Compare commits

..

72 Commits

Author SHA1 Message Date
renovate[bot] df3d0ceae5 Update dependency prek to v0.4.6 2026-07-01 08:10:55 +03:00
renovate[bot] fe40516804 Update pre-commit hook ansible/ansible-lint to v26.6.0 2026-07-01 08:05:31 +03:00
github-actions[bot] 46adef0344 Automatic translations update 2026-06-29 23:00:23 +03:00
Suguru Hirahara c146892b25 Update installing.md: add a section about native clients
Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
2026-06-29 20:49:43 +03:00
github-actions[bot] 0a0259c0cf Automatic translations update 2026-06-29 20:48:05 +03:00
Slavi Pantaleev aa1b130a23 Announce Synology DSM support in the changelog
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 20:10:45 +03:00
cksit ee1cd217a8 Add Synology DSM support (#5315)
Adds optional support for running the playbook on Synology DSM 7+, detected
automatically via /etc/synoinfo.conf so that non-Synology hosts are unaffected.

Includes DSM-native user/group management (synouser/synogroup), a requests
version constraint for Docker SDK compatibility, and a boot-fix service that
re-shares the volume mount and starts matrix services skipped by DSM's boot
ordering. The shared-mount volume path is configurable via
matrix_base_synology_volume_path, and the make-shared step only runs when the
volume is not already shared.

Co-authored-by: CKSit <sitchiuki@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:45:01 +03:00
Slavi Pantaleev 4f9346e182 i18n: pin docutils back to 0.22.4 (myst-parser 5.1.0 requires <0.23)
The docutils 0.23 bump conflicts with myst-parser==5.1.0, which requires
docutils>=0.20,<0.23, making the i18n venv unresolvable and breaking the
translation template extraction job.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:29:08 +03:00
renovate[bot] b897b45191 Update ghcr.io/element-hq/element-call Docker tag to v0.20.3 2026-06-29 19:26:21 +03:00
renovate[bot] 693fbb08aa Update ghcr.io/etkecc/baibot Docker tag to v1.25.0 2026-06-29 19:26:12 +03:00
Slavi Pantaleev 1789ea2083 mautrix-telegram: stop flagging matrix_mautrix_telegram_scheme as a removed variable
The bridgev2 (Go) rewrite removed matrix_mautrix_telegram_scheme (the old
Python bridge's public web-login endpoint scheme) and added a deprecation
check for it. We later reintroduced a variable of the same name to configure
the bridge's HTTP API exposure address, but the deprecation entry remained.

Because the check matches any defined variable (via ansible.builtin.varnames),
not just user-set ones, it tripped for every install with the Telegram bridge
enabled, even when the user never set it.

Drop the deprecation entry, since the variable is a current one again. The
related (still removed) matrix_mautrix_telegram_hostname and
matrix_mautrix_telegram_path_prefix entries are kept.

Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5368
Regression since d2252db4fe

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:06:29 +03:00
Slavi Pantaleev 00f39e3b1d Document mautrix bridge HTTP API exposure (for mautrix-manager and similar)
Add a "Expose the bridge's API" section to the common mautrix bridges
documentation page (covering the /bridges/<bridge> path, the
/.well-known/matrix/mautrix auto-discovery file, how to disable it, and
the custom-bridges hook), plus a CHANGELOG entry announcing the feature.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 19:05:16 +03:00
Slavi Pantaleev 4aca22dd96 matrix-static-files: advertise exposed mautrix bridges via /.well-known/matrix/mautrix
Emit a /.well-known/matrix/mautrix file listing the base URLs of all
enabled and exposed mautrix bridges under the `fi.mau.bridges` property,
so tools like Mautrix Manager (https://github.com/mautrix/manager) can
auto-discover them.

The list is built in group_vars from each bridge's public address and is
gated on the bridge being enabled, the playbook attaching its Traefik
labels, and the exposure router being emitted, so we only advertise URLs
that are actually reachable. The file follows the same auto/custom and
configuration-extension pattern as the other well-known files and is only
written when the list is non-empty.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 17:05:55 +03:00
Slavi Pantaleev 2879a01105 mautrix-slack: expose bridge HTTP API (for mautrix-manager and similar)
Unlike the other mautrix bridges, the mautrix-slack role had no Traefik
label infrastructure at all, so this builds the scaffold first (a new
labels.j2, the container_labels_traefik_* vars, the label-file wiring in
the systemd service and setup_install.yml, and the group_vars wiring),
then exposes the bridge's appservice HTTP API under
https://matrix.<domain>/bridges/slack like the other bridges.

The provisioning shared secret was already auto-generated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 09:08:57 +03:00
Slavi Pantaleev 42c173c0b3 mautrix-meta-messenger: expose bridge HTTP API (for mautrix-manager and similar)
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole bridge HTTP port via Traefik under
`<matrix-fqn>/bridges/meta-messenger`, and populate
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The labels template gate is widened so the exposure router is
emitted even when metrics are disabled (the exposure router reuses the
existing appservice Traefik service on port 29319).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:17:47 +03:00
Slavi Pantaleev 20a2395403 mautrix-meta-instagram: expose bridge HTTP API (for mautrix-manager and similar)
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole bridge HTTP port via Traefik under
`<matrix-fqn>/bridges/meta-instagram`, and populate
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The labels template gate is widened so the exposure router is
emitted even when metrics are disabled (the exposure router reuses the
existing appservice Traefik service on port 29319).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:15:57 +03:00
Slavi Pantaleev 1b9b1119a1 mautrix-whatsapp: expose bridge HTTP API (for mautrix-manager and similar)
Auto-generate the provisioning shared secret (to enable the provisioning
API), route the whole mautrix-whatsapp HTTP port via Traefik under
`<matrix-fqn>/bridges/whatsapp`, and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:11:30 +03:00
Slavi Pantaleev 2d7058fa59 mautrix-bluesky: expose bridge HTTP API (for mautrix-manager and similar)
Route the whole mautrix-bluesky HTTP port via Traefik under
`<matrix-fqn>/bridges/bluesky` and populate the existing
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The provisioning shared secret is already auto-generated in
group_vars, so the provisioning API is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:09:43 +03:00
Slavi Pantaleev 44c8736c08 mautrix-twitter: expose bridge HTTP API (for mautrix-manager and similar)
Route the whole mautrix-twitter HTTP port via Traefik under
`<matrix-fqn>/bridges/twitter` and populate the existing
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The provisioning shared secret is already auto-generated in
group_vars, so the provisioning API is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:08:11 +03:00
Slavi Pantaleev a50e7960d8 mautrix-signal: expose bridge HTTP API (for mautrix-manager and similar)
Route the whole mautrix-signal HTTP port via Traefik under
`<matrix-fqn>/bridges/signal` and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism. The provisioning shared
secret is already auto-generated in group_vars, so the provisioning API
is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 20:05:18 +03:00
Slavi Pantaleev d2252db4fe mautrix-telegram: expose bridge HTTP API (for mautrix-manager and similar)
Route the whole mautrix-telegram HTTP port via Traefik under
`<matrix-fqn>/bridges/telegram` and populate appservice.public_address,
reusing the matrix_bridges_exposure_* mechanism. The provisioning shared
secret is already auto-generated in group_vars, so the provisioning API
is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 19:56:24 +03:00
Slavi Pantaleev a4ddba3989 mautrix-gmessages: expose bridge HTTP API (for mautrix-manager and similar)
Add a generic mechanism for exposing bridges' HTTP API (the provisioning
API, etc.) publicly on the Matrix domain, so tools like mautrix-manager
(https://github.com/mautrix/manager) can drive bridge login.

- Introduce global matrix_bridges_exposure_* vars (on by default),
  exposing each supported bridge under `<matrix-fqn>/bridges/<bridge>`.
- mautrix-gmessages: make the provisioning shared secret configurable
  (auto-generated in group_vars) so the provisioning API is enabled,
  route the whole bridge HTTP port via Traefik, and populate
  appservice.public_address.

Requests are authenticated by the bridge itself (per-user Matrix access
token for the provisioning API, homeserver token for the appservice
endpoints), not by the reverse proxy.

This is the first bridge converted; the other mautrix bridges will follow.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 19:52:24 +03:00
Aine d61979a0b9 baibot: add venice wiring 2026-06-28 19:50:08 +03:00
Aine 3fed0f1bb4 add link to Ketesa website <https://ketesa.app> 2026-06-28 11:02:51 +01:00
Slavi Pantaleev e43add179b Add matrix_tuwunel_config_ip_range_denylist (mirrors tuwunel's upstream default)
As of tuwunel v1.8.0, the ip_range_denylist applies to push gateway
delivery as well, so surface it as an Ansible variable using the
default/auto/custom merge pattern. The default mirrors tuwunel's own
upstream denylist (RFC1918, loopback, multicast, and other unroutable
ranges), matching the identical list already used for Synapse's
matrix_synapse_url_preview_ip_range_blacklist.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 20:39:16 +03:00
renovate[bot] 129d4e74b4 Update ghcr.io/matrix-construct/tuwunel Docker tag to v1.8.0 2026-06-27 20:17:09 +03:00
renovate[bot] 5c390e137f Update dependency livekit_server to v1.13.2-0 2026-06-27 18:17:06 +03:00
renovate[bot] 682eb2c280 Update ghcr.io/etkecc/baibot Docker tag to v1.24.0 2026-06-26 17:30:34 +03:00
Jason LaGuidice 4fae640b6c Add renovate and bump version 2026-06-26 07:05:13 +03:00
renovate[bot] adcae966ed Update dependency ntfy to v2.25.0-0 2026-06-25 07:41:39 +03:00
renovate[bot] 0a46beb76c Update dependency click to v8.4.2 2026-06-24 21:48:37 +03:00
renovate[bot] 7bee5f06dc Update oci.element.io/element-admin Docker tag to v0.1.12 2026-06-24 21:44:11 +03:00
renovate[bot] b67f7bd3fe Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2026.6.24 2026-06-24 16:39:58 +03:00
Slavi Pantaleev 08c733d2e3 matrix-bridge-rustpush: build from upstream's own Dockerfile on self-build
The role shipped its own copy of the bridge's Dockerfile and templated it
over the cloned source before building. That copy had already drifted from
upstream (e.g. missing libheif-plugin-libde265) and required separate
maintenance (Renovate bumping the base image here instead of upstream).

Build from the cloned repo's own Dockerfile instead, matching every other
self-build role (e.g. matrix-bridge-steam). The Dockerfile now tracks the
pinned bridge version automatically.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 12:13:04 +03:00
Slavi Pantaleev 424c323d03 Announce matrix-rustpush-bridge (iMessage) in the changelog
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 11:45:20 +03:00
Jason LaGuidice 11cd178cb2 Add matrix-rustpush-bridge (iMessage)
Add the matrix-rustpush-bridge role, a Matrix <-> iMessage bridge built
on the mautrix-go bridgev2 framework using RustPush (OpenBubbles backend).

Unlike the existing mautrix-imessage/wsproxy bridge, it talks directly to
Apple's push notification service, so it needs neither a running Mac nor a
wsproxy on the homeserver. Each user supplies a hardware key extracted from a
Mac through the bridge bot's login flow.

The bridge uses its own bot username and puppet namespace (rustpushbot,
rustpush_*) so it does not collide with the wsproxy iMessage bridge.

This bridge is in early development and may have stability issues.
2026-06-24 11:17:09 +03:00
Aine 6f57ab8ba1 Baibot v1.23.1 <https://github.com/etkecc/baibot/blob/main/CHANGELOG.md#2026-06-24-version-1231> 2026-06-24 07:28:07 +01:00
Slavi Pantaleev 4f00ad9bd4 Add support for additional volumes for the livekit-jwt-service component
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 07:38:22 +03:00
Hollie Hutchinson 753f8ca7db Support additional container arguments for matrix-livekit-jwt 2026-06-24 07:36:36 +03:00
renovate[bot] d06094ffc3 Update ghcr.io/element-hq/element-web Docker tag to v1.12.22 2026-06-24 07:31:58 +03:00
dependabot[bot] dd37011ffb Bump actions/cache from 5 to 6
Bumps [actions/cache](https://github.com/actions/cache) from 5 to 6.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-24 07:31:47 +03:00
renovate[bot] e3b37ac350 Update ghcr.io/etkecc/baibot Docker tag to v1.23.0 (#5353)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-23 07:22:40 +01:00
renovate[bot] be68aaa870 Update dependency grafana to v13 2026-06-23 09:22:25 +03:00
renovate[bot] 36e94e4df7 Update ghcr.io/etkecc/fluffychat-web Docker tag to v2.7.2 (#5352)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-22 18:13:41 +01:00
renovate[bot] 37d8cf4f2c Update ghcr.io/element-hq/element-call Docker tag to v0.20.2 (#5351)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-22 18:13:17 +01:00
renovate[bot] fd340a14f9 Update dependency cinny to v4.12.3-0 (#5350)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-22 18:12:55 +01:00
LunarFox 73f8ca75b3 Update readme for NPM
NPM "Proxy Hosts" page is only for http/https 80/443 - it is not possible to add a name such as "matrix.example.com:port".

Instead, the Streams page might work for what is intended here (federation traffic) - to proxy stream anything on 8448 to 8449.
2026-06-22 10:11:54 +03:00
Aine 81e156b4bf rollback etherpad to v2.7.2 (v2.7.3 is broken) 2026-06-21 13:40:23 +01:00
Aine 6ee65072ef FluffyChat v2.7.0 <https://github.com/krille-chan/fluffychat/blob/main/CHANGELOG.md#v270> 2026-06-21 11:45:59 +01:00
renovate[bot] 8b13017281 Update ghcr.io/etkecc/baibot Docker tag to v1.22.0 2026-06-21 09:10:18 +03:00
renovate[bot] e0f37e3912 Update forgejo.ellis.link/continuwuation/continuwuity Docker tag to v0.5.10 2026-06-20 21:15:40 +03:00
Aine 4ff28586f4 Ketesa v1.3.0 <https://github.com/etkecc/ketesa/releases/tag/v1.3.0> 2026-06-19 19:56:25 +01:00
Catalan Lover 19bcdc78fd Gate Continuwuity ReCAPTCHA config on both keys being configured
Continuwuity has no native enable-captcha toggle; it enables the ReCAPTCHA
registration flow based on the presence of a private site key. The playbook
previously always rendered empty `recaptcha_site_key`/`recaptcha_private_site_key`
values, which made Continuwuity enable a broken captcha flow and break
registration in some clients.

The keys are now only rendered when both are configured, gated by a derived
`matrix_continuwuity_recaptcha_enabled` flag in the role's `vars/main.yml`. A
consistency check fails the play when exactly one of the two keys is set.

