrite](https://github.com/matrix-org/dendrite) support to the playbook back in January 2021. Lots of work (and time) later, Dendrite support is finally ready for testing.
+
+We believe that 2022 will be the year of the non-Synapse Matrix server!
+
+The playbook was previously quite [Synapse](https://github.com/matrix-org/synapse)-centric, but can now accommodate multiple homeserver implementations. Only one homeserver implementation can be active (installed) at a given time.
+
+**Synapse is still the default homeserver implementation** installed by the playbook. A new variable (`matrix_homeserver_implementation`) controls which server implementation is enabled (`synapse` or `dendrite` at the given moment).
+
+### Adapting the configuration for existing Synapse installations
+
+Because the playbook is not so Synapse-centric anymore, a small configuration change is necessary for existing installations to bring them up to date.
+
+The `vars.yml` file for **existing installations will need to be updated** by adding this **additional configuration**:
+
+```yaml
+# All secrets keys are now derived from `matrix_homeserver_generic_secret_key`, not from `matrix_synapse_macaroon_secret_key`.
+# To keep them all the same, define `matrix_homeserver_generic_secret_key` in terms of `matrix_synapse_macaroon_secret_key`.
+# Using a new secret value for this configuration key is also possible and should not cause any problems.
+#
+# Fun fact: new installations (based on the new `examples/vars.yml` file) do this in reverse.
+# That is, the Synapse macaroon secret is derived from `matrix_homeserver_generic_secret_key`.
+matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
+```
+
+### Trying out Dendrite
+
+Finally, **to try out Dendrite**, we recommend that you **use a new server** and the following addition to your `vars.yml` configuration:
+
+```yaml
+matrix_homeserver_implementation: dendrite
+```
+
+**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse to Dendrite) without data loss.
+
+We're excited to gain support for other homeserver implementations, like [Conduit](https://conduit.rs/), etc!
+
+
+## Honoroit bot support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now help you set up [Honoroit](https://gitlab.com/etke.cc/honoroit) - a helpdesk bot.
+
+See our [Setting up Honoroit](docs/configuring-playbook-bot-honoroit.md) documentation to get started.
+
+
+# 2022-01-06
+
+## Cinny support
+
+Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [Cinny](https://cinny.in/) - a new simple, elegant and secure Matrix client.
+
+By default, we still install Element. Still, people who'd like to try Cinny out can now install it via the playbook.
+
+Additional details are available in [Setting up Cinny](docs/configuring-playbook-client-cinny.md).
+
+
+# 2021-12-22
+
+## Twitter bridging support via mautrix-twitter
+
+Thanks to [Matthew Cengia](https://github.com/mattcen) and [Shreyas Ajjarapu](https://github.com/shreyasajj), besides [mx-puppet-twitter](docs/configuring-playbook-bridge-mx-puppet-twitter.md), bridging to [Twitter](https://twitter.com/) can now also happen with [mautrix-twitter](docs/configuring-playbook-bridge-mautrix-twitter.md).
+
+
+# 2021-12-14
+
+## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability
+
+Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable.
+
+One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md).
+
+
 # 2021-11-11
 
 ## Dropped support for Postgres v9.6

README.md

@@ -19,6 +19,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
 
+- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
+
 - (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
 
 - (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.
@@ -51,6 +53,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
 
+- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
+
 - (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
 
 - (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
@@ -97,6 +101,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
 
+- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
+
 - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
 
 - (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation
@@ -111,6 +117,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
 
+- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
+
 Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
 
 **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

collections/requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - name: community.general
+  - name: community.docker  

docs/ansible.md

@@ -51,7 +51,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
-docker.io/devture/ansible:2.10.7-r0
+docker.io/devture/ansible:2.11.6-r1
 ```
 
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

docs/configuring-awx-system.md

@@ -4,7 +4,7 @@ An AWX setup for managing multiple Matrix servers.
 
 This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
 
-Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
+Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context.
 
 The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
 
@@ -21,12 +21,7 @@ The following repositories allow you to copy and use this setup:
 
 [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
 
-
+[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental.
-## Testing Fork For This Playbook
-
-Updates to this section are trailed here:
-
-[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy)
 
 
 ## Does I need an AWX setup to use this? How do I configure it? 
@@ -38,7 +33,6 @@ For simpler installation steps you can use to get started with this system, chec
 
 ## Does I need a front-end WordPress site? And a DigitalOcean account? 
 
-You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
+You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context.
-
-You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.
 
+You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers.

docs/configuring-dns.md

@@ -37,6 +37,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
 | CNAME | `goneb`                      | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `sygnal`                     | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `hydrogen`                   | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `cinny`                      | -        | -      | -    | `matrix.<your-domain>` |
 
 ## Subdomains setup
 
@@ -57,6 +58,7 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou
 
 The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
 
+The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
 
 ## `_matrix-identity._tcp` SRV record setup
 

docs/configuring-playbook-bot-go-neb.md

@@ -198,8 +198,8 @@ matrix_bot_go_neb_services:
       # Each room will get the notification with the alert rendered with the given template
       rooms:
         "!someroomid:domain.tld":
-          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
+          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
-          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
           msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 ```
 

docs/configuring-playbook-bot-honoroit.md

@@ -0,0 +1,55 @@
+# Setting up Honoroit (optional)
+
+The playbook can install and configure [Honoroit](https://gitlab.com/etke.cc/honoroit) for you.
+
+It's a bot you can use to setup **your own helpdesk on matrix**
+
+See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
+
+
+## Registering the bot user
+
+By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.
+
+(to use a different username, adjust the `matrix_bot_honoroit_login` variable).
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_honoroit_enabled: true
+
+# Adjust this to whatever password you chose when registering the bot user
+matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT
+
+# Adjust this to your room ID
+matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To use the bot, invite the `@honoroit:DOMAIN` to the room you specified in config, after that any matrix user can send a message to the `@honoroit:DOMAIN` to start a new thread in that room.
+
+Send `!ho help` to the room to see the bot's help menu for additional commands.
+
+You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/honoroit#features).

docs/configuring-playbook-bridge-mautrix-twitter.md

@@ -0,0 +1,35 @@
+# Setting up Mautrix Twitter (optional)
+
+**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) bridge supported by the playbook.
+
+The playbook can install and configure [mautrix-twitter](https://github.com/mautrix/twitter) for you.
+
+See the project's [documentation](https://github.com/mautrix/twitter) to learn what it does and why it might be useful to you.
+
+```yaml
+matrix_mautrix_twitter_enabled: true
+```
+
+
+## Set up Double Puppeting
+
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
+
+### Method 1: automatically, by enabling Shared Secret Auth
+
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
+
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+
+### Method 2: manually, by asking each user to provide a working access token
+
+This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/mautrix/twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
+
+## Usage
+
+1. You then need to start a chat with `@twitterbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+2. Send login-cookie to start the login. The bot should respond with instructions on how to proceed.
+
+You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
+
+After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

docs/configuring-playbook-bridge-mx-puppet-twitter.md

@@ -1,5 +1,7 @@
 # Setting up MX Puppet Twitter (optional)
 
+**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mautrix-twitter](configuring-playbook-bridge-mautrix-twitter.md) bridge supported by the playbook.
+
 The playbook can install and configure
 [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.
 

docs/configuring-playbook-client-cinny.md

@@ -0,0 +1,21 @@
+# Configuring Cinny (optional)
+
+This playbook can install the [cinny](https://github.com/ajbura/cinny) Matrix web client for you.
+cinny is a web client focusing primarily on simple, elegant and secure interface.
+cinny can be installed alongside or instead of Element.
+
+If you'd like cinny to be installed, add the following to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_client_cinny_enabled: true
+```
+
+You will also need to add a DNS record so that cinny can be accessed.
+By default cinny will use https://cinny.DOMAIN so you will need to create an CNAME record
+for `cinny`. See [Configuring DNS](configuring-dns.md).
+
+If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain):
+
+```yaml
+ matrix_server_fqn_cinny: "app.{{ matrix_domain }}"
+```

docs/configuring-playbook-dimension.md

@@ -58,7 +58,7 @@ curl -X POST --header 'Content-Type: application/json' -d '{
     "type": "m.login.password"
 }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
 ```
-*Change the "YourDimensionUser/Pass" URL accordigly*
+*Change `YourDimensionUsername`, `YourDimensionPassword`, and `YOURDOMAIN` accordingly.*
 
