Merge remote-tracking branch 'upstream/master'

Added config sample for synapse admin with traefik 2

CHANGELOG.md

@@ -1,3 +1,77 @@
+# 2020-07-22
+
+## Synapse Admin support
+
+The playbook can now help you set up [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin).
+
+See our [Setting up Synapse Admin](docs/configuring-playbook-synapse-admin.md) documentation to get started.
+
+
+# 2020-07-20
+
+## matrix-reminder-bot support
+
+The playbook can now help you set up [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot).
+
+See our [Setting up matrix-reminder-bot](docs/configuring-playbook-bot-matrix-reminder-bot.md) documentation to get started.
+
+
+# 2020-07-17
+
+## (Compatibility Break) Riot is now Element
+
+As per the official announcement, [Riot has been rebraned to Element](https://element.io/blog/welcome-to-element/).
+
+The playbook follows suit. Existing installations have a few options for how to handle this.
+
+See our [Migrating to Element](docs/configuring-playbook-riot-web.md#migrating-to-element) documentation page for more details.
+
+
+# 2020-07-03
+
+## Steam bridging support via mx-puppet-steam
+
+Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
+
+
+# 2020-07-01
+
+## Discord bridging support via mx-puppet-discord
+
+Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge. See our [Setting up MX Puppet Discord bridging](docs/configuring-playbook-bridge-mx-puppet-discord.md) documentation page for getting started.
+
+**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md). You're free too use the bridge that serves you better, or even both (for different users and use-cases).
+
+
+# 2020-06-30
+
+## Instagram and Twitter bridging support
+
+Thanks to [Johanna Dorothea Reichmann](https://github.com/jdreichmann)'s efforts, the playbook now supports bridging to [Instagram](https://www.instagram.com/) via the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge. See our [Setting up MX Puppet Instagram bridging](docs/configuring-playbook-bridge-mx-puppet-instagram.md) documentation page for getting started.
+
+Thanks to [Tulir Asokan](https://github.com/tulir)'s efforts, the playbook now supports bridging to [Twitter](https://twitter.com/) via the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge. See our [Setting up MX Puppet Twitter bridging](docs/configuring-playbook-bridge-mx-puppet-twitter.md) documentation page for getting started.
+
+
+# 2020-06-28
+
+## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server
+
+User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database.
+
+ma1sd's [security issue](https://github.com/ma1uta/ma1sd/issues/44) has been fixed in version `2.4.0`, with [this commit](ma1uta/ma1sd@2bb5a734d11662b06471113cf3d6b4cee5e33a85). `ma1sd 2.4.0` is now the default version for this playbook. For more information on what happened, please check the mentioned issue.
+
+We are re-enabling user directory search with this update. Those who would like to keep it disabled can use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false`
+
+As always, re-running the playbook is enough to get the updated bits.
+
+# 2020-06-11
+
+## SMS bridging requires db reset
+
+The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
+
+To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
+
 # 2020-06-05
 
 ## SMS bridging support

README.md

@@ -16,9 +16,9 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
 
-- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Riot web UI
+- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
 
-- (optional, default) a [Riot](https://riot.im/) web UI, which is configured to connect to your own Synapse server by default
+- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
 
 - (optional, default) an [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server
 
@@ -52,6 +52,14 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
 
+- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
+
+- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
+
+- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
+
+- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
+
 - (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS
 
 - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
@@ -60,6 +68,10 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform
 
+- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms
+
+- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server
+
 Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
 
 **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
@@ -91,6 +103,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
 
 - this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
 
+- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
+
 
 ## Installation
 
@@ -112,7 +126,7 @@ This playbook sets up your server using the following Docker images:
 
 - [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
 
-- [vectorim/riot-web](https://hub.docker.com/r/vectorim/riot-web/) - the [Riot.im](https://about.riot.im/) web client (optional)
+- [vectorim/riot-web](https://hub.docker.com/r/vectorim/riot-web/) - the [Element](https://element.io/) web client (optional)
 
 - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
 
@@ -152,6 +166,14 @@ This playbook sets up your server using the following Docker images:
 
 - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
 
+- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
+
+- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
+
+- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional)
+
+- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
+
 - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
 
 - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
@@ -162,6 +184,10 @@ This playbook sets up your server using the following Docker images:
 
 - [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
 
+- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
+
+- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
+
 
 ## Deficiencies
 

docs/README.md

@@ -10,6 +10,14 @@
 
 - [Installing](installing.md)
 
+- **Importing data from another Synapse server installation**
+
+  - [Importing an existing SQLite database (from another installation)](importing-sqlite.md) (optional)
+
+  - [Importing an existing Postgres database (from another installation)](importing-postgres.md) (optional)
+
+  - [Importing `media_store` data files from an existing installation](importing-media-store.md) (optional)
+
 - [Registering users](registering-users.md)
 
 - [Updating users passwords](updating-users-passwords.md)

docs/alternative-architectures.md

@@ -1,6 +1,6 @@
 # Alternative architectures
 
-As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
+As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
 
 To that end add the following variable to your `vars.yaml` file:
 
@@ -21,9 +21,6 @@ matrix_architecture: "arm32"
 
 ## Implementation details
 
-This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
+For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture).
 
-On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
-- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
-- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
-- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
+For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

docs/configuring-captcha.md

@@ -0,0 +1,23 @@
+(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md))
+
+# Overview
+Captcha can be enabled for this home server. This file explains how to do that.
+The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google.
+
+## Getting keys
+
+Requires a site/secret key pair from:
+
+<http://www.google.com/recaptcha/admin>
+
+Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option
+
+## Setting ReCaptcha Keys
+
+Once registered as above, set the following values:
+
+```yaml
+matrix_synapse_enable_registration_captcha: true
+matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY'
+matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY'
+```

docs/configuring-dns.md

@@ -21,21 +21,21 @@ If you decide to go with the alternative method ([Server Delegation via a DNS SR
 | Type  | Host                         | Priority | Weight | Port | Target                 |
 | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
 | A     | `matrix`                     | -        | -      | -    | `matrix-server-IP`     |
-| CNAME | `riot`                       | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `element`                    | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `dimension` (*)              | -        | -      | -    | `matrix.<your-domain>` |
 | CNAME | `jitsi` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
 | SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
 
 
-DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records.
+DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records. Also be mindful as to how long it will take for the DNS records to propagate.
 
 
 ## Subdomains setup
 
-As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `riot.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
+As the table above illustrates, you need to create 2 subdomains (`matrix.<your-domain>` and `element.<your-domain>`) and point both of them to your new server's IP address (DNS `A` record or `CNAME` record is fine).
 
-The `riot.<your-domain>` subdomain is necessary, because this playbook installs the Riot web client for you.
-If you'd rather instruct the playbook not to install Riot (`matrix_riot_web_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `riot.<your-domain>` DNS record.
+The `element.<your-domain>` subdomain is necessary, because this playbook installs the [Element](https://github.com/vector-im/riot-web) web client for you.
+If you'd rather instruct the playbook not to install Element (`matrix_client_element_enabled: false` when [Configuring the playbook](configuring-playbook.md) later), feel free to skip the `element.<your-domain>` DNS record.
 
 The `dimension.<your-domain>` subdomain may be necessary, because this playbook could install the [Dimension integrations manager](http://dimension.t2bot.io/) for you. Dimension installation is disabled by default, because it's only possible to install it after the other Matrix services are working (see [Setting up Dimension](configuring-playbook-dimension.md) later). If you do not wish to set up Dimension, feel free to skip the `dimension.<your-domain>` DNS record.
 

docs/configuring-playbook-base-domain-serving.md

@@ -14,7 +14,7 @@ Usually, there are 2 options:
 
 This documentation page tells you how to do the latter. With some easy changes, we make it possible to serve the base domain from the Matrix server via the integrated webserver (`matrix-nginx-proxy`).
 
-Just **adjust your DNS records**, so that your base domain is pointed to the Matrix server's IP address **and use the following configuration**:
+Just **adjust your DNS records**, so that your base domain is pointed to the Matrix server's IP address (using a DNS `A` record) **and then use the following configuration**:
 
 ```yaml
 matrix_nginx_proxy_base_domain_serving_enabled: true

docs/configuring-playbook-bot-matrix-reminder-bot.md

@@ -0,0 +1,59 @@
+# Setting up matrix-reminder-bot (optional)
+
+The playbook can install and configure [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for you.
+
+It's a bot you can use to **schedule one-off & recurring reminders and alarms**.
+
+See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.
+
+
+## Registering the bot user
+
+By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`.
+
+(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable).
+
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_bot_matrix_reminder_bot_enabled: true
+
+# Adjust this to whatever password you chose when registering the bot user
+matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT
+
+# Adjust this to your timezone
+matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+To use the bot, start a chat with `@bot.matrix-reminder-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
+You can also add the bot to any existing Matrix room (`/invite @bot.matrix-reminder-bot:DOMAIN`).
+
+Basic usage is like this: `!remindme in 2 minutes; This is a test`
+
+Send `!help commands` to the room to see the bot's help menu for additional commands.
+
+You can also refer to the upstream [Usage documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage).

docs/configuring-playbook-bridge-appservice-discord.md

@@ -1,5 +1,7 @@
 # Setting up Appservice Discord (optional)
 
+**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook.
+
 The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you.
 
 See the project's [documentation](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/README.md) to learn what it does and why it might be useful to you.

docs/configuring-playbook-bridge-mx-puppet-discord.md

@@ -0,0 +1,36 @@
+# Setting up MX Puppet Discord (optional)
+
+**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.
+
+The playbook can install and configure
+[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you.
+
+See the project page to learn what it does and why it might be useful to you.
+
+To enable the [Discord](https://discordapp.com/) bridge just use the following
+playbook configuration:
+
+
+```yaml
+matrix_mx_puppet_discord_enabled: true
+matrix_mx_puppet_discord_client_id: ""
+matrix_mx_puppet_discord_client_secret: ""
+```
+
+
+## Usage
+
+Once the bot is enabled you need to start a chat with `Discord Puppet Bridge` with
+the handle `@_discordpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
+domain, not the `matrix.` domain).
+
+Three authentication methods are available, Legacy Token, OAuth and xoxc token.
+See mx-puppet-discord [documentation](https://github.com/matrix-discord/mx-puppet-discord)
+for more information about how to configure the bridge.
+
+Once logged in, send `list` to the bot user to list the available rooms.
+
+Clicking rooms in the list will result in you receiving an invitation to the
+bridged room.
+
+Also send `help` to the bot to see the commands available.

docs/configuring-playbook-bridge-mx-puppet-instagram.md

@@ -0,0 +1,36 @@
+# Setting up mx-puppet-instagram (optional)
+
+The playbook can install and configure
+[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you.
+
+This allows you to bridge Instagram DirectMessages into Matrix.
+
+To enable the [Instagram](https://www.instagram.com/) bridge just use the following
+playbook configuration:
+
+
+```yaml
+matrix_mx_puppet_instagram_enabled: true
+```
+
+
+## Usage
+
+Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with
+the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
+domain, not the `matrix.` domain).
+
+Send `link <username> <password>` to the bridge bot to link your instagram account.
+
+The `list` commands shows which accounts are linked and which `puppetId` is associated.
+
+For double-puppeting, you probably want to issue these commands:
+
+- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying)
+- `setautoinvite $puppetId 1` to automatically invite you to chats
+- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting)
+
+If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out.
+
+The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented.
+

docs/configuring-playbook-bridge-mx-puppet-steam.md

@@ -0,0 +1,34 @@
+# Setting up MX Puppet Steam (optional)
+
+The playbook can install and configure
+[mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.
+
+See the project page to learn what it does and why it might be useful to you.
+
+To enable the [Steam](https://steampowered.com/) bridge just use the following
+playbook configuration:
+
+
+```yaml
+matrix_mx_puppet_steam_enabled: true
+matrix_mx_puppet_steam_client_id: ""
+matrix_mx_puppet_steam_client_secret: ""
+```
+
+
+## Usage
+
+Once the bot is enabled you need to start a chat with `Steam Puppet Bridge` with
+the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
+domain, not the `matrix.` domain).
+
+Three authentication methods are available, Legacy Token, OAuth and xoxc token.
+See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam)
+for more information about how to configure the bridge.
+
+Once logged in, send `list` to the bot user to list the available rooms.
+
+Clicking rooms in the list will result in you receiving an invitation to the
+bridged room.
+
+Also send `help` to the bot to see the commands available.

docs/configuring-playbook-bridge-mx-puppet-twitter.md

@@ -0,0 +1,34 @@
+# Setting up MX Puppet Twitter (optional)
+
+The playbook can install and configure
+[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.
+
+See the project page to learn what it does and why it might be useful to you.
+
+To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps)
+and fill out the following playbook configuration.
+
+```yaml
+matrix_mx_puppet_twitter_enabled: true
+matrix_mx_puppet_twitter_consumer_key: ''
+matrix_mx_puppet_twitter_consumer_secret: ''
+matrix_mx_puppet_twitter_access_token: ''
+matrix_mx_puppet_twitter_access_token_secret: ''
+matrix_mx_puppet_twitter_environment: ''
+```
+
+
+## Usage
+
+Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with
+the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
+domain, not the `matrix.` domain).
+
+To log in, use `link` and click the link.
+
+Once logged in, send `list` to the bot user to list the available rooms.
+
+Clicking rooms in the list will result in you receiving an invitation to the
+bridged room.
+
+Also send `help` to the bot to see the commands available.

docs/configuring-playbook-client-element.md

@@ -0,0 +1,41 @@
+# Configuring Element (optional)
+
+By default, this playbook installs the [Element](https://github.com/vector-im/riot-web) Matrix client web application.
+If that's okay, you can skip this document.
+
+
+## Disabling Element
+
+If you'd like for the playbook to not install (or to uninstall the previously installed Element), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_client_element_enabled: false
+```
+
+
+## Configuring Element settings
+
+The playbook provides some customization variables you could use to change Element's settings.
+
+Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
+
+**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
+
+Alternatively, **if there is no pre-defined variable** for an Element setting you wish to change:
+
+- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.
+
+- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
+
+- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
+
+
+## Themes
+
+To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting.
+
+Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).
+
+If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
+
+Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.

docs/configuring-playbook-dimension.md

@@ -21,7 +21,7 @@ matrix_dimension_enabled: true
 
 ## Define admin users
 
-These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Riot and clicking the settings icon.
+These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon.
 Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
 ```yaml
@@ -39,7 +39,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis
 You are required to specify an access token (belonging to this new user) for Dimension to work.
 To get an access token for the Dimension user, follow these steps:
 
-1. In a private browsing session (incognito window), open Riot.
+1. In a private browsing session (incognito window), open Element.
 2. Log in with the `dimension` user and its password.
 1. Set the display name and avatar, if required.
 2. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
@@ -70,7 +70,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
 
 By default Dimension will use [jitsi.riot.im](https://jitsi.riot.im/) as the `conferenceDomain` of [Jitsi](https://jitsi.org/) audio/video conference widgets. For users running [a self-hosted Jitsi instance](./configuring-playbook-jitsi.md), you will likely want the widget to use your own Jitsi instance. Currently there is no way to configure this via the playbook, see [this issue](https://github.com/turt2live/matrix-dimension/issues/345) for details.
 
