GoMatrixHosting v0.5.5

4 лет назад · 03006eb5ab
--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@@ -128,18 +128,13 @@
    validate_certs: yes
  when: customise_base_domain_website is undefined

 - name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

 - name: If user doesn't define a sftp_password, create a disabled 'sftp' account
  user:
    name: sftp
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: sftp
    group: matrix
    password: '*'
    update_password: always
  when: sftp_password|length == 0
@@ -150,15 +145,20 @@
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: sftp
    group: matrix
    password: "{{ sftp_password | password_hash('sha512') }}"
    update_password: always
  when: sftp_password|length > 0

 - name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

 - name: adding existing user 'sftp' to group matrix
  user:
    name: sftp
    groups: matrix
    groups: sftp
    append: yes
  when: customise_base_domain_website is defined

@@ -214,14 +214,14 @@
    group: sftp
    mode: '0644'
  when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")

 - name: Alter SSH Subsystem State 1
    
 - name: Remove any existing Subsystem lines
  lineinfile:
    path: /etc/ssh/sshd_config
    line: "Subsystem sftp	/usr/lib/openssh/sftp-server"
    state: absent
    regexp: '^Subsystem'

 - name: Alter SSH Subsystem State 2
 - name: Set SSH Subsystem State
  lineinfile:
    path: /etc/ssh/sshd_config
    insertafter: "^# override default of no subsystems"
--- a/roles/matrix-awx/tasks/purge_media_local.yml
+++ b/roles/matrix-awx/tasks/purge_media_local.yml
@@ -6,7 +6,7 @@

 - name: Purge local media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
  register: purge_command
  
 - name: Print output of purge command
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@@ -17,15 +17,16 @@
    - jq
    state: present

 - name: Collect access token for janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
  register: janitors_token
  
 - name: Collect the internal IP of the matrix-synapse container
  shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
  register: synapse_container_ip
    

 - name: Collect access token for janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
  register: janitors_token
  no_log: True

 - name: Generate list of dates to purge to
  delegate_to: 127.0.0.1
  shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
--- a/roles/matrix-awx/tasks/purge_media_remote.yml
+++ b/roles/matrix-awx/tasks/purge_media_remote.yml
@@ -6,7 +6,7 @@

 - name: Purge remote media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
  register: purge_command
  
 - name: Print output of purge command
--- a/roles/matrix-bot-go-neb/defaults/main.yml
+++ b/roles/matrix-bot-go-neb/defaults/main.yml
@@ -1,231 +0,0 @@
 # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
 # See: https://github.com/matrix-org/go-neb

 matrix_bot_go_neb_enabled: true
 matrix_bot_go_neb_version: latest
 matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}"
 matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}"

 matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb"
 matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config"
 matrix_bot_go_neb_config_path_in_container: "/config/config.yaml"
 matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data"
 matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"

 # Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4050"), or empty string to not expose.
 matrix_bot_go_neb_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_bot_go_neb_container_extra_arguments: []

 # List of systemd services that matrix-bot-go-neb.service depends on
 matrix_bot_go_neb_systemd_required_services_list: ['docker.service']

 # List of systemd services that matrix-bot-go-neb.service wants
 matrix_bot_go_neb_systemd_wanted_services_list: []

 # Database-related configuration fields.
 #
 # MUST be "sqlite3". No other type is supported.
 matrix_bot_go_neb_database_engine: 'sqlite3'

 matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
 matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"

 matrix_bot_go_neb_storage_database: "{{
 	{
 		'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
 	}[matrix_bot_go_neb_database_engine]
 }}"

 # The bot's username(s). These users need to be created manually beforehand.
 # The access tokens that the bot uses to authenticate.
 # Generate one as described in
 # https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token
 # via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start)
 matrix_bot_go_neb_clients: []
 #  - UserID: "@goneb:{{ matrix_domain }}"
 #    AccessToken: "MDASDASJDIASDJASDAFGFRGER"
 #    DeviceID: "DEVICE1"
 #    HomeserverURL: "{{ matrix_homeserver_container_url }}"
 #    Sync: true
 #    AutoJoinRooms: true
 #    DisplayName: "Go-NEB!"
 #    AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
 #
 #  - UserID: "@another_goneb:{{ matrix_domain }}"
 #    AccessToken: "MDASDASJDIASDJASDAFGFRGER"
 #    DeviceID: "DEVICE2"
 #    HomeserverURL: "{{ matrix_homeserver_container_url }}"
 #    Sync: false
 #    AutoJoinRooms: false
 #    DisplayName: "Go-NEB!"
 #    AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]

 # The list of realms which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureAuthRealm for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
 matrix_bot_go_neb_realms: []
 #  - ID: "github_realm"
 #    Type: "github"
 #    Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs

 # The list of *authenticated* sessions which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # The full list of options are shown below: there is no single HTTP endpoint
 # which maps to this section.
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
 matrix_bot_go_neb_sessions: []
 #  - SessionID: "your_github_session"
 #    RealmID: "github_realm"
 #    UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
 #    Config:
 #      # Populate these fields by generating a "Personal Access Token" on github.com
 #      AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
 #      Scopes: "admin:org_hook,admin:repo_hook,repo,user"

 # The list of services which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureService for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
 matrix_bot_go_neb_services: []
 #  - ID: "echo_service"
 #    Type: "echo"
 #    UserID: "@goneb:{{ matrix_domain }}"
 #    Config: {}

 ## Can be obtained from https://developers.giphy.com/dashboard/
 #  - ID: "giphy_service"
 #    Type: "giphy"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "qwg4672vsuyfsfe"
 #      use_downsized: false
 #
 ## This service has been dead for over a year :/
 #  - ID: "guggy_service"
 #    Type: "guggy"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "2356saaqfhgfe"
 #
 ## API Key via https://developers.google.com/custom-search/v1/introduction
 ## CX via http://www.google.com/cse/manage/all
 ## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
 ## 'Search the entire web' and 'Image search' enabled for best results
 #  - ID: "google_service"
 #    Type: "google"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      api_key: "AIzaSyA4FD39m9"
 #      cx: "AIASDFWSRRtrtr"
 #
 ## Get a key via https://api.imgur.com/oauth2/addclient
 ## Select "oauth2 without callback url"
 #  - ID: "imgur_service"
 #    Type: "imgur"
 #    UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      client_id: "AIzaSyA4FD39m9"
 #      client_secret: "somesecret"
 #
 #  - ID: "wikipedia_service"
 #    Type: "wikipedia"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #
 #  - ID: "rss_service"
 #    Type: "rssbot"
 #    UserID: "@another_goneb:{{ matrix_domain }}"
 #    Config:
 #      feeds:
 #        "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
 #          rooms: ["!qmElAGdFYCHoCJuaNt:localhost"]
 #          must_include:
 #            author:
 #              - author1
 #            description:
 #              - lorem
 #              - ipsum
 #          must_not_include:
 #            title:
 #              - Lorem
 #              - Ipsum
 #
 #  - ID: "github_cmd_service"
 #    Type: "github"
 #    UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
 #    Config:
 #      RealmID: "github_realm"
 #
 #    # Make sure your BASE_URL can be accessed by Github!
 #  - ID: "github_webhook_service"
 #    Type: "github-webhook"
 #    UserID: "@another_goneb:{{ matrix_domain }}"
 #    Config:
 #      RealmID: "github_realm"
 #      ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
 #      Rooms:
 #        "!someroom:id":
 #          Repos:
 #            "matrix-org/synapse":
 #              Events: ["push", "issues"]
 #            "matrix-org/dendron":
 #              Events: ["pull_request"]
 #        "!anotherroom:id":
 #          Repos:
 #            "matrix-org/synapse":
 #              Events: ["push", "issues"]
 #            "matrix-org/dendron":
 #              Events: ["pull_request"]
 #
 #  - ID: "slackapi_service"
 #    Type: "slackapi"
 #    UserID: "@slackapi:{{ matrix_domain }}"
 #    Config:
 #      Hooks:
 #        "hook1":
 #          RoomID: "!someroom:id"
 #          MessageType: "m.text" # default is m.text
 #
 #  - ID: "alertmanager_service"
 #    Type: "alertmanager"
 #    UserID: "@alertmanager:{{ matrix_domain }}"
 #    Config:
 #      # This is for information purposes only. It should point to Go-NEB path as follows:
 #      # `/services/hooks/<base64 encoded service ID>`
 #      # Where in this case "service ID" is "alertmanager_service"
 #      # Make sure your BASE_URL can be accessed by the Alertmanager instance!
 #      webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
 #      # Each room will get the notification with the alert rendered with the given template
 #      rooms:
 #        "!someroomid:domain.tld":
 #          text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
 #          html_template: "{{range .Alerts -}}  {{ $severity := index .Labels \"severity\" }}    {{ if eq .Status \"firing\" }}      {{ if eq $severity \"critical\"}}        <font color='red'><b>[FIRING - CRITICAL]</b></font>      {{ else if eq $severity \"warning\"}}        <font color='orange'><b>[FIRING - WARNING]</b></font>      {{ else }}        <b>[FIRING - {{ $severity }}]</b>      {{ end }}    {{ else }}      <font color='green'><b>[RESOLVED]</b></font>    {{ end }}  {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}}   <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
 #          msg_type: "m.text"  # Must be either `m.text` or `m.notice`

 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"

 matrix_bot_go_neb_configuration_extension_yaml: |
  # Your custom YAML configuration goes here.
  # This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_bot_go_neb_configuration_yaml`.

 matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}"

 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
 matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"

--- a/roles/matrix-bot-go-neb/tasks/init.yml
+++ b/roles/matrix-bot-go-neb/tasks/init.yml
@@ -1,3 +0,0 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
  when: matrix_bot_go_neb_enabled|bool
--- a/roles/matrix-bot-go-neb/tasks/main.yml
+++ b/roles/matrix-bot-go-neb/tasks/main.yml
@@ -1,21 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
  tags:
    - setup-all
    - setup-bot-go-neb

 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
  tags:
    - setup-all
    - setup-bot-go-neb

 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool"
  tags:
    - setup-all
    - setup-bot-go-neb
--- a/roles/matrix-bot-go-neb/tasks/setup_install.yml
+++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml
@@ -1,50 +0,0 @@
 ---

 - set_fact:
    matrix_bot_go_neb_requires_restart: false

 - name: Ensure go-neb paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_bot_go_neb_config_path }}", when: true }
    - { path: "{{ matrix_bot_go_neb_data_path }}", when: true }
    - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true }
  when: "item.when|bool"

 - name: Ensure go-neb image is pulled
  docker_image:
    name: "{{ matrix_bot_go_neb_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"

 - name: Ensure go-neb config installed
  copy:
    content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}"
    dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"

 - name: Ensure matrix-bot-go-neb.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
    mode: 0644
  register: matrix_bot_go_neb_systemd_service_result

 - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
  service:
    daemon_reload: yes
  when: "matrix_bot_go_neb_systemd_service_result.changed|bool"

 - name: Ensure matrix-bot-go-neb.service restarted, if necessary
  service:
    name: "matrix-bot-go-neb.service"
    state: restarted
  when: "matrix_bot_go_neb_requires_restart|bool"
--- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml
+++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml
@@ -1,35 +0,0 @@
 ---

 - name: Check existence of matrix-go-neb service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
  register: matrix_bot_go_neb_service_stat

 - name: Ensure matrix-go-neb is stopped
  service:
    name: matrix-bot-go-neb
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "matrix_bot_go_neb_service_stat.stat.exists|bool"

 - name: Ensure matrix-bot-go-neb.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
    state: absent
  when: "matrix_bot_go_neb_service_stat.stat.exists|bool"

 - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
  service:
    daemon_reload: yes
  when: "matrix_bot_go_neb_service_stat.stat.exists|bool"

 - name: Ensure Matrix go-neb paths don't exist
  file:
    path: "{{ matrix_bot_go_neb_base_path }}"
    state: absent

 - name: Ensure go-neb Docker image doesn't exist
  docker_image:
    name: "{{ matrix_bot_go_neb_docker_image }}"
    state: absent
--- a/roles/matrix-bot-go-neb/tasks/validate_config.yml
+++ b/roles/matrix-bot-go-neb/tasks/validate_config.yml
@@ -1,13 +0,0 @@
 ---

 - name: Fail if there's not at least 1 client
  fail:
    msg: >-
      You need at least 1 client in the matrix_bot_go_neb_clients block.
  when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined

 - name: Fail if there's not at least 1 service
  fail:
    msg: >-
      You need at least 1 service in the matrix_bot_go_neb_services block.
  when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined
--- a/roles/matrix-bot-go-neb/templates/config.yaml.j2
+++ b/roles/matrix-bot-go-neb/templates/config.yaml.j2
@@ -1,44 +0,0 @@
 # Go-NEB Configuration File
 #
 # This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs.
 #
 # This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`.
 # It will force Go-NEB to operate in "config" mode. This means:
 #   - Go-NEB will ONLY use the data contained inside this file.
 #   - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime.
 #   - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead.
 #
 # This file is broken down into 4 sections which matches the following HTTP APIs:
 #   - /configureClient
 #   - /configureAuthRealm
 #   - /configureService
 #   - /requestAuthSession (redirects not supported)

 # The list of clients which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureClient for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig
 clients:
  {{ matrix_bot_go_neb_clients|to_json }}

 # The list of realms which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureAuthRealm for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
 realms:
  {{ matrix_bot_go_neb_realms|to_json }}

 # The list of *authenticated* sessions which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # The full list of options are shown below: there is no single HTTP endpoint
 # which maps to this section.
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
 sessions:
  {{ matrix_bot_go_neb_sessions|to_json }}

 # The list of services which Go-NEB is aware of.
 # Delete or modify this list as appropriate.
 # See the docs for /configureService for the full list of options:
 # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
 services:
  {{ matrix_bot_go_neb_services|to_json }}
--- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
+++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
@@ -1,49 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Go-NEB bot
 {% for service in matrix_bot_go_neb_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_bot_go_neb_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_bot_go_neb_container_http_host_bind_port %}
 			-p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \
 			{% endif %}
 			-e 'BIND_ADDRESS=:4050' \
 			-e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \
 			-e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \
 			-e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \
 			-e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \
 			--mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \
 			--entrypoint=/bin/sh \
 			{% for arg in matrix_bot_go_neb_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_bot_go_neb_docker_image }} \
 			-c "go-neb /config/config.yaml"

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml
@@ -1,47 +0,0 @@
 # heisenbridge is a bouncer-style Matrix IRC bridge
 # See: https://github.com/hifi/heisenbridge

 matrix_heisenbridge_enabled: true

 matrix_heisenbridge_version: latest
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

 # Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
 matrix_heisenbridge_owner: ""

 # Enabling identd will bind to host port 113/TCP
 matrix_heisenbridge_identd_enabled: false

 matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge"

 # A list of extra arguments to pass to the container
 matrix_heisenbridge_container_extra_arguments: []

 # List of systemd services that service depends on.
 matrix_heisenbridge_systemd_required_services_list: ['docker.service']

 # List of systemd services that service wants
 matrix_heisenbridge_systemd_wanted_services_list: []

 matrix_heisenbridge_homeserver_url: "{{ matrix_homeserver_container_url }}"

 matrix_heisenbridge_appservice_token: ''
 matrix_heisenbridge_homeserver_token: ''

 # Default registration file
 matrix_heisenbridge_registration_yaml:
  id: heisenbridge
  url: http://matrix-heisenbridge:9898
  as_token: "{{ matrix_heisenbridge_appservice_token }}"
  hs_token: "{{ matrix_heisenbridge_homeserver_token }}" 
  rate_limited: false
  sender_localpart: heisenbridge
  namespaces:
    users:
    - regex: '@hbirc_.*'
      exclusive: true
    aliases: []
    rooms: []

 matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml|from_yaml }}"
--- a/roles/matrix-bridge-heisenbridge/tasks/init.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/init.yml
@@ -1,24 +0,0 @@
 # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
 # We don't want to fail in such cases.
 - name: Fail if matrix-synapse role already executed
  fail:
    msg: >-
      The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role.
  when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed|default(False)"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}"
  when: matrix_heisenbridge_enabled|bool

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["/heisenbridge-registration.yaml"] }}
  when: matrix_heisenbridge_enabled|bool
--- a/roles/matrix-bridge-heisenbridge/tasks/main.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/main.yml
@@ -1,15 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_heisenbridge_enabled|bool"
  tags:
    - setup-all
    - setup-heisenbridge

 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_heisenbridge_enabled|bool"
  tags:
    - setup-all
    - setup-heisenbridge
--- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml
@@ -1,38 +0,0 @@
 ---

 - name: Ensure heisenbridge image is pulled
  docker_image:
    name: "{{ matrix_heisenbridge_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" 
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" 

 - name: Ensure heisenbridge paths exist
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - "{{ matrix_heisenbridge_base_path }}"

 - name: Ensure heisenbridge registration.yaml installed if provided
  copy:
    content: "{{ matrix_heisenbridge_registration|to_nice_yaml }}"
    dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"

 - name: Ensure matrix-heisenbridge.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-heisenbridge.service"
    mode: 0644
  register: matrix_heisenbridge_systemd_service_result

 - name: Ensure systemd reloaded after matrix-heisenbridge.service installation
  service:
    daemon_reload: yes
  when: matrix_heisenbridge_systemd_service_result.changed
--- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
+++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
@@ -1,24 +0,0 @@
 ---

 - name: Check existence of matrix-heisenbridge service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service"
  register: matrix_heisenbridge_service_stat

 - name: Ensure matrix-heisenbridge is stopped
  service:
    name: matrix-heisenbridge
    state: stopped
    daemon_reload: yes
  when: "matrix_heisenbridge_service_stat.stat.exists"

 - name: Ensure matrix-heisenbridge.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service"
    state: absent
  when: "matrix_heisenbridge_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-heisenbridge.service removal
  service:
    daemon_reload: yes
  when: "matrix_heisenbridge_service_stat.stat.exists"
--- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
+++ b/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
@@ -1,51 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=a bouncer-style Matrix IRC bridge
 {% for service in matrix_heisenbridge_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_heisenbridge_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-heisenbridge