 **Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**
 

docs/configuring-playbook-etherpad.md

@@ -25,6 +25,23 @@ The Dimension administrator users can configure the default URL template. The Di
 If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
 Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`
 
+### Etherpad Admin access (optional)
+
+Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_etherpad_admin_username: admin
+matrix_etherpad_admin_password: some-password
+```
+
+The admin web-UI should then be available on: `https://dimension.<your-domain>/etherpad/admin`
+
+### Managing / Deleting old pads
+
+If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above.
+
+Then from the plugin manager page (`https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
+
 ## Known issues
 
 If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.

docs/configuring-playbook-jitsi.md

@@ -41,13 +41,23 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes](
 
 If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms.
 
-Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
 
 ```yaml
 matrix_jitsi_enable_auth: true
 matrix_jitsi_enable_guests: true
+matrix_jitsi_prosody_auth_internal_accounts:
+  - username: "jitsi-moderator"
+    password: "secret-password"
+  - username: "another-user"
+    password: "another-password"
 ```
 
+**Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
+
+**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
+
+
 ### (Optional) LDAP authentication
 
 The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be:
@@ -122,19 +132,6 @@ You may want to **limit the maximum video resolution**, to save up resources on
 
 Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
 
-## Required if configuring Jitsi with internal authentication: register new users
-
-Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
-Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
-
-```bash
-docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
-```
-
-Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
-
-**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
-
 
 ## Usage
 

docs/configuring-playbook-own-webserver.md

@@ -64,7 +64,7 @@ Once you've followed the [Preparation](#preparation) guide above, you can take a
 
 ### Using your own external caddy webserver
 
-After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration.
+After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory and [examples/caddy2](../examples/caddy2) directory for a sample configuration for Caddy v1 and v2, respectively.
 
 ### Using your own HAproxy reverse proxy
 After following  the [Preparation](#preparation) guide above, you can take a look at the [examples/haproxy](../examples/haproxy) directory for a sample configuration. In this case HAproxy is used as a reverse proxy and a simple Nginx container is used to serve statically `.well-known` files.
@@ -111,6 +111,9 @@ matrix_coturn_enabled: false
 
 # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
 matrix_nginx_proxy_trust_forwarded_proto: true
+
+# Trust and use the other reverse proxy's `X-Forwarded-For` header.
+matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
 ```
 
 With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
@@ -136,6 +139,12 @@ matrix_nginx_proxy_https_enabled: false
 matrix_nginx_proxy_container_http_host_bind_port: ''
 matrix_nginx_proxy_container_federation_host_bind_port: ''
 
+# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
+matrix_nginx_proxy_trust_forwarded_proto: true
+
+# Trust and use the other reverse proxy's `X-Forwarded-For` header.
+matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
+
 # Disable Coturn because it needs SSL certs
 # (Clients can, though exposing IP address, use Matrix.org TURN)
 matrix_coturn_enabled: false

docs/configuring-playbook.md

@@ -69,6 +69,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
 
 - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional)
+- [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional)
 
 
 ### Authentication and user-related
@@ -102,6 +103,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
 
+- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
+
 - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
 
 - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
@@ -139,6 +142,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional)
 
+- [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional)
+
 - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional)
 
 - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)

docs/container-images.md

@@ -30,6 +30,8 @@ These services are enabled and used by default, but you can turn them off, if yo
 
 These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later):
 
+- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional)
+
 - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
 
 - [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) - the [Etherpad](https://etherpad.org) realtime collaborative text editor that can be used in a Jitsi audio/video call or integrated as a widget into Matrix chat rooms via the Dimension integration manager (optional)
@@ -46,6 +48,8 @@ These services are not part of our default installation, but can be enabled by [
 
 - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
 
+- [mautrix/twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/mautrix/twitter) bridge to [Twitter](https://twitter.com/) (optional)
+
 - [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
 
 - [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)
@@ -90,6 +94,8 @@ These services are not part of our default installation, but can be enabled by [
 
 - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
 
+- [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional)
+
 - [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
 
 - [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional)

docs/importing-postgres.md

@@ -12,7 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa
 
 The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
 
-Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
+Importing multiple databases (as dumped by `pg_dumpall`) is also supported.  
+But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...)
 
 Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay).
 
@@ -32,6 +33,7 @@ ansible-playbook -i inventory/hosts setup.yml \
 
 ## Troubleshooting
 
+### Table Ownership
 A table ownership issue can occur if you are importing from a Synapse installation which was both:
 
  - migrated from SQLite to Postgres, and
@@ -48,7 +50,7 @@ where `synapse_user` is the database username from the previous Synapse installa
 This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username:
 
 ```Shell
-$ grep "ALTER TABLE" homeserver.sql"
+$ grep "ALTER TABLE" homeserver.sql
 ALTER TABLE public.access_tokens OWNER TO synapse_user;
 ALTER TABLE public.account_data OWNER TO synapse_user;
 ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user;
@@ -60,10 +62,10 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
 It can be worked around by changing the username to `synapse`, for example by using `sed`:
 
 ```Shell
-$ sed -i "s/synapse_user/synapse/g" homeserver.sql
+$ sed -i "s/OWNER TO synapse_user;/OWNER TO synapse;/g" homeserver.sql
 ```
 
-This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.
+This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would... well - you can imagine.
 
 Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as:
 
@@ -71,6 +73,8 @@ Note that if the previous import failed with an error it may have made changes w
 ERROR:  relation \"access_tokens\" already exists
 ```
 
+### Repeat import
+
 In this case you can use the command suggested in the import task to clear the database before retrying the import:
 