-In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In riot-web, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
+In the interim until the above limitation is resolved, an admin user needs to configure the domain via the admin ui once dimension is running. In Element, go to *Manage Integrations* &rightarrow; *Settings* &rightarrow; *Widgets* &rightarrow; *Jitsi Conference Settings* and set *Jitsi Domain* and *Jitsi Script URL* appropriately.
 
 
 ## Additional features

docs/configuring-playbook-federation.md

@@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist:
 If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
 
 
+## Exposing the room directory over federation
+
+By default, your server's public rooms directory is not exposed to other servers via federation.
+
+If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_synapse_allow_public_rooms_over_federation: true
+```
+
+
 ## Disabling federation
 
 To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):

docs/configuring-playbook-jitsi.md

@@ -1,6 +1,6 @@
 # Jitsi
 
-The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Riot](configuring-playbook-riot-web.md).
+The playbook can install the [Jitsi](https://jitsi.org/) video-conferencing platform and integrate it with [Element](configuring-playbook-client-element.md).
 
 Jitsi installation is **not enabled by default**, because it's not a core component of Matrix services.
 
@@ -81,6 +81,47 @@ matrix_jitsi_jvb_container_extra_arguments:
   - '--env "DOCKER_HOST_ADDRESS=<Local IP adress of the host>"'
 ```
 
+## (Optional) Fine tune Jitsi
+
+You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients.
+Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
+For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_web_config_enableLayerSuspension: true
+```
+
+You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
+For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_web_config_disableAudioLevels: true
+```
+
+You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes.
+This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4).
+Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf)
+For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_web_config_channelLastN: 4
+```
+
+To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_web_config_constraints_enabled: true
+```
+
+You may want to limit the maximum video resolution, to save up resources on both server and clients.
+For example, to set resolution to 480.
+For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
+
+```yaml
+matrix_jitsi_web_config_constraints_video_height_ideal: 480
+matrix_jitsi_web_config_constraints_video_height_max: 480
+```
+
 ## Apply changes
 
 Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
@@ -103,13 +144,13 @@ Run this command for each user you would like to create, replacing `<USERNAME>`
 
 You can use the self-hosted Jitsi server in multiple ways:
 
-- **by adding a widget to a room via riot-web** (the one configured by the playbook at `https://riot.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
+- **by adding a widget to a room via Element** (the one configured by the playbook at `https://element.DOMAIN`). Just start a voice or a video call in a room containing more than 2 members and that would create a Jitsi widget which utilizes your self-hosted Jitsi server.
 
 - **by adding a widget to a room via the Dimension Integration Manager**. You'll have to point the widget to your own Jitsi server manually. See our [Dimension](./configuring-playbook-dimension.md) documentation page for more details. Naturally, Dimension would need to be installed first (the playbook doesn't install it by default).
 
 - **directly (without any Matrix integration)**. Just go to `https://jitsi.DOMAIN`
 
-**Note**: Riot apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
+**Note**: Element apps on mobile devices currently [don't support joining meetings on a self-hosted Jitsi server](https://github.com/vector-im/riot-web/blob/601816862f7d84ac47547891bd53effa73d32957/docs/jitsi.md#mobile-app-support).
 
 
 ## Troubleshooting

docs/configuring-playbook-ma1sd.md

@@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu
 
 - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse
 
+- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation.
+
 - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering
 
 - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality
@@ -72,6 +74,37 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration
 and put your configuration in it.
 To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
 
+## Example: SMS verification
+
+If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:
+
+```yaml
+matrix_ma1sd_configuration_extension_yaml: |
+  threepid:
+    medium:
+      msisdn:
+        connectors:
+          twilio:
+            account_sid: '<secret-SID>'
+            auth_token: '<secret-token>'
+            number: '+<msisdn-number>'
+```
+
+## Example: Open Registration for every Domain
+
+If you want to open registration for any domain, you have to setup the allowed domains with ma1sd's `blacklist` and `whitelist`. The default behavior when neither the `blacklist`, nor the `whitelist` match, is to allow registration. Beware: you can't block toplevel domains (aka `.xy`) because the internal architecture of ma1sd doesn't allow that.
+
+```yaml
+matrix_ma1sd_configuration_extension_yaml: |
+  register:
+    policy:
+      allowed: true
+      threepid:
+        email:
+          domain:
+            blacklist: ~
+            whitelist: ~
+```
 
 ## Troubleshooting
 

docs/configuring-playbook-matrix-bridge-sms.md

@@ -18,8 +18,9 @@ matrix_sms_bridge_gammu_modem: "/dev/serial/by-id/myDeviceId"
 matrix_sms_bridge_database_password: ""
 # (optional) a room id to a default room
 matrix_sms_bridge_default_room: "" 
-# (optional) gammu reset frequency (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency)
+# (optional) gammu reset frequencies (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency)
 matrix_sms_bridge_gammu_reset_frequency: 3600
+matrix_sms_bridge_gammu_hard_reset_frequency: 0
 # (optional) group with unix read and write rights to modem
 matrix_sms_bridge_modem_group: 'dialout'
 ```

docs/configuring-playbook-own-webserver.md

@@ -113,7 +113,7 @@ With this, nginx would still be in use, but it would not bother with anything SS
 All services would be served locally on `127.0.0.1:81` and `127.0.0.1:8449` (as per the example configuration above).
 
 You can then set up another reverse-proxy server on ports 80/443/8448 for all of the expected domains and make traffic go to these local ports.
-The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `riot.DOMAIN` and `dimension.DOMAIN` are optional).
+The expected domains vary depending on the services you have enabled (`matrix.DOMAIN` for sure; `element.DOMAIN` and `dimension.DOMAIN` are optional).
 
 ### Sample configuration for running behind Traefik 2.0
 
@@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
   - '--label "traefik.enable=true"'
 
   # The Nginx proxy container will receive traffic from these subdomains
-  # (Replace DOMAIN with your domain, e.g. example.com)
-  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"'
+  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`)"'
 
   # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
   - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments:
   - '--label "traefik.enable=true"'
 
   # The Synapse container will receive traffic from this subdomain
-  # (Replace DOMAIN with your domain, e.g. example.com)
-  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"'
+  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
 
   # (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
   - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
@@ -174,7 +172,7 @@ matrix_synapse_container_extra_arguments:
   - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
 ```
 
-This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `riot.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
+This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, and `dimension.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
 
 Note that this configuration on its own does **not** redirect traffic on port 80 (plain HTTP) to port 443 for HTTPS, which may cause some issues, since the built-in Nginx proxy usually does this. If you are not already doing this in Traefik, it can be added to Traefik in a [file provider](https://docs.traefik.io/v2.0/providers/file/) as follows:
 

docs/configuring-playbook-riot-web.md

@@ -1,40 +1,39 @@
 # Configuring Riot-web (optional)
 
-By default, this playbook installs the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
-If that's okay, you can skip this document.
+By default, this playbook **used to install** the [Riot-web](https://github.com/vector-im/riot-web) Matrix client web application.
 
+Riot has since been [renamed to Element](https://element.io/blog/welcome-to-element/).
 
-## Disabling riot-web
+- to learn more about Element and its configuration, see our dedicated [Configuring Element](configuring-playbook-client-element.md) documentation page
+- to learn how to migrate from Riot to Element, see [Migrating to Element](#migrating-to-element) below
 
-If you'd like for the playbook to not install (or to uninstall the previously installed riot-web), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
 
-```yaml
-matrix_riot_web_enabled: false
-```
+## Migrating to Element
 
-## Configuring riot-web settings
+### Migrating your custom settings
 
-The playbook provides some customization variables you could use to change riot-web's settings.
+If you have custom `matrix_riot_web_` variables in your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, you'll need to rename them (`matrix_riot_web_` -> `matrix_client_element_`).
 
-Their defaults are defined in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml) and they ultimately end up in the generated `/matrix/riot-web/config.json` file (on the server). This file is generated from the [`roles/matrix-riot-web/templates/config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2) template.
+Some other playbook variables (but not all) with `riot` in their name are also renamed. The playbook checks and warns if you are using the old name for some commonly used ones.
 
-**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
 
-Alternatively, **if there is no pre-defined variable** for a riot-web setting you wish to change:
+### Domain migration
 
-- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of riot-web's various settings that rarely get used.
+We used to set up Riot at the `riot.DOMAIN` domain. The playbook now sets up Element at `element.DOMAIN` by default.
 
-- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-riot-web/templates/config.json.j2)) by making use of the `matrix_riot_web_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
+There are a few options for handling this:
 
-- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_riot_web_configuration_default` (or `matrix_riot_web_configuration`). You can find information about this in [`roles/matrix-riot-web/defaults/main.yml`](../roles/matrix-riot-web/defaults/main.yml).
+- (**avoiding changes** - using the old `riot.DOMAIN` domain and avoiding DNS changes) -- to keep using `riot.DOMAIN` instead of `element.DOMAIN`, override the domain at which the playbook serves Element: `matrix_server_fqn_element: "riot.{{ matrix_domain }}"`
 
+- (**embracing changes** - using only `element.DOMAIN`) - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)). You can drop the `riot.DOMAIN` in this case. If so, you may also wish to remove old SSL certificates (`rm -rf /matrix/ssl/config/live/riot.DOMAIN`) and renewal configuration (`rm -f /matrix/ssl/config/renewal/riot.DOMAIN.conf`), so that `certbot` would stop trying to renew them.
 
-## Themes
+- (**embracing changes and transitioning smoothly** - using both `element.DOMAIN` and `riot.DOMAIN`) - to serve Element at the new domain (`element.DOMAIN`) and to also have `riot.DOMAIN` redirect there - set up the `element.DOMAIN` DNS record (see [Configuring DNS](configuring-dns.md)) and enable Riot to Element redirection (`matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`).
 
-To change the look of riot-web, you can define your own themes manually by using the `matrix_riot_web_settingDefaults_custom_themes` setting.
 
-Or better yet, you can automatically pull it all themes provided by the [aaronraimist/riot-web-themes](https://github.com/aaronraimist/riot-web-themes) project by simply flipping a flag (`matrix_riot_web_themes_enabled: true`).
+### Re-running the playbook
 
-If you make your own theme, we encourage you to submit it to the **aaronraimist/riot-web-themes** project, so that the whole community could easily enjoy it.
+As always, after making the necessary DNS and configuration adjustments, re-run the playbook to apply the changes:
 
-Note that for a custom theme to work well, all riot-web/riot-desktop instances that you use must have the same theme installed.
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```

docs/configuring-playbook-s3.md

@@ -47,5 +47,6 @@ You can use any S3-compatible object store by **additionally** configuring these
 
 ```yaml
 matrix_s3_media_store_custom_endpoint_enabled: true
+# Example: "https://storage.googleapis.com"
 matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
 ```

docs/configuring-playbook-ssl-certificates.md

@@ -1,6 +1,6 @@
 # Adjusting SSL certificate retrieval (optional, advanced)
 
-By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `riot.<your-domain>`)
+By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
 
 Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
 They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
@@ -42,7 +42,7 @@ With such a configuration, the playbook would expect you to drop the SSL certifi
 - `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
 - `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
 
-where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `riot.<your-domain>`).
+where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
 
 
 ## Not bothering with SSL certificates
@@ -62,7 +62,8 @@ The playbook tries to be smart about the certificates it will obtain for you.
 
 By default, it obtains certificates for:
 - `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
-- possibly for `riot.<your-domain>`, unless you have disabled the Riot component using `matrix_riot_web_enabled: false`
+- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
+- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
 - possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
 - possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
 
@@ -70,12 +71,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
 To do that, simply define your own custom configuration like this:
 
 ```yaml
-# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Riot, Dimension).
+# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
 # In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
 # Adding any other additional domains (hosted on the same machine) is possible.
 matrix_ssl_domains_to_obtain_certificates_for:
   - '{{ matrix_server_fqn_matrix }}'
-  - '{{ matrix_server_fqn_riot }}'
+  - '{{ matrix_server_fqn_element }}'
   - '{{ matrix_server_fqn_dimension }}'
   - '{{ matrix_domain }}'
 ```

docs/configuring-playbook-synapse-admin.md

@@ -0,0 +1,62 @@
+# Setting up Synapse Admin (optional)
+
+The playbook can install and configure [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) for you.
+
+It's a web UI tool you can use to **administrate users and rooms on your Matrix server**.
+
+See the project's [documentation](https://github.com/Awesome-Technologies/synapse-admin) to learn what it does and why it might be useful to you.
+
+
+## Adjusting the playbook configuration
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
+
+```yaml
+matrix_synapse_admin_enabled: true
+```
+
+
+## Installing
+
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+
+## Usage
+
+After installation, Synapse Admin will be accessible at: `https://matrix.DOMAIN/synapse-admin/`
+
+To use Synapse Admin, you need to have [registered at least one administrator account](registering-users.md) on your server.
+
+The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`
+
+### Sample configuration for running behind Traefik 2.0
+
+Below is a sample configuration for using this playbook with a [Traefik](https://traefik.io/) 2.0 reverse proxy.
+
+This an extension to Traefik config sample in [own-webserver-documentation](./configuring-playbook-own-webserver.md).
+
+```yaml
+# Don't bind any HTTP or federation port to the host
+# (Traefik will proxy directly into the containers)
+matrix_synapse_admin_container_http_host_bind_port: ""
+
+matrix_synapse_admin_container_extra_arguments:
+    # May be unnecessary depending on Traefik config, but can't hurt
+    - '--label "traefik.enable=true"'
+
+    # The Synapse Admin container will only receive traffic from this subdomain and path
+    - '--label "traefik.http.routers.matrix-synapse-admin.rule=(Host(`{{ matrix_server_fqn_matrix }}`) && Path(`{{matrix_synapse_admin_public_endpoint}}`))"'
+
+    # (Define your entrypoint)
+    - '--label "traefik.http.routers.matrix-synapse-admin.entrypoints=web-secure"'
+
+    # (The 'default' certificate resolver must be defined in Traefik config)
+    - '--label "traefik.http.routers.matrix-synapse-admin.tls.certResolver=default"'
+
+    # The Synapse Admin container uses port 80 by default
+    - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
+```

docs/configuring-playbook-synapse.md

@@ -16,3 +16,8 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
 - or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
 
 - or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
+
+
+## Synapse Admin
+
+Certain Synapse administration tasks (managing users and rooms, etc.) can be performed via a web user-interace, if you install [Synapse Admin](configuring-playbook-synapse-admin.md).

docs/configuring-playbook.md

@@ -38,7 +38,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Configuring Synapse](configuring-playbook-synapse.md) (optional)
 
-- [Configuring Riot-web](configuring-playbook-riot-web.md) (optional)
+- [Configuring Element](configuring-playbook-client-element.md) (optional)
 
 - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
 
@@ -68,6 +68,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 ### Authentication and user-related
 
+- [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional)
+
 - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional, advanced)
 
 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)
@@ -101,6 +103,19 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
 
+- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (optional)
+
+- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional)
+
+- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional)
+
+- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
+
 - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
 
 - [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional)
+
+
+### Bots
+
+- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional)

docs/configuring-well-known.md

@@ -6,7 +6,7 @@ There are 2 types of well-known service discovery that Matrix makes use of:
 
 - (important) **Federation Server discovery** (`/.well-known/matrix/server`) -- assists other servers in the Matrix network with finding your server. Without a proper configuration, your server will effectively not be part of the Matrix network. Learn more in [Introduction to Federation Server Discovery](#introduction-to-federation-server-discovery)
 
-- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Riot), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
+- (not that important) **Client Server discovery** (`/.well-known/matrix/client`) -- assists programs that you use to connect to your server (e.g. Element), so that they can make it more convenient for you by automatically configuring the "Homeserver URL" and "Identity Server URL" addresses. Learn more in [Introduction to Client Server Discovery](#introduction-to-client-server-discovery)
 
 
 ## Introduction to Federation Server Discovery
@@ -48,24 +48,33 @@ If you're managing the base domain by yourself somehow, you'll need to set up se
 
 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
 
-You have 2 options when it comes to installing the files on the base domain's server:
+You have 3 options when it comes to installing the files on the base domain's server:
 
 
 ### (Option 1): **Copying the files manually** to your base domain's server
 
-**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible.
+**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible.
 
 All you need to do is:
 
 - copy `/.well-known/matrix/server` and `/.well-known/matrix/client` from the Matrix server (e.g. `matrix.example.com`) to your base domain's server (`example.com`). You can find these files in the `/matrix/static-files/.well-known/matrix` directory on the Matrix server. They are also accessible on URLs like this: `https://matrix.example.com/.well-known/matrix/server` (same for `client`).
 
-- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Riot) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
+- set up the server at your base domain (e.g. `example.com`) so that it adds an extra HTTP header when serving the `/.well-known/matrix/client` file. [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), the `Access-Control-Allow-Origin` header should be set with a value of `*`. If you don't do this step, web-based Matrix clients (like Element) may fail to work. Setting up headers for the `/.well-known/matrix/server` file is not necessary, as this file is only consumed by non-browsers, which don't care about CORS.
 
 This is relatively easy to do and possibly your only choice if you can only host static files from the base domain's server.
 It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
 
 
-### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
+### (Option 2): **Serving the base domain** from the Matrix server via the playbook
+
+If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it.
+
+This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable.
+
+See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up.
+
+
+### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
 
 This option is less fragile and generally better.
 

docs/howto-server-delegation.md

@@ -82,8 +82,8 @@ Based on your setup, you have different ways to go about it:
 #
 # NOTE: these are in-container paths. `/matrix/ssl` on the host is mounted into the container
 # at the same path (`/matrix/ssl`) by default, so if that's the path you need, it would be seamless.
-matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: /matrix/ssl/config/live/<your-domain>/fullchain.pem
-matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/config/live/<your-domain>/privkey.pem
+matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: /matrix/ssl/config/live/matrix.<your-domain>/fullchain.pem
+matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/config/live/matrix.<your-domain>/privkey.pem
 ```
 
