chore: publish 7.0.2+v1.149.1 release

bumb python version for shared secret authenticator
chore: publish 7.0.1+v1.149.1 release
2026-03-31 14:55:43 +02:00 · 2026-03-31 14:53:32 +02:00 · 2026-03-30 13:04:48 +02:00 · 2026-03-30 13:02:27 +02:00 · 2026-03-25 01:20:30 +01:00 · 2026-03-17 17:26:54 +01:00
12 changed files with 51 additions and 29 deletions
--- a/abra.sh
+++ b/abra.sh
@ -1,14 +1,14 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v3
-export HOMESERVER_YAML_VERSION=v32
+export HOMESERVER_YAML_VERSION=v35
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v2
 export SIGNAL_BRIDGE_YAML_VERSION=v6
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v8
+export NGINX_CONFIG_VERSION=v12
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
-export PG_BACKUP_VERSION=v1
+export PG_BACKUP_VERSION=v2
 export ADMIN_CONFIG_VERSION=v1

 set_admin () {
--- a/compose.admin.yml
+++ b/compose.admin.yml
@ -3,13 +3,13 @@ version: "3.8"

 services:
  admin:
-    image: awesometechnologies/synapse-admin:0.11.1
+    image: awesometechnologies/synapse-admin:0.11.4
    networks:
      - proxy
    deploy:
      labels:
        - "traefik.enable=true"
-        - "traefik.docker.network=proxy"
+        - "traefik.swarm.network=proxy"
        - "traefik.http.services.${STACK_NAME}_admin.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}_admin.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})&&PathPrefix(`/admin`)"
        - "traefik.http.routers.${STACK_NAME}_admin.entrypoints=web-secure"
--- a/compose.shared_secret_auth.yml
+++ b/compose.shared_secret_auth.yml
@ -9,7 +9,7 @@ services:
      - shared_secret_auth
    configs:
      - source: shared_secret_auth
-        target: /usr/local/lib/python3.12/site-packages/shared_secret_authenticator.py
+        target: /usr/local/lib/python3.13/site-packages/shared_secret_authenticator.py

 configs:
  shared_secret_auth:
--- a/compose.signal.yml
+++ b/compose.signal.yml
@ -10,7 +10,7 @@ services:
      - signal-data:/signal-data

  signalbridge:
-    image: dock.mau.dev/mautrix/signal:v0.8.4
+    image: dock.mau.dev/mautrix/signal:v0.8.7
    depends_on:
      - signaldb
    configs:
--- a/compose.telegram.yml
+++ b/compose.telegram.yml
@ -10,7 +10,7 @@ services:
      - telegram-data:/telegram-data

  telegrambridge:
-    image: dock.mau.dev/mautrix/telegram:v0.15.2
+    image: dock.mau.dev/mautrix/telegram:v0.15.3
    depends_on:
      - telegramdb
    configs:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  web:
-    image: nginx:1.29.0
+    image: nginx:1.29.6
    networks:
      - proxy
      - internal
@ -12,6 +12,7 @@ services:
      - STACK_NAME
      - NGINX_ACCESS_LOG_LOCATION
      - NGINX_ERROR_LOG_LOCATION
+      - MAX_UPLOAD_SIZE
    configs:
      - source: nginx_config
        target: /etc/nginx/nginx.conf
@ -21,7 +22,7 @@ services:
        target: /var/www/.well-known/matrix/client
    deploy:
      restart_policy:
-        condition: on-failure
+        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
@ -30,12 +31,13 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
    healthcheck:
      test: curl -f http://${STACK_NAME}_app:8008/health || exit 1
-      interval: 20s
+      interval: 30s
      timeout: 15s
-      retries: 20
+      retries: 90
+      start_period: 2m

  app:
-    image: "matrixdotorg/synapse:v1.133.0"
+    image: "matrixdotorg/synapse:v1.149.1"
    volumes:
      - "data:/data"
    secrets:
@ -104,34 +106,33 @@ services:
      restart_policy:
        condition: on-failure
      labels:
-        - "coop-cloud.${STACK_NAME}.version=6.7.0+v1.133.0"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
+        - "coop-cloud.${STACK_NAME}.version=7.0.2+v1.149.1"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
      interval: 30s
      timeout: 10s
-      retries: 10
+      retries: 30
      start_period: 1m

  db:
-    image: postgres:13-alpine
+    image: pgautoupgrade/pgautoupgrade:17-alpine
    secrets:
      - db_password
    environment:
      - LC_COLLATE=C
      - LC_CTYPE=C
      - POSTGRES_DB=synapse
-      - POSTGRES_INITDB_ARGS="-E \"UTF8\""
+      - POSTGRES_INITDB_ARGS=-E UTF8
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - POSTGRES_USER=synapse
      - DOMAIN
    networks:
      - internal
    healthcheck:
-      test: ["CMD", "pg_isready", "-U", "synapse"]
      interval: 30s
      timeout: 10s
-      retries: 10
+      retries: 20
      start_period: 1m
    volumes:
      - postgres:/var/lib/postgresql/data
@ -140,11 +141,11 @@ services:
        backupbot.backup: "${ENABLE_BACKUPS:-true}"
        backupbot.backup.pre-hook: "/pg_backup.sh backup"
        backupbot.backup.volumes.postgres.path: "backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
    configs:
-        - source: pg_backup
-          target: /pg_backup.sh
-          mode: 0555
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555

 volumes:
  data:
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@ -157,8 +157,15 @@ registration_shared_secret: {{ secret "registration" }}

 {{ if eq (env "AUTO_JOIN_ROOM_ENABLED") "1" }}
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#auto_join_rooms
+
+# AUTO_JOIN_ROOM only for backwards compatibility
+{{ if (env "AUTO_JOIN_ROOM") }}
 auto_join_rooms:
  - "{{ env "AUTO_JOIN_ROOM" }}"
+{{ else }}
+auto_join_rooms: {{ env "AUTO_JOIN_ROOM_LIST" }}
+{{ end }}
+
 {{ end }}