 ```Shell
@@ -79,4 +83,20 @@ In this case you can use the command suggested in the import task to clear the d
 # systemctl start matrix-postgres
 ```
 
-Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
+Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc.
+
+If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database.
+```
+"ERROR:  role synapse does not exist"
+```
+
+Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.  
+Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
+
+```
+/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
+```
+
+### Hints
+
+To open psql terminal run `/usr/local/bin/matrix-postgres-cli`

docs/self-building.md

@@ -15,14 +15,17 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-synapse-admin`
 - `matrix-client-element`
 - `matrix-client-hydrogen`
+- `matrix-client-cinny`
 - `matrix-registration`
 - `matrix-coturn`
 - `matrix-corporal`
+- `matrix-dimension`
 - `matrix-ma1sd`
 - `matrix-mailer`
 - `matrix-bridge-appservice-irc`
 - `matrix-bridge-appservice-slack`
 - `matrix-bridge-appservice-webhooks`
+- `matrix-bridge-beeper-linkedin`
 - `matrix-bridge-mautrix-facebook`
 - `matrix-bridge-mautrix-hangouts`
 - `matrix-bridge-mautrix-googlechat`
@@ -31,6 +34,7 @@ List of roles where self-building the Docker image is currently possible:
 - `matrix-bridge-mautrix-whatsapp`
 - `matrix-bridge-mx-puppet-skype`
 - `matrix-bot-mjolnir`
+- `matrix-bot-honoroit`
 - `matrix-bot-matrix-reminder-bot`
 - `matrix-email2matrix`
 

examples/caddy2/Caddyfile

@@ -27,6 +27,10 @@ matrix.DOMAIN.tld {
         not path /matrix/static-files/*
   }
 
+  @wellknown {
+        path /.well-known/matrix/*
+  }
+
   header {
         # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@@ -69,6 +73,15 @@ matrix.DOMAIN.tld {
         }
   }
 
+  handle @wellknown {
+        encode zstd gzip
+        root * /matrix/static-files
+	header Cache-Control max-age=14400
+        header Content-Type application/json
+        header Access-Control-Allow-Origin *
+        file_server
+  }
+
   handle {
         encode zstd gzip
 
@@ -102,17 +115,17 @@ element.DOMAIN.tld {
       # tls your@email.com
 
       header {
-         	# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
+                # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
-        	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+                Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-        	# Enable cross-site filter (XSS) and tell browser to block detected attacks
+                # Enable cross-site filter (XSS) and tell browser to block detected attacks
-        	X-XSS-Protection "1; mode=block"
+                X-XSS-Protection "1; mode=block"
-        	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+                # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
-        	X-Content-Type-Options "nosniff"
+                X-Content-Type-Options "nosniff"
-        	# Disallow the site to be rendered within a frame (clickjacking protection)
+                # Disallow the site to be rendered within a frame (clickjacking protection)
-        	X-Frame-Options "DENY"
+                X-Frame-Options "DENY"
-        	# X-Robots-Tag
+                # X-Robots-Tag
-        	X-Robots-Tag "noindex, noarchive, nofollow"
+                X-Robots-Tag "noindex, noarchive, nofollow"
-  	}
+        }
 
         handle {
               encode zstd gzip

examples/vars.yml

@@ -10,6 +10,14 @@
 # Example value: example.com
 matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
 
+# The Matrix homeserver software to install.
+# See `roles/matrix-base/defaults/main.yml` for valid options.
+matrix_homeserver_implementation: synapse
+
+# A secret used as a base, for generating various other secrets.
+# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
+matrix_homeserver_generic_secret_key: ''
+
 # This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
 #
 # In case SSL renewal fails at some point, you'll also get an email notification there.
@@ -20,14 +28,6 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
 # Example value: someone@example.com
 matrix_ssl_lets_encrypt_support_email: ''
 
-# A shared secret (between Coturn and Synapse) used for authentication.
-# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-matrix_coturn_turn_static_auth_secret: ''
-
-# A secret used to protect access keys issued by the server.
-# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-matrix_synapse_macaroon_secret_key: ''
-
 # A Postgres password to use for the superuser Postgres user (called `matrix` by default).
 #
 # The playbook creates additional Postgres users and databases (one for each enabled service)

roles/matrix-awx/defaults/main.yml

@@ -1 +1,6 @@
 matrix_awx_enabled: true
+
+# Defaults for 'Customise Website + Access Export' template
+awx_sftp_auth_method: 'Disabled'
+awx_sftp_password: ''
+awx_sftp_public_key: ''

roles/matrix-awx/tasks/main.yml

@@ -8,9 +8,9 @@
   tags:
     - always
 
-# Renames the variables if needed
+# Renames or updates the vars.yml if needed
 - include_tasks: 
-    file: "rename_variables.yml"
+    file: "update_variables.yml"
     apply:
       tags: always
   when: run_setup|bool and matrix_awx_enabled|bool

roles/matrix-awx/tasks/purge_database_build_list.yml

@@ -1,11 +0,0 @@
----
-
-- name: Collect entire room list into stdout
-  shell: |
-    curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/rooms?from={{ item }}'
-  register: awx_rooms_output
-
-- name: Print stdout to file
-  delegate_to: 127.0.0.1
-  shell: |
-    echo '{{ awx_rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json

roles/matrix-awx/tasks/purge_database_main.yml

@@ -29,9 +29,9 @@
   when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
   register: awx_synapse_container_ip
 
-- name: Collect access token for janitor user
+- name: Collect access token for @admin-janitor user
   shell: |
-    curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
+    curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
   when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
   register: awx_janitors_token
   no_log: True

roles/matrix-awx/tasks/purge_media_main.yml

@@ -21,21 +21,22 @@
   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
   register: awx_synapse_container_ip
 
-- name: Collect access token for janitor user
+- name: Collect access token for @admin-janitor user
   shell: |
-    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
+    curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
   register: awx_janitors_token
   no_log: True
 
 - name: Generate list of dates to purge to
   delegate_to: 127.0.0.1
-  shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
+  shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
   register: awx_purge_dates
 
 - name: Calculate initial size of local media repository
   shell: du -sh /matrix/synapse/storage/media-store/local*
   register: awx_local_media_size_before
   when: awx_purge_media_type == "Local Media"
+  async: 600
   ignore_errors: yes
   no_log: True
 
@@ -43,6 +44,7 @@
   shell: du -sh /matrix/synapse/storage/media-store/remote*
   register: awx_remote_media_size_before
   when: awx_purge_media_type == "Remote Media"
+  async: 600 
   ignore_errors: yes
   no_log: True
 

roles/matrix-awx/tasks/rename_variables.yml

@@ -1,8 +0,0 @@
----
-
-- name: Rename synapse presence variable
-  delegate_to: 127.0.0.1
-  replace:
-    path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
-    regexp: 'matrix_synapse_use_presence'
-    replace: 'matrix_synapse_presence_enabled'

roles/matrix-awx/tasks/self_check.yml

@@ -50,12 +50,14 @@
 - name: Calculate size of local media repository
   shell: du -sh /matrix/synapse/storage/media-store/local*
   register: awx_local_media_size_stat
+  async: 600
   ignore_errors: yes
   no_log: True
 
 - name: Calculate size of remote media repository
   shell: du -sh /matrix/synapse/storage/media-store/remote*
   register: awx_remote_media_size_stat
+  async: 600
   ignore_errors: yes
   no_log: True
 

roles/matrix-awx/tasks/set_variables_dimension.yml

@@ -12,9 +12,9 @@
       - curl
     state: present
 
-- name: Collect access token of Dimension user
+- name: Collect access token of @admin-dimension user
   shell: |
-    curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
+    curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
   register: awx_dimension_user_access_token
 
 - name: Record Synapse variables locally on AWX

roles/matrix-awx/tasks/update_variables.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Rename synapse presence variable
+  delegate_to: 127.0.0.1
+  replace:
+    path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
+    regexp: 'matrix_synapse_use_presence'
+    replace: 'matrix_synapse_presence_enabled'
+
+- name: Generate matrix_homeserver_generic_secret_key variable
+  delegate_to: 127.0.0.1
+  command: |
+      openssl rand -hex 16
+  register: generic_secret
+  no_log: True
+  when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )
+
+- name: Add new matrix_homeserver_generic_secret_key variable
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
+    insertbefore: '# Basic Settings End'
+    mode: '0600'
+    state: present    
+  when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )

roles/matrix-base/defaults/main.yml

@@ -7,6 +7,18 @@
 # Example value: example.com
 matrix_domain: ~
 
+# This will contain the homeserver implementation that is in use.
+# Valid values: synapse, dendrite
+#
+# By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
+#
+# This value automatically influences other variables (`matrix_synapse_enabled`, `matrix_dendrite_enabled`, etc.).
+# The homeserver implementation of an existing server cannot be changed without data loss.
+matrix_homeserver_implementation: synapse
+
+# This contains a secret, which is used for generating various other secrets later on.