 If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:

docs/importing-postgres.md

@@ -24,3 +24,54 @@ To import, run this command (make sure to replace `<server-path-to-postgres-dump
 	ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_postgres_dump=<server-path-to-postgres-dump.sql>' --tags=import-postgres
 
 **Note**: `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!).
+
+## Troubleshooting
+
+A table ownership issue can occur if you are importing from a Synapse installation which was both:
+
+ - migrated from SQLite to Postgres, and
+ - used a username other than 'synapse'
+
+In this case you may run into the following error during the import task:
+
+```
+"ERROR:  role \"synapse_user\" does not exist"
+```
+
+where `synapse_user` is the database username from the previous Synapse installation.
+
+This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username:
+
+```Shell
+$ grep "ALTER TABLE" homeserver.sql"
+ALTER TABLE public.access_tokens OWNER TO synapse_user;
+ALTER TABLE public.account_data OWNER TO synapse_user;
+ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user;
+ALTER TABLE public.account_validity OWNER TO synapse_user;
+ALTER TABLE public.application_services_state OWNER TO synapse_user;
+...
+```
+
+It can be worked around by changing the username to `synapse`, for example by using `sed`:
+
+```Shell
+$ sed -i "s/synapse_user/synapse/g" homeserver.sql"
+```
+
+This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.
+
+Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as:
+
+```
+ERROR:  relation \"access_tokens\" already exists
+```
+
+In this case you can use the command suggested in the import task to clear the database before retrying the import:
+
+```Shell
+# systemctl stop matrix-postgres
+# rm -rf /matrix/postgres/data/*
+# systemctl start matrix-postgres
+```
+
+Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.

docs/maintenance-synapse.md

@@ -13,6 +13,7 @@ Table of contents:
 		- [Vacuuming Postgres](#vacuuming-postgres)
 	- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
 	- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
+	- [Browse and manipulate the database](#browse-and-manipulate-the-database)
 
 - [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands
 
@@ -56,7 +57,7 @@ If [purging unused and unreachable data](#purging-unused-data-with-synapse-janit
 
 Synapse provides a [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) that you can use to purge on a per-room basis.
 