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \
          --log-driver=none \
          --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
          --cap-drop=ALL \
          --network={{ matrix_docker_network }} \
          {% if matrix_heisenbridge_identd_enabled %}
          -p 113:13113 \
          {% endif %}
          -v {{ matrix_heisenbridge_base_path }}:/config:z \
          {% for arg in matrix_heisenbridge_container_extra_arguments %}
          {{ arg }} \
          {% endfor %}
          {{ matrix_heisenbridge_docker_image }} \
          {% if matrix_heisenbridge_identd_enabled %}
          --identd \
          --identd-port 13113 \
          {% endif %}
          {% if matrix_heisenbridge_owner %}
          -o {{ matrix_heisenbridge_owner }} \
          {% endif %}
          --config /config/registration.yaml \
          --listen-address 0.0.0.0 \
          --listen-port 9898 \
          {{ matrix_heisenbridge_homeserver_url }}

 ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-heisenbridge

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/matrix-client-hydrogen/defaults/main.yml
@@ -1,68 +0,0 @@
 matrix_client_hydrogen_enabled: true

 # Self building is used by default because the `config.json` file is only read at build time.
 # The pre-built images also were not functional as of 2021-05-15.
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"

 matrix_client_hydrogen_version: v0.2.0
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

 matrix_client_hydrogen_data_path: "{{ matrix_base_data_path }}/client-hydrogen"
 matrix_client_hydrogen_docker_src_files_path: "{{ matrix_client_hydrogen_data_path }}/docker-src"

 # Controls whether the container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8768"), or empty string to not expose.
 matrix_client_hydrogen_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_client_hydrogen_container_extra_arguments: []

 # List of systemd services that matrix-client-hydrogen.service depends on
 matrix_client_hydrogen_systemd_required_services_list: ['docker.service']

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_client_hydrogen_self_check_validate_certificates: true

 # config.json
 matrix_client_hydrogen_default_hs_url: ""

 # Default Hydrogen configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_client_hydrogen_configuration_extension_json`)
 # or completely replace this variable with your own template.
 #
 # The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
 # This is unlike what it does when looking up YAML template files (no automatic parsing there).
 matrix_client_hydrogen_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"

 # Your custom JSON configuration for Hydrogen should go to `matrix_client_hydrogen_configuration_extension_json`.
 # This configuration extends the default starting configuration (`matrix_client_hydrogen_configuration_default`).
 #
 # You can override individual variables from the default configuration, or introduce new ones.
 #
 # If you need something more special, you can take full control by
 # completely redefining `matrix_client_hydrogen_configuration_default`.
 #
 # Example configuration extension follows:
 #
 # matrix_client_hydrogen_configuration_extension_json: |
 #  {
 #    "push": {
 #      "appId": "io.element.hydrogen.web",
 #      "gatewayUrl": "https://matrix.org",
 #      "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
 #    },
 #    "defaultHomeServer": "matrix.org"
 #  }
 matrix_client_hydrogen_configuration_extension_json: '{}'

 matrix_client_hydrogen_configuration_extension: "{{ matrix_client_hydrogen_configuration_extension_json|from_json if matrix_client_hydrogen_configuration_extension_json|from_json is mapping else {} }}"

 # Holds the final Hydrogen configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_client_hydrogen_configuration_default`.
 matrix_client_hydrogen_configuration: "{{ matrix_client_hydrogen_configuration_default|combine(matrix_client_hydrogen_configuration_extension, recursive=True) }}"
--- a/roles/matrix-client-hydrogen/tasks/init.yml
+++ b/roles/matrix-client-hydrogen/tasks/init.yml
@@ -1,10 +0,0 @@
 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
 - name: Fail if trying to self-build on Ansible < 2.8
  fail:
    msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md"
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}"
  when: matrix_client_hydrogen_enabled|bool
--- a/roles/matrix-client-hydrogen/tasks/main.yml
+++ b/roles/matrix-client-hydrogen/tasks/main.yml
@@ -1,15 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_client_hydrogen_enabled|bool"
  tags:
    - setup-all
    - setup-client-hydrogen

 - import_tasks: "{{ role_path }}/tasks/setup.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-client-hydrogen
--- a/roles/matrix-client-hydrogen/tasks/self_check.yml
+++ b/roles/matrix-client-hydrogen/tasks/self_check.yml
@@ -1,22 +0,0 @@
 ---

 - set_fact:
    matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}"

 - name: Check Hydrogen
  uri:
    url: "{{ matrix_client_hydrogen_url_endpoint_public }}"
    follow_redirects: none
    validate_certs: "{{ matrix_client_hydrogen_self_check_validate_certificates }}"
  register: matrix_client_hydrogen_self_check_result
  check_mode: no
  ignore_errors: true

 - name: Fail if Hydrogen not working
  fail:
    msg: "Failed checking Hydrogen is up at `{{ matrix_server_fqn_hydrogen }}` (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`). Is Hydrogen running? Is port 443 open in your firewall? Full error: {{ matrix_client_hydrogen_self_check_result }}"
  when: "matrix_client_hydrogen_self_check_result.failed or 'json' not in matrix_client_hydrogen_self_check_result"

 - name: Report working Hydrogen
  debug:
    msg: "Hydrogen at `{{ matrix_server_fqn_hydrogen }}` is working (checked endpoint: `{{ matrix_client_hydrogen_url_endpoint_public }}`)"
--- a/roles/matrix-client-hydrogen/tasks/setup.yml
+++ b/roles/matrix-client-hydrogen/tasks/setup.yml
@@ -1,119 +0,0 @@
 ---

 #
 # Tasks related to setting up Hydrogen
 #

 - name: Ensure Hydrogen paths exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_client_hydrogen_data_path }}", when: true }
    - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" }
  when: matrix_client_hydrogen_enabled|bool and item.when

 - name: Ensure Hydrogen Docker image is pulled
  docker_image:
   name: "{{ matrix_client_hydrogen_docker_image }}"
   source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
   force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
   force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}"
  when: matrix_client_hydrogen_enabled|bool and not matrix_client_hydrogen_container_image_self_build

 - name: Ensure Hydrogen repository is present on self-build
  git:
    repo: "{{ matrix_client_hydrogen_container_image_self_build_repo }}"
    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}"
    version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}"
    force: "yes"
  register: matrix_client_hydrogen_git_pull_results
  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"

 - name: Ensure Hydrogen configuration installed
  copy:
    content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}"
    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/assets/config.json"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"

 - name: Ensure Hydrogen additional config files installed
  template:
    src: "{{ item.src }}"
    dest: "{{ matrix_client_hydrogen_data_path }}/{{ item.name }}"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
  when: "matrix_client_hydrogen_enabled|bool and item.src is not none"

 - name: Ensure Hydrogen Docker image is built
  docker_image:
    name: "{{ matrix_client_hydrogen_docker_image }}"
    source: build
    force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
      pull: yes
  when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"

 - name: Ensure matrix-client-hydrogen.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
    mode: 0644
  register: matrix_client_hydrogen_systemd_service_result
  when: matrix_client_hydrogen_enabled|bool

 - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation
  service:
    daemon_reload: yes
  when: "matrix_client_hydrogen_enabled and matrix_client_hydrogen_systemd_service_result.changed"

 #
 # Tasks related to getting rid of Hydrogen (if it was previously enabled)
 #

 - name: Check existence of matrix-client-hydrogen.service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
  register: matrix_client_hydrogen_service_stat
  when: "not matrix_client_hydrogen_enabled|bool"

 - name: Ensure matrix-client-hydrogen is stopped
  service:
    name: matrix-client-hydrogen
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"

 - name: Ensure matrix-client-hydrogen.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
    state: absent
  when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-client-hydrogen.service removal
  service:
    daemon_reload: yes
  when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"

 - name: Ensure Hydrogen paths doesn't exist
  file:
    path: "{{ matrix_client_hydrogen_data_path }}"
    state: absent
  when: "not matrix_client_hydrogen_enabled|bool"

 - name: Ensure Hydrogen Docker image doesn't exist
  docker_image:
    name: "{{ matrix_client_hydrogen_docker_image }}"
    state: absent
  when: "not matrix_client_hydrogen_enabled|bool"
--- a/roles/matrix-client-hydrogen/tasks/validate_config.yml
+++ b/roles/matrix-client-hydrogen/tasks/validate_config.yml
@@ -1,9 +0,0 @@
 ---

 - name: Fail if required Hydrogen settings not defined
  fail:
    msg: >
      You need to define a required configuration setting (`{{ item }}`) to use Hydrogen.
  when: "(vars[item] == '' or vars[item] is none) and matrix_client_hydrogen_container_image_self_build|bool"
  with_items:
    - "matrix_client_hydrogen_default_hs_url"
--- a/roles/matrix-client-hydrogen/templates/config.json.j2
+++ b/roles/matrix-client-hydrogen/templates/config.json.j2
@@ -1,3 +0,0 @@
 {
 	"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url|string|to_json }}
 }
--- a/roles/matrix-client-hydrogen/templates/nginx.conf.j2
+++ b/roles/matrix-client-hydrogen/templates/nginx.conf.j2
@@ -1,66 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 # This is a custom nginx configuration file that we use in the container (instead of the default one),
 # because it allows us to run nginx with a non-root user.
 #
 # For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed.
 # (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well)
 #
 # The following changes have been done compared to a default nginx configuration file:
 # - default server port is changed (80 -> 8080), so that a non-root user can bind it
 # - various temp paths are changed to `/tmp`, so that a non-root user can write to them
 # - the `user` directive was removed, as we don't want nginx to switch users

 worker_processes 1;

 error_log /var/log/nginx/error.log warn;
 pid /tmp/nginx.pid;


 events {
 	worker_connections 1024;
 }


 http {
 	proxy_temp_path /tmp/proxy_temp;
 	client_body_temp_path /tmp/client_temp;
 	fastcgi_temp_path /tmp/fastcgi_temp;
 	uwsgi_temp_path /tmp/uwsgi_temp;
 	scgi_temp_path /tmp/scgi_temp;

 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;

 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 					'$status $body_bytes_sent "$http_referer" '
 					'"$http_user_agent" "$http_x_forwarded_for"';

 	access_log /var/log/nginx/access.log main;

 	sendfile on;
 	#tcp_nopush on;

 	keepalive_timeout 65;

 	#gzip on;

 	server {
 		listen 8080;
 		server_name localhost;

 		root /usr/share/nginx/html;

 		location / {
 			index index.html index.htm;
 		}

 		location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) {
 			expires -1;
 		}

 		error_page 500 502 503 504 /50x.html;
 		location = /50x.html {
 			root /usr/share/nginx/html;
 		}
 	}
 }
--- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
+++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
@@ -1,39 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Hydrogen Client
 {% for service in matrix_client_hydrogen_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_client_hydrogen_container_http_host_bind_port %}
 			-p {{ matrix_client_hydrogen_container_http_host_bind_port }}:8080 \
 			{% endif %}
 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
 			--mount type=bind,src={{ matrix_client_hydrogen_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
 			{% for arg in matrix_client_hydrogen_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_client_hydrogen_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-client-hydrogen

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-dynamic-dns/defaults/main.yml
+++ b/roles/matrix-dynamic-dns/defaults/main.yml
@@ -1,48 +0,0 @@
 # Whether dynamic dns is enabled
 matrix_dynamic_dns_enabled: true

 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'

 matrix_dynamic_dns_version: v3.9.1-ls45

 # The docker container to use when in mode
 matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

 matrix_dynamic_dns_docker_image_name_prefix: "{{ 'localhost/' if matrix_dynamic_dns_container_image_self_build else matrix_container_global_registry_prefix }}"

 # The image to force pull
 matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}"

 # List of extra arguments to pass to the ontainer mode
 matrix_dynamic_dns_container_extra_arguments: []

 # List of wanted services when running in mode
 matrix_dynamic_dns_systemd_wanted_services_list: []

 # List of required services when running in mode
 matrix_dynamic_dns_systemd_required_services_list: ['docker.service']

 # Build the container from source when running in mode
 matrix_dynamic_dns_container_image_self_build: false
 matrix_dynamic_dns_container_image_self_build_repo: "https://github.com/linuxserver/docker-ddclient.git"

 # Config paths
 matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
 matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
 matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"

 # Holds the configurations (the domains to update DNS for, the providers they use, etc.)
 #
 # Example:
 # matrix_dynamic_dns_domain_configurations:
 #   - provider: domains.google.com
 #     protocol: dyndn2
 #     username: XXXXXXXXXXXXXXXX
 #     password: XXXXXXXXXXXXXXXX
 #     domain: "{{ matrix_domain }}"
 matrix_dynamic_dns_domain_configurations: []

 # Config options
 matrix_dynamic_dns_additional_configuration_blocks: []
 matrix_dynamic_dns_use: "web"
--- a/roles/matrix-dynamic-dns/tasks/init.yml
+++ b/roles/matrix-dynamic-dns/tasks/init.yml
@@ -1,10 +0,0 @@
 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
 - name: Fail if trying to self-build on Ansible < 2.8
  fail:
    msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}"
  when: "matrix_dynamic_dns_enabled|bool"
--- a/roles/matrix-dynamic-dns/tasks/install.yml
+++ b/roles/matrix-dynamic-dns/tasks/install.yml
@@ -1,62 +0,0 @@
 ---

 - name: Ensure Dynamic DNS image is pulled
  docker_image:
    name: "{{ matrix_dynamic_dns_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}"
  when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build

 - name: Ensure Dynamic DNS paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0751
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_dynamic_dns_base_path }}", when: true }
    - { path: "{{ matrix_dynamic_dns_config_path }}", when: true }
    - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" }
  when: matrix_dynamic_dns_enabled|bool and item.when|bool

 - name: Ensure Dynamic DNS repository is present on self build
  git:
    repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}"
    dest: "{{ matrix_dynamic_dns_docker_src_files_path }}"
    force: "yes"
  register: matrix_dynamic_dns_git_pull_results
  when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool"

 - name: Ensure Dynamic DNS Docker image is built
  docker_image:
    name: "{{ matrix_dynamic_dns_docker_image }}"
    source: build
    force_source: "{{ matrix_dynamic_dns_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_dynamic_dns_docker_src_files_path }}"
      pull: yes
  when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool"

 - name: Ensure Dynamic DNS ddclient.conf installed
  template:
    src: "{{ role_path }}/templates/ddclient.conf.j2"
    dest: "{{ matrix_dynamic_dns_config_path }}/ddclient.conf"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"

 - name: Ensure matrix-dynamic-dns.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2"
    dest: "/etc/systemd/system/matrix-dynamic-dns.service"
    mode: 0644
  register: matrix_dynamic_dns_systemd_service_result

 - name: Ensure systemd reloaded after matrix-dynamic-dns.service installation
  service:
    daemon_reload: yes
  when: "matrix_dynamic_dns_systemd_service_result.changed"
--- a/roles/matrix-dynamic-dns/tasks/main.yml
+++ b/roles/matrix-dynamic-dns/tasks/main.yml
@@ -1,21 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_dynamic_dns_enabled|bool"
  tags:
    - setup-all
    - setup-dynamic-dns

 - import_tasks: "{{ role_path }}/tasks/install.yml"
  when: "run_setup|bool and matrix_dynamic_dns_enabled|bool"
  tags:
    - setup-all
    - setup-dynamic-dns

 - import_tasks: "{{ role_path }}/tasks/uninstall.yml"
  when: "run_setup|bool and not matrix_dynamic_dns_enabled|bool"
  tags:
    - setup-all
    - setup-dynamic-dns
--- a/roles/matrix-dynamic-dns/tasks/uninstall.yml
+++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml
@@ -1,27 +0,0 @@
 ---

 - name: Check existence of matrix-dynamic-dns service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service"
  register: matrix_dynamic_dns_service_stat

 - name: Ensure matrix-dynamic-dns is stopped
  service:
    name: matrix-dynamic-dns
    state: stopped
    daemon_reload: yes
  when: "matrix_dynamic_dns_service_stat.stat.exists"

 - name: Ensure matrix-dynamic-dns.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service"
    state: absent
  when: "matrix_dynamic_dns_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-dynamic-dns.service removal
  service:
    daemon_reload: yes
  when: "matrix_dynamic_dns_service_stat.stat.exists"

 # Intentionally not removing the Docker image when uninstalling.
 # We can't be sure it had been pulled by us in the first place.
--- a/roles/matrix-dynamic-dns/tasks/validate_config.yml
+++ b/roles/matrix-dynamic-dns/tasks/validate_config.yml
@@ -1,16 +0,0 @@
 ---

 - name: Fail if no configurations specified
  fail:
    msg: >-
      You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns.
  when: "matrix_dynamic_dns_domain_configurations|length == 0"

 - name: Fail if required settings not defined in configuration blocks
  fail:
    msg: >-
      One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol).
  when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration"
  with_items: "{{ matrix_dynamic_dns_domain_configurations }}"
  loop_control:
    loop_var: configuration
--- a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2
+++ b/roles/matrix-dynamic-dns/templates/ddclient.conf.j2
@@ -1,26 +0,0 @@
 daemon={{ matrix_dynamic_dns_daemon_interval }}
 syslog=no
 pid=/var/run/ddclient/ddclient.pid
 ssl=yes
 use={{ matrix_dynamic_dns_use }}

 {% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %}
 protocol={{ dynamic_dns_domain_configuration.protocol }}
 server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %}
 login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %}
 password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %}
 static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %}
 custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %}
 zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %}
 ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %}
 mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %}
 wildcard=yes {% endif %}
 {{ dynamic_dns_domain_configuration.domain }}

 {% endfor %}


 {% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
 {{ matrix_dynamic_dns_additional_configuration }}

