iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-24 22:08:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: iartamonov/matrix-docker-ansible-deploy:create-pull-request/i18n
Branches Tags
iartamonov/matrix-docker-ansible-deploy:master iartamonov/matrix-docker-ansible-deploy:renovate/matrixdotorg-sygnal-0.x iartamonov/matrix-docker-ansible-deploy:create-pull-request/i18n iartamonov/matrix-docker-ansible-deploy:migration-validation-system iartamonov/matrix-docker-ansible-deploy:copilot/update-exim-relay-docs iartamonov/matrix-docker-ansible-deploy:synapse-user-register-wait-for iartamonov/matrix-docker-ansible-deploy:remove-zulip-bridge iartamonov/matrix-docker-ansible-deploy:stabilize-mas iartamonov/matrix-docker-ansible-deploy:element-call-stack iartamonov/matrix-docker-ansible-deploy:element-call-integration iartamonov/matrix-docker-ansible-deploy:synapse-cache-tuning iartamonov/matrix-docker-ansible-deploy:HarHarLinks/hookshot-encryption
..
pull from: iartamonov/matrix-docker-ansible-deploy:master
Branches Tags
iartamonov/matrix-docker-ansible-deploy:master iartamonov/matrix-docker-ansible-deploy:renovate/matrixdotorg-sygnal-0.x iartamonov/matrix-docker-ansible-deploy:create-pull-request/i18n iartamonov/matrix-docker-ansible-deploy:migration-validation-system iartamonov/matrix-docker-ansible-deploy:copilot/update-exim-relay-docs iartamonov/matrix-docker-ansible-deploy:synapse-user-register-wait-for iartamonov/matrix-docker-ansible-deploy:remove-zulip-bridge iartamonov/matrix-docker-ansible-deploy:stabilize-mas iartamonov/matrix-docker-ansible-deploy:element-call-stack iartamonov/matrix-docker-ansible-deploy:element-call-integration iartamonov/matrix-docker-ansible-deploy:synapse-cache-tuning iartamonov/matrix-docker-ansible-deploy:HarHarLinks/hookshot-encryption

36 Commits
create-pull-request/i18n .. master

Author SHA1 Message Date
renovate[bot] bfabb0d456 Update dependency etherpad to v2.7.1-0 2026-04-24 10:59:04 +03:00
Slavi Pantaleev 8e2545a100 Upgrade meshtastic-relay (v1.2.8 -> v1.3.5) and adapt for MMRELAY_HOME 
v1.3.0 moved the container's runtime paths to a unified MMRELAY_HOME=/data
model (credentials, database, logs, E2EE store, plugins all live under /data).
Legacy /app paths still work until v1.4.

Adapted the role to the new model: drop the three `/app/*` bind mounts and
the `_logs_path` variable, mount `_config_path` read-only at `/config` and
`_data_path` read-write at `/data`, and invoke the container as
`mmrelay --config /config/config.yaml` so the Ansible-managed config stays
separate from runtime data. Also drop the hardcoded `/app/data/...` database
and e2ee store_path overrides from the default config; MMRELAY_HOME defaults
place them under `_data_path/database/` and `_data_path/matrix/store/` on the
host.
 2026-04-24 10:54:18 +03:00
luschmar 243b4d0fd9 Add MatrixMeshtasticRelay (#4840) 
* Add Matrix <-> Meshtastic bridge (meshtastic-matrix-relay)

Vendors the meshtastic-matrix-relay (mmrelay) role into roles/custom/
following the conventions used by other bridge roles.

Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>

* Add docs and CHANGELOG entry for Matrix <-> Meshtastic bridge

Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2026-04-24 10:31:18 +03:00
github-actions[bot] 2949e0931f Automatic translations update 2026-04-24 09:41:19 +03:00
Slavi Pantaleev 675338fc18 Upgrade livekit_server role (v1.11.0-0 -> v1.11.0-1) 
Brings in a new `livekit_server_container_http_listen_interface`
variable, which allows publishing LiveKit's HTTP signaling port (7880)
on a host interface. Useful when a reverse-proxy fronting LiveKit runs
outside the container network.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 09:36:39 +03:00
D4GU 2361d5ac5d Add missing matrix_client_commet_container_image_force_pull variable (#5008) 
The `matrix-client-commet` role's pull task references
`matrix_client_commet_container_image_force_pull`, but the variable
was never defined in defaults. Users setting
`matrix_client_commet_container_image_self_build: false` would hit an
undefined-variable failure.

Define it using the same pattern as other client roles (force-pull on
moving tags), covering both `:latest` and `:main` since Commet's
default version is `main`.
 2026-04-24 09:24:03 +03:00
thigg a753a3b295 Add nginx reverse-proxy example for Matrix RTC (#5086) 
When fronting the playbook's integrated Traefik reverse-proxy with
another reverse-proxy (e.g. nginx), WebSocket traffic needs to be
forwarded to LiveKit Server at the `/livekit-server/` path for Matrix
RTC calls to work.

Adds a `/livekit-server/` location block to the nginx reverse-proxy
example, a section to the Matrix RTC docs explaining the requirement,
and cross-links between the two.
 2026-04-24 09:14:07 +03:00
Matěj Cepl e0bc2be687 Clean up ansible-lint warnings in defaults/main.yml files (#5148) 
Reformat `{{ { ... }[engine] }}` dict-in-Jinja-expressions across
bot/bridge role defaults for consistent indentation (tabs -> spaces).
Also: fix a missing space in a Jinja `+` expression in matrix-static-files,
and fix indentation in the caddy2-in-container example.

The original PR also renamed `galaxy/<role>` role references to just
`<role>` in setup.yml and jitsi_jvb.yml; those were dropped here because
Ansible does not recurse into subdirectories of `roles/` by default and
no `roles_path` is configured in ansible.cfg, so the rename would break
role resolution.

Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
 2026-04-24 09:01:47 +03:00
Slavi Pantaleev 5b7a1c2a6c Upgrade mautrix-telegram (v0.15.3 -> v0.2604.0) (bridgev2) and adapt configuration 
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges.

Related to:
- https://github.com/mautrix/telegram/releases/tag/v0.2604.0
- https://mau.fi/blog/2026-04-mautrix-release/

The bridge is now a Go binary with upstream-handled automatic database and
config migration on first start, so in-place upgrades on Postgres should
Just Work for users on the defaults. The lottieconverter sidecar container
is gone (bundled upstream), and the public web-based login endpoint is
gone (login happens inside Matrix now).

Upstream v0.2604.0 has a known bug in the legacy SQLite migration that
can corrupt data. The role detects legacy Python-bridge SQLite databases
(via the `telethon_sessions` table signature) and refuses to upgrade,
pointing users to switch to Postgres (playbook-managed pgloader migration)
or wait for the next upstream release. The guard is isolated in its own
`validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted
cleanly once upstream fixes the bug.

Removed variables (all caught by the deprecation check in
`validate_config.yml` with actionable rename/removal hints): the entire
`_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` /
`_appservice_public_*` / `_container_labels_public_endpoint_*` /
`_container_http_host_bind_port` family (web login endpoint is gone);
`_bot_token` (old-style relaybot is gone, use the common bridgev2 relay
mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*`
(use Appservice Double Puppet); `_username_template`, `_alias_template`,
`_displayname_template` (templates moved under `network:`, new Go-template
syntax, exposed via `_network_displayname_template`); all
`_lottieconverter_*` variables; `_appservice_database` (renamed to
`_appservice_database_uri`).

Added playbook-time validation that catches legacy permission values
(`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides
via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too),
with a mapping hint in the error message.

Other notes:

- The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db`
  to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader
  migration step, so users who flip to Postgres as part of this upgrade
  get their data imported correctly.
- The Ketesa managed-user regex for the telegram namespace is updated to
  match both regular IDs and the new `channel-<id>` form used by bridgev2.
- `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0,
  with a new breaking-change entry pointing at the CHANGELOG section.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 08:45:04 +03:00
Suguru Hirahara ce0c194cd3 Fix ddclient_container_image_registry_prefix_upstream 
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5165

