The role shipped its own copy of the bridge's Dockerfile and templated it
over the cloned source before building. That copy had already drifted from
upstream (e.g. missing libheif-plugin-libde265) and required separate
maintenance (Renovate bumping the base image here instead of upstream).
Build from the cloned repo's own Dockerfile instead, matching every other
self-build role (e.g. matrix-bridge-steam). The Dockerfile now tracks the
pinned bridge version automatically.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add the matrix-rustpush-bridge role, a Matrix <-> iMessage bridge built
on the mautrix-go bridgev2 framework using RustPush (OpenBubbles backend).
Unlike the existing mautrix-imessage/wsproxy bridge, it talks directly to
Apple's push notification service, so it needs neither a running Mac nor a
wsproxy on the homeserver. Each user supplies a hardware key extracted from a
Mac through the bridge bot's login flow.
The bridge uses its own bot username and puppet namespace (rustpushbot,
rustpush_*) so it does not collide with the wsproxy iMessage bridge.
This bridge is in early development and may have stability issues.
NPM "Proxy Hosts" page is only for http/https 80/443 - it is not possible to add a name such as "matrix.example.com:port".
Instead, the Streams page might work for what is intended here (federation traffic) - to proxy stream anything on 8448 to 8449.
Continuwuity has no native enable-captcha toggle; it enables the ReCAPTCHA
registration flow based on the presence of a private site key. The playbook
previously always rendered empty `recaptcha_site_key`/`recaptcha_private_site_key`
values, which made Continuwuity enable a broken captcha flow and break
registration in some clients.
The keys are now only rendered when both are configured, gated by a derived
`matrix_continuwuity_recaptcha_enabled` flag in the role's `vars/main.yml`. A
consistency check fails the play when exactly one of the two keys is set.
Fixes#5329
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Prevents Renovate from proposing "major" updates to the registry-only
calver tags (vYY.MM[.PATCH]), which break further updates and
self-building. See the previous commit for details.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
mautrix publishes each release under two tag schemes: v0.YYMM.PATCH
(also used for git tags, due to Go's module path requirements for
major versions >= 2) and a calver vYY.MM[.PATCH] scheme that exists
only on the Docker registry.
We switched mautrix-signal to the calver scheme in 3564155a7, which
left it silently stuck at v26.02.2: the calver tags have an
inconsistent number of components (v26.02.2 vs v26.05), and Renovate's
docker versioning only offers updates between tags with the same
number of dot-separated parts. It also broke self-building, which uses
the version as a git ref, and calver tags do not exist in git.
Going back to the v0 scheme (used by all other mautrix bridges) fixes
both problems and upgrades signal from the February release to the
current May one.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
renovate[bot]
Slavi Pantaleev
Jason LaGuidice
Aine
Hollie Hutchinson
dependabot[bot]
LunarFox
Catalan Lover
Bart van der Braak