 {% endfor %}
--- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
+++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
@@ -1,36 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Dynamic DNS
 {% for service in matrix_dynamic_dns_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_dynamic_dns_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null'
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
  			-e PUID={{ matrix_user_uid }} \
  			-e PGID={{ matrix_user_gid }} \
 			-v {{ matrix_dynamic_dns_config_path }}:/config:z \
 			{% for arg in matrix_dynamic_dns_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_dynamic_dns_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-dynamic-dns

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-email2matrix/defaults/main.yml
+++ b/roles/matrix-email2matrix/defaults/main.yml
@@ -1,44 +0,0 @@
 matrix_email2matrix_enabled: true

 matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix"
 matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config"

 matrix_email2matrix_version: 1.0.1
 matrix_email2matrix_docker_image: "{{ matrix_container_global_registry_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}"
 matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}"

 # A list of extra arguments to pass to the container
 matrix_email2matrix_container_extra_arguments: []

 # List of systemd services that matrix-corporal.service depends on
 matrix_email2matrix_systemd_required_services_list: ['docker.service']

 # Controls where the matrix-email2matrix container exposes the SMTP (tcp/2525 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2525").
 #
 # By default, we listen on port 25 on all of the host's network interfaces.
 matrix_email2matrix_smtp_host_bind_port: "25"

 matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}"

 # A list of mailbox to Matrix mappings.
 #
 # Example:
 # matrix_email2matrix_matrix_mappings:
 #  - MailboxName: "mailbox1"
 #    MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com"
 #    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
 #    MatrixUserId": "@email2matrix:{{ matrix_domain }}"
 #    MatrixAccessToken": "TOKEN_HERE"
 #    IgnoreSubject: false
 #
 #  - MailboxName: "mailbox2"
 #    MatrixRoomId: "!another:example.com"
 #    MatrixHomeserverUrl: "{{ matrix_homeserver_url }}"
 #    MatrixUserId": "@email2matrix:{{ matrix_domain }}"
 #    MatrixAccessToken": "TOKEN_HERE"
 #    IgnoreSubject: true
 matrix_email2matrix_matrix_mappings: []

 matrix_email2matrix_misc_debug: false
--- a/roles/matrix-email2matrix/tasks/init.yml
+++ b/roles/matrix-email2matrix/tasks/init.yml
@@ -1,3 +0,0 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}"
  when: matrix_email2matrix_enabled|bool
--- a/roles/matrix-email2matrix/tasks/main.yml
+++ b/roles/matrix-email2matrix/tasks/main.yml
@@ -1,15 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_email2matrix_enabled|bool"
  tags:
    - setup-all
    - setup-email2matrix

 - import_tasks: "{{ role_path }}/tasks/setup_email2matrix.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-email2matrix
--- a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml
+++ b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml
@@ -1,88 +0,0 @@
 ---

 #
 # Tasks related to setting up Email2Matrix
 #

 - name: Ensure Email2Matrix paths exist
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - "{{ matrix_email2matrix_base_path }}"
    - "{{ matrix_email2matrix_config_dir_path }}"
  when: matrix_email2matrix_enabled|bool

 - name: Ensure Email2Matrix configuration file created
  template:
    src: "{{ role_path }}/templates/config.json.j2"
    dest: "{{ matrix_email2matrix_config_dir_path }}/config.json"
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
    mode: 0640
  when: matrix_email2matrix_enabled|bool

 - name: Ensure Email2Matrix image is pulled
  docker_image:
    name: "{{ matrix_email2matrix_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}"
  when: matrix_email2matrix_enabled|bool

 - name: Ensure matrix-email2matrix.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
    mode: 0644
  register: matrix_email2matrix_systemd_service_result
  when: matrix_email2matrix_enabled|bool

 - name: Ensure systemd reloaded after matrix-email2matrix.service installation
  service:
    daemon_reload: yes
  when: "matrix_email2matrix_enabled|bool and matrix_email2matrix_systemd_service_result.changed"

 #
 # Tasks related to getting rid of the Email2Matrix (if it was previously enabled)
 #

 - name: Check existence of matrix-email2matrix service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
  register: matrix_email2matrix_service_stat
  when: "not matrix_email2matrix_enabled|bool"

 - name: Ensure matrix-email2matrix is stopped
  service:
    name: matrix-email2matrix
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"

 - name: Ensure matrix-email2matrix.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-email2matrix.service"
    state: absent
  when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-email2matrix.service removal
  service:
    daemon_reload: yes
  when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists"

 - name: Ensure Email2Matrix data path doesn't exist
  file:
    path: "{{ matrix_email2matrix_base_path }}"
    state: absent
  when: "not matrix_email2matrix_enabled|bool"

 - name: Ensure Email2Matrix Docker image doesn't exist
  docker_image:
    name: "{{ matrix_email2matrix_docker_image }}"
    state: absent
  when: "not matrix_email2matrix_enabled|bool"
--- a/roles/matrix-email2matrix/tasks/validate_config.yml
+++ b/roles/matrix-email2matrix/tasks/validate_config.yml
@@ -1,7 +0,0 @@
 ---

 - name: Fail if no mappings
  fail:
    msg: >
      You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix.
  when: "matrix_email2matrix_matrix_mappings|length == 0"
--- a/roles/matrix-email2matrix/templates/config.json.j2
+++ b/roles/matrix-email2matrix/templates/config.json.j2
@@ -1,14 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 {
 	"Smtp": {
 		"ListenInterface": "0.0.0.0:2525",
 		"Hostname": {{ matrix_email2matrix_smtp_hostname|to_json }},
 		"Workers": 10
 	},
 	"Matrix": {
 		"Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }}
 	},
 	"Misc": {
 		"Debug": {{ matrix_email2matrix_misc_debug|to_json }}
 	}
 }
--- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
+++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
@@ -1,34 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Email2Matrix
 After=docker.service
 Requires=docker.service
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			-p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \
 			--mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \
 			{% for arg in matrix_email2matrix_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_email2matrix_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-email2matrix

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-etherpad/defaults/main.yml
+++ b/roles/matrix-etherpad/defaults/main.yml
@@ -1,87 +0,0 @@
 matrix_etherpad_enabled: false

 matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"

 matrix_etherpad_version: 1.8.12
 matrix_etherpad_docker_image: "{{ matrix_container_global_registry_prefix }}etherpad/etherpad:{{ matrix_etherpad_version }}"
 matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"

 # List of systemd services that matrix-etherpad.service depends on.
 matrix_etherpad_systemd_required_services_list: ['docker.service']

 # List of systemd services that matrix-etherpad.service wants
 matrix_etherpad_systemd_wanted_services_list: []

 # Container user has to be able to write to the source file directories until this bug is fixed:
 # https://github.com/ether/etherpad-lite/issues/2683
 matrix_etherpad_user_uid: '5001'
 matrix_etherpad_user_gid: '5001'

 # Controls whether the matrix-etherpad container exposes its HTTP port (tcp/9001 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9001"), or empty string to not expose.
 matrix_etherpad_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_etherpad_container_extra_arguments: []

 matrix_etherpad_public_endpoint: '/etherpad'

 # By default, the Etherpad app can be accessed within the Dimension domain
 matrix_etherpad_base_url: "https://{{ matrix_server_fqn_dimension }}{{ matrix_etherpad_public_endpoint }}"

 # Database-related configuration fields.
 #
 # Etherpad requires a dedicated database
 matrix_etherpad_database_engine: 'postgres'

 matrix_etherpad_database_username: 'matrix_etherpad'
 matrix_etherpad_database_password: 'some-password'
 matrix_etherpad_database_hostname: 'matrix-postgres'
 matrix_etherpad_database_port: 5432
 matrix_etherpad_database_name: 'matrix_etherpad'

 matrix_etherpad_database_connection_string: 'postgres://{{ matrix_etherpad_database_username }}:{{ matrix_etherpad_database_password }}@{{ matrix_etherpad_database_hostname }}:{{ matrix_etherpad_database_port }}/{{ matrix_etherpad_database_name }}'

 # Variables configuring the etherpad
 matrix_etherpad_title: 'Etherpad'
 matrix_etherpad_default_pad_text: |
  Welcome to Etherpad!

  This pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!

  Get involved with Etherpad at https://etherpad.org

 # Default Etherpad configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_etherpad_configuration_extension_json`)
 # or completely replace this variable with your own template.
 matrix_etherpad_configuration_default: "{{ lookup('template', 'templates/settings.json.j2') }}"

 # Your custom JSON configuration for Etherpad goes here.
 # This configuration extends the default starting configuration (`matrix_etherpad_configuration_json`).
 #
 # You can override individual variables from the default configuration, or introduce new ones.
 #
 # If you need something more special, you can take full control by
 # completely redefining `matrix_etherpad_configuration_json`.
 #
 # Example configuration extension follows:
 #
 # matrix_etherpad_configuration_extension_json: |
 #  {
 #   "loadTest": true,
 #   "commitRateLimiting": {
 #     "duration": 1,
 #     "points": 10
 #   }
 #  }
 #
 matrix_etherpad_configuration_extension_json: '{}'

 matrix_etherpad_configuration_extension: "{{ matrix_etherpad_configuration_extension_json|from_json if matrix_etherpad_configuration_extension_json|from_json is mapping else {} }}"

 # Holds the final Etherpad configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_etherpad_configuration_json`.
 matrix_etherpad_configuration: "{{ matrix_etherpad_configuration_default|combine(matrix_etherpad_configuration_extension, recursive=True) }}"
--- a/roles/matrix-etherpad/tasks/init.yml
+++ b/roles/matrix-etherpad/tasks/init.yml
@@ -1,62 +0,0 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}"
  when: matrix_etherpad_enabled|bool

 - block:
  - name: Fail if matrix-nginx-proxy role already executed
    fail:
      msg: >-
        Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
        but it's pointless since the matrix-nginx-proxy role had already executed.
        To fix this, please change the order of roles in your plabook,
        so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
    when: matrix_nginx_proxy_role_executed|default(False)|bool

  - name: Generate Etherpad proxying configuration for matrix-nginx-proxy
    set_fact:
      matrix_etherpad_matrix_nginx_proxy_configuration: |
        rewrite ^{{ matrix_etherpad_public_endpoint }}$ $scheme://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;

        location {{ matrix_etherpad_public_endpoint }}/ {
        {% if matrix_nginx_proxy_enabled|default(False) %}
          {# Use the embedded DNS resolver in Docker containers to discover the service #}
          resolver 127.0.0.11 valid=5s;
          proxy_pass http://matrix-etherpad:9001/;
          {# These are proxy directives needed specifically by Etherpad #}
          proxy_buffering off;
          proxy_http_version 1.1;  # recommended with keepalive connections
          proxy_pass_header Server;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
          # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
        {% else %}
          {# Generic configuration for use outside of our container setup #}
          # A good guide for setting up your Etherpad behind nginx:
          # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
          proxy_pass http://127.0.0.1:9001/;
        {% endif %}
        }

  - name: Register Etherpad proxying configuration with matrix-nginx-proxy
    set_fact:
      matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
        {{
          matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([])
          +
          [matrix_etherpad_matrix_nginx_proxy_configuration]
        }}
  tags:
    - always
  when: matrix_etherpad_enabled|bool

 - name: Warn about reverse-proxying if matrix-nginx-proxy not used
  debug:
    msg: >-
      NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy
      reverse proxy.
      Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}`
      URL endpoint to the matrix-etherpad container.
      You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable.
  when: "matrix_etherpad_enabled|bool and matrix_nginx_proxy_enabled is not defined"
--- a/roles/matrix-etherpad/tasks/main.yml
+++ b/roles/matrix-etherpad/tasks/main.yml
@@ -1,21 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: run_setup|bool and matrix_etherpad_enabled|bool
  tags:
    - setup-all
    - setup-etherpad

 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: run_setup|bool and not matrix_etherpad_enabled|bool
  tags:
    - setup-all
    - setup-etherpad

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: run_setup|bool and matrix_etherpad_enabled|bool
  tags:
    - setup-all
    - setup-etherpad
--- a/roles/matrix-etherpad/tasks/setup_install.yml
+++ b/roles/matrix-etherpad/tasks/setup_install.yml
@@ -1,36 +0,0 @@
 ---

 - name: Ensure Etherpad base path exists
  file:
    path: "{{ matrix_etherpad_base_path }}"
    state: directory
    mode: 0770
    owner: "{{ matrix_etherpad_user_uid }}"
    group: "{{ matrix_etherpad_user_gid }}"

 - name: Ensure Etherpad config installed
  copy:
    content: "{{ matrix_etherpad_configuration|to_nice_json }}"
    dest: "{{ matrix_etherpad_base_path }}/settings.json"
    mode: 0640
    owner: "{{ matrix_etherpad_user_uid }}"
    group: "{{ matrix_etherpad_user_gid }}"

 - name: Ensure Etherpad image is pulled
  docker_image:
    name: "{{ matrix_etherpad_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}"

 - name: Ensure matrix-etherpad.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-etherpad.service"
    mode: 0644
  register: matrix_etherpad_systemd_service_result

 - name: Ensure systemd reloaded after matrix-etherpad.service installation
  service:
    daemon_reload: yes
  when: "matrix_etherpad_systemd_service_result.changed|bool"
--- a/roles/matrix-etherpad/tasks/setup_uninstall.yml
+++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml
@@ -1,35 +0,0 @@
 ---

 - name: Check existence of matrix-etherpad service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-etherpad.service"
  register: matrix_etherpad_service_stat

 - name: Ensure matrix-etherpad is stopped
  service:
    name: matrix-etherpad
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "matrix_etherpad_service_stat.stat.exists|bool"

 - name: Ensure matrix-etherpad.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-etherpad.service"
    state: absent
  when: "matrix_etherpad_service_stat.stat.exists|bool"

 - name: Ensure systemd reloaded after matrix-etherpad.service removal
  service:
    daemon_reload: yes
  when: "matrix_etherpad_service_stat.stat.exists|bool"

 - name: Ensure Etherpad base directory doesn't exist
  file:
    path: "{{ matrix_etherpad_base_path }}"
    state: absent

 - name: Ensure Etherpad Docker image doesn't exist
  docker_image:
    name: "{{ matrix_etherpad_docker_image }}"
    state: absent
--- a/roles/matrix-etherpad/tasks/validate_config.yml
+++ b/roles/matrix-etherpad/tasks/validate_config.yml
@@ -1,11 +0,0 @@
 - name: Fail if Etherpad is enabled without the Dimension integrations manager
  fail:
    msg: >-
      To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true
  when: "not matrix_dimension_enabled|bool"

 - name: Fail if no database is configured for Etherpad
  fail:
    msg: >-
      Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname"
  when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled
--- a/roles/matrix-etherpad/templates/settings.json.j2
+++ b/roles/matrix-etherpad/templates/settings.json.j2
@@ -1,105 +0,0 @@
 {
  "title": {{ matrix_etherpad_title|to_json }},
  "favicon": "favicon.ico",
  "skinName": "colibris",
  "skinVariants": "super-light-toolbar super-light-editor light-background",
  "ip": "::",
  "port": 9001,
  "showSettingsInAdminPage": true,
  "dbType": {{ matrix_etherpad_database_engine|to_json }},
  "dbSettings": {
    "database": {{ matrix_etherpad_database_name|to_json }},
    "host":     {{ matrix_etherpad_database_hostname|to_json }},
    "password": {{ matrix_etherpad_database_password|to_json }},
    "port":     {{ matrix_etherpad_database_port|to_json }},
    "user":     {{ matrix_etherpad_database_username|to_json }}
  },
  "defaultPadText" : {{ matrix_etherpad_default_pad_text|to_json }},
  "suppressErrorsInPadText": false,
  "requireSession": false,
  "editOnly": false,
  "minify": true,
  "maxAge": 21600,
  "abiword": null,
  "soffice": null,
  "tidyHtml": null,
  "allowUnknownFileEnds": true,
  "requireAuthentication": false,
  "requireAuthorization": false,
  "trustProxy": true,
  "cookie": {
    "sameSite": "Lax"
  },
  "disableIPlogging": true,
  "automaticReconnectionTimeout": 0,
  "scrollWhenFocusLineIsOutOfViewport": {
    "percentage": {
      "editionAboveViewport": 0,
      "editionBelowViewport": 0
    },
    "duration": 0,
    "scrollWhenCaretIsInTheLastLineOfViewport": false,
    "percentageToScrollWhenUserPressesArrowUp": 0
  },
  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
  "socketIo": {
    "maxHttpBufferSize": 10000
  },
  "loadTest": false,
  "importExportRateLimiting": {
    "windowMs": 90000,
    "max": 10
  },
  "importMaxFileSize": 52428800,
  "commitRateLimiting": {
    "duration": 1,
    "points": 10
  },
  "exposeVersion": false,
  "padOptions": {
    "noColors": false,
    "showControls": true,
    "showChat": false,
    "showLineNumbers": true,
    "useMonospaceFont": false,
    "userName": false,
    "userColor": false,
    "rtl": false,
    "alwaysShowChat": false,
    "chatAndUsers": false,
    "lang": "en-gb"
  },
  "padShortcutEnabled" : {
    "altF9": true,
    "altC": true,
    "cmdShift2": true,
    "delete": true,
    "return": true,
    "esc": true,
    "cmdS": true,
    "tab": true,
    "cmdZ": true,
    "cmdY": true,
    "cmdI": true,
    "cmdB": true,
    "cmdU": true,
    "cmd5": true,
    "cmdShiftL": true,
    "cmdShiftN": true,
    "cmdShift1": true,
    "cmdShiftC": true,
    "cmdH": true,
    "ctrlHome": true,
    "pageUp": true,
    "pageDown": true
  },
  "loglevel": "INFO",
  "logconfig" :
    { "appenders": [
        { "type": "console",
          "layout": {"type": "messagePassThrough"}
        }
      ]
    },
  "customLocaleStrings": {}
 }
--- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2
+++ b/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2
@@ -1,44 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Etherpad
 {% for service in matrix_etherpad_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_etherpad_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-etherpad
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-etherpad

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \
 			--log-driver=none \
 			--user={{ matrix_etherpad_user_uid }}:{{ matrix_etherpad_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_etherpad_container_http_host_bind_port %}
 			-p {{ matrix_etherpad_container_http_host_bind_port }}:9001 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_etherpad_base_path }},dst=/data \
 			{% for arg in matrix_etherpad_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_etherpad_docker_image }} \
 			node --experimental-worker src/node/server.js \
 				--settings /data/settings.json --credentials /data/credentials.json \
 				--sessionkey /data/sessionkey.json --apikey /data/apijey.json
 				

 ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad
 ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-etherpad

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -1,59 +0,0 @@
 # matrix-grafana is open source visualization and analytics software
 # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md

 matrix_grafana_enabled: false

 matrix_grafana_version: 8.0.5
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

 # Not conditional, because when someone disables metrics
 # they might still want to look at the old existing data.
 # So it would be silly to delete the dashboard in such case.
 matrix_grafana_dashboard_download_urls:
 - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json"
 - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json"

 matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana"
 matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config"
 matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data"

 # Allow viewing Grafana without logging in
 matrix_grafana_anonymous_access: false

 # specify organization name that should be used for unauthenticated users
 # if you change this in the Grafana admin panel, this needs to be updated
 # to match to keep anonymous logins working
 matrix_grafana_anonymous_access_org_name: 'Main Org.'


