Merge branch 'spantaleev:master' into master

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,57 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+<!--
+NOTE: This Ansible playbook installs tens of separate services. If you're having a problem with a specific service, it is likely that the problem is not with our deployment method, but with the service itself. You may wish to report that problem at the source, upstream, and not to us
+-->
+
+**To Reproduce**
+My `vars.yml` file looks like this:
+
+```yaml
+Paste your vars.yml file here.
+Make sure to remove any secret values before posting your vars.yml file publicly.
+```
+
+<!-- Below this line, tell us what you're doing to reproduce the problem. -->
+
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Matrix Server:**
+ - OS: [e.g. Ubuntu 21.04]
+ - Architecture [e.g. amd64, arm32, arm64]
+
+**Ansible:**
+If your problem appears to be with Ansible, tell us:
+- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?)
+- what version of Ansible you're running (see `ansible --version`)
+
+<!--
+The above is only applicable if you're hitting a problem with Ansible itself.
+We don't need this information in most cases. Delete this section if not applicable.
+-->
+
+**Client:**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+<!--
+The above is only applicable if you're hitting a problem with a specific device, but not with others.
+We don't need this information in most cases. Delete this section if not applicable.
+-->
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,28 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+<!--
+NOTE: When submitting feature requests, be aware that:
+
+- This Ansible playbook installs tens of separate services. If you're having a problem with a specific service or you'd like some functionality added to it, it is likely that the problem is not with our deployment method, but with the service itself. You may wish to report that problem at the source, upstream, and not to us.
+
+- This is a community project with no financial backing. The easiest way to get a feature into this project is to just develop it yourself.
+-->
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/i-need-help.md

@@ -0,0 +1,49 @@
+---
+name: I need help
+about: Get support from our community
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--
+NOTE: you can usually get more timely support and from more people by joining our Matrix room (also bridged to IRC). See the [Support section of our README](https://github.com/spantaleev/matrix-docker-ansible-deploy#support)
+-->
+
+**Playbook Configuration**:
+
+My `vars.yml` file looks like this:
+
+```yaml
+Paste your vars.yml file here.
+Make sure to remove any secret values before posting your vars.yml file publicly.
+```
+
+**Matrix Server:**
+ - OS: [e.g. Ubuntu 21.04]
+ - Architecture [e.g. amd64, arm32, arm64]
+
+**Ansible:**
+If your problem appears to be with Ansible, tell us:
+- where you run Ansible -- e.g. on the Matrix server itself; on another computer (which OS? distro? standard installation or containerized Ansible?)
+- what version of Ansible you're running (see `ansible --version`)
+
+**Problem description**:
+
+Describe what you're doing, what you expect to happen and what happens instead here.
+Tell us what you've tried and what you're aiming to achieve.
+
+**Client (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+<!--
+The above is only applicable if you're hitting a problem with a specific device, but not with others.
+We don't need this information in most cases. Delete this section if not applicable.
+-->
+
+**Additional context**
+Add any other context about the problem here.

.github/workflows/matrix.yml

@@ -11,6 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⤵️ Check out configuration from GitHub
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
       - name: 🚀 Run yamllint
         uses: frenck/action-yamllint@v1.1.2

README.md

@@ -152,5 +152,3 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w
 ## Services by the community
 
 - [etke.cc](https://etke.cc) - matrix-docker-ansible-deploy and system stuff "as a service". That service will create your matrix homeserver on your domain and server (doesn't matter if it's cloud provider or on an old laptop in the corner of your room), (optional) maintains it (server's system updates, cleanup, security adjustments, tuning, etc.; matrix homeserver updates & maintenance) and (optional) provide full-featured email service for your domain
-
-- [GoMatrixHosting](https://gomatrixhosting.com) - matrix-docker-ansible-deploy "as a service" with [Ansible AWX](https://github.com/ansible/awx). Members can be assigned a server from DigitalOcean, or they can connect their on-premises server. This AWX system can manage the updates, configuration, import and export, backups, and monitoring on its own. For more information [see our GitLab group](https://gitlab.com/GoMatrixHosting) or come [visit us on Matrix](https://matrix.to/#/#general:gomatrixhosting.com).

