Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` and `docker_image_build` split modules. Drops the
`ansible_version` compatibility ladder and the now-redundant
`_container_image_force_pull` variable (the new pull module handles
registry refresh natively via `pull: always`). Also registers
`_container_image_build_result` so that a self-build rebuild correctly
triggers a service restart.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces `community.docker.docker_image` with the modern
`docker_image_pull` module. Drops the `ansible_version` compatibility
ladder and the now-redundant `_container_image_force_pull` variable
(the new pull module handles registry refresh natively via `pull: always`).
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5191.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
matrix-bot-draupnir and matrix-appservice-draupnir-for-all share the same
upstream container image. When both are enabled and force-pull is on
(e.g. when pinning to a rolling tag like `latest` or `main`), the second
role to run during a single playbook invocation sees the image as already
up-to-date locally because the first role just pulled it. The
community.docker.docker_image module reports `changed: false` in that
case, so the second role's restart_necessary stays false and the
conditional restart logic skips it. Result: the first service picks up
the new image on restart, while the second keeps running the old one.
For other versions which don't get force-pulled (other than `latest`),
systemd service files also get updated by the playbook and these updates
done by each role properly flip the "requires restarting" variable
regardless of pulling. So it's just force-pulling that causes the problem.
Treating force-pull itself as a restart trigger sidesteps the lossy
"did this specific pull task fetch new bytes" heuristic. The downside
is that both Draupnir services now restart on every run when force-pull
is enabled, even when the upstream image has not moved. That is a small
amount of waste compared to silently running an outdated container.
Localized to these two roles via a comment that documents the
constraint, rather than applied playbook-wide, since this is the only
known image-sharing pair and other roles do not need the extra
restarts.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5186
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Synapse v1.152 introduces a new `quarantined_media_changes` stream and
requires that any worker serving `/_synapse/admin/v1/quarantine_media/`
be declared as a writer for that stream. Otherwise quarantining media
fails on the worker.
Add `quarantined_media_changes` as a web-facing stream writer alongside
the other stream-backed APIs and route the admin endpoint via the same
explicit writer-or-main model used for `device_lists`, `thread_subscriptions`,
etc. The endpoint is removed from `matrix_synapse_workers_media_repository_endpoints`
so the old media-repository route does not shadow (or conflict with) the
new writer-or-main route. Without that move, the previously-shipping
default of routing `/quarantine_media` to the `media_repository` worker
would silently break after the v1.152.0 image bump.
Default count is 1 in the `one-of-each` and `specialized-workers` presets
(matching `device_lists`), and 0 in `little-federation-helper` (which
also has no media-repository worker, so falling back to main is fine).
Refs:
- https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11520
- https://element-hq.github.io/synapse/latest/workers.html#the-quarantined_media_changes-stream
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
v1.3.0 moved the container's runtime paths to a unified MMRELAY_HOME=/data
model (credentials, database, logs, E2EE store, plugins all live under /data).
Legacy /app paths still work until v1.4.
Adapted the role to the new model: drop the three `/app/*` bind mounts and
the `_logs_path` variable, mount `_config_path` read-only at `/config` and
`_data_path` read-write at `/data`, and invoke the container as
`mmrelay --config /config/config.yaml` so the Ansible-managed config stays
separate from runtime data. Also drop the hardcoded `/app/data/...` database
and e2ee store_path overrides from the default config; MMRELAY_HOME defaults
place them under `_data_path/database/` and `_data_path/matrix/store/` on the
host.
* Add Matrix <-> Meshtastic bridge (meshtastic-matrix-relay)
Vendors the meshtastic-matrix-relay (mmrelay) role into roles/custom/
following the conventions used by other bridge roles.
Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>
* Add docs and CHANGELOG entry for Matrix <-> Meshtastic bridge
Co-authored-by: luschmar <90399580+luschmar@users.noreply.github.com>
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
The `matrix-client-commet` role's pull task references
`matrix_client_commet_container_image_force_pull`, but the variable
was never defined in defaults. Users setting
`matrix_client_commet_container_image_self_build: false` would hit an
undefined-variable failure.
Define it using the same pattern as other client roles (force-pull on
moving tags), covering both `:latest` and `:main` since Commet's
default version is `main`.
Reformat `{{ { ... }[engine] }}` dict-in-Jinja-expressions across
bot/bridge role defaults for consistent indentation (tabs -> spaces).
Also: fix a missing space in a Jinja `+` expression in matrix-static-files,
and fix indentation in the caddy2-in-container example.
The original PR also renamed `galaxy/<role>` role references to just
`<role>` in setup.yml and jitsi_jvb.yml; those were dropped here because
Ansible does not recurse into subdirectories of `roles/` by default and
no `roles_path` is configured in ansible.cfg, so the rename would break
role resolution.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
Matches the earlier Python -> Go rewrites of the other mautrix-* bridges.
Related to:
- https://github.com/mautrix/telegram/releases/tag/v0.2604.0
- https://mau.fi/blog/2026-04-mautrix-release/
The bridge is now a Go binary with upstream-handled automatic database and
config migration on first start, so in-place upgrades on Postgres should
Just Work for users on the defaults. The lottieconverter sidecar container
is gone (bundled upstream), and the public web-based login endpoint is
gone (login happens inside Matrix now).
Upstream v0.2604.0 has a known bug in the legacy SQLite migration that
can corrupt data. The role detects legacy Python-bridge SQLite databases
(via the `telethon_sessions` table signature) and refuses to upgrade,
pointing users to switch to Postgres (playbook-managed pgloader migration)
or wait for the next upstream release. The guard is isolated in its own
`validate_config_sqlite_legacy_migration_bug.yml` so it can be deleted
cleanly once upstream fixes the bug.
Removed variables (all caught by the deprecation check in
`validate_config.yml` with actionable rename/removal hints): the entire
`_hostname` / `_path_prefix` / `_scheme` / `_public_endpoint` /
`_appservice_public_*` / `_container_labels_public_endpoint_*` /
`_container_http_host_bind_port` family (web login endpoint is gone);
`_bot_token` (old-style relaybot is gone, use the common bridgev2 relay
mode); `_filter_mode` (dropped upstream); `_bridge_login_shared_secret_map*`
(use Appservice Double Puppet); `_username_template`, `_alias_template`,
`_displayname_template` (templates moved under `network:`, new Go-template
syntax, exposed via `_network_displayname_template`); all
`_lottieconverter_*` variables; `_appservice_database` (renamed to
`_appservice_database_uri`).
Added playbook-time validation that catches legacy permission values
(`relaybot`, `puppeting`, `full`) in the fully-merged config (so overrides
via `matrix_mautrix_telegram_configuration_extension_yaml` are caught too),
with a mapping hint in the error message.
Other notes:
- The legacy sqlite->postgres relocation of `{base_path}/mautrix-telegram.db`
to `{data_path}/mautrix-telegram.db` now happens BEFORE the pgloader
migration step, so users who flip to Postgres as part of this upgrade
get their data imported correctly.
- The Ketesa managed-user regex for the telegram namespace is updated to
match both regular IDs and the new `channel-<id>` form used by bridgev2.
- `matrix_playbook_migration_expected_version` bumped to v2026.04.24.0,
with a new breaking-change entry pointing at the CHANGELOG section.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Slavi Pantaleev
Catalan Lover
renovate[bot]
luschmar
D4GU
Matěj Cepl
ezera
Sid Manat