Signed-off-by: Suguru Hirahara <did:key:z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
 2026-04-24 11:04:30 +09:00
renovate[bot] 89f197ceb5 chore(deps): update dependency traefik to v3.6.14-0 2026-04-23 11:35:52 +03:00
renovate[bot] bfeb8fdb54 chore(deps): update dependency idna to v3.13 2026-04-23 10:12:09 +03:00
renovate[bot] 849cecc5d0 chore(deps): update dependency click to v8.3.3 2026-04-23 10:12:01 +03:00
renovate[bot] 052e5a6e3e chore(deps): update dependency certifi to v2026.4.22 2026-04-23 10:11:53 +03:00
renovate[bot] 6fac597733 chore(deps): update dependency ntfy to v2.22.0-0 2026-04-22 12:20:58 +03:00
renovate[bot] 5495f5456f chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2026.4.22 2026-04-22 12:20:39 +03:00
renovate[bot] 5913a4c7eb chore(deps): update ghcr.io/element-hq/lk-jwt-service docker tag to v0.4.4 2026-04-20 19:58:37 +03:00
Slavi Pantaleev 0a00adc580 Auto-wire Continuwuity SMTP and well-known defaults 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5154
 2026-04-18 07:49:49 +03:00
Slavi Pantaleev fcd48e7480 Make matrix_continuwuity_systemd_wanted_services_list actually used in matrix-continuwuity.service 2026-04-18 07:46:24 +03:00
Slavi Pantaleev 53c391f420 Split matrix_continuwuity_systemd_wanted_services_list into _default_, _auto and _custom 2026-04-18 07:46:03 +03:00
ezera 0cb1600eda feat(c10y): add support for global.smtp settings 
Adds support for SMTP and email-related settings
added in Continuwuity 0.5.7.
 2026-04-18 07:22:59 +03:00
renovate[bot] 3890dce67a chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2604.0 2026-04-18 07:08:31 +03:00
renovate[bot] f4d03a580b chore(deps): update dependency livekit_server to v1.11.0-0 2026-04-18 07:07:58 +03:00
Sid Manat cf71cb64c4 feat(synapse): support Postgres database keepalive options 2026-04-17 21:50:44 +03:00
renovate[bot] ad0f425b3a chore(deps): update forgejo.ellis.link/continuwuation/continuwuity docker tag to v0.5.7 2026-04-17 21:47:47 +03:00
renovate[bot] 7d3f289582 chore(deps): update dock.mau.dev/mautrix/twitter docker tag to v0.2604.0 2026-04-17 21:46:57 +03:00
renovate[bot] 0a772cc7fb chore(deps): update ghcr.io/element-hq/lk-jwt-service docker tag to v0.4.3 2026-04-17 21:46:42 +03:00
renovate[bot] b1a84c1428 chore(deps): update dock.mau.dev/mautrix/slack docker tag to v0.2604.0 2026-04-17 21:46:21 +03:00
renovate[bot] 5e0a91962a chore(deps): update dock.mau.dev/mautrix/meta docker tag to v0.2604.0 2026-04-17 21:45:11 +03:00
renovate[bot] 43fb63b6bc chore(deps): update dock.mau.dev/mautrix/gmessages docker tag to v0.2604.0 2026-04-17 21:45:02 +03:00
Aine e031c207cf Ketesa v1.2.0 <https://github.com/etkecc/ketesa/releases/tag/v1.2.0> 2026-04-17 08:41:41 +01:00
renovate[bot] eab5c61ca7 chore(deps): update dependency prometheus to v3.11.2-0 2026-04-16 18:32:17 +03:00
renovate[bot] 122004a03a chore(deps): update dependency packaging to v26.1 2026-04-16 18:32:09 +03:00
renovate[bot] 4fea89a690 chore(deps): update astral-sh/setup-uv action to v8 2026-04-16 18:31:58 +03:00
renovate[bot] b48f833ffd chore(deps): update dependency sable to v1.14.0-0 2026-04-16 18:31:42 +03:00
renovate[bot] 83808b391b chore(deps): update ghcr.io/element-hq/element-call docker tag to v0.19.1 2026-04-16 16:41:19 +03:00
62 changed files with 1669 additions and 1063 deletions
Expand all files Collapse all files
.github/workflows/update-translations.yml
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
# Setting up recommended prerequisites
# See: i18n/README.md
- uses: astral-sh/setup-uv@v7
- uses: astral-sh/setup-uv@v8
- uses: extractions/setup-just@v4
# TODO: optimize when we start publishing translations and integrate a Weblate instance
CHANGELOG.md
+23
View File
@@ -1,3 +1,26 @@
# 2026-04-24
## Support for bridging to Meshtastic via meshtastic-matrix-relay
Thanks to [luschmar](https://github.com/luschmar), the playbook now supports bridging to [Meshtastic](https://meshtastic.org/) mesh networks via [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) (mmrelay).
To learn more, see our [Setting up a Matrix <-> Meshtastic bridge](./docs/configuring-playbook-bridge-meshtastic-relay.md) documentation page.
## (BC Break) mautrix-telegram has been rewritten in Go (bridgev2)
The [mautrix-telegram](./docs/configuring-playbook-bridge-mautrix-telegram.md) bridge has been [rewritten in Go](https://mau.fi/blog/2026-04-mautrix-release/) on top of the [bridgev2](https://docs.mau.fi/bridges/go/) architecture. See the [upstream v26.04 release notes](https://github.com/mautrix/telegram/releases/tag/v0.2604.0) for what changed in the bridge itself (shared-portal behavior, management-room state, new features, etc.).
**Most users won't have to do anything.** If you use the playbook's integrated Postgres (the default) and haven't customized telegram-bridge variables beyond `matrix_mautrix_telegram_api_id` and `matrix_mautrix_telegram_api_hash`, just re-run the playbook; the bridge will migrate itself on first start. Taking a backup beforehand is still a good idea.
⚠️ **SQLite users: do not upgrade yet.** Upstream v0.2604.0 has a [known bug in the legacy SQLite migration](https://github.com/mautrix/telegram/releases/tag/v0.2604.0) that can corrupt your data. The playbook detects this case and will refuse to proceed. Either switch to Postgres first (set `matrix_mautrix_telegram_database_engine: postgres`; the playbook handles the pgloader migration), or wait for the next upstream release.
Playbook-specific things to know. The playbook will fail loudly if you're affected:
- Many `matrix_mautrix_telegram_*` variables have been **removed** (web-login endpoint, lottieconverter, username/alias/displayname templates, filter-mode, bot-token relaybot, Shared-Secret-Auth map). The deprecation check will tell you exactly what to rename or drop when you run the playbook.
- **Old-style relaybot users** (`matrix_mautrix_telegram_bot_token`): switch to the common [mautrix bridge relay mode](./docs/configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional) via `matrix_mautrix_telegram_bridge_relay_enabled: true`.
- **Shared-Secret-Auth double-puppeting users**: switch to [Appservice Double Puppet](./docs/configuring-playbook-appservice-double-puppet.md); the playbook wires it up automatically.
- **Custom `matrix_mautrix_telegram_bridge_permissions`**: map `relaybot` to `relay`, `puppeting` to `user`, `full` to `user`. Validated at playbook time.
# 2026-04-03
## (BC Break) Synapse Admin (fork by etke.cc) is now Ketesa
README.md
+1
View File
@@ -132,6 +132,7 @@ Bridges can be used to connect your Matrix installation with third-party communi
| [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
| [matrix-wechat](https://github.com/duo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) | [Link](docs/configuring-playbook-bridge-wechat.md) |
| [Heisenbridge](https://github.com/hifi/heisenbridge) | ❌ | Bouncer-style bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
| [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) | ❌ | Bridge to [Meshtastic](https://meshtastic.org/) mesh networks | [Link](docs/configuring-playbook-bridge-meshtastic-relay.md) |
| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | ❌ | Bridge to [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
| [mx-puppet-steam](https://codeberg.org/icewind/mx-puppet-steam) | ❌ | Bridge to [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
| [Postmoogle](https://github.com/etkecc/postmoogle) | ❌ | Email to Matrix bridge | [Link](docs/configuring-playbook-bridge-postmoogle.md) |
docs/configuring-playbook-bridge-mautrix-telegram.md
+10 -36
View File
@@ -1,5 +1,5 @@
<!--
SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2018 - 2026 Slavi Pantaleev
SPDX-FileCopyrightText: 2018 Hugues Morisset
SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
SPDX-FileCopyrightText: 2021 Panagiotis Georgiadis
@@ -17,7 +17,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
The playbook can install and configure [mautrix-telegram](https://github.com/mautrix/telegram) for you.
See the project's [documentation](https://docs.mau.fi/bridges/python/telegram/index.html) to learn what it does and why it might be useful to you.
See the project's [documentation](https://docs.mau.fi/bridges/go/telegram/index.html) to learn what it does and why it might be useful to you.
## Prerequisites
@@ -25,18 +25,12 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/telegram/in
To use the bridge, you'd need to obtain an API key from [https://my.telegram.org/apps](https://my.telegram.org/apps).
### Enable Appservice Double Puppet or Shared Secret Auth (optional)
### Enable Appservice Double Puppet (optional)
If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
See [this section](configuring-playbook-bridge-mautrix-bridges.md#set-up-double-puppeting-optional) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about setting up Double Puppeting.
**Notes**:
- Double puppeting with the Shared Secret Auth works at the time of writing, but is deprecated and will stop working in the future.
- If you decided to enable Double Puppeting manually, send `login-matrix` to the bot in order to receive an instruction about how to send an access token to it.
## Adjusting the playbook configuration
To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `YOUR_TELEGRAM_APP_ID` and `YOUR_TELEGRAM_API_HASH`.
@@ -49,37 +43,16 @@ matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
### Relaying
### Enable relay-bot (optional)
If you want to use the relay-bot feature ([relay bot documentation](https://docs.mau.fi/bridges/python/telegram/relay-bot.html)), which allows anonymous user to chat with telegram users, add the following configuration to your `vars.yml` file:
```yaml
matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
permissions:
'*': relaybot
```
This bridge supports the common [mautrix bridge relay mode](configuring-playbook-bridge-mautrix-bridges.md#enable-relay-mode-optional). Once enabled, any authenticated user can be turned into a relaybot for a chat by sending `!tg set-relay` in that chat.
### Configure a user as an administrator of the bridge (optional)
You might also want to give permissions to a user to administrate the bot. See [this section](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional) on the common guide for details about it.
More details about permissions in this example: https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410
### Use the bridge for direct chats only (optional)
If you want to exclude all groups from syncing and use the Telegram-Bridge only for direct chats, add the following configuration to your `vars.yml` file:
```yaml
matrix_mautrix_telegram_filter_mode: whitelist
```
### Extending the configuration
There are some additional things you may wish to configure about the bridge.
<!-- NOTE: common relay mode is not supported for this bridge -->
See [this section](configuring-playbook-bridge-mautrix-bridges.md#extending-the-configuration) on the [common guide for configuring mautrix bridges](configuring-playbook-bridge-mautrix-bridges.md) for details about variables that you can customize and the bridge's default configuration, including [bridge permissions](configuring-playbook-bridge-mautrix-bridges.md#configure-bridge-permissions-optional), [encryption support](configuring-playbook-bridge-mautrix-bridges.md#enable-encryption-optional), [bot's username](configuring-playbook-bridge-mautrix-bridges.md#set-the-bots-username-optional), etc.
## Installing
@@ -99,9 +72,9 @@ The shortcut commands with the [`just` program](just.md) are also available: `ju
To use the bridge, you need to start a chat with `@telegrambot:example.com` (where `example.com` is your base domain, not the `matrix.` domain).
You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/telegram/authentication.html).
You can then follow instructions on the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/go/telegram/authentication.html).
After logging in, the bridge will create portal rooms for all of your Telegram groups and invite you to them. Note that the bridge won't automatically create rooms for private chats.
After logging in, the bridge will create portal rooms for all of your Telegram groups and invite you to them.
## Troubleshooting
@@ -109,8 +82,9 @@ As with all other services, you can find the logs in [systemd-journald](https://
### Increase logging verbosity
The default logging level for this component is `WARNING`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
The default logging level for this component is `warn`. If you want to increase the verbosity, add the following configuration to your `vars.yml` file and re-run the playbook:
```yaml
matrix_mautrix_telegram_logging_level: DEBUG
# Valid values: fatal, error, warn, info, debug, trace
matrix_mautrix_telegram_logging_level: debug
```
docs/configuring-playbook-bridge-meshtastic-relay.md
+95
View File
@@ -0,0 +1,95 @@
<!--
SPDX-FileCopyrightText: 2025 - 2026 luschmar
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Setting up a Matrix <-> Meshtastic bridge (optional)
The playbook can install and configure [meshtastic-matrix-relay](https://github.com/jeremiah-k/meshtastic-matrix-relay) (sometimes referred to as `mmrelay`) for you — a bridge between [Matrix](https://matrix.org/) and [Meshtastic](https://meshtastic.org/) mesh networks.
See the [project's documentation](https://github.com/jeremiah-k/meshtastic-matrix-relay) to learn what it does and why it might be useful to you.
## Prerequisites
You need a Matrix account for the bot. You can either [register the bot account manually](registering-users.md) or let the playbook create it when running `ansible-playbook … --tags=ensure-matrix-users-created`. Either way, you'll need the account's **password** to configure the bridge — unlike most other bridges in this playbook, `mmrelay` authenticates with a password and creates its own session (optionally with End-to-End Encryption material).
You also need access to a Meshtastic device, connected to the server via one of:
- **TCP**: the device is reachable on the network (e.g. a Meshtastic node running the TCP API),
- **Serial**: the device is plugged in via USB and available on the host (e.g. `/dev/ttyUSB0`),
- **BLE**: the device is reachable via Bluetooth Low Energy from the host.
## Adjusting the playbook configuration
To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
```yaml
matrix_meshtastic_relay_enabled: true
# Password for the bot's Matrix account.
# On first startup, the bridge uses this to log in and persist credentials
# (including End-to-End Encryption material) under its data directory.
# After that, the password can be removed from this variable.
matrix_meshtastic_relay_matrix_bot_password: "PASSWORD_FOR_THE_BOT"
# How the bridge connects to your Meshtastic device.
# One of: tcp, serial, ble
matrix_meshtastic_relay_connection_type: tcp
# For connection_type: tcp
matrix_meshtastic_relay_tcp_host: "meshtastic.local"
# For connection_type: serial
# matrix_meshtastic_relay_serial_port: "/dev/ttyUSB0"
# For connection_type: ble
# matrix_meshtastic_relay_ble_address: "AA:BB:CC:DD:EE:FF"
# Matrix rooms to bridge to Meshtastic channels.
matrix_meshtastic_relay_matrix_rooms_list:
- id: "#meshtastic:{{ matrix_domain }}"
meshtastic_channel: "0"
```
By default, the bot's Matrix ID is `@meshtasticbot:{{ matrix_domain }}`. To change it, adjust `matrix_meshtastic_relay_matrix_bot_user_id`.
### Bluetooth (BLE) connections
When `matrix_meshtastic_relay_connection_type` is `ble`, the container runs with `--network=host` and bind-mounts the host's DBus socket — both are required for Bluetooth pairing/communication. Only use this connection type if you trust the playbook-managed host and are comfortable with these privileges.
### Serial connections
When `matrix_meshtastic_relay_connection_type` is `serial`, the host device referenced by `matrix_meshtastic_relay_serial_port` is passed through to the container. Make sure that `matrix_user_uid` / `matrix_user_gid` have read/write access to that device (e.g. by adding the matrix user to the `dialout` group, or adjusting udev rules).