docs/configuring-awx-system.md

@@ -10,6 +10,7 @@ The AWX system is arranged into 'members' each with their own 'subscriptions'. A
 
 This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
 
+Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.**
 
 ## Other Required Playbooks
 

docs/configuring-playbook-bridge-appservice-discord.md

@@ -23,18 +23,51 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
 ```
 
 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
-6. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S).
-7. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
-8. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
 
 Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
 
+## Self-Service Bridging (Manual)
 
-## Getting Administrator access in a room
+Self-service bridging allows you to bridge specific and existing Matrix rooms to specific Discord rooms. This is disabled by default, so it must be enabled by adding this to your `vars.yml`:
+
+```yaml
+matrix_appservice_discord_bridge_enableSelfServiceBridging: true
+```
+
+_Note: If self-service bridging is not enabled, `!discord help` commands will return no results._
+
+Once self-service is enabled:
+
+1. Start a chat with `@_discord_bot:<YOUR_DOMAIN>` and say `!discord help bridge`.
+2. Follow the instructions in the help output message. If the bot is not already in the Discord server, follow the provided invite link. This may require you to be a administrator of the Discord server.
+
+_Note: Encrypted Matrix rooms are not supported as of writing._
+
+On the Discord side, you can say `!matrix help` to get a list of available commands to manage the bridge and Matrix users.
+
+## Portal Bridging (Automatic)
+
+Through portal bridging, Matrix rooms will automatically be created by the bot and bridged to the relevant Discord room. This is done by simply joining a room with a specific name pattern (`#_discord_<guildID>_<channlID>`).
+
+All Matrix rooms created this way are **listed publicly** by default, and you will not have admin permissions to change this. To get more control, [make yourself a room Administrator](#getting-administrator-access-in-a-portal-bridged-room). You can then unlist the room from the directory and change the join rules.
+
+If you want to disable portal bridging, set the following in `vars.yml`:
+
+```yaml
+matrix_appservice_discord_bridge_disablePortalBridging: true
+```
+
+To get started with Portal Bridging:
+
+1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S).
+2. Room addresses follow this syntax: `#_discord_<guildID>_<channelID>`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels/<guildID>/<channelID>`.
+3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord_<guildID>_<channelID>` in your Matrix client. 
+
+## Getting Administrator access in a portal bridged room
 
 By default, you won't have Administrator access in rooms created by the bridge.
 
-To [adjust room access privileges](#adjusting-room-access-privileges) or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator.
+To adjust room access privileges or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator.
 
 There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server:
 
@@ -42,12 +75,3 @@ There's the Discord bridge's guide for [setting privileges on bridge managed roo
 docker exec -it matrix-appservice-discord \
 /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100'
 ```
-
-
-## Adjusting room access privileges
-
-All rooms created by the bridge are **listed publicly** in your server's directory and **joinable by everyone** by default.
-
-To get more control of them, [make yourself a room Administrator](#getting-administrator-access-in-a-room) first.
-
-You can then unlist the room from the directory and change the join rules.

docs/configuring-playbook-bridge-appservice-slack.md

@@ -11,7 +11,7 @@ See the project's [documentation](https://github.com/matrix-org/matrix-appservic
 loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup)
 
 1. Create a new Matrix room to act as the administration control room. Note its internal room ID. This can
-be done in Riot by making a message, opening the options for that message and choosing "view source". The
+be done in Element by making a message, opening the options for that message and choosing "view source". The
 room ID will be displayed near the top.
 2. Enable the bridge with the following configuration in your `vars.yml` file:
 

docs/configuring-playbook-bridge-hookshot.md

@@ -1,22 +1,22 @@
 # Setting up Hookshot (optional)
 
-The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you.
+The playbook can install and configure [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) for you.
 
 Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks.
 
-See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
+See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you.
 
 Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot.
 
 ## Setup Instructions
 
-Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
+Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do.
 
 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 
 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
-5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`.
+5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`.
 
 Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
 
@@ -45,3 +45,7 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_
 ### Metrics
 
 If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md).
+
+### Collision with matrix-appservice-webhooks
+
+If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`).

