Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Draupnir roles now use `community.docker.docker_image_pull` and
`community.docker.docker_image_build`, both first available in
community.docker 3.6.0 (Jan 2024, shipped with Ansible 9.2.0).
This pin only takes effect for AWX / Automation Platform users (CLI
users do not install collections from this file), but those are the
users most likely to hit the issue with a stale collection cached in
their controller.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5187.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The file is not used by the playbook's standard CLI install flow
(`make roles` / `just roles` only install roles via ansible-galaxy, not
collections). It exists for AWX / Ansible Automation Platform users,
where it is auto-detected during project sync.
Without this comment, the file looks like an unused leftover and is a
recurring source of confusion when discussing collection version pins
(should we add one here, etc.). Documenting the actual audience makes
those decisions more obvious.
No functional change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sentence-case the heading to match the rest of the file, fix a broken
"appservice mode](url)(Draupnir for all)" link by folding the
parenthetical into the link text, hyphenate "non-release tag" and
"force-restart", correct "a update" -> "an update", and reword "work
perfectly" to the more accurate "work correctly".
Follow-up to 75f097e55 (#5187).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
matrix-bot-draupnir and matrix-appservice-draupnir-for-all share the same
upstream container image. When both are enabled and force-pull is on
(e.g. when pinning to a rolling tag like `latest` or `main`), the second
role to run during a single playbook invocation sees the image as already
up-to-date locally because the first role just pulled it. The
community.docker.docker_image module reports `changed: false` in that
case, so the second role's restart_necessary stays false and the
conditional restart logic skips it. Result: the first service picks up
the new image on restart, while the second keeps running the old one.
For other versions which don't get force-pulled (other than `latest`),
systemd service files also get updated by the playbook and these updates
done by each role properly flip the "requires restarting" variable
regardless of pulling. So it's just force-pulling that causes the problem.
Treating force-pull itself as a restart trigger sidesteps the lossy
"did this specific pull task fetch new bytes" heuristic. The downside
is that both Draupnir services now restart on every run when force-pull
is enabled, even when the upstream image has not moved. That is a small
amount of waste compared to silently running an outdated container.
Localized to these two roles via a comment that documents the
constraint, rather than applied playbook-wide, since this is the only
known image-sharing pair and other roles do not need the extra
restarts.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5186
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Synapse v1.152 introduces a new `quarantined_media_changes` stream and
requires that any worker serving `/_synapse/admin/v1/quarantine_media/`
be declared as a writer for that stream. Otherwise quarantining media
fails on the worker.
Add `quarantined_media_changes` as a web-facing stream writer alongside
the other stream-backed APIs and route the admin endpoint via the same
explicit writer-or-main model used for `device_lists`, `thread_subscriptions`,
etc. The endpoint is removed from `matrix_synapse_workers_media_repository_endpoints`
so the old media-repository route does not shadow (or conflict with) the
new writer-or-main route. Without that move, the previously-shipping
default of routing `/quarantine_media` to the `media_repository` worker
would silently break after the v1.152.0 image bump.
Default count is 1 in the `one-of-each` and `specialized-workers` presets
(matching `device_lists`), and 0 in `little-federation-helper` (which
also has no media-repository worker, so falling back to main is fine).
Refs:
- https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11520
- https://element-hq.github.io/synapse/latest/workers.html#the-quarantined_media_changes-stream
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Ketesa needs the MAS admin API exposed to perform MAS-specific
operations (registration tokens, sessions, emails, etc.) when MAS
is in use.
The admin still needs to provision an admin token for Ketesa
manually, but at least the listener resource is now ready by default.
Mirrors the existing Synapse admin API auto-enable pattern.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5164
v1.3.0 moved the container's runtime paths to a unified MMRELAY_HOME=/data
model (credentials, database, logs, E2EE store, plugins all live under /data).
Legacy /app paths still work until v1.4.
Adapted the role to the new model: drop the three `/app/*` bind mounts and
the `_logs_path` variable, mount `_config_path` read-only at `/config` and
`_data_path` read-write at `/data`, and invoke the container as
`mmrelay --config /config/config.yaml` so the Ansible-managed config stays
separate from runtime data. Also drop the hardcoded `/app/data/...` database
and e2ee store_path overrides from the default config; MMRELAY_HOME defaults
place them under `_data_path/database/` and `_data_path/matrix/store/` on the
host.