-To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like riot-web).
+To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
 Alternatively, you can log in and obtain a new access token like this:
 
 ```

docs/registering-users.md

@@ -16,7 +16,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
-**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
+**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
 
 -----
 
@@ -25,7 +25,7 @@ If you've just installed Matrix, **to finalize the installation process**, it's
 -----
 
 
-## Adding/Removing Administrator privileges to an existing user.  
+## Adding/Removing Administrator privileges to an existing user.
 
 The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
 
@@ -35,3 +35,8 @@ The script `/usr/local/bin/matrix-change-user-admin-status` may be used to chang
 ```
 /usr/local/bin/matrix-change-user-admin-status <username> <0/1>
 ```
+
+
+## Managing users via a Web UI
+
+To manage users more easily (via a web user-interace), you can install [Synapse Admin](configuring-playbook-synapse-admin.md).

docs/self-building.md

@@ -2,22 +2,23 @@
 
 **Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
 
-The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
+The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required.
 
-To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:
-```yaml
-matrix_container_images_self_build: true
-```
-Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well.
+For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
 
+To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image.
+
+Note that **not all components support self-building yet**.
 List of roles where self-building the Docker image is currently possible:
 - `matrix-synapse`
-- `matrix-riot-web`
+- `matrix-client-element`
 - `matrix-coturn`
 - `matrix-ma1sd`
 - `matrix-mailer`
-- `matrix-mautrix-facebook`
-- `matrix-mautrix-hangouts`
-- `matrix-mx-puppet-skype`
+- `matrix-bridge-mautrix-facebook`
+- `matrix-bridge-mautrix-hangouts`
+- `matrix-bridge-mx-puppet-skype`
 
 Adding self-building support to other roles is welcome. Feel free to contribute!
+
+If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles.

docs/updating-users-passwords.md

@@ -10,7 +10,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
 
 **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
 
-**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
+**You can then log in with that user** via the Element service that this playbook has created for you at a URL like this: `https://element.<domain>/`.
 
 
 ## Option 2 (if you are using an external Postgres server):
@@ -34,9 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
 
 Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
 
-This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* 
+This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
 
-If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). 
+If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
 
 ### Example:
 To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:

examples/apache/matrix-client-element.conf

@@ -1,8 +1,8 @@
-# This is a sample file demonstrating how to set up reverse-proxy for riot.DOMAIN.
-# If you're not using Riot (`matrix_riot_web_enabled: false`), you won't need this.
+# This is a sample file demonstrating how to set up reverse-proxy for element.DOMAIN.
+# If you're not using Element (`matrix_client_element_enabled: false`), you won't need this.
 
 <VirtualHost *:80>
-	ServerName riot.DOMAIN
+	ServerName element.DOMAIN
 
 	ProxyVia On
 
@@ -13,17 +13,17 @@
 		ProxyPass http://127.0.0.1:2402/.well-known/acme-challenge
 	</Location>
 
-	Redirect permanent / https://riot.DOMAIN/
+	Redirect permanent / https://element.DOMAIN/
 </VirtualHost>
 
 <VirtualHost *:443>
-	ServerName riot.DOMAIN
+	ServerName element.DOMAIN
 
 	SSLEngine On
 
 	# If you manage SSL certificates by yourself, these paths will differ.
-	SSLCertificateFile /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem
-	SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
+	SSLCertificateFile /matrix/ssl/config/live/element.DOMAIN/fullchain.pem
+	SSLCertificateKeyFile /matrix/ssl/config/live/element.DOMAIN/privkey.pem
 
 	SSLProxyEngine on
 	SSLProxyProtocol +TLSv1.2 +TLSv1.3
@@ -36,6 +36,6 @@
 	ProxyPass / http://127.0.0.1:8765/
 	ProxyPassReverse / http://127.0.0.1:8765/
 
-	ErrorLog ${APACHE_LOG_DIR}/riot.DOMAIN-error.log
-	CustomLog ${APACHE_LOG_DIR}/riot.DOMAIN-access.log combined
+	ErrorLog ${APACHE_LOG_DIR}/element.DOMAIN-error.log
+	CustomLog ${APACHE_LOG_DIR}/element.DOMAIN-access.log combined
 </VirtualHost>

examples/caddy/matrix-client-element

@@ -0,0 +1,8 @@
+https://element.DOMAIN {
+	# These might differ if you are supplying your own certificates
+	tls /matrix/ssl/config/live/element.DOMAIN/fullchain.pem /matrix/ssl/config/live/element.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8765 {
+		transparent
+	}
+}

examples/caddy/matrix-riot-web

@@ -1,8 +0,0 @@
-https://riot.DOMAIN {
-	# These might differ if you are supplying your own certificates
-	tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
-
-	proxy / http://127.0.0.1:8765 {
-		transparent
-	}
-}

examples/haproxy/haproxy.cfg

@@ -39,7 +39,7 @@ frontend https-frontend
     # HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
     # cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
     bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
-    #bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
+    #bind *:443 ssl crt /etc/haproxy/certs/element.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
     reqadd X-Forwarded-Proto:\ https
     option httplog
     option http-server-close
@@ -60,10 +60,10 @@ frontend https-frontend
     acl synapse_admin path -i -m beg /_synapse/admin
     # Send to :8008
     use_backend matrix-main if matrix_path or synapse_admin
-    # riot.example.com
-    acl riot_domain hdr_dom(host) -i riot.example.com
+    # element.example.com
+    acl element_domain hdr_dom(host) -i element.example.com
     # Send to 8765
-    use_backend riot if riot_domain 
+    use_backend element if element_domain
     # If nothing else match, just send to default matrix backend
     use_backend matrix-main if matrix_domain
     #default_backend matrix-main
@@ -86,12 +86,12 @@ backend synapse
 
 backend nginx-static
      capture request header origin len 128
-     http-response add-header Access-Control-Allow-Origin * 
+     http-response add-header Access-Control-Allow-Origin *
      rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
      rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
      rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization  if { capture.req.hdr(0) -m found }
      server nginx 127.0.0.1:40888 check
 
-backend riot
-     server riot 127.0.0.1:8765 check
+backend element
+     server element 127.0.0.1:8765 check
 

group_vars/all/main.yml

@@ -1,19 +1,21 @@
-MATRIX_SSL_LETS_ENCRYPT_SUPPORT_EMAIL: "{{ VAULT_MATRIX_SSL_LETS_ENCRYPT_SUPPORT_EMAIL }}"
-MATRIX_DOMAIN: "{{ VAULT_MATRIX_DOMAIN }}"
+matrix_ssl_lets_encrypt_support_email: "{{ VAULT_MATRIX_SSL_LETS_ENCRYPT_SUPPORT_EMAIL }}"
+matrix_domain: "{{ VAULT_MATRIX_DOMAIN }}"
+ansible_become_pass: "{{ vault_ansible_become_pass }}"
 
-MATRIX_COTURN_TURN_STATIC_AUTH_SECRET: "{{ VAULT_MATRIX_COTURN_TURN_STATIC_AUTH_SECRET }}"
+
+matrix_coturn_turn_static_auth_secret: "{{ VAULT_MATRIX_COTURN_TURN_STATIC_AUTH_SECRET }}"
 
 # A secret used to protect access keys issued by the server.
 # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
-MATRIX_SYNAPSE_MACAROON_SECRET_KEY: "{{ VAULT_MATRIX_SYNAPSE_MACAROON_SECRET_KEY }}"
+matrix_synapse_macaroon_secret_key: "{{ VAULT_MATRIX_SYNAPSE_MACAROON_SECRET_KEY }}"
 
 # added by jlj -- 11/25/19
 # configures the slack bridge.
-MATRIX_APPSERVICE_SLACK_CONTROL_ROOM_ID: "{{ VAULT_MATRIX_APPSERVICE_SLACK_CONTROL_ROOM_ID }}"
+matrix_appservice_slack_control_room_id: "{{ VAULT_MATRIX_APPSERVICE_SLACK_CONTROL_ROOM_ID }}"
 
 # added by jlj -- jitsi bullshit.
-MATRIX_JITSI_JICOFO_COMPONENT_SECRET: "{{ VAULT_MATRIX_JITSI_JICOFO_COMPONENT_SECRET }}"
-MATRIX_JITSI_JICOFO_AUTH_PASSWORD: "{{ VAULT_MATRIX_JITSI_JICOFO_AUTH_PASSWORD }}"
-MATRIX_JITSI_JVB_AUTH_PASSWORD: "{{ VAULT_MATRIX_JITSI_JVB_AUTH_PASSWORD }}"
-MATRIX_JITSI_JIBRI_RECORDER_PASSWORD: "{{ VAULT_MATRIX_JITSI_JIBRI_RECORDER_PASSWORD }}"
-MATRIX_JITSI_JIBRI_XMPP_PASSWORD: "{{ VAULT_MATRIX_JITSI_JIBRI_XMPP_PASSWORD }}"
+matrix_jitsi_jicofo_component_secret: "{{ VAULT_MATRIX_JITSI_JICOFO_COMPONENT_SECRET }}"
+matrix_jitsi_jicofo_auth_password: "{{ VAULT_MATRIX_JITSI_JICOFO_AUTH_PASSWORD }}"
+matrix_jitsi_jvb_auth_password: "{{ VAULT_MATRIX_JITSI_JVB_AUTH_PASSWORD }}"
+matrix_jitsi_jibri_recorder_password: "{{ VAULT_MATRIX_JITSI_JIBRI_RECORDER_PASSWORD }}"
+matrix_jitsi_jibri_xmpp_password: "{{ VAULT_MATRIX_JITSI_JIBRI_XMPP_PASSWORD }}"

group_vars/all/vault.yml

@@ -1,90 +1,90 @@
 $ANSIBLE_VAULT;1.1;AES256
-36383535376263326335393237336431623932316364663334396537633238663930663931313032
-6463663732303730333234633030613166336462363037350a623262376234626632666231373462
-61636534343838386636646632356464323235656165343364356566636437383737396539383334
-3637376633343362390a393330643466386137613931336161646431663639623762363764646163
-30653561303338613262363961633133393536663330393339393365366433633533636533616661
-61396135303334343664343933373433373561663130333633323737323339653130306461363062
-36376264636430613862356263626430613036616162353462613063396133663162363633323938
-37613563343934636563626235373239383761323133353333663761633161396231616436366433
-32373137383937353238333566336231633562646235333531363236613663326139353664666262
-32303364626132386230656562396633396166316132666664313066306339383133313265613539
-36623634616134336463346638326364396531376361656465643330316562633036373330666261
-34666162623133313961653231643662326365306363343635343335346662633862303830623964
-30303238633563653837336335313935623738316436376431346434333136636263303934623931
-33373333386232663566393331316330613336626334636233383064613031643061643061343931
-37346539373539376563663533653366326566633739316434616366353063656536363566613965
-33326630383031373238336632316164646332393131373761323937393934343434323131613433
-65633035396464313763663136646637313539356631383135316264366135376338373033666531
-39396633363635363331306232383761303763323336346537656165336238353965393361633463
-31303130396362613564366562623366316563663738333566663366356530393834353137666264
-30666334363336636331373963353162336535343563386664333636303537663061386365353639
-33653261623362346266633236653633383133626663346666643234333561323235396637346432
-65363837383164346461313838663562343833643935306334623035623461323263656537373837
-66386466643564656438323736303239393638323030633431366163626166323534313763656262
-35323038366337353064323264356136373635633565643461306338346664323365663265373262
-32373730623837366661656337306631343738346330383536396636653264623963383038313862
-35386666303031363863376331313235366638643730613932326235613030613539303035323561
-65653061613037306363393033393061396166333161346262653264383438636463386230633638
-33643930393265323531373931373339303335663730386339313534383837633864643632343633
-37333863643831383734313835653133333531663435653764376637326135623937663536613463
-64383966336664376432643430636561663862336364633064373363636435646661396361653066
-39643435326366646463333561666439386462636437346261613166666537383039666632613734
-61306666633830356634623765303363346165333937643932373236633664336339333339326531
-32643639313539616639313266373837663136363937636464353862326161373532633764616338
-30363863313964323532316264633334653335663734363430643938363662396536643733366462
-31623933663637343537373364346666326365653737393037353662366137336631613136613732
-37646666396233336466646331353566616139656130626634393035306230323738373333396234
-66316330323131636461336262643161336263623965303438373433383462316238316430376330
-32343636363036373663376535343664373333396637393936376337656663333433666330386635
-65396339323762333234636562656438326135333531636465336635386539393138613664646339
-65316637393436303938373333313964633635626533316665376439323539663966396135353933
-31643539343031373738643535326362653431613038346538353965356636323737633830346166
-32353664393730376533343837386530613965346363653035653666663930313930623432363461
-64666132353037653838303138313739613530366238386539633662386633323134366539386634
-34383366393066323633633466666238613563653939333932613231663037303637616461633764
-66666133306266646330643034376132373362656262346462336236613066333535633234366333
-36613261356137633634306231633161383262613364373335396631353233636634333937313066
-34366535653438356530323662643935343562336139316439303136366163393432633935366262
-35636233623062646637376636393933303564643231336530376438393539633863643836643166
-33313933383833663333643763623833323133616635633762623631303936653161376637343339
-63323532613063646130613463366531646165333166386166643038303064383265613961366131
-37386330313135376264633233386164393436643062343064623237656335323131626661393865
-63396463336130333735303663386337613565323432643561383033393461326236313236303765
-36316138383236633765333130306638316633613333366130636637386138363939393665376262
-62333530643263393961376639366166376566313265663731303861653563306265383330633965
-32326434353966356536393963336437666330613639346138343465626162363466313261323362
-34306438303764333636643438313136633937633332636234376161303666633465303337393131
-31326661613030633365333034343339303036386431383231313266383362303439633031323839
-38326263376238663766383964666339356363343239333930663137666234356264333638626236
-36353839663637366237643330646537653566323931376264623533396333616239303837326266
-64336533303964343038396337383865313232373563303464636466346464346236383464363766
-36306237366532633338643361633231633933656266383838666434353632383930613030393734
-64393330623662643365656335313265656364303230383334366663643465323131356466333162
-63643635373530333939613363396434343465643466306166643766373932656361663636633762
-36623866396564326431323038373465656231313333343632623466303264666437623235333961
-32386139663435663331396165386234656332313239373536316163393965336662646538373662
-34373961333335373138373237643965383436313362303136396431616530616531376365636232
-34396433396231313261393362303038336362366530376633343133643834323461366234386434
-34326231363630346561313838633566616434663366373133613736653335363233663863366539
-66623565346662393035333332306330613638306134653037363232363532653233343861313065
-31363438366562303663336238363463653034363639323362346663613831623739663331666533
-38663639383835333531626436326161626538356435613265316131373839656365653530383264
-34663064336266623536636562383264316361616630653035616438373134386234663261363730
-66616265363837666431653131376161386433393335396330613563303439643865336135643762
-31316235303065356165343864353266383066393536376435346435653637336535373838613064
-66336132663362386162666636636330633466366634333437393430663063326163333930643033
-30323732366639313733373861663761656235636430386237303761333134333637626462626261
-32396435636335666466393166353731386662363965653062616436303236336334343732313830
-36303461353330663334353631323735633337336237373838353731653036643336323464333738
-64383533303466623336363130333234613335663138353839316235643666386636346338663831
-38613932383261383061393539373663643064373664363537666363323037313934323133383564
-30383939323931346261646334343765353362323665386365643339346538393461323830613466
-65626463353134653662323038343432333039653439613930323562646238386232656635613462
-30376136633264623837386338386438636231373061666638323765666631326638653066646338
-65633461383635646664346364396137653338386434363439356638633365386638633131666163
-30326330623939323434373834663362623363663139623030323466316564343966343837643863
-31306535656535653334303635393134313365356263336663363762636431326336383462333465
-34653737326537663065656534633633656138623234366430666436626465343363383832626438
-37636539383839396237303461666635316136306464636436313163316135343266623037376534
-61643834306238316638393662343135646636633330363231306562366238336232
+36316432363035626131363938623166613466366464653166333035343562356337643064343434
+6165656131633264353130356530636166663231303737330a623231653338353730316232666361
+35613534633338626239396664356562623632646235383666663366396265643937386163383663
+6637316239303030630a343533616539386436393539333164623034333532336531376665623964
+34346266393636373438343735383561363432323364623339393766373162643231323333386535
+30333433323631316361396339303936396466346639623034666331373832616163666263353336
+63633131663066383362336330323039356566663237646132333937323238363239633565346230
+39326339363831636536633635373164643536346237656538636265616332303338643666626362
+31326631373337316639633561396430626366386439616331346662643730363135646561313936
+65333835633039313665323763316662353633353431333434653232363330363532303235613634
+62636163633535363630366238663162346438363163623635323230333365313431623831306637
+63663235383466663938656361636161353465616362343632346636346230383335373931613065
+36666230343138363962663566663030636239663536376562346138313966376331363336663364
+61626238326336306637653865353532636233653464366438626563316231313438353634376235
+35656631333438656335666137666634343935343639336631313232306362356366623036333033
+38373666393265626463613534343331613066386561383130356634636431623962656164366661
+66316530633737323963316664353363336537643466333734326466386465663636613438373036
+39613633343336356364333135316661646639613536386465616563373834623130366561653038
+30653330313435326366363361626163646564333137363965646366326431363337343766666338
+62313661363137306561633266356165383537633565353563386630623239373834303937613764
+37653138663236366166643433663639643639336431366434643233343235633361626265383338
+65613338383533353034623964366462646164353763653234653864643136323065333031373132
+32613462313832313131613230383435306539666666613036636139323632353230336634346566
+64383639663962346563333835383361633066363937613531653830373835353730633330316566
+65646339653964353738356263393062653632343134313438343932306537643561653562333266
+62363535363033626538343163373064613431386665383036306239386235616362396565386239
+34643631393335656461306163326465383532386661383634316236303139653331373161346565
+61613233653838366366323162353030323934316664363164333863666563313031393136383466
+35313966393631616230313965376561653439613636646438626536646565343836613038663337
+31313761326232346431633233373862323336613862613032373235303761653563363330356430
+33306133386634343862333439666236303539363666643434353362303037343236333862366532
+39323632663230613338636335396262326431366635323837626639356564333434396432623764
+63373936323431623464386135633039646338396365633461343264643932353339656138623563
+32616266383335353433373166663436383537316562623434653734313137343536333033356535
+34366135336335363063643731623331646635653539656631396266666534633535626361623236
+37656436366430333766336464303438366634626663336261313064353861643130663366306536
+33626262356339623935333731623038386363653937663961363361333039326664383930346436
+65313435393966633139356461353365636437376130316633613839303166633762626564633765
+36323036626161306562366533373634666631313731656138313239333937303662613263306461
+61306630643261316333363636353162336435333137386234313264633364613232353537633030
+30333537636664623664386364626434323235623130363531663765343463366537656635363034
+66313136343436663363613338376562623834653535626239643837386439383230656539373338
+63386234363637393166363336363565666364636462646262666165346533313064376465323162
+66356133346665653731643964343262396330303539383462353965333261653135313039613064
+38393136636266383531623534336636646365313833643464313337363836656239656132373431
+39393435643365353833383233383062623265656464373435663634396531313539616638396463
+39623133343237663237643561303965636234383765643166303234396430333866653661393761
+33663564346366653139623234666464313261643332616439356565656539346163643964663465
+33333734376533663639303930613161353738346134326561336662663563373266316338633632
+62303336343062366361383331653736306231616265626132646463343065333533636165383139
+38643564373065343933333836643537386531633732373461373036363539653162303636623439
+34343263306430616462363061323464663433313433383436346434313333636362323437306432
+33363035336439303666373639383037363339613561313731393533663836343464346630303639
+37386134343663393938633766393430313864616536653639663038303566313966343262636466
+34613432616662393337383565393263313630626361396563313233623665343934336138363131
+64663235386536386266333065303233366136643762393830366339373232383265663430356666
+66616461383662643039306435353538633166333766336162313734373661363737636465333237
+34663930343535373434386664333164306236393734393062666561326536323233353032306562
+66333638643938656334653761613239376533306564393930616566353936653034316634623538
+31636564386433396339343433333232376232356334326135353137353835396464373631366534
+39366462343665626236313263313635396361613236626634386232613366303236373431666537
+35366530343964373433346664383131623163663332343034326365633662306430303564353835