### Extending the configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml` for some variables that you can customize via your `vars.yml` file. You can override individual `matrix_meshtastic_relay_*` variables, or make finer-grained adjustments via `matrix_meshtastic_relay_configuration_extension_yaml`.
## Installing
After configuring the playbook, run the playbook with [playbook tags](playbook-tags.md) as below:
<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`.
`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
## Usage
Invite the bot to the Matrix rooms listed in `matrix_meshtastic_relay_matrix_rooms_list` and it will relay between Matrix and the corresponding Meshtastic channel. Messages sent on Meshtastic will appear in Matrix and vice versa.
See the [project's wiki](https://github.com/jeremiah-k/meshtastic-matrix-relay/wiki) for details about commands, plugins and advanced usage.
## Troubleshooting
As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-meshtastic-relay`.
docs/configuring-playbook-continuwuity.md
+7
View File
@@ -46,6 +46,13 @@ Take a look at:
There are various Ansible variables that control settings in the `continuwuity.toml` file.
💡 By default, the playbook wires Continuwuity into a few playbook-wide settings:
- if `exim_relay_enabled: true` (the default), Continuwuity SMTP is automatically enabled and pointed at the [local Exim relay](configuring-playbook-email.md) service
- `matrix_continuwuity_config_well_known_client` is automatically set to the public homeserver URL in the usual SSL-enabled setup, which helps email verification and password-reset links work in delegated-domain setups
You can override any of these defaults in your `vars.yml` file if you want Continuwuity to use a different SMTP server or a different well-known client URL.
If a specific setting you'd like to change does not have a dedicated Ansible variable, you can either submit a PR to us to add it, or you can [override the setting using an environment variable](https://continuwuity.org/configuration#environment-variables) using `matrix_continuwuity_environment_variables_extension`. For example:
```yaml
docs/configuring-playbook-email.md
+1 -1
View File
@@ -23,7 +23,7 @@ The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/
1. **Final delivery capability**: Can deliver emails directly if you don't have an SMTP server
2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) thereno need to configure SMTP in each component
2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), [Continuwuity](configuring-playbook-continuwuity.md), etc.) there, with no need to configure SMTP in each component
3. **Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable
docs/configuring-playbook-matrix-rtc.md
+6
View File
@@ -38,6 +38,12 @@ matrix_rtc_enabled: true
In addition to the HTTP/HTTPS ports (which you've already exposed as per the [prerequisites](prerequisites.md) document), you'll also need to open ports required by [LiveKit Server](configuring-playbook-livekit-server.md) as described in its own [Adjusting firewall rules](configuring-playbook-livekit-server.md#adjusting-firewall-rules) section.
## Fronting the integrated reverse-proxy with another reverse-proxy
If you're [fronting the integrated reverse-proxy webserver with another reverse-proxy](configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) (e.g. nginx), it needs to forward WebSocket traffic for [LiveKit Server](configuring-playbook-livekit-server.md) at the `/livekit-server/` path. Without that, Matrix RTC calls will not work.
See [`examples/reverse-proxies/nginx/matrix.conf`](../examples/reverse-proxies/nginx/matrix.conf) for an nginx example.
## Installing
After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records) and [adjusting firewall rules](#adjusting-firewall-rules), run the playbook with [playbook tags](playbook-tags.md) as below:
docs/configuring-playbook.md
+2
View File
@@ -182,6 +182,8 @@ Bridges can be used to connect your Matrix installation with third-party communi
- [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md)
- [Setting up a Matrix <-> Meshtastic bridge](configuring-playbook-bridge-meshtastic-relay.md)
- [Setting up WeChat bridging](configuring-playbook-bridge-wechat.md)
### Bots
examples/reverse-proxies/caddy2-in-container/docker-compose.yaml
+1 -1
View File
@@ -19,7 +19,7 @@ services:
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
# - ./site:/var/www
# Other configurations …
# Other configurations …
networks:
# add this as well
examples/reverse-proxies/nginx/matrix.conf
+21
View File
@@ -22,6 +22,27 @@ server {
# if you use e.g. Etherpad on etherpad.example.com, add etherpad.example.com to the server_name list
server_name example.com matrix.example.com element.example.com;
# Required for Matrix RTC (WebSocket proxying to LiveKit Server).
# See: ../../../docs/configuring-playbook-matrix-rtc.md#fronting-the-integrated-reverse-proxy-with-another-reverse-proxy
location /livekit-server/ {
proxy_pass http://localhost:81/livekit-server/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# Long timeouts for persistent WebSocket connections
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_buffering off;
access_log /var/log/nginx/matrix.access.log;
error_log /var/log/nginx/matrix.error.log;
}
location / {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise, nginx will canonicalise the URI and cause signature verification
examples/vars.yml
+1 -1
View File
@@ -2,7 +2,7 @@
# This variable acknowledges that you've reviewed breaking changes up to this version.
# The playbook will fail if this is outdated, guiding you through what changed.
# See the changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md
matrix_playbook_migration_validated_version: v2026.04.03.0
matrix_playbook_migration_validated_version: v2026.04.24.0
# The bare domain name which represents your Matrix identity.
# Matrix user IDs for your server will be of the form (`@alice:example.com`).
group_vars/matrix_servers
+61 -20
View File
@@ -429,6 +429,13 @@ devture_systemd_service_manager_services_list_auto: |
'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot'],
}] if matrix_hookshot_enabled else [])
+
([{
'name': 'matrix-meshtastic-relay.service',
'priority': 2000,
'restart_necessary': (matrix_meshtastic_relay_restart_necessary | bool),
'groups': ['matrix', 'bridges', 'meshtastic-relay'],
}] if matrix_meshtastic_relay_enabled else [])
+
([{
'name': 'matrix-mautrix-bluesky.service',
'priority': 2000,
@@ -1936,9 +1943,6 @@ matrix_mautrix_meta_instagram_database_password: "{{ ((matrix_homeserver_generic
# We don't enable bridges by default.
matrix_mautrix_telegram_enabled: false
matrix_mautrix_telegram_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_mautrix_telegram_path_prefix: "/{{ (matrix_homeserver_generic_secret_key + ':telegram') | hash('sha512') | to_uuid }}"
matrix_mautrix_telegram_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
@@ -1946,16 +1950,9 @@ matrix_mautrix_telegram_systemd_required_services_list_auto: |
([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else [])
}}
matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default }}"
matrix_mautrix_telegram_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_container_image_registry_prefix_upstream_default }}"
# Images are multi-arch (amd64 and arm64, but not arm32).
matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_telegram_lottieconverter_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
matrix_mautrix_telegram_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9006') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_mautrix_telegram_container_network: "{{ matrix_addons_container_network }}"
@@ -1986,17 +1983,15 @@ matrix_mautrix_telegram_homeserver_token: "{{ (matrix_homeserver_generic_secret_
matrix_mautrix_telegram_homeserver_async_media: "{{ matrix_homeserver_implementation in ['synapse'] }}"
matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
matrix_mautrix_telegram_provisioning_shared_secret: "{{ (matrix_homeserver_generic_secret_key + ':mau.telegram.prov') | hash('sha512') | to_uuid }}"
matrix_mautrix_telegram_double_puppet_secrets_auto: |-
{{
({
{
matrix_mautrix_telegram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
})
}
if matrix_appservice_double_puppet_enabled
else (
{matrix_mautrix_telegram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
else {}
)
else {}
}}
matrix_mautrix_telegram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
@@ -2501,6 +2496,39 @@ matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
#
######################################################################
######################################################################
#
# matrix-bridge-meshtastic-relay
#
######################################################################
# We don't enable bridges by default.
matrix_meshtastic_relay_enabled: false
matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"
matrix_meshtastic_relay_matrix_host: "{{ matrix_domain }}"
matrix_meshtastic_relay_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
matrix_meshtastic_relay_container_network: "{{ matrix_addons_container_network }}"
matrix_meshtastic_relay_systemd_required_services_list_auto: |
{{
matrix_addons_homeserver_systemd_services_list
}}
matrix_meshtastic_relay_container_additional_networks_auto: |
{{
([] if matrix_addons_homeserver_container_network == '' or matrix_addons_homeserver_container_network == matrix_meshtastic_relay_container_network else [matrix_addons_homeserver_container_network])
}}
######################################################################
#
# /matrix-bridge-meshtastic-relay
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-steam
@@ -3681,7 +3709,7 @@ ddclient_uid: "{{ matrix_user_uid }}"
ddclient_gid: "{{ matrix_user_gid }}"
ddclient_container_image_registry_prefix: "{{ 'localhost/' if ddclient_container_image_self_build else ddclient_container_image_registry_prefix_upstream }}"
ddclient_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ddclient_docker_image_registry_prefix_upstream_default }}"
ddclient_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ddclient_container_image_registry_prefix_upstream_default }}"
ddclient_web: "https://cloudflare.com/cdn-cgi/trace"
@@ -5132,7 +5160,7 @@ matrix_ketesa_config_asManagedUsers_auto: |
+
([
'^@'+(matrix_mautrix_telegram_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
'^@'+(matrix_mautrix_telegram_username_template | regex_escape | replace('{userid}', '.+'))+':'+(matrix_domain | regex_escape)+'$',
'^@telegram_(channel-)?[0-9]+:'+(matrix_domain | regex_escape)+'$',
] if matrix_mautrix_telegram_enabled else [])
+
([
@@ -5760,6 +5788,12 @@ matrix_continuwuity_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_continuwuity_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"
matrix_continuwuity_config_well_known_client: "{{ matrix_homeserver_url if matrix_playbook_ssl_enabled else '' }}"
matrix_continuwuity_config_smtp_enabled: "{{ exim_relay_enabled }}"
matrix_continuwuity_config_smtp_connection_uri: "{{ ('smtp://' ~ exim_relay_identifier ~ ':8025') if exim_relay_enabled else '' }}"
matrix_continuwuity_config_smtp_sender: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
matrix_continuwuity_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_container_image_registry_prefix_upstream_default }}"
matrix_continuwuity_container_network: "{{ matrix_homeserver_container_network }}"
@@ -5768,6 +5802,8 @@ matrix_continuwuity_container_additional_networks_auto: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_continuwuity_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([exim_relay_container_network] if (exim_relay_enabled and matrix_continuwuity_config_smtp_enabled and matrix_continuwuity_config_smtp_connection_uri == ('smtp://' ~ exim_relay_identifier ~ ':8025') and matrix_continuwuity_container_network != exim_relay_container_network) else [])
) | unique
}}
@@ -5795,6 +5831,11 @@ matrix_continuwuity_config_turn_password: "{{ coturn_lt_cred_mech_password if (c
matrix_continuwuity_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
matrix_continuwuity_systemd_wanted_services_list_auto: |
{{
([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_continuwuity_config_smtp_enabled and matrix_continuwuity_config_smtp_connection_uri == ('smtp://' ~ exim_relay_identifier ~ ':8025')) else [])
}}
######################################################################
#
# /matrix-continuwuity
i18n/requirements.txt
+4 -4
View File
@@ -1,10 +1,10 @@
alabaster==1.0.0
babel==2.18.0
certifi==2026.2.25
certifi==2026.4.22
charset-normalizer==3.4.7
click==8.3.2
click==8.3.3
docutils==0.22.4
idna==3.11
idna==3.13
imagesize==2.0.0
Jinja2==3.1.6
linkify-it-py==2.1.0
@@ -13,7 +13,7 @@ MarkupSafe==3.0.3
mdit-py-plugins==0.5.0
mdurl==0.1.2
myst-parser==5.0.0
packaging==26.0
packaging==26.1
Pygments==2.20.0
PyYAML==6.0.3
requests==2.33.1
requirements.yml
+6 -6
View File
@@ -27,7 +27,7 @@
version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.6.1-6
version: v2.7.1-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.99.1-r0-2-0
@@ -42,10 +42,10 @@
version: v10888-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.10.1-0
version: v1.11.0-1
name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.21.0-1
version: v2.22.0-0
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: ea8c5cc750c4e23d004c9a836dfd9eda82d45ff4
@@ -63,7 +63,7 @@
version: v18-2
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v3.11.1-0
version: v3.11.2-0
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
version: v1.10.0-2
@@ -75,7 +75,7 @@
version: v0.19.1-3
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-sable.git
version: v1.13.1-0
version: v1.14.0-0
name: sable
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.5.0-0
@@ -87,7 +87,7 @@
version: v1.1.0-1
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.6.13-0
version: v3.6.14-0
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-5
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+1 -1
View File
@@ -11,7 +11,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2026.4.15
matrix_alertmanager_receiver_version: 2026.4.22
matrix_alertmanager_receiver_scheme: https
roles/custom/matrix-bot-buscarron/defaults/main.yml
+6 -10
View File
@@ -137,19 +137,15 @@ matrix_bot_buscarron_database_sslmode: disable
matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode={{ matrix_bot_buscarron_database_sslmode }}'
matrix_bot_buscarron_storage_database: "{{
{
'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container,
'postgres': matrix_bot_buscarron_database_connection_string,
}[matrix_bot_buscarron_database_engine]
}}"
matrix_bot_buscarron_storage_database: "{{ {
'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container,
'postgres': matrix_bot_buscarron_database_connection_string,
}[matrix_bot_buscarron_database_engine] }}"
matrix_bot_buscarron_database_dialect: "{{
{
matrix_bot_buscarron_database_dialect: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_bot_buscarron_database_engine]
}}"
}[matrix_bot_buscarron_database_engine] }}"
# The bot's username. This user needs to be created manually beforehand.
roles/custom/matrix-bot-go-neb/defaults/main.yml
+3 -5
View File
@@ -159,11 +159,9 @@ matrix_bot_go_neb_database_engine: 'sqlite3'
matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_go_neb_storage_database: "{{
{
'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
}[matrix_bot_go_neb_database_engine]
}}"
matrix_bot_go_neb_storage_database: "{{ {
'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
}[matrix_bot_go_neb_database_engine] }}"
# The bot's username(s). These users need to be created manually beforehand.
# The access tokens that the bot uses to authenticate.
roles/custom/matrix-bot-honoroit/defaults/main.yml