* Add Matrix <-> Meshtastic bridge (meshtastic-matrix-relay)
Vendors the meshtastic-matrix-relay (mmrelay) role into roles/custom/
following the conventions used by other bridge roles.
Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>
* Add docs and CHANGELOG entry for Matrix <-> Meshtastic bridge
Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Brings in a new `livekit_server_container_http_listen_interface`
variable, which allows publishing LiveKit's HTTP signaling port (7880)
on a host interface. Useful when a reverse-proxy fronting LiveKit runs
outside the container network.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The `matrix-client-commet` role's pull task references
`matrix_client_commet_container_image_force_pull`, but the variable
was never defined in defaults. Users setting
`matrix_client_commet_container_image_self_build: false` would hit an
undefined-variable failure.
Define it using the same pattern as other client roles (force-pull on
moving tags), covering both `:latest` and `:main` since Commet's
default version is `main`.
When fronting the playbook's integrated Traefik reverse-proxy with
another reverse-proxy (e.g. nginx), WebSocket traffic needs to be
forwarded to LiveKit Server at the `/livekit-server/` path for Matrix
RTC calls to work.
Adds a `/livekit-server/` location block to the nginx reverse-proxy
example, a section to the Matrix RTC docs explaining the requirement,
and cross-links between the two.
Reformat `{{ { ... }[engine] }}` dict-in-Jinja-expressions across
bot/bridge role defaults for consistent indentation (tabs -> spaces).
Also: fix a missing space in a Jinja `+` expression in matrix-static-files,
and fix indentation in the caddy2-in-container example.
The original PR also renamed `galaxy/<role>` role references to just
`<role>` in setup.yml and jitsi_jvb.yml; those were dropped here because
Ansible does not recurse into subdirectories of `roles/` by default and
no `roles_path` is configured in ansible.cfg, so the rename would break
role resolution.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges.
Related to:
- https://github.com/mautrix/telegram/releases/tag/v0.2604.0
- https://mau.fi/blog/2026-04-mautrix-release/
The bridge is now a Go binary with upstream-handled automatic database and
config migration on first start, so in-place upgrades on Postgres should
Just Work for users on the defaults. The lottieconverter sidecar container
is gone (bundled upstream), and the public web-based login endpoint is
gone (login happens inside Matrix now).
Upstream v0.2604.0 has a known bug in the legacy SQLite migration that
can corrupt data. The role detects legacy Python-bridge SQLite databases
(via the `telethon_sessions` table signature) and refuses to upgrade,
pointing users to switch to Postgres (playbook-managed pgloader migration)
or wait for the next upstream release. The guard is isolated in its own
`validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted
cleanly once upstream fixes the bug.
Removed variables (all caught by the deprecation check in
`validate_config.yml` with actionable rename/removal hints): the entire
`_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` /
`_appservice_public_*` / `_container_labels_public_endpoint_*` /
`_container_http_host_bind_port` family (web login endpoint is gone);
`_bot_token` (old-style relaybot is gone, use the common bridgev2 relay
mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*`
(use Appservice Double Puppet); `_username_template`, `_alias_template`,
`_displayname_template` (templates moved under `network:`, new Go-template
syntax, exposed via `_network_displayname_template`); all
`_lottieconverter_*` variables; `_appservice_database` (renamed to
`_appservice_database_uri`).
Added playbook-time validation that catches legacy permission values
(`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides
via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too),
with a mapping hint in the error message.
Other notes:
- The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db`
to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader
migration step, so users who flip to Postgres as part of this upgrade
get their data imported correctly.
- The Ketesa managed-user regex for the telegram namespace is updated to
match both regular IDs and the new `channel-<id>` form used by bridgev2.
- `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0,
with a new breaking-change entry pointing at the CHANGELOG section.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Slavi Pantaleev
Catalan Lover
renovate[bot]
luschmar
github-actions[bot]
D4GU
thigg
Matěj Cepl
Suguru Hirahara