 # default admin credentials, you are asked to change these on first login
 matrix_grafana_default_admin_user: admin
 matrix_grafana_default_admin_password: admin

 # Set to true to add the Content-Security-Policy header to your requests.
 # CSP allows to control resources that the user agent can load and helps 
 # prevent XSS attacks.
 # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
 matrix_grafana_content_security_policy: true

 # specify content security policy template to customized template
 # added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
 # [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
 # [Content Security Policy Reference](https://content-security-policy.com/script-src/)
 matrix_grafana_content_security_policy_customized: false
 matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"

 # A list of extra arguments to pass to the container
 matrix_grafana_container_extra_arguments: []

 # List of systemd services that matrix-grafana.service depends on
 matrix_grafana_systemd_required_services_list: ['docker.service']

 # List of systemd services that matrix-grafana.service wants
 matrix_grafana_systemd_wanted_services_list: []

 # Controls whether the matrix-grafana container exposes its HTTP port (tcp/3000 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3000"), or empty string to not expose.
 matrix_grafana_container_http_host_bind_port: ''
--- a/roles/matrix-grafana/tasks/init.yml
+++ b/roles/matrix-grafana/tasks/init.yml
@@ -1,5 +0,0 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}"
  when: matrix_grafana_enabled|bool


--- a/roles/matrix-grafana/tasks/main.yml
+++ b/roles/matrix-grafana/tasks/main.yml
@@ -1,14 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_grafana_enabled|bool"
  tags:
    - setup-all
    - setup-grafana

 - import_tasks: "{{ role_path }}/tasks/setup.yml"
  tags:
    - setup-all
    - setup-grafana
--- a/roles/matrix-grafana/tasks/setup.yml
+++ b/roles/matrix-grafana/tasks/setup.yml
@@ -1,110 +0,0 @@
 ---

 #
 # Tasks related to setting up matrix-grafana
 #

 - name: Ensure matrix-grafana image is pulled
  docker_image:
    name: "{{ matrix_grafana_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}"
  when: "matrix_grafana_enabled|bool"

 - name: Ensure grafana paths exists
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - "{{ matrix_grafana_base_path }}"
    - "{{ matrix_grafana_config_path }}"
    - "{{ matrix_grafana_config_path }}/provisioning"
    - "{{ matrix_grafana_config_path }}/provisioning/datasources"
    - "{{ matrix_grafana_config_path }}/provisioning/dashboards"
    - "{{ matrix_grafana_config_path }}/dashboards"
    - "{{ matrix_grafana_data_path }}"
  when: matrix_grafana_enabled|bool

 - name: Ensure grafana.ini present
  template:
    src: "{{ role_path }}/templates/grafana.ini.j2"
    dest: "{{ matrix_grafana_config_path }}/grafana.ini"
    mode: 0440
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  when: matrix_grafana_enabled|bool

 - name: Ensure provisioning/datasources/default.yaml present
  template:
    src: "{{ role_path }}/templates/datasources.yaml.j2"
    dest: "{{ matrix_grafana_config_path }}/provisioning/datasources/default.yaml"
    mode: 0440
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  when: matrix_grafana_enabled|bool

 - name: Ensure provisioning/dashboards/default.yaml present
  template:
    src: "{{ role_path }}/templates/dashboards.yaml.j2"
    dest: "{{ matrix_grafana_config_path }}/provisioning/dashboards/default.yaml"
    mode: 0440
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  when: matrix_grafana_enabled|bool

 - name: Ensure dashboard(s) downloaded
  get_url:
    url: "{{ item }}"
    dest: "{{ matrix_grafana_config_path }}/dashboards/"
    force: true
    mode: 0440
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
  when: matrix_grafana_enabled|bool

 - name: Ensure matrix-grafana.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-grafana.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-grafana.service"
    mode: 0644
  register: matrix_grafana_systemd_service_result
  when: matrix_grafana_enabled|bool

 - name: Ensure systemd reloaded after matrix-grafana.service installation
  service:
    daemon_reload: yes
  when: "matrix_grafana_enabled|bool and matrix_grafana_systemd_service_result.changed"

 #
 # Tasks related to getting rid of matrix-grafana (if it was previously enabled)
 #

 - name: Check existence of matrix-grafana service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-grafana.service"
  register: matrix_grafana_service_stat

 - name: Ensure matrix-grafana is stopped
  service:
    name: matrix-grafana
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists"

 - name: Ensure matrix-grafana.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-grafana.service"
    state: absent
  when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-grafana.service removal
  service:
    daemon_reload: yes
  when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists"

--- a/roles/matrix-grafana/tasks/validate_config.yml
+++ b/roles/matrix-grafana/tasks/validate_config.yml
@@ -1,7 +0,0 @@
 ---

 - name: Fail if Prometheus not enabled
  fail:
    msg: >
      You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana.
  when: "not matrix_prometheus_enabled"
--- a/roles/matrix-grafana/templates/dashboards.yaml.j2
+++ b/roles/matrix-grafana/templates/dashboards.yaml.j2
@@ -1,9 +0,0 @@
 apiVersion: 1

 providers:
  - name: {{ matrix_server_fqn_matrix }} - Dashboards
    folder: '' # The folder where to place the dashboards
    type: file
    allowUiUpdates: true
    options:
      path: /etc/grafana/dashboards
--- a/roles/matrix-grafana/templates/datasources.yaml.j2
+++ b/roles/matrix-grafana/templates/datasources.yaml.j2
@@ -1,8 +0,0 @@
 apiVersion: 1

 datasources:
  - name: {{ matrix_server_fqn_matrix }} - Prometheus
    type: prometheus
    # Access mode - proxy (server in the UI) or direct (browser in the UI).
    access: proxy
    url: http://matrix-prometheus:9090
--- a/roles/matrix-grafana/templates/grafana.ini.j2
+++ b/roles/matrix-grafana/templates/grafana.ini.j2
@@ -1,31 +0,0 @@
 [server]
 root_url = "https://{{ matrix_server_fqn_grafana }}"

 [security]
 # default admin user, created on startup
 admin_user = "{{ matrix_grafana_default_admin_user }}"

 # default admin password, can be changed before first start of grafana, or in profile settings
 admin_password = """{{ matrix_grafana_default_admin_password }}"""

 # specify content_security_policy to add the Content-Security-Policy header to your requests
 content_security_policy = "{{ matrix_grafana_content_security_policy }}"

 # specify content security policy template to customized template
 {% if matrix_grafana_content_security_policy_customized %}
 content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
 {% endif %}

 [auth.anonymous]
 # enable anonymous access
 enabled = {{ matrix_grafana_anonymous_access }}

 # specify organization name that should be used for unauthenticated users
 org_name = "{{ matrix_grafana_anonymous_access_org_name }}"

 [dashboards]
 {% if matrix_synapse_metrics_enabled %}
 default_home_dashboard_path = /etc/grafana/dashboards/synapse.json
 {% else %}
 default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json
 {% endif %}
--- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2
+++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2
@@ -1,43 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=matrix-grafana
 {% for service in matrix_grafana_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_grafana_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null'


 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_grafana_container_http_host_bind_port %}
 			-p {{ matrix_grafana_container_http_host_bind_port }}:3000 \
 			{% endif %}
 			-v {{ matrix_grafana_config_path }}:/etc/grafana:z \
 			-v {{ matrix_grafana_data_path }}:/var/lib/grafana:z \
 			{% for arg in matrix_grafana_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_grafana_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-grafana

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -1,261 +0,0 @@
 matrix_jitsi_enabled: true

 matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"

 matrix_jitsi_enable_auth: false
 matrix_jitsi_enable_guests: false
 matrix_jitsi_enable_recording: false
 matrix_jitsi_enable_transcriptions: false
 matrix_jitsi_enable_p2p: true

 # Authentication type, must be one of internal, jwt or ldap. Currently only
 # internal and ldap are supported by this playbook.
 matrix_jitsi_auth_type: internal

 # Configuration options for LDAP authentication. For details see upstream:
 #   https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
 # Defaults are taken from:
 #   https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf
 matrix_jitsi_ldap_url: ""
 matrix_jitsi_ldap_base: ""
 matrix_jitsi_ldap_binddn: ""
 matrix_jitsi_ldap_bindpw: ""
 matrix_jitsi_ldap_filter: "uid=%u"
 matrix_jitsi_ldap_auth_method: "bind"
 matrix_jitsi_ldap_version: "3"
 matrix_jitsi_ldap_use_tls: false
 matrix_jitsi_ldap_tls_ciphers: ""
 matrix_jitsi_ldap_tls_check_peer: false
 matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
 matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
 matrix_jitsi_ldap_start_tls: false

 matrix_jitsi_timezone: UTC

 matrix_jitsi_xmpp_domain: matrix-jitsi-web
 matrix_jitsi_xmpp_server: matrix-jitsi-prosody
 matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
 matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
 matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
 matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
 matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
 matrix_jitsi_xmpp_modules: ''

 matrix_jitsi_recorder_domain: recorder.meet.jitsi


 matrix_jitsi_jibri_brewery_muc: jibribrewery
 matrix_jitsi_jibri_pending_timeout: 90
 matrix_jitsi_jibri_xmpp_user: jibri
 matrix_jitsi_jibri_xmpp_password: ''
 matrix_jitsi_jibri_recorder_user: recorder
 matrix_jitsi_jibri_recorder_password: ''

 matrix_jitsi_enable_lobby: false

 matrix_jitsi_version: stable-5765-1
 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility

 matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"

 matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
 matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
 matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"

 matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"

 # STUN servers used in the web UI. Feel free to point them to your own STUN server.
 # Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
 matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']

 # Controls whether Etherpad will be available within Jitsi
 matrix_jitsi_etherpad_enabled: false

 # Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:13080"), or empty string to not expose.
 matrix_jitsi_web_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_jitsi_web_container_extra_arguments: []

 # List of systemd services that matrix-jitsi-web.service depends on
 matrix_jitsi_web_systemd_required_services_list: ['docker.service']


 # Some variables controlling the interface of Jitsi Web.
 # These get applied to `templates/web/interface_config.js.j2`.
 #
 # Besides this, you can also use `matrix_jitsi_web_custom_interface_config_extension`
 # to define any other configuration option.
 matrix_jitsi_web_interface_config_lang_detection: false
 matrix_jitsi_web_interface_config_show_jitsi_watermark: true
 matrix_jitsi_web_interface_config_jitsi_watermark_link: "https://jitsi.org"
 matrix_jitsi_web_interface_config_show_brand_watermark: false
 matrix_jitsi_web_interface_config_brand_watermark_link: ""
 matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page: true
 matrix_jitsi_web_interface_config_display_welcome_page_content: true
 matrix_jitsi_web_interface_config_app_name: "Jitsi Meet"
 matrix_jitsi_web_interface_config_native_app_name: "Jitsi Meet"
 matrix_jitsi_web_interface_config_provider_name: "Jitsi"
 matrix_jitsi_web_interface_config_show_powered_by: false
 matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
 matrix_jitsi_web_interface_config_show_deep_linking_image: false

 # Custom configuration to be injected into `interface_config.js`, passed to Jitsi Web.
 # This configuration gets appended to the final interface configuration that Jitsi Web uses.
 #
 # Note: not to be confused with `matrix_jitsi_web_custom_config_extension`.
 #
 # For interface configuration, the flow is like this:
 # - the contents of `templates/web/interface_config.js.j2` is generated (based on various `matrix_jitsi_web_interface_config_*` variables you see in this file)
 # - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults.
 #
 # Example:
 # matrix_jitsi_web_custom_interface_config_extension: |
 #   interfaceConfig.CONNECTION_INDICATOR_AUTO_HIDE_ENABLED = false;
 #   interfaceConfig.DISABLE_VIDEO_BACKGROUND = true;
 matrix_jitsi_web_custom_interface_config_extension: ''


 # Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10)
 matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~
 # Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10)
 matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~

 matrix_jitsi_web_config_defaultLanguage: 'en'

 # Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280)
 matrix_jitsi_web_config_resolution_width_ideal_and_max: ~
 # Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320)
 matrix_jitsi_web_config_resolution_width_min: ~
 # Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720)
 matrix_jitsi_web_config_resolution_height_ideal_and_max: ~
 # Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180)
 matrix_jitsi_web_config_resolution_height_min: ~

 # Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web.
 # This configuration gets appended to the final configuration that Jitsi Web uses.
 #
 # Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`.
 #
 # The flow is like this:
 # - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container
 # - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`)
 # - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`.
 #
 # Example:
 # matrix_jitsi_web_custom_config_extension: |
 #   if (!config.hasOwnProperty('testing')) config.testing = {};
 #   config.testing.p2pTestMode = true
 matrix_jitsi_web_custom_config_extension: ''

 # Additional environment variables to pass to the Jitsi Web container.
 # You can use this to further influence the default configuration generated by the Jitsi Web container on every startup.
 # Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
 # by using `matrix_jitsi_web_custom_config_extension`.
 #
 # Example:
 # matrix_jitsi_web_environment_variables_extension: |
 #   ENABLE_FILE_RECORDING_SERVICE=1
 #   DROPBOX_APPKEY=something
 #   DROPBOX_REDIRECT_URI=something
 matrix_jitsi_web_environment_variables_extension: ''


 matrix_jitsi_prosody_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"

 matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
 matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
 matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom"

 # A list of extra arguments to pass to the container
 matrix_jitsi_prosody_container_extra_arguments: []

 # List of systemd services that matrix-jitsi-prosody.service depends on
 matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']

 # Neccessary Port binding for those disabling the integrated nginx proxy
 matrix_jitsi_prosody_container_http_host_bind_port: ''

 matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"

 matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
 matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"

 # A list of extra arguments to pass to the container
 matrix_jitsi_jicofo_container_extra_arguments: []

 # List of systemd services that matrix-jitsi-jicofo.service depends on
 matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']

 matrix_jitsi_jicofo_component_secret: ''
 matrix_jitsi_jicofo_auth_user: focus
 matrix_jitsi_jicofo_auth_password: ''


 matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
 matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"

 matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
 matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"

 # A list of extra arguments to pass to the container
 matrix_jitsi_jvb_container_extra_arguments: []

 # List of systemd services that matrix-jitsi-jvb.service depends on
 matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']

 matrix_jitsi_jvb_auth_user: jvb
 matrix_jitsi_jvb_auth_password: ''

 # STUN servers used by JVB on the server-side, so it can discover its own external IP address.
 # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
 matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']

 matrix_jitsi_jvb_brewery_muc: jvbbrewery
 matrix_jitsi_jvb_rtp_udp_port: 10000
 matrix_jitsi_jvb_rtp_tcp_port: 4443

 # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
 # This configuration gets appended to the final configuration that Jitsi JVB uses.
 #
 # The flow is like this:
 # - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container
 # - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`)
 # - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`.
 #
 # Example:
 # matrix_jitsi_jvb_custom_config_extension: |
 #   org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false
 #   org.jitsi.videobridge.ENABLE_STATISTICS=false
 matrix_jitsi_jvb_custom_config_extension: ''

 # Additional environment variables to pass to the Jitsi JVB container.
 # You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup.
 # Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
 # by using `matrix_jitsi_jvb_custom_config_extension`.
 #
 # Example:
 # matrix_jitsi_jvb_environment_variables_extension: |
 #   SOME_VARIABLE=1
 #   ANOTHER_VARIABLE=something
 matrix_jitsi_jvb_environment_variables_extension: ''

 # Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
 matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"

 # Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
 matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"

 # Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
 matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
--- a/roles/matrix-jitsi/tasks/init.yml
+++ b/roles/matrix-jitsi/tasks/init.yml
@@ -1,3 +0,0 @@
 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
  when: matrix_jitsi_enabled|bool
--- a/roles/matrix-jitsi/tasks/main.yml
+++ b/roles/matrix-jitsi/tasks/main.yml
@@ -1,39 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_jitsi_enabled|bool"
  tags:
    - setup-all
    - setup-jitsi

 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-jitsi

 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-jitsi

 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-jitsi

 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-jitsi

 - import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-jitsi
--- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml
+++ b/roles/matrix-jitsi/tasks/setup_jitsi_base.yml
@@ -1,20 +0,0 @@
 ---

 #
 # Tasks related to setting up jitsi
 #

 - name: Ensure Matrix jitsi base path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_jitsi_base_path }}", when: true }
  when: matrix_jitsi_enabled|bool and item.when

 #
 # Tasks related to getting rid of jitsi (if it was previously enabled)
 #
--- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
+++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
@@ -1,93 +0,0 @@
 ---

 #
 # Tasks related to setting up jitsi-jicofo
 #

 - name: Ensure Matrix jitsi-jicofo path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0777
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_jitsi_jicofo_base_path }}", when: true }
    - { path: "{{ matrix_jitsi_jicofo_config_path }}", when: true }
  when: matrix_jitsi_enabled|bool and item.when