+matrix_homeserver_generic_secret_key: ''
+
 # This is where your data lives and what we set up.
 # This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
@@ -21,6 +33,9 @@ matrix_server_fqn_element: "element.{{ matrix_domain }}"
 # This is where you access the Hydrogen web client from (if enabled via matrix_client_hydrogen_enabled; disabled by default).
 matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
 
+# This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
+matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
+
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
 
@@ -88,11 +103,16 @@ matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS
 
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 
-# Specifies where the homeserver is on the container network.
+# Specifies where the homeserver's Client-Server API is on the container network.
-# Where this is depends on whether there's a reverse-proxy in front of it, etc.
+# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
 # This likely gets overriden elsewhere.
 matrix_homeserver_container_url: ""
 
+# Specifies where the homeserver's Federation API is on the container network.
+# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
+# This likely gets overriden elsewhere.
+matrix_homeserver_container_federation_url: ""
+
 matrix_identity_server_url: ~
 
 matrix_integration_manager_rest_url: ~
@@ -118,6 +138,72 @@ matrix_client_element_e2ee_secure_backup_required: false
 # See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
 matrix_client_element_e2ee_secure_backup_setup_methods: []
 
+# Default `/.well-known/matrix/client` configuration - it covers the generic use case.
+# You can customize it by controlling the various variables inside the template file that it references.
+#
+# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_client_configuration_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-client.j2') }}"
+
+# Your custom JSON configuration for `/.well-known/matrix/client` should go to `matrix_well_known_matrix_client_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_well_known_matrix_client_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_well_known_matrix_client_configuration`.
+#
+# Example configuration extension follows:
+#
+# matrix_well_known_matrix_client_configuration_extension_json: |
+#   {
+#     "io.element.call_behaviour": {
+#       "widget_build_url": "https://dimension.example.com/api/v1/dimension/bigbluebutton/widget_state"
+#     }
+#   }
+matrix_well_known_matrix_client_configuration_extension_json: '{}'
+
+matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}"
+
+# Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`.
+matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
+
+# Default `/.well-known/matrix/server` configuration - it covers the generic use case.
+# You can customize it by controlling the various variables inside the template file that it references.
+#
+# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_server_configuration_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-server.j2') }}"
+
+# Your custom JSON configuration for `/.well-known/matrix/server` should go to `matrix_well_known_matrix_server_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_well_known_matrix_server_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_well_known_matrix_server_configuration`.
+#
+# Example configuration extension follows:
+#
+# matrix_well_known_matrix_server_configuration_extension_json: |
+#   {
+#     "something": "another"
+#   }
+matrix_well_known_matrix_server_configuration_extension_json: '{}'
+
+matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}"
+
+# Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`.
+matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
+
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"
 
@@ -152,6 +238,7 @@ run_synapse_register_user: true
 run_synapse_update_user_password: true
 run_synapse_import_media_store: true
 run_synapse_rust_synapse_compress_state: true
+run_dendrite_register_user: true
 run_setup: true
 run_self_check: true
 run_start: true

roles/matrix-base/tasks/main.yml

@@ -31,4 +31,5 @@
     - setup-all
     - setup-ma1sd
     - setup-synapse
+    - setup-dendrite
     - setup-nginx-proxy

roles/matrix-base/tasks/sanity_check.yml

@@ -1,5 +1,10 @@
 ---
 
+- name: Fail if invalid homeserver implementation
+  fail:
+    msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
+  when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']"
+
 # We generally support Ansible 2.7.1 and above.
 - name: Fail if running on Ansible < 2.7.1
   fail:
@@ -28,14 +33,29 @@
     - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
     - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
 
+# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
+- name: Fail if matrix_homeserver_generic_secret_key is undefined
+  fail:
+    msg: |
+      The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
+
+      If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
+
+      If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
+      `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`
+      to your `vars.yml` file. Using another secret value for the new variable is also possible and shouldn't cause any trouble.
+  when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
+
 - name: Fail if required variables are undefined
   fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value"
+    msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
   with_items:
-    - matrix_domain
+    - {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"}
-    - matrix_server_fqn_matrix
+    - {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"}
-    - matrix_server_fqn_element
+    - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"}
-  when: "item not in vars or vars[item] is none"
+    - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url|default('') }}"}
+    - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url|default('') }}"}
+  when: "item.value is none or item.value == ''"
 
 - name: Fail if uppercase domain used
   fail:

roles/matrix-base/tasks/server_base/setup_archlinux.yml

@@ -4,8 +4,6 @@
   pacman:
     name:
       - python-docker
-      # TODO This needs to be verified. Which version do we need?
-      - fuse3
       - python-dnspython
     state: latest
     update_cache: yes

roles/matrix-base/tasks/server_base/setup_centos.yml

@@ -21,7 +21,6 @@
   yum:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_centos8.yml

@@ -28,7 +28,6 @@
   yum:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 
@@ -44,4 +43,4 @@
   pip:
     name: docker-py
     state: latest
-  when: matrix_docker_installation_enabled|bool
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -29,7 +29,6 @@
   apt:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -29,7 +29,6 @@
   apt:
     name:
       - "{{ matrix_ntpd_package }}"
-      - fuse
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/setup_well_known.yml

@@ -13,16 +13,16 @@
     - "{{ matrix_static_files_base_path }}/.well-known/matrix"
 
 - name: Ensure Matrix /.well-known/matrix/client file configured
-  template:
+  copy:
-    src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2"
+    content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}"
     dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
 
 - name: Ensure Matrix /.well-known/matrix/server file configured
-  template:
+  copy:
-    src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2"
+    content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}"
     dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
     mode: 0644
     owner: "{{ matrix_user_username }}"

roles/matrix-base/tasks/util/ensure_fuse_installed.yml

@@ -0,0 +1,23 @@
+
+# This is for both CentOS 7 and 8
+- name: Ensure fuse installed (CentOS)
+  yum:
+    name:
+      - fuse
+    state: latest
+  when: ansible_distribution == 'CentOS'
+
+# This is for both Debian and Raspbian
+- name: Ensure fuse installed (Debian/Raspbian)
+  apt:
+    name:
+      - fuse
+    state: latest
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure fuse installed (Archlinux)
+  pacman:
+    name:
+      - fuse3
+    state: latest
+  when: ansible_distribution == 'Archlinux'

roles/matrix-base/tasks/util/ensure_openssl_installed.yml

@@ -0,0 +1,23 @@
+
+# This is for both CentOS 7 and 8
+- name: Ensure openssl installed (CentOS)
+  yum:
+    name:
+      - openssl
+    state: latest
+  when: ansible_distribution == 'CentOS'
+
+# This is for both Debian and Raspbian
+- name: Ensure openssl installed (Debian/Raspbian)
+  apt:
+    name:
+      - openssl
+    state: latest
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure openssl installed (Archlinux)
+  pacman:
+    name:
+      - openssl
+    state: latest
+  when: ansible_distribution == 'Archlinux'

roles/matrix-base/tasks/validate_config.yml

@@ -1,9 +0,0 @@
----
-
-- name: Fail if required Matrix Base settings not defined
-  fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`) for using this playbook.
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_homeserver_container_url"

roles/matrix-base/vars/main.yml

@@ -1,3 +1,3 @@
 # This will contain a list of enabled services that the playbook is managing.
 # Each component is expected to append its service name to this list.
-matrix_systemd_services_list: []
+matrix_systemd_services_list: []

roles/matrix-bot-go-neb/defaults/main.yml

@@ -203,8 +203,8 @@ matrix_bot_go_neb_services: []
 #      # Each room will get the notification with the alert rendered with the given template
 #      rooms:
 #        "!someroomid:domain.tld":
-#          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
+#          text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
-#          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