+32386136666434663832343662656466383563336537376636383063373836353762326335393233
+65623465333734303039333063323133386633366336613836356337396333323937636231653936
+65316338363737366533366461643438353134303035323365313736386237343136336336383136
+36396261376138643932623638636261633066663231616563373137346432303066353433313036
+63666535393261343963363761396437613835393130663064396338633138393838346366613262
+38653263396531643734303730306330326533303265343932653535376331633334363534353036
+39636430636136383134636463376261343034623461386534373138646262366436333833643736
+65666136633335363034356431343062613030616239383962393133663465353832333763396432
+32643464666639653130333239663430336134373766306534363534376634633933633965343732
+62316561643261633833623338313732636530383861383831386135396137623439663733323830
+35313839663832326362326566336637336462616533643532366333326462343734636232616463
+39646138386632333163613964393935313331323434333838643438653666303335396237613339
+66623832383133373565323730623230393665666231313230376332363536653530373936383330
+33356132363538306331383335633265373865646432303036636461373037353135653739346537
+35396139313565633737383333316134333061333536613830393431623431616232343862633865
+36613864303039656464363532383936303334653134633962303738363264663034373532303330
+62376664653231663934643065636233333732363935613866306362656130393435386130656632
+36393038646232303461343833636261373633383331383336383433323465666630646532373164
+63636637393666616433316636303635623635386262343266313931343863373335333163633365
+38656134643735623239373866653961396265343965396630373262623362623936613532633963
+36623139663062376365633761616163613739353564363065623538383532633464323835656566
+61376665353363306364636239356131326631333864316366333035383032663266623439636336
+62653538326431353462303861626439356539383464306163326632373136353832393432643865
+64626432623533303633313530646435356638633731643838323563363363353135623537623332
+63356662643834386631346661656137303562376534346234663761363539363865626133326365
+38623161376661373661373234396230333630653733626365303539646563306532313836316639
+66613839326432623662383939633234383532396564616262323566316166613161

group_vars/matrix_servers

@@ -232,6 +232,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key
 
 matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
 
+matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
+
 matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
 ######################################################################
@@ -391,6 +393,145 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-mx-puppet-twitter
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mx_puppet_twitter_enabled: false
+
+matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+
+matrix_mx_puppet_twitter_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
+
+matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
+
+matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}"
+
+######################################################################
+#
+# /matrix-bridge-mx-puppet-twitter
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-mx-puppet-instagram
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mx_puppet_instagram_enabled: false
+
+matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+
+matrix_mx_puppet_instagram_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
+
+matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
+
+matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-bridge-mx-puppet-instagram
+#
+######################################################################
+
+######################################################################
+#
+# matrix-bridge-mx-puppet-discord
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mx_puppet_discord_enabled: false
+
+matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+
+matrix_mx_puppet_discord_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
+
+matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
+
+matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-bridge-mx-puppet-discord
+#
+######################################################################
+
+######################################################################
+#
+# matrix-bridge-mx-puppet-steam
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mx_puppet_steam_enabled: false
+
+matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+
+matrix_mx_puppet_steam_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    (['matrix-synapse.service'] if matrix_synapse_enabled else [])
+  }}
+
+matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
+
+matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
+
+matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+######################################################################
+#
+# /matrix-bridge-mx-puppet-steam
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bot-matrix-reminder-bot
+#
+######################################################################
+
+# We don't enable bots by default.
+matrix_bot_matrix_reminder_bot_enabled: false
+
+######################################################################
+#
+# /matrix-bot-matrix-reminder-bot
+#
+######################################################################
+
 
 ######################################################################
 #
@@ -562,7 +703,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
 matrix_ma1sd_enabled: true
 
-matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+# There's no prebuilt ma1sd image for the `arm32` architecture.
+# We're relying on self-building there.
+matrix_ma1sd_architecture: "{{
+	{
+		'amd64': 'amd64',
+		'arm32': 'arm32',
+		'arm64': 'arm64',
+	}[matrix_architecture]
+}}"
+
+matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@@ -621,7 +772,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:4
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
 
 matrix_nginx_proxy_proxy_matrix_enabled: true
-matrix_nginx_proxy_proxy_riot_enabled: "{{ matrix_riot_web_enabled }}"
+matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
 matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 
@@ -644,10 +795,7 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
 matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
 matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
 
-# Not proxying the user directory search to the identity server by default anymore,
-# because it currently leaks data.
-# See: https://github.com/ma1uta/ma1sd/issues/44
-matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
+matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
 
@@ -661,14 +809,16 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
     +
     (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
     +
-    (['matrix-riot-web.service'] if matrix_riot_web_enabled else [])
+    (['matrix-client-element.service'] if matrix_client_element_enabled else [])
   }}
 
 matrix_ssl_domains_to_obtain_certificates_for: |
   {{
     ([matrix_server_fqn_matrix])
     +
-    ([matrix_server_fqn_riot] if matrix_riot_web_enabled else [])
+    ([matrix_server_fqn_element] if matrix_client_element_enabled else [])
+    +
+    ([matrix_nginx_proxy_proxy_riot_compat_redirect_hostname] if matrix_nginx_proxy_proxy_riot_compat_redirect_enabled else [])
     +
     ([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
     +
@@ -716,48 +866,48 @@ matrix_postgres_db_name: "homeserver"
 
 ######################################################################
 #
-# matrix-riot-web
+# matrix-client-element
 #
 ######################################################################
 
-# By default, this playbook installs the Riot.IM web UI on the `matrix_server_fqn_riot` domain.
+# By default, this playbook installs the Element web UI on the `matrix_server_fqn_element` domain.
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
-matrix_riot_web_enabled: true
+matrix_client_element_enabled: true
 
-matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
+matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
 
-# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
+# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
-# the riot-web HTTP port to the local host.
-matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
+# the Element HTTP port to the local host.
+matrix_client_element_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
 
-matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
-matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
+matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
+matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
 
 # Use Dimension if enabled, otherwise fall back to Scalar
-matrix_riot_web_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
-matrix_riot_web_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
-matrix_riot_web_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
-matrix_riot_web_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
+matrix_client_element_integrations_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else 'https://scalar.vector.im/' }}"
+matrix_client_element_integrations_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else 'https://scalar.vector.im/api' }}"
+matrix_client_element_integrations_widgets_urls: "{{ matrix_dimension_integrations_widgets_urls if matrix_dimension_enabled else ['https://scalar.vector.im/api'] }}"
+matrix_client_element_integrations_jitsi_widget_url: "{{ matrix_dimension_integrations_jitsi_widget_url if matrix_dimension_enabled else 'https://scalar.vector.im/api/widgets/jitsi.html' }}"
 
-matrix_riot_web_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
+matrix_client_element_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else false }}"
 
-matrix_riot_web_registration_enabled: "{{ matrix_synapse_enable_registration }}"
+matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
 
-matrix_riot_web_enable_presence_by_hs_url: |
+matrix_client_element_enable_presence_by_hs_url: |
   {{
     none
     if matrix_synapse_use_presence
-    else {matrix_riot_web_default_hs_url: false}
+    else {matrix_client_element_default_hs_url: false}
   }}
 
-matrix_riot_web_welcome_user_id: ~
+matrix_client_element_welcome_user_id: ~
 
-matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
+matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
 
 ######################################################################
 #
-# /matrix-riot-web
+# /matrix-client-element
 #
 ######################################################################
 
@@ -861,3 +1011,24 @@ matrix_synapse_systemd_wanted_services_list: |
 # /matrix-synapse
 #
 ######################################################################
+
+
+
+######################################################################
+#
+# matrix-synapse-admin
+#
+######################################################################
+
+matrix_synapse_admin_enabled: false
+
+# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse Admin over the container network.
+# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
+# Synapse Admin's HTTP port to the local host.
+matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
+
+######################################################################
+#
+# /matrix-synapse-admin
+#
+######################################################################

readme.org

@@ -0,0 +1,12 @@
+* my personal notes for deploying
+** setup
+   - create a file in ~inventory~ called ~hosts~
+   #+BEGIN_SRC text
+   [matrix_servers]
+   matrix.awful.club
+   #+END_SRC
+   - make sure you have the proper gpg key on your file system ( since we are using the "open the vault" method of protecting our passwords here)
+
+** common scripts:
+ ~ansible-playbook -i inventory/hosts matrix-docker-ansible-deploy/setup.yml --tags=setup-all,start~
+   - this will upgrade your configured matrix things.

roles/matrix-base/defaults/main.yml

@@ -8,12 +8,12 @@
 matrix_domain: ~
 
 # This is where your data lives and what we set up.
-# This and the Riot FQN (see below) are expected to be on the same server.
+# This and the Element FQN (see below) are expected to be on the same server.
 matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
 
-# This is where you access the web UI from and what we set up here.
+# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
 # This and the Matrix FQN (see above) are expected to be on the same server.
-matrix_server_fqn_riot: "riot.{{ matrix_domain }}"
+matrix_server_fqn_element: "element.{{ matrix_domain }}"
 
 # This is where you access the Dimension.
 matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
@@ -26,6 +26,12 @@ matrix_federation_public_port: 8448
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
 
+# By default, the playbook creates the user (`matrix_user_username`)
+# and group (`matrix_user_groupname`) with a random id.
+# To use a specific user/group id, override these variables.
+matrix_user_uid: ~
+matrix_user_gid: ~
+
 matrix_base_data_path: "/matrix"
 matrix_base_data_path_mode: "750"
 
@@ -52,13 +58,24 @@ matrix_integration_manager_rest_url: ~
 matrix_integration_manager_ui_url: ~
 
 # The domain name where a Jitsi server is self-hosted.
-# If set, `/.well-known/matrix/client` will suggest Riot clients to use that Jitsi server.
+# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
 matrix_riot_jitsi_preferredDomain: ''
 
+# Controls whether Element should use End-to-End Encryption by default.
+# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
+# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
+matrix_riot_e2ee_default: true
+
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"
 
+# Controls whether we'll preserve the vars.yml file on the Matrix server.
+# If you have a differently organized inventory, you may wish to disable this feature,
+# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve.
+matrix_vars_yml_snapshotting_enabled: true
+matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml"
+
 # Controls whether a `/.well-known/matrix/server` file is generated and used at all.
 #
 # If you wish to rely on DNS SRV records only, you can disable this.
@@ -88,7 +105,3 @@ run_setup: true
 run_self_check: true
 run_start: true
 run_stop: true
-
-# Building every docker image from source on the target host
-# Controlling docker image build is possible on a per unit base
-matrix_container_images_self_build: false

roles/matrix-base/tasks/main.yml

@@ -2,11 +2,6 @@
   tags:
     - always
 
-- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
-  when: "run_setup|bool"
-  tags:
-    - setup-all
-
 - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
   when: run_setup|bool
   tags:

roles/matrix-base/tasks/sanity_check.yml

@@ -25,7 +25,8 @@
     - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
     - {'old': 'hostname_identity', 'new': 'matrix_domain'}
     - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
-    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_riot'}
+    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
 
 - name: Fail if required variables are undefined
   fail:
@@ -33,7 +34,7 @@
   with_items:
     - matrix_domain
     - matrix_server_fqn_matrix
-    - matrix_server_fqn_riot
+    - matrix_server_fqn_element
   when: "item not in vars or vars[item] is none"
 
 - name: Fail if uppercase domain used
@@ -42,7 +43,7 @@
   with_items:
     - "{{ matrix_domain }}"
     - "{{ matrix_server_fqn_matrix }}"
-    - "{{ matrix_server_fqn_riot }}"
+    - "{{ matrix_server_fqn_element }}"
   when: "item != item|lower"
 
 - name: Fail if using python2 on Archlinux

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -5,6 +5,7 @@
     name:
       - apt-transport-https
       - ca-certificates
+      - gpg
     state: present
     update_cache: yes
 

roles/matrix-base/tasks/setup_matrix_base.yml

@@ -10,6 +10,15 @@
   with_items:
     - "{{ matrix_base_data_path }}"
 
+- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
+  copy:
+    src: "{{ matrix_vars_yml_snapshotting_src }}"
+    dest: "{{ matrix_base_data_path }}/vars.yml"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: '0660'
+  when: "matrix_vars_yml_snapshotting_enabled|bool"
+
 # `docker_network` doesn't work as expected when the given network
 # is a substring of a network that already exists.
 #

roles/matrix-base/tasks/setup_matrix_user.yml

@@ -3,6 +3,7 @@
 - name: Ensure Matrix group is created
   group:
     name: "{{ matrix_user_groupname }}"
+    gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
     state: present
   register: matrix_group
 
@@ -13,6 +14,7 @@
 - name: Ensure Matrix user is created
   user:
     name: "{{ matrix_user_username }}"
+    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
     state: present
     group: "{{ matrix_user_groupname }}"
   register: matrix_user

roles/matrix-base/tasks/validate_config.yml

@@ -1,11 +0,0 @@
----
-
-- name: (Deprecation) Warn about unused user/group variables
-  fail:
-    msg: >
-      The `{{ item }}` variable defined in your configuration is not used by this playbook anymore.
-      User/group creation is now dynamic. You can remove these variables from your configuration, as they have no effect on anything.
-  when: "item in vars"
-  with_items:
-    - 'matrix_user_uid'
-    - 'matrix_user_gid'

roles/matrix-base/templates/static-files/well-known/matrix-client.j2

@@ -23,4 +23,9 @@
 		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
+	{% if not matrix_riot_e2ee_default %},
+	"im.vector.riot.e2ee": {
+		"default": false
+	}
+	{% endif %}
 }

roles/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -0,0 +1,64 @@
+# matrix-reminder-bot is a bot for one-off and recurring reminders
+# See: https://github.com/anoadragon453/matrix-reminder-bot
+
+matrix_bot_matrix_reminder_bot_enabled: true
+
+matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0"
+matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
+
+matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
+matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config"
+matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data"
+matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store"
+
+# A list of extra arguments to pass to the container
+matrix_bot_matrix_reminder_bot_container_extra_arguments: []
+
+# List of systemd services that matrix-bot-matrix-reminder-bot.service depends on
+matrix_bot_matrix_reminder_bot_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-bot-matrix-reminder-bot.service wants
+matrix_bot_matrix_reminder_bot_systemd_wanted_services_list: []
+
+
+# The bot's username. This user needs to be created manually beforehand.
+# Also see `matrix_bot_matrix_reminder_bot_user_password`.
+matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: "bot.matrix-reminder-bot"
+
+matrix_bot_matrix_reminder_bot_matrix_user_id: '@{{ matrix_bot_matrix_reminder_bot_matrix_user_id_localpart }}:{{ matrix_domain }}'
+
+# The password that the bot uses to authenticate.
+matrix_bot_matrix_reminder_bot_matrix_user_password: ''
+
+matrix_bot_matrix_reminder_bot_matrix_homeserver_url: 'http://matrix-synapse:8008'
+
+# The timezone to use when creating reminders.
+# Examples: 'Europe/London', 'Etc/UTC'
+matrix_bot_matrix_reminder_bot_reminders_timezone: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_bot_matrix_reminder_bot_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_bot_matrix_reminder_bot_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_bot_matrix_reminder_bot_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_bot_matrix_reminder_bot_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_bot_matrix_reminder_bot_configuration_yaml`.
+  #
+  # Example configuration extension follows:
+  #
+  # matrix:
+  #   device_name: My-Reminder-Bot
+
+matrix_bot_matrix_reminder_bot_configuration_extension: "{{ matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml if matrix_bot_matrix_reminder_bot_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_bot_matrix_reminder_bot_configuration_yaml`.
+matrix_bot_matrix_reminder_bot_configuration: "{{ matrix_bot_matrix_reminder_bot_configuration_yaml|from_yaml|combine(matrix_bot_matrix_reminder_bot_configuration_extension, recursive=True) }}"

roles/matrix-bot-matrix-reminder-bot/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot'] }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool

roles/matrix-bot-matrix-reminder-bot/tasks/main.yml

@@ -0,0 +1,14 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_bot_matrix_reminder_bot_enabled|bool"
+  tags:
+    - setup-all
+    - setup-bot-matrix-reminder-bot
+
+- import_tasks: "{{ role_path }}/tasks/setup.yml"
+  tags:
+    - setup-all
+    - setup-bot-matrix-reminder-bot

roles/matrix-bot-matrix-reminder-bot/tasks/setup.yml

@@ -0,0 +1,88 @@
+---
+
+#
+# Tasks related to setting up matrix-reminder-bot
+#
+
+- name: Ensure matrix-reminder-bot paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true }
+    - { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true }
+    - { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true }
+  when: matrix_bot_matrix_reminder_bot_enabled|bool and item.when
+
+- name: Ensure matrix-reminder-bot image is pulled
+  docker_image:
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure matrix-reminder-bot config installed
+  copy:
+    content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure matrix-matrix-reminder-bot.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2"
+    dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
+    mode: 0644
+  register: matrix_bot_matrix_reminder_bot_systemd_service_result
+  when: matrix_bot_matrix_reminder_bot_enabled|bool
+
+- name: Ensure systemd reloaded after matrix-matrix-reminder-bot.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_systemd_service_result.changed"
+
+#
+# Tasks related to getting rid of matrix-reminder-bot (if it was previously enabled)
+#
+
+- name: Check existence of matrix-matrix-reminder-bot service
+  stat:
+    path: "{{ matrix_systemd_path }}/matrix-matrix-reminder-bot.service"
+  register: matrix_bot_matrix_reminder_bot_service_stat
+
+- name: Ensure matrix-matrix-reminder-bot is stopped
+  service:
+    name: matrix-matrix-reminder-bot
+    state: stopped
+    daemon_reload: yes
+  register: stopping_result
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure matrix-matrix-reminder-bot.service doesn't exist
+  file:
+    path: "{{ matrix_systemd_path }}/matrix-matrix-reminder-bot.service"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-matrix-reminder-bot.service removal
+  service:
+    daemon_reload: yes
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool and matrix_bot_matrix_reminder_bot_service_stat.stat.exists"
+
+- name: Ensure Matrix matrix-reminder-bot paths don't exist
+  file:
+    path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool"
+
+- name: Ensure matrix-reminder-bot Docker image doesn't exist
+  docker_image:
+    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    state: absent
+  when: "not matrix_bot_matrix_reminder_bot_enabled|bool"

roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_matrix_reminder_bot_matrix_user_password"
+    - "matrix_bot_matrix_reminder_bot_reminders_timezone"

roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2

@@ -0,0 +1,50 @@
+# The string to prefix bot commands with
+command_prefix: "!"
+
+# Options for connecting to the bot's Matrix account
+matrix:
+  # The Matrix User ID of the bot account
+  user_id: {{ matrix_bot_matrix_reminder_bot_matrix_user_id|to_json }}
+  # Matrix account password
+  user_password: {{ matrix_bot_matrix_reminder_bot_matrix_user_password|to_json }}
+  # The public URL at which the homeserver's Client-Server API can be accessed
+  homeserver_url: {{ matrix_bot_matrix_reminder_bot_matrix_homeserver_url }}
+  # The device ID that is a **non pre-existing** device
+  # If this device ID already exists, messages will be dropped silently in
+  # encrypted rooms
+  device_id: REMINDER
+  # What to name the logged in device
+  device_name: Reminder Bot
+
+storage:
+  # The database connection string
+  # For SQLite3, this would look like:
+  #     database: "sqlite://bot.db"
+  # For Postgres, this would look like:
+  #     database: "postgres://username:password@localhost/dbname?sslmode=disable"
+  #database: "postgres://matrix-reminder-bot:remindme@localhost/matrix-reminder-bot?sslmode=disable"
+  database: "sqlite:///data/bot.db"
+  # The path to a directory for internal bot storage
+  # containing encryption keys, sync tokens, etc.
+  store_path: "/data/store"
+
+reminders:
+  # Uncomment to set a default timezone that will be used when creating reminders.
+  # If not set, UTC will be used
+  timezone: {{ matrix_bot_matrix_reminder_bot_reminders_timezone }}
+
+# Logging setup
+logging:
+  # Logging level
+  # Allowed levels are 'INFO', 'WARNING', 'ERROR', 'DEBUG' where DEBUG is most verbose
+  level: INFO
+  # Configure logging to a file
+  file_logging:
+    # Whether logging to a file is enabled
+    enabled: false
+    # The path to the file to log to. May be relative or absolute
+    filepath: /data/bot.log
+  # Configure logging to the console (stdout/stderr)
+  console_logging:
+    # Whether console logging is enabled
+    enabled: true

roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2

@@ -0,0 +1,40 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=matrix-reminder-bot
+{% for service in matrix_bot_matrix_reminder_bot_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_bot_matrix_reminder_bot_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_docker_network }} \
+			-e 'TZ={{ matrix_bot_matrix_reminder_bot_reminders_timezone }}' \
+			-v {{ matrix_bot_matrix_reminder_bot_config_path }}:/config:ro \
+			-v {{ matrix_bot_matrix_reminder_bot_data_path }}:/data:rw \
+			--entrypoint=/bin/sh \
+			{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
+			-c "matrix-reminder-bot /config/config.yaml"
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-bot-matrix-reminder-bot
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -20,6 +20,11 @@ matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
 
+# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
+matrix_mautrix_hangouts_container_http_host_bind_port: ''
+
 # A list of extra arguments to pass to the container
 matrix_mautrix_hangouts_container_extra_arguments: []
 

roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2

@@ -30,6 +30,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
+			{% if matrix_mautrix_hangouts_container_http_host_bind_port %}
+			-p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \
+			{% endif %}
 			-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
 			-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
 			{% for arg in matrix_mautrix_hangouts_container_extra_arguments %}

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -4,7 +4,7 @@
 matrix_mautrix_telegram_enabled: true
 
 # See: https://mau.dev/tulir/mautrix-telegram/container_registry
-matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2"
+matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.1"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
@@ -26,7 +26,7 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
 matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
 matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
 
-# Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container).
+# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
 matrix_mautrix_telegram_container_http_host_bind_port: ''

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -124,8 +124,8 @@ bridge:
     # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
     # at startup and when creating a bridge.
     sync_matrix_state: true
-    # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
-    # login website (see appservice.public config section)
+    # Allow logging in within Matrix. If false, users can only log in using login-qr or the
+    # out-of-Matrix login website (see appservice.public config section)
     allow_matrix_login: true
     # Whether or not to bridge plaintext highlights.
     # Only enable this if your displayname_template has some static part that the bridge can use to
@@ -145,7 +145,7 @@ bridge:
     # Set to false to disable link previews in messages sent to Telegram.
     telegram_link_preview: true
     # Use inline images instead of a separate message for the caption.
-    # N.B. Inline images are not supported on all clients (e.g. Riot iOS).
+    # N.B. Inline images are not supported on all clients (e.g. Element iOS).
     inline_images: false
     # Maximum size of image in megabytes before sending to Telegram as a document.
     image_as_file_size: 10
@@ -184,6 +184,28 @@ bridge:
         # Default to encryption, force-enable encryption in all portals the bridge creates
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         default: false
+        # Database for the encryption data. Currently only supports Postgres and an in-memory
+        # store that's persisted as a pickle.
+        # If set to `default`, will use the appservice postgres database
+        # or a pickle file if the appservice database is sqlite.
+        #
+        # Format examples:
+        #   Pickle:   pickle:///filename.pickle
+        #   Postgres: postgres://username:password@hostname/dbname
+        database: default
+
+    # Whether or not to explicitly set the avatar and room name for private
+    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
+    private_chat_portal_meta: false
+    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
+    # been sent to Telegram.
+    delivery_receipts: false
+    # Whether or not delivery errors should be reported as messages in the Matrix room.
+    delivery_error_reports: false
+    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+    # This field will automatically be changed back to false after it,
+    # except if the config file is not writable.
+    resend_bridge_info: false
 
     # Overrides for base power levels.
     initial_power_level_overrides:

roles/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -0,0 +1,95 @@
+# Mx Puppet Discord is a Matrix <-> Discord bridge
+# See: https://github.com/matrix-discord/mx-puppet-discord
+
+matrix_mx_puppet_discord_enabled: true
+
+matrix_mx_puppet_discord_container_image_self_build: false
+
+# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
+matrix_mx_puppet_discord_container_http_host_bind_port: ''
+
+matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest"
+matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
+
+matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord"
+matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config"
+matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data"
+matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src"
+
+matrix_mx_puppet_discord_appservice_port: "8432"
+
+matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008'
+matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
+matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
+
+matrix_mx_puppet_discord_client_id: ''
+matrix_mx_puppet_discord_client_secret: ''
+
+# "@user:server.com" to allow specific user
+# "@.*:yourserver.com" to allow users on a specific homeserver
+# "@.*" to allow anyone
+matrix_mx_puppet_discord_provisioning_whitelist:
+  - "@.*:{{ matrix_domain|regex_escape }}"
+
+# Leave empty to disable blacklist
+# "@user:server.com" disallow a specific user
+# "@.*:yourserver.com" disallow users on a specific homeserver
+matrix_mx_puppet_discord_provisioning_blacklist: []
+
+# A list of extra arguments to pass to the container
+matrix_mx_puppet_discord_container_extra_arguments: []
+
+# List of systemd services that matrix-puppet-discord.service depends on.
+matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-puppet-discord.service wants
+matrix_mx_puppet_discord_systemd_wanted_services_list: []
+
+matrix_mx_puppet_discord_appservice_token: ''
+matrix_mx_puppet_discord_homeserver_token: ''
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mx_puppet_discord_login_shared_secret: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mx_puppet_discord_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mx_puppet_discord_configuration_yaml`.
+
+matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`.
+matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}"
+
+matrix_mx_puppet_discord_registration_yaml: |
+  as_token: "{{ matrix_mx_puppet_discord_appservice_token }}"
+  hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}"
+  id: discord-puppet
+  namespaces:
+    users:
+      - exclusive: true
+        regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
+    rooms: []
+    aliases:
+      - exclusive: true
+        regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
+  protocols: []
+  rate_limited: false
+  sender_localpart: _discordpuppet_bot
+  url: {{ matrix_mx_puppet_discord_appservice_address }}
+
+matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}"

roles/matrix-bridge-mx-puppet-discord/tasks/init.yml

@@ -0,0 +1,23 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}"
+  when: matrix_mx_puppet_discord_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
+  when: matrix_mx_puppet_discord_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"

roles/matrix-bridge-mx-puppet-discord/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-discord
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-discord
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-discord

roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml

@@ -0,0 +1,93 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure MX Puppet Discord image is pulled
+  docker_image:
+    name: "{{ matrix_mx_puppet_discord_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}"
+  when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build
+
+- name: Ensure MX Puppet Discord paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" }
+  when: matrix_mx_puppet_discord_enabled|bool and item.when|bool
+
+- name: Ensure MX Puppet Discord repository is present on self build
+  git:
+    repo: https://github.com/matrix-discord/mx-puppet-discord.git
+    dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
+
+- name: Ensure MX Puppet Discord Docker image is built
+  docker_image:
+    name: "{{ matrix_mx_puppet_discord_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
+
+- name: Check if an old database file already exists
+  stat:
+    path: "{{ matrix_mx_puppet_discord_base_path }}/database.db"
+  register: matrix_mx_puppet_discord_stat_database
+
+- name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped
+  service:
+    name: matrix-mx-puppet-discord
+    state: stopped
+    daemon_reload: yes
+  failed_when: false
+  when: "matrix_mx_puppet_discord_stat_database.stat.exists"
+
+- name: (Data relocation) Move mx-puppet-discord database file to ./data directory
+  command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db"
+  when: "matrix_mx_puppet_discord_stat_database.stat.exists"
+
+- name: Ensure mx-puppet-discord config.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mx-puppet-discord discord-registration.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mx-puppet-discord.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2"
+    dest: "/etc/systemd/system/matrix-mx-puppet-discord.service"
+    mode: 0644
+  register: matrix_mx_puppet_discord_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_discord_systemd_service_result.changed"

roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mx-puppet-discord service
+  stat:
+    path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
+  register: matrix_mx_puppet_discord_service_stat
+
+- name: Ensure matrix-mx-puppet-discord is stopped
+  service:
+    name: matrix-mx-puppet-discord
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
+
+- name: Ensure matrix-mx-puppet-discord.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
+    state: absent
+  when: "matrix_mx_puppet_discord_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_discord_service_stat.stat.exists"

roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mx_puppet_discord_appservice_token"
+    - "matrix_mx_puppet_discord_homeserver_token"

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -0,0 +1,138 @@
+#jinja2: lstrip_blocks: "True"
+bridge:
+  # Port to host the bridge on
+  # Used for communication between the homeserver and the bridge
+  port: {{ matrix_mx_puppet_discord_appservice_port }}
+  # The host connections to the bridge's webserver are allowed from
+  bindAddress: 0.0.0.0
+  # Public domain of the homeserver
+  domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
+  # Reachable URL of the Matrix homeserver
+  homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
+  {% if matrix_mx_puppet_discord_login_shared_secret != '' %}
+  loginSharedSecretMap:
+    {{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
+  {% endif %}
+  # Display name of the bridge bot
+  displayname: Discord Puppet Bridge
+  # Optionally specify a different media URL used for the media store
+  #
+  # This is where Discord will download user profile pictures and media
+  # from
+  #mediaUrl: https://external-url.org
+
+presence:
+  # Bridge Discord online/offline status
+  enabled: true
+  # How often to send status to the homeserver in milliseconds
+  interval: 500
+
+provisioning:
+  # Regex of Matrix IDs allowed to use the puppet bridge
+  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
+    # Allow a specific user
+    #- "@user:server\\.com"
+    # Allow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+    # Allow anyone
+    #- ".*"
+  # Regex of Matrix IDs forbidden from using the puppet bridge
+  #blacklist:
+    # Disallow a specific user
+    #- "@user:server\\.com"
+    # Disallow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
+
+relay:
+  # Regex of Matrix IDs who are allowed to use the bridge in relay mode.
+  # Relay mode is when a single Discord bot account relays messages of
+  # multiple Matrix users
+  #
+  # Same format as in provisioning
+  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
+  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
+
+selfService:
+  # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
+  #
+  # Same format as in provisioning
+  whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
+  blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
+
+# Override the default name patterns for users, rooms and groups
+#
+# Variable names must be prefixed with a ':'
+namePatterns:
+  # The default displayname for a bridged user
+  #
+  # Available variables:
+  #
+  # name: username of the user
+  # discriminator: hashtag of the user (ex. #1234)
+  user: :name
+
+  # A user's guild-specific displayname - if they've set a custom nick in
+  # a guild
+  #
+  # Available variables:
+  #
+  # name: username of the user
+  # discriminator: hashtag of the user (ex. #1234)
+  # displayname: the user's custom group-specific nick
+  # channel: the name of the channel
+  # guild: the name of the guild
+  userOverride: :name
+
+  # Room names for bridged Discord channels
+  #
+  # Available variables:
+  #
+  # name: name of the channel
+  # guild: name of the guild
+  room: :name
+
+  # Group names for bridged Discord servers
+  #
+  # Available variables:
+  #
+  # name: name of the guide
+  group: :name
+
+database:
+  # Use Postgres as a database backend
+  # If set, will be used instead of SQLite3
+  # Connection string to connect to the Postgres instance
+  # with username "user", password "pass", host "localhost" and database name "dbname".
+  # Modify each value as necessary
+  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
+  # Use SQLite3 as a database backend
+  # The name of the database file
+  filename: /data/database.db
+
+logging:
+  # Log level of console output
+  # Allowed values starting with most verbose:
+  # silly, debug, verbose, info, warn, error
+  console: info
+  # Date and time formatting
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  # Logging files
+  # Log files are rotated daily by default
+  files:
+    # Log file path
+    - file: "/data/bridge.log"
+      # Log level for this file
+      # Allowed values starting with most verbose:
+      # silly, debug, verbose, info, warn, error
+      level: info
+      # Date and time formatting
+      datePattern: YYYY-MM-DD
+      # Maximum number of logs to keep.
+      # This can be a number of files or number of days.
+      # If using days, add 'd' as a suffix
+      maxFiles: 14d
+      # Maximum size of the file after which it will rotate. This can be a
+      # number of bytes, or units of kb, mb, and gb. If using the units, add
+      # 'k', 'm', or 'g' as the suffix
+      maxSize: 50m

roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2

@@ -0,0 +1,41 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Mx Puppet Discord server
+{% for service in matrix_mx_puppet_discord_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-e CONFIG_PATH=/config/config.yaml \
+			-e REGISTRATION_PATH=/config/registration.yaml \
+			-v {{ matrix_mx_puppet_discord_config_path }}:/config:z \
+			-v {{ matrix_mx_puppet_discord_data_path }}:/data:z \
+			{% for arg in matrix_mx_puppet_discord_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_mx_puppet_discord_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mx-puppet-discord
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml

@@ -0,0 +1,86 @@
+# mx-puppet-instagram bridges instagram DMs
+# See: https://github.com/Sorunome/mx-puppet-instagram
+
+matrix_mx_puppet_instagram_enabled: true
+
+matrix_mx_puppet_instagram_container_image_self_build: false
+
+matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest"
+matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}"
+
+matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram"
+matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config"
+matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data"
+matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src"
+
+matrix_mx_puppet_instagram_appservice_port: "8440"
+matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008'
+matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}'
+matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}'
+
+# "@user:server.com" to allow specific user
+# "@.*:yourserver.com" to allow users on a specific homeserver