 - name: Ensure jitsi-jicofo Docker image is pulled
  docker_image:
    name: "{{ matrix_jitsi_jicofo_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-jicofo environment variables file created
  template:
    src: "{{ role_path }}/templates/jicofo/env.j2"
    dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
    mode: 0640
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-jicofo configuration files created
  template:
    src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
    dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
    mode: 0644
  with_items:
    - sip-communicator.properties
    - logging.properties
  when: matrix_jitsi_enabled|bool

 - name: Ensure matrix-jitsi-jicofo.service installed
  template:
    src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
    mode: 0644
  register: matrix_jitsi_jicofo_systemd_service_result
  when: matrix_jitsi_enabled|bool

 - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation
  service:
    daemon_reload: yes
  when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed"

 #
 # Tasks related to getting rid of jitsi-jicofo (if it was previously enabled)
 #

 - name: Check existence of matrix-jitsi-jicofo service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
  register: matrix_jitsi_jicofo_service_stat
  when: "not matrix_jitsi_enabled|bool"

 - name: Ensure matrix-jitsi-jicofo is stopped
  service:
    name: matrix-jitsi-jicofo
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"

 - name: Ensure matrix-jitsi-jicofo.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service"
    state: absent
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal
  service:
    daemon_reload: yes
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists"

 - name: Ensure Matrix jitsi-jicofo paths doesn't exist
  file:
    path: "{{ matrix_jitsi_jicofo_base_path }}"
    state: absent
  when: "not matrix_jitsi_enabled|bool"

 # Intentionally not removing the Docker image when uninstalling.
 # We can't be sure it had been pulled by us in the first place.
--- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml
+++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml
@@ -1,93 +0,0 @@
 ---

 #
 # Tasks related to setting up jitsi-jvb
 #

 - name: Ensure Matrix jitsi-jvb path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0777
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_jitsi_jvb_base_path }}", when: true }
    - { path: "{{ matrix_jitsi_jvb_config_path }}", when: true }
  when: matrix_jitsi_enabled|bool and item.when

 - name: Ensure jitsi-jvb Docker image is pulled
  docker_image:
    name: "{{ matrix_jitsi_jvb_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-jvb configuration files created
  template:
    src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
    dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
    mode: 0644
  with_items:
    - custom-sip-communicator.properties
    - logging.properties
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-jvb environment variables file created
  template:
    src: "{{ role_path }}/templates/jvb/env.j2"
    dest: "{{ matrix_jitsi_jvb_base_path }}/env"
    mode: 0640
  when: matrix_jitsi_enabled|bool

 - name: Ensure matrix-jitsi-jvb.service installed
  template:
    src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
    mode: 0644
  register: matrix_jitsi_jvb_systemd_service_result
  when: matrix_jitsi_enabled|bool

 - name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation
  service:
    daemon_reload: yes
  when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed"

 #
 # Tasks related to getting rid of jitsi-jvb (if it was previously enabled)
 #

 - name: Check existence of matrix-jitsi-jvb service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
  register: matrix_jitsi_jvb_service_stat
  when: "not matrix_jitsi_enabled|bool"

 - name: Ensure matrix-jitsi-jvb is stopped
  service:
    name: matrix-jitsi-jvb
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"

 - name: Ensure matrix-jitsi-jvb.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service"
    state: absent
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal
  service:
    daemon_reload: yes
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists"

 - name: Ensure Matrix jitsi-jvb paths doesn't exist
  file:
    path: "{{ matrix_jitsi_jvb_base_path }}"
    state: absent
  when: "not matrix_jitsi_enabled|bool"

 # Intentionally not removing the Docker image when uninstalling.
 # We can't be sure it had been pulled by us in the first place.
--- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
+++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
@@ -1,84 +0,0 @@
 ---

 #
 # Tasks related to setting up jitsi-prosody
 #

 - name: Ensure Matrix jitsi-prosody path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0777
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true }
    - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true }
    - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true }
  when: matrix_jitsi_enabled|bool and item.when

 - name: Ensure jitsi-prosody Docker image is pulled
  docker_image:
    name: "{{ matrix_jitsi_prosody_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-prosody environment variables file created
  template:
    src: "{{ role_path }}/templates/prosody/env.j2"
    dest: "{{ matrix_jitsi_prosody_base_path }}/env"
    mode: 0640
  when: matrix_jitsi_enabled|bool

 - name: Ensure matrix-jitsi-prosody.service installed
  template:
    src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
    mode: 0644
  register: matrix_jitsi_prosody_systemd_service_result
  when: matrix_jitsi_enabled|bool

 - name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
  service:
    daemon_reload: yes
  when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"

 #
 # Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
 #

 - name: Check existence of matrix-jitsi-prosody service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
  register: matrix_jitsi_prosody_service_stat
  when: "not matrix_jitsi_enabled|bool"

 - name: Ensure matrix-jitsi-prosody is stopped
  service:
    name: matrix-jitsi-prosody
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

 - name: Ensure matrix-jitsi-prosody.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
    state: absent
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
  service:
    daemon_reload: yes
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

 - name: Ensure Matrix jitsi-prosody paths doesn't exist
  file:
    path: "{{ matrix_jitsi_prosody_base_path }}"
    state: absent
  when: "not matrix_jitsi_enabled|bool"

 # Intentionally not removing the Docker image when uninstalling.
 # We can't be sure it had been pulled by us in the first place.
--- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml
+++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml
@@ -1,95 +0,0 @@
 ---

 #
 # Tasks related to setting up jitsi-web
 #

 - name: Ensure Matrix jitsi-web path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0777
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_jitsi_web_base_path }}", when: true }
    - { path: "{{ matrix_jitsi_web_config_path }}", when: true }
    - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true }
  when: matrix_jitsi_enabled|bool and item.when

 - name: Ensure jitsi-web Docker image is pulled
  docker_image:
    name: "{{ matrix_jitsi_web_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-web environment variables file created
  template:
    src: "{{ role_path }}/templates/web/env.j2"
    dest: "{{ matrix_jitsi_web_base_path }}/env"
    mode: 0640
  when: matrix_jitsi_enabled|bool

 - name: Ensure jitsi-web configuration files created
  template:
    src: "{{ role_path }}/templates/web/{{ item }}.j2"
    dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
    mode: 0644
  with_items:
    - custom-config.js
    - interface_config.js
  when: matrix_jitsi_enabled|bool

 - name: Ensure matrix-jitsi-web.service installed
  template:
    src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
    mode: 0644
  register: matrix_jitsi_web_systemd_service_result
  when: matrix_jitsi_enabled|bool

 - name: Ensure systemd reloaded after matrix-jitsi-web.service installation
  service:
    daemon_reload: yes
  when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed"

 #
 # Tasks related to getting rid of jitsi-web (if it was previously enabled)
 #

 - name: Check existence of matrix-jitsi-web service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
  register: matrix_jitsi_web_service_stat
  when: "not matrix_jitsi_enabled|bool"

 - name: Ensure matrix-jitsi-web is stopped
  service:
    name: matrix-jitsi-web
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"

 - name: Ensure matrix-jitsi-web.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service"
    state: absent
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-jitsi-web.service removal
  service:
    daemon_reload: yes
  when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists"

 - name: Ensure Matrix jitsi-web paths doesn't exist
  file:
    path: "{{ matrix_jitsi_web_base_path }}"
    state: absent
  when: "not matrix_jitsi_enabled|bool"

 # Intentionally not removing the Docker image when uninstalling.
 # We can't be sure it had been pulled by us in the first place.

--- a/roles/matrix-jitsi/tasks/validate_config.yml
+++ b/roles/matrix-jitsi/tasks/validate_config.yml
@@ -1,43 +0,0 @@
 ---

 - name: Fail if required Jitsi settings not defined
  fail:
    msg: >-
      You need to define a required configuration setting (`{{ item }}`) for using Jitsi.

      If you're setting up Jitsi for the first time, you may have missed a step.
      Refer to our setup instructions (docs/configuring-playbook-jitsi.md).

      If you had setup Jitsi successfully before and it's just now that you're observing this failure,
      it means that your installation may be using some default passwords that the playbook used to define until now.
      This is not secure and we urge you to rebuild your Jitsi setup.
      Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
  when: "vars[item] == ''"
  with_items:
    - "matrix_jitsi_jibri_xmpp_password"
    - "matrix_jitsi_jibri_recorder_password"
    - "matrix_jitsi_jicofo_component_secret"
    - "matrix_jitsi_jicofo_auth_password"
    - "matrix_jitsi_jvb_auth_password"

 - name: (Deprecation) Catch and report renamed settings
  fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "item.old in vars"
  with_items:
    - {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': '<Now unnecessary. Constraints are always applied automatically>'}
    - {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': '<Not applicable anymore>'}
    - {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
    - {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
    - {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'}
    - {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
    - {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
    - {'old': 'matrix_jitsi_web_config_channelLastN', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
    - {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension>'}
    - {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_audio_muted_after_nth_participant>'}
    - {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
    - {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
    - {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}
    - {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'}
--- a/roles/matrix-jitsi/templates/jicofo/env.j2
+++ b/roles/matrix-jitsi/templates/jicofo/env.j2
@@ -1,17 +0,0 @@
 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}

 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
 XMPP_SERVER={{ matrix_jitsi_xmpp_server }}

 JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
 JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
 JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}

 JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}

 JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
 JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}

 TZ={{ matrix_jitsi_timezone }}
--- a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2
+++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2
@@ -1,20 +0,0 @@
 handlers= java.util.logging.ConsoleHandler

 java.util.logging.ConsoleHandler.level = ALL
 java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter

 net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo

 .level=INFO
 net.sf.level=SEVERE
 net.java.sip.communicator.plugin.reconnectplugin.level=FINE
 org.ice4j.level=SEVERE
 org.jitsi.impl.neomedia.level=SEVERE

 # Do not worry about missing strings
 net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE

 #net.java.sip.communicator.service.protocol.level=ALL

 # Enable debug packets logging
 #org.jitsi.impl.protocol.xmpp.level=FINE
--- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
+++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
@@ -1,33 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix jitsi-jicofo server
 {% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
 			--mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \
 			{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_jitsi_jicofo_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-jitsi-jicofo

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2
+++ b/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2
@@ -1,9 +0,0 @@
 org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
 org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}

 org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
 org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

 {% if matrix_jitsi_enable_auth %}
 org.jitsi.jicofo.auth.URL=XMPP:{{ matrix_jitsi_xmpp_domain }}
 {% endif %}
--- a/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2
+++ b/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2
@@ -1,7 +0,0 @@
 org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true

 org.jitsi.videobridge.ENABLE_STATISTICS=true
 org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
 org.jitsi.videobridge.STATISTICS_INTERVAL=5000

 {{ matrix_jitsi_jvb_custom_config_extension }}
--- a/roles/matrix-jitsi/templates/jvb/env.j2
+++ b/roles/matrix-jitsi/templates/jvb/env.j2
@@ -1,20 +0,0 @@
 JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
 JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
 JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
 JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
 JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
 JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}

 XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}

 HOSTNAME=matrix-jitsi-jvb

 {% if matrix_jitsi_jvb_stun_servers|length > 0 %}
 JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
 {% endif %}

 PUBLIC_URL={{ matrix_jitsi_web_public_url }}

 {{ matrix_jitsi_jvb_environment_variables_extension }}
--- a/roles/matrix-jitsi/templates/jvb/logging.properties.j2
+++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2
@@ -1,13 +0,0 @@
 handlers= java.util.logging.ConsoleHandler

 java.util.logging.ConsoleHandler.level = ALL
 java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter

 net.java.sip.communicator.util.ScLogFormatter.programname=JVB

 .level=INFO

 org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE

 # All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
 org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING
--- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
+++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
@@ -1,42 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix jitsi-jvb server
 {% for service in matrix_jitsi_jvb_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_jitsi_jvb_base_path }}/env \
 			{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
 			-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
 			{% endif %}
 			{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
 			-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
 			{% endif %}
 			{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
 			-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
 			{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_jitsi_jvb_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-jitsi-jvb

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-jitsi/templates/prosody/env.j2
+++ b/roles/matrix-jitsi/templates/prosody/env.j2
@@ -1,49 +0,0 @@
 AUTH_TYPE={{ matrix_jitsi_auth_type }}

 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}

 PUBLIC_URL={{ matrix_jitsi_web_public_url }}

 LDAP_URL={{ matrix_jitsi_ldap_url }}
 LDAP_BASE={{ matrix_jitsi_ldap_base }}
 LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
 LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }}
 LDAP_FILTER={{ matrix_jitsi_ldap_filter }}
 LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
 LDAP_VERSION={{ matrix_jitsi_ldap_version }}
 LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
 LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }}
 LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
 LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
 LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
 LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}

 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
 XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
 XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}

 XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
 XMPP_MUC_MODULES=
 XMPP_INTERNAL_MUC_MODULES=

 XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}

 JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
 JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
 JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}

 JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
 JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}

 JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
 JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}

 JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
 JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}

 ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}

 TZ={{ matrix_jitsi_timezone }}
--- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
+++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
@@ -1,37 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix jitsi-prosody server
 {% for service in matrix_jitsi_prosody_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_jitsi_prosody_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
 			{% endif %}
 			--env-file={{ matrix_jitsi_prosody_base_path }}/env \
 			--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
 			{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_jitsi_prosody_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-jitsi-prosody

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-jitsi/templates/web/custom-config.js.j2
+++ b/roles/matrix-jitsi/templates/web/custom-config.js.j2
@@ -1,18 +0,0 @@
 config.defaultLanguage = {{ matrix_jitsi_web_config_defaultLanguage|to_json }};


 if (!config.hasOwnProperty('p2p')) config.p2p = {% raw %}{}{% endraw %};

 {% if matrix_jitsi_web_stun_servers|length > 0 %}
 config.p2p.stunServers = [
 	{% for url in matrix_jitsi_web_stun_servers %}
 		{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
 	{% endfor %}
 ];
 {% endif %}

 {% if matrix_jitsi_etherpad_enabled %}
 config.etherpad_base = {{ (matrix_jitsi_etherpad_base + '/p/') |to_json }}
 {% endif %}

 {{ matrix_jitsi_web_custom_config_extension }}
--- a/roles/matrix-jitsi/templates/web/env.j2
+++ b/roles/matrix-jitsi/templates/web/env.j2
@@ -1,42 +0,0 @@
 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}

 ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}

 ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}

 DISABLE_HTTPS=1

 JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}

 PUBLIC_URL={{ matrix_jitsi_web_public_url }}

 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
 XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
 XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
 XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}

 TZ={{ matrix_jitsi_timezone }}

 JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
 JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
 JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
 JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
 JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
 JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}

 ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}

 RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
 RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
 RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
 RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}

 START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
 START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}

 ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}

 {{ matrix_jitsi_web_environment_variables_extension }}
--- a/roles/matrix-jitsi/templates/web/interface_config.js.j2
+++ b/roles/matrix-jitsi/templates/web/interface_config.js.j2
@@ -1,295 +0,0 @@
 /* eslint-disable no-unused-vars, no-var, max-len */
 /* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */

 var interfaceConfig = {
    APP_NAME: {{ matrix_jitsi_web_interface_config_app_name|to_json }},
    AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
    AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',

    /**
     * A UX mode where the last screen share participant is automatically
     * pinned. Valid values are the string "remote-only" so remote participants
     * get pinned but not local, otherwise any truthy value for all participants,
     * and any falsy value to disable the feature.
     *
     * Note: this mode is experimental and subject to breakage.
     */
    AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
    BRAND_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_brand_watermark_link|to_json }},

    CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
    /**
     * Whether the connection indicator icon should hide itself based on
     * connection strength. If true, the connection indicator will remain
     * displayed while the participant has a weak connection and will hide
     * itself after the CONNECTION_INDICATOR_HIDE_TIMEOUT when the connection is
     * strong.
     *
     * @type {boolean}
     */
    CONNECTION_INDICATOR_AUTO_HIDE_ENABLED: true,

    /**
     * How long the connection indicator should remain displayed before hiding.
     * Used in conjunction with CONNECTION_INDICATOR_AUTOHIDE_ENABLED.
     *
     * @type {number}
     */
    CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT: 5000,

    /**
     * If true, hides the connection indicators completely.
     *
     * @type {boolean}
     */
    CONNECTION_INDICATOR_DISABLED: false,

    DEFAULT_BACKGROUND: '#474747',
    DEFAULT_LOCAL_DISPLAY_NAME: 'me',
    DEFAULT_LOGO_URL: 'images/watermark.svg',
    DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
    DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',

    DISABLE_DOMINANT_SPEAKER_INDICATOR: false,

    DISABLE_FOCUS_INDICATOR: false,

    /**
     * If true, notifications regarding joining/leaving are no longer displayed.
     */
    DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,

    /**
     * If true, presence status: busy, calling, connected etc. is not displayed.
     */
    DISABLE_PRESENCE_STATUS: false,

    /**
     * Whether the ringing sound in the call/ring overlay is disabled. If
     * {@code undefined}, defaults to {@code false}.
     *
     * @type {boolean}
     */
    DISABLE_RINGING: false,

    /**
     * Whether the speech to text transcription subtitles panel is disabled.
     * If {@code undefined}, defaults to {@code false}.
     *
     * @type {boolean}
     */
    DISABLE_TRANSCRIPTION_SUBTITLES: {{ matrix_jitsi_web_interface_config_disable_transcription_subtitles|to_json }},

    /**
     * Whether or not the blurred video background for large video should be
     * displayed on browsers that can support it.
     */
    DISABLE_VIDEO_BACKGROUND: false,

    DISPLAY_WELCOME_FOOTER: true,
    DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
    DISPLAY_WELCOME_PAGE_CONTENT: {{ matrix_jitsi_web_interface_config_display_welcome_page_content|to_json }},
    DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,

    ENABLE_DIAL_OUT: true,

    ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.