+6 -10
View File
@@ -115,19 +115,15 @@ matrix_bot_honoroit_database_sslmode: disable
matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode={{ matrix_bot_honoroit_database_sslmode }}'
matrix_bot_honoroit_storage_database: "{{
{
'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
'postgres': matrix_bot_honoroit_database_connection_string,
}[matrix_bot_honoroit_database_engine]
}}"
matrix_bot_honoroit_storage_database: "{{ {
'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
'postgres': matrix_bot_honoroit_database_connection_string,
}[matrix_bot_honoroit_database_engine] }}"
matrix_bot_honoroit_database_dialect: "{{
{
matrix_bot_honoroit_database_dialect: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_bot_honoroit_database_engine]
}}"
}[matrix_bot_honoroit_database_engine] }}"
# The bot's username. This user needs to be created manually beforehand.
roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
+4 -6
View File
@@ -72,12 +72,10 @@ matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot'
matrix_bot_matrix_reminder_bot_database_connection_string: 'postgres://{{ matrix_bot_matrix_reminder_bot_database_username }}:{{ matrix_bot_matrix_reminder_bot_database_password }}@{{ matrix_bot_matrix_reminder_bot_database_hostname }}:{{ matrix_bot_matrix_reminder_bot_database_port }}/{{ matrix_bot_matrix_reminder_bot_database_name }}'
matrix_bot_matrix_reminder_bot_storage_database: "{{
{
'sqlite': ('sqlite://' + matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container),
'postgres': matrix_bot_matrix_reminder_bot_database_connection_string,
}[matrix_bot_matrix_reminder_bot_database_engine]
}}"
matrix_bot_matrix_reminder_bot_storage_database: "{{ {
'sqlite': ('sqlite://' + matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container),
'postgres': matrix_bot_matrix_reminder_bot_database_connection_string,
}[matrix_bot_matrix_reminder_bot_database_engine] }}"
# The bot's username. This user needs to be created manually beforehand.
roles/custom/matrix-bot-maubot/defaults/main.yml
+4 -6
View File
@@ -79,12 +79,10 @@ matrix_bot_maubot_database_sslmode: disable
matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode={{ matrix_bot_maubot_database_sslmode }}
matrix_bot_maubot_database_uri: "{{
{
'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container),
'postgres': matrix_bot_maubot_database_connection_string,
}[matrix_bot_maubot_database_engine]
}}"
matrix_bot_maubot_database_uri: "{{ {
'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container),
'postgres': matrix_bot_maubot_database_connection_string,
}[matrix_bot_maubot_database_engine] }}"
# Defines the port number where the management interface is
# To actually expose the management interface outside of the container, use `matrix_bot_maubot_container_management_interface_http_bind_port`
roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
+4 -6
View File
@@ -121,12 +121,10 @@ matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'
matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}'
matrix_appservice_kakaotalk_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
'postgres': matrix_appservice_kakaotalk_database_connection_string,
}[matrix_appservice_kakaotalk_database_engine]
}}"
matrix_appservice_kakaotalk_appservice_database: "{{ {
'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
'postgres': matrix_appservice_kakaotalk_database_connection_string,
}[matrix_appservice_kakaotalk_database_engine] }}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
+6 -10
View File
@@ -92,17 +92,13 @@ matrix_beeper_linkedin_database_sslmode: disable
matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode={{ matrix_beeper_linkedin_database_sslmode }}'
matrix_beeper_linkedin_appservice_database_type: "{{
{
'postgres':'postgres',
}[matrix_beeper_linkedin_database_engine]
}}"
matrix_beeper_linkedin_appservice_database_type: "{{ {
'postgres': 'postgres',
}[matrix_beeper_linkedin_database_engine] }}"
matrix_beeper_linkedin_appservice_database_uri: "{{
{
'postgres': matrix_beeper_linkedin_database_connection_string,
}[matrix_beeper_linkedin_database_engine]
}}"
matrix_beeper_linkedin_appservice_database_uri: "{{ {
'postgres': matrix_beeper_linkedin_database_connection_string,
}[matrix_beeper_linkedin_database_engine] }}"
matrix_beeper_linkedin_bridge_login_shared_secret_map: "{{ matrix_beeper_linkedin_bridge_login_shared_secret_map_auto | combine(matrix_beeper_linkedin_bridge_login_shared_secret_map_custom) }}"
matrix_beeper_linkedin_bridge_login_shared_secret_map_auto: {}
roles/custom/matrix-bridge-mautrix-bluesky/defaults/main.yml
+3 -5
View File
@@ -122,11 +122,9 @@ matrix_mautrix_bluesky_database_sslmode: disable
matrix_mautrix_bluesky_database_connection_string: 'postgres://{{ matrix_mautrix_bluesky_database_username }}:{{ matrix_mautrix_bluesky_database_password }}@{{ matrix_mautrix_bluesky_database_hostname }}:{{ matrix_mautrix_bluesky_database_port }}/{{ matrix_mautrix_bluesky_database_name }}?sslmode={{ matrix_mautrix_bluesky_database_sslmode }}'
matrix_mautrix_bluesky_database_uri: "{{
{
'postgres': matrix_mautrix_bluesky_database_connection_string,
}[matrix_mautrix_bluesky_database_engine]
}}"
matrix_mautrix_bluesky_database_uri: "{{ {
'postgres': matrix_mautrix_bluesky_database_connection_string,
}[matrix_mautrix_bluesky_database_engine] }}"
matrix_mautrix_bluesky_double_puppet_secrets: "{{ matrix_mautrix_bluesky_double_puppet_secrets_auto | combine(matrix_mautrix_bluesky_double_puppet_secrets_custom) }}"
matrix_mautrix_bluesky_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+8 -12
View File
@@ -161,19 +161,15 @@ matrix_mautrix_discord_database_sslmode: disable
matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode={{ matrix_mautrix_discord_database_sslmode }}'
matrix_mautrix_discord_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_discord_database_engine]
}}"
matrix_mautrix_discord_appservice_database_type: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_mautrix_discord_database_engine] }}"
matrix_mautrix_discord_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container,
'postgres': matrix_mautrix_discord_database_connection_string,
}[matrix_mautrix_discord_database_engine]
}}"
matrix_mautrix_discord_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container,
'postgres': matrix_mautrix_discord_database_connection_string,
}[matrix_mautrix_discord_database_engine] }}"
matrix_mautrix_discord_bridge_login_shared_secret_map: "{{ matrix_mautrix_discord_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_discord_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_discord_bridge_login_shared_secret_map_auto: {}
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+9 -13
View File
@@ -18,7 +18,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.2602.0
matrix_mautrix_gmessages_version: v0.2604.0
# See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_container_image: "{{ matrix_mautrix_gmessages_container_image_registry_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -141,19 +141,15 @@ matrix_mautrix_gmessages_database_sslmode: disable
matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode={{ matrix_mautrix_gmessages_database_sslmode }}'
matrix_mautrix_gmessages_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_gmessages_database_engine]
}}"
matrix_mautrix_gmessages_appservice_database_type: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_mautrix_gmessages_database_engine] }}"
matrix_mautrix_gmessages_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
'postgres': matrix_mautrix_gmessages_database_connection_string,
}[matrix_mautrix_gmessages_database_engine]
}}"
matrix_mautrix_gmessages_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
'postgres': matrix_mautrix_gmessages_database_connection_string,
}[matrix_mautrix_gmessages_database_engine] }}"
matrix_mautrix_gmessages_double_puppet_secrets: "{{ matrix_mautrix_gmessages_double_puppet_secrets_auto | combine(matrix_mautrix_gmessages_double_puppet_secrets_custom) }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
+4 -6
View File
@@ -146,12 +146,10 @@ matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_connection_string: 'postgres://{{ matrix_mautrix_googlechat_database_username }}:{{ matrix_mautrix_googlechat_database_password }}@{{ matrix_mautrix_googlechat_database_hostname }}:{{ matrix_mautrix_googlechat_database_port }}/{{ matrix_mautrix_googlechat_database_name }}'
matrix_mautrix_googlechat_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
'postgres': matrix_mautrix_googlechat_database_connection_string,
}[matrix_mautrix_googlechat_database_engine]
}}"
matrix_mautrix_googlechat_appservice_database: "{{ {
'sqlite': ('sqlite:///' + matrix_mautrix_googlechat_sqlite_database_path_in_container),
'postgres': matrix_mautrix_googlechat_database_connection_string,
}[matrix_mautrix_googlechat_database_engine] }}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+1 -1
View File
@@ -20,7 +20,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.2602.0
matrix_mautrix_meta_instagram_version: v0.2604.0
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+1 -1
View File
@@ -20,7 +20,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.2602.0
matrix_mautrix_meta_messenger_version: v0.2604.0
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+8 -12
View File
@@ -172,19 +172,15 @@ matrix_mautrix_signal_database_sslmode: disable
matrix_mautrix_signal_database_connection_string: 'postgresql://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}?sslmode={{ matrix_mautrix_signal_database_sslmode }}'
matrix_mautrix_signal_appservice_database_type: "{{
{
'sqlite': 'sqlite3-fk-wal',
'postgres':'postgres',
}[matrix_mautrix_signal_database_engine]
}}"
matrix_mautrix_signal_appservice_database_type: "{{ {
'sqlite': 'sqlite3-fk-wal',
'postgres': 'postgres',
}[matrix_mautrix_signal_database_engine] }}"
matrix_mautrix_signal_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_signal_sqlite_database_path_in_container,
'postgres': matrix_mautrix_signal_database_connection_string,
}[matrix_mautrix_signal_database_engine]
}}"
matrix_mautrix_signal_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_signal_sqlite_database_path_in_container,
'postgres': matrix_mautrix_signal_database_connection_string,
}[matrix_mautrix_signal_database_engine] }}"
matrix_mautrix_signal_double_puppet_secrets: "{{ matrix_mautrix_signal_double_puppet_secrets_auto | combine(matrix_mautrix_signal_double_puppet_secrets_custom) }}"
matrix_mautrix_signal_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
+9 -13
View File
@@ -17,7 +17,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.2603.0
matrix_mautrix_slack_version: v0.2604.0
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_container_image: "{{ matrix_mautrix_slack_container_image_registry_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else matrix_mautrix_slack_container_image_registry_prefix_upstream }}"
@@ -123,19 +123,15 @@ matrix_mautrix_slack_database_sslmode: disable
matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode={{ matrix_mautrix_slack_database_sslmode }}'
matrix_mautrix_slack_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_slack_database_engine]
}}"
matrix_mautrix_slack_appservice_database_type: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_mautrix_slack_database_engine] }}"
matrix_mautrix_slack_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
'postgres': matrix_mautrix_slack_database_connection_string,
}[matrix_mautrix_slack_database_engine]
}}"
matrix_mautrix_slack_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
'postgres': matrix_mautrix_slack_database_connection_string,
}[matrix_mautrix_slack_database_engine] }}"
matrix_mautrix_slack_double_puppet_secrets: "{{ matrix_mautrix_slack_double_puppet_secrets_auto | combine(matrix_mautrix_slack_double_puppet_secrets_custom) }}"
matrix_mautrix_slack_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+83 -97
View File
@@ -1,5 +1,5 @@
# SPDX-FileCopyrightText: 2019 - 2024 MDAD project contributors
# SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2019 - 2026 Slavi Pantaleev
# SPDX-FileCopyrightText: 2020 Johanna Dorothea Reichmann
# SPDX-FileCopyrightText: 2020 Marcel Partap
# SPDX-FileCopyrightText: 2021 Aaron Raimist
@@ -21,27 +21,13 @@
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_scheme: https
matrix_mautrix_telegram_hostname: ''
matrix_mautrix_telegram_path_prefix: ''
matrix_mautrix_telegram_lottieconverter_container_image_self_build: false
matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
matrix_mautrix_telegram_lottieconverter_container_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_mautrix_telegram_lottieconverter_container_repo_version: "master"
matrix_mautrix_telegram_lottieconverter_container_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_mautrix_telegram_lottieconverter_container_image: "{{ matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix }}tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_lottieconverter_container_image_self_build else matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream }}"
matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream: "{{ matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default }}"
matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default: "dock.mau.dev/"
matrix_mautrix_telegram_container_image_self_build: false
matrix_mautrix_telegram_container_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_container_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_container_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_container_image_self_build_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
matrix_mautrix_telegram_version: v0.15.3
matrix_mautrix_telegram_version: v0.2604.0
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_container_image: "{{ matrix_mautrix_telegram_container_image_registry_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else matrix_mautrix_telegram_container_image_registry_prefix_upstream }}"
@@ -52,30 +38,7 @@ matrix_mautrix_telegram_container_image_force_pull: "{{ matrix_mautrix_telegram_
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config"
matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data"
matrix_mautrix_telegram_command_prefix: "!tg"
matrix_mautrix_telegram_bridge_permissions: |
{{
{'*': 'relaybot', matrix_mautrix_telegram_homeserver_domain: 'full'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Get your own API keys at https://my.telegram.org/apps
matrix_mautrix_telegram_api_id: ''
matrix_mautrix_telegram_api_hash: ''
matrix_mautrix_telegram_bot_token: disabled
# Define the filter-mode
matrix_mautrix_telegram_filter_mode: "blacklist"
# Whether or not the public-facing endpoints should be enabled (web-based login)
matrix_mautrix_telegram_appservice_public_enabled: true
# Mautrix telegram public endpoint to log in to telegram
# Use an uuid so it's not easily discoverable.
# Example: /741a0483-ba17-4682-9900-30bd7269f1cc
matrix_mautrix_telegram_public_endpoint: "{{ matrix_mautrix_telegram_path_prefix }}"
matrix_mautrix_telegram_container_src_files_path: "{{ matrix_mautrix_telegram_base_path }}/docker-src"
matrix_mautrix_telegram_homeserver_address: ""
matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
@@ -83,23 +46,15 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
# Requires a homeserver that supports MSC2246 (https://github.com/matrix-org/matrix-spec-proposals/pull/2246).
matrix_mautrix_telegram_homeserver_async_media: false
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
matrix_mautrix_telegram_appservice_public_external: '{{ matrix_mautrix_telegram_scheme }}://{{ matrix_mautrix_telegram_hostname }}{{ matrix_mautrix_telegram_public_endpoint }}'
matrix_mautrix_telegram_appservice_bot_username: telegrambot
matrix_mautrix_telegram_msc4190_enabled: "{{ matrix_bridges_msc4190_enabled }}"
matrix_mautrix_telegram_self_sign_enabled: "{{ matrix_bridges_self_sign_enabled }}"