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -70,31 +70,6 @@ If you run into trouble, check the [Troubleshooting](#troubleshooting) section b
 After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.
 
 
-## Set up community-grouping
-
-This is an **optional feature** that you may wish to enable.
-
-The Facebook bridge can create a Matrix community for you, which would contain all your chats and contacts.
-
-For this to work, the bridge's bot needs to have permissions to create communities (also referred to as groups).
-Since the bot is a non-admin user, you need to enable such group-creation for non-privileged users in [Synapse's settings](configuring-playbook-synapse.md).
-
-Here's an example configuration:
-
-```yaml
-matrix_synapse_configuration_extension_yaml: |
-  enable_group_creation: true
-  group_creation_prefix: "unofficial/"
-
-matrix_mautrix_facebook_configuration_extension_yaml: |
-  bridge:
-    community_template: "unofficial/facebook_{localpart}={server}"
-```
-
-Once the bridge is restarted, it would create a community and invite you to it. You need to accept the community invitation manually.
-If you don't see all your contacts, you may wish to send a `sync` message to the bot.
-
-
 ## Troubleshooting
 
 ### Facebook rejecting login attempts and forcing you to change password

docs/configuring-playbook-external-postgres.md

@@ -5,7 +5,9 @@ If that's alright, you can skip this.
 
 If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file  (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
 
-It should be something like this:
+**NOTE**: using **an external Postgres server is currently [not very seamless](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682#issuecomment-1061461683) when it comes to enabling various other playbook services** - you will need to create a new database/credentials for each service and to point each service to its corresponding database using custom `vars.yml` configuration. **For the best experience with the playbook, stick to using the integrated Postgres server**.
+
+If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
 
 ```yaml
 matrix_postgres_enabled: false
@@ -15,6 +17,10 @@ matrix_synapse_database_host: "your-postgres-server-hostname"
 matrix_synapse_database_user: "your-postgres-server-username"
 matrix_synapse_database_password: "your-postgres-server-password"
 matrix_synapse_database_database: "your-postgres-server-database-name"
+
+# Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server.
+# Each service expects to have its own dedicated database on the Postgres server
+# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
 ```
 
 The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials.

docs/configuring-playbook-ssl-certificates.md

@@ -100,3 +100,12 @@ For automated certificate renewal to work, each port `80` vhost for each domain
 
 See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf`
 Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.
+
+
+## Specify the SSL private key algorithm
+
+If you'd like to [specify the private key type](https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys) used with Let's Encrypt, define your own custom configuration like this:
+
+```yaml
+matrix_ssl_lets_encrypt_key_type: ecdsa
+```

group_vars/matrix_servers

@@ -558,10 +558,8 @@ matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_ke
 
 matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
 
-# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
+matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
-# and point them to a migration path.
+matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
-matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}"
-matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}"
 
 ######################################################################
 #
@@ -733,6 +731,10 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an
 matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}"
 matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}"
 
+matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}"
+matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}"
+matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}"
+
 ######################################################################
 #
 # /matrix-bridge-hookshot

roles/matrix-awx/surveys/configure_mjolnir.json.j2

@@ -0,0 +1,29 @@
+{
+  "name": "Configure Mjolnir",
+  "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.",
+  "spec": [
+    {
+      "question_name": "Enable Mjolnir",
+      "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.",
+      "required": true,
+      "min": null,
+      "max": null,
+      "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}",
+      "choices": "true\nfalse",
+      "new_question": true,
+      "variable": "matrix_bot_mjolnir_enabled",
+      "type": "multiplechoice"
+    },
+    {
+      "question_name": "Mjolnir Management Room",
+      "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'",
+      "required": true,
+      "min": null,
+      "max": null,
+      "default": "{{ matrix_bot_mjolnir_management_room }}",
+      "new_question": true,
+      "variable": "matrix_bot_mjolnir_management_room",
+      "type": "text"
+    }
+  ]
+}

roles/matrix-awx/tasks/main.yml

@@ -170,6 +170,15 @@
   tags:
     - setup-ma1sd
 
+# Additional playbook to set the variable file during Mjolnir Bot configuration
+- include_tasks:
+    file: "set_variables_mjolnir.yml"
+    apply:
+      tags: setup-bot-mjolnir
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - setup-bot-mjolnir
+
 # Additional playbook to set the variable file during Corporal configuration
 - include_tasks:
     file: "set_variables_corporal.yml"

roles/matrix-awx/tasks/set_variables_dimension.yml

@@ -14,7 +14,7 @@
 
 - name: Collect access token of @admin-dimension user
   shell: |
-    curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
+    curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token'
   register: awx_dimension_user_access_token
 
