From 0faad74a44280b4aa025453f38db6801f92195d5 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 7 Sep 2021 20:44:18 +0300
Subject: [PATCH 01/18] Upgrade Synapse (1.41.1 -> 1.42.0)

---
 roles/matrix-synapse/defaults/main.yml        |  4 +--
 .../templates/synapse/homeserver.yaml.j2      | 29 ++++++++++---------
 roles/matrix-synapse/vars/workers.yml         |  1 +
 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml
index e63c4696..5adc779d 100644
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.41.1
-matrix_synapse_version_arm64: v1.41.1
+matrix_synapse_version: v1.42.0
+matrix_synapse_version_arm64: v1.42.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 8c7d0449..099e5bcd 100644
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -83,20 +83,6 @@ presence:
   #
   enabled: {{ matrix_synapse_presence_enabled|to_json }}
 
-  # Presence routers are third-party modules that can specify additional logic
-  # to where presence updates from users are routed.
-  #
-  presence_router:
-    # The custom module's class. Uncomment to use a custom presence router module.
-    #
-    #module: "my_custom_router.PresenceRouter"
-
-    # Configuration options of the custom module. Refer to your module's
-    # documentation for available options.
-    #
-    #config:
-    #  example_option: 'something'
-
 # Whether to require authentication to retrieve profile data (avatars,
 # display names) of other users through the client API. Defaults to
 # 'false'. Note that profile data is also available via the federation
@@ -839,6 +825,8 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
 #     is using
 #   - one for registration that ratelimits registration requests based on the
 #     client's IP address.
+#   - one for checking the validity of registration tokens that ratelimits
+#     requests based on the client's IP address.
 #   - one for login that ratelimits login requests based on the client's IP
 #     address.
 #   - one for login that ratelimits login requests based on the account the
@@ -869,6 +857,10 @@ rc_message: {{ matrix_synapse_rc_message|to_json }}
 #  burst_count: 3
 rc_registration: {{ matrix_synapse_rc_registration|to_json }}
 #
+#rc_registration_token_validity:
+#  per_second: 0.1
+#  burst_count: 5
+#
 #rc_login:
 #  address:
 #    per_second: 0.17
@@ -1228,6 +1220,15 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
 #
 #enable_3pid_lookup: true
 
+# Require users to submit a token during registration.
+# Tokens can be managed using the admin API:
+# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html
+# Note that `enable_registration` must be set to `true`.
+# Disabling this option will not delete any tokens previously generated.
+# Defaults to false. Uncomment the following to require tokens:
+#
+#registration_requires_token: true
+
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
 #
diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml
index 5244d26f..8153372a 100644
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -59,6 +59,7 @@ matrix_synapse_workers_generic_worker_endpoints:
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|unstable)/login$
   - ^/_matrix/client/(r0|unstable)/register$
+  - ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
 
   # Event sending requests
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact

From df13ea5f14c775c082d1dd4587455ae0e3d8296d Mon Sep 17 00:00:00 2001
From: WobbelTheBear <wol-win@users.noreply.github.com>
Date: Thu, 9 Sep 2021 08:33:22 +0200
Subject: [PATCH 02/18] Upgrade grafana (8.1.2 -> 8.1.3) (#1269)

Upgrade grafana (8.1.2 -> 8.1.3)
---
 roles/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml
index 55259c52..b8909e24 100644
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.1.2
+matrix_grafana_version: 8.1.3
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From 82641092a7190820de4f00926f69cb6970ccb79e Mon Sep 17 00:00:00 2001
From: Aaron Raimist <aaron@raim.ist>
Date: Sat, 11 Sep 2021 20:43:08 -0500
Subject: [PATCH 03/18] Revert "Move some related tasks closer together in
 matrix-client-hydrogen"

This reverts commit e913347fe15d4d1c6db0d5de8cc1026f335a02c2.
---
 roles/matrix-client-hydrogen/tasks/setup.yml | 22 ++++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/matrix-client-hydrogen/tasks/setup.yml b/roles/matrix-client-hydrogen/tasks/setup.yml
index a5a5a48b..205fa3ce 100644
--- a/roles/matrix-client-hydrogen/tasks/setup.yml
+++ b/roles/matrix-client-hydrogen/tasks/setup.yml
@@ -33,17 +33,6 @@
   register: matrix_client_hydrogen_git_pull_results
   when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
 