# Specifies the default log level for all bridge loggers.
matrix_mautrix_telegram_logging_level: WARNING
matrix_mautrix_telegram_command_prefix: "!tg"
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_mautrix_telegram_federate_rooms: true
# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
matrix_mautrix_telegram_container_http_host_bind_port: ''
# Get your own API keys at https://my.telegram.org/apps
matrix_mautrix_telegram_api_id: ''
matrix_mautrix_telegram_api_hash: ''
matrix_mautrix_telegram_container_network: ""
@@ -116,16 +71,6 @@ matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_maut
matrix_mautrix_telegram_container_labels_traefik_entrypoints: web-secure
matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose mautrix-telegram's public endpoint
matrix_mautrix_telegram_container_labels_public_endpoint_enabled: "{{ matrix_mautrix_telegram_appservice_public_enabled }}"
matrix_mautrix_telegram_container_labels_public_endpoint_hostname: "{{ matrix_mautrix_telegram_hostname }}"
matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix: "{{ matrix_mautrix_telegram_path_prefix }}"
matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule: "Host(`{{ matrix_mautrix_telegram_container_labels_public_endpoint_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix }}`)"
matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority: 0
matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints: "{{ matrix_mautrix_telegram_container_labels_traefik_entrypoints }}"
matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls: "{{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints != 'web' }}"
matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver: "{{ matrix_mautrix_telegram_container_labels_traefik_tls_certResolver }}" # noqa var-naming
# Controls whether labels will be added that expose mautrix-telegram's metrics
matrix_mautrix_telegram_container_labels_metrics_enabled: "{{ matrix_mautrix_telegram_metrics_enabled and matrix_mautrix_telegram_metrics_proxying_enabled }}"
matrix_mautrix_telegram_container_labels_metrics_traefik_rule: "Host(`{{ matrix_mautrix_telegram_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_mautrix_telegram_metrics_proxying_path_prefix }}`)"
@@ -161,14 +106,22 @@ matrix_mautrix_telegram_systemd_wanted_services_list: []
matrix_mautrix_telegram_appservice_token: ''
matrix_mautrix_telegram_homeserver_token: ''
matrix_mautrix_telegram_provisioning_shared_secret: disable
matrix_mautrix_telegram_appservice_bot_username: telegrambot
# Minimum severity of journal log messages.
# Valid values: fatal, error, warn, info, debug, trace
matrix_mautrix_telegram_logging_level: 'warn'
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_mautrix_telegram_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_telegram_metrics_proxying_enabled`.
matrix_mautrix_telegram_metrics_enabled: false
# Controls whether metrics should be exposed on a public URL.
# Controls whether metrics should be proxied (exposed) on a public URL
matrix_mautrix_telegram_metrics_proxying_enabled: false
matrix_mautrix_telegram_metrics_proxying_hostname: ''
matrix_mautrix_telegram_metrics_proxying_path_prefix: ''
@@ -190,21 +143,67 @@ matrix_mautrix_telegram_database_password: 'some-password'
matrix_mautrix_telegram_database_hostname: ''
matrix_mautrix_telegram_database_port: 5432
matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram'
matrix_mautrix_telegram_database_sslmode: disable
matrix_mautrix_telegram_database_connection_string: 'postgres://{{ matrix_mautrix_telegram_database_username }}:{{ matrix_mautrix_telegram_database_password }}@{{ matrix_mautrix_telegram_database_hostname }}:{{ matrix_mautrix_telegram_database_port }}/{{ matrix_mautrix_telegram_database_name }}'
matrix_mautrix_telegram_database_connection_string: 'postgresql://{{ matrix_mautrix_telegram_database_username }}:{{ matrix_mautrix_telegram_database_password }}@{{ matrix_mautrix_telegram_database_hostname }}:{{ matrix_mautrix_telegram_database_port }}/{{ matrix_mautrix_telegram_database_name }}?sslmode={{ matrix_mautrix_telegram_database_sslmode }}'
matrix_mautrix_telegram_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_mautrix_telegram_sqlite_database_path_in_container),
'postgres': matrix_mautrix_telegram_database_connection_string,
}[matrix_mautrix_telegram_database_engine]
}}"
matrix_mautrix_telegram_appservice_database_type: "{{ {
'sqlite': 'sqlite3-fk-wal',
'postgres': 'postgres',
}[matrix_mautrix_telegram_database_engine] }}"
matrix_mautrix_telegram_bridge_login_shared_secret_map: "{{ matrix_mautrix_telegram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_telegram_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_telegram_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_telegram_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_telegram_sqlite_database_path_in_container,
'postgres': matrix_mautrix_telegram_database_connection_string,
}[matrix_mautrix_telegram_database_engine] }}"
# Default configuration template which covers the generic use case.
matrix_mautrix_telegram_double_puppet_secrets: "{{ matrix_mautrix_telegram_double_puppet_secrets_auto | combine(matrix_mautrix_telegram_double_puppet_secrets_custom) }}"
matrix_mautrix_telegram_double_puppet_secrets_auto: {}
matrix_mautrix_telegram_double_puppet_secrets_custom: {}
# Displayname template for Telegram users.
# Available variables:
# {{ .FullName }} - the full name of the Telegram user
# {{ .FirstName }} - the first name of the Telegram user
# {{ .LastName }} - the last name of the Telegram user
# {{ .Username }} - the primary username of the Telegram user, if the user has one
# {{ .UserID }} - the internal user ID of the Telegram user
# {{ .Deleted }} - true if the user has been deleted, false otherwise
matrix_mautrix_telegram_network_displayname_template: '{% raw %}{{ if .Deleted }}Deleted account {{ .UserID }}{{ else }}{{ .FullName }}{{ end }}{% endraw %}'
# Enable End-to-bridge encryption
matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_telegram_bridge_encryption_require: false
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
# This pickle key value is backward-compatible with the legacy (Python) bridge.
# See: https://mau.dev/mautrix/telegram/-/blob/v0.2604.0/cmd/mautrix-telegram/legacymigrate.go
matrix_mautrix_telegram_bridge_encryption_pickle_key: mautrix.bridge.e2ee
matrix_mautrix_telegram_bridge_personal_filtering_spaces: true
matrix_mautrix_telegram_provisioning_shared_secret: ''
matrix_mautrix_telegram_public_media_signing_key: ''
matrix_mautrix_telegram_bridge_permissions: |
{{
{'*': 'relay', matrix_mautrix_telegram_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Enable bridge relay functionality
matrix_mautrix_telegram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
# Only allow admins on this home server to set themselves as a relay user
matrix_mautrix_telegram_bridge_relay_admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
matrix_mautrix_telegram_bridge_relay_default_relays: []
# Controls whether to do backfilling at all.
matrix_mautrix_telegram_backfill_enabled: true
# Default mautrix-telegram configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
@@ -228,37 +227,24 @@ matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration
matrix_mautrix_telegram_registration_yaml: |
id: telegram
url: {{ matrix_mautrix_telegram_appservice_address }}
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- exclusive: true
regex: '^@{{ matrix_mautrix_telegram_username_template | replace('{userid}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
aliases:
- exclusive: true
regex: '^#{{ matrix_mautrix_telegram_alias_template | replace('{groupname}', '.+') }}:{{ matrix_mautrix_telegram_homeserver_domain | regex_escape }}$'
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
receive_ephemeral: true
io.element.msc4190: {{ matrix_mautrix_telegram_msc4190_enabled | to_json }}
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"
# Templates for defining MXID's and displaynames for users and rooms.
matrix_mautrix_telegram_username_template: 'telegram_{userid}'
matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
# Enable End-to-bridge encryption
matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
# matrix_mautrix_telegram_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+42 -53
View File
@@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2018 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2018 - 2026 Slavi Pantaleev
# SPDX-FileCopyrightText: 2018 Hugues Morisset
# SPDX-FileCopyrightText: 2019 Aaron Raimist
# SPDX-FileCopyrightText: 2019 Dan Arnfield
@@ -20,6 +20,40 @@
- ansible.builtin.set_fact:
matrix_mautrix_telegram_migration_requires_restart: false
# The legacy Python bridge stored its SQLite DB at `{base_path}/mautrix-telegram.db` (the role's
# root). Later, we started relocating it to `{base_path}/data/mautrix-telegram.db`. The sqlite→
# postgres migration below only knows about the new path, so if the DB is still at the legacy
# location, move it to the new location first — otherwise users who follow the changelog and
# switch to Postgres wouldn't actually get their data imported before the service starts.
- name: Check if a legacy-location SQLite database exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
register: matrix_mautrix_telegram_stat_database_legacy_location
- when: matrix_mautrix_telegram_stat_database_legacy_location.stat.exists | bool
block:
- name: Ensure matrix-mautrix-telegram.service is stopped before relocating legacy SQLite DB
ansible.builtin.service:
name: matrix-mautrix-telegram
state: stopped
enabled: false
daemon_reload: true
failed_when: false
- name: Ensure data directory exists for legacy SQLite DB relocation
ansible.builtin.file:
path: "{{ matrix_mautrix_telegram_data_path }}"
state: directory
mode: '0750'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
- name: (Data relocation) Move mautrix-telegram SQLite DB from legacy location to data directory
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
creates: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
removes: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
- when: "matrix_mautrix_telegram_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
@@ -40,6 +74,7 @@
engine_variable_name: 'matrix_mautrix_telegram_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-telegram.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.set_fact:
matrix_mautrix_telegram_migration_requires_restart: true
@@ -70,41 +105,18 @@
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: matrix_mautrix_telegram_container_image_pull_result is not failed
- name: Ensure lottieconverter is present when self-building
- name: Ensure Mautrix Telegram repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_telegram_lottieconverter_container_repo }}"
version: "{{ matrix_mautrix_telegram_lottieconverter_container_repo_version }}"
dest: "{{ matrix_mautrix_telegram_lottieconverter_container_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
register: matrix_mautrix_telegram_lottieconverter_git_pull_results
when: "matrix_mautrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure lottieconverter Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_telegram_lottieconverter_container_image }}"
source: build
force_source: "{{ matrix_mautrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_lottieconverter_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_telegram_lottieconverter_container_src_files_path }}"
pull: true
when: "matrix_mautrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure matrix-mautrix-telegram repository is present when self-building
ansible.builtin.git:
repo: "{{ matrix_mautrix_telegram_container_repo }}"
version: "{{ matrix_mautrix_telegram_container_repo_version }}"
repo: "{{ matrix_mautrix_telegram_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_telegram_container_src_files_path }}"
version: "{{ matrix_mautrix_telegram_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
register: matrix_mautrix_telegram_git_pull_results
when: "matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure matrix-mautrix-telegram Docker image is built
- name: Ensure Mautrix Telegram Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_telegram_container_image }}"
source: build
@@ -113,31 +125,8 @@
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_telegram_container_src_files_path }}"
pull: "{{ not matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch | bool }}"
args:
TARGETARCH: ""
when: "matrix_mautrix_telegram_container_image_self_build | bool and matrix_mautrix_telegram_git_pull_results.changed"
- name: Check if an old database file already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
register: matrix_mautrix_telegram_stat_database
- name: (Data relocation) Ensure matrix-mautrix-telegram.service is stopped
ansible.builtin.service:
name: matrix-mautrix-telegram
state: stopped
enabled: false
daemon_reload: true
failed_when: false
when: "matrix_mautrix_telegram_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-telegram database file to ./data directory
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
creates: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
removes: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
when: "matrix_mautrix_telegram_stat_database.stat.exists"
pull: true
when: "matrix_mautrix_telegram_container_image_self_build | bool"
- name: Ensure mautrix-telegram config.yaml installed
ansible.builtin.copy:
roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml
+102 -23
View File
@@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2019 - 2026 Slavi Pantaleev
# SPDX-FileCopyrightText: 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2025 Suguru Hirahara
#
@@ -13,34 +13,72 @@
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
with_items:
- {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_telegram_container_http_host_bind_port>'}
- {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build', 'new': 'matrix_mautrix_telegram_container_image_self_build'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build_mask_arch', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch'}
- {'old': 'matrix_mautrix_telegram_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_name_prefix', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix'}
- {'old': 'matrix_mautrix_telegram_docker_image_name_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build'}
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo_version', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo_version'}
- {'old': 'matrix_telegram_lottieconverter_docker_src_files_path', 'new': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path'}
- {'old': 'matrix_telegram_lottieconverter_docker_image', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image'}
- {'old': 'matrix_mautrix_telegram_docker_repo', 'new': 'matrix_mautrix_telegram_container_repo'}
- {'old': 'matrix_mautrix_telegram_docker_repo_version', 'new': 'matrix_mautrix_telegram_container_repo_version'}
- {'old': 'matrix_mautrix_telegram_docker_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
- {'old': 'matrix_mautrix_telegram_docker_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
- {'old': 'matrix_mautrix_telegram_docker_src_files_path', 'new': 'matrix_mautrix_telegram_container_src_files_path'}
- {'old': 'matrix_mautrix_telegram_docker_image', 'new': 'matrix_mautrix_telegram_container_image'}
- {'old': 'matrix_mautrix_telegram_docker_image_force_pull', 'new': 'matrix_mautrix_telegram_container_image_force_pull'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream'}
- {'old': 'matrix_mautrix_telegram_docker_image_registry_prefix_upstream_default', 'new': 'matrix_mautrix_telegram_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default', 'new': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo_version', 'new': 'matrix_mautrix_telegram_lottieconverter_container_repo_version'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_src_files_path', 'new': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path'}