Fixes #5329

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 06:24:06 +03:00
renovate[bot] 914dd3ed62 Update actions/checkout action to v7 2026-06-19 05:51:12 +03:00
renovate[bot] 3250de7842 Update dependency sable to v1.18.3-0 2026-06-18 10:10:27 +03:00
renovate[bot] af4d379573 Update dependency certifi to v2026.6.17 2026-06-18 09:58:58 +03:00
renovate[bot] 12e63739b9 Update ghcr.io/element-hq/matrix-authentication-service Docker tag to v1.19.0 2026-06-18 09:58:41 +03:00
renovate[bot] 6b76368a9c Update nginx Docker tag to v1.31.2 2026-06-18 09:56:48 +03:00
renovate[bot] b87fcc4674 Update ghcr.io/etkecc/buscarron Docker tag to v1.5.0 2026-06-18 09:56:34 +03:00
renovate[bot] 00e5aed0eb Update dependency sable to v1.18.2-0 2026-06-17 21:09:47 +03:00
renovate[bot] 6926a04e07 Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2026.6.17 2026-06-17 21:09:15 +03:00
renovate[bot] 50408d699f Update dock.mau.dev/mautrix/meta Docker tag to v0.2606.0 2026-06-17 06:20:14 +03:00
renovate[bot] 4bf6093a5d Update ghcr.io/element-hq/synapse Docker tag to v1.155.0 2026-06-17 06:20:05 +03:00
renovate[bot] f0fb23dfa9 Update dock.mau.dev/mautrix/signal Docker tag to v0.2606.0 2026-06-17 06:18:38 +03:00
renovate[bot] 8e41f04368 Update dock.mau.dev/mautrix/slack Docker tag to v0.2606.0 2026-06-17 06:18:29 +03:00
renovate[bot] b863de00e8 Update dock.mau.dev/mautrix/telegram Docker tag to v0.2606.0 2026-06-17 06:18:21 +03:00
renovate[bot] 4f5904db0a Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.2606.0 2026-06-17 06:18:13 +03:00
renovate[bot] 802f687513 Update dock.mau.dev/mautrix/twitter Docker tag to v0.2606.0 2026-06-17 06:18:02 +03:00
renovate[bot] b7b5dbf9c7 Update dependency traefik_certs_dumper to v2.11.4-0 2026-06-16 12:34:02 +03:00
renovate[bot] a79b8034e6 Update dependency prek to v0.4.5 2026-06-15 17:36:58 +03:00
renovate[bot] 9acdc445a8 Update dependency sable to v1.18.1-0 2026-06-15 09:22:05 +03:00
Slavi Pantaleev 731804ba32 Update LiveKit Server (v1.12.0-0 → v1.13.1-0)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 08:50:34 +03:00
109 changed files with 5742 additions and 2614 deletions
+2 -2
View File
@@ -26,10 +26,10 @@ jobs:
run: pacman -Sy --noconfirm git run: pacman -Sy --noconfirm git
- name: Check out - name: Check out
uses: actions/checkout@v6 uses: actions/checkout@v7
- name: Restore prek cache - name: Restore prek cache
uses: actions/cache@v5 uses: actions/cache@v6
with: with:
path: var/prek path: var/prek
key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }} key: arch-prek-v1-${{ hashFiles('.pre-commit-config.yaml') }}
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
name: Update translations name: Update translations
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v7
- uses: actions/setup-python@v6 - uses: actions/setup-python@v6
with: with:
+1 -1
View File
@@ -24,7 +24,7 @@ repos:
hooks: hooks:
- id: reuse - id: reuse
- repo: https://github.com/ansible/ansible-lint - repo: https://github.com/ansible/ansible-lint
rev: v26.4.0 rev: v26.6.0
hooks: hooks:
- id: ansible-lint - id: ansible-lint
files: '^roles/custom/' files: '^roles/custom/'
+46
View File
@@ -1,3 +1,49 @@
# 2026-06-29
## Support for running on Synology DSM
Thanks to [cksit](https://github.com/cksit), the playbook can now run on [Synology DSM](https://www.synology.com/dsm) 7 and later.
Synology hosts are detected automatically (via `/etc/synoinfo.conf`), so other systems are unaffected. On DSM, the playbook uses the platform's native user management (`synouser`/`synogroup`), works around a Docker SDK incompatibility, and installs a small boot-fix service that handles a few DSM-specific boot quirks.
To get started, see the new [Configuring Synology DSM](./docs/configuring-playbook-synology.md) documentation page.
## Mautrix bridges now expose their API (for Mautrix Manager and similar tools)
The playbook now exposes the HTTP API of each [mautrix](https://github.com/mautrix) bridge, so tools like [Mautrix Manager](https://github.com/mautrix/manager) can help you log into them. This is especially useful for [mautrix-gmessages](./docs/configuring-playbook-bridge-mautrix-gmessages.md): Google has removed its QR-code login, leaving a [manual cookie-extraction flow](https://docs.mau.fi/bridges/go/gmessages/authentication.html) that tools like Mautrix Manager can streamline.
The API is exposed at `https://matrix.example.com/bridges/SERVICENAME` (for example, `https://matrix.example.com/bridges/gmessages`) and is advertised via a new `/.well-known/matrix/mautrix` file, so compatible tools can discover your bridges automatically. Such tools authenticate with your own Matrix access token, so no bridge secret needs to be shared with them.
This affects all mautrix bridges based on the new bridge framework (bluesky, gmessages, meta-instagram, meta-messenger, signal, slack, telegram, twitter and whatsapp) and is enabled by default.
To learn more (including how to turn it off), see the [Expose the bridge's API](./docs/configuring-playbook-bridge-mautrix-bridges.md#expose-the-bridges-api-for-mautrix-manager-and-similar-tools) section on our common mautrix bridges documentation page.
# 2026-06-28
## baibot now supports Venice, our recommended provider
[baibot](./docs/configuring-playbook-bot-baibot.md) now ships a preset for the [Venice](./docs/configuring-playbook-bot-baibot.md#venice) provider, and it's the one we recommend. It's the most capable provider baibot supports (text generation with vision, file inputs and web search, speech-to-text, text-to-speech, and image generation and editing), and the only one that runs inference with no logging and no training on your data.
Enabling it takes a preset toggle and an API key:
```yaml
matrix_bot_baibot_config_agents_static_definitions_venice_enabled: true
matrix_bot_baibot_config_agents_static_definitions_venice_config_api_key: "YOUR_API_KEY_HERE"
```
[OpenAI](https://openai.com/) and baibot's other providers remain fully supported. To get started, see the [Setting up baibot](./docs/configuring-playbook-bot-baibot.md#venice) documentation page.
# 2026-06-24
## Support for bridging to iMessage via RustPush
Thanks to [jasonlaguidice](https://github.com/jasonlaguidice), the playbook now supports bridging to [iMessage](https://support.apple.com/messages) via a new [RustPush](https://github.com/OpenBubbles/rustpush)-based bridge ([jasonlaguidice/imessage](https://github.com/jasonlaguidice/imessage)).
Unlike the existing [mautrix-wsproxy](./docs/configuring-playbook-bridge-mautrix-wsproxy.md) iMessage bridge, this one talks directly to Apple's push notification service, so it needs neither a running Mac nor a wsproxy on the homeserver. Each user supplies a hardware key extracted from a Mac through the bridge bot's login flow.
To learn more, see our [Setting up RustPush (iMessage) bridging](./docs/configuring-playbook-bridge-rustpush.md) documentation page.
# 2026-05-24 # 2026-05-24
## matrix-ldap-registration-proxy has been removed from the playbook ## matrix-ldap-registration-proxy has been removed from the playbook
+1
View File
@@ -117,6 +117,7 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [mautrix-gmessages](https://github.com/mautrix/gmessages) | ❌ | Bridge to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) | | [mautrix-gmessages](https://github.com/mautrix/gmessages) | ❌ | Bridge to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) |
| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | ❌ | Bridge to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | | [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | ❌ | Bridge to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
| [mautrix-wsproxy](https://github.com/mautrix/wsproxy) | ❌ | Bridge to Android SMS or Apple iMessage | [Link](docs/configuring-playbook-bridge-mautrix-wsproxy.md) | | [mautrix-wsproxy](https://github.com/mautrix/wsproxy) | ❌ | Bridge to Android SMS or Apple iMessage | [Link](docs/configuring-playbook-bridge-mautrix-wsproxy.md) |
| [matrix-rustpush-bridge](https://github.com/jasonlaguidice/imessage) | ❌ | Bridge to [iMessage](https://support.apple.com/messages) via Apple Push Notification service | [Link](docs/configuring-playbook-bridge-rustpush.md) |
| [mautrix-bluesky](https://github.com/mautrix/bluesky) | ❌ | Bridge to [Bluesky](https://bsky.social/) | [Link](docs/configuring-playbook-bridge-mautrix-bluesky.md) | | [mautrix-bluesky](https://github.com/mautrix/bluesky) | ❌ | Bridge to [Bluesky](https://bsky.social/) | [Link](docs/configuring-playbook-bridge-mautrix-bluesky.md) |
| [mautrix-twitter](https://github.com/mautrix/twitter) | ❌ | Bridge to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | | [mautrix-twitter](https://github.com/mautrix/twitter) | ❌ | Bridge to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
| [mautrix-googlechat](https://github.com/mautrix/googlechat) | ❌ | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) | | [mautrix-googlechat](https://github.com/mautrix/googlechat) | ❌ | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
+2
View File
@@ -76,6 +76,8 @@ If your server and services experience issues, feel free to come to [our support
- [Alternative architectures](alternative-architectures.md) - [Alternative architectures](alternative-architectures.md)
- [Configuring Synology DSM](configuring-playbook-synology.md)
- [Container images used by the playbook](container-images.md) - [Container images used by the playbook](container-images.md)
- [Obtaining an Access Token](obtaining-access-tokens.md) - [Obtaining an Access Token](obtaining-access-tokens.md)
+34 -3
View File
@@ -14,7 +14,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
🤖 [baibot](https://github.com/etkecc/baibot) (pronounced bye-bot) is a [Matrix](https://matrix.org/) bot developed by [etke.cc](https://etke.cc/) that exposes the power of [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) to you. 🤖 🤖 [baibot](https://github.com/etkecc/baibot) (pronounced bye-bot) is a [Matrix](https://matrix.org/) bot developed by [etke.cc](https://etke.cc/) that exposes the power of [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) to you. 🤖
It supports [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) models, as many well as other [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md). It supports many [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md), including the privacy-first [Venice](#venice) we recommend, [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) models, and more.
It's designed as a more private and [✨ featureful](https://github.com/etkecc/baibot/?tab=readme-ov-file#-features) alternative to [matrix-chatgpt-bot](./configuring-playbook-bot-chatgpt.md). See the [baibot](https://github.com/etkecc/baibot) project and its documentation for more information. It's designed as a more private and [✨ featureful](https://github.com/etkecc/baibot/?tab=readme-ov-file#-features) alternative to [matrix-chatgpt-bot](./configuring-playbook-bot-chatgpt.md). See the [baibot](https://github.com/etkecc/baibot) project and its documentation for more information.
@@ -159,7 +159,38 @@ Agents defined statically and those created dynamically (via chat) are named dif
Depending on your propensity for [GitOps](https://en.wikipedia.org/wiki/DevOps#GitOps), you may prefer to define agents statically via Ansible, or you may wish to do it dynamically via chat. Depending on your propensity for [GitOps](https://en.wikipedia.org/wiki/DevOps#GitOps), you may prefer to define agents statically via Ansible, or you may wish to do it dynamically via chat.
Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider). In short, it's probably best to go with [OpenAI](#openai). Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider) for a side-by-side of what each one can do. In short: we recommend [Venice](#venice), the most capable provider baibot supports and the only one that keeps no logs and trains on nothing. If you'd rather start with the most widely-used option, [OpenAI](#openai) is a solid, well-supported choice too.
#### Venice
[Venice](https://venice.ai/chat?ref=kpXDe6) _(ref link with a $10 bonus for you)_ is the provider we recommend. It's the most capable one baibot supports, and the only one that pairs that full feature set with real privacy: inference runs on Venice's own GPUs or on zero-data-retention partner hardware, so your prompts and replies are stored nowhere and never used for training. It serves both frontier proprietary models and the latest open-source ones.
Venice also leaves the content policy to you instead of imposing its own. Its models answer without the reflexive refusals some hosted services apply, and both text and image generation can handle adult or otherwise sensitive subjects when you need them to. Image generation ships a `safe_mode` that blurs adult content by default; you can turn it off (see the sample config). This pairs naturally with the privacy above: a bot you can speak to candidly, that keeps nothing.
Unlike the [OpenAI Compatible](#openai-compatible) provider (which can also point at Venice, but drops images and can't reach its audio or native image endpoints), this is a first-class integration that exposes Venice's full parameter set: text-generation with vision, file inputs, prompt caching and native web search, plus speech-to-text, text-to-speech, and image generation and editing.
You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Venice provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#venice) with the help of the playbook's preset variables.
Here's an example **addition** to your `vars.yml` file:
```yaml
matrix_bot_baibot_config_agents_static_definitions_venice_enabled: true
matrix_bot_baibot_config_agents_static_definitions_venice_config_api_key: "YOUR_API_KEY_HERE"
# The preset ships sensible defaults for every purpose, so changing only the API key above is enough
# to get going. Uncomment and adjust any of these if you'd like to use different models:
# matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_model_id: kimi-k2-5
# matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_model_id: chroma
```
Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/venice`.
Every Venice knob (sampling, caching, reasoning, web-search behavior, voice and image controls) has a matching `matrix_bot_baibot_config_agents_static_definitions_venice_config_*` variable. The [fully-commented sample config](https://github.com/etkecc/baibot/blob/main/docs/sample-provider-configs/venice.yml) explains every one of them.
If you'd like to use more than one model, take a look at the [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset) section below.
💡 You may also wish to use this new agent for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers).
#### Anthropic #### Anthropic
@@ -374,7 +405,7 @@ Example **additional** `vars.yml` configuration:
# As such, changing any of these values subsequently has no effect on the bot's behavior. # As such, changing any of these values subsequently has no effect on the bot's behavior.
# Once initially configured, the global configuration is managed via bot commands, not via Ansible. # Once initially configured, the global configuration is managed via bot commands, not via Ansible.
matrix_bot_baibot_config_initial_global_config_handler_catch_all: static/openai matrix_bot_baibot_config_initial_global_config_handler_catch_all: static/venice
# In this example, there's no need to define any of these below. # In this example, there's no need to define any of these below.
# Configuring the catch-all purpose handler is enough. # Configuring the catch-all purpose handler is enough.
@@ -138,6 +138,35 @@ Replace `warn` with one of the following to control the verbosity of the logs ge
If you have issues with a service, and are requesting support, the higher levels of logging (those that appear earlier in the list, like `trace`) will generally be more helpful. If you have issues with a service, and are requesting support, the higher levels of logging (those that appear earlier in the list, like `trace`) will generally be more helpful.
### Expose the bridge's API (for Mautrix Manager and similar tools)
Each mautrix bridge runs an HTTP API which tools like [Mautrix Manager](https://github.com/mautrix/manager) can use to help you log into the bridge. This is especially handy for bridges where logging in manually is cumbersome (like [mautrix-gmessages](configuring-playbook-bridge-mautrix-gmessages.md)).
By default, the playbook exposes this API publicly at `https://matrix.example.com/bridges/SERVICENAME` (for example, `https://matrix.example.com/bridges/gmessages`). Such tools authenticate to the bridge with your own Matrix access token, so you never need to share any bridge secret with them.
To make discovery easier, the playbook also serves a `/.well-known/matrix/mautrix` file which advertises all your exposed bridges. Mautrix Manager reads this file and offers your bridges automatically, so you don't need to enter their URLs by hand.
This is all enabled by default. To **disable exposing the API for all bridges**, add the following configuration to your `vars.yml` file:
```yaml
matrix_bridges_exposure_enabled: false
```
**Alternatively**, to disable it for a specific bridge:
```yaml
matrix_mautrix_SERVICENAME_exposure_enabled: false
```
If you run additional bridges on the same server which are not managed by this playbook and would like compatible tools to discover them as well, you can advertise their base URLs in the `/.well-known/matrix/mautrix` file:
```yaml
matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges_custom:
- https://matrix.example.com/bridges/SOME_OTHER_BRIDGE
```
Only list bridges hosted on (and connected to) this server here, as compatible tools will send your Matrix access token to them. For bridges on other servers, take a look at the `fi.mau.external_bridge_servers` property described in the [Mautrix Manager](https://github.com/mautrix/manager) documentation, which you can add via `matrix_static_files_file_matrix_mautrix_configuration_extension_json`.
### Extending the configuration ### Extending the configuration
There are some additional things you may wish to configure about the bridge. There are some additional things you may wish to configure about the bridge.
@@ -0,0 +1,95 @@
<!--
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up RustPush (iMessage) bridging (optional)
> **Note:** This bridge is in early development and may have stability issues. It may not be desirable to deploy this to a large number of users. Your testing and feedback is appreciated.
<sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>
The playbook can install and configure [RustPush bridge to iMessage](https://github.com/jasonlaguidice/imessage) for you using Apple's push notification service.
See the project's [documentation](https://github.com/jasonlaguidice/imessage/blob/main/README.md) to learn what it does and why it might be useful to you.
## Prerequisites
### Hardware Key Extraction
To use this bridge on Linux (Docker), each user needs a **hardware key** extracted from a real Mac. This key contains hardware identifiers needed for iMessage registration. Hardware keys can be shared by a number of users (approximately 20) before causing issues with Apple.
The key is entered interactively through the bridge bot's login flow (not configured via Ansible variables). See the upstream [README](https://github.com/jasonlaguidice/imessage/blob/main/README.md) for instructions on extracting the key.
If extracted from an Intel Mac, the Mac does not need to remain running after the key is extracted for this bridge to work. Apple Silicon Macs must run a NAC relay and thus must remain running.
### Phone Number Registration (optional)
This bridge can **not** do phone number registration (PNR). The only way to have your phone number registered and used (instead of an Apple ID e-mail address) is to have an iPhone connected to your Apple account. Reference the [BlueBubbles Phone Number Registration Guide](https://docs.bluebubbles.app/server/advanced/registering-a-phone-number-with-your-imessage-account) for information on how to set this up.
### Enable Appservice Double Puppet (optional)
If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.
## Adjusting the playbook configuration
To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_rustpush_bridge_enabled: true
```
### Disable Backfill (optional)
Backfill can be disabled globally if desired via config. By default, the bridge will backfill from iCloud (CloudKit) and APNS if available. Backfill from `chat.db` is only possible when the bridge is running on MacOS.
```yaml
matrix_rustpush_bridge_backfill_enabled: false
```
### Extending the Configuration
There are some additional things you may wish to configure about the bridge.
See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
## Installing
After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed.
## Usage
To use the bridge, you need to start a chat with `@rustpushbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
After logging in, the bridge will start receiving iMessages and creating portal rooms.
## Troubleshooting
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-rustpush-bridge`.
### Increase logging verbosity
The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
```yaml
# Valid values: fatal, error, warn, info, debug, trace
matrix_rustpush_bridge_logging_level: 'debug'
# Enable debug logging for RustPush
matrix_rustpush_bridge_rust_log: "warn,rustpushgo=info,openabsinthe=debug"
```
+2 -2
View File
@@ -13,14 +13,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
# Setting up Ketesa (optional) # Setting up Ketesa (optional)
The playbook can install and configure [Ketesa](https://github.com/etkecc/ketesa) for you. The playbook can install and configure [Ketesa](https://ketesa.app) ([source code](https://github.com/etkecc/ketesa)) for you.
Ketesa is a fully-featured admin interface for Matrix homeservers — manage users, rooms, media, sessions, and more from one clean, responsive web UI. It is the evolution of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin): what began as a fork has grown into its own independent project with a redesigned interface, comprehensive Synapse and MAS API coverage, and multi-language support. See the [Ketesa v1.0.0 announcement](https://etke.cc/blog/introducing-ketesa/) for a full overview of what's new. Ketesa is a fully-featured admin interface for Matrix homeservers — manage users, rooms, media, sessions, and more from one clean, responsive web UI. It is the evolution of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin): what began as a fork has grown into its own independent project with a redesigned interface, comprehensive Synapse and MAS API coverage, and multi-language support. See the [Ketesa v1.0.0 announcement](https://etke.cc/blog/introducing-ketesa/) for a full overview of what's new.
>[!NOTE] >[!NOTE]
> >
> - Ketesa does not work with other homeserver implementations than Synapse due to API's incompatibility. > - Ketesa does not work with other homeserver implementations than Synapse due to API's incompatibility.
> - The latest version of Ketesa is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting. > - The latest version of Ketesa is hosted by [etke.cc](https://etke.cc/) at [cloud.ketesa.app](https://cloud.ketesa.app/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
> - This playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). Please note that it's currently less feature-rich than Ketesa and requires [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md). > - This playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). Please note that it's currently less feature-rich than Ketesa and requires [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
## Adjusting DNS records (optional) ## Adjusting DNS records (optional)
+179
View File
@@ -0,0 +1,179 @@
<!--
SPDX-FileCopyrightText: 2026 Chiu Ki Sit
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Configuring Synology DSM
This document is a guide for preparing Synology DSM for the installation of the [Matrix Docker Ansible Deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) project.
> **Note:** Synology DSM is a community-supported platform. It is not officially tested or maintained by the project maintainers. Use at your own discretion.
**Intended audience:** Users already familiar with DSM, SSH, and this Ansible project.
## Assumptions
- DSM version 7 or higher
- `Volume1` is used as the default Docker storage location
- You are using DSM's built-in reverse proxy for handling HTTPS
## How Synology Support Works
The playbook automatically detects Synology DSM by checking for `/etc/synoinfo.conf`. When detected, it:
- Uses `synouser` and `synogroup` (DSM-native tools) instead of standard Linux user management
- Constrains the Python `requests` package to a version compatible with the Docker SDK
- Ensures `/volume1` has shared mount propagation so container bind mounts work correctly
- Deploys a `matrix-synology-boot-fix` service that runs on every boot after Docker is ready
You can override auto-detection by setting `matrix_base_host_is_synology: true` or `false` in your `vars.yml`.
### Matrix Service Account
The playbook creates a `matrix` system account using Synology's `synouser` tool. The account is secured as follows:
- **Expired** (`expired=1`) — the account cannot be used to log in to DSM or any application
You must set a password for this account via `matrix_synology_user_password` in your `vars.yml` (see [vars.yml Configuration](#varsyml-configuration)). The password cannot be used to log in because the account is expired, but a non-empty password is required as an additional security layer.
> If you pre-create the `matrix` user manually before running the playbook, the playbook will not modify the existing account's settings — you are responsible for securing it.
### Boot-fix Service
Synology DSM has two boot-time quirks that the boot-fix service addresses automatically:
1. **`/volume1` shared mount propagation**
Docker requires `/volume1` to be mounted as shared (`mount --make-shared /volume1`) for container bind mounts with `bind-propagation=slave` to work correctly (used by matrix-synapse for its media store). On Synology, this cannot be inserted into the systemd chain before Container Manager starts — doing so causes Container Manager to detect a broken dependency and prompt for repair on every boot. The playbook applies this during setup, and the boot-fix service re-applies it on every subsequent reboot, safely outside Container Manager's dependency chain.
2. **Skipped services at boot**
Synology's systemd drops services with multi-level dependency chains from the boot activation queue (e.g. `matrix-traefik → matrix-container-socket-proxy → docker`). These services show as `inactive` or `failed` after reboot even though they are enabled. The boot-fix service scans for any enabled `matrix-*.service` in either state and starts them automatically.
> **If you previously configured a Task Scheduler entry** (`Control Panel > Task Scheduler`) to run `mount --make-shared /volume1` at boot-up, you can remove it — the boot-fix service now handles this.
## Synology GUI Preparation
1. **Enable SSH**
- `Control Panel` > `Terminal & SNMP` > `Enable SSH service`
2. **Enable SFTP**
- `Control Panel` > `File Service` > `FTP` > `Enable SFTP service` with default port
3. **Enable User Home Directory**
- `Control Panel` > `User & Group` > `Advanced` > `Enable user home service`
4. **Install Container Manager**
- Install from `Package Center`
5. **Configure Reverse Proxy**
- `Control Panel` > `Login Portal` > `Advanced` > `Reverse Proxy`
- Create entries for each service you enable (e.g. Matrix, Element, admin page)
- Example entry:
- Source: `HTTPS` / `matrix.example.com` / port `443`
- Destination: `HTTP` / `localhost` / port `81`
## SSH Preparation
### (Optional but Recommended) Enable SSH Key Authentication
Configure key-based SSH login to avoid password prompts during Ansible runs.
### Set Up the Ansible Environment
Create a project folder and Python virtual environment on the DSM host:
```shell
mkdir ~/path/to/your/project/folder
cd ~/path/to/your/project/folder
python3 -m venv ./myenv
# (optional) activate python virtual environment
# source ./myenv/bin/activate
```
## Inventory Configuration
In your `inventory/hosts` file, set the Python interpreter to your virtual environment:
```ini
# SSH key authentication with empty passphrase example
matrix.example.com ansible_host=<your-dsm-ip> ansible_ssh_user=<dsm-ssh-user> become=true become_user=root ansible_python_interpreter=/volume1/homes/path/to/your/project/folder/myenv/bin/python ansible_sudo_pass='your-password'
```
## vars.yml Configuration
Add the following Synology-specific variables to your `vars.yml`:
```yaml
# Synology-specific settings
# Controls Synology DSM-specific handling. `null` means autodetect (via /etc/synoinfo.conf).
# Set to `true`/`false` to force.
# matrix_base_host_is_synology: true
# Password for the Matrix service account created by the playbook.
# The account is created as expired so this password cannot be used to log in.
matrix_synology_user_password: "your-strong-password"
# User and group that will be created automatically by the playbook
matrix_user_name: "matrix"
matrix_group_name: "matrix"
# Data path on your Synology volume
matrix_base_data_path: "/volume1/docker/matrix"
# Use Synology Container Manager's Docker daemon instead of installing Docker
matrix_playbook_docker_installation_enabled: false
devture_systemd_docker_base_host_command_docker: "/var/packages/ContainerManager/target/usr/bin/docker"
devture_systemd_docker_base_docker_service_name: "pkg-ContainerManager-dockerd.service"
# Use Synology's NTP service
devture_timesync_ntpd_service: "chronyd"
# Reverse proxy settings — use HTTPS at the DSM reverse proxy level
matrix_playbook_ssl_enabled: true
traefik_config_entrypoint_web_secure_enabled: false
# Bind to localhost only — DSM reverse proxy handles public traffic
traefik_container_web_host_bind_port: '127.0.0.1:81'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.0.1:8449'
# Trust X-Forwarded-* headers from the local reverse proxy
traefik_config_entrypoint_web_forwardedHeaders_insecure: true
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
```
## Running the Playbook
```shell
# Full setup
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
# start
ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
# Stop all services
ansible-playbook -i inventory/hosts setup.yml --tags=stop
# Apply config changes (always include start to restart running containers)
ansible-playbook -i inventory/hosts setup.yml --tags=stop,setup-all,start
```
> **Important:** Always include `stop` before `setup-all,start` when changing configuration. Running `setup-all` alone does not restart already-running containers.
## Creating Matrix Users
After the services are running, create your first Matrix user:
```shell
# option 1:
sudo docker exec -it matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u your_username -p your_password
# option 2:
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=your_username password=your_password admin=yes|no' --tags=register-user
```
+3 -1
View File
@@ -158,6 +158,8 @@ Bridges can be used to connect your Matrix installation with third-party communi
- [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) - [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)
- [Setting up RustPush (iMessage) bridging](configuring-playbook-bridge-rustpush.md)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)
@@ -188,7 +190,7 @@ Bridges can be used to connect your Matrix installation with third-party communi
Bots provide various additional functionality to your installation. Bots provide various additional functionality to your installation.
- [Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services ([OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md)) - [Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services (the privacy-first [Venice](configuring-playbook-bot-baibot.md#venice) we recommend, [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/), and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md))
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) — a bot to remind you about stuff - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) — a bot to remind you about stuff
+1
View File
@@ -107,6 +107,7 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [Heisenbridge](configuring-playbook-bridge-heisenbridge.md) | [hif1/heisenbridge](https://hub.docker.com/r/hif1/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | | [Heisenbridge](configuring-playbook-bridge-heisenbridge.md) | [hif1/heisenbridge](https://hub.docker.com/r/hif1/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) |
| [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | | [mx-puppet-groupme](configuring-playbook-bridge-mx-puppet-groupme.md) | [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) |
| [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | | [matrix-steam-bridge](configuring-playbook-bridge-steam.md) | [jasonlaguidice/matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge/pkgs/container/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) |
| [matrix-rustpush-bridge](configuring-playbook-bridge-rustpush.md) | [jasonlaguidice/imessage](https://github.com/jasonlaguidice/imessage/pkgs/container/imessage) | ❌ | Bridge to [iMessage](https://support.apple.com/messages) via Apple Push Notification service |
| [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | | [mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md) | [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) |
| [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge | | [Postmoogle](configuring-playbook-bridge-postmoogle.md) | [etke.cc/postmoogle](https://github.com/etkecc/postmoogle/container_registry) | ❌ | Email to Matrix bridge |
+9 -3
View File
@@ -1,13 +1,13 @@
<!-- <!--
SPDX-FileCopyrightText: 2018 - 2023 Slavi Pantaleev
SPDX-FileCopyrightText: 2018 - 2024 MDAD project contributors
SPDX-FileCopyrightText: 2018 Aaron Raimist SPDX-FileCopyrightText: 2018 Aaron Raimist
SPDX-FileCopyrightText: 2018-2023 Slavi Pantaleev
SPDX-FileCopyrightText: 2018-2024 MDAD project contributors
SPDX-FileCopyrightText: 2019 Edgars Voroboks SPDX-FileCopyrightText: 2019 Edgars Voroboks
SPDX-FileCopyrightText: 2019 Michael Haak SPDX-FileCopyrightText: 2019 Michael Haak
SPDX-FileCopyrightText: 2020 Kevin Lanni SPDX-FileCopyrightText: 2020 Kevin Lanni
SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
SPDX-FileCopyrightText: 2024 Mitja Jež SPDX-FileCopyrightText: 2024 Mitja Jež
SPDX-FileCopyrightText: 2024 Nikita Chernyi SPDX-FileCopyrightText: 2024 Nikita Chernyi
SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
--> -->
@@ -150,6 +150,12 @@ After completing the installation, you can:
* or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting. * or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
- or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate)) - or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))
### Installing native Matrix clients on your computer
As the playbook's aim is to help you to install and manage Matrix services on your server, if you are looking for dedicated native Matrix clients which run on your computer, you need to install ones by yourself. There is a convenient list which introduces known Matrix clients on this page: <https://matrix.org/ecosystem/clients/>
If you feel overwhelmed by the variety and the number of the available clients, you might want to install [**Komai**](https://github.com/etkecc/komai), a desktop-first Matrix chat application maintained by the team behind the playbook. It is stable, and just works without quirks!
### ⚠️ Keep the playbook and services up-to-date ### ⚠️ Keep the playbook and services up-to-date
While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**. While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**.
@@ -44,27 +44,19 @@ Custom Nginx Configuration:
client_max_body_size 50M; client_max_body_size 50M;
``` ```
Again, under the 'Proxy Hosts' page select `Add Proxy Host`, this time for your federation traffic. Apply the proxy's configuration like this: Then, under the 'Streams' page select `Add Stream`, this time for your federation traffic. Apply the configuration like this:
```md ```md
# Details # Details
# Matrix Federation proxy config # Matrix Federation proxy config
Domain Names: matrix.example.com:8448 Incoming Port: 8448
Scheme: http Forward Host/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Hostname/IP: IP-ADDRESS-OF-YOUR-MATRIX
Forward Port: 8449 Forward Port: 8449
Protocols: TCP
# SSL # SSL
# Either 'Request a new certificate' or select an existing one # Either 'Request a new certificate' or select an existing one
SSL Certificate: matrix.example.com or *.example.com SSL Certificate: matrix.example.com or *.example.com
Force SSL: true
HTTP/2 Support: true
# Advanced
# Allows NPM to listen on the federation port
Custom Nginx Configuration:
listen 8448 ssl http2;
client_max_body_size 50M;
``` ```
Also note, NPM would need to be configured for whatever other services you are using. For example, you would need to create additional proxy hosts for `element.example.com` or `jitsi.example.com`, which would use the forwarding port `81`. Also note, NPM would need to be configured for whatever other services you are using. For example, you would need to create additional proxy hosts for `element.example.com` or `jitsi.example.com`, which would use the forwarding port `81`.
+168
View File
@@ -114,6 +114,8 @@ matrix_homeserver_container_extra_arguments_auto: |
+ +
(['--mount type=bind,src=' + matrix_mautrix_bluesky_config_path + '/registration.yaml,dst=/matrix-mautrix-bluesky-registration.yaml,ro'] if matrix_mautrix_bluesky_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_bluesky_config_path + '/registration.yaml,dst=/matrix-mautrix-bluesky-registration.yaml,ro'] if matrix_mautrix_bluesky_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_rustpush_bridge_config_path + '/registration.yaml,dst=/matrix-rustpush-bridge-registration.yaml,ro'] if matrix_rustpush_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else [])
