Merge branch 'master' into pub.solar

docs/configuring-playbook-bot-maubot.md

@@ -54,4 +54,5 @@ Choose a strong password for the bot. You can generate a good password with a co
 
 ## Obtaining an admin access token
 
-This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md).
+This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh`
+Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). However these two methods won't allow the bot to work in encrypted rooms.

docs/configuring-playbook-ntfy.md

@@ -71,7 +71,8 @@ Steps needed for specific matrix apps:
   3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
 
 * Element-android v1.4.26+:
-  - [not yet documented; should auto-detect and use it?]
+  1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy`
+  2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings`
 
 If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
 

group_vars/matrix_servers

@@ -2477,13 +2477,24 @@ matrix_grafana_enabled: false
 # Grafana's HTTP port to the local host.
 matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}"
 
-matrix_grafana_dashboard_download_urls_all: |
+matrix_grafana_dashboard_download_urls: |
   {{
-    matrix_grafana_dashboard_download_urls
+    (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
+    +
+    (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else [])
     +
     (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else [])
   }}
 
+matrix_grafana_default_home_dashboard_path: |-
+  {{
+    {
+      'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled else '/etc/grafana/dashboards/node-exporter-full.json'),
+      'dendrite': '/etc/grafana/dashboards/node-exporter-full.json',
+      'conduit': '/etc/grafana/dashboards/node-exporter-full.json',
+    }[matrix_homeserver_implementation]
+  }}
+
 matrix_grafana_systemd_wanted_services_list: |
   {{
     []

roles/matrix-bot-honoroit/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-matrix_bot_honoroit_version: v0.9.14
+matrix_bot_honoroit_version: v0.9.15
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

roles/matrix-bot-postmoogle/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.2
+matrix_bot_postmoogle_version: v0.9.4
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

roles/matrix-bot-postmoogle/tasks/setup_install.yml

@@ -91,9 +91,3 @@
   ansible.builtin.service:
     daemon_reload: true
   when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"
-
-- name: Ensure matrix-bot-postmoogle.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-bot-postmoogle.service"
-    state: restarted
-  when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
 
 # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
-matrix_appservice_irc_version: 0.35.0
+matrix_appservice_irc_version: 0.35.1
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
 matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
 matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
 matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
 
-matrix_mautrix_instagram_version: v0.2.0
+matrix_mautrix_instagram_version: v0.2.1
 # See: https://mau.dev/tulir/mautrix-instagram/container_registry
 matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
 matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -9,14 +9,14 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
 matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
 matrix_telegram_lottieconverter_docker_repo_version: "master"
 matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
-matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15"  # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
+matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16"  # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
 
 matrix_mautrix_telegram_container_image_self_build: false
 matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
 matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
-matrix_mautrix_telegram_version: v0.12.0
+matrix_mautrix_telegram_version: v0.12.1
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -55,7 +55,7 @@ appservice:
     # Whether or not to receive ephemeral events via appservice transactions.
     # Requires MSC2409 support (i.e. Synapse 1.22+).
     # You should disable bridge -> sync_with_custom_puppets when this is enabled.
-    ephemeral_events: true
+    ephemeral_events: false
 
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
@@ -191,7 +191,7 @@ bridge:
     # Should Matrix users leaving groups be bridged to WhatsApp?
     bridge_matrix_leave: true
     # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
-    sync_with_custom_puppets: false
+    sync_with_custom_puppets: true
     # Should the bridge update the m.direct account data event when double puppeting is enabled.
     # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
     # and is therefore prone to race conditions.

roles/matrix-dendrite/defaults/main.yml

@@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
 
 matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
 matrix_dendrite_docker_image_name_prefix: "docker.io/"
-matrix_dendrite_docker_image_tag: "v0.9.8"
+matrix_dendrite_docker_image_tag: "v0.9.9"
 matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
 
 matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

roles/matrix-dynamic-dns/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
-matrix_dynamic_dns_version: v3.9.1-ls98
+matrix_dynamic_dns_version: v3.9.1-ls99
 
 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,18 +3,14 @@
 # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
 # Project source code URL: https://github.com/grafana/grafana
 