- {'old': 'matrix_mautrix_telegram_container_repo', 'new': 'matrix_mautrix_telegram_container_image_self_build_repo'}
- {'old': 'matrix_mautrix_telegram_container_repo_version', 'new': 'matrix_mautrix_telegram_container_image_self_build_branch'}
# Variables removed in the bridgev2 (Go) rewrite — mautrix-telegram no longer has a Python runtime,
# a separate lottieconverter container or a web-based login endpoint.
- {'old': 'matrix_mautrix_telegram_scheme', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_public_endpoint', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_appservice_public_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_appservice_public_external', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_enabled', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_hostname', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_path_prefix', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_container_http_host_bind_port', 'new': '<removed (the bridge no longer has a public web-based login endpoint)>'}
- {'old': 'matrix_mautrix_telegram_filter_mode', 'new': '<removed (not available in the bridgev2 rewrite of mautrix-telegram)>'}
- {'old': 'matrix_mautrix_telegram_bot_token', 'new': '<removed; the old-style relaybot is gone — use the common bridge relay mode (matrix_mautrix_telegram_bridge_relay_enabled) instead>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_auto', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_auto>'}
- {'old': 'matrix_mautrix_telegram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_telegram_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_telegram_username_template', 'new': '<removed (no longer configurable via a single variable; use matrix_mautrix_telegram_configuration_extension_yaml if needed)>'}
- {'old': 'matrix_mautrix_telegram_alias_template', 'new': '<removed (room aliases are no longer created by the bridgev2 rewrite of mautrix-telegram)>'}
- {'old': 'matrix_mautrix_telegram_displayname_template', 'new': '<superseded by matrix_mautrix_telegram_network_displayname_template (note: the syntax has changed to Go templates)>'}
- {'old': 'matrix_mautrix_telegram_appservice_database', 'new': '<superseded by matrix_mautrix_telegram_appservice_database_uri>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
# Historical lottieconverter aliases from before the _docker_ → _container_ rename:
- {'old': 'matrix_mautrix_telegram_lottieconverter_container_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_name_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_mautrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
# Even older aliases (no `_mautrix` infix):
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_container_image_self_build_mask_arch', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_repo_version', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_src_files_path', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- {'old': 'matrix_telegram_lottieconverter_docker_image', 'new': '<removed (lottieconverter is now bundled into the mautrix-telegram image)>'}
- name: Fail if required mautrix-telegram settings not defined
ansible.builtin.fail:
@@ -48,11 +86,8 @@
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
with_items:
- {'name': 'matrix_mautrix_telegram_hostname', when: true}
- {'name': 'matrix_mautrix_telegram_path_prefix', when: true}
- {'name': 'matrix_mautrix_telegram_api_id', when: true}
- {'name': 'matrix_mautrix_telegram_api_hash', when: true}
- {'name': 'matrix_mautrix_telegram_public_endpoint', when: true}
- {'name': 'matrix_mautrix_telegram_appservice_token', when: true}
- {'name': 'matrix_mautrix_telegram_homeserver_address', when: true}
- {'name': 'matrix_mautrix_telegram_homeserver_token', when: true}
@@ -60,3 +95,47 @@
- {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"}
- {'name': 'matrix_mautrix_telegram_metrics_proxying_hostname', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
- {'name': 'matrix_mautrix_telegram_metrics_proxying_path_prefix', when: "{{ matrix_mautrix_telegram_metrics_proxying_enabled }}"}
# Temporary workaround for an upstream SQLite legacy-migration bug in mautrix-telegram v0.2604.0.
# See the separate task file for details; the whole file (and this include) can be deleted once
# upstream ships a release that fixes the bug.
- name: Guard against the upstream mautrix-telegram v0.2604.0 SQLite legacy-migration bug
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config_sqlite_legacy_migration_bug.yml"
when:
- "matrix_mautrix_telegram_database_engine == 'sqlite'"
- "not (matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed | default(false) | bool)"
# Bridgev2 permission values are: block, relay, commands, user, admin.
# The old Python bridge had different levels (relaybot, user, puppeting, full, admin).
# `user` and `admin` still exist in both but with different semantics (the new `user` is
# equivalent to the old `full`/`puppeting`). `relaybot`, `puppeting` and `full` don't exist
# in bridgev2 and will cause the bridge to reject its config at startup.
#
# We check the fully-merged configuration (not just `matrix_mautrix_telegram_bridge_permissions`)
# because users commonly override permissions via `matrix_mautrix_telegram_configuration_extension_yaml`,
# and those overrides would otherwise slip through validation.
- name: Fail if bridge permissions still reference legacy Python-bridge permission levels
ansible.builtin.fail:
msg: |-
Your final mautrix-telegram configuration contains a `bridge.permissions` entry with
value `{{ item.value }}` (for `{{ item.key }}`). This was a permission level in the legacy
(Python) mautrix-telegram bridge but is not valid in the bridgev2 rewrite shipped in v0.2604.0
— the bridge would reject this at startup.
Valid values are: `relay`, `commands`, `user`, `admin` (plus `block`).
Rough mapping from the old levels:
relaybot -> relay
user -> user (semantics changed: this now grants full puppeting, like the old `full`)
puppeting -> user
full -> user
admin -> admin
See https://docs.mau.fi/bridges/general/permissions.html and the bridge's example config
for details. Update either `matrix_mautrix_telegram_bridge_permissions` or the `bridge.permissions`
section inside `matrix_mautrix_telegram_configuration_extension_yaml` — whichever you use.
when: "item.value in ['relaybot', 'puppeting', 'full']"
loop: "{{ (matrix_mautrix_telegram_configuration.bridge.permissions | default({})) | dict2items }}"
loop_control:
label: "{{ item.key }}"
roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config_sqlite_legacy_migration_bug.yml
+99
View File
@@ -0,0 +1,99 @@
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# ###########################################################################
# TEMPORARY — delete this file (and its include in `validate_config.yml`)
# once upstream mautrix-telegram ships a release that fixes the SQLite
# legacy-migration bug introduced in v0.2604.0.
#
# Upstream warning:
# "Migration of SQLite databases has a known bug. If you're upgrading a
# legacy bridge that uses SQLite, use the main branch or wait for the
# next release"
# — https://github.com/mautrix/telegram/releases/tag/v0.2604.0
#
# We specifically want to block upgrades of the *legacy* Python-bridge
# SQLite databases; fresh bridgev2 SQLite databases (or already-migrated
# ones) must still be allowed.
#
# The cheapest reliable signature of a legacy Python-bridge DB is the
# presence of the `telethon_sessions` table (the Python bridge's
# Telethon-session store, which upstream's legacymigrate.sql renames to
# `telethon_sessions_old` as part of the bridgev2 migration).
#
# Users can bypass this via `matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed: true`.
# ###########################################################################
- name: Check for an existing mautrix-telegram SQLite database (legacy location)
ansible.builtin.stat:
path: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
register: matrix_mautrix_telegram_sqlite_legacy_path_stat
- name: Check for an existing mautrix-telegram SQLite database (data path)
ansible.builtin.stat:
path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
register: matrix_mautrix_telegram_sqlite_data_path_stat
- name: Inspect SQLite database for the legacy Python-bridge schema signature
ansible.builtin.command:
argv:
- python3
- -c
- |
import sqlite3, sys
try:
conn = sqlite3.connect("file:" + sys.argv[1] + "?mode=ro", uri=True)
cur = conn.execute(
"SELECT name FROM sqlite_master "
"WHERE type='table' AND name='telethon_sessions'"
)
sys.exit(1 if cur.fetchone() else 0)
except Exception:
sys.exit(0)
- "{{ matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.path if matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists else matrix_mautrix_telegram_sqlite_data_path_stat.stat.path }}"
register: matrix_mautrix_telegram_sqlite_legacy_check
changed_when: false
failed_when: false
when: >-
matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists
or matrix_mautrix_telegram_sqlite_data_path_stat.stat.exists
- name: Fail if upgrading a legacy SQLite install (upstream has a known migration bug)
ansible.builtin.fail:
msg: |-
A legacy Python mautrix-telegram SQLite database was detected at
`{{ matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.path if matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists else matrix_mautrix_telegram_sqlite_data_path_stat.stat.path }}`
(it contains the `telethon_sessions` table from the Python bridge).
Upstream mautrix-telegram v0.2604.0 has a **known bug** in the legacy SQLite
database migration (see the warning on the release page:
https://github.com/mautrix/telegram/releases/tag/v0.2604.0).
Running this upgrade against a legacy SQLite database is very likely to corrupt your data.
Recommended options:
1. Switch to Postgres before upgrading. If you're using the playbook-managed Postgres
service (`postgres_enabled: true`), just set:
matrix_mautrix_telegram_database_engine: postgres
and re-run the playbook. The playbook will migrate your SQLite data into Postgres
first (via pgloader), and upstream's bridgev2 migration path is known to work on
Postgres.
2. Wait for the next upstream mautrix-telegram release, which is expected to fix the
SQLite migration bug.
If you're sure you want to proceed anyway (for example because you have a separate
backup), you can bypass this check by setting:
matrix_mautrix_telegram_bridgev2_sqlite_upgrade_confirmed: true
in your vars.yml. Only use the override if you know what you're doing.
when: >-
(matrix_mautrix_telegram_sqlite_legacy_path_stat.stat.exists
or matrix_mautrix_telegram_sqlite_data_path_stat.stat.exists)
and (matrix_mautrix_telegram_sqlite_legacy_check.rc | default(0)) == 1
roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+485 -618
View File
File diff suppressed because it is too large Load Diff
roles/custom/matrix-bridge-mautrix-telegram/templates/labels.j2
+2 -33
View File
@@ -1,5 +1,5 @@
{#
SPDX-FileCopyrightText: 2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2024 - 2026 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
#}
@@ -11,36 +11,7 @@ traefik.enable=true
traefik.docker.network={{ matrix_mautrix_telegram_container_labels_traefik_docker_network }}
{% endif %}
{% if matrix_mautrix_telegram_container_labels_public_endpoint_enabled %}
############################################################
# #
# Public #
# #
############################################################
traefik.http.services.matrix-mautrix-telegram-appservice.loadbalancer.server.port=8080
traefik.http.routers.matrix-mautrix-telegram-public.rule={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_rule }}
{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority | int > 0 %}
traefik.http.routers.matrix-mautrix-telegram-public.priority={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-mautrix-telegram-public.service=matrix-mautrix-telegram-appservice
traefik.http.routers.matrix-mautrix-telegram-public.entrypoints={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_entrypoints }}
traefik.http.routers.matrix-mautrix-telegram-public.tls={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls | to_json }}
{% if matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls %}
traefik.http.routers.matrix-mautrix-telegram-public.tls.certResolver={{ matrix_mautrix_telegram_container_labels_public_endpoint_traefik_tls_certResolver }}
{% endif %}
############################################################
# #
# /Public #
# #
############################################################
{% endif %}
traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8001
{% if matrix_mautrix_telegram_container_labels_metrics_enabled %}
############################################################
@@ -49,8 +20,6 @@ traefik.http.routers.matrix-mautrix-telegram-public.tls.certResolver={{ matrix_m
# #
############################################################
traefik.http.services.matrix-mautrix-telegram-metrics.loadbalancer.server.port=8000
{% if matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled %}
traefik.http.middlewares.matrix-mautrix-telegram-metrics-basic-auth.basicauth.users={{ matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users }}
traefik.http.routers.matrix-mautrix-telegram-metrics.middlewares=matrix-mautrix-telegram-metrics-basic-auth
roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
+2 -4
View File
@@ -23,17 +23,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_mautrix_telegram_container_network }} \
{% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %}
-p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \
{% endif %}
--mount type=bind,src={{ matrix_mautrix_telegram_config_path }},dst=/config \
--mount type=bind,src={{ matrix_mautrix_telegram_data_path }},dst=/data \
--label-file={{ matrix_mautrix_telegram_base_path }}/labels \
--workdir=/data \
{% for arg in matrix_mautrix_telegram_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_telegram_container_image }} \
python3 -m mautrix_telegram -c /config/config.yaml --no-update
/usr/bin/mautrix-telegram -c /config/config.yaml -r /config/registration.yaml --no-update
{% for network in matrix_mautrix_telegram_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-telegram
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+4 -6
View File
@@ -22,7 +22,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
matrix_mautrix_twitter_version: v0.2603.0
matrix_mautrix_twitter_version: v0.2604.0
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_container_image: "{{ matrix_mautrix_twitter_container_image_registry_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_container_image_registry_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else matrix_mautrix_twitter_container_image_registry_prefix_upstream }}"
@@ -130,11 +130,9 @@ matrix_mautrix_twitter_database_sslmode: disable
matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}?sslmode={{ matrix_mautrix_twitter_database_sslmode }}'
matrix_mautrix_twitter_database_uri: "{{
{
'postgres': matrix_mautrix_twitter_database_connection_string,
}[matrix_mautrix_twitter_database_engine]
}}"
matrix_mautrix_twitter_database_uri: "{{ {
'postgres': matrix_mautrix_twitter_database_connection_string,
}[matrix_mautrix_twitter_database_engine] }}"
matrix_mautrix_twitter_double_puppet_secrets: "{{ matrix_mautrix_twitter_double_puppet_secrets_auto | combine(matrix_mautrix_twitter_double_puppet_secrets_custom) }}"
matrix_mautrix_twitter_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+9 -13
View File
@@ -28,7 +28,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
matrix_mautrix_whatsapp_version: v0.2603.0
matrix_mautrix_whatsapp_version: v0.2604.0
