These variables were being assigned in group_vars/matrix_servers to
values byte-identical (or functionally identical) to what the
respective role's defaults/main.yml already provides.
Beyond just being noise, such redundant overrides cause drift over
time. When a role's default is later updated to something saner or
better (for example, switched from a hardcoded value to a derivation
from another variable), the matching line in group_vars/matrix_servers
stays frozen at the old value and silently defeats the improvement,
because group_vars beats role defaults in Ansible's precedence order.
The maubot management hostname fix in
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5248
is an example of this: the role default had been improved to derive
from matrix_bot_maubot_hostname, but the stale group_vars override
held it back to matrix_server_fqn_matrix.
Removing these overrides lets the role defaults do their job.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5248
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
LiveKit v1.12.0 tightens TURN security: credentials now carry a TTL,
and TURN no longer relays to restricted peer CIDRs by default. The
role defaults match upstream's secure defaults and are appropriate
for typical playbook deployments.
Bumps the migration-validation gate accordingly so users are pointed
at the CHANGELOG entry on next run.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This release adds opt-in server-level enforcement of MSC4284 policy
servers via two new `[global]` keys: `enable_policy_servers` and
`policy_server_request_timeout`. Surface both as Ansible variables
matching tuwunel's upstream defaults (off, 5s timeout) and refresh the
docs section that previously claimed MSC4284 needed no playbook
configuration.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5213.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The former conduwuit maintainer (@x86pup, formerly @girlbossceo)
clarified in the PR thread that they endorse Tuwunel as conduwuit's
successor, and the archived conduwuit repo's README points there too.
Update the migration section in the conduwuit doc and the Tuwunel
CHANGELOG entry to reflect this with attribution.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Upstream stopped publishing rolling major/minor tags (v8, v8.0) as
of their v8.0.0 release for supply-chain security reasons, breaking
our workflow which referenced @v8.
Adds a top-level entry mirroring the style of the past Continuwuity
announcement: brief intro, the conduwuit-fork lineage, the migration
path via the binary-swap tag, and the standard caveat about not being
able to swap homeserver implementations on an existing deployment.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previously only Continuwuity was offered as a migration path. Tuwunel
is a fork of conduwuit which reads the database directly via the new
`tuwunel-migrate-from-conduwuit` tag, so it deserves a parallel entry.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/5200.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Slavi Pantaleev
renovate[bot]
github-actions[bot]
Mads Bårvåg Nesse
gardar
Catalan Lover