 - name: Record Synapse variables locally on AWX
@@ -26,7 +26,7 @@
     insertafter: '# Dimension Settings Start'
   with_dict:
     'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
-    'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout }}"'
+    'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"'
 
 - name: Set final users list if users are defined
   set_fact:

roles/matrix-awx/tasks/set_variables_ma1sd.yml

@@ -38,22 +38,22 @@
   replace:
     path: '{{ awx_cached_matrix_vars }}'
     regexp: '^.*\n'
-    after: '# Start ma1sd Extension'
+    after: '# ma1sd Extension Start'
-    before: '# End ma1sd Extension'
+    before: '# ma1sd Extension End'
 
 - name: Replace conjoined ma1sd configuration extension limiters
   delegate_to: 127.0.0.1
   replace:
     path: '{{ awx_cached_matrix_vars }}'
-    regexp: '^# Start ma1sd Extension# End ma1sd Extension'
+    regexp: '^# ma1sd Extension Start# ma1sd Extension End'
-    replace: '# Start ma1sd Extension\n# End ma1sd Extension'
+    replace: '# ma1sd Extension Start\n# ma1sd Extension End'
 
 - name: Insert/Update ma1sd configuration extension variables
   delegate_to: 127.0.0.1
   blockinfile:
     path: '{{ awx_cached_matrix_vars }}'
     marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
-    insertafter: '# Start ma1sd Extension'
+    insertafter: '# ma1sd Extension Start'
     block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}'
 
 - name: Record ma1sd Custom variables locally on AWX

roles/matrix-awx/tasks/set_variables_mjolnir.yml

@@ -0,0 +1,68 @@
+---
+
+- name: Include vars in matrix_vars.yml
+  include_vars:
+    file: '{{ awx_cached_matrix_vars }}'
+  no_log: true
+
+- name: Collect the internal IP of the matrix-synapse container
+  shell: |
+    /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse
+  register: matrix_synapse_ip
+
+- name: Collect access token of @admin-mjolnir user
+  shell: |
+    curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token'
+  register: awx_mjolnir_user_access_token
+  no_log: true
+
+- name: Record Mjolnir Bot variables locally on AWX
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    regexp: "^#? *{{ item.key | regex_escape() }}:"
+    line: "{{ item.key }}: {{ item.value }}"
+    insertafter: '# Mjolnir Settings Start'
+  with_dict:
+    'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}'
+    'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}'
+    'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"'
+  no_log: true
+
+- name: Remove Synapse rate-limiting for admin-mjolnir user
+  shell: |
+    /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);"
+  ignore_errors: true
+
+- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template
+  delegate_to: 127.0.0.1
+  template:
+    src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2'
+    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
+
+- name: Copy new 'Configure Mjolnir' survey.json to target machine
+  copy:
+    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
+    dest: '/matrix/awx/configure_mjolnir.json'
+    mode: '0660'
+
+- name: Recreate 'Configure Mjolnir Bot' job template
+  delegate_to: 127.0.0.1
+  awx.awx.tower_job_template:
+    name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot"
+    description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix."
+    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
+    job_type: run
+    job_tags: "start,setup-bot-mjolnir"
+    inventory: "{{ member_id }}"
+    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
+    playbook: setup.yml
+    credential: "{{ member_id }} - AWX SSH Key"
+    survey_enabled: true
+    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}"
+    become_enabled: true
+    state: present
+    verbosity: 1
+    tower_host: "https://{{ awx_host }}"
+    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
+    validate_certs: true

roles/matrix-bot-honoroit/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false
 matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.4
+matrix_bot_honoroit_version: v0.9.5
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@@ -84,6 +84,9 @@ matrix_bot_honoroit_sentry: ''
 # Log level
 matrix_bot_honoroit_loglevel: ''
 