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_container_image: "{{ matrix_mautrix_whatsapp_container_image_registry_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
@@ -147,19 +147,15 @@ matrix_mautrix_whatsapp_database_sslmode: disable
matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode={{ matrix_mautrix_whatsapp_database_sslmode }}'
matrix_mautrix_whatsapp_appservice_database_type: "{{
{
'sqlite': 'sqlite3-fk-wal',
'postgres':'postgres',
}[matrix_mautrix_whatsapp_database_engine]
}}"
matrix_mautrix_whatsapp_appservice_database_type: "{{ {
'sqlite': 'sqlite3-fk-wal',
'postgres': 'postgres',
}[matrix_mautrix_whatsapp_database_engine] }}"
matrix_mautrix_whatsapp_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_whatsapp_sqlite_database_path_in_container,
'postgres': matrix_mautrix_whatsapp_database_connection_string,
}[matrix_mautrix_whatsapp_database_engine]
}}"
matrix_mautrix_whatsapp_appservice_database_uri: "{{ {
'sqlite': matrix_mautrix_whatsapp_sqlite_database_path_in_container,
'postgres': matrix_mautrix_whatsapp_database_connection_string,
}[matrix_mautrix_whatsapp_database_engine] }}"
matrix_mautrix_whatsapp_double_puppet_secrets: "{{ matrix_mautrix_whatsapp_double_puppet_secrets_auto | combine(matrix_mautrix_whatsapp_double_puppet_secrets_custom) }}"
matrix_mautrix_whatsapp_double_puppet_secrets_auto: {}
roles/custom/matrix-bridge-meshtastic-relay/defaults/main.yml
+202
View File
@@ -0,0 +1,202 @@
# SPDX-FileCopyrightText: 2025 - 2026 luschmar
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# matrix-meshtastic-relay is a Matrix <-> Meshtastic bridge.
# Project source code URL: https://github.com/jeremiah-k/meshtastic-matrix-relay
matrix_meshtastic_relay_enabled: true
# renovate: datasource=docker depName=jeremiah-k/mmrelay packageName=ghcr.io/jeremiah-k/mmrelay
matrix_meshtastic_relay_version: 1.3.5
matrix_meshtastic_relay_container_image: "{{ matrix_meshtastic_relay_container_image_registry_prefix }}jeremiah-k/mmrelay:{{ matrix_meshtastic_relay_version }}"
matrix_meshtastic_relay_container_image_registry_prefix: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream }}"
matrix_meshtastic_relay_container_image_registry_prefix_upstream: "{{ matrix_meshtastic_relay_container_image_registry_prefix_upstream_default }}"
matrix_meshtastic_relay_container_image_registry_prefix_upstream_default: "ghcr.io/"
matrix_meshtastic_relay_container_image_force_pull: "{{ matrix_meshtastic_relay_container_image.endswith(':latest') }}"
matrix_meshtastic_relay_base_path: "{{ matrix_base_data_path }}/meshtastic-relay"
# Holds the Ansible-managed `config.yaml`. Mounted read-only at `/config` in the
# container; mmrelay is pointed at `/config/config.yaml` via the `--config` CLI flag.
matrix_meshtastic_relay_config_path: "{{ matrix_meshtastic_relay_base_path }}/config"
# Runtime data directory. Mounted read-write at `/data` (MMRELAY_HOME) in the container.
# mmrelay auto-creates `database/`, `logs/`, `matrix/` (credentials + E2EE store)
# and `plugins/` subdirectories underneath as needed.
matrix_meshtastic_relay_data_path: "{{ matrix_meshtastic_relay_base_path }}/data"
matrix_meshtastic_relay_container_network: ""
matrix_meshtastic_relay_container_additional_networks: "{{ matrix_meshtastic_relay_container_additional_networks_auto + matrix_meshtastic_relay_container_additional_networks_custom }}"
matrix_meshtastic_relay_container_additional_networks_auto: []
matrix_meshtastic_relay_container_additional_networks_custom: []
# A list of extra arguments to pass to the container
matrix_meshtastic_relay_container_extra_arguments: []
# List of systemd services that matrix-meshtastic-relay.service depends on.
matrix_meshtastic_relay_systemd_required_services_list: "{{ matrix_meshtastic_relay_systemd_required_services_list_default + matrix_meshtastic_relay_systemd_required_services_list_auto + matrix_meshtastic_relay_systemd_required_services_list_custom }}"
matrix_meshtastic_relay_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_meshtastic_relay_systemd_required_services_list_auto: []
matrix_meshtastic_relay_systemd_required_services_list_custom: []
# List of systemd services that matrix-meshtastic-relay.service wants
matrix_meshtastic_relay_systemd_wanted_services_list: []
# Hostname of the Matrix homeserver the bot connects to.
matrix_meshtastic_relay_matrix_host: ""
# URL of the Matrix homeserver the bot connects to.
matrix_meshtastic_relay_matrix_homeserver_url: "https://{{ matrix_meshtastic_relay_matrix_host }}"
# Fully-qualified Matrix ID of the bot user.
matrix_meshtastic_relay_matrix_bot_user_id: "@meshtasticbot:{{ matrix_meshtastic_relay_matrix_host }}"
# Password for the bot's Matrix account.
# On first startup, mmrelay uses this to log in and persist credentials (including E2EE
# material) under `{{ matrix_meshtastic_relay_data_path }}/matrix/` on the host. After
# that, the password can (and should) be cleared from configuration.
matrix_meshtastic_relay_matrix_bot_password: ""
# Controls whether End-to-End Encryption is enabled.
# Requires password-based login on first start so that mmrelay can create `credentials.json`.
matrix_meshtastic_relay_e2ee_enabled: true
# Connection type to the Meshtastic device. One of: "tcp", "serial", "ble".
matrix_meshtastic_relay_connection_type: ""
# For `tcp` connection type: hostname/IP of the Meshtastic device to connect to.
matrix_meshtastic_relay_tcp_host: "meshtastic.local"
# For `serial` connection type: path of the serial device to connect to.
# This device is passed through to the container. The host must have it available.
matrix_meshtastic_relay_serial_port: "/dev/ttyUSB0"
# For `ble` connection type: BLE MAC address of the Meshtastic device to connect to.
# BLE requires `--network=host` and a DBus bind-mount (see the systemd service template).
matrix_meshtastic_relay_ble_address: "AA:BB:CC:DD:EE:FF"
# Display name of the Meshtastic network.
matrix_meshtastic_relay_meshnet_name: "MediumFast"
# Whether relaying from Matrix to Meshtastic is enabled.
matrix_meshtastic_relay_meshtastic_broadcast_enabled: true
# Matrix rooms to bridge to Meshtastic channels.
# Each entry should have an `id` (Matrix room alias or room ID) and a `meshtastic_channel`.
matrix_meshtastic_relay_matrix_rooms_list:
- id: "#meshtastic:{{ matrix_meshtastic_relay_matrix_host }}"
meshtastic_channel: "0"
# Whether plugins should only respond when the bot is explicitly mentioned.
matrix_meshtastic_relay_plugin_global_require_bot_mention: true
# Enabled built-in ("core") plugins.
# See: https://github.com/jeremiah-k/meshtastic-matrix-relay/wiki/Core-Plugins
matrix_meshtastic_relay_plugins_ping_enabled: true
matrix_meshtastic_relay_plugins_health_enabled: true
matrix_meshtastic_relay_plugins_weather_enabled: true
matrix_meshtastic_relay_plugins_weather_units: metric
matrix_meshtastic_relay_plugins_telemetry_enabled: true
matrix_meshtastic_relay_plugins_map_enabled: true
matrix_meshtastic_relay_plugins_nodes_enabled: true
# Default configuration passed to the bridge via config.yaml.
# See `../templates/config.yaml.j2` for what's rendered.
# Use `matrix_meshtastic_relay_configuration_extension_yaml` to override
# specific values or add/remove keys without having to maintain a full copy here.
matrix_meshtastic_relay_configuration_default:
matrix:
homeserver: "{{ matrix_meshtastic_relay_matrix_homeserver_url }}"
password: "{{ matrix_meshtastic_relay_matrix_bot_password }}"
bot_user_id: "{{ matrix_meshtastic_relay_matrix_bot_user_id }}"
e2ee:
enabled: "{{ matrix_meshtastic_relay_e2ee_enabled }}"
matrix_rooms: "{{ matrix_meshtastic_relay_matrix_rooms_list }}"
meshtastic: "{{ matrix_meshtastic_relay_meshtastic_configuration }}"
logging:
level: info
log_to_file: false
database:
enable_wal: true
busy_timeout_ms: 5000
pragmas:
synchronous: NORMAL
temp_store: MEMORY
msg_map:
msgs_to_keep: 500
wipe_on_restart: true
plugins:
require_bot_mention: "{{ matrix_meshtastic_relay_plugin_global_require_bot_mention }}"
ping:
active: "{{ matrix_meshtastic_relay_plugins_ping_enabled }}"
health:
active: "{{ matrix_meshtastic_relay_plugins_health_enabled }}"
weather:
active: "{{ matrix_meshtastic_relay_plugins_weather_enabled }}"
units: "{{ matrix_meshtastic_relay_plugins_weather_units }}"
telemetry:
active: "{{ matrix_meshtastic_relay_plugins_telemetry_enabled }}"
map:
active: "{{ matrix_meshtastic_relay_plugins_map_enabled }}"
nodes:
active: "{{ matrix_meshtastic_relay_plugins_nodes_enabled }}"
# Connection-type-specific `meshtastic` configuration block used by
# `matrix_meshtastic_relay_configuration_default`.
matrix_meshtastic_relay_meshtastic_configuration: |
{{
(
{'connection_type': 'tcp', 'host': matrix_meshtastic_relay_tcp_host}
if matrix_meshtastic_relay_connection_type == 'tcp' else
(
{'connection_type': 'serial', 'serial_port': matrix_meshtastic_relay_serial_port}
if matrix_meshtastic_relay_connection_type == 'serial' else
(
{'connection_type': 'ble', 'ble_address': matrix_meshtastic_relay_ble_address}
if matrix_meshtastic_relay_connection_type == 'ble' else {}
)
)
) | combine({
'meshnet_name': matrix_meshtastic_relay_meshnet_name,
'broadcast_enabled': matrix_meshtastic_relay_meshtastic_broadcast_enabled,
'message_interactions': {
'reactions': false,
'replies': false,
},
})
}}
# Holds additional configuration values that get merged into the default
# configuration (see `matrix_meshtastic_relay_configuration_default`).
#
# If you need something more special, you can take full control by changing
# `matrix_meshtastic_relay_configuration` directly.
matrix_meshtastic_relay_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_meshtastic_relay_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# redefining `matrix_meshtastic_relay_configuration` directly.
matrix_meshtastic_relay_configuration_extension: "{{ matrix_meshtastic_relay_configuration_extension_yaml | from_yaml if matrix_meshtastic_relay_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration rendered to `config.yaml`.
# Normally, you don't need to change this variable — use
# `matrix_meshtastic_relay_configuration_extension_yaml` instead.
matrix_meshtastic_relay_configuration: "{{ matrix_meshtastic_relay_configuration_default | combine(matrix_meshtastic_relay_configuration_extension, recursive=True) }}"
# matrix_meshtastic_relay_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_meshtastic_relay_restart_necessary: false
roles/custom/matrix-bridge-meshtastic-relay/tasks/main.yml
+25
View File
@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2025 - 2026 luschmar
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- tags:
- setup-all
- setup-meshtastic-relay
- install-all
- install-meshtastic-relay
block:
- when: matrix_meshtastic_relay_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_meshtastic_relay_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- tags:
- setup-all
- setup-meshtastic-relay
block:
- when: not matrix_meshtastic_relay_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_install.yml
+62
View File
@@ -0,0 +1,62 @@
# SPDX-FileCopyrightText: 2025 - 2026 luschmar
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Ensure matrix-meshtastic-relay image is pulled
community.docker.docker_image:
name: "{{ matrix_meshtastic_relay_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_meshtastic_relay_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_meshtastic_relay_container_image_force_pull }}"
register: matrix_meshtastic_relay_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: matrix_meshtastic_relay_container_image_pull_result is not failed
- name: Ensure matrix-meshtastic-relay paths exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0750'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items:
- "{{ matrix_meshtastic_relay_base_path }}"
- "{{ matrix_meshtastic_relay_config_path }}"
- "{{ matrix_meshtastic_relay_data_path }}"
- name: Ensure matrix-meshtastic-relay config.yaml is installed
ansible.builtin.copy:
content: "{{ matrix_meshtastic_relay_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_meshtastic_relay_config_path }}/config.yaml"
mode: '0600'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
register: matrix_meshtastic_relay_config_result
- name: Ensure matrix-meshtastic-relay container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_meshtastic_relay_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
when: "matrix_meshtastic_relay_connection_type != 'ble'"
- name: Ensure matrix-meshtastic-relay.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-meshtastic-relay.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
mode: '0644'
register: matrix_meshtastic_relay_systemd_service_result
- name: Determine whether matrix-meshtastic-relay needs a restart
ansible.builtin.set_fact:
matrix_meshtastic_relay_restart_necessary: >-
{{
matrix_meshtastic_relay_config_result.changed | default(false)
or matrix_meshtastic_relay_systemd_service_result.changed | default(false)
or matrix_meshtastic_relay_container_image_pull_result.changed | default(false)
}}
roles/custom/matrix-bridge-meshtastic-relay/tasks/setup_uninstall.yml
+25
View File
@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2025 - 2026 luschmar
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Check existence of matrix-meshtastic-relay service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
register: matrix_meshtastic_relay_service_stat
- when: matrix_meshtastic_relay_service_stat.stat.exists | bool
block:
- name: Ensure matrix-meshtastic-relay is stopped
ansible.builtin.service:
name: matrix-meshtastic-relay
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-meshtastic-relay.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-meshtastic-relay.service"
state: absent
roles/custom/matrix-bridge-meshtastic-relay/tasks/validate_config.yml
+23
View File
@@ -0,0 +1,23 @@
# SPDX-FileCopyrightText: 2025 - 2026 luschmar
# SPDX-FileCopyrightText: 2026 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- name: Fail if required matrix-meshtastic-relay settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
with_items:
- {'name': 'matrix_meshtastic_relay_matrix_host', when: true}
- {'name': 'matrix_meshtastic_relay_matrix_bot_password', when: true}
- {'name': 'matrix_meshtastic_relay_connection_type', when: true}
- name: Fail if matrix_meshtastic_relay_connection_type is invalid
ansible.builtin.fail:
msg: >-
`matrix_meshtastic_relay_connection_type` must be one of: `tcp`, `serial`, `ble`.
Got: `{{ matrix_meshtastic_relay_connection_type }}`.
when: "matrix_meshtastic_relay_connection_type not in ['tcp', 'serial', 'ble']"
roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2
+59
View File
@@ -0,0 +1,59 @@
#jinja2: lstrip_blocks: True
[Unit]
Description=Matrix <-> Meshtastic bridge
{% for service in matrix_meshtastic_relay_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_meshtastic_relay_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-meshtastic-relay
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-meshtastic-relay
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-meshtastic-relay \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size=50m \
--tmpfs=/.cache:rw,noexec,nosuid,size=50m \
--mount type=bind,src={{ matrix_meshtastic_relay_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_meshtastic_relay_data_path }},dst=/data \
{% if matrix_meshtastic_relay_connection_type == 'ble' %}
--network=host \
--security-opt apparmor=unconfined \
--mount type=bind,src=/var/run/dbus,dst=/var/run/dbus,ro \
{% else %}
--network={{ matrix_meshtastic_relay_container_network }} \
{% endif %}
{% if matrix_meshtastic_relay_connection_type == 'serial' %}
--device={{ matrix_meshtastic_relay_serial_port }} \
{% endif %}
{% for arg in matrix_meshtastic_relay_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_meshtastic_relay_container_image }} \
mmrelay --config /config/config.yaml
{% for network in matrix_meshtastic_relay_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-meshtastic-relay
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-meshtastic-relay
ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-meshtastic-relay
ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-meshtastic-relay
Restart=always
RestartSec=30
SyslogIdentifier=matrix-meshtastic-relay
[Install]
WantedBy=multi-user.target
roles/custom/matrix-bridge-meshtastic-relay/templates/systemd/matrix-meshtastic-relay.service.j2.license
+4
View File
@@ -0,0 +1,4 @@
SPDX-FileCopyrightText: 2025 - 2026 luschmar
SPDX-FileCopyrightText: 2026 Slavi Pantaleev
SPDX-License-Identifier: AGPL-3.0-or-later
roles/custom/matrix-bridge-postmoogle/defaults/main.yml
+6 -10
View File
@@ -68,19 +68,15 @@ matrix_postmoogle_database_sslmode: disable
matrix_postmoogle_database_connection_string: 'postgres://{{ matrix_postmoogle_database_username }}:{{ matrix_postmoogle_database_password }}@{{ matrix_postmoogle_database_hostname }}:{{ matrix_postmoogle_database_port }}/{{ matrix_postmoogle_database_name }}?sslmode={{ matrix_postmoogle_database_sslmode }}'
matrix_postmoogle_storage_database: "{{
{
'sqlite': matrix_postmoogle_sqlite_database_path_in_container,
'postgres': matrix_postmoogle_database_connection_string,
}[matrix_postmoogle_database_engine]
}}"
matrix_postmoogle_storage_database: "{{ {
'sqlite': matrix_postmoogle_sqlite_database_path_in_container,
'postgres': matrix_postmoogle_database_connection_string,
}[matrix_postmoogle_database_engine] }}"
matrix_postmoogle_database_dialect: "{{
{
matrix_postmoogle_database_dialect: "{{ {
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_postmoogle_database_engine]
}}"
}[matrix_postmoogle_database_engine] }}"
# The bot's username. This user needs to be created manually beforehand.
roles/custom/matrix-bridge-steam/defaults/main.yml
+3 -5
View File
@@ -164,11 +164,9 @@ matrix_steam_bridge_database_sslmode: disable
matrix_steam_bridge_database_connection_string: 'postgres://{{ matrix_steam_bridge_database_username }}:{{ matrix_steam_bridge_database_password }}@{{ matrix_steam_bridge_database_hostname }}:{{ matrix_steam_bridge_database_port }}/{{ matrix_steam_bridge_database_name }}?sslmode={{ matrix_steam_bridge_database_sslmode }}'
matrix_steam_bridge_database_uri: "{{
{
'postgres': matrix_steam_bridge_database_connection_string,
}[matrix_steam_bridge_database_engine]
}}"
matrix_steam_bridge_database_uri: "{{ {
'postgres': matrix_steam_bridge_database_connection_string,
}[matrix_steam_bridge_database_engine] }}"
matrix_steam_bridge_double_puppet_secrets: "{{ matrix_steam_bridge_double_puppet_secrets_auto | combine(matrix_steam_bridge_double_puppet_secrets_custom) }}"
matrix_steam_bridge_double_puppet_secrets_auto: {}
roles/custom/matrix-client-commet/defaults/main.yml
+1
View File
@@ -30,6 +30,7 @@ matrix_client_commet_container_image_self_build_repo: "https://github.com/commet
matrix_client_commet_container_image_self_build_git_hash: ""
matrix_client_commet_container_image_self_build_version_tag: "{{ matrix_client_commet_version }}"
matrix_client_commet_container_image: "localhost/matrix-client-commet:{{ matrix_client_commet_version }}"
matrix_client_commet_container_image_force_pull: "{{ matrix_client_commet_container_image.endswith(':latest') or matrix_client_commet_container_image.endswith(':main') }}"
# The in-container port nginx listens on
matrix_client_commet_container_port: 8080
roles/custom/matrix-continuwuity/defaults/main.yml
+30 -2
View File
@@ -13,7 +13,7 @@ matrix_continuwuity_enabled: true
matrix_continuwuity_hostname: ''
# renovate: datasource=docker depName=forgejo.ellis.link/continuwuation/continuwuity
matrix_continuwuity_version: v0.5.6
matrix_continuwuity_version: v0.5.7
matrix_continuwuity_container_image: "{{ matrix_continuwuity_container_image_registry_prefix }}/continuwuation/continuwuity:{{ matrix_continuwuity_container_image_tag }}"
matrix_continuwuity_container_image_tag: "{{ matrix_continuwuity_version }}"
@@ -37,7 +37,10 @@ matrix_continuwuity_systemd_required_services_list_auto: []
matrix_continuwuity_systemd_required_services_list_custom: []
# List of systemd services that matrix-continuwuity.service wants
matrix_continuwuity_systemd_wanted_services_list: []
matrix_continuwuity_systemd_wanted_services_list: "{{ matrix_continuwuity_systemd_wanted_services_list_default + matrix_continuwuity_systemd_wanted_services_list_auto + matrix_continuwuity_systemd_wanted_services_list_custom }}"
matrix_continuwuity_systemd_wanted_services_list_default: []
matrix_continuwuity_systemd_wanted_services_list_auto: []
matrix_continuwuity_systemd_wanted_services_list_custom: []
# Controls how long to sleep for after starting the matrix-synapse container.
#
@@ -256,6 +259,31 @@ matrix_continuwuity_config_url_preview_domain_explicit_allowlist: []
# Controls the `url_preview_check_root_domain` setting.
matrix_continuwuity_config_url_preview_check_root_domain: false
# Controls the value of `global.well_known.client`.
matrix_continuwuity_config_well_known_client: ''
# Controls whether SMTP features will be enabled
# (such as setting the server's SMTP connection URL,
# enabling self-service password resets via email,
# requiring email for registration, etc.)
matrix_continuwuity_config_smtp_enabled: false
# Controls the value of `global.smtp.connection_uri` (if any).
# Must be set to a non-empty value
# together with `matrix_continuwuity_config_smtp_sender` to have effect.
matrix_continuwuity_config_smtp_connection_uri: ''
# Controls the value of `global.smtp.sender` (if any).
# Must be set to a non-empty value
# together with `matrix_continuwuity_config_smtp_connection_uri` to have effect.
matrix_continuwuity_config_smtp_sender: ''
# Controls the `global.smtp.require_email_for_registration` setting.
matrix_continuwuity_config_smtp_require_email_for_registration: false
# Controls the `global.smtp.require_email_for_token_registration ` setting.
matrix_continuwuity_config_smtp_require_email_for_token_registration: false
# Additional environment variables to pass to the container.
#
# Environment variables take priority over settings in the configuration file.
roles/custom/matrix-continuwuity/templates/continuwuity.toml.j2
+49 -1
View File
@@ -1813,7 +1813,7 @@ url_preview_check_root_domain = {{ matrix_continuwuity_config_url_preview_check_
#
# example: "https://matrix.example.com"
#
#client =
client = {{ matrix_continuwuity_config_well_known_client | to_json }}
# The server base domain of the URL with a specific port that the server
# well-known file will serve. This should contain a port at the end, and
@@ -2015,3 +2015,51 @@ foci = [
# web->synapseHTTPAntispam->authorization
#
#secret =
{% if matrix_continuwuity_config_smtp_enabled %}
[global.smtp]
# A `smtp://`` URI which will be used to connect to a mail server.
# Uncommenting the [global.smtp] group and setting this option enables
# features which depend on the ability to send email,
# such as self-service password resets.
#
# For most modern mail servers, format the URI like this:
# `smtps://username:password@hostname:port`
# Note that you will need to URL-encode the username and password. If your
# username _is_ your email address, you will need to replace the `@` with
# `%40`.
#
# For a guide on the accepted URI syntax, consult Lettre's documentation:
# https://docs.rs/lettre/latest/lettre/transport/smtp/struct.AsyncSmtpTransport.html#method.from_url
#
{% if matrix_continuwuity_config_smtp_connection_uri != '' and matrix_continuwuity_config_smtp_sender != '' %}
connection_uri = {{ matrix_continuwuity_config_smtp_connection_uri | to_json }}
{% else %}
#connection_uri =
{% endif %}
# The outgoing address which will be used for sending emails.
#
# For a syntax guide, see https://datatracker.ietf.org/doc/html/rfc2822#section-3.4
#
# ...or if you don't want to read the RFC, for some reason:
# - `Name <address@domain.org>` to specify a sender name
# - `address@domain.org` to not use a name
#
{% if matrix_continuwuity_config_smtp_connection_uri != '' and matrix_continuwuity_config_smtp_sender != '' %}
sender = {{ matrix_continuwuity_config_smtp_sender | to_json }}
{% else %}
#sender =
{% endif %}
# Whether to require that users provide an email address when they
# register.
#
require_email_for_registration = {{ matrix_continuwuity_config_smtp_require_email_for_registration | to_json }}
# Whether to require that users who register with a registration token
# provide an email address.
#
require_email_for_token_registration = {{ matrix_continuwuity_config_smtp_require_email_for_token_registration | to_json }}
{% endif %}
roles/custom/matrix-continuwuity/templates/systemd/matrix-continuwuity.service.j2
+3
View File
@@ -5,6 +5,9 @@ Description=continuwuity Matrix homeserver
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_continuwuity_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
roles/custom/matrix-element-call/defaults/main.yml
+1 -1
View File
@@ -21,7 +21,7 @@ matrix_element_call_enabled: false
matrix_rtc_enabled: "{{ matrix_element_call_enabled }}"
# renovate: datasource=docker depName=ghcr.io/element-hq/element-call
matrix_element_call_version: v0.19.0
matrix_element_call_version: v0.19.1
matrix_element_call_scheme: https
roles/custom/matrix-ketesa/defaults/main.yml
+8 -1
View File
@@ -27,7 +27,7 @@ matrix_ketesa_container_image_self_build: false
matrix_ketesa_container_image_self_build_repo: "https://github.com/etkecc/ketesa.git"
# renovate: datasource=docker depName=ghcr.io/etkecc/ketesa
matrix_ketesa_version: v1.1.0
matrix_ketesa_version: v1.2.0
matrix_ketesa_container_image: "{{ matrix_ketesa_container_image_registry_prefix }}etkecc/ketesa:{{ matrix_ketesa_version }}"
matrix_ketesa_container_image_registry_prefix: "{{ 'localhost/' if matrix_ketesa_container_image_self_build else matrix_ketesa_container_image_registry_prefix_upstream }}"
matrix_ketesa_container_image_registry_prefix_upstream: "{{ matrix_ketesa_container_image_registry_prefix_upstream_default }}"
@@ -164,6 +164,7 @@ matrix_ketesa_path_prefix: /synapse-admin
matrix_ketesa_configuration_default:
restrictBaseUrl: "{{ matrix_ketesa_config_restrictBaseUrl }}"
externalAuthProvider: "{{ matrix_ketesa_config_externalAuthProvider }}"
wellKnownDiscovery: "{{ matrix_ketesa_config_wellKnownDiscovery }}"
corsCredentials: "{{ matrix_ketesa_config_corsCredentials }}"
asManagedUsers: "{{ matrix_ketesa_config_asManagedUsers }}"
menu: "{{ matrix_ketesa_config_menu }}"
@@ -202,6 +203,12 @@ matrix_ketesa_config_restrictBaseUrl: "{{ matrix_homeserver_url }}" # noqa var-
# enables a special compatibility mode that works better for external auth providers like LDAP, MAS, etc.
matrix_ketesa_config_externalAuthProvider: false # noqa var-naming
# Control automatic URL canonicalization via /.well-known/matrix/client
# Default: true (discovery enabled, per Matrix spec).
# Set to false when the /_synapse/admin API is hosted on a separate domain not advertised in well-known (e.g. a VPN-only admin endpoint).
# When disabled, MXID-based URL auto-fill uses the domain portion of the MXID directly without a well-known lookup.
matrix_ketesa_config_wellKnownDiscovery: true # noqa var-naming
# Controls the corsCredentials configuration setting, which, if defined,
# allows including credentials (cookies, authorization headers, or TLS client certificates) in requests
# ref: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials
roles/custom/matrix-livekit-jwt-service/defaults/main.yml
+1 -1
View File
@@ -25,7 +25,7 @@ matrix_livekit_jwt_service_container_additional_networks_auto: []
matrix_livekit_jwt_service_container_additional_networks_custom: []
# renovate: datasource=docker depName=ghcr.io/element-hq/lk-jwt-service
matrix_livekit_jwt_service_version: 0.4.2
matrix_livekit_jwt_service_version: 0.4.4
matrix_livekit_jwt_service_container_image_self_build: false
matrix_livekit_jwt_service_container_repo: "https://github.com/element-hq/lk-jwt-service.git"
roles/custom/matrix-registration/defaults/main.yml
+4 -6
View File
@@ -112,12 +112,10 @@ matrix_registration_database_connection_string: 'postgresql://{{ matrix_registra
# For some reason, matrix-registraiton expects the `db` field to be like this: `sqlite:////data/db.sqlite3`.
# (seems like one too many slashes, but..)
matrix_registration_db: "{{
{
'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
'postgres': matrix_registration_database_connection_string,
}[matrix_registration_database_engine]
}}"
matrix_registration_db: "{{ {
'sqlite': ('sqlite:///' + matrix_registration_sqlite_database_path_in_container),
'postgres': matrix_registration_database_connection_string,
}[matrix_registration_database_engine] }}"
matrix_registration_base_url: "{{ matrix_registration_path_prefix }}"
roles/custom/matrix-static-files/defaults/main.yml
+1 -1
View File
@@ -208,7 +208,7 @@ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enab
# Controls the org.matrix.msc4143.rtc_foci property in the /.well-known/matrix/client file.
# See `matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_enabled`
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto+ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci: "{{ matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto + matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom }}"
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_auto: []
matrix_static_files_file_matrix_client_property_org_matrix_msc4143_rtc_foci_custom: []
roles/custom/matrix-synapse/defaults/main.yml
+3
View File
@@ -1329,6 +1329,9 @@ matrix_synapse_database_host: ''
matrix_synapse_database_port: 5432
matrix_synapse_database_cp_min: 5
matrix_synapse_database_cp_max: 10
matrix_synapse_database_keepalives_idle: null
matrix_synapse_database_keepalives_interval: null
matrix_synapse_database_keepalives_count: null
matrix_synapse_database_user: "synapse"
matrix_synapse_database_password: ""
matrix_synapse_database_database: "synapse"
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
+9
View File
@@ -868,6 +868,15 @@ database:
port: {{ matrix_synapse_database_port }}
cp_min: {{ matrix_synapse_database_cp_min | to_json }}
cp_max: {{ matrix_synapse_database_cp_max | to_json }}
{% if matrix_synapse_database_keepalives_idle is not none %}
keepalives_idle: {{ matrix_synapse_database_keepalives_idle | to_json }}
{% endif %}
{% if matrix_synapse_database_keepalives_interval is not none %}
keepalives_interval: {{ matrix_synapse_database_keepalives_interval | to_json }}
{% endif %}
{% if matrix_synapse_database_keepalives_count is not none %}
keepalives_count: {{ matrix_synapse_database_keepalives_count | to_json }}
{% endif %}
## Logging ##
roles/custom/matrix_playbook_migration/defaults/main.yml
+4 -1
View File
@@ -14,10 +14,13 @@ matrix_playbook_migration_validated_version: ''
# The version that the playbook expects the user to have validated against.
# This is bumped whenever a breaking change is introduced.
# The value configured here needs to exist in `matrix_playbook_migration_breaking_changes` as well.
matrix_playbook_migration_expected_version: "v2026.04.03.0"
matrix_playbook_migration_expected_version: "v2026.04.24.0"
# A list of breaking changes, used to inform users what changed between their validated version and the expected version.
matrix_playbook_migration_breaking_changes:
- version: "v2026.04.24.0"
summary: "(BC Break) mautrix-telegram has been rewritten in Go (bridgev2) — the web-based login endpoint, old-style relaybot and several variables have been removed"
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-24"
- version: "v2026.04.03.0"
summary: "(BC Break) Synapse Admin is now Ketesa — role renamed and all variables changed from matrix_synapse_admin_* to matrix_ketesa_*"
changelog_url: "https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2026-04-03"
setup.yml
+1
View File
@@ -78,6 +78,7 @@
- custom/matrix-bridge-steam
- custom/matrix-bridge-heisenbridge
- custom/matrix-bridge-hookshot
- custom/matrix-bridge-meshtastic-relay
- custom/matrix-bot-matrix-reminder-bot
- custom/matrix-bot-matrix-registration-bot
- custom/matrix-bot-maubot