+#          html_template: "{% raw %}{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
 #          msg_type: "m.text"  # Must be either `m.text` or `m.notice`
 
 # Default configuration template which covers the generic use case.

roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2

@@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			{{ matrix_bot_go_neb_docker_image }} \
 			-c "go-neb /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb

roles/matrix-bot-honoroit/defaults/main.yml

@@ -0,0 +1,109 @@
+# honoroit is a helpdesk bot
+# See: https://gitlab.com/etke.cc/honoroit
+
+matrix_bot_honoroit_enabled: true
+
+matrix_bot_honoroit_container_image_self_build: false
+matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
+matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
+
+matrix_bot_honoroit_version: v0.9.3
+matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
+matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
+
+matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
+matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
+matrix_bot_honoroit_data_path: "{{ matrix_bot_honoroit_base_path }}/data"
+matrix_bot_honoroit_data_store_path: "{{ matrix_bot_honoroit_data_path }}/store"
+
+# A list of extra arguments to pass to the container
+matrix_bot_honoroit_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-honoroit.service depends on
+matrix_bot_honoroit_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-honoroit.service wants
+matrix_bot_honoroit_systemd_wanted_services_list: []
+
+
+# Database-related configuration fields.
+#
+# To use SQLite, stick to these defaults.
+#
+# To use Postgres:
+# - change the engine (`matrix_bot_honoroit_database_engine: 'postgres'`)
+# - adjust your database credentials via the `matrix_bot_honoroit_database_*` variables
+matrix_bot_honoroit_database_engine: 'sqlite'
+
+matrix_bot_honoroit_sqlite_database_path_local: "{{ matrix_bot_honoroit_data_path }}/bot.db"
+matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db"
+
+matrix_bot_honoroit_database_username: 'honoroit'
+matrix_bot_honoroit_database_password: 'some-password'
+matrix_bot_honoroit_database_hostname: 'matrix-postgres'
+matrix_bot_honoroit_database_port: 5432
+matrix_bot_honoroit_database_name: 'honoroit'
+
+matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode=disable'
+
+matrix_bot_honoroit_storage_database: "{{
+	{
+		'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
+		'postgres': matrix_bot_honoroit_database_connection_string,
+	}[matrix_bot_honoroit_database_engine]
+}}"
+
+matrix_bot_honoroit_database_dialect: "{{
+  {
+    'sqlite': 'sqlite3',
+    'postgres': 'postgres',
+  }[matrix_bot_honoroit_database_engine]
+}}"
+
+
+# The bot's username. This user needs to be created manually beforehand.
+# Also see `matrix_bot_honoroit_password`.
+matrix_bot_honoroit_login: "honoroit"
+
+# The password that the bot uses to authenticate.
+matrix_bot_honoroit_password: ''
+
+matrix_bot_honoroit_homeserver: "{{ matrix_homeserver_container_url }}"
+
+# The room ID where bot will create threads
+matrix_bot_honoroit_roomid: ''
+
+# Command prefix
+matrix_bot_honoroit_prefix: ''
+
+# Sentry DSN
+matrix_bot_honoroit_sentry: ''
+
+# Log level
+matrix_bot_honoroit_loglevel: ''
+
+# Text prefix: open
+matrix_bot_honoroit_text_prefix_open: ''
+
+# Text prefix: done
+matrix_bot_honoroit_text_prefix_done: ''
+
+# Text: greetings
+matrix_bot_honoroit_text_greetings: ''
+
+# Text: error
+matrix_bot_honoroit_text_error: ''
+
+# Text: empty room
+matrix_bot_honoroit_text_emptyroom: ''
+
+# Text: done
+matrix_bot_honoroit_text_done: ''
+
+# Additional environment variables to pass to the Honoroit container
+#
+# Example:
+# matrix_bot_honoroit_environment_variables_extension: |
+#   HONOROIT_TEXT_DONE=Done
+matrix_bot_honoroit_environment_variables_extension: ''

roles/matrix-bot-honoroit/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
+  when: matrix_bot_honoroit_enabled|bool

roles/matrix-bot-honoroit/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_bot_honoroit_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-honoroit

roles/matrix-bot-honoroit/tasks/setup_install.yml

@@ -0,0 +1,92 @@
+---
+- set_fact:
+    matrix_bot_honoroit_requires_restart: false
+
+- block:
+    - name: Check if an SQLite database already exists
+      stat:
+        path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
+      register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
+
+    - block:
+        - set_fact:
+            matrix_postgres_db_migration_request:
+              src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
+              dst: "{{ matrix_bot_honoroit_database_connection_string }}"
+              caller: "{{ role_path|basename }}"
+              engine_variable_name: 'matrix_bot_honoroit_database_engine'
+              engine_old: 'sqlite'
+              systemd_services_to_stop: ['matrix-bot-honoroit.service']
+
+        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
+
+        - set_fact:
+            matrix_bot_honoroit_requires_restart: true
+      when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool"
+  when: "matrix_bot_honoroit_database_engine == 'postgres'"
+
+- name: Ensure honoroit paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_bot_honoroit_config_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_data_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true }
+    - { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
+  when: "item.when|bool"
+
+- name: Ensure honoroit environment variables file created
+  template:
+    src: "{{ role_path }}/templates/env.j2"
+    dest: "{{ matrix_bot_honoroit_config_path }}/env"
+    mode: 0640
+
+- name: Ensure honoroit image is pulled
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
+  when: "not matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure honoroit repository is present on self-build
+  git:
+    repo: "{{ matrix_bot_honoroit_docker_repo }}"
+    dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+    force: "yes"
+  register: matrix_bot_honoroit_git_pull_results
+  when: "matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure honoroit image is built
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    source: build
+    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_bot_honoroit_container_image_self_build|bool"
+
+- name: Ensure matrix-bot-honoroit.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+    mode: 0644
+  register: matrix_bot_honoroit_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
+
+- name: Ensure matrix-bot-honoroit.service restarted, if necessary
+  service:
+    name: "matrix-bot-honoroit.service"
+    state: restarted
+  when: "matrix_bot_honoroit_requires_restart|bool"

roles/matrix-bot-honoroit/tasks/setup_uninstall.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Check existence of matrix-honoroit service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+  register: matrix_bot_honoroit_service_stat
+
+- name: Ensure matrix-honoroit is stopped
+  service:
+    name: matrix-bot-honoroit
+    state: stopped
+    enabled: no
+    daemon_reload: yes
+  register: stopping_result
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure matrix-bot-honoroit.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
+    state: absent
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
+
+- name: Ensure Matrix honoroit paths don't exist
+  file:
+    path: "{{ matrix_bot_honoroit_base_path }}"
+    state: absent
+
+- name: Ensure honoroit Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_bot_honoroit_docker_image }}"
+    state: absent

roles/matrix-bot-honoroit/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_honoroit_password"
+    - "matrix_bot_honoroit_roomid"

roles/matrix-bot-honoroit/templates/env.j2

@@ -0,0 +1,17 @@
+HONOROIT_LOGIN={{ matrix_bot_honoroit_login }}
+HONOROIT_PASSWORD={{ matrix_bot_honoroit_password }}
+HONOROIT_HOMESERVER={{ matrix_bot_honoroit_homeserver }}
+HONOROIT_ROOMID={{ matrix_bot_honoroit_roomid }}
+HONOROIT_DB_DSN={{ matrix_bot_honoroit_database_connection_string }}
+HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
+HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
+HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
+HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
+HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
+HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
+HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
+HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
+HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}
+HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }}
+
+{{ matrix_bot_honoroit_environment_variables_extension }}

roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2

@@ -0,0 +1,39 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix helpdesk bot
+{% for service in matrix_bot_honoroit_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_bot_honoroit_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			--env-file={{ matrix_bot_honoroit_config_path }}/env \
+			--mount type=bind,src={{ matrix_bot_honoroit_data_path }},dst=/data \
+			{% for arg in matrix_bot_honoroit_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_bot_honoroit_docker_image }}
+
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-bot-honoroit
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_bot_matrix_reminder_bot_enabled: true
 
-matrix_bot_matrix_reminder_bot_container_self_build: false
+matrix_bot_matrix_reminder_bot_container_image_self_build: false
 matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
 matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
 

roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml

@@ -46,7 +46,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
-  when: "not matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot repository is present on self-build