-- name: Ensure Hydrogen Docker image is built
-  docker_image:
-    name: "{{ matrix_client_hydrogen_docker_image }}"
-    source: build
-    force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
-      pull: yes
-  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
-
 - name: Ensure Hydrogen configuration installed
   copy:
     content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}"
@@ -64,6 +53,17 @@
     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
   when: "matrix_client_hydrogen_enabled|bool and item.src is not none"
 
+- name: Ensure Hydrogen Docker image is built
+  docker_image:
+    name: "{{ matrix_client_hydrogen_docker_image }}"
+    source: build
+    force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
+
 - name: Ensure matrix-client-hydrogen.service installed
   template:
     src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2"

From f7e614b644c3708d44760681366da4d6163012df Mon Sep 17 00:00:00 2001
From: Aaron Raimist <aaron@raim.ist>
Date: Sat, 11 Sep 2021 20:44:00 -0500
Subject: [PATCH 04/18] Add comment explaining why this step goes here

---
 roles/matrix-client-hydrogen/tasks/setup.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/matrix-client-hydrogen/tasks/setup.yml b/roles/matrix-client-hydrogen/tasks/setup.yml
index 205fa3ce..a4ff7c3c 100644
--- a/roles/matrix-client-hydrogen/tasks/setup.yml
+++ b/roles/matrix-client-hydrogen/tasks/setup.yml
@@ -53,6 +53,8 @@
     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
   when: "matrix_client_hydrogen_enabled|bool and item.src is not none"
 
+# This step MUST come after the steps to install the configuration files because the config files
+# are currently only read at build time, not at run time like most other components in the playbook
 - name: Ensure Hydrogen Docker image is built
   docker_image:
     name: "{{ matrix_client_hydrogen_docker_image }}"

From 4b46913278f235b7fa6f895036d76d9eb411ac36 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Mon, 13 Sep 2021 16:24:09 +0300
Subject: [PATCH 05/18] Upgrade Element (1.8.2 -> 1.8.4) to patch a security
 issue

See:
- https://github.com/vector-im/element-web/releases/tag/v1.8.4
- https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients
---
 roles/matrix-client-element/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml
index 962e8d88..eb2b038b 100644
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.8.2
+matrix_client_element_version: v1.8.4
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

From 4adbefab82e3e74d789eeb8035b985c10afe04a9 Mon Sep 17 00:00:00 2001
From: Toni Spets <toni.spets@iki.fi>
Date: Fri, 3 Sep 2021 07:58:48 +0300
Subject: [PATCH 06/18] Upgrade Heisenbridge (1.0.1 -> 1.1.0)

---
 roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml
index c686b62b..275a4ffb 100644
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.0.1
+matrix_heisenbridge_version: 1.1.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

From 3055b3996e153e2072d052ff5f82e97ebdd928ab Mon Sep 17 00:00:00 2001
From: sakkiii <s@sakkiii.in>
Date: Tue, 14 Sep 2021 16:51:01 +0530
Subject: [PATCH 07/18] Updates Certbot -> v1.19.0, nginx ->1.21.3-alpine

---
 roles/matrix-nginx-proxy/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index f64b161f..5d9db145 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -1,5 +1,5 @@
 matrix_nginx_proxy_enabled: true
-matrix_nginx_proxy_version: 1.21.1-alpine
+matrix_nginx_proxy_version: 1.21.3-alpine
 
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
@@ -426,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
 
 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
-matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0"
+matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.19.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

From b3cfa2a1bab25549cac2e93b0643e21904953b6b Mon Sep 17 00:00:00 2001
From: Kim Brose <kim.brose@rwth-aachen.de>
Date: Tue, 14 Sep 2021 16:52:57 +0200
Subject: [PATCH 08/18] Fix typo

---
 examples/vars.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/vars.yml b/examples/vars.yml
index f79e5e3c..f6c86be9 100644
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -14,7 +14,7 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
 #
 # In case SSL renewal fails at some point, you'll also get an email notification there.
 #
-# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
+# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
 # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
 #
 # Example value: someone@example.com

From b166f0175a685732a1e0a73d5c7ecc624bd9efc3 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Wed, 15 Sep 2021 09:36:15 +0300
Subject: [PATCH 09/18] Upgrade Element (1.8.4 -> 1.8.5)