    FILM_STRIP_MAX_HEIGHT: 120,

    GENERATE_ROOMNAMES_ON_WELCOME_PAGE: {{ matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page|to_json }},

    /**
     * Hide the logo on the deep linking pages.
     */
    HIDE_DEEP_LINKING_LOGO: false,

    /**
     * Hide the invite prompt in the header when alone in the meeting.
     */
    HIDE_INVITE_MORE_HEADER: false,

    INITIAL_TOOLBAR_TIMEOUT: 20000,
    JITSI_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_jitsi_watermark_link|to_json }},

    LANG_DETECTION: {{ matrix_jitsi_web_interface_config_lang_detection|to_json }}, // Allow i18n to detect the system language
    LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
    LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9

    /**
     * Maximum coefficient of the ratio of the large video to the visible area
     * after the large video is scaled to fit the window.
     *
     * @type {number}
     */
    MAXIMUM_ZOOMING_COEFFICIENT: 1.3,

    /**
     * Whether the mobile app Jitsi Meet is to be promoted to participants
     * attempting to join a conference in a mobile Web browser. If
     * {@code undefined}, defaults to {@code true}.
     *
     * @type {boolean}
     */
    MOBILE_APP_PROMO: true,

    /**
     * Specify custom URL for downloading android mobile app.
     */
    MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',

    /**
     * Specify custom URL for downloading f droid app.
     */
    MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',

    /**
     * Specify URL for downloading ios mobile app.
     */
    MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',

    NATIVE_APP_NAME: {{ matrix_jitsi_web_interface_config_native_app_name|to_json }},

    // Names of browsers which should show a warning stating the current browser
    // has a suboptimal experience. Browsers which are not listed as optimal or
    // unsupported are considered suboptimal. Valid values are:
    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],

    POLICY_LOGO: null,
    PROVIDER_NAME: {{ matrix_jitsi_web_interface_config_provider_name|to_json }},

    /**
     * If true, will display recent list
     *
     * @type {boolean}
     */
    RECENT_LIST_ENABLED: true,
    REMOTE_THUMBNAIL_RATIO: 1, // 1:1

    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
    SHOW_BRAND_WATERMARK: {{ matrix_jitsi_web_interface_config_show_brand_watermark|to_json }},

    /**
    * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
    * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
    * being already installed is done before rendering.
    */
    SHOW_CHROME_EXTENSION_BANNER: false,

    SHOW_DEEP_LINKING_IMAGE: {{ matrix_jitsi_web_interface_config_show_deep_linking_image|to_json }},
    SHOW_JITSI_WATERMARK: {{ matrix_jitsi_web_interface_config_show_jitsi_watermark|to_json }},
    SHOW_POWERED_BY: {{ matrix_jitsi_web_interface_config_show_powered_by|to_json }},
    SHOW_PROMOTIONAL_CLOSE_PAGE: false,

    /*
     * If indicated some of the error dialogs may point to the support URL for
     * help.
     */
    SUPPORT_URL: 'https://community.jitsi.org/',

    TOOLBAR_ALWAYS_VISIBLE: false,

    /**
     * The name of the toolbar buttons to display in the toolbar, including the
     * "More actions" menu. If present, the button will display. Exceptions are
     * "livestreaming" and "recording" which also require being a moderator and
     * some values in config.js to be enabled. Also, the "profile" button will
     * not display for users with a JWT.
     * Notes:
     * - it's impossible to choose which buttons go in the "More actions" menu
     * - it's impossible to control the placement of buttons
     * - 'desktop' controls the "Share your screen" button
     */
    TOOLBAR_BUTTONS: [
 		{% if matrix_jitsi_enable_transcriptions %}
            'closedcaptions',
 		{% endif %}
 		{% if matrix_jitsi_enable_recording %}
            'recording',
 		{% endif %}
        'microphone', 'camera', 'desktop', 'embedmeeting', 'fullscreen',
        'fodeviceselection', 'hangup', 'profile', 'chat',
        'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
        'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
        'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
    ],

    TOOLBAR_TIMEOUT: 4000,

    // Browsers, in addition to those which do not fully support WebRTC, that
    // are not supported and should show the unsupported browser page.
    UNSUPPORTED_BROWSERS: [],

    /**
     * Whether to show thumbnails in filmstrip as a column instead of as a row.
     */
    VERTICAL_FILMSTRIP: true,

    // Determines how the video would fit the screen. 'both' would fit the whole
    // screen, 'height' would fit the original video height to the height of the
    // screen, 'width' would fit the original video width to the width of the
    // screen respecting ratio.
    VIDEO_LAYOUT_FIT: 'both',

    /**
     * If true, hides the video quality label indicating the resolution status
     * of the current large video.
     *
     * @type {boolean}
     */
    VIDEO_QUALITY_LABEL_DISABLED: false,

    /**
     * How many columns the tile view can expand to. The respected range is
     * between 1 and 5.
     */
    // TILE_VIEW_MAX_COLUMNS: 5,

    /**
     * Specify Firebase dynamic link properties for the mobile apps.
     */
    // MOBILE_DYNAMIC_LINK: {
    //    APN: 'org.jitsi.meet',
    //    APP_CODE: 'w2atb',
    //    CUSTOM_DOMAIN: undefined,
    //    IBI: 'com.atlassian.JitsiMeet.ios',
    //    ISI: '1165103905'
    // },

    /**
     * Specify mobile app scheme for opening the app from the mobile browser.
     */
    // APP_SCHEME: 'org.jitsi.meet',

    /**
     * Specify the Android app package name.
     */
    // ANDROID_APP_PACKAGE: 'org.jitsi.meet',

    /**
     * Override the behavior of some notifications to remain displayed until
     * explicitly dismissed through a user action. The value is how long, in
     * milliseconds, those notifications should remain displayed.
     */
    // ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,

    // List of undocumented settings
    /**
     INDICATOR_FONT_SIZES
     PHONE_NUMBER_REGEX
    */

    // Allow all above example options to include a trailing comma and
    // prevent fear when commenting out the last value.
    // eslint-disable-next-line sort-keys
    makeJsonParserHappy: 'even if last key had a trailing comma'

    // No configuration value should follow this line.
 };


 {{ matrix_jitsi_web_custom_interface_config_extension }}


 /* eslint-enable no-unused-vars, no-var, max-len */
--- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
+++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
@@ -1,37 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix jitsi-web server
 {% for service in matrix_jitsi_web_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null'

 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
 			--log-driver=none \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_jitsi_web_base_path }}/env \
 			{% if matrix_jitsi_web_container_http_host_bind_port %}
 			-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \
 			--mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \
 			{% for arg in matrix_jitsi_web_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_jitsi_web_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-jitsi-web

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-ma1sd/defaults/main.yml
+++ b/roles/matrix-ma1sd/defaults/main.yml
@@ -1,163 +0,0 @@
 # ma1sd is a Federated Matrix Identity Server
 # See: https://github.com/ma1uta/ma1sd

 matrix_ma1sd_enabled: true

 matrix_ma1sd_container_image_self_build: false
 matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
 matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}"

 matrix_ma1sd_architecture: "amd64"

 matrix_ma1sd_version: "2.4.0"

 matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}-{{ matrix_ma1sd_architecture }}"
 matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"

 matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"
 # We need the docker src directory to be named ma1sd. See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/588
 matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1sd"
 matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
 matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"

 # Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
 matrix_ma1sd_container_http_host_bind_port: ''

 # A list of extra arguments to pass to the container
 matrix_ma1sd_container_extra_arguments: []

 # List of systemd services that matrix-ma1sd.service depends on
 matrix_ma1sd_systemd_required_services_list: ['docker.service']

 # List of systemd services that matrix-ma1sd.service wants
 matrix_ma1sd_systemd_wanted_services_list: []

 # Your identity server is private by default.
 # To ensure maximum discovery, you can make your identity server
 # also forward lookups to the central matrix.org Identity server
 # (at the cost of potentially leaking all your contacts information).
 # Enabling this is discouraged. Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/features/identity.md#lookups
 matrix_ma1sd_matrixorg_forwarding_enabled: false


 # Database-related configuration fields.
 #
 # To use SQLite, stick to these defaults.
 #
 # To use Postgres:
 # - change the engine (`matrix_ma1sd_database_engine: 'postgres'`)
 # - adjust your database credentials via the `matrix_ma1sd_postgres_*` variables
 matrix_ma1sd_database_engine: 'sqlite'

 matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db"
 matrix_ma1sd_sqlite_database_path_in_container: "/var/ma1sd/ma1sd.db"

 matrix_ma1sd_database_username: 'matrix_ma1sd'
 matrix_ma1sd_database_password: 'some-password'
 matrix_ma1sd_database_hostname: 'matrix-postgres'
 matrix_ma1sd_database_port: 5432
 matrix_ma1sd_database_name: 'matrix_ma1sd'

 matrix_ma1sd_database_connection_string: 'postgresql://{{ matrix_ma1sd_database_username }}:{{ matrix_ma1sd_database_password }}@{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}'


 # ma1sd has serveral supported identity stores.
 # One of them is storing identities directly in Synapse's database.
 # Learn more here: https://github.com/ma1uta/ma1sd/blob/master/docs/stores/synapse.md
 matrix_ma1sd_synapsesql_enabled: false
 matrix_ma1sd_synapsesql_type: ""
 matrix_ma1sd_synapsesql_connection: ""

 # Setting up email-sending settings is required for using ma1sd.
 matrix_ma1sd_threepid_medium_email_identity_from: "matrix@{{ matrix_domain }}"
 matrix_ma1sd_threepid_medium_email_connectors_smtp_host: ""
 matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 587
 matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 1
 matrix_ma1sd_threepid_medium_email_connectors_smtp_login: ""
 matrix_ma1sd_threepid_medium_email_connectors_smtp_password: ""

 # DNS overwrites are useful for telling ma1sd how it can reach the homeserver directly.
 # Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to ma1sd,
 # so that ma1sd can rewrite the original URL to one that would reach the homeserver.
 matrix_ma1sd_dns_overwrite_enabled: false
 matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
 matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"

 # Override the default session templates
 # To use this, fill in the template variables with the full desired template as a multi-line YAML variable
 #
 # More info:
 # https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/session/session-views.md
 matrix_ma1sd_view_session_custom_templates_enabled: false
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitSuccess.html
 matrix_ma1sd_view_session_custom_onTokenSubmit_success_template: ""
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/templates/session/tokenSubmitFailure.html
 matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template: ""

 # Override the default email templates
 # To use this, fill in the template variables with the full desired template as a multi-line YAML variable
 #
 # More info:
 # https://github.com/ma1uta/ma1sd/blob/master/docs/threepids/notification/template-generator.md
 # https://github.com/ma1uta/ma1sd/tree/master/src/main/resources/threepids/email
 matrix_ma1sd_threepid_medium_email_custom_templates_enabled: false
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/invite-template.eml
 matrix_ma1sd_threepid_medium_email_custom_invite_template: ""
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/validate-template.eml
 matrix_ma1sd_threepid_medium_email_custom_session_validation_template: ""
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/unbind-notification.eml
 matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template: ""
 # Defaults to: https://github.com/ma1uta/ma1sd/blob/master/src/main/resources/threepids/email/mxid-template.eml
 matrix_ma1sd_threepid_medium_email_custom_matrixid_template: ""

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_ma1sd_self_check_validate_certificates: true

 # Controls ma1sd logging verbosity for troubleshooting.
 #
 # According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity
 matrix_ma1sd_verbose_logging: false

 # Setting up support for API prefixes
 matrix_ma1sd_v1_enabled: true
 matrix_ma1sd_v2_enabled: true

 # Fix for missing 3PIDS bug
 matrix_ma1sd_hashing_enabled: true

 # Default ma1sd configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
 # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
 matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"

 matrix_ma1sd_configuration_extension_yaml: |
  # Your custom YAML configuration for ma1sd goes here.
  # This configuration extends the default starting configuration (`matrix_ma1sd_configuration_yaml`).
  #
  # You can override individual variables from the default configuration, or introduce new ones.
  #
  # If you need something more special, you can take full control by
  # completely redefining `matrix_ma1sd_configuration_yaml`.
  #
  # Example configuration extension follows:
  #
  # ldap:
  #   enabled: true
  #   connection:
  #     host: ldapHostnameOrIp
  #     tls: false
  #     port: 389
  #     baseDNs: ['OU=Users,DC=example,DC=org']
  #     bindDn: CN=My Ma1sd User,OU=Users,DC=example,DC=org
  #     bindPassword: TheUserPassword

 matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml is mapping else {} }}"

 # Holds the final ma1sd configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_ma1sd_configuration_yaml`.
 matrix_ma1sd_configuration: "{{ matrix_ma1sd_configuration_yaml|from_yaml|combine(matrix_ma1sd_configuration_extension, recursive=True) }}"
--- a/roles/matrix-ma1sd/tasks/init.yml
+++ b/roles/matrix-ma1sd/tasks/init.yml
@@ -1,10 +0,0 @@
 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
 - name: Fail if trying to self-build on Ansible < 2.8
  fail:
    msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled|bool"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}"
  when: matrix_ma1sd_enabled|bool
--- a/roles/matrix-ma1sd/tasks/main.yml
+++ b/roles/matrix-ma1sd/tasks/main.yml
@@ -1,28 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/validate_config.yml"
  when: "run_setup|bool and matrix_ma1sd_enabled|bool"
  tags:
    - setup-all
    - setup-ma1sd

 - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
  when: "run_setup|bool and matrix_ma1sd_enabled|bool"
  tags:
    - setup-all
    - setup-ma1sd

 - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
  when: "run_setup|bool and not matrix_ma1sd_enabled|bool"
  tags:
    - setup-all
    - setup-ma1sd

 - import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml"
  delegate_to: 127.0.0.1
  become: false
  when: "run_self_check|bool and matrix_ma1sd_enabled|bool"
  tags:
    - self-check
--- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml
+++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml
@@ -1,72 +0,0 @@
 ---

 # This task is for migrating existing mxisd data when transitioning to the ma1sd fork.

 - name: Check for existent mxisd data
  stat:
    path: "{{ matrix_base_data_path }}/mxisd/data"
  register: ma1sd_migrate_mxisd_data_dir_stat

 - name: Warn if mxisd data detected
  debug:
    msg: >
      You seem to have an existing mxisd folder in `{{ matrix_base_data_path }}/mxisd`.
      We are going to migrate it to ma1sd and rename the folder to mxisd.migrated.
  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"

 - name: Check existence of old matrix-mxisd service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-mxisd.service"
  register: matrix_mxisd_service_stat

 - name: Ensure matrix-mxisd is stopped
  service:
    name: matrix-mxisd
    state: stopped
    daemon_reload: yes
  when: "matrix_mxisd_service_stat.stat.exists"

 - name: Check existence of matrix-ma1sd service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-ma1sd.service"
  register: matrix_ma1sd_service_stat
  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"

 - name: Ensure matrix-ma1sd is stopped
  service:
    name: matrix-ma1sd
    state: stopped
    daemon_reload: yes
  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists"

 # We use shell commands for the migration, because the Ansible copy module cannot
 # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible.
 - block:
  - name: Copy mxisd data files to ma1sd folder
    command: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}"

  - name: Check existence of mxisd.db file
    stat:
      path: "{{ matrix_ma1sd_data_path }}/mxisd.db"
    register: matrix_ma1sd_mxisd_db_stat

  - name: Rename database (mxisd.db -> ma1sd.db)
    command: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db"
    when: "matrix_ma1sd_mxisd_db_stat.stat.exists"

  - name: Rename mxisd folder
    command: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated"
  when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"

 - name: Ensure outdated matrix-mxisd.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-mxisd.service"
    state: absent
  when: "matrix_mxisd_service_stat.stat.exists"

 - name: Ensure systemd reloaded after removing outdated matrix-mxisd.service
  service:
    daemon_reload: yes
  when: "matrix_mxisd_service_stat.stat.exists"


--- a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml
+++ b/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml
@@ -1,22 +0,0 @@
 ---

 - set_fact:
    ma1sd_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/identity/api/v1"

 - name: Check ma1sd Identity Service
  uri:
    url: "{{ ma1sd_url_endpoint_public }}"
    follow_redirects: none
    validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}"
  check_mode: no
  register: result_ma1sd
  ignore_errors: true

 - name: Fail if ma1sd Identity Service not working
  fail:
    msg: "Failed checking ma1sd is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ ma1sd_url_endpoint_public }}`). Is ma1sd running? Is port 443 open in your firewall? Full error: {{ result_ma1sd }}"
  when: "result_ma1sd.failed or 'json' not in result_ma1sd"

 - name: Report working ma1sd Identity Service
  debug:
    msg: "ma1sd at `{{ matrix_server_fqn_matrix }}` is working (checked endpoint: `{{ ma1sd_url_endpoint_public }}`)"
--- a/roles/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/matrix-ma1sd/tasks/setup_install.yml
@@ -1,167 +0,0 @@
 ---

 - name: Ensure ma1sd paths exist
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_ma1sd_config_path }}", when: true }
    - { path: "{{ matrix_ma1sd_data_path }}", when: true }
    - { path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"}
  when: "item.when|bool"

 - import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml"


 # These (SQLite -> Postgres) migration tasks are usually at the top,
 # but we'd like to run them after `migrate_mxisd.yml`, which requires the ma1sd paths to exist.
 - set_fact:
    matrix_ma1sd_requires_restart: false

 - block:
    - name: Check if an SQLite database already exists
      stat:
        path: "{{ matrix_ma1sd_sqlite_database_path_local }}"
      register: matrix_ma1sd_sqlite_database_path_local_stat_result

    - block:
        - set_fact:
            matrix_postgres_db_migration_request:
              src: "{{ matrix_ma1sd_sqlite_database_path_local }}"
              dst: "{{ matrix_ma1sd_database_connection_string }}"
              caller: "{{ role_path|basename }}"
              engine_variable_name: 'matrix_ma1sd_database_engine'
              engine_old: 'sqlite'
              systemd_services_to_stop: ['matrix-ma1sd.service']
              pgloader_options: ['--with "quote identifiers"']

        - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"