@@ -171,6 +173,8 @@ matrix_homeserver_app_service_config_files_auto: |
+ +
(['/matrix-mautrix-bluesky-registration.yaml'] if matrix_mautrix_bluesky_enabled else []) (['/matrix-mautrix-bluesky-registration.yaml'] if matrix_mautrix_bluesky_enabled else [])
+ +
(['/matrix-rustpush-bridge-registration.yaml'] if matrix_rustpush_bridge_enabled else [])
+
(['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else []) (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+ +
(['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else []) (['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else [])
@@ -436,6 +440,13 @@ devture_systemd_service_manager_services_list_auto: |
'groups': ['matrix', 'bridges', 'mautrix-bluesky'], 'groups': ['matrix', 'bridges', 'mautrix-bluesky'],
}] if matrix_mautrix_bluesky_enabled else []) }] if matrix_mautrix_bluesky_enabled else [])
+ +
([{
'name': 'matrix-rustpush-bridge.service',
'priority': 2000,
'restart_necessary': (matrix_rustpush_bridge_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'matrix-rustpush-bridge'],
}] if matrix_rustpush_bridge_enabled else [])
+
([{ ([{
'name': 'matrix-mautrix-discord.service', 'name': 'matrix-mautrix-discord.service',
'priority': 2000, 'priority': 2000,
@@ -1460,6 +1471,11 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: "{{ matrix_mautrix_bluesky_metr
matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky" matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky"
matrix_mautrix_bluesky_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_bluesky_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_bluesky_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_bluesky_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/bluesky"
matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}" matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
@@ -1469,6 +1485,77 @@ matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-bridge-rustpush
#
######################################################################
# We don't enable bridges by default.
matrix_rustpush_bridge_enabled: false
matrix_rustpush_bridge_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
+
([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_rustpush_bridge_database_hostname == postgres_connection_hostname) else [])
}}
matrix_rustpush_bridge_container_network: "{{ matrix_addons_container_network }}"
matrix_rustpush_bridge_container_additional_networks_auto: |-
{{
(
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+
([postgres_container_network] if (postgres_enabled and matrix_rustpush_bridge_database_hostname == postgres_connection_hostname and matrix_rustpush_bridge_container_network != postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_rustpush_bridge_container_labels_traefik_enabled else [])
) | unique
}}
matrix_rustpush_bridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_rustpush_bridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rustpush_bridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_rustpush_bridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_rustpush_bridge_appservice_token: "{{ (matrix_homeserver_generic_secret_key + ':imsg.as.token') | hash('sha512') | to_uuid }}"
matrix_rustpush_bridge_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_rustpush_bridge_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':imsg.hs.token') | hash('sha512') | to_uuid }}"
matrix_rustpush_bridge_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_rustpush_bridge_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.imsg.prov') | hash('sha512') | to_uuid }}"
matrix_rustpush_bridge_double_puppet_secrets_auto: |-
{{
({
matrix_rustpush_bridge_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
if matrix_appservice_double_puppet_enabled
else {}
}}
matrix_rustpush_bridge_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_rustpush_bridge_metrics_proxying_enabled: "{{ matrix_rustpush_bridge_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_rustpush_bridge_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_rustpush_bridge_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/rustpush-bridge"
matrix_rustpush_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_rustpush_bridge_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.imsg.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
######################################################################
#
# /matrix-bridge-rustpush
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-bridge-mautrix-discord # matrix-bridge-mautrix-discord
@@ -1572,9 +1659,16 @@ matrix_mautrix_slack_container_additional_networks_auto: |-
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+ +
([postgres_container_network] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname and matrix_mautrix_slack_container_network != postgres_container_network) else []) ([postgres_container_network] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname and matrix_mautrix_slack_container_network != postgres_container_network) else [])
+
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_slack_container_labels_traefik_enabled else [])
) | unique ) | unique
}} }}
matrix_mautrix_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_mautrix_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_mautrix_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_mautrix_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
matrix_mautrix_slack_appservice_token: "{{ (matrix_homeserver_generic_secret_key + ':mauslack.as.tok') | hash('sha512') | to_uuid }}" matrix_mautrix_slack_appservice_token: "{{ (matrix_homeserver_generic_secret_key + ':mauslack.as.tok') | hash('sha512') | to_uuid }}"
matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
@@ -1599,6 +1693,11 @@ matrix_mautrix_slack_database_password: "{{ (matrix_homeserver_generic_secret_ke
matrix_mautrix_slack_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.slack.prov') | hash('sha512') | to_uuid }}" matrix_mautrix_slack_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.slack.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_slack_public_media_signing_key: "{{ (matrix_homeserver_generic_secret_key + ':mau.slack.pmed') | hash('sha512') | to_uuid }}" matrix_mautrix_slack_public_media_signing_key: "{{ (matrix_homeserver_generic_secret_key + ':mau.slack.pmed') | hash('sha512') | to_uuid }}"
matrix_mautrix_slack_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_slack_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_slack_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_slack_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/slack"
###################################################################### ######################################################################
# #
# /matrix-bridge-mautrix-slack # /matrix-bridge-mautrix-slack
@@ -1747,6 +1846,11 @@ matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metric
matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal" matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal"
matrix_mautrix_signal_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_signal_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_signal_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_signal_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/signal"
matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_signal_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.signal.db') | hash('sha512') | to_uuid }}" matrix_mautrix_signal_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.signal.db') | hash('sha512') | to_uuid }}"
@@ -1807,6 +1911,7 @@ matrix_mautrix_meta_messenger_appservice_token: "{{ (matrix_homeserver_generic_s
matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_messenger_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.hs') | hash('sha512') | to_uuid }}" matrix_mautrix_meta_messenger_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.hs') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_messenger_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.fb.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_meta_messenger_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -1825,6 +1930,11 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_meta_messenger_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_meta_messenger_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_meta_messenger_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_meta_messenger_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-messenger"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -1885,6 +1995,7 @@ matrix_mautrix_meta_instagram_appservice_token: "{{ (matrix_homeserver_generic_s
matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_meta_instagram_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.hs') | hash('sha512') | to_uuid }}" matrix_mautrix_meta_instagram_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.hs') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_instagram_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.meta.ig.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_meta_instagram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -1903,6 +2014,11 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: "{{ matrix_mautrix_meta_
matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_meta_instagram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_meta_instagram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_meta_instagram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_meta_instagram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/meta-instagram"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path. # and point them to a migration path.
matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}"
@@ -1982,6 +2098,11 @@ matrix_mautrix_telegram_metrics_proxying_enabled: "{{ matrix_mautrix_telegram_me
matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram" matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram"
matrix_mautrix_telegram_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_telegram_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_telegram_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_telegram_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/telegram"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2058,6 +2179,11 @@ matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metr
matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter" matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter"
matrix_mautrix_twitter_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_twitter_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_twitter_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_twitter_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/twitter"
matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}" matrix_mautrix_twitter_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"
@@ -2113,6 +2239,8 @@ matrix_mautrix_gmessages_appservice_token: "{{ (matrix_homeserver_generic_secret
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}" matrix_mautrix_gmessages_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.hs.token') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':gmessa.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_gmessages_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: |- matrix_mautrix_gmessages_double_puppet_secrets_auto: |-
@@ -2130,6 +2258,11 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: "{{ matrix_mautrix_gmessages_
matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages" matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages"
matrix_mautrix_gmessages_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_gmessages_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_gmessages_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_gmessages_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/gmessages"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -2294,6 +2427,7 @@ matrix_mautrix_whatsapp_appservice_token: "{{ (matrix_homeserver_generic_secret_
matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':wa.hs.token') | hash('sha512') | to_uuid }}" matrix_mautrix_whatsapp_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':wa.hs.token') | hash('sha512') | to_uuid }}"
matrix_mautrix_whatsapp_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':wa.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}" matrix_mautrix_whatsapp_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
@@ -2312,6 +2446,11 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: "{{ matrix_mautrix_whatsapp_me
matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp" matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp"
matrix_mautrix_whatsapp_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_mautrix_whatsapp_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
matrix_mautrix_whatsapp_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
matrix_mautrix_whatsapp_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/whatsapp"
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
@@ -4052,6 +4191,12 @@ postgres_managed_databases_auto: |
'password': matrix_mautrix_bluesky_database_password, 'password': matrix_mautrix_bluesky_database_password,
}] if (matrix_mautrix_bluesky_enabled and matrix_mautrix_bluesky_database_engine == 'postgres' and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname) else []) }] if (matrix_mautrix_bluesky_enabled and matrix_mautrix_bluesky_database_engine == 'postgres' and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname) else [])
+ +
([{
'name': matrix_rustpush_bridge_database_name,
'username': matrix_rustpush_bridge_database_username,
'password': matrix_rustpush_bridge_database_password,
}] if (matrix_rustpush_bridge_enabled and matrix_rustpush_bridge_database_engine == 'postgres' and matrix_rustpush_bridge_database_hostname == postgres_connection_hostname) else [])
+
([{ ([{
'name': matrix_mautrix_googlechat_database_name, 'name': matrix_mautrix_googlechat_database_name,
'username': matrix_mautrix_googlechat_database_username, 'username': matrix_mautrix_googlechat_database_username,
@@ -4992,6 +5137,11 @@ matrix_ketesa_config_asManagedUsers_auto: |
'^@bluesky_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$', '^@bluesky_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_bluesky_enabled else []) ] if matrix_mautrix_bluesky_enabled else [])
+ +
([
'^@'+(matrix_rustpush_bridge_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@rustpush_[a-zA-Z0-9_.+-]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_rustpush_bridge_enabled else [])
+
([ ([
'^@'+(matrix_mautrix_discord_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$', '^@'+(matrix_mautrix_discord_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@discord_[0-9]+:'+(matrix_domain | regex_escape)+'$', '^@discord_[0-9]+:'+(matrix_domain | regex_escape)+'$',
@@ -5869,6 +6019,24 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto
) )
}} }}
# Advertise all enabled and exposed mautrix bridges for auto-discovery by tools like Mautrix Manager.
# A bridge's public address is only reachable when the playbook attaches its Traefik labels and emits the exposure router,
# so we gate on these in addition to the bridge being enabled.
matrix_static_files_file_matrix_mautrix_property_fi_mau_bridges_auto: |-
{{
[
matrix_mautrix_bluesky_appservice_public_address if (matrix_mautrix_bluesky_enabled and matrix_mautrix_bluesky_container_labels_traefik_enabled and matrix_mautrix_bluesky_container_labels_exposure_enabled) else '',
matrix_mautrix_gmessages_bridge_public_address if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_container_labels_traefik_enabled and matrix_mautrix_gmessages_container_labels_exposure_enabled) else '',
matrix_mautrix_meta_instagram_bridge_public_address if (matrix_mautrix_meta_instagram_enabled and matrix_mautrix_meta_instagram_container_labels_traefik_enabled and matrix_mautrix_meta_instagram_container_labels_exposure_enabled) else '',
matrix_mautrix_meta_messenger_bridge_public_address if (matrix_mautrix_meta_messenger_enabled and matrix_mautrix_meta_messenger_container_labels_traefik_enabled and matrix_mautrix_meta_messenger_container_labels_exposure_enabled) else '',
matrix_mautrix_signal_bridge_public_address if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_container_labels_traefik_enabled and matrix_mautrix_signal_container_labels_exposure_enabled) else '',
matrix_mautrix_slack_bridge_public_address if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_container_labels_traefik_enabled and matrix_mautrix_slack_container_labels_exposure_enabled) else '',
matrix_mautrix_telegram_bridge_public_address if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_container_labels_traefik_enabled and matrix_mautrix_telegram_container_labels_exposure_enabled) else '',
matrix_mautrix_twitter_appservice_public_address if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_container_labels_traefik_enabled and matrix_mautrix_twitter_container_labels_exposure_enabled) else '',
matrix_mautrix_whatsapp_bridge_public_address if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_container_labels_traefik_enabled and matrix_mautrix_whatsapp_container_labels_exposure_enabled) else '',
] | select | list
}}
matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}" matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+3 -3
View File
@@ -1,9 +1,9 @@
alabaster==1.0.0 alabaster==1.0.0
babel==2.18.0 babel==2.18.0
certifi==2026.5.20 certifi==2026.6.17
charset-normalizer==3.4.7 charset-normalizer==3.4.7
click==8.4.1 click==8.4.2
docutils==0.23 docutils==0.22.4
idna==3.18 idna==3.18
imagesize==2.0.0 imagesize==2.0.0
Jinja2==3.1.6 Jinja2==3.1.6
File diff suppressed because it is too large Load Diff
+17 -17
View File
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-19 07:40+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -424,18 +424,6 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-ldap-auth.md)" msgid "[Link](docs/configuring-playbook-ldap-auth.md)"
msgstr "" msgstr ""
#: ../../../README.md:0
msgid "[matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced)"
msgstr ""
#: ../../../README.md:0
msgid "Proxy that handles Matrix registration requests and forwards them to LDAP"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md)"
msgstr ""
#: ../../../README.md:0 #: ../../../README.md:0
msgid "[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)" msgid "[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)"
msgstr "" msgstr ""
@@ -460,11 +448,11 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-synapse-simple-antispam.md)" msgid "[Link](docs/configuring-playbook-synapse-simple-antispam.md)"
msgstr "" msgstr ""
#: ../../../README.md:99 #: ../../../README.md:98
msgid "File Storage" msgid "File Storage"
msgstr "" msgstr ""
#: ../../../README.md:101 #: ../../../README.md:100
msgid "Use alternative file storage to the default `media_store` folder." msgid "Use alternative file storage to the default `media_store` folder."
msgstr "" msgstr ""
@@ -500,11 +488,11 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-matrix-media-repo.md)" msgid "[Link](docs/configuring-playbook-matrix-media-repo.md)"
msgstr "" msgstr ""
#: ../../../README.md:109 #: ../../../README.md:108
msgid "Bridges" msgid "Bridges"
msgstr "" msgstr ""
#: ../../../README.md:111 #: ../../../README.md:110
msgid "Bridges can be used to connect your Matrix installation with third-party communication networks." msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
msgstr "" msgstr ""
@@ -580,6 +568,18 @@ msgstr ""
msgid "[Link](docs/configuring-playbook-bridge-mautrix-wsproxy.md)" msgid "[Link](docs/configuring-playbook-bridge-mautrix-wsproxy.md)"
msgstr "" msgstr ""
#: ../../../README.md:0
msgid "[matrix-rustpush-bridge](https://github.com/jasonlaguidice/imessage)"
msgstr ""
#: ../../../README.md:0
msgid "Bridge to [iMessage](https://support.apple.com/messages) via Apple Push Notification service"
msgstr ""
#: ../../../README.md:0
msgid "[Link](docs/configuring-playbook-bridge-rustpush.md)"
msgstr ""
#: ../../../README.md:0 #: ../../../README.md:0
msgid "[mautrix-bluesky](https://github.com/mautrix/bluesky)" msgid "[mautrix-bluesky](https://github.com/mautrix/bluesky)"
msgstr "" msgstr ""
+13 -9
View File
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -133,37 +133,41 @@ msgid "[Alternative architectures](alternative-architectures.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:79 #: ../../../docs/README.md:79
msgid "[Container images used by the playbook](container-images.md)" msgid "[Configuring Synology DSM](configuring-playbook-synology.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:81 #: ../../../docs/README.md:81
msgid "[Obtaining an Access Token](obtaining-access-tokens.md)" msgid "[Container images used by the playbook](container-images.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:83 #: ../../../docs/README.md:83
msgid "[Playbook tags](playbook-tags.md)" msgid "[Obtaining an Access Token](obtaining-access-tokens.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:85 #: ../../../docs/README.md:85
msgid "[Registering users](registering-users.md)" msgid "[Playbook tags](playbook-tags.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:87 #: ../../../docs/README.md:87
msgid "[Running `just` commands](just.md)" msgid "[Registering users](registering-users.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:89 #: ../../../docs/README.md:89
msgid "[Self-building](self-building.md)" msgid "[Running `just` commands](just.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:91 #: ../../../docs/README.md:91
msgid "[Uninstalling](uninstalling.md)" msgid "[Self-building](self-building.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:93 #: ../../../docs/README.md:93
msgid "[Updating users passwords](updating-users-passwords.md)" msgid "[Uninstalling](uninstalling.md)"
msgstr "" msgstr ""
#: ../../../docs/README.md:95 #: ../../../docs/README.md:95
msgid "[Updating users passwords](updating-users-passwords.md)"
msgstr ""
#: ../../../docs/README.md:97
msgid "[Using Ansible for the playbook](ansible.md)" msgid "[Using Ansible for the playbook](ansible.md)"
msgstr "" msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-04-03 11:56+0100\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -25,7 +25,7 @@ msgid "🤖 [baibot](https://github.com/etkecc/baibot) (pronounced bye-bot) is a
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:17 #: ../../../docs/configuring-playbook-bot-baibot.md:17
msgid "It supports [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) models, as many well as other [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md)." msgid "It supports many [☁️ providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md), including the privacy-first [Venice](#venice) we recommend, [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) models, and more."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:19 #: ../../../docs/configuring-playbook-bot-baibot.md:19
@@ -183,290 +183,321 @@ msgid "Depending on your propensity for [GitOps](https://en.wikipedia.org/wiki/D
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:162 #: ../../../docs/configuring-playbook-bot-baibot.md:162
msgid "Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider). In short, it's probably best to go with [OpenAI](#openai)." msgid "Before proceeding, we recommend reading the upstream documentation on [How to choose a provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#how-to-choose-a-provider) for a side-by-side of what each one can do. In short: we recommend [Venice](#venice), the most capable provider baibot supports and the only one that keeps no logs and trains on nothing. If you'd rather start with the most widely-used option, [OpenAI](#openai) is a solid, well-supported choice too."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:164 #: ../../../docs/configuring-playbook-bot-baibot.md:164
msgid "Anthropic" msgid "Venice"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:166 #: ../../../docs/configuring-playbook-bot-baibot.md:166
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Anthropic provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#anthropic) with the help of the playbook's preset variables." msgid "[Venice](https://venice.ai/chat?ref=kpXDe6) _(ref link with a $10 bonus for you)_ is the provider we recommend. It's the most capable one baibot supports, and the only one that pairs that full feature set with real privacy: inference runs on Venice's own GPUs or on zero-data-retention partner hardware, so your prompts and replies are stored nowhere and never used for training. It serves both frontier proprietary models and the latest open-source ones."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:168 #: ../../../docs/configuring-playbook-bot-baibot.md:168
#: ../../../docs/configuring-playbook-bot-baibot.md:192 msgid "Venice also leaves the content policy to you instead of imposing its own. Its models answer without the reflexive refusals some hosted services apply, and both text and image generation can handle adult or otherwise sensitive subjects when you need them to. Image generation ships a `safe_mode` that blurs adult content by default; you can turn it off (see the sample config). This pairs naturally with the privacy above: a bot you can speak to candidly, that keeps nothing."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:170
msgid "Unlike the [OpenAI Compatible](#openai-compatible) provider (which can also point at Venice, but drops images and can't reach its audio or native image endpoints), this is a first-class integration that exposes Venice's full parameter set: text-generation with vision, file inputs, prompt caching and native web search, plus speech-to-text, text-to-speech, and image generation and editing."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:172
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Venice provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#venice) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:174
#: ../../../docs/configuring-playbook-bot-baibot.md:199
#: ../../../docs/configuring-playbook-bot-baibot.md:223 #: ../../../docs/configuring-playbook-bot-baibot.md:223
#: ../../../docs/configuring-playbook-bot-baibot.md:251 #: ../../../docs/configuring-playbook-bot-baibot.md:254
#: ../../../docs/configuring-playbook-bot-baibot.md:282
msgid "Here's an example **addition** to your `vars.yml` file:" msgid "Here's an example **addition** to your `vars.yml` file:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:184 #: ../../../docs/configuring-playbook-bot-baibot.md:187
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/venice`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:189
msgid "Every Venice knob (sampling, caching, reasoning, web-search behavior, voice and image controls) has a matching `matrix_bot_baibot_config_agents_static_definitions_venice_config_*` variable. The [fully-commented sample config](https://github.com/etkecc/baibot/blob/main/docs/sample-provider-configs/venice.yml) explains every one of them."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:191
#: ../../../docs/configuring-playbook-bot-baibot.md:215 #: ../../../docs/configuring-playbook-bot-baibot.md:215
#: ../../../docs/configuring-playbook-bot-baibot.md:241 #: ../../../docs/configuring-playbook-bot-baibot.md:246
#: ../../../docs/configuring-playbook-bot-baibot.md:275 #: ../../../docs/configuring-playbook-bot-baibot.md:272
#: ../../../docs/configuring-playbook-bot-baibot.md:306
msgid "If you'd like to use more than one model, take a look at the [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset) section below." msgid "If you'd like to use more than one model, take a look at the [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset) section below."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:186 #: ../../../docs/configuring-playbook-bot-baibot.md:193
#: ../../../docs/configuring-playbook-bot-baibot.md:217 #: ../../../docs/configuring-playbook-bot-baibot.md:217
#: ../../../docs/configuring-playbook-bot-baibot.md:243 #: ../../../docs/configuring-playbook-bot-baibot.md:248
#: ../../../docs/configuring-playbook-bot-baibot.md:277 #: ../../../docs/configuring-playbook-bot-baibot.md:274
#: ../../../docs/configuring-playbook-bot-baibot.md:308
msgid "💡 You may also wish to use this new agent for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)." msgid "💡 You may also wish to use this new agent for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:188 #: ../../../docs/configuring-playbook-bot-baibot.md:195
msgid "Groq" msgid "Anthropic"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:190 #: ../../../docs/configuring-playbook-bot-baibot.md:197
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Groq provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#groq) with the help of the playbook's preset variables." msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Anthropic provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#anthropic) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:213
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/groq`."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:219 #: ../../../docs/configuring-playbook-bot-baibot.md:219
msgid "Mistral" msgid "Groq"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:221 #: ../../../docs/configuring-playbook-bot-baibot.md:221
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [Groq provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#groq) with the help of the playbook's preset variables."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:244
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/groq`."
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:250
msgid "Mistral"
msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:252
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [🇫🇷 Mistral provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#mistral) with the help of the playbook's preset variables." msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [🇫🇷 Mistral provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#mistral) with the help of the playbook's preset variables."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:239 #: ../../../docs/configuring-playbook-bot-baibot.md:270
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/mistral`." msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/mistral`."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:245 #: ../../../docs/configuring-playbook-bot-baibot.md:276
msgid "OpenAI" msgid "OpenAI"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:247 #: ../../../docs/configuring-playbook-bot-baibot.md:278
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai) with the help of the playbook's preset variables." msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai) with the help of the playbook's preset variables."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:249 #: ../../../docs/configuring-playbook-bot-baibot.md:280
msgid "The OpenAI provider is **only meant to be used with OpenAI's official API** and compatibility with other services (which do not fully adhere to the OpenAI API spec completely) is limited. **If you're targeting an OpenAI-compatible service**, use the [OpenAI Compatible](#openai-compatible) provider instead." msgid "The OpenAI provider is **only meant to be used with OpenAI's official API** and compatibility with other services (which do not fully adhere to the OpenAI API spec completely) is limited. **If you're targeting an OpenAI-compatible service**, use the [OpenAI Compatible](#openai-compatible) provider instead."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:273 #: ../../../docs/configuring-playbook-bot-baibot.md:304
msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`." msgid "Because this is a [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agent, it will be given a `static/` ID prefix and will be named `static/openai`."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:279 #: ../../../docs/configuring-playbook-bot-baibot.md:310
msgid "OpenAI Compatible" msgid "OpenAI Compatible"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:281 #: ../../../docs/configuring-playbook-bot-baibot.md:312
msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI Compatible provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai-compatible) with the help of the playbook's preset variables." msgid "You can statically-define a single [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md) instance powered by the [OpenAI Compatible provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openai-compatible) with the help of the playbook's preset variables."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:283 #: ../../../docs/configuring-playbook-bot-baibot.md:314
msgid "This provider allows you to use OpenAI-compatible API services like [OpenRouter](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openrouter), [Together AI](https://github.com/etkecc/baibot/blob/main/docs/providers.md#together-ai), etc." msgid "This provider allows you to use OpenAI-compatible API services like [OpenRouter](https://github.com/etkecc/baibot/blob/main/docs/providers.md#openrouter), [Together AI](https://github.com/etkecc/baibot/blob/main/docs/providers.md#together-ai), etc."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:285 #: ../../../docs/configuring-playbook-bot-baibot.md:316
msgid "Some of these popular services already have **shortcut** providers (see [supported providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md#supported-providers) leading to this one behind the scenes — this make it easier to get started." msgid "Some of these popular services already have **shortcut** providers (see [supported providers](https://github.com/etkecc/baibot/blob/main/docs/providers.md#supported-providers) leading to this one behind the scenes — this make it easier to get started."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:287 #: ../../../docs/configuring-playbook-bot-baibot.md:318
msgid "As of this moment, the playbook does not include presets for any of these services, so you'll need to [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset)." msgid "As of this moment, the playbook does not include presets for any of these services, so you'll need to [Configuring additional agents (without a preset)](#configuring-additional-agents-without-a-preset)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:289 #: ../../../docs/configuring-playbook-bot-baibot.md:320
msgid "Configuring additional agents (without a preset)" msgid "Configuring additional agents (without a preset)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:291 #: ../../../docs/configuring-playbook-bot-baibot.md:322
msgid "The Ansible role may be lacking preset variables for some [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md), or you may wish to statically-define an agent on the same provider twice (or more) with different configuration." msgid "The Ansible role may be lacking preset variables for some [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md), or you may wish to statically-define an agent on the same provider twice (or more) with different configuration."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:293 #: ../../../docs/configuring-playbook-bot-baibot.md:324
msgid "It's possible to inject your own agent configuration using the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable." msgid "It's possible to inject your own agent configuration using the `matrix_bot_baibot_config_agents_static_definitions_custom` Ansible variable."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:295 #: ../../../docs/configuring-playbook-bot-baibot.md:326
msgid "You can also define providers at runtime, by chatting with the bot, so using Ansible is not a requirement." msgid "You can also define providers at runtime, by chatting with the bot, so using Ansible is not a requirement."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:297 #: ../../../docs/configuring-playbook-bot-baibot.md:328
msgid "Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:" msgid "Below is an an **example** demonstrating **statically-defining agents via Ansible without using presets**:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:336 #: ../../../docs/configuring-playbook-bot-baibot.md:367
msgid "Because these are [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agents, they will be given a `static/` ID prefix and will be named `static/my-openai-gpt-3.5-turbo-agent` and `static/my-ollama-agent`, respectively." msgid "Because these are [statically](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md#static-configuration)-defined agents, they will be given a `static/` ID prefix and will be named `static/my-openai-gpt-3.5-turbo-agent` and `static/my-ollama-agent`, respectively."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:338 #: ../../../docs/configuring-playbook-bot-baibot.md:369
msgid "💡 To figure out what to put in the `config` section, refer to the [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md) page, which contains **sample configuration YAML for each provider**." msgid "💡 To figure out what to put in the `config` section, refer to the [☁️ provider](https://github.com/etkecc/baibot/blob/main/docs/providers.md) page, which contains **sample configuration YAML for each provider**."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:340 #: ../../../docs/configuring-playbook-bot-baibot.md:371