+# Max items in cache
+matrix_bot_honoroit_cachesize: ''
+
 # Text prefix: open
 matrix_bot_honoroit_text_prefix_open: ''
 

roles/matrix-bot-honoroit/templates/env.j2

@@ -7,6 +7,7 @@ HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
 HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
 HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
 HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
+HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
 HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
 HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
 HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}

roles/matrix-bot-mjolnir/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v1.3.1"
+matrix_bot_mjolnir_version: "v1.3.2"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -42,6 +42,7 @@ matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}"
 matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
 matrix_appservice_discord_bridge_disablePresence: false
 matrix_appservice_discord_bridge_enableSelfServiceBridging: false
+matrix_appservice_discord_bridge_disablePortalBridging: false
 
 # Database-related configuration fields.
 #

roles/matrix-bridge-appservice-discord/templates/config.yaml.j2

@@ -28,6 +28,8 @@ bridge:
   disableJoinLeaveNotifications: false
   # Disable Invite echos from matrix
   disableInviteNotifications: false
+  # Disable portal briding (automatic room creation)
+  disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }}
   # Auto-determine the language of code blocks (this can be CPU-intensive)
   determineCodeLanguage: false
 # Authentication configuration for the discord bot.

roles/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -24,7 +24,7 @@ matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
 matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
 
 matrix_appservice_webhooks_bot_name: 'webhookbot'
-matrix_appservice_webhooks_user_prefix: '_webhook'
+matrix_appservice_webhooks_user_prefix: '_webhook_'
 
 # Controls the webhooks_PORT and MATRIX_PORT of the installation
 matrix_appservice_webhooks_matrix_port: 6789

roles/matrix-bridge-hookshot/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
-# https://github.com/Half-Shot/matrix-hookshot
+# https://github.com/matrix-org/matrix-hookshot
 
 matrix_hookshot_enabled: true
 
-matrix_hookshot_version: 1.1.0
+matrix_hookshot_version: 1.2.0
 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}"
 
@@ -34,7 +34,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook
 
 
 # You need to create a GitHub app to enable this and fill in the empty variables below
-# https://half-shot.github.io/matrix-hookshot/setup/github.html
+# https://matrix-org.github.io/matrix-hookshot/setup/github.html
 matrix_hookshot_github_enabled: false
 matrix_hookshot_github_appid: ''
 # Set this variable to the contents of the generated and downloaded GitHub private key:
@@ -53,7 +53,7 @@ matrix_hookshot_github_oauth_secret: ''  # "Client Secret" on the GitHub App pag
 # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
 matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
 matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}"
-# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
+# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
 matrix_hookshot_github_ignore_hooks: "{}"
 matrix_hookshot_github_command_prefix: '!gh'
 matrix_hookshot_github_show_issue_room_link: false
@@ -78,7 +78,7 @@ matrix_hookshot_gitlab_secret: ''
 
 
 matrix_hookshot_jira_enabled: false
-# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth
+# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth
 matrix_hookshot_jira_secret: ''
 matrix_hookshot_jira_oauth_enabled: false
 matrix_hookshot_jira_oauth_id: ''
@@ -92,6 +92,7 @@ matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksho
 matrix_hookshot_generic_enabled: true
 # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
 matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
+# urlprefix gets updated with protocol & port in group_vars/matrix_servers
 matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}"
 matrix_hookshot_generic_allow_js_transformation_functions: false
 # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
@@ -117,7 +118,7 @@ matrix_hookshot_provisioning_secret: ''
 matrix_hookshot_provisioning_enabled: false
 matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1"
 
-# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions
+# You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions
 # When empty, the default permissions are applied.
 # Example:
 # matrix_hookshot_permissions:

roles/matrix-bridge-hookshot/tasks/init.yml

@@ -55,10 +55,10 @@
               {# Use the embedded DNS resolver in Docker containers to discover the service #}
               resolver 127.0.0.11 valid=5s;
               set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
-              proxy_pass http://$backend/$1;
+              proxy_pass http://$backend/v1/$1$is_args$args;
             {% else %}
               {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1;
+              proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args;
             {% endif %}
             proxy_set_header Host $host;
           }
@@ -68,10 +68,10 @@
               {# Use the embedded DNS resolver in Docker containers to discover the service #}
               resolver 127.0.0.11 valid=5s;
               set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
-              proxy_pass http://$backend/$1;
+              proxy_pass http://$backend/$1$is_args$args;
             {% else %}
               {# Generic configuration for use outside of our container setup #}
-              proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1;
+              proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
             {% endif %}
             proxy_set_header Host $host;
           }

roles/matrix-bridge-hookshot/templates/registration.yml.j2

@@ -5,8 +5,22 @@ hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this
 namespaces:
   rooms: []
   users:
+{% if matrix_hookshot_github_enabled %}
     - regex: "@_github_.*:{{ matrix_domain }}"
       exclusive: true
+{% endif %}
+{% if matrix_hookshot_gitlab_enabled %}
+    - regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
+      exclusive: true
+{% endif %}
+{% if matrix_hookshot_jira_enabled %}
+    - regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
+      exclusive: true
+{% endif %}
+{% if matrix_hookshot_generic_enabled %}
+    - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
+      exclusive: true
+{% endif %}
   aliases:
     - regex: "#github_.+:{{ matrix_domain }}"
       exclusive: true

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -33,6 +33,9 @@ matrix_mautrix_facebook_systemd_wanted_services_list: []
 matrix_mautrix_facebook_appservice_token: ''
 matrix_mautrix_facebook_homeserver_token: ''
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_facebook_federate_rooms: true
 
 # Database-related configuration fields.
 #

roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -66,12 +66,6 @@ bridge:
     # Localpart template of MXIDs for Facebook users.
     # {userid} is replaced with the user ID of the Facebook user.
     username_template: "facebook_{userid}"
-    # Localpart template for per-user room grouping community IDs.
-    # The bridge will create these communities and add all of the specific user's portals to the community.
-    # {localpart} is the MXID localpart and {server} is the MXID server part of the user.
-    #
-    # `facebook_{localpart}={server}` is a good value.
-    community_template: null
     # Displayname template for Facebook users.
     # {displayname} is replaced with the display name of the Facebook user
     #               as defined below in displayname_preference.
@@ -147,6 +141,9 @@ bridge:
     delivery_receipts: false
     # Whether to allow inviting arbitrary mxids to portal rooms
     allow_invites: false
+    # Whether or not created rooms should have federation enabled.
+    # If false, created portal rooms will never be federated.
+    federate_rooms: {{ matrix_mautrix_facebook_federate_rooms|to_json }}
     # Settings for backfilling messages from Facebook.
     backfill:
         # Whether or not the Facebook users of logged in Matrix users should be

roles/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -41,6 +41,9 @@ matrix_mautrix_googlechat_systemd_wanted_services_list: []
 matrix_mautrix_googlechat_appservice_token: ''
 matrix_mautrix_googlechat_homeserver_token: ''
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_googlechat_federate_rooms: true
 
 # Database-related configuration fields.
 #

roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2

@@ -93,6 +93,9 @@ bridge:
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         default: false
 
+    # Whether or not created rooms should have federation enabled.
+    # If false, created portal rooms will never be federated.
+    federate_rooms: {{ matrix_mautrix_googlechat_federate_rooms|to_json }}
     # Public website and API configs
     web:
         # Auth server config

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -34,6 +34,9 @@ matrix_mautrix_instagram_systemd_wanted_services_list: []
 matrix_mautrix_instagram_appservice_token: ''
 matrix_mautrix_instagram_homeserver_token: ''
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_instagram_federate_rooms: true
 
 # Database-related configuration fields.
 #

roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -46,12 +46,6 @@ appservice:
   bot_displayname: Instagram bridge bot
   bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
 