   git:
@@ -54,7 +54,7 @@
     dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
     force: "yes"
   register: matrix_bot_matrix_reminder_bot_git_pull_results
-  when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot image is built
   docker_image:
@@ -66,7 +66,7 @@
       dockerfile: docker/Dockerfile
       path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
       pull: yes
-  when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
+  when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
 
 - name: Ensure matrix-reminder-bot config installed
   copy:

roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml

@@ -8,3 +8,12 @@
   with_items:
     - "matrix_bot_matrix_reminder_bot_matrix_user_password"
     - "matrix_bot_matrix_reminder_bot_reminders_timezone"
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}

roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
 			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-matrix-reminder-bot

roles/matrix-bot-mjolnir/defaults/main.yml

@@ -3,14 +3,13 @@
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v1.1.20"
+matrix_bot_mjolnir_version: "v1.2.1"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
 
 matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
 matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
-
 matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
 
 matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"

roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \
 			{% endfor %}
 			{{ matrix_bot_mjolnir_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-mjolnir

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false
 #
 # To use Postgres:
 # - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables
+# - adjust your database credentials via the `matrix_appservice_discord_database_*` variables
 matrix_appservice_discord_database_engine: 'sqlite'
 
 matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db"

roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
 			{{ matrix_appservice_discord_docker_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-discord

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_appservice_irc_enabled: true
 
-matrix_appservice_irc_container_self_build: false
+matrix_appservice_irc_container_image_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 

roles/matrix-bridge-appservice-irc/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.

roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

@@ -1,5 +1,7 @@
 ---
 
+- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
+
 - name: Ensure Appservice IRC paths exist
   file:
     path: "{{ item.path }}"
@@ -11,7 +13,7 @@
     - { path: "{{ matrix_appservice_irc_base_path }}", when: true }
     - { path: "{{ matrix_appservice_irc_config_path }}", when: true }
     - { path: "{{ matrix_appservice_irc_data_path }}", when: true }
-    - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" }
+    - { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" }
   when: item.when|bool
 
 - name: Check if an old passkey file already exists
@@ -61,7 +63,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
-  when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool"
+  when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-irc repository is present when self-building
   git:
@@ -69,7 +71,7 @@
     dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
     force: "yes"
   register: matrix_appservice_irc_git_pull_results
-  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool"
+  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-irc Docker image is built
   docker_image:
@@ -81,7 +83,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_appservice_irc_docker_src_files_path }}"
       pull: yes
-  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
+  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
 
 - name: Ensure Matrix Appservice IRC config installed
   copy:

roles/matrix-bridge-appservice-irc/tasks/validate_config.yml

@@ -33,3 +33,4 @@
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
+    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}

roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2

@@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
 			{{ matrix_appservice_irc_docker_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-irc

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -3,11 +3,11 @@
 
 matrix_appservice_slack_enabled: true
 
-matrix_appservice_slack_container_self_build: false
+matrix_appservice_slack_container_image_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 
-matrix_appservice_slack_version: release-1.8.0
+matrix_appservice_slack_version: release-1.10.0
 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
 matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled"
 
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
@@ -44,7 +44,7 @@
       msg: >-
         Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-appservice-slack/tasks/setup_install.yml

@@ -11,7 +11,7 @@
     - { path: "{{ matrix_appservice_slack_base_path }}", when: true }
     - { path: "{{ matrix_appservice_slack_config_path }}", when: true }
     - { path: "{{ matrix_appservice_slack_data_path }}", when: true }
-    - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" }
+    - { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" }
   when: item.when|bool
 
 - set_fact:
@@ -37,7 +37,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
-  when: "not matrix_appservice_slack_container_self_build|bool"
+  when: "not matrix_appservice_slack_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-slack repository is present when self-building
   git:
@@ -45,7 +45,7 @@
     dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
     force: "yes"
   register: matrix_appservice_slack_git_pull_results
-  when: "matrix_appservice_slack_container_self_build|bool"
+  when: "matrix_appservice_slack_container_image_self_build|bool"
 
 - name: Ensure matrix-appservice-slack Docker image is built
   docker_image:
@@ -57,7 +57,7 @@
       dockerfile: Dockerfile
       path: "{{ matrix_appservice_slack_docker_src_files_path }}"
       pull: yes
-  when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
+  when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
 
 - name: Ensure Matrix Appservice Slack config installed
   copy:

roles/matrix-bridge-appservice-slack/tasks/validate_config.yml

@@ -11,3 +11,12 @@
     - "matrix_appservice_slack_homeserver_url"
     - "matrix_appservice_slack_homeserver_token"
     - "matrix_appservice_slack_id_token"
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'}

roles/matrix-bridge-appservice-slack/templates/config.yaml.j2

@@ -5,9 +5,9 @@ bot_username: "{{ matrix_appservice_slack_bot_name }}"
 username_prefix: {{ matrix_appservice_slack_user_prefix }}
 
 homeserver:
-    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
-    url: "{{ matrix_appservice_slack_homeserver_url }}"
     server_name: "{{ matrix_domain }}"
+    url: "{{ matrix_appservice_slack_homeserver_url }}"
+    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
 
 {% if matrix_appservice_slack_database_engine == 'nedb' %}
 dbdir: "/data"

roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
 			{{ matrix_appservice_slack_docker_image }} \
 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-slack

roles/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -1,15 +1,15 @@
 # matrix-appservice-webhooks is a Matrix <-> webhook bridge
-# See: https://github.com/turt2live/matrix-appservice-webhooks
+# See: https://github.com/redoonetworks/matrix-appservice-webhooks
 
 matrix_appservice_webhooks_enabled: true
 
 matrix_appservice_webhooks_container_image_self_build: false
-matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/turt2live/matrix-appservice-webhooks"
+matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/redoonetworks/matrix-appservice-webhooks"
 matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile"
 
-matrix_appservice_webhooks_version: latest
+matrix_appservice_webhooks_version: v1.0.3-01
-matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
+matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}redoonetworks/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
 matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
 
@@ -22,8 +22,6 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks
 matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
 matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
 
-# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
-matrix_appservice_webhooks_control_room_id: ''
 matrix_appservice_webhooks_bot_name: 'webhookbot'
 matrix_appservice_webhooks_user_prefix: '_webhook'
 

roles/matrix-bridge-appservice-webhooks/tasks/init.yml

@@ -37,7 +37,7 @@
       msg: >-
         Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2

@@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web
 			{{ matrix_appservice_webhooks_docker_image }} \
 			node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-webhooks

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -3,14 +3,22 @@
 
 matrix_beeper_linkedin_enabled: true
 
-matrix_beeper_linkedin_version: v0.5.1
+matrix_beeper_linkedin_version: v0.5.2
+
 # See: https://gitlab.com/beeper/linkedin/container_registry
-matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
+matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
-matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
+matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
+matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'registry.gitlab.com/' }}"
+matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}-{{ matrix_architecture }}"
+
+matrix_beeper_linkedin_container_image_self_build: false
+matrix_beeper_linkedin_container_image_self_build_repo: "https://gitlab.com/beeper/linkedin"
+matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}"
 
 matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
 matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
 matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
+matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
 
 matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}"
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"

roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml

@@ -7,6 +7,20 @@
     msg: >-
       The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
   when: "matrix_synapse_role_executed|default(False)"
+- name: Ensure Beeper LinkedIn paths exists
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_beeper_linkedin_base_path }}", when: true }
+    - { path: "{{ matrix_beeper_linkedin_config_path }}", when: true }
+    - { path: "{{ matrix_beeper_linkedin_data_path }}", when: true }
+    - { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" }
+  when: "item.when|bool"
+
 
 - name: Ensure Beeper LinkedIn image is pulled
   docker_image:
@@ -14,18 +28,42 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
+  when: "not matrix_beeper_linkedin_container_image_self_build|bool"
 
-- name: Ensure Beeper LinkedIn paths exists
+- block:
-  file:
+  - name: Ensure Beeper LinkedIn repository is present on self-build
-    path: "{{ item }}"
+    git:
-    state: directory
+      repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
-    mode: 0750
+      dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
-    owner: "{{ matrix_user_username }}"
+      version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
-    group: "{{ matrix_user_groupname }}"
+      force: "yes"
-  with_items:
+    register: matrix_beeper_linkedin_git_pull_results
-    - "{{ matrix_beeper_linkedin_base_path }}"
+
-    - "{{ matrix_beeper_linkedin_config_path }}"
+  # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated.
-    - "{{ matrix_beeper_linkedin_data_path }}"
+  # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40
+  - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image
+    command: |
+      {{ matrix_host_command_docker }} run \
+      --rm \
+      --entrypoint=/bin/sh \
+      --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \
+      -w /work \
+      docker.io/python:3.9.6-buster \
+      -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
+
+  - name: Ensure Beeper LinkedIn Docker image is built
+    docker_image:
+      name: "{{ matrix_beeper_linkedin_docker_image }}"
+      source: build
+      force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+      force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
+      build:
+        dockerfile: Dockerfile
+        path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
+        pull: yes
+        args:
+          TARGETARCH: "{{ matrix_architecture }}"
+  when: "matrix_beeper_linkedin_container_image_self_build|bool"
 
 - name: Ensure beeper-linkedin config.yaml installed
   copy:

roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi
 			{{ matrix_beeper_linkedin_docker_image }} \
                         python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-beeper-linkedin

roles/matrix-bridge-heisenbridge/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.7.0
+matrix_heisenbridge_version: 1.10.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2

@@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \
           --listen-port 9898 \
           {{ matrix_heisenbridge_homeserver_url }}
 
-ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
+ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
-ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
+ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-heisenbridge

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: ''
 # - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
 #
 # To use Postgres:
-# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
+# - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables
 matrix_mautrix_facebook_database_engine: 'postgres'
 
 matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"

roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo
 			{{ matrix_mautrix_facebook_docker_image }} \
 			python3 -m mautrix_facebook -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-facebook

roles/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -47,7 +47,7 @@ matrix_mautrix_googlechat_homeserver_token: ''
 #
 # To use Postgres:
 # - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables
+# - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables
 matrix_mautrix_googlechat_database_engine: 'sqlite'
 
 matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"

roles/matrix-bridge-mautrix-googlechat/tasks/init.yml

@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2

@@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google
 			{{ matrix_mautrix_googlechat_docker_image }} \
 			python3 -m mautrix_googlechat -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-googlechat

roles/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: ''
 #
 # To use Postgres:
 # - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables
+# - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables
 matrix_mautrix_hangouts_database_engine: 'sqlite'
 
 matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool
 

roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2

@@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
 			{{ matrix_mautrix_hangouts_docker_image }} \
 			python3 -m mautrix_hangouts -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-hangouts

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_mautrix_instagram_enabled: true
 matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 
-matrix_mautrix_instagram_version: latest
+matrix_mautrix_instagram_version: v0.1.2
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
@@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: ''
 # Database-related configuration fields.
 #
 # To use Postgres:
-# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables
+# - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables
 matrix_mautrix_instagram_database_engine: 'postgres'
 
 matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'

roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -43,7 +43,7 @@ appservice:
   bot_username: {{ matrix_mautrix_instagram_appservice_bot_username|to_json }}
   # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
   # to leave display name/avatar as-is.
-  bot_displayname: instagram bridge bot
+  bot_displayname: Instagram bridge bot
   bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
 
   # Community ID for bridged users (changes registration file) and rooms.

roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2

@@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag
 			{{ matrix_mautrix_instagram_docker_image }} \
 			python3 -m mautrix_instagram -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mautrix-instagram

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -3,21 +3,21 @@
 
 matrix_mautrix_signal_enabled: true
 
-matrix_mautrix_signal_container_self_build: false
+matrix_mautrix_signal_container_image_self_build: false
 matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
 matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
 
-matrix_mautrix_signal_version: latest
+matrix_mautrix_signal_version: v0.2.2
-matrix_mautrix_signal_daemon_version: latest
+matrix_mautrix_signal_daemon_version: 0.16.1
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
 matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
 
-matrix_mautrix_signal_daemon_container_self_build: false
+matrix_mautrix_signal_daemon_container_image_self_build: false
 matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
 matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
 
-matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
+matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
 matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"

roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml

@@ -14,7 +14,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
-  when: "not matrix_mautrix_signal_container_self_build|bool"
+  when: "not matrix_mautrix_signal_container_image_self_build|bool"
 
 
 - name: Ensure Mautrix Signal repository is present on self-build
@@ -23,19 +23,19 @@
     dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
     force: "yes"
   register: matrix_mautrix_signal_git_pull_results
-  when: "matrix_mautrix_signal_container_self_build|bool"
+  when: "matrix_mautrix_signal_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal image is built
   docker_image:
     name: "{{ matrix_mautrix_signal_docker_image }}"
     source: build
     force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_git_pull_results.changed }}"
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_signal_docker_src_files_path }}"
       pull: yes
-  when: "matrix_mautrix_signal_container_self_build|bool"
+  when: "matrix_mautrix_signal_container_image_self_build|bool"
 
 
 - name: Ensure Mautrix Signal Daemon image is pulled
@@ -44,7 +44,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
-  when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool
+  when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build|bool
   register: matrix_mautrix_signal_daemon_pull_results
 
 - name: Ensure Mautrix Signal Daemon repository is present on self-build
@@ -53,19 +53,19 @@
     dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
     force: "yes"
   register: matrix_mautrix_signal_daemon_git_pull_results
-  when: "matrix_mautrix_signal_daemon_container_self_build|bool"
+  when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal Daemon image is built
   docker_image:
     name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