msgid "As with any [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md), defining them means they exist. To actually make use of them, they need to be configured as handlers globally or in a specific room — see [Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models)." msgid "As with any [🤖 agent](https://github.com/etkecc/baibot/blob/main/docs/agents.md), defining them means they exist. To actually make use of them, they need to be configured as handlers globally or in a specific room — see [Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:342 #: ../../../docs/configuring-playbook-bot-baibot.md:373
msgid "💡 You may also wish to use these new agents for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)." msgid "💡 You may also wish to use these new agents for [🤝 Configuring initial default handlers](#-configuring-initial-default-handlers)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:344 #: ../../../docs/configuring-playbook-bot-baibot.md:375
msgid "🤝 Configuring initial default handlers" msgid "🤝 Configuring initial default handlers"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:346 #: ../../../docs/configuring-playbook-bot-baibot.md:377
msgid "This section is only useful if you're [🤖 Configuring agents via Ansible](#-configuring-agents-via-ansible), as it lets you put these agents to use as soon as the bot starts (by adjusting the bot's **initial global configuration**)." msgid "This section is only useful if you're [🤖 Configuring agents via Ansible](#-configuring-agents-via-ansible), as it lets you put these agents to use as soon as the bot starts (by adjusting the bot's **initial global configuration**)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:348 #: ../../../docs/configuring-playbook-bot-baibot.md:379
msgid "If you're not configuring agents via Ansible, you can skip this section." msgid "If you're not configuring agents via Ansible, you can skip this section."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:350 #: ../../../docs/configuring-playbook-bot-baibot.md:381
msgid "This section is only useful the first time around. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands." msgid "This section is only useful the first time around. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:352 #: ../../../docs/configuring-playbook-bot-baibot.md:383
msgid "baibot supports [various purposes](https://github.com/etkecc/baibot/blob/main/docs/features.md):" msgid "baibot supports [various purposes](https://github.com/etkecc/baibot/blob/main/docs/features.md):"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:354 #: ../../../docs/configuring-playbook-bot-baibot.md:385
msgid "[💬 text-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-generation): communicating with you via text" msgid "[💬 text-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-generation): communicating with you via text"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:356 #: ../../../docs/configuring-playbook-bot-baibot.md:387
msgid "[🦻 speech-to-text](https://github.com/etkecc/baibot/blob/main/docs/features.md#-speech-to-text): turning your voice messages into text" msgid "[🦻 speech-to-text](https://github.com/etkecc/baibot/blob/main/docs/features.md#-speech-to-text): turning your voice messages into text"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:358 #: ../../../docs/configuring-playbook-bot-baibot.md:389
msgid "[🗣️ text-to-speech](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-to-speech): turning bot or users text messages into voice messages" msgid "[🗣️ text-to-speech](https://github.com/etkecc/baibot/blob/main/docs/features.md#-text-to-speech): turning bot or users text messages into voice messages"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:360 #: ../../../docs/configuring-playbook-bot-baibot.md:391
msgid "[🖌️ image-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-image-generation): generating images based on instructions" msgid "[🖌️ image-generation](https://github.com/etkecc/baibot/blob/main/docs/features.md#-image-generation): generating images based on instructions"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:362 #: ../../../docs/configuring-playbook-bot-baibot.md:393
msgid "❓ catch-all: special purposes, indicating use as a fallback (when no specific handler is configured)" msgid "❓ catch-all: special purposes, indicating use as a fallback (when no specific handler is configured)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:364 #: ../../../docs/configuring-playbook-bot-baibot.md:395
msgid "[Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models) is made possible by the bot's ability to have different [🤝 handlers](https://github.com/etkecc/baibot/blob/main/docs/configuration/handlers.md) configured for different purposes." msgid "[Mixing & matching models](https://github.com/etkecc/baibot/blob/main/docs/features.md#mixing--matching-models) is made possible by the bot's ability to have different [🤝 handlers](https://github.com/etkecc/baibot/blob/main/docs/configuration/handlers.md) configured for different purposes."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:366 #: ../../../docs/configuring-playbook-bot-baibot.md:397
msgid "This configuration can be done as a global fallback, or per-room. Both of these [🛠️ configurations](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md) are managed at runtime (viat chat), but **the global configuration can have some initial defaults configured via Ansible**." msgid "This configuration can be done as a global fallback, or per-room. Both of these [🛠️ configurations](https://github.com/etkecc/baibot/blob/main/docs/configuration/README.md) are managed at runtime (viat chat), but **the global configuration can have some initial defaults configured via Ansible**."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:368 #: ../../../docs/configuring-playbook-bot-baibot.md:399
msgid "You can configure the **initial values** for these via Ansible, via the `matrix_bot_baibot_config_initial_global_config_handler_*` variables." msgid "You can configure the **initial values** for these via Ansible, via the `matrix_bot_baibot_config_initial_global_config_handler_*` variables."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:370 #: ../../../docs/configuring-playbook-bot-baibot.md:401
msgid "Example **additional** `vars.yml` configuration:" msgid "Example **additional** `vars.yml` configuration:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:387 #: ../../../docs/configuring-playbook-bot-baibot.md:418
msgid "**Note**: these are initial defaults for the bot's global configuration. As such, changing any of these values subsequently has no effect on the bot's behavior. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands." msgid "**Note**: these are initial defaults for the bot's global configuration. As such, changing any of these values subsequently has no effect on the bot's behavior. **Once initially configured the global configuration cannot be managed Ansible**, but only via bot commands."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:389 #: ../../../docs/configuring-playbook-bot-baibot.md:420
msgid "Extending the configuration" msgid "Extending the configuration"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:391 #: ../../../docs/configuring-playbook-bot-baibot.md:422
msgid "There are some additional things you may wish to configure about the bot." msgid "There are some additional things you may wish to configure about the bot."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:393 #: ../../../docs/configuring-playbook-bot-baibot.md:424
msgid "Take a look at:" msgid "Take a look at:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:395 #: ../../../docs/configuring-playbook-bot-baibot.md:426
msgid "`roles/custom/matrix-bot-baibot/defaults/main.yml` for some variables that you can customize via your `vars.yml` file" msgid "`roles/custom/matrix-bot-baibot/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:396 #: ../../../docs/configuring-playbook-bot-baibot.md:427
msgid "`roles/custom/matrix-bot-baibot/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_baibot_configuration_extension_yaml` variable" msgid "`roles/custom/matrix-bot-baibot/templates/config.yaml.j2` for the bot's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_bot_baibot_configuration_extension_yaml` variable"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:398 #: ../../../docs/configuring-playbook-bot-baibot.md:429
msgid "Installing" msgid "Installing"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:400 #: ../../../docs/configuring-playbook-bot-baibot.md:431
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:" msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:407 #: ../../../docs/configuring-playbook-bot-baibot.md:438
msgid "**Notes**:" msgid "**Notes**:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:409 #: ../../../docs/configuring-playbook-bot-baibot.md:440
msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used." msgid "The `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account when password authentication is used."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:411 #: ../../../docs/configuring-playbook-bot-baibot.md:442
msgid "If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable." msgid "If you're using access-token authentication, the bot account must already exist and the configured token + device ID must match that account. This mode is mainly for MAS/OIDC setups where password-based bot login is not suitable."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:413 #: ../../../docs/configuring-playbook-bot-baibot.md:444
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`" msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:415 #: ../../../docs/configuring-playbook-bot-baibot.md:446
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed." msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:417 #: ../../../docs/configuring-playbook-bot-baibot.md:448
msgid "If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [Ketesa](configuring-playbook-ketesa.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)" msgid "If you change the bot password (`matrix_bot_baibot_config_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [Ketesa](configuring-playbook-ketesa.md) to change it, and then update `matrix_bot_baibot_config_user_password` to let the bot know its new password. (This note applies to password authentication mode.)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:419 #: ../../../docs/configuring-playbook-bot-baibot.md:450
msgid "Usage" msgid "Usage"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:421 #: ../../../docs/configuring-playbook-bot-baibot.md:452
msgid "To use the bot, invite it to any existing Matrix room (`/invite @baibot:example.com` where `example.com` is your base domain, not the `matrix.` domain)." msgid "To use the bot, invite it to any existing Matrix room (`/invite @baibot:example.com` where `example.com` is your base domain, not the `matrix.` domain)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:423 #: ../../../docs/configuring-playbook-bot-baibot.md:454
msgid "If you're an allowed bot [👥 user](https://github.com/etkecc/baibot/blob/main/docs/access.md#user) (see [👥 Initial users configuration](#-initial-users-configuration)), the bot will accept your invitation and join the room." msgid "If you're an allowed bot [👥 user](https://github.com/etkecc/baibot/blob/main/docs/access.md#user) (see [👥 Initial users configuration](#-initial-users-configuration)), the bot will accept your invitation and join the room."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:425 #: ../../../docs/configuring-playbook-bot-baibot.md:456
msgid "After joining, the bot will introduce itself and show information about the [✨ features](https://github.com/etkecc/baibot/blob/main/docs/features.md) that are enabled for it." msgid "After joining, the bot will introduce itself and show information about the [✨ features](https://github.com/etkecc/baibot/blob/main/docs/features.md) that are enabled for it."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:427 #: ../../../docs/configuring-playbook-bot-baibot.md:458
msgid "If you've [🤖 configured one or more agents via Ansible](#-configuring-agents-via-ansible) and have [🤝 configured initial default handlers](#configuring-initial-default-handlers), the bot will immediately be able to make use of these agents for this new room. Otherwise, you will need to configure agents and/or handlers via chat commands." msgid "If you've [🤖 configured one or more agents via Ansible](#-configuring-agents-via-ansible) and have [🤝 configured initial default handlers](#configuring-initial-default-handlers), the bot will immediately be able to make use of these agents for this new room. Otherwise, you will need to configure agents and/or handlers via chat commands."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:429 #: ../../../docs/configuring-playbook-bot-baibot.md:460
msgid "Send `!bai help` to the bot in the room to see the available commands." msgid "Send `!bai help` to the bot in the room to see the available commands."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:431 #: ../../../docs/configuring-playbook-bot-baibot.md:462
msgid "You can also refer to the upstream [baibot](https://github.com/etkecc/baibot) project's documentation." msgid "You can also refer to the upstream [baibot](https://github.com/etkecc/baibot) project's documentation."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:433 #: ../../../docs/configuring-playbook-bot-baibot.md:464
msgid "Troubleshooting" msgid "Troubleshooting"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:435 #: ../../../docs/configuring-playbook-bot-baibot.md:466
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-baibot`." msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-bot-baibot`."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:437 #: ../../../docs/configuring-playbook-bot-baibot.md:468
msgid "Increase logging verbosity" msgid "Increase logging verbosity"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:439 #: ../../../docs/configuring-playbook-bot-baibot.md:470
msgid "The default logging level for this service is `info`. If you want to increase the verbosity to `debug` (or even `trace`), add the following configuration to your `vars.yml` file and re-run the playbook:" msgid "The default logging level for this service is `info`. If you want to increase the verbosity to `debug` (or even `trace`), add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bot-baibot.md:453 #: ../../../docs/configuring-playbook-bot-baibot.md:484
msgid "**Alternatively**, you can use a single variable to set the logging level for all of the above (bot + all libraries):" msgid "**Alternatively**, you can use a single variable to set the logging level for all of the above (bot + all libraries):"
msgstr "" msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -154,141 +154,173 @@ msgid "If you have issues with a service, and are requesting support, the higher
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:141 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:141
msgid "Extending the configuration" msgid "Expose the bridge's API (for Mautrix Manager and similar tools)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:143 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:143
msgid "There are some additional things you may wish to configure about the bridge." msgid "Each mautrix bridge runs an HTTP API which tools like [Mautrix Manager](https://github.com/mautrix/manager) can use to help you log into the bridge. This is especially handy for bridges where logging in manually is cumbersome (like [mautrix-gmessages](configuring-playbook-bridge-mautrix-gmessages.md))."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:145 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:145
msgid "Take a look at:" msgid "By default, the playbook exposes this API publicly at `https://matrix.example.com/bridges/SERVICENAME` (for example, `https://matrix.example.com/bridges/gmessages`). Such tools authenticate to the bridge with your own Matrix access token, so you never need to share any bridge secret with them."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:147 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:147
msgid "`roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` for some variables that you can customize via your `vars.yml` file" msgid "To make discovery easier, the playbook also serves a `/.well-known/matrix/mautrix` file which advertises all your exposed bridges. Mautrix Manager reads this file and offers your bridges automatically, so you don't need to enter their URLs by hand."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:148 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:149
msgid "`roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_SERVICENAME_configuration_extension_yaml` variable" msgid "This is all enabled by default. To **disable exposing the API for all bridges**, add the following configuration to your `vars.yml` file:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:150 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:155
msgid "Installing" msgid "**Alternatively**, to disable it for a specific bridge:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:152
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:159
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:161 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:161
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too." msgid "If you run additional bridges on the same server which are not managed by this playbook and would like compatible tools to discover them as well, you can advertise their base URLs in the `/.well-known/matrix/mautrix` file:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:163 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:168
msgid "Usage" msgid "Only list bridges hosted on (and connected to) this server here, as compatible tools will send your Matrix access token to them. For bridges on other servers, take a look at the `fi.mau.external_bridge_servers` property described in the [Mautrix Manager](https://github.com/mautrix/manager) documentation, which you can add via `matrix_static_files_file_matrix_mautrix_configuration_extension_json`."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:165 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:170
msgid "To use the bridge, you need to start a chat with `@SERVICENAMEbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)." msgid "Extending the configuration"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:167 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:172
msgid "For details about the next steps, refer to each bridge's individual documentation page." msgid "There are some additional things you may wish to configure about the bridge."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:169 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:174
msgid "Send `help` to the bot to see the available commands." msgid "Take a look at:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:171 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:176
msgid "If you run into trouble, check the [Troubleshooting](#troubleshooting) section below." msgid "`roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:173
msgid "Set up Double Puppeting (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:175
msgid "After successfully enabling bridging, you may wish to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:177 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:177
msgid "To set it up, you have 2 ways of going about it." msgid "`roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_SERVICENAME_configuration_extension_yaml` variable"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:179 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:179
msgid "Method 1: automatically, by enabling Appservice Double Puppet (recommended)" msgid "Installing"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:181 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:181
msgid "To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html), you could enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook." msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:183 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:188
msgid "Appservice Double Puppet is a homeserver appservice through which bridges (and potentially other services) can impersonate any user on the homeserver." msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:185 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:190
msgid "To enable the Appservice Double Puppet service, add the following configuration to your `vars.yml` file:" msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:191 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:192
msgid "When enabled, double puppeting will automatically be enabled for all bridges that support double puppeting via the appservice method." msgid "Usage"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:193 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:194
msgid "This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future." msgid "To use the bridge, you need to start a chat with `@SERVICENAMEbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:195 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:196
msgid "**Notes**:" msgid "For details about the next steps, refer to each bridge's individual documentation page."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:197 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:198
msgid "Previously there were multiple different automatic double puppeting methods like one with the help of the [Shared Secret Auth password provider module](./configuring-playbook-shared-secret-auth.md), but they have been superseded by this Appservice Double Puppet method. Double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future as the older methods were completely removed in the megabridge rewrites on [the upstream project](https://docs.mau.fi/bridges/general/double-puppeting.html#automatically)." msgid "Send `help` to the bot to see the available commands."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:200 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:200
msgid "Some bridges like [the deprecated Facebook mautrix bridge](configuring-playbook-bridge-mautrix-facebook.md) and [matrix-appservice-kakaotalk](configuring-playbook-bridge-appservice-kakaotalk.md), which is partially based on the Facebook bridge, are compatible with the Shared Secret Auth service only. These bridges automatically perform Double Puppeting if [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service is configured and enabled on the server for this playbook." msgid "If you run into trouble, check the [Troubleshooting](#troubleshooting) section below."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:202 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:202
msgid "Method 2: manually, by asking each user to provide a working access token" msgid "Set up Double Puppeting (optional)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:204 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:204
msgid "When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:" msgid "After successfully enabling bridging, you may wish to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do)."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:206 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:206
msgid "retrieve a Matrix access token for yourself. Refer to the documentation on [how to obtain one](obtaining-access-tokens.md)." msgid "To set it up, you have 2 ways of going about it."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:208 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:208
msgid "send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`" msgid "Method 1: automatically, by enabling Appservice Double Puppet (recommended)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:210 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:210
msgid "make sure you don't log out the session for which you obtained an access token some time in the future, as that would break the Double Puppeting feature" msgid "To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html), you could enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:212 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:212
msgid "Troubleshooting" msgid "Appservice Double Puppet is a homeserver appservice through which bridges (and potentially other services) can impersonate any user on the homeserver."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:214 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:214
msgid "To enable the Appservice Double Puppet service, add the following configuration to your `vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:220
msgid "When enabled, double puppeting will automatically be enabled for all bridges that support double puppeting via the appservice method."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:222
msgid "This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:224
msgid "**Notes**:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:226
msgid "Previously there were multiple different automatic double puppeting methods like one with the help of the [Shared Secret Auth password provider module](./configuring-playbook-shared-secret-auth.md), but they have been superseded by this Appservice Double Puppet method. Double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future as the older methods were completely removed in the megabridge rewrites on [the upstream project](https://docs.mau.fi/bridges/general/double-puppeting.html#automatically)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:229
msgid "Some bridges like [the deprecated Facebook mautrix bridge](configuring-playbook-bridge-mautrix-facebook.md) and [matrix-appservice-kakaotalk](configuring-playbook-bridge-appservice-kakaotalk.md), which is partially based on the Facebook bridge, are compatible with the Shared Secret Auth service only. These bridges automatically perform Double Puppeting if [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service is configured and enabled on the server for this playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:231
msgid "Method 2: manually, by asking each user to provide a working access token"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:233
msgid "When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:235
msgid "retrieve a Matrix access token for yourself. Refer to the documentation on [how to obtain one](obtaining-access-tokens.md)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:237
msgid "send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:239
msgid "make sure you don't log out the session for which you obtained an access token some time in the future, as that would break the Double Puppeting feature"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:241
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:243
msgid "For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge." msgid "For troubleshooting information with a specific bridge, please see the playbook documentation about it (some other document in in `docs/`) and the upstream ([mautrix](https://github.com/mautrix)) bridge documentation for that specific bridge."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:216 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:245
msgid "If the bridge's bot doesn't accept the invite to a chat, refer [the official troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) as well." msgid "If the bridge's bot doesn't accept the invite to a chat, refer [the official troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) as well."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:218 #: ../../../docs/configuring-playbook-bridge-mautrix-bridges.md:247
msgid "If you found bugs in mautrix bridges, they should be reported to the upstream project, in the corresponding mautrix repository, not to us." msgid "If you found bugs in mautrix bridges, they should be reported to the upstream project, in the corresponding mautrix repository, not to us."
msgstr "" msgstr ""
@@ -0,0 +1,153 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-bridge-rustpush.md:8
msgid "Setting up RustPush (iMessage) bridging (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:10
msgid "**Note:** This bridge is in early development and may have stability issues. It may not be desirable to deploy this to a large number of users. Your testing and feedback is appreciated."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:12
msgid "<sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:14
msgid "The playbook can install and configure [RustPush bridge to iMessage](https://github.com/jasonlaguidice/imessage) for you using Apple's push notification service."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:16
msgid "See the project's [documentation](https://github.com/jasonlaguidice/imessage/blob/main/README.md) to learn what it does and why it might be useful to you."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:18
msgid "Prerequisites"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:20
msgid "Hardware Key Extraction"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:22
msgid "To use this bridge on Linux (Docker), each user needs a **hardware key** extracted from a real Mac. This key contains hardware identifiers needed for iMessage registration. Hardware keys can be shared by a number of users (approximately 20) before causing issues with Apple."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:24
msgid "The key is entered interactively through the bridge bot's login flow (not configured via Ansible variables). See the upstream [README](https://github.com/jasonlaguidice/imessage/blob/main/README.md) for instructions on extracting the key."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:26
msgid "If extracted from an Intel Mac, the Mac does not need to remain running after the key is extracted for this bridge to work. Apple Silicon Macs must run a NAC relay and thus must remain running."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:28
msgid "Phone Number Registration (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:30
msgid "This bridge can **not** do phone number registration (PNR). The only way to have your phone number registered and used (instead of an Apple ID e-mail address) is to have an iPhone connected to your Apple account. Reference the [BlueBubbles Phone Number Registration Guide](https://docs.bluebubbles.app/server/advanced/registering-a-phone-number-with-your-imessage-account) for information on how to set this up."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:32
msgid "Enable Appservice Double Puppet (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:34
msgid "If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:36
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:38
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:40
msgid "To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:46
msgid "Disable Backfill (optional)"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:48
msgid "Backfill can be disabled globally if desired via config. By default, the bridge will backfill from iCloud (CloudKit) and APNS if available. Backfill from `chat.db` is only possible when the bridge is running on MacOS."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:54
msgid "Extending the Configuration"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:56
msgid "There are some additional things you may wish to configure about the bridge."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:58
msgid "See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:60
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:62
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:69
msgid "**Notes**:"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:71
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:73
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:75
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:77
msgid "To use the bridge, you need to start a chat with `@rustpushbot:example.com` (where `example.com` is your base domain, not the `matrix.` domain)."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:79
msgid "After logging in, the bridge will start receiving iMessages and creating portal rooms."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:81
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:83
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-rustpush-bridge`."
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:85
msgid "Increase logging verbosity"
msgstr ""
#: ../../../docs/configuring-playbook-bridge-rustpush.md:87
msgid "The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:"
msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-19 07:40+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -21,7 +21,7 @@ msgid "Setting up Ketesa (optional)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-ketesa.md:16 #: ../../../docs/configuring-playbook-ketesa.md:16
msgid "The playbook can install and configure [Ketesa](https://github.com/etkecc/ketesa) for you." msgid "The playbook can install and configure [Ketesa](https://ketesa.app) ([source code](https://github.com/etkecc/ketesa)) for you."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-ketesa.md:18 #: ../../../docs/configuring-playbook-ketesa.md:18
@@ -33,7 +33,7 @@ msgid "Ketesa does not work with other homeserver implementations than Synapse d
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-ketesa.md:23 #: ../../../docs/configuring-playbook-ketesa.md:23
msgid "The latest version of Ketesa is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting." msgid "The latest version of Ketesa is hosted by [etke.cc](https://etke.cc/) at [cloud.ketesa.app](https://cloud.ketesa.app/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-ketesa.md:24 #: ../../../docs/configuring-playbook-ketesa.md:24
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-20 02:45+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -59,15 +59,3 @@ msgstr ""
#: ../../../docs/configuring-playbook-ldap-auth.md:54 #: ../../../docs/configuring-playbook-ldap-auth.md:54
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too." msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-ldap-auth.md:56
msgid "Usage"
msgstr ""
#: ../../../docs/configuring-playbook-ldap-auth.md:58
msgid "Handling user registration"
msgstr ""
#: ../../../docs/configuring-playbook-ldap-auth.md:60
msgid "If you wish for users to also be able to make new registrations against LDAP, you may **also** wish to [set up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md)."
msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -16,74 +16,18 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:9 #: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:20
msgid "Setting up matrix-ldap-registration-proxy (optional)" msgid "Setting up matrix-ldap-registration-proxy (optional, removed)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:11 #: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:22
msgid "The playbook can install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) for you." msgid "🪦 The playbook used to be able to install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy), but no longer includes this component, as it has become unavailable."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:13 #: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:24
msgid "This proxy handles Matrix registration requests and forwards them to LDAP." msgid "Uninstalling the component manually"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:15 #: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:26
msgid "See the project's [documentation](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/-/blob/main/README.md) to learn what it does and why it might be useful to you." msgid "If you still have matrix-ldap-registration-proxy installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:17
msgid "**Note**: This does support the full Matrix specification for registrations. It only provide a very coarse implementation of a basic password registration."
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:19
msgid "Adjusting the playbook configuration"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:21
msgid "To enable the component, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file (adapt to your needs):"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:33
msgid "If you already use the [synapse external password provider via LDAP](configuring-playbook-ldap-auth.md) (that is, you have `matrix_synapse_ext_password_provider_ldap_enabled: true` and other options in your configuration) you can use the following values as configuration:"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:46
msgid "Extending the configuration"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:48
msgid "There are some additional things you may wish to configure about the component."
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:50
msgid "Take a look at:"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:52
msgid "`roles/custom/matrix-ldap-registration-proxy/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:54
msgid "Installing"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:56
msgid "After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:63
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:65
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:67
msgid "Troubleshooting"
msgstr ""
#: ../../../docs/configuring-playbook-matrix-ldap-registration-proxy.md:69
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-ldap-registration-proxy`."
msgstr "" msgstr ""
@@ -0,0 +1,237 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../../../docs/configuring-playbook-synology.md:7
msgid "Configuring Synology DSM"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:9