+# "@.*" to allow anyone
+matrix_mx_puppet_instagram_provisioning_whitelist:
+  - "@.*:{{ matrix_domain|regex_escape }}"
+
+# Leave empty to disable blacklist
+# "@user:server.com" disallow a specific user
+# "@.*:yourserver.com" disallow users on a specific homeserver
+matrix_mx_puppet_instagram_provisioning_blacklist: []
+
+# A list of extra arguments to pass to the container
+matrix_mx_puppet_instagram_container_extra_arguments: []
+
+# List of systemd services that matrix-puppet-instagram.service depends on.
+matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-puppet-instagram.service wants
+matrix_mx_puppet_instagram_systemd_wanted_services_list: []
+
+matrix_mx_puppet_instagram_appservice_token: ''
+matrix_mx_puppet_instagram_homeserver_token: ''
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mx_puppet_instagram_login_shared_secret: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mx_puppet_instagram_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mx_puppet_instagram_configuration_yaml`.
+
+matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`.
+matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}"
+
+matrix_mx_puppet_instagram_registration_yaml: |
+  as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}"
+  hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}"
+  id: instagram-puppet
+  namespaces:
+    users:
+      - exclusive: true
+        regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
+    rooms: []
+    aliases:
+      - exclusive: true
+        regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
+  protocols: []
+  rate_limited: false
+  sender_localpart: _instagrampuppet_bot
+  url: {{ matrix_mx_puppet_instagram_appservice_address }}
+
+matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}"

roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml

@@ -0,0 +1,17 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}"
+  when: matrix_mx_puppet_instagram_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
+  when: matrix_mx_puppet_instagram_enabled|bool
+

roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-instagram
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-instagram
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-instagram

roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml

@@ -0,0 +1,78 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure mx-puppet-instagram image is pulled
+  docker_image:
+    name: "{{ matrix_mx_puppet_instagram_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}"
+  when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build
+
+- name: Ensure mx-puppet-instagram paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" }
+  when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool
+
+- name: Ensure mx-puppet-instagram repository is present on self build
+  git:
+    repo: https://github.com/Sorunome/mx-puppet-instagram.git
+    dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
+
+- name: Ensure mx-puppet-instagram Docker image is built
+  docker_image:
+    name: "{{ matrix_mx_puppet_instagram_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
+
+- name: Ensure mx-puppet-instagram config.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mx-puppet-instagram-registration.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mx-puppet-instagram.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2"
+    dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
+    mode: 0644
+  register: matrix_mx_puppet_instagram_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_instagram_systemd_service_result.changed"
+
+

roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mx-puppet-instagram service
+  stat:
+    path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
+  register: matrix_mx_puppet_instagram_service_stat
+
+- name: Ensure matrix-mx-puppet-instagram is stopped
+  service:
+    name: matrix-mx-puppet-instagram
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
+
+- name: Ensure matrix-mx-puppet-instagram.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
+    state: absent
+  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_instagram_service_stat.stat.exists"

roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mx_puppet_instagram_appservice_token"
+    - "matrix_mx_puppet_instagram_homeserver_token"

roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2

@@ -0,0 +1,82 @@
+#jinja2: lstrip_blocks: "True"
+bridge:
+  # Port to host the bridge on
+  # Used for communication between the homeserver and the bridge
+  port: {{ matrix_mx_puppet_instagram_appservice_port }}
+  # The host connections to the bridge's webserver are allowed from
+  bindAddress: 0.0.0.0
+  # Public domain of the homeserver
+  domain: {{ matrix_mx_puppet_instagram_homeserver_domain }}
+  # Reachable URL of the Matrix homeserver
+  homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }}
+  {% if matrix_mx_puppet_instagram_login_shared_secret != '' %}
+  loginSharedSecretMap:
+    {{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }}
+  {% endif %}
+
+presence:
+  # Bridge Instagram online/offline status
+  enabled: true
+  # How often to send status to the homeserver in milliseconds
+  interval: 500
+
+provisioning:
+  # Regex of Matrix IDs allowed to use the puppet bridge
+  whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }}
+    # Allow a specific user
+    #- "@user:server\\.com"
+    # Allow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+    # Allow anyone
+    #- ".*"
+  # Regex of Matrix IDs forbidden from using the puppet bridge
+  #blacklist:
+    # Disallow a specific user
+    #- "@user:server\\.com"
+    # Disallow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+  blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }}
+
+  # Shared secret for the provisioning API for use by integration managers.
+  # If this is not set, the provisioning API will not be enabled.
+  #sharedSecret: random string
+  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
+  apiPrefix: /_matrix/provision
+
+database:
+  # Use Postgres as a database backend
+  # If set, will be used instead of SQLite3
+  # Connection string to connect to the Postgres instance
+  # with username "user", password "pass", host "localhost" and database name "dbname".
+  # Modify each value as necessary
+  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
+  # Use SQLite3 as a database backend
+  # The name of the database file
+  filename: /data/database.db
+
+logging:
+  # Log level of console output
+  # Allowed values starting with most verbose:
+  # silly, debug, verbose, info, warn, error
+  console: info
+  # Date and time formatting
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  # Logging files
+  # Log files are rotated daily by default
+  files:
+    # Log file path
+    - file: "/data/bridge.log"
+      # Log level for this file
+      # Allowed values starting with most verbose:
+      # silly, debug, verbose, info, warn, error
+      level: info
+      # Date and time formatting
+      datePattern: YYYY-MM-DD
+      # Maximum number of logs to keep.
+      # This can be a number of files or number of days.
+      # If using days, add 'd' as a suffix
+      maxFiles: 14d
+      # Maximum size of the file after which it will rotate. This can be a
+      # number of bytes, or units of kb, mb, and gb. If using the units, add
+      # 'k', 'm', or 'g' as the suffix
+      maxSize: 50m

roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2

@@ -0,0 +1,41 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix mx-puppet-instagram bridge
+{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-e CONFIG_PATH=/config/config.yaml \
+			-e REGISTRATION_PATH=/config/registration.yaml \
+			-v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \
+			-v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \
+			{% for arg in matrix_mx_puppet_instagram_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_mx_puppet_instagram_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mx-puppet-instagram
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-mx-puppet-slack/defaults/main.yml

@@ -52,6 +52,9 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
 matrix_mx_puppet_slack_appservice_token: ''
 matrix_mx_puppet_slack_homeserver_token: ''
 
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mx_puppet_slack_login_shared_secret: ''
+
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #

roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2

@@ -9,6 +9,10 @@ bridge:
   domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
   # Reachable URL of the Matrix homeserver
   homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
+  {% if matrix_mx_puppet_slack_login_shared_secret != '' %}
+  loginSharedSecretMap:
+    {{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
+  {% endif %}
 
 
 # Slack OAuth settings. Create a slack app at https://api.slack.com/apps

roles/matrix-bridge-mx-puppet-steam/defaults/main.yml

@@ -0,0 +1,95 @@
+# Mx Puppet Steam is a Matrix <-> Steam bridge
+# See: https://github.com/matrix-steam/mx-puppet-steam
+
+matrix_mx_puppet_steam_enabled: true
+
+matrix_mx_puppet_steam_container_image_self_build: false
+
+# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
+matrix_mx_puppet_steam_container_http_host_bind_port: ''
+
+matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest"
+matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}"
+
+matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam"
+matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config"
+matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data"
+matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src"
+
+matrix_mx_puppet_steam_appservice_port: "8432"
+
+matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008'
+matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
+matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'
+
+matrix_mx_puppet_steam_client_id: ''
+matrix_mx_puppet_steam_client_secret: ''
+
+# "@user:server.com" to allow specific user
+# "@.*:yourserver.com" to allow users on a specific homeserver
+# "@.*" to allow anyone
+matrix_mx_puppet_steam_provisioning_whitelist:
+  - "@.*:{{ matrix_domain|regex_escape }}"
+
+# Leave empty to disable blacklist
+# "@user:server.com" disallow a specific user
+# "@.*:yourserver.com" disallow users on a specific homeserver
+matrix_mx_puppet_steam_provisioning_blacklist: []
+
+# A list of extra arguments to pass to the container
+matrix_mx_puppet_steam_container_extra_arguments: []
+
+# List of systemd services that matrix-puppet-steam.service depends on.
+matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-puppet-steam.service wants
+matrix_mx_puppet_steam_systemd_wanted_services_list: []
+
+matrix_mx_puppet_steam_appservice_token: ''
+matrix_mx_puppet_steam_homeserver_token: ''
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mx_puppet_steam_login_shared_secret: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mx_puppet_steam_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mx_puppet_steam_configuration_yaml`.
+
+matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`.
+matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}"
+
+matrix_mx_puppet_steam_registration_yaml: |
+  as_token: "{{ matrix_mx_puppet_steam_appservice_token }}"
+  hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}"
+  id: steam-puppet
+  namespaces:
+    users:
+      - exclusive: true
+        regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
+    rooms: []
+    aliases:
+      - exclusive: true
+        regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
+  protocols: []
+  rate_limited: false
+  sender_localpart: _steampuppet_bot
+  url: {{ matrix_mx_puppet_steam_appservice_address }}
+
+matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}"

roles/matrix-bridge-mx-puppet-steam/tasks/init.yml

@@ -0,0 +1,23 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}"
+  when: matrix_mx_puppet_steam_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
+  when: matrix_mx_puppet_steam_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"

roles/matrix-bridge-mx-puppet-steam/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-steam
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-steam
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-steam

roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml

@@ -0,0 +1,93 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure MX Puppet Steam image is pulled
+  docker_image:
+    name: "{{ matrix_mx_puppet_steam_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}"
+  when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build
+
+- name: Ensure MX Puppet Steam paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" }
+  when: matrix_mx_puppet_steam_enabled|bool and item.when|bool
+
+- name: Ensure MX Puppet Steam repository is present on self build
+  git:
+    repo: https://github.com/icewind1991/mx-puppet-steam.git
+    dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
+
+- name: Ensure MX Puppet Steam Docker image is built
+  docker_image:
+    name: "{{ matrix_mx_puppet_steam_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
+
+- name: Check if an old database file already exists
+  stat:
+    path: "{{ matrix_mx_puppet_steam_base_path }}/database.db"
+  register: matrix_mx_puppet_steam_stat_database
+
+- name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped
+  service:
+    name: matrix-mx-puppet-steam
+    state: stopped
+    daemon_reload: yes
+  failed_when: false
+  when: "matrix_mx_puppet_steam_stat_database.stat.exists"
+
+- name: (Data relocation) Move mx-puppet-steam database file to ./data directory
+  command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db"
+  when: "matrix_mx_puppet_steam_stat_database.stat.exists"
+
+- name: Ensure mx-puppet-steam config.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mx-puppet-steam steam-registration.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mx-puppet-steam.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2"
+    dest: "/etc/systemd/system/matrix-mx-puppet-steam.service"
+    mode: 0644
+  register: matrix_mx_puppet_steam_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_steam_systemd_service_result.changed"

roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mx-puppet-steam service
+  stat:
+    path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
+  register: matrix_mx_puppet_steam_service_stat
+
+- name: Ensure matrix-mx-puppet-steam is stopped
+  service:
+    name: matrix-mx-puppet-steam
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
+
+- name: Ensure matrix-mx-puppet-steam.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
+    state: absent
+  when: "matrix_mx_puppet_steam_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_steam_service_stat.stat.exists"

roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mx_puppet_steam_appservice_token"
+    - "matrix_mx_puppet_steam_homeserver_token"

roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2

@@ -0,0 +1,99 @@
+#jinja2: lstrip_blocks: "True"
+bridge:
+  # Port to host the bridge on
+  # Used for communication between the homeserver and the bridge
+  port: {{ matrix_mx_puppet_steam_appservice_port }}
+  # The host connections to the bridge's webserver are allowed from
+  bindAddress: 0.0.0.0
+  # Public domain of the homeserver
+  domain: {{ matrix_mx_puppet_steam_homeserver_domain }}
+  # Reachable URL of the Matrix homeserver
+  homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }}
+  {% if matrix_mx_puppet_steam_login_shared_secret != '' %}
+  loginSharedSecretMap:
+    {{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }}
+  {% endif %}
+  # Display name of the bridge bot
+  displayname: Steam Puppet Bridge
+  # Optionally specify a different media URL used for the media store
+  #
+  # This is where Steam will download user profile pictures and media
+  # from
+  #mediaUrl: https://external-url.org
+
+presence:
+  # Bridge Steam online/offline status
+  enabled: true
+  # How often to send status to the homeserver in milliseconds
+  interval: 5000
+
+provisioning:
+  # Regex of Matrix IDs allowed to use the puppet bridge
+  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
+    # Allow a specific user
+    #- "@user:server\\.com"
+    # Allow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+    # Allow anyone
+    #- ".*"
+  # Regex of Matrix IDs forbidden from using the puppet bridge
+  #blacklist:
+    # Disallow a specific user
+    #- "@user:server\\.com"
+    # Disallow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
+
+relay:
+  # Regex of Matrix IDs who are allowed to use the bridge in relay mode.
+  # Relay mode is when a single Steam bot account relays messages of
+  # multiple Matrix users
+  #
+  # Same format as in provisioning
+  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
+  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
+
+selfService:
+  # Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
+  #
+  # Same format as in provisioning
+  whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
+  blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
+
+database:
+  # Use Postgres as a database backend
+  # If set, will be used instead of SQLite3
+  # Connection string to connect to the Postgres instance
+  # with username "user", password "pass", host "localhost" and database name "dbname".
+  # Modify each value as necessary
+  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
+  # Use SQLite3 as a database backend
+  # The name of the database file
+  filename: /data/database.db
+
+logging:
+  # Log level of console output
+  # Allowed values starting with most verbose:
+  # silly, debug, verbose, info, warn, error
+  console: info
+  # Date and time formatting
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  # Logging files
+  # Log files are rotated daily by default
+  files:
+    # Log file path
+    - file: "/data/bridge.log"
+      # Log level for this file
+      # Allowed values starting with most verbose:
+      # silly, debug, verbose, info, warn, error
+      level: info
+      # Date and time formatting
+      datePattern: YYYY-MM-DD
+      # Maximum number of logs to keep.
+      # This can be a number of files or number of days.
+      # If using days, add 'd' as a suffix
+      maxFiles: 14d
+      # Maximum size of the file after which it will rotate. This can be a
+      # number of bytes, or units of kb, mb, and gb. If using the units, add
+      # 'k', 'm', or 'g' as the suffix
+      maxSize: 50m

roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2

@@ -0,0 +1,41 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Mx Puppet Steam server
+{% for service in matrix_mx_puppet_steam_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			-e CONFIG_PATH=/config/config.yaml \
+			-e REGISTRATION_PATH=/config/registration.yaml \
+			-v {{ matrix_mx_puppet_steam_config_path }}:/config:z \
+			-v {{ matrix_mx_puppet_steam_data_path }}:/data:z \
+			{% for arg in matrix_mx_puppet_steam_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_mx_puppet_steam_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mx-puppet-steam
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml

@@ -0,0 +1,104 @@
+# Mx Puppet Twitter is a Matrix <-> Twitter bridge
+# See: https://github.com/Sorunome/mx-puppet-twitter
+
+matrix_mx_puppet_twitter_enabled: true
+
+matrix_mx_puppet_twitter_container_image_self_build: false
+
+# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
+matrix_mx_puppet_twitter_container_http_host_bind_port: ''
+
+matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest"
+matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}"
+
+matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter"
+matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config"
+matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data"
+matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src"
+
+matrix_mx_puppet_twitter_appservice_port: "8432"
+
+matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008'
+matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}'
+matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}'
+
+matrix_mx_puppet_twitter_consumer_key: ''
+matrix_mx_puppet_twitter_consumer_secret: ''
+matrix_mx_puppet_twitter_access_token: ''
+matrix_mx_puppet_twitter_access_token_secret: ''
+matrix_mx_puppet_twitter_environment: ''
+matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook'
+matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}'
+
+# "@user:server.com" to allow specific user
+# "@.*:yourserver.com" to allow users on a specific homeserver
+# "@.*" to allow anyone
+matrix_mx_puppet_twitter_provisioning_whitelist:
+  - "@.*:{{ matrix_domain|regex_escape }}"
+
+# Leave empty to disable blacklist
+# "@user:server.com" disallow a specific user
+# "@.*:yourserver.com" disallow users on a specific homeserver
+matrix_mx_puppet_twitter_provisioning_blacklist: []
+
+# A list of extra arguments to pass to the container
+matrix_mx_puppet_twitter_container_extra_arguments: []
+
+# List of systemd services that mx-puppet-twitter.service depends on.
+matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that mx-puppet-twitter.service wants
+matrix_mx_puppet_twitter_systemd_wanted_services_list: []
+
+matrix_mx_puppet_twitter_appservice_token: ''
+matrix_mx_puppet_twitter_homeserver_token: ''
+
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
+matrix_mx_puppet_twitter_login_shared_secret: ''
+
+# Default configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`)
+# or completely replace this variable with your own template.
+matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
+
+matrix_mx_puppet_twitter_configuration_extension_yaml: |
+  # Your custom YAML configuration goes here.
+  # This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`).
+  #
+  # You can override individual variables from the default configuration, or introduce new ones.
+  #
+  # If you need something more special, you can take full control by
+  # completely redefining `matrix_mx_puppet_twitter_configuration_yaml`.
+
+matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
+
+# Holds the final configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`.
+matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}"
+
+# The prefix for user IDs and aliases
+matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_
+matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot
+
+matrix_mx_puppet_twitter_registration_yaml: |
+  as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}"
+  hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}"
+  id: twitter-puppet
+  namespaces:
+    users:
+      - exclusive: true
+        regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
+    rooms: []
+    aliases:
+      - exclusive: true
+        regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
+  protocols: []
+  rate_limited: false
+  sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}"
+  url: {{ matrix_mx_puppet_twitter_appservice_address }}
+
+matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}"

roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml

@@ -0,0 +1,70 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}"
+  when: matrix_mx_puppet_twitter_enabled|bool
+
+# If the matrix-synapse role is not used, these variables may not exist.
+- set_fact:
+    matrix_synapse_container_extra_arguments: >
+      {{ matrix_synapse_container_extra_arguments|default([]) }}
+      +
+      ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
+
+    matrix_synapse_app_service_config_files: >
+      {{ matrix_synapse_app_service_config_files|default([]) }}
+      +
+      {{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
+  when: matrix_mx_puppet_twitter_enabled|bool
+
+- block:
+  - name: Fail if matrix-nginx-proxy role already executed
+    fail:
+      msg: >-
+        Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
+        but it's pointless since the matrix-nginx-proxy role had already executed.
+        To fix this, please change the order of roles in your plabook,
+        so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
+    when: matrix_nginx_proxy_role_executed|default(False)|bool
+
+  - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
+    set_fact:
+      matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
+        location {{ matrix_mx_puppet_twitter_webhook_path }} {
+        {% if matrix_nginx_proxy_enabled|default(False) %}
+        	{# Use the embedded DNS resolver in Docker containers to discover the service #}
+        	resolver 127.0.0.11 valid=5s;
+        	set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
+        	proxy_pass $backend;
+        {% else %}
+        	{# Generic configuration for use outside of our container setup #}
+        	proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
+        {% endif %}
+        }
+
+  - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
+    set_fact:
+      matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
+        {{
+          matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+          +
+          [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
+        }}
+  tags:
+   - always
+  when: matrix_mx_puppet_twitter_enabled|bool
+
+- name: Warn about reverse-proxying if matrix-nginx-proxy not used
+  debug:
+    msg: >-
+      NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
+      reverse proxy.
+      Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
+      URL endpoint to the matrix-mx-puppet-twitter container.
+      You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
+  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"

roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-twitter
+
+- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
+  when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-twitter
+
+- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+  when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool"
+  tags:
+    - setup-all
+    - setup-mx-puppet-twitter

roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml

@@ -0,0 +1,93 @@
+---
+
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
+- name: Ensure MX Puppet Twitter image is pulled
+  docker_image:
+    name: "{{ matrix_mx_puppet_twitter_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}"
+  when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build
+
+- name: Ensure MX Puppet Twitter paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true }
+    - { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" }
+  when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool
+
+- name: Ensure MX Puppet Twitter repository is present on self build
+  git:
+    repo: https://github.com/Sorunome/mx-puppet-twitter.git
+    dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
+
+- name: Ensure MX Puppet Twitter Docker image is built
+  docker_image:
+    name: "{{ matrix_mx_puppet_twitter_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
+
+- name: Check if an old database file already exists
+  stat:
+    path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db"
+  register: matrix_mx_puppet_twitter_stat_database
+
+- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped
+  service:
+    name: matrix-mx-puppet-twitter
+    state: stopped
+    daemon_reload: yes
+  failed_when: false
+  when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
+
+- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory
+  command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db"
+  when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
+
+- name: Ensure mx-puppet-twitter config.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure mx-puppet-twitter twitter-registration.yaml installed
+  copy:
+    content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}"
+    dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-mx-puppet-twitter.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2"
+    dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
+    mode: 0644
+  register: matrix_mx_puppet_twitter_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_twitter_systemd_service_result.changed"

roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-mx-puppet-twitter service
+  stat:
+    path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
+  register: matrix_mx_puppet_twitter_service_stat
+
+- name: Ensure matrix-mx-puppet-twitter is stopped
+  service:
+    name: matrix-mx-puppet-twitter
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
+
+- name: Ensure matrix-mx-puppet-twitter.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
+    state: absent
+  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_mx_puppet_twitter_service_stat.stat.exists"

roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mx_puppet_twitter_appservice_token"
+    - "matrix_mx_puppet_twitter_homeserver_token"

roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2

@@ -0,0 +1,92 @@
+#jinja2: lstrip_blocks: "True"
+bridge:
+  # Port to host the bridge on
+  # Used for communication between the homeserver and the bridge
+  port: {{ matrix_mx_puppet_twitter_appservice_port }}
+  # The host connections to the bridge's webserver are allowed from
+  bindAddress: 0.0.0.0
+  # Public domain of the homeserver
+  domain: {{ matrix_mx_puppet_twitter_homeserver_domain }}
+  # Reachable URL of the Matrix homeserver
+  homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }}
+  {% if matrix_mx_puppet_twitter_login_shared_secret != '' %}
+  loginSharedSecretMap:
+    {{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }}
+  {% endif %}
+
+twitter:
+  consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}"
+  consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}"
+  accessToken: "{{ matrix_mx_puppet_twitter_access_token }}"
+  accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}"
+  environment: "{{ matrix_mx_puppet_twitter_environment }}"
+  server:
+    url: "{{ matrix_mx_puppet_twitter_webhook_url }}"
+    path: "{{ matrix_mx_puppet_twitter_webhook_path }}"
+
+presence:
+  # Bridge Twitter online/offline status
+  enabled: true
+  # How often to send status to the homeserver in milliseconds
+  interval: 500
+
+provisioning:
+  # Regex of Matrix IDs allowed to use the puppet bridge
+  whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }}
+    # Allow a specific user
+    #- "@user:server\\.com"
+    # Allow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+    # Allow anyone
+    #- ".*"
+  # Regex of Matrix IDs forbidden from using the puppet bridge
+  #blacklist:
+    # Disallow a specific user
+    #- "@user:server\\.com"
+    # Disallow users on a specific homeserver
+    #- "@.*:yourserver\\.com"
+  blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }}
+
+  # Shared secret for the provisioning API for use by integration managers.
+  # If this is not set, the provisioning API will not be enabled.
+  #sharedSecret: random string
+  # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
+  apiPrefix: /_matrix/provision
+
+database:
+  # Use Postgres as a database backend
+  # If set, will be used instead of SQLite3
+  # Connection string to connect to the Postgres instance
+  # with username "user", password "pass", host "localhost" and database name "dbname".
+  # Modify each value as necessary
+  #connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
+  # Use SQLite3 as a database backend
+  # The name of the database file
+  filename: /data/database.db
+
+logging:
+  # Log level of console output
+  # Allowed values starting with most verbose:
+  # silly, debug, verbose, info, warn, error
+  console: info
+  # Date and time formatting
+  lineDateFormat: MMM-D HH:mm:ss.SSS
+  # Logging files
+  # Log files are rotated daily by default
+  files:
+    # Log file path
+    - file: "/data/bridge.log"
+      # Log level for this file
+      # Allowed values starting with most verbose:
+      # silly, debug, verbose, info, warn, error
+      level: info
+      # Date and time formatting
+      datePattern: YYYY-MM-DD
+      # Maximum number of logs to keep.
+      # This can be a number of files or number of days.
+      # If using days, add 'd' as a suffix
+      maxFiles: 14d
+      # Maximum size of the file after which it will rotate. This can be a
+      # number of bytes, or units of kb, mb, and gb. If using the units, add
+      # 'k', 'm', or 'g' as the suffix
+      maxSize: 50m

roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2

@@ -0,0 +1,44 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Mx Puppet Twitter server
+{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
+
+# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
+ExecStartPre={{ matrix_host_command_sleep }} 5
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--network={{ matrix_docker_network }} \
+			{% if matrix_mx_puppet_twitter_container_http_host_bind_port %}
+			-p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \
+			{% endif %}
+			-e CONFIG_PATH=/config/config.yaml \
+			-e REGISTRATION_PATH=/config/registration.yaml \
+			-v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \
+			-v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \
+			{% for arg in matrix_mx_puppet_twitter_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_mx_puppet_twitter_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-mx-puppet-twitter
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bridge-sms/defaults/main.yml

@@ -3,8 +3,7 @@
 
 matrix_sms_bridge_enabled: true
 
-matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:latest"
-matrix_sms_bridge_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}"
+matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.3.1.RELEASE"
 matrix_sms_bridge_database_docker_image: "neo4j:latest"
 matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}"
 
@@ -46,10 +45,13 @@ matrix_sms_bridge_homeserver_port: '8008'
 
 matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
 matrix_sms_bridge_default_room: ''
+matrix_sms_bridge_default_region: ''
+matrix_sms_bridge_default_timezone: ''
 
 matrix_sms_bridge_gammu_modem: ''
 matrix_sms_bridge_modem_group: 'dialout'
 matrix_sms_bridge_gammu_reset_frequency: 0
+matrix_sms_bridge_gammu_hard_reset_frequency: 0
 
 
 matrix_sms_bridge_configuration_yaml: |
@@ -70,6 +72,8 @@ matrix_sms_bridge_configuration_yaml: |
         # (optional) SMS messages without a valid token a routed to this room.
         # Note that you must invite @smsbot:yourHomeServer to this room.
         defaultRoomId: "{{ matrix_sms_bridge_default_room }}"
+        defaultRegion: "{{ matrix_sms_bridge_default_region }}"
+        defaultTimeZone: "{{ matrix_sms_bridge_default_timezone }}"
         provider:
           gammu:
             # (optional) default is disabled
@@ -125,6 +129,7 @@ matrix_sms_bridge_gammu_configuration: |
   OutboxFormat = detail
   TransmitFormat = auto
   ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }}
+  HardResetFrequency = {{ matrix_sms_bridge_gammu_hard_reset_frequency }}
   debugLevel = 1
   LogFile = /data/log/smsd.log
   DeliveryReport = no

roles/matrix-bridge-sms/tasks/setup_install.yml

@@ -4,8 +4,6 @@
   docker_image:
     name: "{{ matrix_sms_bridge_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_sms_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_docker_image_force_pull }}"
 
 - name: Ensure matrix-sms-bridge databse image is pulled
   docker_image:

roles/matrix-bridge-sms/tasks/validate_config.yml

@@ -10,3 +10,5 @@
     - "matrix_sms_bridge_homeserver_token"
     - "matrix_sms_bridge_database_password"
     - "matrix_sms_bridge_gammu_modem"
+    - "matrix_sms_bridge_default_region"
+    - "matrix_sms_bridge_default_timezone"

roles/matrix-client-element/defaults/main.yml

@@ -0,0 +1,122 @@
+matrix_client_element_enabled: true
+
+matrix_client_element_container_image_self_build: false
+
+matrix_client_element_docker_image: "vectorim/riot-web:v1.7.1"
+matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
+
+matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
+matrix_client_element_docker_src_files_path: "{{ matrix_client_element_data_path }}/docker-src"
+
+# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
+matrix_client_element_container_http_host_bind_port: ''
+
+# A list of extra arguments to pass to the container
+matrix_client_element_container_extra_arguments: []
+
+# List of systemd services that matrix-client-element.service depends on
+matrix_client_element_systemd_required_services_list: ['docker.service']
+
+# Element config.json customizations
+matrix_client_element_default_server_name: "{{ matrix_domain }}"
+matrix_client_element_default_hs_url: ""
+matrix_client_element_default_is_url: ~
+matrix_client_element_disable_custom_urls: true
+matrix_client_element_disable_guests: true
+matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
+matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
+matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
+matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
+matrix_client_element_permalinkPrefix: "https://matrix.to"
+# Element public room directory server(s)
+matrix_client_element_roomdir_servers: ['matrix.org']
+matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
+# Branding of Element
+matrix_client_element_brand: "Element"
+
+# URL to Logo on welcome page
+matrix_client_element_welcome_logo: "welcome/images/logo.svg"
+
+# URL of link on welcome image
+matrix_client_element_welcome_logo_link: "https://element.io"
+
+matrix_client_element_welcome_headline: "_t('Welcome to Element')"
+matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
+
+# Links, shown in footer of welcome page:
+# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
+matrix_client_element_branding_authFooterLinks: ~
+
+# URL to image, shown during Login
+matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}"
+
+# URL to Wallpaper, shown in background of welcome page
+matrix_client_element_branding_welcomeBackgroundUrl: ~
+
+# By default, there's no Element homepage (when logged in). If you wish to have one,
+# point this to a `home.html` template file on your local filesystem.
+matrix_client_element_embedded_pages_home_path: ~
+
+matrix_client_element_jitsi_preferredDomain: ''
+
+# Controls whether the self-check feature should validate SSL certificates.
+matrix_client_element_self_check_validate_certificates: true
+
+# don't show the registration button on welcome page
+matrix_client_element_registration_enabled: false
+
+# Controls whether presence will be enabled
+matrix_client_element_enable_presence_by_hs_url: ~
+
+# Controls whether custom Element themes will be installed.
+# When enabled, all themes found in the `matrix_client_element_themes_repository_url` repository
+# will be installed and enabled automatically.
+matrix_client_element_themes_enabled: false
+matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes
+
+# Controls the default theme
+matrix_client_element_default_theme: 'light'
+
+# Controls the `settingsDefault.custom_themes` setting of the Element configuration.
+# You can use this setting to define custom themes.
+#
+# Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
+# If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
+#
+# Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
+matrix_client_element_settingDefaults_custom_themes: []
+
+# Default Element configuration template which covers the generic use case.
+# You can customize it by controlling the various variables inside it.
+#
+# For a more advanced customization, you can extend the default (see `matrix_client_element_configuration_extension_json`)
+# or completely replace this variable with your own template.
+#
+# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
+# This is unlike what it does when looking up YAML template files (no automatic parsing there).
+matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
+
+# Your custom JSON configuration for Element should go to `matrix_client_element_configuration_extension_json`.
+# This configuration extends the default starting configuration (`matrix_client_element_configuration_default`).
+#
+# You can override individual variables from the default configuration, or introduce new ones.
+#
+# If you need something more special, you can take full control by
+# completely redefining `matrix_client_element_configuration_default`.
+#
+# Example configuration extension follows:
+#
+# matrix_client_element_configuration_extension_json: |
+#  {
+#  "disable_3pid_login": true,
+#  "disable_login_language_selector": true
+#  }
+matrix_client_element_configuration_extension_json: '{}'
+
+matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json|from_json if matrix_client_element_configuration_extension_json|from_json is mapping else {} }}"
+
+# Holds the final Element configuration (a combination of the default and its extension).
+# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
+matrix_client_element_configuration: "{{ matrix_client_element_configuration_default|combine(matrix_client_element_configuration_extension, recursive=True) }}"

roles/matrix-client-element/tasks/init.yml

@@ -1,10 +1,10 @@
 - set_fact:
-    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
-  when: matrix_riot_web_enabled|bool
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
+  when: matrix_client_element_enabled|bool
 
 # ansible lower than 2.8, does not support docker_image build parameters
 # for self buildig it is explicitly needed, so we rather fail here
 - name: Fail if running on Ansible lower than 2.8 and trying self building
   fail:
-    msg: "To self build Riot Web image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
-  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_riot_web_container_image_self_build"
+    msg: "To self build the Element image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build"

roles/matrix-client-element/tasks/main.yml

@@ -0,0 +1,34 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_client_element_enabled|bool"
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/setup.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-client-element
+
+- import_tasks: "{{ role_path }}/tasks/self_check.yml"
+  delegate_to: 127.0.0.1
+  become: false
+  when: "run_self_check|bool and matrix_client_element_enabled|bool"
+  tags:
+    - self-check