 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#session_lifetime
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@ -5,6 +5,16 @@ events {
 }

 http {
+
+  resolver 127.0.0.11 valid=30s ipv6=off;
+  resolver_timeout 5s;
+
+  upstream matrix_upstream {
+    zone matrix_upstream 64k;
+    server {{ env "STACK_NAME"}}_app:8008 resolve;
+    keepalive 16;
+  }
+
  server {
    listen 80;

@ -14,7 +24,7 @@ http {
    server_name {{ env "DOMAIN" }};

    location = / {
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
@ -23,7 +33,7 @@ http {
    }
    
    location ~* ^(\/_matrix|\/_synapse\/client) {
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
@ -42,7 +52,7 @@ http {
      if ($http_referer !~ "^https://{{ env "DOMAIN" }}/admin/") {
        return 403;
      }
-      proxy_pass http://{{ env "STACK_NAME"}}_app:8008;
+      proxy_pass http://matrix_upstream;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $host;
--- a/pg_backup.sh
+++ b/pg_backup.sh
@ -6,7 +6,7 @@ BACKUP_FILE='/var/lib/postgresql/data/backup.sql'

 function backup {
  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} | gzip > $BACKUP_FILE
 }

 function restore {
@ -25,7 +25,7 @@ function restore {
    # Recreate Database
    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+    gunzip -c $BACKUP_FILE | psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f -

    trap - EXIT INT TERM
    restore_config
--- a/release/6.7.1+v1.133.0
+++ b/release/6.7.1+v1.133.0
@ -0,0 +1 @@
+This patch contains a critical nginx fix, to allow resolving docker internal hosts.
--- a/release/6.8.2+v1.139.2
+++ b/release/6.8.2+v1.139.2
@ -0,0 +1 @@
+this patch is a reset to the state of the last known deploying version 6.8.0 – so better skip 6.8.1
--- a/release/7.0.0+v1.149.1
+++ b/release/7.0.0+v1.149.1
@ -0,0 +1,2 @@
+WARNING: Backup your database!
+This upgrade switches the database image from postgres to pgautoupgrade and performs an in-place database upgrades from version 13 to 17.
Author	SHA1	Message	Date
Simon	d0d5cfb1bc	chore: publish 7.0.2+v1.149.1 release	2026-03-31 14:55:43 +02:00
Simon	3d13505330	bumb python version for shared secret authenticator	2026-03-31 14:53:32 +02:00
Moritz	68fd515297	chore: publish 7.0.1+v1.149.1 release	2026-03-30 13:04:48 +02:00
Moritz	01e3feb1cf	fix: healthchecks and restart_policy for web container	2026-03-30 13:02:27 +02:00
Moritz	c51120c41a	chore: publish 7.0.0+v1.149.1 release	2026-03-25 01:20:30 +01:00
Moritz	b81fecdd23	chore: replace depricated traefik.docker.* with traefik.swarm.*	2026-03-17 17:26:54 +01:00
knoflook	18b658c452	chore: publish 6.8.3+v1.139.2 release	2026-03-05 14:49:59 +01:00
knoflook	553fee0e9d	feat: compress db dumps	2026-03-05 14:49:11 +01:00
val	61f357b49e	new patch version of recipe	2026-01-15 16:58:40 +01:00
val	0e55594727	Merge pull request 'revert to recipe state of v6.8.0' (#55 ) from revert-changes into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/55	2026-01-15 15:48:56 +00:00
val	460f5a969c	revert to recipe state of v6.8.0	2026-01-15 11:13:51 +01:00
Moritz	8640abbe79	increase healthcheck retries	2025-12-23 13:26:48 +01:00
val	3e0c9063c4	Merge branch '6.8.1fix'	2025-10-29 13:55:54 +01:00
val	db6440b317	fixed MAX_UPLOAD_SIZE and AUTO_JOIN_ROOM_LIST config	2025-10-29 13:49:02 +01:00
vdietrich	24f7e0cb35	chore: publish 6.8.1+v1.139.2 release	2025-10-28 17:17:22 +01:00
lambdabundesverband	6d1397562b	Merge pull request 'added env to configure several auto_join_rooms' (#52 ) from auto_join_room_list into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/52	2025-10-28 16:14:38 +00:00
lambdabundesverband	e0c0861c16	Merge branch 'main' into auto_join_room_list	2025-10-28 16:14:13 +00:00
vdietrich	41fdcafaa0	added env to configure several auto_join_rooms	2025-10-28 17:12:33 +01:00
Cassowary	730dbc4569	Merge pull request 'Expose max_upload_size as a configurable option' (#51 ) from cas_expose_maxupload into main Reviewed-on: https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/51 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2025-10-17 17:05:30 +00:00
Simon	809055dadb	chore: publish 6.8.0+v1.139.2 release	2025-10-08 16:43:20 +02:00
Cassowary	7703bbbce7	Bump config versions	2025-10-03 11:20:39 -07:00
Cassowary	e3df032bda	Expose max_upload_size as a configurable option	2025-10-02 11:40:51 -07:00
Moritz	0cf9d0a244	chore: publish 6.7.1+v1.133.0 release	2025-09-07 11:49:20 +02:00
Moritz	86a44afd19	fix nginx	2025-09-07 11:27:17 +02:00
				`@ -0,0 +1 @@`
				`This patch contains a critical nginx fix, to allow resolving docker internal hosts.`
				`@ -0,0 +1 @@`
				`this patch is a reset to the state of the last known deploying version 6.8.0 – so better skip 6.8.1`