---
 roles/matrix-client-element/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml
index eb2b038b..62bb47db 100644
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.8.4
+matrix_client_element_version: v1.8.5
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

From 255cb97c412eb9f2675252c15c5a7d471c602670 Mon Sep 17 00:00:00 2001
From: sakkiii <s@sakkiii.in>
Date: Fri, 17 Sep 2021 15:50:06 +0530
Subject: [PATCH 10/18] Upgrade grafana (8.1.3 -> 8.1.4)

---
 roles/matrix-grafana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml
index b8909e24..8df73e2d 100644
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.1.3
+matrix_grafana_version: 8.1.4
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

From 8b9c7b18ac415c45362dafb622beb3581ecb2a02 Mon Sep 17 00:00:00 2001
From: Toni Spets <toni.spets@iki.fi>
Date: Fri, 3 Sep 2021 07:58:48 +0300
Subject: [PATCH 11/18] Upgrade Heisenbridge (1.1.0 -> 1.1.1)

---
 roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml
index 275a4ffb..82706a9d 100644
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.1.0
+matrix_heisenbridge_version: 1.1.1
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

From 8527c0a8d96aaf636a2c126eb0662a7eee8d0d26 Mon Sep 17 00:00:00 2001
From: Aaron Raimist <aaron@raim.ist>
Date: Sat, 18 Sep 2021 16:23:42 -0500
Subject: [PATCH 12/18] Bump minimum supported Ubuntu version

Ubuntu ended support for 16.04 in April
---
 docs/prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/prerequisites.md b/docs/prerequisites.md
index 39b42ef1..109eb586 100644
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -5,7 +5,7 @@ To install Matrix services using this Ansible playbook, you need:
 - (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems:
   - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
   - **Debian** (9/Stretch or newer)
-  - **Ubuntu** (16.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
+  - **Ubuntu** (18.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
   - **Archlinux**
 
 Generally, newer is better. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.

From f542a3a7c803cb9526cdbef6dfdba5f13ed1b373 Mon Sep 17 00:00:00 2001
From: WobbelTheBear <wol-win@users.noreply.github.com>
Date: Mon, 20 Sep 2021 16:49:30 +0200
Subject: [PATCH 13/18] Update release (release-0.30.0 -> release-0.31.0)

Update release (release-0.30.0 -> release-0.31.0)
---
 roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml
index 0cfe56a4..35432aa0 100644
--- a/roles/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml
@@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 
-matrix_appservice_irc_version: release-0.30.0
+matrix_appservice_irc_version: release-0.31.0
 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
 matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
 

From d82b98a5226cb9d84044e2d4ef8b838d54a1ddcf Mon Sep 17 00:00:00 2001
From: WobbelTheBear <wol-win@users.noreply.github.com>
Date: Mon, 20 Sep 2021 16:53:13 +0200
Subject: [PATCH 14/18] Upgrade mjolnir (v0.1.19 -> v1.1.20)

Upgrade mjolnir (v0.1.19 -> v1.1.20)

Remark: interesting version number increase :-)
---
 roles/matrix-bot-mjolnir/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml
index 1d1038af..6e7331c4 100644
--- a/roles/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/matrix-bot-mjolnir/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_bot_mjolnir_enabled: true
 
-matrix_bot_mjolnir_version: "v0.1.19"
+matrix_bot_mjolnir_version: "v1.1.20"
 
 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

From 92af6c162d485740fb76fa8a653cbb95d87fdc61 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 21 Sep 2021 10:57:32 +0300
Subject: [PATCH 15/18] Do not advertise Debian 9 support

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1282

It's mostly due to Docker CE dropping its repositories (and support) for
Debian 9.
If one installs Docker manually (likely a package named `docker.io`), it
will likely still work.
In any case, Debian 9 is old and end-of-life now, so advertising support
for it is not productive.
---
 docs/faq.md           | 2 +-
 docs/prerequisites.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/faq.md b/docs/faq.md
index 6c9eedc2..5181c6ea 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -121,7 +121,7 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
 
 - this one **can be executed more than once** without causing trouble
 
-- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
+- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 10/Buster+, **Ubuntu** 18.04+), **Archlinux**
 