msgid "This document is a guide for preparing Synology DSM for the installation of the [Matrix Docker Ansible Deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) project."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:11
msgid "**Note:** Synology DSM is a community-supported platform. It is not officially tested or maintained by the project maintainers. Use at your own discretion."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:13
msgid "**Intended audience:** Users already familiar with DSM, SSH, and this Ansible project."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:15
msgid "Assumptions"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:17
msgid "DSM version 7 or higher"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:18
msgid "`Volume1` is used as the default Docker storage location"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:19
msgid "You are using DSM's built-in reverse proxy for handling HTTPS"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:21
msgid "How Synology Support Works"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:23
msgid "The playbook automatically detects Synology DSM by checking for `/etc/synoinfo.conf`. When detected, it:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:25
msgid "Uses `synouser` and `synogroup` (DSM-native tools) instead of standard Linux user management"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:26
msgid "Constrains the Python `requests` package to a version compatible with the Docker SDK"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:27
msgid "Ensures `/volume1` has shared mount propagation so container bind mounts work correctly"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:28
msgid "Deploys a `matrix-synology-boot-fix` service that runs on every boot after Docker is ready"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:30
msgid "You can override auto-detection by setting `matrix_base_host_is_synology: true` or `false` in your `vars.yml`."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:32
msgid "Matrix Service Account"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:34
msgid "The playbook creates a `matrix` system account using Synology's `synouser` tool. The account is secured as follows:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:36
msgid "**Expired** (`expired=1`) — the account cannot be used to log in to DSM or any application"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:38
msgid "You must set a password for this account via `matrix_synology_user_password` in your `vars.yml` (see [vars.yml Configuration](#varsyml-configuration)). The password cannot be used to log in because the account is expired, but a non-empty password is required as an additional security layer."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:40
msgid "If you pre-create the `matrix` user manually before running the playbook, the playbook will not modify the existing account's settings — you are responsible for securing it."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:42
msgid "Boot-fix Service"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:44
msgid "Synology DSM has two boot-time quirks that the boot-fix service addresses automatically:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:46
msgid "**`/volume1` shared mount propagation**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:48
msgid "Docker requires `/volume1` to be mounted as shared (`mount --make-shared /volume1`) for container bind mounts with `bind-propagation=slave` to work correctly (used by matrix-synapse for its media store). On Synology, this cannot be inserted into the systemd chain before Container Manager starts — doing so causes Container Manager to detect a broken dependency and prompt for repair on every boot. The playbook applies this during setup, and the boot-fix service re-applies it on every subsequent reboot, safely outside Container Manager's dependency chain."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:50
msgid "**Skipped services at boot**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:52
msgid "Synology's systemd drops services with multi-level dependency chains from the boot activation queue (e.g. `matrix-traefik → matrix-container-socket-proxy → docker`). These services show as `inactive` or `failed` after reboot even though they are enabled. The boot-fix service scans for any enabled `matrix-*.service` in either state and starts them automatically."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:54
msgid "**If you previously configured a Task Scheduler entry** (`Control Panel > Task Scheduler`) to run `mount --make-shared /volume1` at boot-up, you can remove it — the boot-fix service now handles this."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:56
msgid "Synology GUI Preparation"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:58
msgid "**Enable SSH**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:59
msgid "`Control Panel` > `Terminal & SNMP` > `Enable SSH service`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:61
msgid "**Enable SFTP**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:62
msgid "`Control Panel` > `File Service` > `FTP` > `Enable SFTP service` with default port"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:64
msgid "**Enable User Home Directory**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:65
msgid "`Control Panel` > `User & Group` > `Advanced` > `Enable user home service`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:67
msgid "**Install Container Manager**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:68
msgid "Install from `Package Center`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:70
msgid "**Configure Reverse Proxy**"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:71
msgid "`Control Panel` > `Login Portal` > `Advanced` > `Reverse Proxy`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:72
msgid "Create entries for each service you enable (e.g. Matrix, Element, admin page)"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:73
msgid "Example entry:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:74
msgid "Source: `HTTPS` / `matrix.example.com` / port `443`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:75
msgid "Destination: `HTTP` / `localhost` / port `81`"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:77
msgid "SSH Preparation"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:79
msgid "(Optional but Recommended) Enable SSH Key Authentication"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:81
msgid "Configure key-based SSH login to avoid password prompts during Ansible runs."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:83
msgid "Set Up the Ansible Environment"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:85
msgid "Create a project folder and Python virtual environment on the DSM host:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:96
msgid "Inventory Configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:98
msgid "In your `inventory/hosts` file, set the Python interpreter to your virtual environment:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:105
msgid "vars.yml Configuration"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:107
msgid "Add the following Synology-specific variables to your `vars.yml`:"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:151
msgid "Running the Playbook"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:167
msgid "**Important:** Always include `stop` before `setup-all,start` when changing configuration. Running `setup-all` alone does not restart already-running containers."
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:169
msgid "Creating Matrix Users"
msgstr ""
#: ../../../docs/configuring-playbook-synology.md:171
msgid "After the services are running, create your first Matrix user:"
msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-19 07:40+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -217,101 +217,101 @@ msgid "[Setting up the LDAP authentication password provider module](configuring
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:115 #: ../../../docs/configuring-playbook.md:115
msgid "[Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (advanced)"
msgstr ""
#: ../../../docs/configuring-playbook.md:117
msgid "[Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)" msgid "[Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (advanced)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:119 #: ../../../docs/configuring-playbook.md:117
msgid "[Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)" msgid "[Setting up Matrix User Verification Service](configuring-playbook-user-verification-service.md) (advanced)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:121 #: ../../../docs/configuring-playbook.md:119
msgid "File Storage" msgid "File Storage"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:123 #: ../../../docs/configuring-playbook.md:121
msgid "Use alternative file storage to the default `media_store` folder." msgid "Use alternative file storage to the default `media_store` folder."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:125 #: ../../../docs/configuring-playbook.md:123
msgid "[Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md)" msgid "[Storing Matrix media files using matrix-media-repo](configuring-playbook-matrix-media-repo.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:127 #: ../../../docs/configuring-playbook.md:125
msgid "[Storing Synapse media files on Amazon S3 or another compatible Object Storage](configuring-playbook-s3.md)" msgid "[Storing Synapse media files on Amazon S3 or another compatible Object Storage](configuring-playbook-s3.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:129 #: ../../../docs/configuring-playbook.md:127
msgid "[Storing Synapse media files on Amazon S3 with Goofys](configuring-playbook-s3-goofys.md)" msgid "[Storing Synapse media files on Amazon S3 with Goofys](configuring-playbook-s3-goofys.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:131 #: ../../../docs/configuring-playbook.md:129
msgid "[Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)" msgid "[Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:133 #: ../../../docs/configuring-playbook.md:131
msgid "Bridging other networks" msgid "Bridging other networks"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:135 #: ../../../docs/configuring-playbook.md:133
msgid "Bridges can be used to connect your Matrix installation with third-party communication networks." msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:137 #: ../../../docs/configuring-playbook.md:135
msgid "[Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md) — a common guide for configuring mautrix bridges" msgid "[Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md) — a common guide for configuring mautrix bridges"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:139 #: ../../../docs/configuring-playbook.md:137
msgid "[Setting up Mautrix Bluesky bridging](configuring-playbook-bridge-mautrix-bluesky.md)" msgid "[Setting up Mautrix Bluesky bridging](configuring-playbook-bridge-mautrix-bluesky.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:141 #: ../../../docs/configuring-playbook.md:139
msgid "[Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md)" msgid "[Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:143 #: ../../../docs/configuring-playbook.md:141
msgid "[Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md)" msgid "[Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:145 #: ../../../docs/configuring-playbook.md:143
msgid "[Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md)" msgid "[Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:147 #: ../../../docs/configuring-playbook.md:145
msgid "[Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md)" msgid "[Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:149 #: ../../../docs/configuring-playbook.md:147
msgid "[Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md)" msgid "[Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:151 #: ../../../docs/configuring-playbook.md:149
msgid "[Setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md)" msgid "[Setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:153 #: ../../../docs/configuring-playbook.md:151
msgid "[Setting up Messenger bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-messenger.md)" msgid "[Setting up Messenger bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-messenger.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:155 #: ../../../docs/configuring-playbook.md:153
msgid "[Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md)" msgid "[Setting up Mautrix Google Chat bridging](configuring-playbook-bridge-mautrix-googlechat.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:157 #: ../../../docs/configuring-playbook.md:155
msgid "[Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md)" msgid "[Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:159 #: ../../../docs/configuring-playbook.md:157
msgid "[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)" msgid "[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:161 #: ../../../docs/configuring-playbook.md:159
msgid "[Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)" msgid "[Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:161
msgid "[Setting up RustPush (iMessage) bridging](configuring-playbook-bridge-rustpush.md)"
msgstr ""
#: ../../../docs/configuring-playbook.md:163 #: ../../../docs/configuring-playbook.md:163
msgid "[Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)" msgid "[Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md)"
msgstr "" msgstr ""
@@ -373,7 +373,7 @@ msgid "Bots provide various additional functionality to your installation."
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:193 #: ../../../docs/configuring-playbook.md:193
msgid "[Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services ([OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/) and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md))" msgid "[Setting up baibot](configuring-playbook-bot-baibot.md) — a bot through which you can talk to various [AI](https://en.wikipedia.org/wiki/Artificial_intelligence) / [Large Language Models](https://en.wikipedia.org/wiki/Large_language_model) services (the privacy-first [Venice](configuring-playbook-bot-baibot.md#venice) we recommend, [OpenAI](https://openai.com/)'s [ChatGPT](https://openai.com/blog/chatgpt/), and [others](https://github.com/etkecc/baibot/blob/main/docs/providers.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:195 #: ../../../docs/configuring-playbook.md:195
@@ -553,37 +553,41 @@ msgid "[Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) (unm
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:282 #: ../../../docs/configuring-playbook.md:282
msgid "[Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)" msgid "[Setting up matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (removed; the repository of the source code has been removed)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:284 #: ../../../docs/configuring-playbook.md:284
msgid "[Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))" msgid "[Setting up matrix-registration](configuring-playbook-matrix-registration.md) (removed; this component has been unmaintained)"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:286 #: ../../../docs/configuring-playbook.md:286
msgid "[Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-instagram](configuring-playbook-bridge-mautrix-meta-instagram.md))" msgid "[Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-messenger](configuring-playbook-bridge-mautrix-meta-messenger.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:288 #: ../../../docs/configuring-playbook.md:288
msgid "[Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md))" msgid "[Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (deprecated in favor of the Messenger/Instagram bridge with [mautrix-meta-instagram](configuring-playbook-bridge-mautrix-meta-instagram.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:290 #: ../../../docs/configuring-playbook.md:290
msgid "[Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md))" msgid "[Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:292 #: ../../../docs/configuring-playbook.md:292
msgid "[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (removed; this component has been broken for a long time, so it has been removed from the playbook. Consider [setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md))" msgid "[Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Instagram bridging via Mautrix Meta](configuring-playbook-bridge-mautrix-meta-instagram.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:294 #: ../../../docs/configuring-playbook.md:294
msgid "[Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))" msgid "[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (removed; this component has been broken for a long time, so it has been removed from the playbook. Consider [setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:296 #: ../../../docs/configuring-playbook.md:296
msgid "[Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))" msgid "[Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))"
msgstr "" msgstr ""
#: ../../../docs/configuring-playbook.md:298 #: ../../../docs/configuring-playbook.md:298
msgid "[Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))"
msgstr ""
#: ../../../docs/configuring-playbook.md:300
msgid "[Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)" msgid "[Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)"
msgstr "" msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-19 07:40+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -320,18 +320,6 @@ msgstr ""
msgid "LDAP Auth password provider module" msgid "LDAP Auth password provider module"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "Proxy that handles Matrix registration requests and forwards them to LDAP"
msgstr ""
#: ../../../docs/container-images.md:0 #: ../../../docs/container-images.md:0
msgid "[Matrix User Verification Service](configuring-playbook-user-verification-service.md)" msgid "[Matrix User Verification Service](configuring-playbook-user-verification-service.md)"
msgstr "" msgstr ""
@@ -352,11 +340,11 @@ msgstr ""
msgid "Spam checker module" msgid "Spam checker module"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:74 #: ../../../docs/container-images.md:73
msgid "File Storage" msgid "File Storage"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:76 #: ../../../docs/container-images.md:75
msgid "Use alternative file storage to the default `media_store` folder." msgid "Use alternative file storage to the default `media_store` folder."
msgstr "" msgstr ""
@@ -388,11 +376,11 @@ msgstr ""
msgid "Highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification." msgid "Highly customizable multi-domain media repository for Matrix. Intended for medium to large deployments, this media repo de-duplicates media while being fully compliant with the specification."
msgstr "" msgstr ""
#: ../../../docs/container-images.md:84 #: ../../../docs/container-images.md:83
msgid "Bridges" msgid "Bridges"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:86 #: ../../../docs/container-images.md:85
msgid "Bridges can be used to connect your Matrix installation with third-party communication networks." msgid "Bridges can be used to connect your Matrix installation with third-party communication networks."
msgstr "" msgstr ""
@@ -648,6 +636,18 @@ msgstr ""
msgid "Bridge to [Steam](https://steampowered.com/)" msgid "Bridge to [Steam](https://steampowered.com/)"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-rustpush-bridge](configuring-playbook-bridge-rustpush.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[jasonlaguidice/imessage](https://github.com/jasonlaguidice/imessage/pkgs/container/imessage)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "Bridge to [iMessage](https://support.apple.com/messages) via Apple Push Notification service"
msgstr ""
#: ../../../docs/container-images.md:0 #: ../../../docs/container-images.md:0
msgid "[mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md)" msgid "[mx-puppet-steam](configuring-playbook-bridge-mx-puppet-steam.md)"
msgstr "" msgstr ""
@@ -1144,6 +1144,18 @@ msgstr ""
msgid "Accessing ChatGPT via your favourite Matrix client" msgid "Accessing ChatGPT via your favourite Matrix client"
msgstr "" msgstr ""
#: ../../../docs/container-images.md:0
msgid "[matrix-ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "[activism.international/matrix_ldap_registration_proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy/container_registry)"
msgstr ""
#: ../../../docs/container-images.md:0
msgid "Proxy that handles Matrix registration requests and forwards them to LDAP"
msgstr ""
#: ../../../docs/container-images.md:0 #: ../../../docs/container-images.md:0
msgid "[matrix-registration](configuring-playbook-matrix-registration.md)" msgid "[matrix-registration](configuring-playbook-matrix-registration.md)"
msgstr "" msgstr ""
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-02-13 10:32+0000\n" "POT-Creation-Date: 2026-06-29 17:11+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -45,7 +45,7 @@ msgid "For simplicity reasons, this playbook recommends you to set up server del
msgstr "" msgstr ""
#: ../../../docs/howto-server-delegation.md:26 #: ../../../docs/howto-server-delegation.md:26
msgid "**Note**: as an alternative, it is possible to install the server such that it uses only the `matrix.example.com` domain (instead of identifying as the shorter base domain — `example.com`). This should be helpful if you are not in control of anything on the base domain (`example.com`). In this case, you would not need to configure server delegation, but you would need to add other configuration. For more information, see [How do I install on matrix.example.com without involving the base domain?](faq.md#how-do-i-install-on-matrix-example-com-without-involving-the-base-domain) on our FAQ." msgid "**Note**: as an alternative, it is possible to install the server such that it uses only the `matrix.example.com` domain (instead of identifying as the shorter base domain — `example.com`). This should be helpful if you are not in control of anything on the base domain (`example.com`). In this case, you would not need to configure server delegation, but you would need to add other configuration. For more information, see [How do I install on matrix.example.com without involving the base domain?](faq.md#how-do-i-install-on-matrixexamplecom-without-involving-the-base-domain) on our FAQ."
msgstr "" msgstr ""
#: ../../../docs/howto-server-delegation.md:28 #: ../../../docs/howto-server-delegation.md:28
+30 -18
View File
@@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n" "Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-05-19 07:40+0000\n" "POT-Creation-Date: 2026-06-29 17:50+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -261,49 +261,61 @@ msgid "or help make this playbook better by contributing (code, documentation, o
msgstr "" msgstr ""
#: ../../../docs/installing.md:153 #: ../../../docs/installing.md:153
msgid "⚠️ Keep the playbook and services up-to-date" msgid "Installing native Matrix clients on your computer"
msgstr "" msgstr ""
#: ../../../docs/installing.md:155 #: ../../../docs/installing.md:155
msgid "While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**." msgid "As the playbook's aim is to help you to install and manage Matrix services on your server, if you are looking for dedicated native Matrix clients which run on your computer, you need to install ones by yourself. There is a convenient list which introduces known Matrix clients on this page: <https://matrix.org/ecosystem/clients/>"
msgstr "" msgstr ""
#: ../../../docs/installing.md:157 #: ../../../docs/installing.md:157
msgid "The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities." msgid "If you feel overwhelmed by the variety and the number of the available clients, you might want to install [**Komai**](https://github.com/etkecc/komai), a desktop-first Matrix chat application maintained by the team behind the playbook. It is stable, and just works without quirks!"
msgstr "" msgstr ""
#: ../../../docs/installing.md:159 #: ../../../docs/installing.md:159
msgid "Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date." msgid "⚠️ Keep the playbook and services up-to-date"
msgstr "" msgstr ""
#: ../../../docs/installing.md:161 #: ../../../docs/installing.md:161
msgid "Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook." msgid "While this playbook helps you to set up Matrix services and maintain them, it will **not** automatically run the maintenance task for you. You will need to update the playbook and re-run it **manually**."
msgstr "" msgstr ""
#: ../../../docs/installing.md:163 #: ../../../docs/installing.md:163
msgid "For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)" msgid "The upstream projects, which this playbook makes use of, occasionally if not often suffer from security vulnerabilities."
msgstr "" msgstr ""
#: ../../../docs/installing.md:165 #: ../../../docs/installing.md:165
msgid "Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match." msgid "Since it is unsafe to keep outdated services running on the server connected to the internet, please consider to update the playbook and re-run it periodically, in order to keep the services up-to-date."
msgstr ""
#: ../../../docs/installing.md:167
msgid "Also, do not forget to update your system regularly. While this playbook may install basic services, such as Docker, it will not interfere further with system maintenance. Keeping the system itself up-to-date is out of scope for this playbook."
msgstr ""
#: ../../../docs/installing.md:169
msgid "For more information about upgrading or maintaining services with the playbook, take a look at this page: [Upgrading the Matrix services](maintenance-upgrading-services.md)"
msgstr "" msgstr ""
#: ../../../docs/installing.md:171 #: ../../../docs/installing.md:171
msgid "**Note**: see [this page on the playbook tags](playbook-tags.md) for more information about those tags." msgid "Feel free to **re-run the setup command any time** you think something is wrong with the server configuration. Ansible will take your configuration and update your server to match."
msgstr ""
#: ../../../docs/installing.md:173
msgid "Make full use of `just` shortcut commands"
msgstr ""
#: ../../../docs/installing.md:175
msgid "After you get familiar with reconfiguring and re-running the playbook to maintain the server, upgrade its services, etc., you probably would like to make use of `just` shortcut commands for faster input."
msgstr "" msgstr ""
#: ../../../docs/installing.md:177 #: ../../../docs/installing.md:177
msgid "For example, `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed." msgid "**Note**: see [this page on the playbook tags](playbook-tags.md) for more information about those tags."
msgstr "" msgstr ""
#: ../../../docs/installing.md:179 #: ../../../docs/installing.md:179
msgid "Make full use of `just` shortcut commands"
msgstr ""
#: ../../../docs/installing.md:181
msgid "After you get familiar with reconfiguring and re-running the playbook to maintain the server, upgrade its services, etc., you probably would like to make use of `just` shortcut commands for faster input."
msgstr ""
#: ../../../docs/installing.md:183
msgid "For example, `just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed."
msgstr ""
#: ../../../docs/installing.md:185
msgid "You can learn about the shortcut commands on this page: [Running `just` commands](just.md)" msgid "You can learn about the shortcut commands on this page: [Running `just` commands](just.md)"
msgstr "" msgstr ""
+1 -1
View File
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
[tools] [tools]
prek = "0.4.4" prek = "0.4.6"
[settings] [settings]
yes = true yes = true
+6 -6
View File
@@ -7,7 +7,7 @@
version: v1.4.4-2.1.4-1 version: v1.4.4-2.1.4-1
name: backup_borg name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
version: v4.12.2-0 version: v4.12.3-0
name: cinny name: cinny
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.2-5 version: v0.4.2-5
@@ -33,7 +33,7 @@
version: v4.99.1-r0-2-1 version: v4.99.1-r0-2-1
name: exim_relay name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-10 version: v13.0.2-0
name: grafana name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
version: v0.5.1-5 version: v0.5.1-5
@@ -42,10 +42,10 @@
version: v11031-0 version: v11031-0
name: jitsi name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.12.0-0 version: v1.13.2-0
name: livekit_server name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.24.0-0 version: v2.25.0-0
name: ntfy name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4 version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4
@@ -75,7 +75,7 @@
version: v0.19.1-4 version: v0.19.1-4
name: prometheus_postgres_exporter name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
version: v1.18.0-0 version: v1.18.3-0
name: sable name: sable
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.5.0-0 version: v1.5.0-0
@@ -90,7 +90,7 @@
version: v3.7.5-0 version: v3.7.5-0
name: traefik name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-7 version: v2.11.4-0
name: traefik_certs_dumper name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v9.1.0-0 version: v9.1.0-0
@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2026.6.10 matrix_alertmanager_receiver_version: 2026.6.24
matrix_alertmanager_receiver_scheme: https matrix_alertmanager_receiver_scheme: https
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src" matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
# renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
matrix_authentication_service_version: 1.18.0 matrix_authentication_service_version: 1.19.0
matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}" matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}" matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/" matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
@@ -54,6 +54,15 @@ matrix_bridges_msc4190_enabled: "{{ matrix_authentication_service_enabled and ma
# Global var for enabling bridge self-signing ( On supported bridges) # Global var for enabling bridge self-signing ( On supported bridges)
matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_bridges_self_sign_enabled: "{{ matrix_bridges_msc4190_enabled }}"
# Global vars for exposing bridges' HTTP API publicly on the Matrix domain.
# This is used by tools like mautrix-manager (https://github.com/mautrix/manager) to drive bridge login.
# Each supported bridge's HTTP endpoint is exposed under `<path_prefix>/<bridge>` (e.g. `/bridges/gmessages`).
# Requests are authenticated by the bridge itself (e.g. per-user Matrix access token for the provisioning API,
# or the homeserver token for the appservice endpoints), not by us.
matrix_bridges_exposure_enabled: true
matrix_bridges_exposure_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_bridges_exposure_path_prefix: /bridges
# Global var to enable/disable relay mode across all bridges with relay mode support # Global var to enable/disable relay mode across all bridges with relay mode support
matrix_bridges_relay_enabled: false matrix_bridges_relay_enabled: false
@@ -195,6 +204,26 @@ matrix_group_system: true
matrix_user_uid: ~ matrix_user_uid: ~
matrix_user_gid: ~ matrix_user_gid: ~
# Controls Synology DSM-specific handling. `null` means autodetect (via /etc/synoinfo.conf).
# Set to `true`/`false` to force.
matrix_base_host_is_synology: ~
# Password for the Matrix service account on Synology DSM.
# Must be set to a non-empty value in your vars.yml when running on Synology.
# The account is created as expired so the password cannot be used to log in.
matrix_synology_user_password: ""
# Version constraint for the requests Python package installed on Synology hosts.
# requests >= 2.32 dropped the http+docker URL scheme used by the Docker SDK,
# causing "Not supported URL scheme http+docker" errors. Installed into the
# system Python interpreter (ansible_python_interpreter) on the remote host.
matrix_base_synology_requests_version_constraint: "requests<2.32"
# Synology volume that needs shared mount propagation so that Docker
# bind-propagation=slave mounts (used by matrix-synapse for its media store)
# work correctly. Defaults to /volume1 (DSM's default Docker storage volume).
matrix_base_synology_volume_path: "/volume1"
matrix_base_data_path: "/matrix" matrix_base_data_path: "/matrix"
matrix_base_data_path_mode: "750" matrix_base_data_path_mode: "750"
@@ -0,0 +1,16 @@
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Detect Synology DSM
ansible.builtin.stat:
path: /etc/synoinfo.conf
register: matrix_base_synoinfo_conf_stat
when: matrix_base_host_is_synology is none
- name: Set matrix_base_host_is_synology from detection
ansible.builtin.set_fact:
matrix_base_host_is_synology: "{{ matrix_base_synoinfo_conf_stat.stat.exists }}"
when: matrix_base_host_is_synology is none
+13
View File
@@ -4,6 +4,7 @@
# SPDX-FileCopyrightText: 2020 Marcel Partap # SPDX-FileCopyrightText: 2020 Marcel Partap
# SPDX-FileCopyrightText: 2022 Marko Weltzer # SPDX-FileCopyrightText: 2022 Marko Weltzer
# SPDX-FileCopyrightText: 2022 Warren Bailey # SPDX-FileCopyrightText: 2022 Warren Bailey
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -15,6 +16,11 @@
block: block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- tags:
- always
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/detect_platform.yml"
# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`, # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
# which are required by many other roles. # which are required by many other roles.
- tags: - tags:
@@ -24,6 +30,13 @@
block: block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml" - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
- tags:
- setup-all
- install-all
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synology_prerequisites.yml"
when: matrix_base_host_is_synology
- tags: - tags:
- setup-all - setup-all
- install-all - install-all
@@ -7,11 +7,20 @@
# SPDX-FileCopyrightText: 2022 Sebastian Gumprich # SPDX-FileCopyrightText: 2022 Sebastian Gumprich
# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara # SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
# SPDX-FileCopyrightText: 2024 László Várady # SPDX-FileCopyrightText: 2024 László Várady
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
--- ---
# Snapshot ownership before any changes so we can decide whether a recursive
# chown is needed (only when uid/gid actually differs from expected).
- name: Check current ownership of Matrix base path (Synology)
ansible.builtin.stat:
path: "{{ matrix_base_data_path }}"
register: matrix_base_data_path_stat
when: matrix_base_host_is_synology
- name: Ensure Matrix base paths exists - name: Ensure Matrix base paths exists
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
@@ -28,3 +37,18 @@
src: "{{ role_path }}/templates/bin/remove-all.j2" src: "{{ role_path }}/templates/bin/remove-all.j2"
dest: "{{ matrix_bin_path }}/remove-all" dest: "{{ matrix_bin_path }}/remove-all"
mode: '0750' mode: '0750'
# On Synology, name-based chown works for directly-touched paths but leaves
# existing sub-paths with stale numeric ownership when uid/gid changes between
# runs. We recurse only when the pre-task uid/gid didn't match, so normal runs
# skip the expensive tree walk entirely. chown -R is used instead of the file
# module's recurse option to avoid Ansible iterating every entry in Python.
- name: Ensure Matrix base path ownership is correct using numeric UID/GID (Synology)
ansible.builtin.command: chown -R {{ matrix_user_uid }}:{{ matrix_user_gid }} {{ matrix_base_data_path }}
changed_when: true
when: >-
matrix_base_host_is_synology and (
not matrix_base_data_path_stat.stat.exists or
matrix_base_data_path_stat.stat.uid | int != matrix_user_uid | int or
matrix_base_data_path_stat.stat.gid | int != matrix_user_gid | int
)
@@ -1,31 +1,13 @@
# SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev # SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
# SPDX-FileCopyrightText: 2022 Marko Weltzer # SPDX-FileCopyrightText: 2022 Marko Weltzer
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
--- ---
- name: Ensure Matrix group is created - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user_synology.yml"
ansible.builtin.group: when: matrix_base_host_is_synology
name: "{{ matrix_group_name }}"
gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
state: present
system: "{{ matrix_group_system }}"
register: matrix_group
- name: Ensure Matrix user is created - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user_linux.yml"
ansible.builtin.user: when: not matrix_base_host_is_synology
name: "{{ matrix_user_name }}"
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present
group: "{{ matrix_group_name }}"
home: "{{ matrix_base_data_path }}"
create_home: false
system: "{{ matrix_user_system }}"
shell: "{{ matrix_user_shell }}"
register: matrix_user
- name: Initialize matrix_user_uid and matrix_user_gid
ansible.builtin.set_fact:
matrix_user_uid: "{{ matrix_user.uid }}"
matrix_user_gid: "{{ matrix_group.gid }}"
@@ -0,0 +1,31 @@
# SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
# SPDX-FileCopyrightText: 2022 Marko Weltzer
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure Matrix group is created
ansible.builtin.group:
name: "{{ matrix_group_name }}"
gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
state: present
system: "{{ matrix_group_system }}"
register: matrix_group
- name: Ensure Matrix user is created
ansible.builtin.user:
name: "{{ matrix_user_name }}"
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present
group: "{{ matrix_group_name }}"
home: "{{ matrix_base_data_path }}"
create_home: false
system: "{{ matrix_user_system }}"
shell: "{{ matrix_user_shell }}"
register: matrix_user