-  # Community ID for bridged users (changes registration file) and rooms.
-  # Must be created manually.
-  #
-  # Example: "+instagram:example.com". Set to false to disable.
-  community_id: false
-
   # Whether or not to receive ephemeral events via appservice transactions.
   # Requires MSC2409 support (i.e. Synapse 1.22+).
   # You should disable bridge -> sync_with_custom_puppets when this is enabled.
@@ -116,7 +110,7 @@ bridge:
   update_avatar_initial_sync: true
   # Whether or not created rooms should have federation enabled.
   # If false, created portal rooms will never be federated.
-  federate_rooms: true
+  federate_rooms: {{ matrix_mautrix_instagram_federate_rooms|to_json }}
   # Settings for backfilling messages from Instagram.
   backfill:
     # Whether or not the Instagram users of logged in Matrix users should be

roles/matrix-bridge-mautrix-signal/defaults/main.yml

@@ -56,6 +56,10 @@ matrix_mautrix_signal_homeserver_token: ''
 
 matrix_mautrix_signal_appservice_bot_username: signalbot
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_signal_federate_rooms: true
+
 # Database-related configuration fields
 #
 # This bridge only supports postgres.

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -56,12 +56,6 @@ appservice:
     bot_displayname: Signal bridge bot
     bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
 
-    # Community ID for bridged users (changes registration file) and rooms.
-    # Must be created manually.
-    #
-    # Example: "+signal:example.com". Set to false to disable.
-    community_id: false
-
     # Whether or not to receive ephemeral events via appservice transactions.
     # Requires MSC2409 support (i.e. Synapse 1.22+).
     # You should disable bridge -> sync_with_custom_puppets when this is enabled.
@@ -153,7 +147,7 @@ bridge:
         {{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }}
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.
-    federate_rooms: true
+    federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }}
     # End-to-bridge encryption support options. You must install the e2be optional dependency for
     # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
     encryption:

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -40,6 +40,10 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq
 
 matrix_mautrix_telegram_appservice_bot_username: telegrambot
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_telegram_federate_rooms: true
+
 # Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -160,7 +160,7 @@ bridge:
     parallel_file_transfer: false
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.
-    federate_rooms: true
+    federate_rooms: {{ matrix_mautrix_telegram_federate_rooms|to_json }}
     # Settings for converting animated stickers.
     animated_sticker:
         # Format to which animated stickers should be converted.

roles/matrix-bridge-mautrix-twitter/defaults/main.yml

@@ -34,6 +34,9 @@ matrix_mautrix_twitter_systemd_wanted_services_list: []
 matrix_mautrix_twitter_appservice_token: ''
 matrix_mautrix_twitter_homeserver_token: ''
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_twitter_federate_rooms: true
 
 # Database-related configuration fields.
 #
@@ -42,8 +45,8 @@ matrix_mautrix_twitter_homeserver_token: ''
 matrix_mautrix_twitter_database_engine: 'postgres'
 
 matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
-matrix_mautrix_twitter_database_password: 'some-password'
+matrix_mautrix_twitter_database_password: ''
-matrix_mautrix_twitter_database_hostname: 'matrix-postgres'
+matrix_mautrix_twitter_database_hostname: ''
 matrix_mautrix_twitter_database_port: 5432
 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
 

roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml

@@ -8,11 +8,5 @@
   with_items:
     - "matrix_mautrix_twitter_appservice_token"
     - "matrix_mautrix_twitter_homeserver_token"
-
+    - "matrix_mautrix_twitter_database_hostname"
-- name: Fail if database is not defined
+    - "matrix_mautrix_twitter_database_password"
-  fail:
-    msg: >-
-      You need to define a need to set `matrix_mautrix_twitter_database_engine: postgres` and redefine the other `matrix_mautrix_twitter_database_*` variables
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_mautrix_twitter_database_engine"

roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -54,12 +54,6 @@ appservice:
     bot_displayname: Twitter bridge bot
     bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn
 
-    # Community ID for bridged users (changes registration file) and rooms.
-    # Must be created manually.
-    #
-    # Example: "+twitter:example.com". Set to false to disable.
-    community_id: false
-
     # Whether or not to receive ephemeral events via appservice transactions.
     # Requires MSC2409 support (i.e. Synapse 1.22+).
     # You should disable bridge -> sync_with_custom_puppets when this is enabled.
@@ -111,7 +105,7 @@ bridge:
     login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }}
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.
-    federate_rooms: true
+    federate_rooms: {{ matrix_mautrix_twitter_federate_rooms|to_json }}
     # Settings for backfilling messages from Twitter.
     #
     # Missed message backfilling is currently based on receiving them from the Twitter polling API,