 - this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
 
diff --git a/docs/prerequisites.md b/docs/prerequisites.md
index 109eb586..0da1c715 100644
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -4,7 +4,7 @@ To install Matrix services using this Ansible playbook, you need:
 
 - (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems:
   - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
-  - **Debian** (9/Stretch or newer)
+  - **Debian** (10/Buster or newer)
   - **Ubuntu** (18.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
   - **Archlinux**
 

From 7934cde90f8cca3ba6cd1018e3f1ee28a0558df9 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 21 Sep 2021 18:17:47 +0300
Subject: [PATCH 16/18] Upgrade Synapse (1.42.0 -> 1.43.0)

Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1287
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1288

.. but does it in a more complete way
---
 roles/matrix-synapse/defaults/main.yml        |  4 ++--
 .../templates/synapse/homeserver.yaml.j2      | 20 ++++++++++++++++++-
 roles/matrix-synapse/vars/workers.yml         |  5 +++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml
index 5adc779d..075e7dd0 100644
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.42.0
-matrix_synapse_version_arm64: v1.42.0
+matrix_synapse_version: v1.43.0
+matrix_synapse_version_arm64: v1.43.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 099e5bcd..2fb08e0a 100644
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -357,6 +357,24 @@ update_user_directory: false
 daemonize: false
 {% endif %}
 
+# Connection settings for the manhole
+#
+manhole_settings:
+  # The username for the manhole. This defaults to 'matrix'.
+  #
+  #username: manhole
+
+  # The password for the manhole. This defaults to 'rabbithole'.
+  #
+  #password: mypassword
+
+  # The private and public SSH key pair used to encrypt the manhole traffic.
+  # If these are left unset, then hardcoded and non-secret keys are used,
+  # which could allow traffic to be intercepted if sent over a public network.
+  #
+  #ssh_priv_key_path: /data/id_rsa
+  #ssh_pub_key_path: /data/id_rsa.pub
+
 # Forward extremities can build up in a room due to networking delays between
 # homeservers. Once this happens in a large room, calculation of the state of
 # that room can become quite expensive. To mitigate this, once the number of
@@ -2258,7 +2276,7 @@ password_config:
       #
       #require_lowercase: true
 
-      # Whether a password must contain at least one lowercase letter.
+      # Whether a password must contain at least one uppercase letter.
       # Defaults to 'false'.
       #
       #require_uppercase: true
diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml
index 8153372a..049ae9b5 100644
--- a/roles/matrix-synapse/vars/workers.yml
+++ b/roles/matrix-synapse/vars/workers.yml
@@ -32,6 +32,8 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/federation/v1/user/devices/
   - ^/_matrix/federation/v1/get_groups_publicised$
   - ^/_matrix/key/v2/query
+  - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/
+  - ^/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/
 
   # Inbound federation transaction request
   - ^/_matrix/federation/v1/send/
@@ -43,6 +45,9 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
+  - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$
+  - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$
+  - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
   - ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
   - ^/_matrix/client/(api/v1|r0|unstable)/devices$
   - ^/_matrix/client/(api/v1|r0|unstable)/keys/query$

From ff63f4efce6be2c53d3b508d3070413e7001cd94 Mon Sep 17 00:00:00 2001
From: Toni Spets <toni.spets@iki.fi>
Date: Fri, 3 Sep 2021 07:58:48 +0300
Subject: [PATCH 17/18] Upgrade Heisenbridge (1.1.1 -> 1.2.0)

---
 roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml
index 82706a9d..eefdea35 100644
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_version: 1.1.1
+matrix_heisenbridge_version: 1.2.0
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 

From 11b215f8ec2c896956bb55c53761bd874498ade6 Mon Sep 17 00:00:00 2001
From: Kim Brose <kim.brose@rwth-aachen.de>
Date: Thu, 23 Sep 2021 21:39:42 +0200
Subject: [PATCH 18/18] Fix typo

---
 docs/importing-postgres.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md
index d27375bb..925ed14d 100644
--- a/docs/importing-postgres.md
+++ b/docs/importing-postgres.md
@@ -60,7 +60,7 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
 It can be worked around by changing the username to `synapse`, for example by using `sed`:
 
 ```Shell
-$ sed -i "s/synapse_user/synapse/g" homeserver.sql"
+$ sed -i "s/synapse_user/synapse/g" homeserver.sql
 ```
 
 This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.