- name: Initialize matrix_user_uid and matrix_user_gid
ansible.builtin.set_fact:
matrix_user_uid: "{{ matrix_user.uid }}"
matrix_user_gid: "{{ matrix_group.gid }}"
@@ -0,0 +1,69 @@
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if matrix_synology_user_password is not set
ansible.builtin.fail:
msg: >-
You must set `matrix_synology_user_password` to a non-empty value in your vars.yml.
This password secures the Matrix service account on Synology DSM.
The account is created as expired so the password cannot be used to log in.
when: matrix_synology_user_password == '' or matrix_synology_user_password is none
- name: Check if Matrix user exists (Synology)
ansible.builtin.command: id {{ matrix_user_name }}
register: matrix_user_check
changed_when: false
failed_when: false
# Created with expired=1 (cannot log in)
# as this is a service account. If you pre-create the user, you are responsible
# for securing it; the playbook will not modify an existing account's settings.
- name: Ensure Matrix user is created (Synology)
ansible.builtin.command: >
/usr/syno/sbin/synouser --add {{ matrix_user_name }}
"{{ matrix_synology_user_password }}" "{{ matrix_user_name }}" 1 "" 0
when: matrix_user_check.rc != 0
changed_when: true
no_log: true
- name: Ensure Matrix user password is up to date (Synology)
ansible.builtin.command: /usr/syno/sbin/synouser --setpw {{ matrix_user_name }} "{{ matrix_synology_user_password }}"
when: matrix_user_check.rc == 0
changed_when: false
no_log: true
- name: Check if Matrix group exists (Synology)
ansible.builtin.command: /usr/syno/sbin/synogroup --get {{ matrix_group_name }}
register: matrix_group_check
changed_when: false
failed_when: false
- name: Ensure Matrix group is created (Synology)
ansible.builtin.command: /usr/syno/sbin/synogroup --add {{ matrix_group_name }} {{ matrix_user_name }}
when: matrix_group_check.rc != 0
changed_when: true
- name: Get Matrix user UID (Synology)
ansible.builtin.command: id -u {{ matrix_user_name }}
register: matrix_user_uid_result
changed_when: false
- name: Get Matrix group info (Synology)
ansible.builtin.command: /usr/syno/sbin/synogroup --get {{ matrix_group_name }}
register: matrix_synogroup_result
changed_when: false
- name: Initialize matrix_user_uid and matrix_user_gid
ansible.builtin.set_fact:
matrix_user_uid: "{{ matrix_user_uid_result.stdout }}"
matrix_user_gid: >-
{{
matrix_synogroup_result.stdout_lines
| select('match', '^Group ID:')
| first
| regex_search('\[(\d+)\]', '\1')
| first
}}
@@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Deploy Matrix boot recovery script (Synology)
ansible.builtin.template:
src: "{{ role_path }}/templates/bin/matrix-synology-boot-fix.j2"
dest: "{{ matrix_bin_path }}/matrix-synology-boot-fix"
mode: "0750"
owner: root
group: root
- name: Deploy Matrix boot recovery service (Synology)
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-synology-boot-fix.service.j2"
dest: /etc/systemd/system/matrix-synology-boot-fix.service
mode: "0644"
register: matrix_synology_boot_fix_service
- name: Reload systemd and enable Matrix boot recovery service (Synology)
ansible.builtin.systemd:
name: matrix-synology-boot-fix.service
daemon_reload: true
enabled: true
when: matrix_synology_boot_fix_service.changed
@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure requests Python package is constrained for Docker SDK compatibility (Synology)
ansible.builtin.pip:
name: "{{ matrix_base_synology_requests_version_constraint }}"
state: present
# Determine whether the volume is already a shared mount, so that the
# make-shared command below only runs (and only reports `changed`) when it
# actually needs to. We read /proc/self/mountinfo (always present on Linux)
# and look for the ` shared:` optional tag on the volume's mount point line.
# grep exits non-zero on no-match or any error, so the make-shared command is
# skipped only when shared propagation is positively confirmed; every other
# case falls through to running it (which is idempotent).
- name: Determine current mount propagation of the Synology volume
ansible.builtin.command: grep -E ' {{ matrix_base_synology_volume_path }} .* shared:' /proc/self/mountinfo
register: matrix_base_synology_volume_propagation
changed_when: false
failed_when: false
# Run immediately during setup so matrix services can start without a manual
# step. The boot-fix service handles this on every subsequent reboot.
# noqa command-instead-of-module: ansible.builtin.mount does not support
# changing mount propagation (--make-shared); command is the only option here.
- name: Ensure the Synology volume has shared mount propagation
ansible.builtin.command: mount --make-shared {{ matrix_base_synology_volume_path }} # noqa command-instead-of-module
when: matrix_base_synology_volume_propagation.rc != 0
changed_when: true
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_synology_boot_fix.yml"
@@ -0,0 +1,54 @@
#!/bin/sh
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Boot recovery for Matrix services on Synology DSM.
#
# This script runs after multi-user.target (outside Container Manager's dependency
# chain) and does two things:
#
# 1. Makes {{ matrix_base_synology_volume_path }} mount-shared so Docker bind-propagation=slave mounts work.
# Inserting this into the systemd chain Before=pkg-ContainerManager-dockerd.service
# causes Container Manager to detect a broken dependency and prompt for repair,
# so it must run here instead, after Docker is already up.
#
# 2. Starts any enabled matrix-*.service that systemd skipped at boot.
# Synology's systemd drops services with multi-level dependency chains
# (e.g. traefik -> socket-proxy -> docker) from the boot activation queue.
# Services that need bind-propagation=slave (e.g. matrix-synapse) are
# created after step 1, so the propagation is already in effect.
# Wait up to 120s for Docker to be ready
i=0
while [ "$i" -lt 60 ]; do
{{ devture_systemd_docker_base_host_command_docker }} info >/dev/null 2>&1 && break
i=$((i + 1))
sleep 2
done
if ! {{ devture_systemd_docker_base_host_command_docker }} info >/dev/null 2>&1; then
echo "matrix-synology-boot-fix: Docker not ready after 120s, aborting" >&2
exit 1
fi
# Make {{ matrix_base_synology_volume_path }} shared so Docker bind-propagation=slave mounts work correctly.
# Must run after Docker is up to avoid interfering with Container Manager's
# integrity checks, but before matrix-synapse (and any other service using
# bind-propagation=slave) creates its containers.
/bin/mount --make-shared {{ matrix_base_synology_volume_path }}
echo "matrix-synology-boot-fix: {{ matrix_base_synology_volume_path }} set to shared mount propagation"
# Start any enabled matrix-*.service that is inactive or failed.
# Both states indicate the service did not come up at boot — either skipped by
# Synology's boot ordering or failed due to Docker/mount-propagation not being
# ready yet (the conditions above now satisfy those prerequisites).
{{ devture_systemd_docker_base_host_command_systemctl }} list-unit-files 'matrix-*.service' --state=enabled --no-legend 2>/dev/null | \
while read -r unit _state; do
[ "$unit" = "matrix-synology-boot-fix.service" ] && continue
status="$({{ devture_systemd_docker_base_host_command_systemctl }} is-active "$unit" 2>/dev/null)"
if [ "$status" = "inactive" ] || [ "$status" = "failed" ]; then
echo "matrix-synology-boot-fix: starting $unit (was $status)"
{{ devture_systemd_docker_base_host_command_systemctl }} start "$unit"
fi
done
@@ -0,0 +1,16 @@
# SPDX-FileCopyrightText: 2026 Chiu Ki Sit
#
# SPDX-License-Identifier: AGPL-3.0-or-later
[Unit]
Description=Matrix Services Boot Recovery (Synology)
# Run after multi-user.target so all matrix services have been attempted first.
After=multi-user.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart={{ matrix_bin_path }}/matrix-synology-boot-fix
[Install]
WantedBy=multi-user.target
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.21.1 matrix_bot_baibot_version: v1.25.0
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}" matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}" matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
@@ -200,6 +200,12 @@ matrix_bot_baibot_config_agents_static_definitions_auto: |-
'provider': matrix_bot_baibot_config_agents_static_definitions_openai_provider, 'provider': matrix_bot_baibot_config_agents_static_definitions_openai_provider,
'config': matrix_bot_baibot_config_agents_static_definitions_openai_config, 'config': matrix_bot_baibot_config_agents_static_definitions_openai_config,
}] if matrix_bot_baibot_config_agents_static_definitions_openai_enabled else []) }] if matrix_bot_baibot_config_agents_static_definitions_openai_enabled else [])
+
([{
'id': matrix_bot_baibot_config_agents_static_definitions_venice_id,
'provider': matrix_bot_baibot_config_agents_static_definitions_venice_provider,
'config': matrix_bot_baibot_config_agents_static_definitions_venice_config,
}] if matrix_bot_baibot_config_agents_static_definitions_venice_enabled else [])
}} }}
matrix_bot_baibot_config_agents_static_definitions_custom: [] matrix_bot_baibot_config_agents_static_definitions_custom: []
@@ -442,6 +448,175 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_image_generatio
######################################################################################## ########################################################################################
########################################################################################
# #
# Venice agent configuration #
# #
########################################################################################
matrix_bot_baibot_config_agents_static_definitions_venice_enabled: false
matrix_bot_baibot_config_agents_static_definitions_venice_id: venice
matrix_bot_baibot_config_agents_static_definitions_venice_provider: venice
matrix_bot_baibot_config_agents_static_definitions_venice_config: "{{ matrix_bot_baibot_config_agents_static_definitions_venice_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_venice_config_extension, recursive=True) }}"
matrix_bot_baibot_config_agents_static_definitions_venice_config_yaml: "{{ lookup('template', 'templates/provider/venice-config.yml.j2') }}"
matrix_bot_baibot_config_agents_static_definitions_venice_config_extension: "{{ matrix_bot_baibot_config_agents_static_definitions_venice_config_extension_yaml | from_yaml if matrix_bot_baibot_config_agents_static_definitions_venice_config_extension_yaml | from_yaml is mapping else {} }}"
matrix_bot_baibot_config_agents_static_definitions_venice_config_extension_yaml: |
# Your custom YAML configuration for this provider's configuration goes here.
# This configuration extends the default starting configuration (`matrix_bot_baibot_config_agents_static_definitions_venice_config`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_bot_baibot_config_agents_static_definitions_venice_config_yaml`.
#
# The fully-commented sample config (every Venice knob, with explanations) lives at:
# https://github.com/etkecc/baibot/blob/main/docs/sample-provider-configs/venice.yml
#
# Example configuration extension follows:
#
# text_generation:
# venice_parameters:
# enable_web_search: "off"
matrix_bot_baibot_config_agents_static_definitions_venice_config_base_url: https://api.venice.ai/api/v1
matrix_bot_baibot_config_agents_static_definitions_venice_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_enabled: true
# For valid model choices, see: https://docs.venice.ai/models/overview
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_model_id: kimi-k2-5
# The prompt text to use (can be null or empty to not use a prompt).
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_temperature: 1.0
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_max_response_tokens: 4096
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_max_context_tokens: 128000
# How long Venice keeps the prompt prefix cached: "default", "extended", or "24h".
# "24h" makes a long, stable system prompt cheap across a day of conversations.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_prompt_cache_retention: 24h
# The optional top-level sampling and reasoning knobs below default to null, meaning the knob is
# omitted from the request and Venice applies its own server-side default. Set a value to override.
# Nucleus sampling, 0.0-1.0 (an alternative to temperature).
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_top_p: ~
# Penalize tokens by how often they have already appeared, -2.0-2.0.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_frequency_penalty: ~
# Penalize tokens that have appeared at all, -2.0-2.0.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_presence_penalty: ~
# Penalize repetition; values above 1.0 discourage repeats.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_repetition_penalty: ~
# Reasoning budget for models that support it: "low", "medium", or "high".
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_reasoning_effort: ~
# Append the model's reasoning below the answer as a collapsible "Reasoning" block (folded by default).
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_show_reasoning: ~
# Venice-specific request parameters (the `venice_parameters` bag). Each non-null knob below is sent;
# a null knob is omitted, so Venice applies its own default. Omitting a knob is NOT the same as
# setting it to `false` (which actively sends `false`).
# Web search: "auto" (model decides), "on" (always), or "off".
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_search: auto
# Strip <think></think> blocks from reasoning models so the user sees only the answer.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_strip_thinking_response: true
# Run in TEE-only mode (works across all models) instead of end-to-end-encrypted inference (only
# some models support it). TEE is still zero-retention private; this default keeps every model usable.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_e2ee: false
# Render web-search sources as readable citations in the reply.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_citations: ~
# Let web search read full page content, not just snippets.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_scraping: ~
# Prepend Venice's own system prompt alongside yours.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_venice_system_prompt: ~
# Include search results inline in the streamed response.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_search_results_in_stream: ~
# Return search results as documents rather than inline text.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_return_search_results_as_documents: ~
# Allow web search to query X (Twitter).
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_x_search: ~
# Disable the model's thinking phase entirely.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_disable_thinking: ~
# Response verbosity for models that support it: "low", "medium", or "high".
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_verbosity: ~
# Use a public Venice character by its slug.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_character_slug: ~
matrix_bot_baibot_config_agents_static_definitions_venice_config_speech_to_text_enabled: true
matrix_bot_baibot_config_agents_static_definitions_venice_config_speech_to_text_model_id: nvidia/parakeet-tdt-0.6b-v3
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_enabled: true
# Other models include tts-qwen3-1-7b, tts-xai-v1, tts-elevenlabs-turbo-v2-5, tts-minimax-speech-02-hd.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_model_id: tts-kokoro
# Voices are model-specific. Kokoro uses af_*/am_*/bf_*/bm_* (e.g. af_sky, am_adam). You can also pass
# a cloned-voice handle (vv_<id>). An incompatible voice returns an error.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_voice: af_sky
# Output audio format: mp3, opus, aac, flac, wav, or pcm. mp3 is the broadest Matrix-client fit.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_response_format: mp3
# The optional knobs below default to null (omitted). Set a value to override Venice's default.
# Playback speed, 0.25-4.0 (1.0 is normal).
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_speed: ~
# A style prompt steering emotion/delivery (e.g. "Excited and energetic."). Only Qwen 3 TTS uses it.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_prompt: ~
# Sampling temperature, 0.0-2.0. Only Qwen 3 / Orpheus / Chatterbox HD use it.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_temperature: ~
# Nucleus sampling, 0.0-1.0. Only Qwen 3 TTS uses it.
matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_top_p: ~
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_enabled: true
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_model_id: chroma
# The optional generation knobs below default to null (omitted). Set a value to override Venice's
# default. Omitting a knob is NOT the same as setting it: an omitted knob lets Venice apply its own
# default, a set value is sent verbatim.
# A description of what should NOT appear in the image.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_negative_prompt: ~
# CFG scale, 0-20. Higher values make the image adhere more closely to the prompt.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_cfg_scale: ~
# Number of inference steps. Model-specific; some models ignore it.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_steps: ~
# A named style to apply (e.g. "3D Model"). See Venice's image-styles reference.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_style_preset: ~
# Random seed, -999999999-999999999. Fix it for reproducible results; omit for a random seed.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_seed: ~
# Blur images classified as adult content. Defaults to true.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_safe_mode: ~
# Hide the Venice watermark. Venice may ignore this for certain generated content. Defaults to false.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_hide_watermark: ~
# Output format: jpeg, png, or webp. webp is smallest; png is highest-quality. Defaults to webp.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_format: ~
# Image dimensions in pixels, each 1-1280. Default 1024x1024.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_width: ~
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_height: ~
# Aspect ratio (used by certain models, e.g. Nano Banana): "1:1", "16:9". An alternative to width/height.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_aspect_ratio: ~
# Resolution tier (used by certain models): "1K", "2K", "4K".
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_resolution: ~
# Output quality for supported models (e.g. GPT Image 2): low, medium, high. Higher can cost more.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_quality: ~
# Lora strength, 0-100. Only applies if the model uses additional Loras.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_lora_strength: ~
# Embed the generation prompt into the image's EXIF metadata. Defaults to false.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_embed_exif_metadata: ~
# Let the model pull the latest info from the web for the image. Model-specific; costs extra credits.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_enable_web_search: ~
# Image editing shares this image_generation config block; only the model differs.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_model_id: firered-image-edit
# The optional edit knobs below default to null (omitted). Set a value to override Venice's default.
# Output format: jpeg, png, or webp. When omitted, Venice infers it (PNG at 1K, JPEG at 2K/4K).
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_output_format: ~
# Aspect ratio of the result: auto, 1:1, 3:2, 16:9, 21:9, 9:16, 2:3, 3:4, 4:5 (model-specific).
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_aspect_ratio: ~
# Resolution tier: 1K, 2K, 4K (model-specific). Defaults to 1K.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_resolution: ~
# Blur images classified as adult content. Defaults to true.
matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_safe_mode: ~
########################################################################################
# #
# /Venice agent configuration #
# #
########################################################################################
# Controls the `initial_global_config.handler.catch_all` configuration setting. # Controls the `initial_global_config.handler.catch_all` configuration setting.
# #
# This is an initial global configuration setting. # This is an initial global configuration setting.
@@ -25,6 +25,8 @@
- {'name': 'matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key', when: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_enabled }}"} - {'name': 'matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key', when: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_enabled }}"}
- {'name': 'matrix_bot_baibot_config_agents_static_definitions_venice_config_api_key', when: "{{ matrix_bot_baibot_config_agents_static_definitions_venice_enabled }}"}
- name: Fail if baibot authentication mode is not configured - name: Fail if baibot authentication mode is not configured
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
@@ -0,0 +1,154 @@
#jinja2: lstrip_blocks: True
base_url: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_base_url | to_json }}
api_key: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_api_key | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_enabled %}
text_generation:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_model_id | to_json }}
prompt: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_prompt | to_json }}
temperature: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_temperature | to_json }}
max_response_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_max_response_tokens | int | to_json }}
max_context_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_max_context_tokens | int | to_json }}
prompt_cache_retention: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_prompt_cache_retention | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_top_p is not none %}
top_p: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_top_p | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_frequency_penalty is not none %}
frequency_penalty: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_frequency_penalty | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_presence_penalty is not none %}
presence_penalty: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_presence_penalty | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_repetition_penalty is not none %}
repetition_penalty: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_repetition_penalty | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_reasoning_effort is not none %}
reasoning_effort: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_reasoning_effort | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_show_reasoning is not none %}
show_reasoning: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_show_reasoning | to_json }}
{% endif %}
venice_parameters:
enable_web_search: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_search | to_json }}
strip_thinking_response: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_strip_thinking_response | to_json }}
enable_e2ee: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_e2ee | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_citations is not none %}
enable_web_citations: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_citations | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_scraping is not none %}
enable_web_scraping: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_web_scraping | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_venice_system_prompt is not none %}
include_venice_system_prompt: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_venice_system_prompt | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_search_results_in_stream is not none %}
include_search_results_in_stream: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_include_search_results_in_stream | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_return_search_results_as_documents is not none %}
return_search_results_as_documents: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_return_search_results_as_documents | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_x_search is not none %}
enable_x_search: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_enable_x_search | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_disable_thinking is not none %}
disable_thinking: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_disable_thinking | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_verbosity is not none %}
verbosity: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_verbosity | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_character_slug is not none %}
character_slug: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_generation_venice_parameters_character_slug | to_json }}
{% endif %}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_speech_to_text_enabled %}
speech_to_text:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_speech_to_text_model_id | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_enabled %}
text_to_speech:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_model_id | to_json }}
voice: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_voice | to_json }}
response_format: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_response_format | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_speed is not none %}
speed: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_speed | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_prompt is not none %}
prompt: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_prompt | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_temperature is not none %}
temperature: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_temperature | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_top_p is not none %}
top_p: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_text_to_speech_top_p | to_json }}
{% endif %}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_enabled %}
image_generation:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_model_id | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_negative_prompt is not none %}
negative_prompt: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_negative_prompt | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_cfg_scale is not none %}
cfg_scale: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_cfg_scale | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_steps is not none %}
steps: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_steps | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_style_preset is not none %}
style_preset: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_style_preset | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_seed is not none %}
seed: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_seed | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_safe_mode is not none %}
safe_mode: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_safe_mode | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_hide_watermark is not none %}
hide_watermark: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_hide_watermark | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_format is not none %}
format: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_format | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_width is not none %}
width: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_width | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_height is not none %}
height: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_height | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_aspect_ratio is not none %}
aspect_ratio: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_aspect_ratio | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_resolution is not none %}
resolution: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_resolution | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_quality is not none %}
quality: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_quality | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_lora_strength is not none %}
lora_strength: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_lora_strength | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_embed_exif_metadata is not none %}
embed_exif_metadata: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_embed_exif_metadata | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_enable_web_search is not none %}
enable_web_search: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_enable_web_search | to_json }}
{% endif %}
edit:
model_id: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_model_id | to_json }}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_output_format is not none %}
output_format: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_output_format | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_aspect_ratio is not none %}
aspect_ratio: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_aspect_ratio | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_resolution is not none %}
resolution: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_resolution | to_json }}
{% endif %}
{% if matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_safe_mode is not none %}
safe_mode: {{ matrix_bot_baibot_config_agents_static_definitions_venice_config_image_generation_edit_safe_mode | to_json }}
{% endif %}
{% endif %}
@@ -0,0 +1,3 @@
SPDX-FileCopyrightText: 2026 Nikita Chernyi
SPDX-License-Identifier: AGPL-3.0-or-later
@@ -13,7 +13,7 @@
matrix_bot_buscarron_enabled: true matrix_bot_buscarron_enabled: true
# renovate: datasource=docker depName=ghcr.io/etkecc/buscarron # renovate: datasource=docker depName=ghcr.io/etkecc/buscarron
matrix_bot_buscarron_version: v1.4.3 matrix_bot_buscarron_version: v1.5.0
# The hostname at which Buscarron is served. # The hostname at which Buscarron is served.
matrix_bot_buscarron_hostname: '' matrix_bot_buscarron_hostname: ''
@@ -36,8 +36,12 @@ matrix_mautrix_bluesky_appservice_address: 'http://matrix-mautrix-bluesky:29340'
matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_bluesky_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_bluesky_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# A public address that external services can use to reach this appservice. # Scheme of the bridge's public address (see `matrix_mautrix_bluesky_appservice_public_address`).
matrix_mautrix_bluesky_appservice_public_address: '' matrix_mautrix_bluesky_scheme: https
# A public address that external services can use to reach this appservice (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_bluesky_appservice_public_address: "{{ (matrix_mautrix_bluesky_scheme + '://' + matrix_mautrix_bluesky_exposure_hostname + matrix_mautrix_bluesky_exposure_path_prefix) if matrix_mautrix_bluesky_exposure_enabled else '' }}"
# Displayname template for Bluesky users. # Displayname template for Bluesky users.
# {{ .DisplayName }} is replaced with the display name of the Bluesky user. # {{ .DisplayName }} is replaced with the display name of the Bluesky user.
@@ -78,6 +82,15 @@ matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_enabled: f
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_bluesky_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-bluesky's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_bluesky_container_labels_exposure_enabled: "{{ matrix_mautrix_bluesky_exposure_enabled }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_bluesky_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_bluesky_exposure_path_prefix }}`)"
matrix_mautrix_bluesky_container_labels_exposure_traefik_priority: 0
matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_bluesky_container_labels_traefik_entrypoints }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_bluesky_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_bluesky_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_bluesky_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -158,6 +171,11 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: false
matrix_mautrix_bluesky_metrics_proxying_hostname: '' matrix_mautrix_bluesky_metrics_proxying_hostname: ''
matrix_mautrix_bluesky_metrics_proxying_path_prefix: '' matrix_mautrix_bluesky_metrics_proxying_path_prefix: ''
# Controls whether mautrix-bluesky's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_bluesky_exposure_enabled: false
matrix_mautrix_bluesky_exposure_hostname: ''
matrix_mautrix_bluesky_exposure_path_prefix: ''
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.
# #
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-bluesky-metrics.tls.certResolver={{ matrix_m
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_bluesky_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-bluesky-exposure.loadbalancer.server.port=29340
traefik.http.middlewares.matrix-mautrix-bluesky-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_bluesky_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-bluesky-exposure.middlewares=matrix-mautrix-bluesky-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-bluesky-exposure.rule={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.priority={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.service=matrix-mautrix-bluesky-exposure
traefik.http.routers.matrix-mautrix-bluesky-exposure.entrypoints={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-bluesky-exposure.tls={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_bluesky_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-bluesky-exposure.tls.certResolver={{ matrix_mautrix_bluesky_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -38,6 +38,13 @@ matrix_mautrix_gmessages_homeserver_async_media: false
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_gmessages_bridge_public_address`).
matrix_mautrix_gmessages_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_gmessages_bridge_public_address: "{{ (matrix_mautrix_gmessages_scheme + '://' + matrix_mautrix_gmessages_exposure_hostname + matrix_mautrix_gmessages_exposure_path_prefix) if matrix_mautrix_gmessages_exposure_enabled else '' }}"
matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_gmessages_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_gmessages_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -75,6 +82,15 @@ matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-gmessages' HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_gmessages_container_labels_exposure_enabled: "{{ matrix_mautrix_gmessages_exposure_enabled }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_gmessages_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_gmessages_exposure_path_prefix }}`)"
matrix_mautrix_gmessages_container_labels_exposure_traefik_priority: 0
matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_gmessages_container_labels_traefik_entrypoints }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_gmessages_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_gmessages_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -119,6 +135,11 @@ matrix_mautrix_gmessages_metrics_proxying_enabled: false
matrix_mautrix_gmessages_metrics_proxying_hostname: '' matrix_mautrix_gmessages_metrics_proxying_hostname: ''
matrix_mautrix_gmessages_metrics_proxying_path_prefix: '' matrix_mautrix_gmessages_metrics_proxying_path_prefix: ''
# Controls whether mautrix-gmessages' HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_gmessages_exposure_enabled: false
matrix_mautrix_gmessages_exposure_hostname: ''
matrix_mautrix_gmessages_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
@@ -168,6 +189,10 @@ matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}
matrix_mautrix_gmessages_public_media_signing_key: '' matrix_mautrix_gmessages_public_media_signing_key: ''
# Shared secret for authentication of provisioning API requests.
# If set to "disable", the provisioning API will be disabled.
matrix_mautrix_gmessages_provisioning_shared_secret: disable
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
matrix_mautrix_gmessages_bridge_permissions: | matrix_mautrix_gmessages_bridge_permissions: |
@@ -181,7 +181,7 @@ appservice:
address: {{ matrix_mautrix_gmessages_appservice_address }} address: {{ matrix_mautrix_gmessages_appservice_address }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_gmessages_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -247,7 +247,7 @@ provisioning:
prefix: /_matrix/provision prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated, # Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled. # or if set to "disable", the provisioning API will be disabled.
shared_secret: disable shared_secret: {{ matrix_mautrix_gmessages_provisioning_shared_secret | to_json }}
# Whether to allow provisioning API requests to be authed using Matrix access tokens. # Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token, # This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge. # which means that by default, it only works for users on the same server as the bridge.
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-gmessages-metrics.tls.certResolver={{ matrix
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_gmessages_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-gmessages-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-gmessages-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_gmessages_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-gmessages-exposure.middlewares=matrix-mautrix-gmessages-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-gmessages-exposure.rule={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.priority={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.service=matrix-mautrix-gmessages-exposure