-matrix_grafana_enabled: false
+matrix_grafana_enabled: true
 
-matrix_grafana_version: 9.1.5
+matrix_grafana_version: 9.1.6
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 
-# Not conditional, because when someone disables metrics
-# they might still want to look at the old existing data.
-# So it would be silly to delete the dashboard in such case.
-matrix_grafana_dashboard_download_urls:
-  - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json"
-  - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json"
+# matrix_grafana_dashboard_download_urls holds a list of URLs of dashboards to download
+matrix_grafana_dashboard_download_urls: []
 
 matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana"
 matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config"
@@ -50,6 +46,10 @@ matrix_grafana_content_security_policy: true
 matrix_grafana_content_security_policy_customized: false
 matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"
 
+# matrix_grafana_default_home_dashboard_path influences the `default_home_dashboard_path` grafana.ini setting,
+# which is an in-container path for the default dashboard.
+matrix_grafana_default_home_dashboard_path: /etc/grafana/dashboards/node-exporter-full.json
+
 # A list of extra arguments to pass to the container
 matrix_grafana_container_extra_arguments: []
 

roles/matrix-grafana/tasks/setup.yml

@@ -68,7 +68,7 @@
     mode: 0440
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
-  with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
+  with_items: "{{ matrix_grafana_dashboard_download_urls }}"
   when: matrix_grafana_enabled | bool
   register: result
   retries: "{{ matrix_geturl_retries_count }}"

roles/matrix-grafana/tasks/validate_config.yml

@@ -5,3 +5,12 @@
     msg: >
       You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana.
   when: "not matrix_prometheus_enabled"
+
+- name: (Deprecation) Catch and report renamed settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_grafana_dashboard_download_urls_all', 'new': 'matrix_grafana_dashboard_download_urls'}

roles/matrix-grafana/templates/grafana.ini.j2

@@ -26,8 +26,4 @@ enabled = {{ matrix_grafana_anonymous_access }}
 org_name = "{{ matrix_grafana_anonymous_access_org_name }}"
 
 [dashboards]
-{% if matrix_synapse_metrics_enabled %}
-default_home_dashboard_path = /etc/grafana/dashboards/synapse.json
-{% else %}
-default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json
-{% endif %}
+default_home_dashboard_path = {{ matrix_grafana_default_home_dashboard_path }}

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -5,7 +5,7 @@
 
 matrix_prometheus_node_exporter_enabled: false
 
-matrix_prometheus_node_exporter_version: v1.3.1
+matrix_prometheus_node_exporter_version: v1.4.0
 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
 matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
 
@@ -60,3 +60,8 @@ matrix_prometheus_node_exporter_container_http_host_bind_port: ''
 # If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not  0.0.0.0 and a port, that "<ip>:<port>" value will be used
 # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
 matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
+
+# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_prometheus_node_exporter_dashboard_urls:
+  - https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json

roles/matrix-prometheus-postgres-exporter/defaults/main.yml

@@ -58,5 +58,7 @@ matrix_prometheus_postgres_exporter_container_http_host_bind_port: ''
 # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
 matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
 
+# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
 matrix_prometheus_postgres_exporter_dashboard_urls:
   - "https://grafana.com/api/dashboards/9628/revisions/7/download"

roles/matrix-synapse/defaults/main.yml

@@ -148,22 +148,22 @@ matrix_synapse_rc_admin_redaction:
 matrix_synapse_rc_joins:
   local:
     per_second: 0.1
-    burst_count: 3
+    burst_count: 10
   remote:
     per_second: 0.01
-    burst_count: 3
+    burst_count: 10
 
 
 matrix_synapse_rc_invites:
   per_room:
-    per_second: 0.5
-    burst_count: 5
+    per_second: 0.3
+    burst_count: 10
   per_user:
-    per_second: 0.004
-    burst_count: 3
-  per_issuer:
-    per_second: 0.5
+    per_second: 0.003
     burst_count: 5
+  per_issuer:
+    per_second: 0.3
+    burst_count: 10
 
 
 matrix_synapse_rc_federation:
@@ -365,6 +365,11 @@ matrix_url_preview_accept_language: ['en-US', 'en']
 matrix_synapse_metrics_enabled: false
 matrix_synapse_metrics_port: 9100
 
+# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
+# If the Grafana role is enabled, these dashboards will be downloaded.
+matrix_synapse_grafana_dashboard_urls:
+  - https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json
+
 # Controls whether Synapse metrics should be proxied (exposed) on:
 # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process
 # - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process