     source: build
     force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}"
     build:
       dockerfile: Dockerfile
       path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
       pull: yes
-  when: "matrix_mautrix_signal_daemon_container_self_build|bool"
+  when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
 
 - name: Ensure Mautrix Signal paths exist
   file:

roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml

@@ -26,3 +26,5 @@
     - {'old': 'matrix_mautrix_signal_db_port', 'new': 'matrix_mautrix_signal_database_port'}
     - {'old': 'matrix_mautrix_signal_db_url', 'new': 'matrix_mautrix_signal_database_connection_string'}
     - {'old': 'matrix_mautrix_signal_configuration_permissions', 'new': '<superseded by matrix_mautrix_signal_configuration_extension_yaml>'}
+    - {'old': 'matrix_mautrix_signal_container_self_build', 'new': 'matrix_mautrix_signal_container_image_self_build'}
+    - {'old': 'matrix_mautrix_signal_daemon_container_self_build', 'new': 'matrix_mautrix_signal_daemon_container_image_self_build'}

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -15,6 +15,8 @@ homeserver:
     # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
     # The bridge will use the appservice as_token to authorize requests.
     status_endpoint: null
+    # Endpoint for reporting per-message status.
+    message_send_checkpoint_endpoint: null
 
 # Application service host/registration related details
 # Changing these values requires regeneration of the registration.
@@ -32,25 +34,19 @@ appservice:
     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
     max_body_size: 1
 
-    # The full URI to the database. Only Postgres is currently supported.
+    # The full URI to the database. SQLite and Postgres are supported.
+    # Format examples:
+    #   SQLite:   sqlite:///filename.db
+    #   Postgres: postgres://username:password@hostname/dbname
     database: {{ matrix_mautrix_signal_database_connection_string }}
-    # Additional arguments for asyncpg.create_pool()
+    # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
     # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
+    # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
+    # For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
     database_opts:
         min_size: 5
         max_size: 10
 
-    # Provisioning API part of the web server for automated portal creation and fetching information.
-    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
-    provisioning:
-        # Whether or not the provisioning API should be enabled.
-        enabled: true
-        # The prefix to use in the provisioning API endpoints.
-        prefix: /_matrix/provision/v1
-        # The shared secret to authorize users of the API.
-        # Set to "generate" to generate and save a new token.
-        shared_secret: generate
-
     # The unique ID of this appservice.
     id: signal
     # Username of the appservice bot.
@@ -66,7 +62,12 @@ appservice:
     # Example: "+signal:example.com". Set to false to disable.
     community_id: false
 
-    # Authentication tokens for AS <-> HS communication.
+    # Whether or not to receive ephemeral events via appservice transactions.
+    # Requires MSC2409 support (i.e. Synapse 1.22+).
+    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
+    ephemeral_events: false
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: "{{ matrix_mautrix_signal_appservice_token }}"
     hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
 
@@ -75,6 +76,17 @@ metrics:
     enabled: false
     listen_port: 8000
 
+# Manhole config.
+manhole:
+    # Whether or not opening the manhole is allowed.
+    enabled: false
+    # The path for the unix socket.
+    path: /var/tmp/mautrix-signal.manhole
+    # The list of UIDs who can be added to the whitelist.
+    # If empty, any UIDs can be specified in the open-manhole command.
+    whitelist:
+    - 0
+
 signal:
     # Path to signald unix socket
     socket_path: /signald/signald.sock
@@ -91,6 +103,8 @@ signal:
     delete_unknown_accounts_on_start: false
     # Whether or not message attachments should be removed from disk after they're bridged.
     remove_file_after_handling: true
+    # Whether or not users can register a primary device
+    registration_enabled: true
 
 # Bridge config
 bridge:
@@ -102,6 +116,7 @@ bridge:
     # available variable in displayname_preference. The variables in displayname_preference
     # can also be used here directly.
     displayname_template: "{displayname} (Signal)"
+    # Whether or not contact list displaynames should be used.
     # Possible values: disallow, allow, prefer
     #
     # Multi-user instances are recommended to disallow contact list names, as otherwise there can
@@ -140,7 +155,7 @@ bridge:
     # If false, created portal rooms will never be federated.
     federate_rooms: true
     # End-to-bridge encryption support options. You must install the e2be optional dependency for
-    # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
+    # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
     encryption:
         # Allow encryption, work in group chat rooms with e2ee enabled
         allow: false
@@ -173,12 +188,38 @@ bridge:
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
     resend_bridge_info: false
-    # Interval at which to resync contacts.
+    # Interval at which to resync contacts (in seconds).
     periodic_sync: 0
 
+    # Provisioning API part of the web server for automated portal creation and fetching information.
+    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
+    provisioning:
+        # Whether or not the provisioning API should be enabled.
+        enabled: true
+        # The prefix to use in the provisioning API endpoints.
+        prefix: /_matrix/provision/v1
+        # The shared secret to authorize users of the API.
+        # Set to "generate" to generate and save a new token.
+        shared_secret: generate
+
     # The prefix for commands. Only required in non-management rooms.
     command_prefix: "!signal"
 
+    # Messages sent upon joining a management room.
+    # Markdown is supported. The defaults are listed below.
+    management_room_text:
+        # Sent when joining a room.
+        welcome: "Hello, I'm a Signal bridge bot."
+        # Sent when joining a management room and the user is already logged in.
+        welcome_connected: "Use `help` for help."
+        # Sent when joining a management room and the user is not logged in.
+        welcome_unconnected: "Use `help` for help or `register` to log in."
+        # Optional extra text sent when joining a management room.
+        additional_help: ""
+
+    # Send each message separately (for readability in some clients)
+    management_room_multiple_messages: false
+
     # Permissions for using the bridge.
     # Permitted values:
     #      relay - Allowed to be relayed through the bridge, no access to commands.

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2

@@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
 			{{ matrix_mautrix_signal_daemon_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
 
 Restart=always
 RestartSec=30

roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2

@@ -26,6 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
+			--tmpfs /tmp \
 			{% if matrix_mautrix_signal_container_http_host_bind_port %}
 			-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
 			{% endif %}
@@ -37,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
 			{{ matrix_mautrix_signal_docker_image }} \
 			python3 -m mautrix_signal -c /config/config.yaml --no-update
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
+ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
 
 Restart=always
 RestartSec=30

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -3,17 +3,17 @@
 
 matrix_mautrix_telegram_enabled: true
 
-matrix_telegram_lottieconverter_container_self_build: false
+matrix_telegram_lottieconverter_container_image_self_build: false
-matrix_telegram_lottieconverter_container_self_build_mask_arch: false
+matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
 matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
 matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
-matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
 
-matrix_mautrix_telegram_container_self_build: false
+matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.10.1
+matrix_mautrix_telegram_version: v0.11.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: ''
 #
 # To use Postgres:
 # - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`)
-# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables
+# - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables
 matrix_mautrix_telegram_database_engine: 'sqlite'
 
 matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
@@ -130,3 +130,8 @@ matrix_mautrix_telegram_registration_yaml: |
   de.sorunome.msc2409.push_ephemeral: true
 
 matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
+
+# Templates for defining MXID's and displaynames for users and rooms.
+matrix_mautrix_telegram_username_template: 'telegram_{userid}'
+matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
+matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -3,7 +3,7 @@
 - name: Fail if trying to self-build on Ansible < 2.8
   fail:
     msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled"
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled"
 
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
@@ -28,7 +28,7 @@
       msg: >-
         Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
-        To fix this, please change the order of roles in your plabook,
+        To fix this, please change the order of roles in your playbook,
         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
     when: matrix_nginx_proxy_role_executed|default(False)|bool