traefik.http.routers.matrix-mautrix-gmessages-exposure.entrypoints={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-gmessages-exposure.tls={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_gmessages_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-gmessages-exposure.tls.certResolver={{ matrix_mautrix_gmessages_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.2605.1 matrix_mautrix_meta_instagram_version: v0.2606.0
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram" matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config" matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -63,6 +63,15 @@ matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_ena
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-meta-instagram's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_meta_instagram_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_instagram_exposure_enabled }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_instagram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_instagram_exposure_path_prefix }}`)"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority: 0
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_meta_instagram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -123,6 +132,13 @@ matrix_mautrix_meta_instagram_homeserver_token: ''
matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta_instagram_identifier }}:29319" matrix_mautrix_meta_instagram_appservice_address: "http://{{ matrix_mautrix_meta_instagram_identifier }}:29319"
# Scheme of the bridge's public address (see `matrix_mautrix_meta_instagram_bridge_public_address`).
matrix_mautrix_meta_instagram_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_meta_instagram_bridge_public_address: "{{ (matrix_mautrix_meta_instagram_scheme + '://' + matrix_mautrix_meta_instagram_exposure_hostname + matrix_mautrix_meta_instagram_exposure_path_prefix) if matrix_mautrix_meta_instagram_exposure_enabled else '' }}"
matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}" matrix_mautrix_meta_instagram_appservice_id: "{{ matrix_mautrix_meta_instagram_meta_mode }}"
matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_meta_instagram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -182,6 +198,11 @@ matrix_mautrix_meta_instagram_metrics_proxying_enabled: false
matrix_mautrix_meta_instagram_metrics_proxying_hostname: '' matrix_mautrix_meta_instagram_metrics_proxying_hostname: ''
matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: '' matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: ''
# Controls whether mautrix-meta-instagram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_meta_instagram_exposure_enabled: false
matrix_mautrix_meta_instagram_exposure_hostname: ''
matrix_mautrix_meta_instagram_exposure_path_prefix: ''
matrix_mautrix_meta_instagram_bridge_username_prefix: |- matrix_mautrix_meta_instagram_bridge_username_prefix: |-
{{ {{
({ ({
@@ -197,7 +197,7 @@ appservice:
address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }} address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_meta_instagram_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -4,15 +4,19 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
{% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and matrix_mautrix_meta_instagram_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_instagram_container_labels_traefik_enabled and (matrix_mautrix_meta_instagram_container_labels_metrics_enabled or matrix_mautrix_meta_instagram_container_labels_exposure_enabled) %}
traefik.enable=true traefik.enable=true
{% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %} {% if matrix_mautrix_meta_instagram_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_mautrix_meta_instagram_container_labels_traefik_docker_network }} traefik.docker.network={{ matrix_mautrix_meta_instagram_container_labels_traefik_docker_network }}
{% endif %} {% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-appservice.loadbalancer.server.port=29319 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-appservice.loadbalancer.server.port=29319
{% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.loadbalancer.server.port=8000 traefik.http.services.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.loadbalancer.server.port=8000
{% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_instagram_container_labels_metrics_enabled %}
@@ -48,6 +52,37 @@ traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-metrics.tls.
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.middlewares.{{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_instagram_exposure_path_prefix }}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_instagram_identifier }}-exposure-strip-prefix
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.rule={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.priority={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.service={{ matrix_mautrix_meta_instagram_identifier }}-appservice
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls %}
traefik.http.routers.{{ matrix_mautrix_meta_instagram_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_instagram_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.2605.1 matrix_mautrix_meta_messenger_version: v0.2606.0
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger" matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config" matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -63,6 +63,15 @@ matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_ena
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-meta-messenger's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_meta_messenger_container_labels_exposure_enabled: "{{ matrix_mautrix_meta_messenger_exposure_enabled }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_meta_messenger_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_meta_messenger_exposure_path_prefix }}`)"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority: 0
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_meta_messenger_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -123,6 +132,13 @@ matrix_mautrix_meta_messenger_homeserver_token: ''
matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319" matrix_mautrix_meta_messenger_appservice_address: "http://{{ matrix_mautrix_meta_messenger_identifier }}:29319"
# Scheme of the bridge's public address (see `matrix_mautrix_meta_messenger_bridge_public_address`).
matrix_mautrix_meta_messenger_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_meta_messenger_bridge_public_address: "{{ (matrix_mautrix_meta_messenger_scheme + '://' + matrix_mautrix_meta_messenger_exposure_hostname + matrix_mautrix_meta_messenger_exposure_path_prefix) if matrix_mautrix_meta_messenger_exposure_enabled else '' }}"
matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}" matrix_mautrix_meta_messenger_appservice_id: "{{ matrix_mautrix_meta_messenger_meta_mode }}"
matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_meta_messenger_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
@@ -182,6 +198,11 @@ matrix_mautrix_meta_messenger_metrics_proxying_enabled: false
matrix_mautrix_meta_messenger_metrics_proxying_hostname: '' matrix_mautrix_meta_messenger_metrics_proxying_hostname: ''
matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: '' matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: ''
# Controls whether mautrix-meta-messenger's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_meta_messenger_exposure_enabled: false
matrix_mautrix_meta_messenger_exposure_hostname: ''
matrix_mautrix_meta_messenger_exposure_path_prefix: ''
matrix_mautrix_meta_messenger_bridge_username_prefix: |- matrix_mautrix_meta_messenger_bridge_username_prefix: |-
{{ {{
({ ({
@@ -197,7 +197,7 @@ appservice:
address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }} address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_meta_messenger_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -4,15 +4,19 @@ SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
{% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and matrix_mautrix_meta_messenger_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_messenger_container_labels_traefik_enabled and (matrix_mautrix_meta_messenger_container_labels_metrics_enabled or matrix_mautrix_meta_messenger_container_labels_exposure_enabled) %}
traefik.enable=true traefik.enable=true
{% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %} {% if matrix_mautrix_meta_messenger_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_mautrix_meta_messenger_container_labels_traefik_docker_network }} traefik.docker.network={{ matrix_mautrix_meta_messenger_container_labels_traefik_docker_network }}
{% endif %} {% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-appservice.loadbalancer.server.port=29319 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-appservice.loadbalancer.server.port=29319
{% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.loadbalancer.server.port=8000 traefik.http.services.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.loadbalancer.server.port=8000
{% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %} {% if matrix_mautrix_meta_messenger_container_labels_metrics_enabled %}
@@ -48,6 +52,37 @@ traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-metrics.tls.
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.middlewares.{{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_meta_messenger_exposure_path_prefix }}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.middlewares={{ matrix_mautrix_meta_messenger_identifier }}-exposure-strip-prefix
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.rule={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.priority={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.service={{ matrix_mautrix_meta_messenger_identifier }}-appservice
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.entrypoints={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls %}
traefik.http.routers.{{ matrix_mautrix_meta_messenger_identifier }}-exposure.tls.certResolver={{ matrix_mautrix_meta_messenger_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -25,7 +25,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.2605.0 matrix_mautrix_signal_version: v0.2606.0
# See: https://mau.dev/mautrix/signal/container_registry # See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_container_image: "{{ matrix_mautrix_signal_container_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_container_image_tag }}" matrix_mautrix_signal_container_image: "{{ matrix_mautrix_signal_container_image_registry_prefix }}mautrix/signal:{{ matrix_mautrix_signal_container_image_tag }}"
@@ -46,6 +46,13 @@ matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signal_homeserver_async_media: false matrix_mautrix_signal_homeserver_async_media: false
matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080" matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_signal_bridge_public_address`).
matrix_mautrix_signal_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_signal_bridge_public_address: "{{ (matrix_mautrix_signal_scheme + '://' + matrix_mautrix_signal_exposure_hostname + matrix_mautrix_signal_exposure_path_prefix) if matrix_mautrix_signal_exposure_enabled else '' }}"
matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_signal_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_signal_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -100,6 +107,15 @@ matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: fa
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-signal's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_signal_container_labels_exposure_enabled: "{{ matrix_mautrix_signal_exposure_enabled }}"
matrix_mautrix_signal_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_signal_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_signal_exposure_path_prefix }}`)"
matrix_mautrix_signal_container_labels_exposure_traefik_priority: 0
matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_signal_container_labels_traefik_entrypoints }}"
matrix_mautrix_signal_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_signal_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_signal_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_signal_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -150,6 +166,11 @@ matrix_mautrix_signal_metrics_proxying_enabled: false
matrix_mautrix_signal_metrics_proxying_hostname: '' matrix_mautrix_signal_metrics_proxying_hostname: ''
matrix_mautrix_signal_metrics_proxying_path_prefix: '' matrix_mautrix_signal_metrics_proxying_path_prefix: ''
# Controls whether mautrix-signal's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_signal_exposure_enabled: false
matrix_mautrix_signal_exposure_hostname: ''
matrix_mautrix_signal_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
@@ -171,7 +171,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_signal_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-signal-metrics.tls.certResolver={{ matrix_ma
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_signal_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-signal-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-signal-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_signal_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-signal-exposure.middlewares=matrix-mautrix-signal-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-signal-exposure.rule={{ matrix_mautrix_signal_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_signal_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-signal-exposure.priority={{ matrix_mautrix_signal_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-signal-exposure.service=matrix-mautrix-signal-exposure
traefik.http.routers.matrix-mautrix-signal-exposure.entrypoints={{ matrix_mautrix_signal_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-signal-exposure.tls={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_signal_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-signal-exposure.tls.certResolver={{ matrix_mautrix_signal_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack # renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.2605.0 matrix_mautrix_slack_version: v0.2606.0
# See: https://mau.dev/mautrix/slack/container_registry # See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_container_image: "{{ matrix_mautrix_slack_container_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" matrix_mautrix_slack_container_image: "{{ matrix_mautrix_slack_container_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_container_image_registry_prefix_upstream }}" matrix_mautrix_slack_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_container_image_registry_prefix_upstream }}"
@@ -36,6 +36,13 @@ matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_slack_homeserver_async_media: false matrix_mautrix_slack_homeserver_async_media: false
matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080" matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_slack_bridge_public_address`).
matrix_mautrix_slack_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_slack_bridge_public_address: "{{ (matrix_mautrix_slack_scheme + '://' + matrix_mautrix_slack_exposure_hostname + matrix_mautrix_slack_exposure_path_prefix) if matrix_mautrix_slack_exposure_enabled else '' }}"
matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_slack_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_slack_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_slack_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -74,6 +81,33 @@ matrix_mautrix_slack_container_additional_networks: "{{ matrix_mautrix_slack_con
matrix_mautrix_slack_container_additional_networks_auto: [] matrix_mautrix_slack_container_additional_networks_auto: []
matrix_mautrix_slack_container_additional_networks_custom: [] matrix_mautrix_slack_container_additional_networks_custom: []
# matrix_mautrix_slack_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_mautrix_slack_container_labels_additional_labels`.
matrix_mautrix_slack_container_labels_traefik_enabled: true
matrix_mautrix_slack_container_labels_traefik_docker_network: "{{ matrix_mautrix_slack_container_network }}"
matrix_mautrix_slack_container_labels_traefik_entrypoints: web-secure
matrix_mautrix_slack_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose mautrix-slack's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_slack_container_labels_exposure_enabled: "{{ matrix_mautrix_slack_exposure_enabled }}"
matrix_mautrix_slack_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_slack_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_slack_exposure_path_prefix }}`)"
matrix_mautrix_slack_container_labels_exposure_traefik_priority: 0
matrix_mautrix_slack_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_slack_container_labels_traefik_entrypoints }}"
matrix_mautrix_slack_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_slack_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_slack_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_slack_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_slack_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_mautrix_slack_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_mautrix_slack_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_mautrix_slack_container_extra_arguments: [] matrix_mautrix_slack_container_extra_arguments: []
@@ -189,6 +223,11 @@ matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsa
matrix_mautrix_slack_provisioning_shared_secret: '' matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: '' matrix_mautrix_slack_public_media_signing_key: ''
# Controls whether mautrix-slack's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_slack_exposure_enabled: false
matrix_mautrix_slack_exposure_hostname: ''
matrix_mautrix_slack_exposure_path_prefix: ''
# Controls whether relay mode is enabled # Controls whether relay mode is enabled
matrix_mautrix_slack_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" matrix_mautrix_slack_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
@@ -97,6 +97,17 @@
group: "{{ matrix_group_name }}" group: "{{ matrix_group_name }}"
register: matrix_mautrix_slack_registration_result register: matrix_mautrix_slack_registration_result
- name: Ensure mautrix-slack support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_mautrix_slack_base_path }}/{{ item }}"
mode: '0640'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items:
- labels
register: matrix_mautrix_slack_support_files_result
- name: Ensure matrix-mautrix-slack container network is created - name: Ensure matrix-mautrix-slack container network is created
when: matrix_mautrix_slack_container_network != 'host' when: matrix_mautrix_slack_container_network != 'host'
community.general.docker_network: community.general.docker_network:
@@ -119,6 +130,7 @@
matrix_mautrix_slack_migration_requires_restart | default(false) matrix_mautrix_slack_migration_requires_restart | default(false)
or matrix_mautrix_slack_config_result.changed | default(false) or matrix_mautrix_slack_config_result.changed | default(false)
or matrix_mautrix_slack_registration_result.changed | default(false) or matrix_mautrix_slack_registration_result.changed | default(false)
or matrix_mautrix_slack_support_files_result.changed | default(false)
or matrix_mautrix_slack_systemd_service_result.changed | default(false) or matrix_mautrix_slack_systemd_service_result.changed | default(false)
or matrix_mautrix_slack_container_image_pull_result.changed | default(false) or matrix_mautrix_slack_container_image_pull_result.changed | default(false)
or matrix_mautrix_slack_container_image_build_result.changed | default(false) or matrix_mautrix_slack_container_image_build_result.changed | default(false)
@@ -213,7 +213,7 @@ appservice:
address: {{ matrix_mautrix_slack_appservice_address | to_json }} address: {{ matrix_mautrix_slack_appservice_address | to_json }}
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: https://bridge.example.com public_address: {{ matrix_mautrix_slack_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -0,0 +1,50 @@
{#
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if matrix_mautrix_slack_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_mautrix_slack_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_mautrix_slack_container_labels_traefik_docker_network }}
{% endif %}
{% if matrix_mautrix_slack_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-slack-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-slack-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_slack_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-slack-exposure.middlewares=matrix-mautrix-slack-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-slack-exposure.rule={{ matrix_mautrix_slack_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_slack_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-slack-exposure.priority={{ matrix_mautrix_slack_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-slack-exposure.service=matrix-mautrix-slack-exposure
traefik.http.routers.matrix-mautrix-slack-exposure.entrypoints={{ matrix_mautrix_slack_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-slack-exposure.tls={{ matrix_mautrix_slack_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_slack_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-slack-exposure.tls.certResolver={{ matrix_mautrix_slack_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %}
{{ matrix_mautrix_slack_container_labels_additional_labels }}
@@ -25,6 +25,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--network={{ matrix_mautrix_slack_container_network }} \ --network={{ matrix_mautrix_slack_container_network }} \
--mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \ --mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \
--label-file={{ matrix_mautrix_slack_base_path }}/labels \
--workdir=/data \ --workdir=/data \
{% for arg in matrix_mautrix_slack_container_extra_arguments %} {% for arg in matrix_mautrix_slack_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
@@ -26,7 +26,7 @@ matrix_mautrix_telegram_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_telegram_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
matrix_mautrix_telegram_version: v0.2605.0 matrix_mautrix_telegram_version: v0.2606.0
# See: https://mau.dev/mautrix/telegram/container_registry # See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_container_image: "{{ matrix_mautrix_telegram_container_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_container_image: "{{ matrix_mautrix_telegram_container_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
@@ -46,6 +46,13 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_telegram_homeserver_async_media: false matrix_mautrix_telegram_homeserver_async_media: false
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
# Scheme of the bridge's public address (see `matrix_mautrix_telegram_bridge_public_address`).
matrix_mautrix_telegram_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_telegram_bridge_public_address: "{{ (matrix_mautrix_telegram_scheme + '://' + matrix_mautrix_telegram_exposure_hostname + matrix_mautrix_telegram_exposure_path_prefix) if matrix_mautrix_telegram_exposure_enabled else '' }}"
matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -81,6 +88,15 @@ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-telegram's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_telegram_container_labels_exposure_enabled: "{{ matrix_mautrix_telegram_exposure_enabled }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_telegram_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_exposure_path_prefix }}`)"
matrix_mautrix_telegram_container_labels_exposure_traefik_priority: 0
matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_telegram_container_labels_traefik_entrypoints }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_telegram_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_telegram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_telegram_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -125,6 +141,11 @@ matrix_mautrix_telegram_metrics_proxying_enabled: false
matrix_mautrix_telegram_metrics_proxying_hostname: '' matrix_mautrix_telegram_metrics_proxying_hostname: ''
matrix_mautrix_telegram_metrics_proxying_path_prefix: '' matrix_mautrix_telegram_metrics_proxying_path_prefix: ''
# Controls whether mautrix-telegram's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_telegram_exposure_enabled: false
matrix_mautrix_telegram_exposure_hostname: ''
matrix_mautrix_telegram_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
@@ -30,7 +30,7 @@
- {'old': 'matrix_mautrix_telegram_container_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'} - {'old': 'matrix_mautrix_telegram_container_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
# Variables removed in the bridgev2 (Go) rewrite — mautrix-telegram no longer has a Python runtime, # Variables removed in the bridgev2 (Go) rewrite — mautrix-telegram no longer has a Python runtime,
# a separate lottieconverter container or a web-based login endpoint. # a separate lottieconverter container or a web-based login endpoint.
- {'old': 'matrix_mautrix_telegram_scheme', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'} # (matrix_mautrix_telegram_scheme was part of this group too, but has since been reintroduced to configure the bridge's HTTP API exposure address, so it's intentionally not listed here.)
- {'old': 'matrix_mautrix_telegram_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'} - {'old': 'matrix_mautrix_telegram_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'} - {'old': 'matrix_mautrix_telegram_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_public_endpoint', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'} - {'old': 'matrix_mautrix_telegram_public_endpoint', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
@@ -281,7 +281,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This is only needed for things like public media. A reverse proxy is generally necessary when using this field. # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_telegram_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-telegram-metrics.tls.certResolver={{ matrix_
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_telegram_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-telegram-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-telegram-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_telegram_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-telegram-exposure.middlewares=matrix-mautrix-telegram-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-telegram-exposure.rule={{ matrix_mautrix_telegram_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_telegram_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-telegram-exposure.priority={{ matrix_mautrix_telegram_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-telegram-exposure.service=matrix-mautrix-telegram-exposure
traefik.http.routers.matrix-mautrix-telegram-exposure.entrypoints={{ matrix_mautrix_telegram_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-telegram-exposure.tls={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_telegram_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-telegram-exposure.tls.certResolver={{ matrix_mautrix_telegram_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
matrix_mautrix_twitter_version: v0.2604.0 matrix_mautrix_twitter_version: v0.2606.0
# See: https://mau.dev/tulir/mautrix-twitter/container_registry # See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_container_image: "{{ matrix_mautrix_twitter_container_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_container_image: "{{ matrix_mautrix_twitter_container_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_container_image_registry_prefix_upstream }}" matrix_mautrix_twitter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_container_image_registry_prefix_upstream }}"
@@ -44,8 +44,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_twitter_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_twitter_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# A public address that external services can use to reach this appservice. # Scheme of the bridge's public address (see `matrix_mautrix_twitter_appservice_public_address`).
matrix_mautrix_twitter_appservice_public_address: '' matrix_mautrix_twitter_scheme: https
# A public address that external services can use to reach this appservice (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_twitter_appservice_public_address: "{{ (matrix_mautrix_twitter_scheme + '://' + matrix_mautrix_twitter_exposure_hostname + matrix_mautrix_twitter_exposure_path_prefix) if matrix_mautrix_twitter_exposure_enabled else '' }}"
# Displayname template for Twitter users. # Displayname template for Twitter users.
# {{ .DisplayName }} is replaced with the display name of the Twitter user. # {{ .DisplayName }} is replaced with the display name of the Twitter user.
@@ -86,6 +90,15 @@ matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: f
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-twitter's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_twitter_container_labels_exposure_enabled: "{{ matrix_mautrix_twitter_exposure_enabled }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_twitter_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_twitter_exposure_path_prefix }}`)"
matrix_mautrix_twitter_container_labels_exposure_traefik_priority: 0
matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_twitter_container_labels_traefik_entrypoints }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_twitter_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_twitter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_twitter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -166,6 +179,11 @@ matrix_mautrix_twitter_metrics_proxying_enabled: false
matrix_mautrix_twitter_metrics_proxying_hostname: '' matrix_mautrix_twitter_metrics_proxying_hostname: ''
matrix_mautrix_twitter_metrics_proxying_path_prefix: '' matrix_mautrix_twitter_metrics_proxying_path_prefix: ''
# Controls whether mautrix-twitter's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_twitter_exposure_enabled: false
matrix_mautrix_twitter_exposure_hostname: ''
matrix_mautrix_twitter_exposure_path_prefix: ''
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.
# #
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-twitter-metrics.tls.certResolver={{ matrix_m
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_twitter_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-twitter-exposure.loadbalancer.server.port=29327
traefik.http.middlewares.matrix-mautrix-twitter-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_twitter_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-twitter-exposure.middlewares=matrix-mautrix-twitter-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-twitter-exposure.rule={{ matrix_mautrix_twitter_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_twitter_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-twitter-exposure.priority={{ matrix_mautrix_twitter_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-twitter-exposure.service=matrix-mautrix-twitter-exposure
traefik.http.routers.matrix-mautrix-twitter-exposure.entrypoints={{ matrix_mautrix_twitter_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-twitter-exposure.tls={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_twitter_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-twitter-exposure.tls.certResolver={{ matrix_mautrix_twitter_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
matrix_mautrix_whatsapp_version: v0.2605.0 matrix_mautrix_whatsapp_version: v0.2606.0
# See: https://mau.dev/mautrix/whatsapp/container_registry # See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_container_image: "{{ matrix_mautrix_whatsapp_container_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_container_image: "{{ matrix_mautrix_whatsapp_container_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -48,6 +48,13 @@ matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_whatsapp_homeserver_async_media: false matrix_mautrix_whatsapp_homeserver_async_media: false
matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
# Scheme of the bridge's public address (see `matrix_mautrix_whatsapp_bridge_public_address`).
matrix_mautrix_whatsapp_scheme: https
# The public base URL at which this bridge's HTTP API is reachable from outside (when exposed).
# Used for the provisioning API's external-server (OpenID) flow and for public media links.
matrix_mautrix_whatsapp_bridge_public_address: "{{ (matrix_mautrix_whatsapp_scheme + '://' + matrix_mautrix_whatsapp_exposure_hostname + matrix_mautrix_whatsapp_exposure_path_prefix) if matrix_mautrix_whatsapp_exposure_enabled else '' }}"
matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}" matrix_mautrix_whatsapp_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}" matrix_mautrix_whatsapp_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
@@ -81,6 +88,15 @@ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled:
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users # See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: '' matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: ''
# Controls whether labels will be added that expose mautrix-whatsapp's HTTP API
# (used by tools like mautrix-manager for bridge login) at `https://<hostname><path_prefix>`.
matrix_mautrix_whatsapp_container_labels_exposure_enabled: "{{ matrix_mautrix_whatsapp_exposure_enabled }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule: "Host(`{{ matrix_mautrix_whatsapp_exposure_hostname }}`) && PathPrefix(`{{ matrix_mautrix_whatsapp_exposure_path_prefix }}`)"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority: 0
matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints: "{{ matrix_mautrix_whatsapp_container_labels_traefik_entrypoints }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls: "{{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints != 'web' }}"
matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver: "{{ matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # matrix_mautrix_whatsapp_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@@ -125,6 +141,11 @@ matrix_mautrix_whatsapp_metrics_proxying_enabled: false
matrix_mautrix_whatsapp_metrics_proxying_hostname: '' matrix_mautrix_whatsapp_metrics_proxying_hostname: ''
matrix_mautrix_whatsapp_metrics_proxying_path_prefix: '' matrix_mautrix_whatsapp_metrics_proxying_path_prefix: ''
# Controls whether mautrix-whatsapp's HTTP API is exposed publicly (used by tools like mautrix-manager for bridge login).
matrix_mautrix_whatsapp_exposure_enabled: false
matrix_mautrix_whatsapp_exposure_hostname: ''
matrix_mautrix_whatsapp_exposure_path_prefix: ''
# Database-related configuration fields. # Database-related configuration fields.
# #
# To use SQLite, stick to these defaults. # To use SQLite, stick to these defaults.
@@ -269,7 +269,7 @@ appservice:
# A public address that external services can use to reach this appservice. # A public address that external services can use to reach this appservice.
# This is only needed for things like public media. A reverse proxy is generally necessary when using this field. # This is only needed for things like public media. A reverse proxy is generally necessary when using this field.
# This value doesn't affect the registration file. # This value doesn't affect the registration file.
public_address: "" public_address: {{ matrix_mautrix_whatsapp_bridge_public_address | to_json }}
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0. # For Docker, you generally have to change the hostname to 0.0.0.0.
@@ -46,6 +46,39 @@ traefik.http.routers.matrix-mautrix-whatsapp-metrics.tls.certResolver={{ matrix_
############################################################ ############################################################
{% endif %} {% endif %}
{% if matrix_mautrix_whatsapp_container_labels_exposure_enabled %}
############################################################
# #
# Bridge API exposure #
# #
############################################################
traefik.http.services.matrix-mautrix-whatsapp-exposure.loadbalancer.server.port=8080
traefik.http.middlewares.matrix-mautrix-whatsapp-exposure-strip-prefix.stripprefix.prefixes={{ matrix_mautrix_whatsapp_exposure_path_prefix }}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.middlewares=matrix-mautrix-whatsapp-exposure-strip-prefix
traefik.http.routers.matrix-mautrix-whatsapp-exposure.rule={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_rule }}
{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.priority={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.service=matrix-mautrix-whatsapp-exposure
traefik.http.routers.matrix-mautrix-whatsapp-exposure.entrypoints={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls | to_json }}
{% if matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls %}
traefik.http.routers.matrix-mautrix-whatsapp-exposure.tls.certResolver={{ matrix_mautrix_whatsapp_container_labels_exposure_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Bridge API exposure #
# #
############################################################
{% endif %}
{% endif %} {% endif %}
@@ -0,0 +1,248 @@
# SPDX-FileCopyrightText: 2026 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Jason LaGuidice
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# matrix-bridge-rustpush is a Matrix <-> iMessage bridge using RustPush
# Project source code URL: https://github.com/jasonlaguidice/imessage
matrix_rustpush_bridge_enabled: false
matrix_rustpush_bridge_container_image_self_build: false
matrix_rustpush_bridge_container_image_self_build_repo: "https://github.com/jasonlaguidice/imessage.git"
matrix_rustpush_bridge_container_image_self_build_repo_version: "{{ 'master' if matrix_rustpush_bridge_version == 'latest' else matrix_rustpush_bridge_version }}"
# renovate: datasource=docker depName=ghcr.io/jasonlaguidice/imessage
matrix_rustpush_bridge_version: v0.0.2