        - set_fact:
            matrix_ma1sd_requires_restart: true
      when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists|bool"
  when: "matrix_ma1sd_database_engine == 'postgres'"

 - name: Ensure ma1sd image is pulled
  docker_image:
    name: "{{ matrix_ma1sd_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}"
  when: "not matrix_ma1sd_container_image_self_build|bool"

 - block:
  - name: Ensure gradle is installed for self-building (Debian)
    apt:
      name:
        - gradle
      state: present
      update_cache: yes
    when: (ansible_os_family == 'Debian')

  - name: Ensure gradle is installed for self-building (CentOS)
    fail:
      msg: "Installing gradle on CentOS is currently not supported, so self-building ma1sd cannot happen at this time"
    when: ansible_distribution == 'CentOS'

  - name: Ensure gradle is installed for self-building (Archlinux)
    pacman:
      name:
        - gradle
      state: latest
      update_cache: yes
    when: ansible_distribution == 'Archlinux'

  - name: Ensure ma1sd repository is present on self-build
    git:
      repo: "{{ matrix_ma1sd_container_image_self_build_repo }}"
      dest: "{{ matrix_ma1sd_docker_src_files_path }}"
      version: "{{ matrix_ma1sd_container_image_self_build_branch }}"
      force: "yes"
    register: matrix_ma1sd_git_pull_results

  - name: Ensure ma1sd Docker image is built
    shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild"
    args:
      chdir: "{{ matrix_ma1sd_docker_src_files_path }}"

  - name: Ensure ma1sd Docker image is tagged correctly
    docker_image:
      # The build script always tags the image with 2 tags:
      # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`)
      #   or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release)
      # - generic one: `ma1uta/ma1sd:latest-dev`
      #
      # It's hard to predict the first one, so we'll use the latter.
      name: "ma1uta/ma1sd:latest-dev"
      repository: "{{ matrix_ma1sd_docker_image }}"
      force_tag: yes
      source: local
  when: "matrix_ma1sd_container_image_self_build|bool"

 - name: Ensure ma1sd config installed
  copy:
    content: "{{ matrix_ma1sd_configuration|to_nice_yaml }}"
    dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"

 - name: Ensure custom view templates are installed, if any
  copy:
    content: "{{ item.value }}"
    dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_success_template }}", location: 'tokenSubmitSuccess.html'}
    - {value: "{{ matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template }}", location: 'tokenSubmitFailure.html'}
  when: "matrix_ma1sd_view_session_custom_templates_enabled|bool and item.value"

 - name: Ensure custom email templates are installed, if any
  copy:
    content: "{{ item.value }}"
    dest: "{{ matrix_ma1sd_config_path }}/{{ item.location }}"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_invite_template }}", location: 'invite-template.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'}
  when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value"

 # Only cleaning up for people who define the respective templates
 - name: (Cleanup) Ensure custom email templates are not in data/ anymore (we've put them in config/)
  file:
    path: "{{ matrix_ma1sd_data_path }}/{{ item.location }}"
    state: absent
  with_items:
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_invite_template }}", location: 'invite-template.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template }}", location: 'unbind-notification.eml'}
    - {value: "{{ matrix_ma1sd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'}
  when: "matrix_ma1sd_threepid_medium_email_custom_templates_enabled|bool and item.value"

 - name: Ensure matrix-ma1sd.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-ma1sd.service"
    mode: 0644
  register: matrix_ma1sd_systemd_service_result

 - name: Ensure systemd reloaded after matrix-ma1sd.service installation
  service:
    daemon_reload: yes
  when: "matrix_ma1sd_systemd_service_result.changed|bool"

 - name: Ensure matrix-ma1sd.service restarted, if necessary
  service:
    name: "matrix-ma1sd.service"
    state: restarted
  when: "matrix_ma1sd_requires_restart|bool"
--- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml
+++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml
@@ -1,35 +0,0 @@
 ---

 - name: Check existence of matrix-ma1sd service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-ma1sd.service"
  register: matrix_ma1sd_service_stat

 - name: Ensure matrix-ma1sd is stopped
  service:
    name: matrix-ma1sd
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "matrix_ma1sd_service_stat.stat.exists|bool"

 - name: Ensure matrix-ma1sd.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-ma1sd.service"
    state: absent
  when: "matrix_ma1sd_service_stat.stat.exists|bool"

 - name: Ensure systemd reloaded after matrix-ma1sd.service removal
  service:
    daemon_reload: yes
  when: "matrix_ma1sd_service_stat.stat.exists|bool"

 - name: Ensure Matrix ma1sd paths don't exist
  file:
    path: "{{ matrix_ma1sd_base_path }}"
    state: absent

 - name: Ensure ma1sd Docker image doesn't exist
  docker_image:
    name: "{{ matrix_ma1sd_docker_image }}"
    state: absent
--- a/roles/matrix-ma1sd/tasks/validate_config.yml
+++ b/roles/matrix-ma1sd/tasks/validate_config.yml
@@ -1,67 +0,0 @@
 ---

 - name: (Deprecation) Warn about ma1sd variables that are not used anymore
  fail:
    msg: >
      The `{{ item }}` variable defined in your configuration is not used by this playbook anymore!
      You'll need to adapt to the new way of extending ma1sd configuration.
      See the CHANGELOG and the `matrix_ma1sd_configuration_extension_yaml` variable for more information and examples.
  when: "item in vars"
  with_items:
    - 'matrix_ma1sd_ldap_enabled'
    - 'matrix_ma1sd_ldap_connection_host'
    - 'matrix_ma1sd_ldap_connection_tls'
    - 'matrix_ma1sd_ldap_connection_port'
    - 'matrix_ma1sd_ldap_connection_baseDn'
    - 'matrix_ma1sd_ldap_connection_baseDns'
    - 'matrix_ma1sd_ldap_connection_bindDn'
    - 'matrix_ma1sd_ldap_connection_bindPassword'
    - 'matrix_ma1sd_ldap_filter'
    - 'matrix_ma1sd_ldap_attribute_uid_type'
    - 'matrix_ma1sd_ldap_attribute_uid_value'
    - 'matrix_ma1sd_ldap_connection_bindPassword'
    - 'matrix_ma1sd_ldap_attribute_name'
    - 'matrix_ma1sd_ldap_attribute_threepid_email'
    - 'matrix_ma1sd_ldap_attribute_threepid_msisdn'
    - 'matrix_ma1sd_ldap_identity_filter'
    - 'matrix_ma1sd_ldap_identity_medium'
    - 'matrix_ma1sd_ldap_auth_filter'
    - 'matrix_ma1sd_ldap_directory_filter'
    - 'matrix_ma1sd_template_config'

 - name: Ensure ma1sd configuration does not contain any dot-notation keys
  fail:
    msg: >
      Since version 1.3.0, ma1sd will not accept property-style configuration keys.
      You have defined a key (`{{ item.key }}`) which contains a dot.
      Instead, use nesting. See: https://github.com/ma1uta/ma1sd/wiki/Upgrade-Notes#v130
  when: "'.' in item.key"
  with_dict: "{{ matrix_ma1sd_configuration }}"

 - name: Fail if required ma1sd settings not defined
  fail:
    msg: >
      You need to define a required configuration setting (`{{ item }}`) for using ma1sd.
  when: "vars[item] == ''"
  with_items:
    - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host"

 - name: (Deprecation) Catch and report renamed ma1sd variables
  fail:
    msg: >-
      Your configuration contains a variable, which now has a different name.
      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
  when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
  with_items:
    - {'old': 'matrix_ma1sd_container_expose_port', 'new': '<superseded by matrix_ma1sd_container_http_host_bind_port>'}
    - {'old': 'matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template', 'new': 'matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template'}

 - name: (Deprecation) Catch and report mxisd variables
  fail:
    msg: >-
      mxisd is deprecated and has been replaced with ma1sd (https://github.com/ma1uta/ma1sd), a compatible fork.
      The playbook will migrate your existing mxisd configuration and data automatically, but you need to adjust variable names.
      Please change your configuration (vars.yml) to rename all mxisd variables (`{{ item.old }}` -> `{{ item.new }}`).
  when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
  with_items:
    - {'old': 'matrix_mxisd_.*', 'new': 'matrix_ma1sd_.*'}
--- a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2
+++ b/roles/matrix-ma1sd/templates/ma1sd.yaml.j2
@@ -1,104 +0,0 @@
 #jinja2: lstrip_blocks: True
 matrix:
  domain: {{ matrix_domain }}
  v1: {{ matrix_ma1sd_v1_enabled|to_json }}
  v2: {{ matrix_ma1sd_v2_enabled|to_json }}

 server:
  name: {{ matrix_server_fqn_matrix }}

 key:
  path: /var/ma1sd/sign.key

 storage:
  {% if matrix_ma1sd_database_engine == 'sqlite' %}
    backend: sqlite
    provider:
      sqlite:
        database: {{ matrix_ma1sd_sqlite_database_path_in_container|to_json }}
  {% elif matrix_ma1sd_database_engine == 'postgres' %}
    backend: postgresql
    provider:
      postgresql:
        database: //{{ matrix_ma1sd_database_hostname }}:{{ matrix_ma1sd_database_port }}/{{ matrix_ma1sd_database_name }}
        username: {{ matrix_ma1sd_database_username|to_json }}
        password: {{ matrix_ma1sd_database_password|to_json }}
  {% endif %}

 {% if matrix_ma1sd_dns_overwrite_enabled %}
 dns:
  overwrite:
    homeserver:
      client:
        - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
          value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
 {% endif %}

 {% if matrix_ma1sd_matrixorg_forwarding_enabled %}
 forward:
  servers: ['matrix-org']
 {% endif %}

 threepid:
  medium:
    email:
      identity:
        from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
      connectors:
        smtp:
          host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
          port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
          tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
          login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
          password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
 {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
      generators:
        template:
          {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
          invite: '/etc/ma1sd/invite-template.eml'
          {% endif %}
          {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template %}
          session:
            {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
            validation: '/etc/ma1sd/validate-template.eml'
            {% endif %}
            {% if matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template %}
            unbind:
              notification: '/etc/ma1sd/unbind-notification.eml'
            {% endif %}
          {% endif %}
          {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
          generic:
            matrixId: '/etc/ma1sd/mxid-template.eml'
          {% endif %}
 {% endif %}

 {% if matrix_ma1sd_view_session_custom_templates_enabled %}
 view:
  session:
    onTokenSubmit:
      {% if matrix_ma1sd_view_session_custom_onTokenSubmit_success_template %}
      success: '/etc/ma1sd/tokenSubmitSuccess.html'
      {% endif %}
      {% if matrix_ma1sd_view_session_custom_onTokenSubmit_failure_template %}
      failure: '/etc/ma1sd/tokenSubmitFailure.html'
      {% endif %}
 {% endif %}

 {% if matrix_ma1sd_hashing_enabled %}
 hashing:
  enabled: true # enable or disable the hash lookup MSC2140 (default is false)
  pepperLength: 20 # length of the pepper value (default is 20)
  rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating
  hashStorageType: sql # or `in_memory` where the hashes will be stored
  algorithms:
    - none   # the same as v1 bulk lookup
    - sha256 # hash the 3PID and pepper.
  delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s)
  requests: 10
 {% endif %}

 synapseSql:
  enabled: {{ matrix_ma1sd_synapsesql_enabled|to_json }}
  type: {{ matrix_ma1sd_synapsesql_type|to_json }}
  connection: {{ matrix_ma1sd_synapsesql_connection|to_json }}
--- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
+++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
@@ -1,48 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix ma1sd Identity server
 {% for service in matrix_ma1sd_systemd_required_services_list %}
 Requires={{ service }}
 After={{ service }}
 {% endfor %}
 {% for service in matrix_ma1sd_systemd_wanted_services_list %}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null'

 # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
 # so /tmp needs to be mounted with an exec option.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/tmp:rw,exec,nosuid,size=10m \
 			--network={{ matrix_docker_network }} \
 			{% if matrix_ma1sd_container_http_host_bind_port %}
 			-p {{ matrix_ma1sd_container_http_host_bind_port }}:8090 \
 			{% endif %}
 			{% if matrix_ma1sd_verbose_logging %}
 			-e MA1SD_LOG_LEVEL=debug \
 			{% endif %}
 			--mount type=bind,src={{ matrix_ma1sd_config_path }},dst=/etc/ma1sd,ro \
 			--mount type=bind,src={{ matrix_ma1sd_data_path }},dst=/var/ma1sd \
 			{% for arg in matrix_ma1sd_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_ma1sd_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-ma1sd

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-ma1sd/vars/main.yml
+++ b/roles/matrix-ma1sd/vars/main.yml
@@ -1,5 +0,0 @@
 ---

 # Doing `|from_yaml` when the extension contains nothing yields an empty string ("").
 # We need to ensure it's a dictionary or `|combine` (when building `matrix_ma1sd_configuration`) will fail later.
 matrix_ma1sd_configuration_extension: "{{ matrix_ma1sd_configuration_extension_yaml|from_yaml if matrix_ma1sd_configuration_extension_yaml|from_yaml else {} }}"
--- a/roles/matrix-mailer/defaults/main.yml
+++ b/roles/matrix-mailer/defaults/main.yml
@@ -1,31 +0,0 @@
 matrix_mailer_enabled: true

 matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"

 matrix_mailer_container_image_self_build: false
 matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"

 matrix_mailer_version: 4.94.2-r0-2
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

 # The user/group that the container runs with.
 # These match the `exim` user/group within the container image.
 matrix_mailer_container_user_uid: 100
 matrix_mailer_container_user_gid: 101

 # A list of extra arguments to pass to the container
 matrix_mailer_container_extra_arguments: []

 matrix_mailer_hostname: "{{ matrix_server_fqn_matrix }}"

 matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
 matrix_mailer_relay_use: false
 matrix_mailer_relay_host_name: "mail.example.com"
 matrix_mailer_relay_host_port: 587
 matrix_mailer_relay_auth: false
 matrix_mailer_relay_auth_username: ""
 matrix_mailer_relay_auth_password: ""
--- a/roles/matrix-mailer/tasks/init.yml
+++ b/roles/matrix-mailer/tasks/init.yml
@@ -1,10 +0,0 @@
 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
 - name: Fail if trying to self-build on Ansible < 2.8
  fail:
    msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled"

 - set_fact:
    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}"
  when: matrix_mailer_enabled|bool
--- a/roles/matrix-mailer/tasks/main.yml
+++ b/roles/matrix-mailer/tasks/main.yml
@@ -1,9 +0,0 @@
 - import_tasks: "{{ role_path }}/tasks/init.yml"
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/setup_mailer.yml"
  when: run_setup|bool
  tags:
    - setup-all
    - setup-mailer
--- a/roles/matrix-mailer/tasks/setup_mailer.yml
+++ b/roles/matrix-mailer/tasks/setup_mailer.yml
@@ -1,107 +0,0 @@
 ---

 #
 # Tasks related to setting up the mailer
 #

 - name: Ensure mailer base path exists
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_groupname }}"
  with_items:
    - { path: "{{ matrix_mailer_base_path }}", when: true }
    - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
  when: "matrix_mailer_enabled|bool and item.when"

 - name: Ensure mailer environment variables file created
  template:
    src: "{{ role_path }}/templates/env-mailer.j2"
    dest: "{{ matrix_mailer_base_path }}/env-mailer"
    mode: 0640
  when: matrix_mailer_enabled|bool

 - name: Ensure exim-relay repository is present on self-build
  git:
    repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
    dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
    version: "{{ matrix_mailer_container_image_self_build_version }}"
    force: "yes"
  register: matrix_mailer_git_pull_results
  when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"

 - name: Ensure exim-relay Docker image is built
  docker_image:
    name: "{{ matrix_mailer_docker_image }}"
    source: build
    force_source: "{{ matrix_mailer_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
      path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
      pull: yes
  when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"

 - name: Ensure exim-relay image is pulled
  docker_image:
    name: "{{ matrix_mailer_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
  when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"

 - name: Ensure matrix-mailer.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2"
    dest: "{{ matrix_systemd_path }}/matrix-mailer.service"
    mode: 0644
  register: matrix_mailer_systemd_service_result
  when: matrix_mailer_enabled|bool

 - name: Ensure systemd reloaded after matrix-mailer.service installation
  service:
    daemon_reload: yes
  when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed"

 #
 # Tasks related to getting rid of the mailer (if it was previously enabled)
 #

 - name: Check existence of matrix-mailer service
  stat:
    path: "{{ matrix_systemd_path }}/matrix-mailer.service"
  register: matrix_mailer_service_stat
  when: "not matrix_mailer_enabled|bool"

 - name: Ensure matrix-mailer is stopped
  service:
    name: matrix-mailer
    state: stopped
    daemon_reload: yes
  register: stopping_result
  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"

 - name: Ensure matrix-mailer.service doesn't exist
  file:
    path: "{{ matrix_systemd_path }}/matrix-mailer.service"
    state: absent
  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"

 - name: Ensure systemd reloaded after matrix-mailer.service removal
  service:
    daemon_reload: yes
  when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists"

 - name: Ensure Matrix mailer environment variables path doesn't exist
  file:
    path: "{{ matrix_mailer_base_path }}"
    state: absent
  when: "not matrix_mailer_enabled|bool"

 - name: Ensure mailer Docker image doesn't exist
  docker_image:
    name: "{{ matrix_mailer_docker_image }}"
    state: absent
  when: "not matrix_mailer_enabled|bool"
--- a/roles/matrix-mailer/templates/env-mailer.j2
+++ b/roles/matrix-mailer/templates/env-mailer.j2
@@ -1,9 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 {% if matrix_mailer_relay_use %}
 SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port }}
 {% endif %}
 {% if matrix_mailer_relay_auth %}
 SMTP_USERNAME={{ matrix_mailer_relay_auth_username }}
 SMTP_PASSWORD={{ matrix_mailer_relay_auth_password }}
 {% endif %}
 HOSTNAME={{ matrix_mailer_hostname }}
--- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
+++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
@@ -1,37 +0,0 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix mailer
 After=docker.service
 Requires=docker.service
 DefaultDependencies=no