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -37,6 +37,10 @@ matrix_mautrix_whatsapp_homeserver_token: ''
 
 matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
 
+# Whether or not created rooms should have federation enabled.
+# If false, created portal rooms will never be federated.
+matrix_mautrix_whatsapp_federate_rooms: true
+
 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -136,7 +136,7 @@ bridge:
     allow_user_invite: false
     # Whether or not created rooms should have federation enabled.
     # If false, created portal rooms will never be federated.
-    federate_rooms: true
+    federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}
 
     # The prefix for commands. Only required in non-management rooms.
     command_prefix: "!wa"

roles/matrix-client-cinny/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true
 matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
-matrix_client_cinny_version: v1.7.0
+matrix_client_cinny_version: v1.8.0
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

roles/matrix-client-element/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
 # - https://github.com/vector-im/element-web/issues/19544
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
-matrix_client_element_version: v1.10.4
+matrix_client_element_version: v1.10.6
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-nginx-proxy/defaults/main.yml

@@ -496,6 +496,10 @@ matrix_ssl_lets_encrypt_support_email: ~
 # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`)
 matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'
 
+# Specify key type of the private key algorithm.
+# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys
+matrix_ssl_lets_encrypt_key_type: rsa
+
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"

roles/matrix-nginx-proxy/tasks/ssl/main.yml

@@ -5,6 +5,11 @@
     msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
   when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"
 
+- name: Fail if using unsupported private key type
+  fail:
+    msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value"
+  when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']"
+
 
 # Common tasks, required by almost any method below.
 

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -45,6 +45,7 @@
     --http-01-port 8080
     {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    --key-type {{ matrix_ssl_lets_encrypt_key_type }}
     --standalone
     --preferred-challenges http
     --agree-tos
@@ -74,6 +75,7 @@
     --http-01-port 8080
     {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
     {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    --key-type {{ matrix_ssl_lets_encrypt_key_type }}
     --standalone
     --preferred-challenges http
     --agree-tos

roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2

@@ -24,6 +24,7 @@ docker run \
 		{% if matrix_ssl_lets_encrypt_staging %}
 		--staging \
 		{% endif %}
+		--key-type {{ matrix_ssl_lets_encrypt_key_type }} \
 		--standalone \
 		--preferred-challenges http \
 		--agree-tos \

roles/matrix-postgres/defaults/main.yml

@@ -1,5 +1,8 @@
 ---
 
+# Controls if the Postgres server managed by the playbook is enabled.
+# You can turn it off and use an external Postgres server by setting this to `false`.
+# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more.
 matrix_postgres_enabled: true
 
 matrix_postgres_connection_hostname: "matrix-postgres"

roles/matrix-postgres/tasks/setup_postgres.yml

@@ -85,6 +85,13 @@
     mode: 0755
   when: matrix_postgres_enabled|bool
 
+- name: Ensure matrix-postgres-cli-non-interactive script created
+  template:
+    src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2"
+    dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive"
+    mode: 0755
+  when: matrix_postgres_enabled|bool
+
 - name: Ensure matrix-change-user-admin-status script created
   template:
     src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"

roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2

@@ -0,0 +1,12 @@
+#jinja2: lstrip_blocks: "True"
+#!/bin/bash
+
+docker run \
+	--rm \
+	--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+	--cap-drop=ALL \
+	--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
+	--network {{ matrix_docker_network }} \
+	{{ matrix_postgres_docker_image_to_use }} \
+	psql -h {{ matrix_postgres_connection_hostname }} \
+	"$@"

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.53.0
+matrix_synapse_version: v1.54.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
@@ -69,7 +69,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service']
 # List of systemd services that matrix-synapse.service wants
 matrix_synapse_systemd_wanted_services_list: []
 
-matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages"
+matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages"
 
 # Specifies which template files to use when configuring Synapse.
 # If you'd like to have your own different configuration, feel free to copy and paste