matrix_rustpush_bridge_container_image: "{{ matrix_rustpush_bridge_container_image_registry_prefix }}jasonlaguidice/imessage:{{ matrix_rustpush_bridge_version }}"
matrix_rustpush_bridge_container_image_registry_prefix: "{{ 'localhost/' if matrix_rustpush_bridge_container_image_self_build else matrix_rustpush_bridge_container_image_registry_prefix_upstream }}"
matrix_rustpush_bridge_container_image_registry_prefix_upstream: "{{ matrix_rustpush_bridge_container_image_registry_prefix_upstream_default }}"
matrix_rustpush_bridge_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_rustpush_bridge_base_path: "{{ matrix_base_data_path }}/matrix-rustpush-bridge"
matrix_rustpush_bridge_config_path: "{{ matrix_rustpush_bridge_base_path }}/config"
matrix_rustpush_bridge_data_path: "{{ matrix_rustpush_bridge_base_path }}/data"
matrix_rustpush_bridge_container_src_files_path: "{{ matrix_rustpush_bridge_base_path }}/docker-src"
matrix_rustpush_bridge_homeserver_address: ""
# Whether asynchronous uploads via MSC2246 should be enabled for media.
matrix_rustpush_bridge_homeserver_async_media: false
matrix_rustpush_bridge_homeserver_domain: '{{ matrix_domain }}'
matrix_rustpush_bridge_appservice_address: 'http://matrix-rustpush-bridge:8081'
matrix_rustpush_bridge_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_rustpush_bridge_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# A public address that external services can use to reach this appservice.
matrix_rustpush_bridge_appservice_public_address: ''
# Displayname template for iMessage contacts.
# Available variables: {{.FirstName}}, {{.LastName}}, {{.Nickname}},
# {{.Phone}}, {{.Email}}, {{.ID}}
matrix_rustpush_bridge_network_displayname_template: "{% raw %}{{if .FirstName}}{{.FirstName}}{{if .LastName}} {{.LastName}}{{end}}{{else if .Nickname}}{{.Nickname}}{{else if .Phone}}{{.Phone}}{{else if .Email}}{{.Email}}{{else}}{{.ID}}{{end}} (iMessage){% endraw %}"
matrix_rustpush_bridge_cloudkit_backfill: true
matrix_rustpush_bridge_video_transcoding: true
matrix_rustpush_bridge_heic_conversion: true
matrix_rustpush_bridge_disable_facetime: false
matrix_rustpush_bridge_statuskit_notifications: true
matrix_rustpush_bridge_statuskit_share_on_startup: true
matrix_rustpush_bridge_bridge_command_prefix: "!im"
matrix_rustpush_bridge_bridge_permissions: |
{{
{matrix_rustpush_bridge_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
matrix_rustpush_bridge_container_network: ""
matrix_rustpush_bridge_container_additional_networks: "{{ matrix_rustpush_bridge_container_additional_networks_auto + matrix_rustpush_bridge_container_additional_networks_custom }}"
matrix_rustpush_bridge_container_additional_networks_auto: []
matrix_rustpush_bridge_container_additional_networks_custom: []
# matrix_rustpush_bridge_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_rustpush_bridge_container_labels_additional_labels`.
matrix_rustpush_bridge_container_labels_traefik_enabled: true
matrix_rustpush_bridge_container_labels_traefik_docker_network: "{{ matrix_rustpush_bridge_container_network }}"
matrix_rustpush_bridge_container_labels_traefik_entrypoints: web-secure
matrix_rustpush_bridge_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose metrics
matrix_rustpush_bridge_container_labels_metrics_enabled: "{{ matrix_rustpush_bridge_metrics_enabled and matrix_rustpush_bridge_metrics_proxying_enabled }}"
matrix_rustpush_bridge_container_labels_metrics_traefik_rule: "Host(`{{ matrix_rustpush_bridge_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_rustpush_bridge_metrics_proxying_path_prefix }}`)"
matrix_rustpush_bridge_container_labels_metrics_traefik_priority: 0
matrix_rustpush_bridge_container_labels_metrics_traefik_entrypoints: "{{ matrix_rustpush_bridge_container_labels_traefik_entrypoints }}"
matrix_rustpush_bridge_container_labels_metrics_traefik_tls: "{{ matrix_rustpush_bridge_container_labels_metrics_traefik_entrypoints != 'web' }}"
matrix_rustpush_bridge_container_labels_metrics_traefik_tls_certResolver: "{{ matrix_rustpush_bridge_container_labels_traefik_tls_certResolver }}" # noqa var-naming
matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_enabled: false
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_users: ''
# matrix_rustpush_bridge_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_rustpush_bridge_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_rustpush_bridge_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_rustpush_bridge_container_extra_arguments: []
# Override the Rust log filter passed to the bridge container via RUST_LOG.
# Leave empty to use the bridge's built-in default
# ("warn,rustpush=warn,rustpushgo=info,open_absinthe=info").
#
# Useful values:
# "warn,rustpushgo=info,open_absinthe=debug" # NAC emulator diagnostics (_enc field sizes, etc.)
# "warn,rustpushgo=info,open_absinthe=debug,rustpush=info" # + upstream rustpush internals
# "debug" # everything (very chatty)
#
# The open_absinthe crate logs NAC hardware-key diagnostics at INFO and emulator
# state at DEBUG. These are suppressed by default to reduce log noise.
matrix_rustpush_bridge_rust_log: ""
# List of systemd services that matrix-rustpush-bridge.service depends on.
matrix_rustpush_bridge_systemd_required_services_list: "{{ matrix_rustpush_bridge_systemd_required_services_list_default + matrix_rustpush_bridge_systemd_required_services_list_auto + matrix_rustpush_bridge_systemd_required_services_list_custom }}"
matrix_rustpush_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_rustpush_bridge_systemd_required_services_list_auto: []
matrix_rustpush_bridge_systemd_required_services_list_custom: []
# List of systemd services that matrix-rustpush-bridge.service wants
matrix_rustpush_bridge_systemd_wanted_services_list: []
matrix_rustpush_bridge_appservice_token: ''
matrix_rustpush_bridge_homeserver_token: ''
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_rustpush_bridge_matrix_federate_rooms: false
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_rustpush_bridge_postgres_*` variables
matrix_rustpush_bridge_database_engine: 'postgres'
matrix_rustpush_bridge_database_username: 'matrix_rustpush_bridge'
matrix_rustpush_bridge_database_password: 'some-password'
matrix_rustpush_bridge_database_hostname: ''
matrix_rustpush_bridge_database_port: 5432
matrix_rustpush_bridge_database_name: 'matrix_rustpush_bridge'
matrix_rustpush_bridge_database_sslmode: disable
matrix_rustpush_bridge_database_connection_string: 'postgres://{{ matrix_rustpush_bridge_database_username }}:{{ matrix_rustpush_bridge_database_password }}@{{ matrix_rustpush_bridge_database_hostname }}:{{ matrix_rustpush_bridge_database_port }}/{{ matrix_rustpush_bridge_database_name }}?sslmode={{ matrix_rustpush_bridge_database_sslmode }}'
matrix_rustpush_bridge_database_uri: "{{
{
'postgres': matrix_rustpush_bridge_database_connection_string,
}[matrix_rustpush_bridge_database_engine]
}}"
matrix_rustpush_bridge_double_puppet_secrets: "{{ matrix_rustpush_bridge_double_puppet_secrets_auto | combine(matrix_rustpush_bridge_double_puppet_secrets_custom) }}"
matrix_rustpush_bridge_double_puppet_secrets_auto: {}
matrix_rustpush_bridge_double_puppet_secrets_custom: {}
matrix_rustpush_bridge_appservice_bot_username: rustpushbot
matrix_rustpush_bridge_appservice_bot_displayname: RustPush bridge bot
matrix_rustpush_bridge_appservice_bot_avatar: ''
# Localpart template for MXIDs of remote (iMessage) users.
# The `{{.}}` placeholder expands to the iMessage handle (phone/email).
matrix_rustpush_bridge_appservice_username_template: "{% raw %}rustpush_{{.}}{% endraw %}"
# Backfill is disabled by default because Linux Docker cannot access chat.db.
# On macOS with Full Disk Access, this can be set to true.
matrix_rustpush_bridge_backfill_enabled: false
# Maximum number of messages to backfill in empty rooms
matrix_rustpush_bridge_backfill_max_initial_messages: 50
# Maximum number of missed messages to backfill after bridge restarts
matrix_rustpush_bridge_backfill_max_catchup_messages: 500
# How many days back to look for chats during initial sync.
# Default in upstream is 365 (1 year). Set to 0 to disable.
matrix_rustpush_bridge_initial_sync_days: 365
# Shared secret for authentication of provisioning API requests.
# If set to "disable", the provisioning API will be disabled.
matrix_rustpush_bridge_provisioning_shared_secret: disable
# Minimum severity of journal log messages.
# Valid values: fatal, error, warn, info, debug, trace
matrix_rustpush_bridge_logging_level: 'warn'
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_rustpush_bridge_metrics_proxying_enabled`.
matrix_rustpush_bridge_metrics_enabled: false
# Controls whether metrics should be exposed on a public URL.
matrix_rustpush_bridge_metrics_proxying_enabled: false
matrix_rustpush_bridge_metrics_proxying_hostname: ''
matrix_rustpush_bridge_metrics_proxying_path_prefix: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_rustpush_bridge_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_rustpush_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_rustpush_bridge_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_rustpush_bridge_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_rustpush_bridge_configuration_yaml`.
matrix_rustpush_bridge_configuration_extension: "{{ matrix_rustpush_bridge_configuration_extension_yaml | from_yaml if matrix_rustpush_bridge_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_rustpush_bridge_configuration_yaml`.
matrix_rustpush_bridge_configuration: "{{ matrix_rustpush_bridge_configuration_yaml | from_yaml | combine(matrix_rustpush_bridge_configuration_extension, recursive=True) }}"
matrix_rustpush_bridge_registration_yaml: |
id: rustpush-bridge
as_token: "{{ matrix_rustpush_bridge_appservice_token }}"
hs_token: "{{ matrix_rustpush_bridge_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@rustpush_.+:{{ matrix_rustpush_bridge_homeserver_domain | regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_rustpush_bridge_appservice_bot_username | regex_escape }}:{{ matrix_rustpush_bridge_homeserver_domain | regex_escape }}$'
url: {{ matrix_rustpush_bridge_appservice_address }}
sender_localpart: _bot_{{ matrix_rustpush_bridge_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
io.element.msc4190: {{ matrix_rustpush_bridge_msc4190_enabled | to_json }}
matrix_rustpush_bridge_registration: "{{ matrix_rustpush_bridge_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_rustpush_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_rustpush_bridge_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_rustpush_bridge_bridge_encryption_require: false
matrix_rustpush_bridge_bridge_encryption_appservice: false
matrix_rustpush_bridge_bridge_encryption_key_sharing_allow: "{{ matrix_rustpush_bridge_bridge_encryption_allow }}"
matrix_rustpush_bridge_bridge_encryption_pickle_key: mautrix.bridge.e2ee
# matrix_rustpush_bridge_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_rustpush_bridge_restart_necessary: false
@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2026 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Jason LaGuidice
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- tags:
- setup-all
- setup-rustpush-bridge
- install-all
- install-rustpush-bridge
block:
- when: matrix_rustpush_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_rustpush_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- tags:
- setup-all
- setup-rustpush-bridge
block:
- when: not matrix_rustpush_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
@@ -0,0 +1,110 @@
# SPDX-FileCopyrightText: 2026 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Jason LaGuidice
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure RustPush paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items:
- {path: "{{ matrix_rustpush_bridge_base_path }}", when: true}
- {path: "{{ matrix_rustpush_bridge_config_path }}", when: true}
- {path: "{{ matrix_rustpush_bridge_data_path }}", when: true}
- {path: "{{ matrix_rustpush_bridge_container_src_files_path }}", when: "{{ matrix_rustpush_bridge_container_image_self_build }}"}
when: item.when | bool
- name: Ensure RustPush repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_rustpush_bridge_container_image_self_build_repo }}"
version: "{{ matrix_rustpush_bridge_container_image_self_build_repo_version }}"
dest: "{{ matrix_rustpush_bridge_container_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
register: matrix_rustpush_bridge_git_pull_results
when: "matrix_rustpush_bridge_enabled | bool and matrix_rustpush_bridge_container_image_self_build"
- name: Ensure RustPush Docker image is built
community.docker.docker_image_build:
name: "{{ matrix_rustpush_bridge_container_image }}"
dockerfile: Dockerfile
path: "{{ matrix_rustpush_bridge_container_src_files_path }}"
pull: true
rebuild: "{{ 'always' if matrix_rustpush_bridge_git_pull_results.changed | bool else 'never' }}"
build_args:
BUILD_VERSION: "{{ matrix_rustpush_bridge_container_image_self_build_repo_version }}"
BUILD_COMMIT: "{{ matrix_rustpush_bridge_git_pull_results.after[:8] if matrix_rustpush_bridge_git_pull_results is defined and matrix_rustpush_bridge_git_pull_results.after is defined else 'unknown' }}"
register: matrix_rustpush_bridge_container_image_build_result
when: "matrix_rustpush_bridge_enabled | bool and matrix_rustpush_bridge_container_image_self_build | bool"
- name: Ensure RustPush container image is pulled
community.docker.docker_image_pull:
name: "{{ matrix_rustpush_bridge_container_image }}"
pull: always
register: matrix_rustpush_bridge_container_image_pull_result
when: "matrix_rustpush_bridge_enabled | bool and not matrix_rustpush_bridge_container_image_self_build | bool"
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: matrix_rustpush_bridge_container_image_pull_result is not failed
ignore_errors: "{{ ansible_check_mode }}"
- name: Ensure rustpush-bridge config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_rustpush_bridge_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_rustpush_bridge_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_rustpush_bridge_config_result
- name: Ensure rustpush-bridge registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_rustpush_bridge_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_rustpush_bridge_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_rustpush_bridge_registration_result
- name: Ensure rustpush-bridge support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_rustpush_bridge_base_path }}/{{ item }}"
mode: 0640
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items:
- labels
register: matrix_rustpush_bridge_support_files_result
- name: Ensure matrix-rustpush-bridge container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_rustpush_bridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-rustpush-bridge.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-rustpush-bridge.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rustpush-bridge.service"
mode: 0644
register: matrix_rustpush_bridge_systemd_service_result
- name: Determine whether matrix-rustpush-bridge needs a restart
ansible.builtin.set_fact:
matrix_rustpush_bridge_restart_necessary: >-
{{
matrix_rustpush_bridge_config_result.changed | default(false)
or matrix_rustpush_bridge_registration_result.changed | default(false)
or matrix_rustpush_bridge_support_files_result.changed | default(false)
or matrix_rustpush_bridge_systemd_service_result.changed | default(false)
or matrix_rustpush_bridge_container_image_pull_result.changed | default(false)
or matrix_rustpush_bridge_container_image_build_result.changed | default(false)
}}
@@ -0,0 +1,24 @@
# SPDX-FileCopyrightText: 2026 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Jason LaGuidice
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Check existence of matrix-rustpush-bridge service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rustpush-bridge.service"
register: matrix_rustpush_bridge_service_stat
- when: matrix_rustpush_bridge_service_stat.stat.exists | bool
block:
- name: Ensure matrix-rustpush-bridge is stopped
ansible.builtin.service:
name: matrix-rustpush-bridge
state: stopped
daemon_reload: true
- name: Ensure matrix-rustpush-bridge.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rustpush-bridge.service"
state: absent
@@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2026 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Jason LaGuidice
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if required RustPush settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
with_items:
- {'name': 'matrix_rustpush_bridge_appservice_token', when: true}
- {'name': 'matrix_rustpush_bridge_homeserver_address', when: true}
- {'name': 'matrix_rustpush_bridge_homeserver_token', when: true}
- {'name': 'matrix_rustpush_bridge_database_hostname', when: "{{ matrix_rustpush_bridge_database_engine == 'postgres' }}"}
- {'name': 'matrix_rustpush_bridge_container_network', when: true}
- {'name': 'matrix_rustpush_bridge_metrics_proxying_hostname', when: "{{ matrix_rustpush_bridge_metrics_proxying_enabled }}"}
- {'name': 'matrix_rustpush_bridge_metrics_proxying_path_prefix', when: "{{ matrix_rustpush_bridge_metrics_proxying_enabled }}"}
@@ -0,0 +1,209 @@
#jinja2: lstrip_blocks: True
# Network-specific config options (iMessage via RustPush)
network:
# Displayname template for iMessage contacts.
# Available variables:
# .FirstName, .LastName, .Nickname
# .Phone, .Email, .ID
displayname_template: {{ matrix_rustpush_bridge_network_displayname_template | to_json }}
# How many days back to look for chats during initial sync.
# Default is 365 (1 year). Set to 0 to use the default.
initial_sync_days: {{ matrix_rustpush_bridge_initial_sync_days | to_json }}
# Set to false to disable CloudKit backfill globally
cloudkit_backfill: {{ matrix_rustpush_bridge_cloudkit_backfill | to_json }}
backfill_source: cloudkit
# Enable or disable video transcoding
video_transcoding: {{ matrix_rustpush_bridge_video_transcoding | to_json }}
# Enable or disable HEIC conversion
heic_conversion: {{ matrix_rustpush_bridge_heic_conversion | to_json }}
heic_jpeg_quality: 95
# Set to true to disable Facetime support globally
disable_facetime: {{ matrix_rustpush_bridge_disable_facetime | to_json }}
# Set to false to disable Statuskit support globally
statuskit_notifications: {{ matrix_rustpush_bridge_statuskit_notifications | to_json }}
statuskit_share_on_startup: {{ matrix_rustpush_bridge_statuskit_share_on_startup | to_json }}
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_rustpush_bridge_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: true
# Whether the bridge should set names and avatars explicitly for DM portals.
private_chat_portal_meta: true
# Should events be handled asynchronously within portal rooms?
async_events: false
# Should every user have their own portals rather than sharing them?
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal?
tag_only_on_create: true
# List of tags to allow bridging.
only_bridge_tags: [m.favourite, m.lowpriority]
# Should room mute status only be synced when creating the portal?
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
cleanup_on_logout:
enabled: false
manual:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
enabled: false
admin_only: true
default_relays: []
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
permissions: {{ matrix_rustpush_bridge_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
type: postgres
uri: {{ matrix_rustpush_bridge_database_uri | to_json }}
max_open_conns: 5
max_idle_conns: 1
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
address: {{ matrix_rustpush_bridge_homeserver_address | to_json }}
domain: {{ matrix_rustpush_bridge_homeserver_domain | to_json }}
software: standard
status_endpoint:
message_send_checkpoint_endpoint:
async_media: {{ matrix_rustpush_bridge_homeserver_async_media | to_json }}
websocket: false
ping_interval_seconds: 0
# Application service host/registration related details.
appservice:
address: {{ matrix_rustpush_bridge_appservice_address | to_json }}
public_address: {{ matrix_rustpush_bridge_appservice_public_address | to_json }}
hostname: 0.0.0.0
port: 8081
id: rustpush-bridge
bot:
username: {{ matrix_rustpush_bridge_appservice_bot_username | to_json }}
displayname: {{ matrix_rustpush_bridge_appservice_bot_displayname | to_json(ensure_ascii=False) }}
avatar: {{ matrix_rustpush_bridge_appservice_bot_avatar | to_json }}
ephemeral_events: true
async_transactions: false
as_token: {{ matrix_rustpush_bridge_appservice_token | to_json }}
hs_token: {{ matrix_rustpush_bridge_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users.
username_template: {{ matrix_rustpush_bridge_appservice_username_template | to_json }}
# Config options that affect the Matrix connector of the bridge.
matrix:
message_status_events: false
delivery_receipts: false
message_error_notices: true
sync_direct_chat_list: true
federate_rooms: {{ matrix_rustpush_bridge_matrix_federate_rooms | to_json }}
upload_file_threshold: 5242880
# Segment-compatible analytics endpoint for tracking some events.
analytics:
token: null
url: https://api.segment.io/v1/track
user_id: null
# Settings for provisioning API
provisioning:
prefix: /_matrix/provision
shared_secret: {{ matrix_rustpush_bridge_provisioning_shared_secret | to_json }}
allow_matrix_auth: true
debug_endpoints: false
# Settings for backfilling messages.
backfill:
enabled: {{ matrix_rustpush_bridge_backfill_enabled | to_json }}
max_initial_messages: {{ matrix_rustpush_bridge_backfill_max_initial_messages | to_json }}
max_catchup_messages: {{ matrix_rustpush_bridge_backfill_max_catchup_messages | to_json }}
unread_hours_threshold: 720
threads:
max_initial_messages: 50
queue:
enabled: false
batch_size: 100
batch_delay: 20
max_batches: -1
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
servers: {}
allow_discovery: false
secrets: {{ matrix_rustpush_bridge_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
encryption:
allow: {{ matrix_rustpush_bridge_bridge_encryption_allow | to_json }}
default: {{ matrix_rustpush_bridge_bridge_encryption_default | to_json }}
require: {{ matrix_rustpush_bridge_bridge_encryption_require | to_json }}
appservice: {{ matrix_rustpush_bridge_bridge_encryption_appservice | to_json }}
msc4190: {{ matrix_rustpush_bridge_msc4190_enabled | to_json }}
self_sign: {{ matrix_rustpush_bridge_self_sign_enabled | to_json }}
allow_key_sharing: {{ matrix_rustpush_bridge_bridge_encryption_key_sharing_allow | to_json }}
pickle_key: {{ matrix_rustpush_bridge_bridge_encryption_pickle_key | to_json }}
delete_keys:
delete_outbound_on_ack: false
dont_store_outbound: false
ratchet_on_decrypt: false
delete_fully_used_on_decrypt: false
delete_prev_on_new_session: false
delete_on_device_delete: false
periodically_delete_expired: false
delete_outdated_inbound: false
verification_levels:
receive: unverified
send: unverified
share: cross-signed-tofu
rotation:
enable_custom: false
milliseconds: 604800000
messages: 100
disable_device_change_key_rotation: false
# Logging config.
logging:
min_level: {{ matrix_rustpush_bridge_logging_level | to_json }}
writers:
- type: stdout
format: pretty-colored
@@ -0,0 +1,4 @@
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
@@ -0,0 +1,53 @@
{#
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if matrix_rustpush_bridge_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_rustpush_bridge_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_rustpush_bridge_container_labels_traefik_docker_network }}
{% endif %}
traefik.http.services.matrix-rustpush-bridge-metrics.loadbalancer.server.port=8000
{% if matrix_rustpush_bridge_container_labels_metrics_enabled %}
############################################################
# #
# Metrics #
# #
############################################################
{% if matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_enabled %}
traefik.http.middlewares.matrix-rustpush-bridge-metrics-basic-auth.basicauth.users={{ matrix_rustpush_bridge_container_labels_metrics_middleware_basic_auth_users }}
traefik.http.routers.matrix-rustpush-bridge-metrics.middlewares=matrix-rustpush-bridge-metrics-basic-auth
{% endif %}
traefik.http.routers.matrix-rustpush-bridge-metrics.rule={{ matrix_rustpush_bridge_container_labels_metrics_traefik_rule }}
{% if matrix_rustpush_bridge_container_labels_metrics_traefik_priority | int > 0 %}
traefik.http.routers.matrix-rustpush-bridge-metrics.priority={{ matrix_rustpush_bridge_container_labels_metrics_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-rustpush-bridge-metrics.service=matrix-rustpush-bridge-metrics
traefik.http.routers.matrix-rustpush-bridge-metrics.entrypoints={{ matrix_rustpush_bridge_container_labels_metrics_traefik_entrypoints }}
traefik.http.routers.matrix-rustpush-bridge-metrics.tls={{ matrix_rustpush_bridge_container_labels_metrics_traefik_tls | to_json }}
{% if matrix_rustpush_bridge_container_labels_metrics_traefik_tls %}
traefik.http.routers.matrix-rustpush-bridge-metrics.tls.certResolver={{ matrix_rustpush_bridge_container_labels_metrics_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Metrics #
# #
############################################################
{% endif %}
{% endif %}
{{ matrix_rustpush_bridge_container_labels_additional_labels }}
@@ -0,0 +1,4 @@
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
@@ -0,0 +1,51 @@
#jinja2: lstrip_blocks: True
[Unit]
Description=Matrix RustPush bridge
{% for service in matrix_rustpush_bridge_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_rustpush_bridge_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rustpush-bridge 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rustpush-bridge 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-rustpush-bridge \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_rustpush_bridge_container_network }} \
--env HOME=/data \
{% if matrix_rustpush_bridge_rust_log %} --env RUST_LOG={{ matrix_rustpush_bridge_rust_log }} \
{% endif %} --mount type=bind,src={{ matrix_rustpush_bridge_config_path }},dst=/config \
--mount type=bind,src={{ matrix_rustpush_bridge_data_path }},dst=/data \
--label-file={{ matrix_rustpush_bridge_base_path }}/labels \
--entrypoint /usr/local/bin/matrix-rustpush \
{% for arg in matrix_rustpush_bridge_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_rustpush_bridge_container_image }} \
-c /config/config.yaml -r /config/registration.yaml
{% for network in matrix_rustpush_bridge_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-rustpush-bridge
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-rustpush-bridge
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-rustpush-bridge 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rustpush-bridge 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-rustpush-bridge
[Install]
WantedBy=multi-user.target
@@ -0,0 +1,4 @@
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
@@ -29,7 +29,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}" matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_facts['memtotal_mb'] < 4096 }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web # renovate: datasource=docker depName=ghcr.io/element-hq/element-web
matrix_client_element_version: v1.12.21 matrix_client_element_version: v1.12.22
matrix_client_element_container_image: "{{ matrix_client_element_container_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}" matrix_client_element_container_image: "{{ matrix_client_element_container_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
matrix_client_element_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_container_image_registry_prefix_upstream }}" matrix_client_element_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_container_image_registry_prefix_upstream }}"
@@ -13,7 +13,7 @@ matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/et
matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}" matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
# renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web # renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
matrix_client_fluffychat_version: v2.5.1 matrix_client_fluffychat_version: v2.7.2
matrix_client_fluffychat_container_image: "{{ matrix_client_fluffychat_container_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}" matrix_client_fluffychat_container_image: "{{ matrix_client_fluffychat_container_image_registry_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
matrix_client_fluffychat_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_container_image_registry_prefix_upstream }}" matrix_client_fluffychat_container_image_registry_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else matrix_client_fluffychat_container_image_registry_prefix_upstream }}"
matrix_client_fluffychat_container_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_container_image_registry_prefix_upstream_default }}" matrix_client_fluffychat_container_image_registry_prefix_upstream: "{{ matrix_client_fluffychat_container_image_registry_prefix_upstream_default }}"
@@ -1,5 +1,6 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors # SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Slavi Pantaleev # SPDX-FileCopyrightText: 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -13,7 +14,7 @@ matrix_continuwuity_enabled: true
matrix_continuwuity_hostname: '' matrix_continuwuity_hostname: ''
# renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity # renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity
matrix_continuwuity_version: v0.5.9 matrix_continuwuity_version: v0.5.10
matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}" matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}"
matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}" matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}"
@@ -190,7 +191,9 @@ matrix_continuwuity_config_turn_password: ''
# Controls whether the self-check feature should validate SSL certificates. # Controls whether the self-check feature should validate SSL certificates.
matrix_continuwuity_self_check_validate_certificates: true matrix_continuwuity_self_check_validate_certificates: true
# If set, registration will require Google ReCAPTCHA verification. # Configuring both of these settings makes registration require Google ReCAPTCHA verification.
# Both must be set together (or both left empty). Setting only one of them is a configuration error.
# When both are set, ReCAPTCHA gets enabled automatically (see `matrix_continuwuity_recaptcha_enabled` in `vars/main.yml`).
matrix_continuwuity_config_recaptcha_site_key: '' matrix_continuwuity_config_recaptcha_site_key: ''
matrix_continuwuity_config_recaptcha_private_site_key: '' matrix_continuwuity_config_recaptcha_private_site_key: ''
@@ -1,4 +1,5 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors # SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@@ -36,3 +37,11 @@
- {'old': 'matrix_continuwuity_docker_image_registry_prefix_upstream', 'new': 'matrix_continuwuity_container_image_registry_prefix_upstream'} - {'old': 'matrix_continuwuity_docker_image_registry_prefix_upstream', 'new': 'matrix_continuwuity_container_image_registry_prefix_upstream'}
- {'old': 'matrix_continuwuity_docker_image_registry_prefix_upstream_default', 'new': 'matrix_continuwuity_container_image_registry_prefix_upstream_default'} - {'old': 'matrix_continuwuity_docker_image_registry_prefix_upstream_default', 'new': 'matrix_continuwuity_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_continuwuity_container_image_force_pull', 'new': '<removed> (the new community.docker.docker_image_pull module handles this natively)'} - {'old': 'matrix_continuwuity_container_image_force_pull', 'new': '<removed> (the new community.docker.docker_image_pull module handles this natively)'}
- name: Fail if Continuwuity ReCAPTCHA is only partially configured
ansible.builtin.fail:
msg: >-
You have configured only one of `matrix_continuwuity_config_recaptcha_site_key` and
`matrix_continuwuity_config_recaptcha_private_site_key`. Configure both to enable ReCAPTCHA
registration, or leave both empty to disable it.
when: "(matrix_continuwuity_config_recaptcha_site_key | string | length > 0) != (matrix_continuwuity_config_recaptcha_private_site_key | string | length > 0)"
@@ -2,6 +2,7 @@
SPDX-FileCopyrightText: 2025 MDAD project contributors SPDX-FileCopyrightText: 2025 MDAD project contributors
SPDX-FileCopyrightText: 2025 Slavi Pantaleev SPDX-FileCopyrightText: 2025 Slavi Pantaleev
SPDX-FileCopyrightText: 2025 Suguru Hirahara SPDX-FileCopyrightText: 2025 Suguru Hirahara
SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
@@ -490,6 +491,7 @@ registration_token = {{ matrix_continuwuity_config_registration_token | to_json
# #
#registration_token_file = #registration_token_file =
{% if matrix_continuwuity_recaptcha_enabled %}
# The public site key for reCaptcha. If this is provided, reCaptcha # The public site key for reCaptcha. If this is provided, reCaptcha
# becomes required during registration. If both captcha *and* # becomes required during registration. If both captcha *and*
# registration token are enabled, both will be required during # registration token are enabled, both will be required during
@@ -509,6 +511,7 @@ recaptcha_site_key = {{ matrix_continuwuity_config_recaptcha_site_key | to_json
# even if `recaptcha_site_key` is set. # even if `recaptcha_site_key` is set.
# #
recaptcha_private_site_key = {{ matrix_continuwuity_config_recaptcha_private_site_key | to_json }} recaptcha_private_site_key = {{ matrix_continuwuity_config_recaptcha_private_site_key | to_json }}
{% endif %}
# Controls whether encrypted rooms and events are allowed. # Controls whether encrypted rooms and events are allowed.
# #
@@ -1,9 +1,15 @@
# SPDX-FileCopyrightText: 2025 MDAD project contributors # SPDX-FileCopyrightText: 2025 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Slavi Pantaleev # SPDX-FileCopyrightText: 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
--- ---
# Continuwuity has no dedicated "enable ReCAPTCHA" setting. It enables ReCAPTCHA registration based on the
# presence of a recaptcha private site key, so we only render the keys when both have been configured.
# This avoids rendering empty keys, which would otherwise enable a broken ReCAPTCHA flow.
matrix_continuwuity_recaptcha_enabled: "{{ matrix_continuwuity_config_recaptcha_site_key | string | length > 0 and matrix_continuwuity_config_recaptcha_private_site_key | string | length > 0 }}"
matrix_continuwuity_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}/_matrix/client/versions" matrix_continuwuity_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}/_matrix/client/versions"
matrix_continuwuity_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" matrix_continuwuity_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_continuwuity_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
@@ -11,7 +11,7 @@
matrix_element_admin_enabled: true matrix_element_admin_enabled: true
# renovate: datasource=docker depName=oci.element.io/element-admin # renovate: datasource=docker depName=oci.element.io/element-admin
matrix_element_admin_version: 0.1.11 matrix_element_admin_version: 0.1.12
matrix_element_admin_scheme: https matrix_element_admin_scheme: https
@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}" matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call # renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.20.1 matrix_element_call_version: v0.20.3
matrix_element_call_scheme: https matrix_element_call_scheme: https
+1 -1
View File
@@ -27,7 +27,7 @@ matrix_ketesa_container_image_self_build: false
matrix_ketesa_container_image_self_build_repo: "https://github.com/etkecc/ketesa.git" matrix_ketesa_container_image_self_build_repo: "https://github.com/etkecc/ketesa.git"
# renovate: datasource=docker depName=ghcr.io/etkecc/ketesa # renovate: datasource=docker depName=ghcr.io/etkecc/ketesa
matrix_ketesa_version: v1.2.1 matrix_ketesa_version: v1.3.0
matrix_ketesa_container_image: "{{ matrix_ketesa_container_image_registry_prefix }}etkecc/ketesa:{{ matrix_ketesa_version }}" matrix_ketesa_container_image: "{{ matrix_ketesa_container_image_registry_prefix }}etkecc/ketesa:{{ matrix_ketesa_version }}"
matrix_ketesa_container_image_registry_prefix: "{{ 'localhost/' if matrix_ketesa_container_image_self_build else matrix_ketesa_container_image_registry_prefix_upstream }}" matrix_ketesa_container_image_registry_prefix: "{{ 'localhost/' if matrix_ketesa_container_image_self_build else matrix_ketesa_container_image_registry_prefix_upstream }}"
matrix_ketesa_container_image_registry_prefix_upstream: "{{ matrix_ketesa_container_image_registry_prefix_upstream_default }}" matrix_ketesa_container_image_registry_prefix_upstream: "{{ matrix_ketesa_container_image_registry_prefix_upstream_default }}"
@@ -125,3 +125,14 @@ matrix_livekit_jwt_service_systemd_required_services_list_custom: []
# The default of `false` means "no restart needed" — appropriate when the role's # The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them). # installation tasks haven't run (e.g., due to --tags skipping them).
matrix_livekit_jwt_service_restart_necessary: false matrix_livekit_jwt_service_restart_necessary: false
# Support additional container arguments for the LiveKit JWT service
matrix_livekit_jwt_service_container_additional_arguments: []
# A list of additional "volumes" to mount in the container.
# Contains definition objects like this: `{"type": "bind", "src": "/outside", "dst": "/inside", "options": "readonly"}.
# See the `--mount` documentation for the `docker run` command.
# Note: internally, this uses the `--mount` flag for mounting the specified volumes.
matrix_livekit_jwt_service_container_additional_volumes: "{{ matrix_livekit_jwt_service_container_additional_volumes_auto + matrix_livekit_jwt_service_container_additional_volumes_custom }}"
matrix_livekit_jwt_service_container_additional_volumes_auto: []
matrix_livekit_jwt_service_container_additional_volumes_custom: []

Some files were not shown because too many files have changed in this diff Show More