 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null'

 # --hostname gives us a friendlier hostname than the default.
 # The real hostname is passed via a `HOSTNAME` environment variable though.
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
 			--log-driver=none \
 			--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
 			--cap-drop=ALL \
 			--read-only \
 			--tmpfs=/var/spool/exim:rw,noexec,nosuid,size=100m \
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_mailer_base_path }}/env-mailer \
 			--hostname=matrix-mailer \
 			{% for arg in matrix_mailer_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_mailer_docker_image }}

 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-mailer

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -1,487 +0,0 @@
 matrix_nginx_proxy_enabled: true
 matrix_nginx_proxy_version: 1.21.1-alpine

 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # that is frequently out of date.
 matrix_nginx_proxy_docker_image: "{{ matrix_container_global_registry_prefix }}nginx:{{ matrix_nginx_proxy_version }}"
 matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"

 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
 matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
 matrix_nginx_proxy_data_path_in_container: "/nginx-data"
 matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d"

 # List of systemd services that matrix-nginx-proxy.service depends on
 matrix_nginx_proxy_systemd_required_services_list: ['docker.service']

 # List of systemd services that matrix-nginx-proxy.service wants
 matrix_nginx_proxy_systemd_wanted_services_list: []

 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically at runtime. You can provide a different default value,
 # if you wish to mount your own files into the container.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
 matrix_nginx_proxy_container_additional_volumes: []

 # A list of extra arguments to pass to the container
 matrix_nginx_proxy_container_extra_arguments: []

 # Controls whether matrix-nginx-proxy serves its vhosts over HTTPS or HTTP.
 #
 # If enabled:
 # - SSL certificates would be expected to be available (see `matrix_ssl_retrieval_method`)
 # - the HTTP vhost would be made a redirect to the HTTPS vhost
 #
 # If not enabled:
 # - you don't need any SSL certificates (you can set `matrix_ssl_retrieval_method: none`)
 # - naturally, there's no HTTPS vhost
 # - services are served directly from the HTTP vhost
 matrix_nginx_proxy_https_enabled: true

 # Controls whether the matrix-nginx-proxy container exposes its HTTP port (tcp/8080 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:80"), or empty string to not expose.
 matrix_nginx_proxy_container_http_host_bind_port: '80'

 # Controls whether the matrix-nginx-proxy container exposes its HTTPS port (tcp/8443 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:443"), or empty string to not expose.
 #
 # This only makes sense and applies if `matrix_nginx_proxy_https_enabled` is set to `true`.
 # Otherwise, there are no HTTPS vhosts to expose.
 matrix_nginx_proxy_container_https_host_bind_port: '443'

 # Controls whether the matrix-nginx-proxy container exposes the Matrix Federation port (tcp/8448 in the container).
 #
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8448"), or empty string to not expose.
 #
 # This only makes sense and applies if `matrix_nginx_proxy_proxy_matrix_federation_api_enabled` is set to `true`.
 # Otherwise, there is no Matrix Federation port to expose.
 #
 # This port can take HTTP or HTTPS traffic, depending on `matrix_nginx_proxy_https_enabled`.
 # When HTTPS is disabled, you'd likely want to only expose the port locally, and front it with another HTTPS-enabled reverse-proxy.
 matrix_nginx_proxy_container_federation_host_bind_port: '8448'

 # Controls whether matrix-nginx-proxy should serve the base domain.
 #
 # This is useful for when you only have your Matrix server, but you need to serve
 # to serve `/.well-known/matrix/*` files from the base domain for the needs of
 # Server-Discovery (Federation) and for Client-Discovery.
 #
 # Besides serving these Matrix files, a homepage would be served with content
 # as specified in the `matrix_nginx_proxy_base_domain_homepage_template` variable.
 # You can also put additional files to use for this webpage
 # in the `{{ matrix_nginx_proxy_data_path }}/matrix-domain` (`/matrix/nginx-proxy/data/matrix-domain`) directory.
 matrix_nginx_proxy_base_domain_serving_enabled: false

 matrix_nginx_proxy_base_domain_hostname: "{{ matrix_domain }}"

 # Controls whether `matrix_nginx_proxy_base_domain_homepage_template` would be dumped to an `index.html` file
 # in the `/matrix/nginx-proxy/data/matrix-domain` directory.
 #
 # If you would instead like to serve a static website by yourself, you can disable this.
 # When disabled, you're expected to put website files in `/matrix/nginx-proxy/data/matrix-domain` manually
 # and can expect that the playbook won't intefere with the `index.html` file.
 matrix_nginx_proxy_base_domain_homepage_enabled: true

 matrix_nginx_proxy_base_domain_homepage_template: |-
  <!doctype html>
  <meta charset="utf-8" />
  <html>
    <body>
      Hello from {{ matrix_domain }}!
    </body>
  </html>

 # Option to disable the access log
 matrix_nginx_proxy_access_log_enabled: true

 # Controls whether proxying the riot domain should be done.
 matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: false
 matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain }}"

 # Controls whether proxying the Synapse domain should be done.
 matrix_nginx_proxy_proxy_synapse_enabled: false
 matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy"
 matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
 # The addresses where the Federation API is, when using Synapse.
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048"
 matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048"

 # Controls whether proxying the Element domain should be done.
 matrix_nginx_proxy_proxy_element_enabled: false
 matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}"

 # Controls whether proxying the Hydrogen domain should be done.
 matrix_nginx_proxy_proxy_hydrogen_enabled: false
 matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"

 # Controls whether proxying the matrix domain should be done.
 matrix_nginx_proxy_proxy_matrix_enabled: false
 matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
 # The port name used for federation in the nginx configuration.
 # This is not necessarily the port that it's actually on,
 # as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container.
 matrix_nginx_proxy_proxy_matrix_federation_port: 8448

 # Controls whether proxying the dimension domain should be done.
 matrix_nginx_proxy_proxy_dimension_enabled: false
 matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"

 # Controls whether proxying the goneb domain should be done.
 matrix_nginx_proxy_proxy_bot_go_neb_enabled: false
 matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"

 # Controls whether proxying the jitsi domain should be done.
 matrix_nginx_proxy_proxy_jitsi_enabled: false
 matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"

 # Controls whether proxying the grafana domain should be done.
 matrix_nginx_proxy_proxy_grafana_enabled: false
 matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"

 # Controls whether proxying the sygnal domain should be done.
 matrix_nginx_proxy_proxy_sygnal_enabled: false
 matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"

 # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"

 # Controls whether proxying for the User Directory Search API (`/_matrix/client/r0/user_directory/search`) should be done (on the matrix domain).
 # This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search.
 # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/directory.md
 matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:8090"
 matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"

 # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
 # This allows another service to control registrations involving 3PIDs.
 # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md
 matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
 matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:8090"
 matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090"

 # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090"
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090"

 # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_synapse_metrics: false
 matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
 matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""

 # The addresses where the Matrix Client API is.
 # Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
 matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-proxy:12080"
 matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080"

 # The addresses where the Matrix Client API is, when using Synapse.
 matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:8008"
 matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008"

 # This needs to be equal or higher than the maximum upload size accepted by Synapse.
 matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50


 # Tells whether `/_synapse/client` is forwarded to the Matrix Client API server.
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled: true

 # Tells whether `/_synapse/oidc` is forwarded to the Matrix Client API server.
 # Enable this if you need OpenID Connect authentication support.
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled: false

 # Tells whether `/_synapse/admin` is forwarded to the Matrix Client API server.
 # Following these recommendations (https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: false

 # `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefixes` holds
 # the location prefixes that get forwarded to the Matrix Client API server.
 # These locations get combined into a regex like this `^(/_matrix|/_synapse/client)`.
 matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: |
  {{
    (['/_matrix'])
    +
    (['/_synapse/client'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled else [])
    +
    (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else [])
    +
    (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else [])
    +
    (['/_synapse/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else [])
  }}

 # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected.
 # If this has an empty value, they're just passed to the homeserver, which serves a static page.
 # If you'd like to make `https://matrix.DOMAIN` redirect to `https://element.DOMAIN` (or something of that sort), specify the domain name here.
 # Example value: `element.DOMAIN` (or `{{ matrix_server_fqn_element }}`).
 matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: ""

 # Controls whether proxying for the Matrix Federation API should be done.
 matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088"
 matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088"
 matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}"
 matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem"
 matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem"
 matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/chain.pem"

 # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
 matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"

 # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf).
 # for big matrixservers to enlarge the number of open files to prevent timeouts
 # matrix_nginx_proxy_proxy_additional_configuration_blocks:
 #  - 'worker_rlimit_nofile 30000;'
 matrix_nginx_proxy_proxy_additional_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf).
 matrix_nginx_proxy_proxy_event_additional_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf).
 matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the base matrix server configuration (matrix-domain.conf).
 matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the synapse's server configuration (matrix-synapse.conf).
 matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Riot's server configuration (matrix-riot-web.conf).
 matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Element's server configuration (matrix-client-element.conf).
 matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Element's server configuration (matrix-client-element.conf).
 matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf).
 matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to GoNEB's server configuration (matrix-bot-go-neb.conf).
 matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Jitsi's server configuration (matrix-jitsi.conf).
 matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Grafana's server configuration (matrix-grafana.conf).
 matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf).
 matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []

 # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
 matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []

 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users.
 #
 # Learn more about what it is here:
 # - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
 # - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
 # - https://amifloced.org/
 #
 # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
 matrix_nginx_proxy_floc_optout_enabled: true

 # HSTS Preloading Enable
 #
 # In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
 # indicates a willingness to be “preloaded” into browsers:
 # `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
 # For more information visit:
 # - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # - https://hstspreload.org/#opt-in
 matrix_nginx_proxy_hsts_preload_enabled: false

 # X-XSS-Protection Enable
 # Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
 # Note: Not applicable for grafana
 #
 # Learn more about it is here:
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
 matrix_nginx_proxy_xss_protection: "1; mode=block"

 # Specifies the SSL configuration that should be used for the SSL protocols and ciphers
 # This is based on the Mozilla Server Side TLS Recommended configurations.
 #
 # The posible values are:
 # - "modern" - For Modern clients that support TLS 1.3, with no need for backwards compatibility
 # - "intermediate" - Recommended configuration for a general-purpose server
 # - "old" - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
 #
 # For more information visit:
 # - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
 # - https://ssl-config.mozilla.org/#server=nginx
 matrix_nginx_proxy_ssl_preset: "intermediate"

 # Presets are taken from Mozilla's Server Side TLS Recommended configurations
 # DO NOT modify these values and use `matrix_nginx_proxy_ssl_protocols`, `matrix_nginx_proxy_ssl_ciphers` and `matrix_nginx_proxy_ssl_ciphers`
 # if you wish to use something more custom.
 matrix_nginx_proxy_ssl_presets:
  modern:
    protocols: TLSv1.3
    ciphers: ""
    prefer_server_ciphers: "off"
  intermediate:
    protocols: TLSv1.2 TLSv1.3
    ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    prefer_server_ciphers: "off"
  old:
    protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
    ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    prefer_server_ciphers: "on"


 # Specifies which *SSL protocols* to use when serving all the various vhosts.
 matrix_nginx_proxy_ssl_protocols: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['protocols'] }}"

 # Specifies whether to prefer *the client’s choice or the server’s choice* when negotiating ciphers.
 matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['prefer_server_ciphers'] }}"

 # Specifies which *SSL Cipher suites* to use when serving all the various vhosts.
 # To see the full list for suportes ciphers run `openssl ciphers` on your server
 matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_nginx_proxy_self_check_validate_certificates: true

 # Controls whether redirects will be followed when checking the `/.well-known/matrix/client` resource.
 #
 # As per the spec (https://matrix.org/docs/spec/client_server/r0.6.0#well-known-uri), it shouldn't be,
 # so we default to not following redirects as well.
 matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none

 # For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter).
 #
 # Otherwise, we get warnings like this:
 # > [warn] 22#22: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/matrix/ssl/config/live/.../fullchain.pem"
 #
 # We point it to the internal Docker resolver, which likely delegates to nameservers defined in `/etc/resolv.conf`.
 #
 # When nginx proxy is disabled, our configuration is likely used by non-containerized nginx, so can't use the internal Docker resolver.
 # Pointing `resolver` to some public DNS server might be an option, but for now we impose DNS servers on people.
 # It might also be that no such warnings occur when not running in a container.
 matrix_nginx_proxy_http_level_resolver: "{{ '127.0.0.11' if matrix_nginx_proxy_enabled else '' }}"

 # By default, this playbook automatically retrieves and auto-renews
 # free SSL certificates from Let's Encrypt.
 #
 # The following retrieval methods are supported:
 # - "lets-encrypt" - the playbook obtains free SSL certificates from Let's Encrypt
 # - "self-signed" - the playbook generates and self-signs certificates
 # - "manually-managed" - lets you manage certificates by yourself (manually; see below)
 # - "none" - like "manually-managed", but doesn't care if you don't drop certificates in the location it expects
 #
 # If you decide to manage certificates by yourself (`matrix_ssl_retrieval_method: manually-managed`),
 # you'd need to drop them into the directory specified by `matrix_ssl_config_dir_path`
 # obeying the following hierarchy:
 # - <matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem
 # - <matrix_ssl_config_dir_path>/live/<domain>/privkey.pem
 # where <domain> refers to the domains that you need (usually `matrix_server_fqn_matrix` and `matrix_server_fqn_element`).
 #
 # The "none" type (`matrix_ssl_retrieval_method: none`), simply means that no certificate retrieval will happen.
 # It's useful for when you've disabled the nginx proxy (`matrix_nginx_proxy_enabled: false`)
 # and you'll be using another reverse-proxy server (like Apache) with your own certificates, managed by yourself.
 # It's also useful if you're using `matrix_nginx_proxy_https_enabled: false` to make this nginx proxy serve
 # plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy.
 matrix_ssl_retrieval_method: "lets-encrypt"

 matrix_ssl_architecture: "amd64"

 # The full list of domains that this role will obtain certificates for.
 # This variable is likely redefined outside of the role, to include the domains that are necessary (depending on the services that are enabled).
 # To add additional domain names, consider using `matrix_ssl_additional_domains_to_obtain_certificates_for` instead.
 matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"

 # A list of additional domain names to obtain certificates for.
 matrix_ssl_additional_domains_to_obtain_certificates_for: []

 # Controls whether to obtain production or staging certificates from Let's Encrypt.
 matrix_ssl_lets_encrypt_staging: false
 matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0"
 matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~

 # Tells which interface and port the Let's Encrypt (certbot) container should try to bind to
 # when it tries to obtain initial certificates in standalone mode.
 #
 # This should normally be a public interface and port.
 # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`)
 matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'

 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"

 # If you'd like to start some service before a certificate is obtained, specify it here.
 # This could be something like `matrix-dynamic-dns`, etc.
 matrix_ssl_pre_obtaining_required_service_name: ~
 matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60

 # Nginx Optimize SSL Session
 #
 # ssl_session_cache:
 # - Creating a cache of TLS connection parameters reduces the number of handshakes
 #   and thus can improve the performance of application.
 # - Default session cache is not optimal as it can be used by only one worker process
 #   and can cause memory fragmentation. It is much better to use shared cache.
 # - Learn More: https://nginx.org/en/docs/http/ngx_http_ssl_module.html
 #
 # ssl_session_timeout:
 # - Nginx by default it is set to 5 minutes which is very low.
 #   should be like 4h or 1d but will require you to increase the size of cache.
 # - Learn More:
 #     https://github.com/certbot/certbot/issues/6903
 #     https://github.com/mozilla/server-side-tls/issues/198
 #
 # ssl_session_tickets:
 # - In case of session tickets, information about session is given to the client.
 #   Enabling this improve performance also make Perfect Forward Secrecy useless.
 # - If you would instead like to use ssl_session_tickets by yourself, you can set
 #   matrix_nginx_proxy_ssl_session_tickets_off false.
 # - Learn More: https://github.com/mozilla/server-side-tls/issues/135
 #
 # Presets are taken from Mozilla's Server Side TLS Recommended configurations
 matrix_nginx_proxy_ssl_session_cache: "shared:MozSSL:10m"
 matrix_nginx_proxy_ssl_session_timeout: "1d"
 matrix_nginx_proxy_ssl_session_tickets_off: true

 # OCSP Stapling eliminating the need for clients to contact the CA, with the aim of improving both security and performance.
 # OCSP stapling can provide a performance boost of up to 30%
 # nginx web server supports OCSP stapling since version 1.3.7.
 #
 # *warning* Nginx is lazy loading OCSP responses, which means that for the first few web requests it is unable to add the OCSP response.
 # set matrix_nginx_proxy_ocsp_stapling_enabled false to disable OCSP Stapling
 #
 # Learn more about what it is here:
 # - https://en.wikipedia.org/wiki/OCSP_stapling
 # - https://blog.cloudflare.com/high-reliability-ocsp-stapling/
 # - https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
 matrix_nginx_proxy_ocsp_stapling_enabled: true

 # nginx status page configurations.
 matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
 matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']


 # synapse worker activation and endpoint mappings
 matrix_nginx_proxy_synapse_workers_enabled: false
 matrix_nginx_proxy_synapse_workers_list: []
 matrix_nginx_proxy_synapse_generic_worker_client_server_locations: []
 matrix_nginx_proxy_synapse_generic_worker_federation_locations: []
 matrix_nginx_proxy_synapse_media_repository_locations: []
 matrix_nginx_proxy_synapse_user_dir_locations: []
 matrix_nginx_proxy_synapse_frontend_proxy_locations: []

 # The amount of worker processes and connections
 # Consider increasing these when you are expecting high amounts of traffic
 # http://nginx.org/en/docs/ngx_core_module.html#worker_connections
 matrix_nginx_proxy_worker_processes: 1
 matrix_nginx_proxy_worker_connections: 1024